1. Software
  2. Computer utilities
  3. General utility software
  4. Cisco
  5. Packet Data Gateway (PDG)

Cisco Tunnel Terminating Gateway (TTG) Guide

Cisco Tunnel Terminating Gateway (TTG) Guide | Manualzz 
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY
OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED
WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED
WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to
part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This
equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio
communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own
expense.
The following information is for FCC compliance of Class B devices: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to
part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can
radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no
guarantee that interference will not occur in a particular installation. If the equipment causes interference to radio or television reception, which can be determined by turning the
equipment off and on, users are encouraged to try to correct the interference by using one or more of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
Consult the dealer or an experienced radio/TV technician for help.
Modifications to this product not authorized by Cisco could void the FCC approval and negate your authority to operate the product.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB‘s public domain
version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED ―AS IS‖ WITH ALL
FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE
PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR
ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at
www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display
output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any u se of actual IP addresses or phone numbers in
illustrative content is unintentional and coincidental.
Cisco ASR 5000 Series Product Overview
© 2010 Cisco Systems, Inc. and/or its affiliated entities. All rights reserved.
CONTENTS
About this Guide ............................................................................................ xxix
Conventions Used................................................................................................................................................. xxx
Contacting Customer Support ............................................................................................................................ xxxii
New In This 8.0 Release .............................................................................. xxxiii
Common Features.............................................................................................................................................. xxxiv
Configurable Transmit Timing Source ......................................................................................................... xxxiv
Domain-based L2TP Tunnel Support ........................................................................................................... xxxiv
Benefits .................................................................................................................................................... xxxiv
Description ............................................................................................................................................... xxxiv
ESS Features ..................................................................................................................................................... xxxvi
GGSN Features................................................................................................................................................. xxxvii
Multimedia Broadcast Multicast Service (MBMS) ..................................................................................... xxxvii
Benefits ................................................................................................................................................... xxxvii
Description .............................................................................................................................................. xxxvii
License Keys .......................................................................................................................................... xxxviii
Traffic Shaping ........................................................................................................................................... xxxviii
Benefits .................................................................................................................................................. xxxviii
Description ............................................................................................................................................. xxxviii
License Keys .......................................................................................................................................... xxxviii
Benefits .................................................................................................................................................. xxxviii
Description ............................................................................................................................................... xxxix
License Keys ............................................................................................................................................ xxxix
Benefits .................................................................................................................................................... xxxix
Description ............................................................................................................................................... xxxix
License Keys .................................................................................................................................................. xl
Network Controlled QoS .................................................................................................................................... xl
Benefits .......................................................................................................................................................... xl
Description ..................................................................................................................................................... xl
License Keys ................................................................................................................................................. xli
Direct Tunnel Support ....................................................................................................................................... xli
License Keys ................................................................................................................................................. xli
Hard Disk Storage for CDR Files ...................................................................................................................... xli
GRE Protocol Interface..................................................................................................................................... xlii
Benefits ........................................................................................................................................................ xlii
Description ................................................................................................................................................... xlii
License Keys ...............................................................................................................................................xliii
Overcharging Protection on Loss of Radio Coverage .....................................................................................xliii
Benefits .......................................................................................................................................................xliii
Description ..................................................................................................................................................xliii
License Keys ...............................................................................................................................................xliii
GSS Features ........................................................................................................................................................ xliv
HA Features........................................................................................................................................................... xlv
Session Continuity Support for 3GPP2 and WiMAX Handoffs ....................................................................... xlv
Benefits ........................................................................................................................................................ xlv
Description ................................................................................................................................................... xlv
License Keys ................................................................................................................................................ xlv
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
▀ Contents
Enterprise HA ................................................................................................................................................... xlv
Description .................................................................................................................................................. xlv
Benefits ....................................................................................................................................................... xlvi
Mobile IPv6 ..................................................................................................................................................... xlvi
Benefits ....................................................................................................................................................... xlvi
Description ................................................................................................................................................. xlvi
Supported Features ..................................................................................................................................... xlvi
IP Services Gateway Features ............................................................................................................................ xlviii
PDIF/FA Features ................................................................................................................................................ xlix
Congestion Control and Overload Disconnect Support ................................................................................... xlix
Custom DNS Handling .................................................................................................................................... xlix
DELETE Payload Default Action Change ...................................................................................................... xlix
IPMS Support .................................................................................................................................................. xlix
Multiple Authentication ....................................................................................................................................... l
Online Upgrade .................................................................................................................................................... l
Public and Private Key Mismatch Check ............................................................................................................. l
Session Recovery ................................................................................................................................................ li
Mobile WiMAX Access Service Network (ASN) Gateway Support ...................................................................... lii
Mobile WiMAX ASN Paging Controller and Location Registry Service Support ................................................ liii
SGSN Features ....................................................................................................................................................... liv
2.5G/3G Dual Access ........................................................................................................................................ liv
Attach Rate Throttle ........................................................................................................................................... lv
Direct Tunnel Support ........................................................................................................................................ lv
Fractional E1/DS1 Support................................................................................................................................. lv
Ga Interface to the CGF/GSS ............................................................................................................................. lv
Gb-Flex - SGSN Pooling ................................................................................................................................... lvi
Gs Interface to the MSC/VLR ........................................................................................................................... lvi
Hard Disk Storage for CDR Files ..................................................................................................................... lvii
IuFlex / SGSN Pooling ..................................................................................................................................... lvii
Multiple PLMN Support (2.5G only) ............................................................................................................... lvii
Configuring Multiple PLMN Support: ....................................................................................................... lviii
Network-Initiated PDP Context Activation ..................................................................................................... lviii
Network Sharing ............................................................................................................................................. lviii
NPU FastPath .................................................................................................................................................... lix
QoS Traffic Policing per Subscriber ................................................................................................................. lix
Session Recovery Support .................................................................................................................................. lx
Short Message Service - SMS ............................................................................................................................ lx
Traffic Handling - QoS Provisioning with ARP................................................................................................. lx
Data Rate Management per RNC ...................................................................................................................... lxi
CLC2 - Channelized Line Card 2 ...................................................................................................................... lxi
OLC2 - Optical Line Card 2 .............................................................................................................................. lxi
PSC2 - Packet Services Card 2 ......................................................................................................................... lxii
Web Element Manager Features .......................................................................................................................... lxiii
Configuration Audit ........................................................................................................................................ lxiii
New In This Release ........................................................................................ lxv
Common Features ................................................................................................................................................ lxvi
Dynamic MPLS Label Support ....................................................................................................................... lxvi
Benefits ....................................................................................................................................................... lxvi
Description ................................................................................................................................................. lxvi
License Keys .............................................................................................................................................. lxvi
PPC Card ......................................................................................................................................................... lxvi
Side-by-side Redundancy for the 10 Gig Line Card (XGLC) ........................................................................ lxvii
Description ................................................................................................................................................ lxvii
License Keys ............................................................................................................................................. lxvii
Benefits ..................................................................................................................................................... lxviii
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Contents ▀
Description ................................................................................................................................................lxviii
DCCA URCS (IPC-G) Steering Based on Subscriber IMSI Prefix/Suffix ...................................................... lxix
EDR/UDR File Push Directory Structure ........................................................................................................ lxix
Content Filtering in Release 9.0 ............................................................................................................................ lxx
Category-based Static-and-Dynamic Content Filtering .................................................................................... lxx
ECS Features ........................................................................................................................................................ lxxi
EDR Generation in Flow-end and Transaction Complete Scenarios with sn-volume Fields .......................... lxxi
IPv6 and ICMPv6 Support in the Enhanced Charging Service ....................................................................... lxxi
Maximum Number of Charging-Rule-Definition AVPs Supported in a Single CCA .................................... lxxii
URL Filtering ................................................................................................................................................. lxxii
3GPP R7 Gx Interface Support ....................................................................................................................... lxxii
eHRPD Features ................................................................................................................................................. lxxiv
New HSGW Features .................................................................................................................................... lxxiv
New P-GW Features ...................................................................................................................................... lxxiv
ESS Features ...................................................................................................................................................... lxxvi
GSS Features ..................................................................................................................................................... lxxvii
Multiple Instance GSS .................................................................................................................................. lxxvii
HA Features...................................................................................................................................................... lxxviii
PPC Packet Processing Card .......................................................................................................................lxxviii
inPilot Features ................................................................................................................................................... lxxix
Exporting Reports to PDF format .................................................................................................................. lxxix
Bulkstat and KPI Reports .............................................................................................................................. lxxix
GUI/Console Based Installation .................................................................................................................... lxxix
Log File Path ................................................................................................................................................. lxxix
LTE/SAE Features .............................................................................................................................................. lxxx
P-GW Features ............................................................................................................................................... lxxx
MME in LTE/SAE Networks ......................................................................................................................... lxxx
Benefits ...................................................................................................................................................... lxxx
Description ................................................................................................................................................ lxxxi
License Keys ............................................................................................................................................ lxxxii
S-GW Features ............................................................................................................................................. lxxxii
PDSN Features ................................................................................................................................................. lxxxiii
PPC Packet Processing Card .......................................................................................................................lxxxiii
Peer-to-Peer Features ....................................................................................................................................... lxxxiv
Dynamic P2P Signature Updates ................................................................................................................. lxxxiv
P2P Protocols Detection Support ................................................................................................................. lxxxiv
SCM Features ................................................................................................................................................... lxxxvi
IPv4-IPv6 Interworking ............................................................................................................................... lxxxvi
SGSN Features ................................................................................................................................................ lxxxvii
PSC2 - Packet Services Card 2 ................................................................................................................... lxxxvii
Cisco® ASR 5000 Platforms Introduction ...................................................... 89
Characteristics of the System ................................................................................................................................. 90
Features and Benefits ............................................................................................................................................. 92
Product, Service and Feature Licenses ......................................................... 97
Supported Product/License Quick Reference ......................................................................................................... 98
Session Use and Feature Use Licenses ................................................................................................................. 101
Session Use Licenses ....................................................................................................................................... 101
Feature Use Licenses ....................................................................................................................................... 102
Default Licenses ................................................................................................................................................... 104
ST16 Hardware Platform Overview ............................................................... 107
Chassis Configurations ......................................................................................................................................... 108
ST16 Chassis Descriptions ................................................................................................................................... 110
Slot Numbering................................................................................................................................................ 110
Rear Slot Numbering for Line Cards .......................................................................................................... 110
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
▀ Contents
Mounting Options ........................................................................................................................................... 111
Midplane Architecture ..................................................................................................................................... 111
320 Gbps Switch Fabric ............................................................................................................................. 112
32 Gbps Control Bus .................................................................................................................................. 112
System Management Bus ........................................................................................................................... 112
280 Gbps Redundancy Bus ......................................................................................................................... 112
OC-48 TDM Bus ........................................................................................................................................ 113
SPIO Cross-Connect Bus............................................................................................................................ 113
Power Filter Units ................................................................................................................................................ 114
Fan Tray Assemblies ............................................................................................................................................ 115
Lower Fan Tray ............................................................................................................................................... 115
Air Filter Assembly ......................................................................................................................................... 115
Upper Fan Tray ............................................................................................................................................... 115
Chassis Airflow ............................................................................................................................................... 116
Application and Line Cards ................................................................................................................................. 117
ST16 Application Cards .................................................................................................................................. 117
Switch Processor Card ................................................................................................................................ 117
Packet Accelerator Card ............................................................................................................................. 118
Line Cards ....................................................................................................................................................... 119
Switch Processor I/O Card.......................................................................................................................... 119
Redundancy Crossbar Card ........................................................................................................................ 121
Ethernet 10/100 Line Card.......................................................................................................................... 122
Ethernet 1000 (Gigabit Ethernet) Line Cards ............................................................................................. 123
General Application and Line Card Information ............................................................................................. 123
Card Interlock Switch ................................................................................................................................. 124
ASR 5000 Hardware Platform Overview ....................................................... 125
Chassis Configurations......................................................................................................................................... 126
ASR 5000 Chassis Descriptions ........................................................................................................................... 129
Slot Numbering ............................................................................................................................................... 129
Rear Slot Numbering for Half-Height Line Cards ...................................................................................... 130
Rear Slot Numbering with Full-height Line Cards ..................................................................................... 131
Mounting Options ........................................................................................................................................... 131
Midplane Architecture ..................................................................................................................................... 131
320 Gbps Switch Fabric ............................................................................................................................. 132
32 Gbps Control Bus .................................................................................................................................. 133
System Management Bus ........................................................................................................................... 133
280 Gbps Redundancy Bus ......................................................................................................................... 133
OC-48 TDM Bus ........................................................................................................................................ 135
SPIO Cross-Connect Bus............................................................................................................................ 135
Power Filter Units ................................................................................................................................................ 136
Fan Tray Assemblies ............................................................................................................................................ 138
Lower Fan Tray ............................................................................................................................................... 138
Air Filter Assembly ......................................................................................................................................... 139
Upper Fan Tray ............................................................................................................................................... 139
Chassis Airflow ............................................................................................................................................... 140
ASR 5000 Application Cards ............................................................................................................................... 141
System Management Card............................................................................................................................... 141
SMC RAID Support ........................................................................................................................................ 143
Packet Processing Cards: PSC, PSC2, and PPC .............................................................................................. 144
Packet Services Card (PSC) Description .................................................................................................... 145
Packet Services Card 2 (PSC2) Description ............................................................................................... 147
Interoperability ........................................................................................................................................... 147
Redundancy ................................................................................................................................................ 147
Capacity ...................................................................................................................................................... 148
Power Estimate ........................................................................................................................................... 148
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Contents ▀
ASR 5000 Line Cards........................................................................................................................................... 151
Switch Processor I/O Card............................................................................................................................... 151
Management LAN Interfaces ...................................................................................................................... 153
Console Port................................................................................................................................................ 153
BITS Timing ............................................................................................................................................... 154
Central Office Alarm Interface ................................................................................................................... 154
Redundancy Crossbar Card ............................................................................................................................. 154
Ethernet 10/100 Line Card............................................................................................................................... 156
Ethernet 1000 (Gigabit Ethernet) Line Cards .................................................................................................. 158
Quad Gigabit Ethernet Line Card .................................................................................................................... 159
10 Gigabit Ethernet Line Card ......................................................................................................................... 161
Optical Line Cards (OLC and OLC2) .............................................................................................................. 165
Channelized Line Cards (CLC and CLC2) ...................................................................................................... 169
Channelized Line Card (CLC) .................................................................................................................... 169
Channelized Line Card 2 (CLC2) ............................................................................................................... 169
Standards Compliance ................................................................................................................................ 173
General Application and Line Card Information .................................................................................................. 175
Card Interlock Switch ...................................................................................................................................... 175
Software Architecture ..................................................................................... 177
Understanding the Distributed Software Architecture.......................................................................................... 179
Software Tasks ................................................................................................................................................ 179
Subsystems ...................................................................................................................................................... 180
Redundancy and Availability Features ......................................................... 183
Service Availability Features ............................................................................................................................... 184
Hardware Redundancy Features ...................................................................................................................... 184
ST16 ............................................................................................................................................................ 184
ASR 5000.................................................................................................................................................... 184
Hardware Redundancy Configuration......................................................................................................... 185
Maintenance and Failure Scenarios ................................................................................................................. 187
Software Assurance Features ........................................................................................................................... 189
Session Recovery Feature ........................................................................................................................... 191
Interchassis Session Recovery .................................................................................................................... 191
Mean Time Between Failure and System Availability ......................................................................................... 192
MTBF Table .................................................................................................................................................... 192
System Availability ......................................................................................................................................... 194
Spare Component Recommendations ................................................................................................................... 195
Management System Overview ..................................................................... 197
Out-of-Band Management .................................................................................................................................... 199
Command Line Interface ...................................................................................................................................... 200
CLI Overview .................................................................................................................................................. 200
Web Element Manager Application ..................................................................................................................... 202
ASN Gateway Overview.................................................................................. 205
ASN Mobility Management ................................................................................................................................. 206
EAP User Authentication ................................................................................................................................ 207
ASN Gateway and AAA ............................................................................................................................. 207
Profile Management ........................................................................................................................................ 207
Inter-ASN Handovers ...................................................................................................................................... 208
Supported Features ............................................................................................................................................... 209
Simple IPv4 Support ........................................................................................................................................ 209
DHCP Proxy Server......................................................................................................................................... 209
ASN Gateway Micro-Mobility ........................................................................................................................ 210
Uncontrolled Handovers ............................................................................................................................. 210
Controlled Handovers ................................................................................................................................. 210
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
▀ Contents
WiMAX R4 Inter-ASN Mobility Management............................................................................................... 211
WiMAX R3 CSN Anchored Mobility Management ....................................................................................... 211
Proxy Mobile IPv4 (PMIPv4) ..................................................................................................................... 211
Client Mobile IPv4 (CMIPv4) .................................................................................................................... 212
Authenticator ................................................................................................................................................... 212
EAP Authentication Methods .......................................................................................................................... 212
Supported RADIUS Methods ..................................................................................................................... 213
Supported Diameter Methods ..................................................................................................................... 213
WiMAX Prepaid Accounting .......................................................................................................................... 214
Volume and Duration-based Prepaid Accounting ...................................................................................... 214
Supported Enhanced Features ......................................................................................................................... 215
Lawful Intercept Enhancements ................................................................................................................. 215
Intelligent Traffic Control........................................................................................................................... 215
Hotlining/Dynamic RADIUS Attributes .................................................................................................... 215
Multi-flow QoS .......................................................................................................................................... 216
ASN Gateway Intra-Chassis Session Recovery .......................................................................................... 217
Supported Inline Services ................................................................................................................................ 217
Enhanced Charging Service ........................................................................................................................ 217
Multi-host Support .......................................................................................................................................... 218
How it Works ............................................................................................................................................. 218
ASN Gateway in a WiMAX Network .................................................................................................................. 220
Access Service Network (ASN) ...................................................................................................................... 221
Connectivity Service Network (CSN) ............................................................................................................. 222
WiMAX Reference Points and Interfaces ....................................................................................................... 223
Message Relay in ASN .................................................................................................................................... 223
ASN Gateway Architecture and Deployment Profiles .................................................................................... 224
WiMAX Network Deployment Configurations ................................................................................................... 226
Standalone ASN Gateway/FA and HA Deployments ..................................................................................... 226
Co-Located Deployments ................................................................................................................................ 226
ASN Call Procedure Flows .................................................................................................................................. 228
Functional Components for Handover ............................................................................................................ 228
Anchor ASN Gateway ................................................................................................................................ 228
Anchor Session ........................................................................................................................................... 228
Non-Anchor ASN Gateway ........................................................................................................................ 229
Non-Anchor Session ................................................................................................................................... 229
Initial Network Entry and Data Path Establishment without Authentication .................................................. 230
Initial Network Entry and Data Path Establishment with Authentication (Single EAP) ................................. 232
Unexpected Network Re-entry ........................................................................................................................ 234
MS Triggered Network Exit ............................................................................................................................ 235
Network Triggered Network Exit .................................................................................................................... 236
Intra-ASN Gateway Handover ........................................................................................................................ 238
Intra-anchor ASN Gateway Uncontrolled Handover .................................................................................. 238
Intra-anchor ASN Gateway Controlled Handover ...................................................................................... 240
Inter-ASN Gateway Handover ........................................................................................................................ 246
ASN Gateway Function for Handovers ...................................................................................................... 247
Controlled Anchor ASN Gateway to Non-Anchor ASN Gateway Handover ............................................ 248
Uncontrolled Anchor ASN Gateway to Non-Anchor ASN Gateway Handover ........................................ 253
RADIUS-based Prepaid Accounting for WiMax ............................................................................................ 255
Obtaining More Quota after the Quota is Reached ..................................................................................... 255
Applying HTTP Redirection Rule when Quota is Reached ....................................................................... 257
Applying HTTP Redirection Rule CoA is Received .................................................................................. 259
Terminating the Call when Quota is Reached ............................................................................................ 261
CSN Procedure Flows .......................................................................................................................................... 263
PMIP4 Connection Setup and Call Flow with DHCP Proxy ........................................................................... 263
PMIP4 Session Release ................................................................................................................................... 265
WiMAX Deployment with Legacy Core Networks ............................................................................................. 267
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Contents ▀
ASN Gateway Interoperability with 3GPP Overlay ........................................................................................ 267
ASN Gateway Interoperability with 3GPP2 Overlay ...................................................................................... 267
Session Continuity Support for 3GPP2 and WiMAX Handovers ................................................................... 268
Supported Standards ............................................................................................................................................. 269
WiMAX/IEEE References ............................................................................................................................... 269
IEEE Standards ................................................................................................................................................ 269
IETF References .............................................................................................................................................. 269
Object Management Group (OMG) Standards ................................................................................................ 270
ASN Paging Controller and Location Registry Overview ........................... 271
Introduction .......................................................................................................................................................... 272
Description of PC/LR Support......................................................................................................................... 274
Licenses ........................................................................................................................................................... 274
Paging and Location Update Procedures ......................................................................................................... 274
Paging Controller (PC) ............................................................................................................................... 274
Paging Agent (PA) ...................................................................................................................................... 275
Paging Group (PG) ..................................................................................................................................... 275
Location Register (LR) ............................................................................................................................... 275
Location Update Procedure......................................................................................................................... 275
Location Update with Paging Controller Relocation .................................................................................. 277
Paging Operation ........................................................................................................................................ 279
MS Initiated Idle Mode Entry ..................................................................................................................... 281
MS Initiated Idle Mode Exit ....................................................................................................................... 284
Supported Platforms and Software ....................................................................................................................... 287
CDMA2000 Wireless Data Services............................................................... 289
Product Description .............................................................................................................................................. 290
System Components and Capacities ..................................................................................................................... 291
Licenses ........................................................................................................................................................... 291
Hardware Requirements .................................................................................................................................. 291
Platforms ..................................................................................................................................................... 291
ST16 Platform System Hardware Components .......................................................................................... 291
ASR 5000 Platform System Hardware Components .................................................................................. 292
Features and Functionality—Base Software ........................................................................................................ 293
RADIUS Support ............................................................................................................................................. 293
Benefits ....................................................................................................................................................... 293
Description .................................................................................................................................................. 294
Access Control List Support ............................................................................................................................ 295
IP Policy Forwarding ....................................................................................................................................... 295
Description .................................................................................................................................................. 295
AAA Server Groups ........................................................................................................................................ 296
Description .................................................................................................................................................. 296
Overlapping IP Address Pool Support ............................................................................................................. 297
Routing Protocol Support ................................................................................................................................ 297
Description .................................................................................................................................................. 297
Management System Overview ....................................................................................................................... 298
Description .................................................................................................................................................. 298
Bulk Statistics Support .................................................................................................................................... 299
Description .................................................................................................................................................. 299
Threshold Crossing Alerts (TCA) Support ...................................................................................................... 300
Description .................................................................................................................................................. 300
IP Header Compression - Van Jacobson .......................................................................................................... 301
Description .................................................................................................................................................. 301
DSCP Marking ................................................................................................................................................ 302
Features and Functionality - Optional Enhanced Software Features .................................................................... 303
Session Recovery Support ............................................................................................................................... 303
Description .................................................................................................................................................. 303
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
▀ Contents
IPv6 Support .................................................................................................................................................... 304
Description ................................................................................................................................................. 304
L2TP LAC Support ......................................................................................................................................... 305
Description ................................................................................................................................................. 305
L2TP LNS Support.......................................................................................................................................... 305
Description ................................................................................................................................................. 305
Proxy Mobile IP .............................................................................................................................................. 306
Description ................................................................................................................................................. 306
IP Security (IPSec) .......................................................................................................................................... 306
Description ................................................................................................................................................. 307
Traffic Policing and Rate Limiting .................................................................................................................. 307
Description ................................................................................................................................................. 307
Intelligent Traffic Control........................................................................................................................... 308
Dynamic RADIUS Extensions (Change of Authorization) ............................................................................. 309
Description ................................................................................................................................................. 309
Web Element Management System ................................................................................................................. 310
Benefits ....................................................................................................................................................... 310
Description ................................................................................................................................................. 310
CDMA2000 Data Network Deployment Configurations ..................................................................................... 311
Standalone PDSN/FA and HA Deployments .................................................................................................. 311
Interface Descriptions ................................................................................................................................. 311
Co-Located Deployments ................................................................................................................................ 312
Understanding Simple IP and Mobile IP .............................................................................................................. 314
Simple IP ......................................................................................................................................................... 314
How Simple IP Works ................................................................................................................................ 315
Mobile IP ......................................................................................................................................................... 317
Mobile IP Tunneling Methods .................................................................................................................... 317
How Mobile IP Works ................................................................................................................................ 320
Proxy Mobile IP .............................................................................................................................................. 324
How Proxy Mobile IP Works ..................................................................................................................... 324
Supported Standards............................................................................................................................................. 329
Requests for Comments (RFCs) ...................................................................................................................... 329
TIA and Other Standards ................................................................................................................................. 332
Telecommunications Industry Association (TIA) Standards ...................................................................... 332
Object Management Group (OMG) Standards ........................................................................................... 332
3GPP2 Standards ........................................................................................................................................ 332
IEEE Standards ........................................................................................................................................... 333
GGSN Support in GPRS/UMTS Wireless Data Services ............................. 335
Product Description.............................................................................................................................................. 336
Product Specification ........................................................................................................................................... 337
Licenses ........................................................................................................................................................... 337
Hardware Requirements .................................................................................................................................. 337
ST16 Platform System Hardware Components .......................................................................................... 337
ASR 5000 Platform System Hardware Components .................................................................................. 338
Operating System Requirements ..................................................................................................................... 339
Network Deployment and Interfaces .................................................................................................................... 340
GGSN in the GPRS/UMTS Data Network ...................................................................................................... 340
Supported Interfaces ........................................................................................................................................ 341
Features and Functionality - Base Software ......................................................................................................... 344
16,000 SGSN Support ..................................................................................................................................... 345
AAA Server Groups ........................................................................................................................................ 345
Access Control List Support ............................................................................................................................ 345
ANSI T1.276 Compliance ............................................................................................................................... 346
APN Support ................................................................................................................................................... 346
Bulk Statistics Support .................................................................................................................................... 347
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Contents ▀
Direct Tunnel Support ..................................................................................................................................... 348
DHCP Support ................................................................................................................................................. 349
DSCP Marking ................................................................................................................................................ 350
Generic Corporate APN ................................................................................................................................... 350
GTPP Support .................................................................................................................................................. 350
Host Route Advertisement ............................................................................................................................... 351
IP Policy Forwarding ....................................................................................................................................... 352
IP Header Compression - Van Jacobson .......................................................................................................... 352
IPv6 Support .................................................................................................................................................... 353
Management System Overview ....................................................................................................................... 354
Overlapping IP Address Pool Support ............................................................................................................. 356
PDP Context Support....................................................................................................................................... 356
Per APN Configuration to Swap out Gn to Gi APN in CDRs ......................................................................... 357
Port Insensitive Rule for Enhanced Charging Service ..................................................................................... 357
Quality of Service Support .............................................................................................................................. 358
RADIUS Support ............................................................................................................................................. 358
RADIUS VLAN Support ................................................................................................................................. 359
Routing Protocol Support ................................................................................................................................ 360
Support of Charging Characteristics Provided by AAA Server ....................................................................... 361
Support of all GGSN generated causes for partial G-CDR closure ................................................................. 362
Threshold Crossing Alerts (TCA) Support ...................................................................................................... 362
Features and Functionality - Optional Enhanced Feature Software ..................................................................... 364
Converged DSL Support on the GGSN ........................................................................................................... 364
Dynamic RADIUS Extensions (Change of Authorization) ............................................................................. 365
GRE Protocol Interface Support ...................................................................................................................... 365
Gx Interface Support ....................................................................................................................................... 367
Inter-Chassis Session Recovery ....................................................................................................................... 368
IP Security (IPSec) .......................................................................................................................................... 370
IPv6 Support .................................................................................................................................................... 371
L2TP LAC Support ......................................................................................................................................... 373
L2TP LNS Support .......................................................................................................................................... 373
Lawful Intercept .............................................................................................................................................. 373
Mobile IP Home and Foreign Agents .............................................................................................................. 374
Mobile IP NAT Traversal ................................................................................................................................ 375
Multimedia Broadcast Multicast Services Support .......................................................................................... 376
Overcharging Protection on Loss of Coverage ................................................................................................ 376
Proxy Mobile IP............................................................................................................................................... 377
Session Persistence .......................................................................................................................................... 377
Session Recovery Support ............................................................................................................................... 378
Traffic Policing and Rate Limiting .................................................................................................................. 379
Web Element Management System ................................................................................................................. 380
How GGSN Works ............................................................................................................................................... 382
PDP Context Processing .................................................................................................................................. 382
Dynamic IP Address Assignment .................................................................................................................... 383
Subscriber Session Call Flows ......................................................................................................................... 384
Transparent Session IP Call Flow ............................................................................................................... 385
Non-Transparent IP Session Call Flow ....................................................................................................... 386
Network-Initiated Session Call Flow .......................................................................................................... 389
PPP Direct Access Call Flow ...................................................................................................................... 390
Virtual Dialup Access Call Flow ................................................................................................................ 392
Corporate IP VPN Connectivity Call Flow ................................................................................................. 394
Mobile IP Call Flow ................................................................................................................................... 396
Proxy Mobile IP Call Flows ....................................................................................................................... 399
IPv6 Stateless Address Autoconfiguration Flows ....................................................................................... 402
Supported Standards ............................................................................................................................................. 404
3GPP References ............................................................................................................................................. 404
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
▀ Contents
IETF References .............................................................................................................................................. 405
Object Management Group (OMG) Standards ................................................................................................ 408
HA Overview .................................................................................................... 409
System Components ............................................................................................................................................. 410
ASR 5000 Platform: ........................................................................................................................................ 410
Supported Standards............................................................................................................................................. 411
Requests for Comments (RFCs) ...................................................................................................................... 411
Network Deployment Configurations .................................................................................................................. 415
Standalone PDSN/FA and HA Deployments .................................................................................................. 415
Interface Descriptions ................................................................................................................................. 415
Co-Located Deployments ................................................................................................................................ 416
Mobile IP Tunneling Methods .................................................................................................................... 417
How Mobile IP Works ................................................................................................................................ 420
Understanding Mobile IP ..................................................................................................................................... 424
Session Continuity Support for 3GPP2 and WiMAX Handoffs ...................................................................... 424
HRPD Serving Gateway Overview................................................................. 425
eHRPD Network Summary .................................................................................................................................. 426
eHRPD Network Components ........................................................................................................................ 427
Evolved Access Network (eAN) ................................................................................................................ 427
Evolved Packet Control Function (ePCF) .................................................................................................. 427
HRPD Serving Gateway (HSGW) .............................................................................................................. 427
E-UTRAN EPC Network Components ........................................................................................................... 428
eNodeB ....................................................................................................................................................... 428
Mobility Management Entity (MME)......................................................................................................... 428
Serving Gateway (S-GW) ........................................................................................................................... 429
PDN Gateway (P-GW) ............................................................................................................................... 429
Product Description.............................................................................................................................................. 431
Basic Features ................................................................................................................................................. 432
Authentication ............................................................................................................................................ 432
IP Address Allocation ................................................................................................................................. 433
Quality of Service ....................................................................................................................................... 433
AAA, Policy and Charging ......................................................................................................................... 434
Product Specifications .......................................................................................................................................... 435
Licenses ........................................................................................................................................................... 435
Hardware Requirements .................................................................................................................................. 435
Platforms..................................................................................................................................................... 435
Components ................................................................................................................................................ 435
Operating System Requirements ..................................................................................................................... 436
Network Deployment(s) ....................................................................................................................................... 437
HRPD Serving Gateway in an eHRPD Network ............................................................................................. 437
Supported Logical Network Interfaces (Reference Points) ........................................................................ 438
Features and Functionality - Base Software ......................................................................................................... 442
Subscriber Session Management Features ...................................................................................................... 442
Proxy Mobile IPv6 (S2a) ............................................................................................................................ 442
Mobile IP Registration Revocation ............................................................................................................ 443
Session Recovery Support .......................................................................................................................... 443
Non-Optimized Inter-HSGW Session Handover ........................................................................................ 444
Quality of Service Management Features ....................................................................................................... 444
DSCP Marking ........................................................................................................................................... 445
UE Initiated Dedicated Bearer Resource Establishment ............................................................................. 445
Network Access and Charging Management Features .................................................................................... 446
EAP Authentication (STa) .......................................................................................................................... 446
Rf Diameter Accounting ............................................................................................................................. 446
AAA Server Groups ................................................................................................................................... 447
Dynamic Policy and Charging: Gxa Reference Interface ........................................................................... 447
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Contents ▀
Intelligent Traffic Control ........................................................................................................................... 448
Network Operation Management Functions .................................................................................................... 448
A10/A11 ..................................................................................................................................................... 448
Multiple PDN Support ................................................................................................................................ 449
PPP VSNCP ................................................................................................................................................ 449
Congestion Control ..................................................................................................................................... 449
IP Access Control Lists ............................................................................................................................... 450
System Management Features ......................................................................................................................... 450
Management System ................................................................................................................................... 451
Bulk Statistics Support ................................................................................................................................ 452
Threshold Crossing Alerts (TCA) Support ................................................................................................. 453
ANSI T1.276 Compliance .......................................................................................................................... 454
Features and Functionality - External Application Support ................................................................................. 455
Web Element Management System ................................................................................................................. 455
Features and Functionality - Optional Enhanced Feature Software ..................................................................... 457
IP Header Compression (RoHCv1 for IPv6) ................................................................................................... 457
IP Security (IPSec) .......................................................................................................................................... 457
Traffic Policing and Shaping ........................................................................................................................... 458
Traffic Policing ........................................................................................................................................... 458
Traffic Shaping ........................................................................................................................................... 459
Layer 2 Traffic Management (VLANs) ........................................................................................................... 459
Call/Session Procedure Flows .............................................................................................................................. 460
Initial Attach with IPv6/IPv4 Access ............................................................................................................... 460
PMIPv6 Lifetime Extension without Handover .............................................................................................. 462
PDN Connection Release Initiated by UE ....................................................................................................... 463
PDN Connection Release Initiated by HSGW................................................................................................. 465
PDN Connection Release Initiated by P-GW .................................................................................................. 466
Supported Standards ............................................................................................................................................. 469
3GPP References ............................................................................................................................................. 469
3GPP2 References ........................................................................................................................................... 469
IETF References .............................................................................................................................................. 470
Object Management Group (OMG) Standards ................................................................................................ 470
IP Services Gateway Overview ...................................................................... 471
Introduction .......................................................................................................................................................... 472
Service Modes ...................................................................................................................................................... 473
RADIUS Server Mode ..................................................................................................................................... 473
RADIUS Proxy ........................................................................................................................................... 474
RADIUS Snoop Mode ..................................................................................................................................... 474
In-line Services ..................................................................................................................................................... 476
Enhanced Charging Service ............................................................................................................................. 476
Content Filtering .............................................................................................................................................. 476
Peer-to-Peer ..................................................................................................................................................... 476
Enhanced Feature Support .................................................................................................................................... 477
IMS Authorization Service .............................................................................................................................. 477
Content Service Steering ................................................................................................................................. 478
Multiple IPSG Services ................................................................................................................................... 478
Session Recovery ............................................................................................................................................. 478
Packet Data Interworking Function Overview ............................................. 479
Product Description .............................................................................................................................................. 480
Product Specifications .......................................................................................................................................... 481
Operating System Requirements ..................................................................................................................... 481
Platforms.......................................................................................................................................................... 481
Hardware Requirements .................................................................................................................................. 481
Licenses ........................................................................................................................................................... 482
Interfaces .............................................................................................................................................................. 483
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
▀ Contents
Sample Deployments ........................................................................................................................................... 485
Mobile Station using Mobile IP with PDIF/FA ............................................................................................... 485
Overview .................................................................................................................................................... 485
Mobile IP / Native Simple IP Call Minimum Requirements ...................................................................... 486
Mobile IP Session Setup over IPSec ............................................................................................................... 486
Simple IP and Simple IP Fallback ................................................................................................................... 489
Simple IP Fallback Minimum Requirements .............................................................................................. 492
Features and Functionality - Base Software ......................................................................................................... 493
Duplicate Session Detection ............................................................................................................................ 493
Unsupported Critical Payload Handling .......................................................................................................... 494
Registration Revocation .................................................................................................................................. 494
CHILD SA Rekey Support .............................................................................................................................. 495
Denial of Service (DoS) Protection: ................................................................................................................ 495
Cookie Challenge Statistics ........................................................................................................................ 496
MAC Address Validation ................................................................................................................................ 497
RADIUS Accounting ...................................................................................................................................... 497
Special RADIUS Attribute Handling .............................................................................................................. 498
Mobile IP and Proxy Mobile IP Attributes ................................................................................................. 498
IPv6 Support .................................................................................................................................................... 499
IPv6 Neighbor Discovery ................................................................................................................................ 499
IPv6 Static Routing ......................................................................................................................................... 500
Port-Switch-On-L3-Fail for IPv6 .................................................................................................................... 500
IKEv2 Keep-Alive (Dead Peer Detection (DPD)) ........................................................................................... 500
Congestion Control and Overload Disconnect ................................................................................................ 500
SCTP (Stream Control Transmission Protocol) Support ................................................................................. 501
X.509 Digital Trusted Certificate Support ...................................................................................................... 501
Custom DNS Handling .................................................................................................................................... 501
Features and Functionality - Licensed Enhanced Feature Support ...................................................................... 503
PDIF Service ................................................................................................................................................... 503
Lawful Intercept .............................................................................................................................................. 504
Diameter Authentication Failure Handling ..................................................................................................... 505
Online Upgrade ............................................................................................................................................... 506
The Active-Standby Upgrade Model .......................................................................................................... 506
Operation Over a Common IPv4 Network ...................................................................................................... 508
Operation Over a Common IPv6 Network ...................................................................................................... 509
Other Devices ............................................................................................................................................. 510
Session Recovery Support ............................................................................................................................... 511
IPSec/IKEv2 .................................................................................................................................................... 512
Simple IP Fallback .......................................................................................................................................... 512
Simple IP ......................................................................................................................................................... 513
Proxy Mobile IP .............................................................................................................................................. 513
Multiple Authentication in a Proxy Mobile IP Network ................................................................................. 513
AAA Group Selection ..................................................................................................................................... 514
RADIUS Authentication ................................................................................................................................. 514
First-Phase Authentication.......................................................................................................................... 515
Second-Phase Authentication ..................................................................................................................... 515
Termination ..................................................................................................................................................... 516
Session Recovery ............................................................................................................................................ 516
Intelligent Packet Monitoring System (IPMS) ................................................................................................ 517
Multiple Traffic Selectors ............................................................................................................................... 517
Selective Diameter Profile Update Request Control ....................................................................................... 518
Supported Standards and RFCs ............................................................................................................................ 519
3GPP2 References ........................................................................................................................................... 519
IETF References .............................................................................................................................................. 519
Object Management Group (OMG) Standards ................................................................................................ 520
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Contents ▀
PDG/TTG Overview ......................................................................................... 521
Product Description .............................................................................................................................................. 522
Summary of TTG Features and Functions ....................................................................................................... 522
Product Specifications .......................................................................................................................................... 524
Licenses ........................................................................................................................................................... 524
Hardware Requirements .................................................................................................................................. 524
Platforms ..................................................................................................................................................... 524
Components ................................................................................................................................................ 524
Operating System Requirements ..................................................................................................................... 525
Network Deployment(s) and Interfaces ................................................................................................................ 526
The TTG in a GPRS/UMTS Data Network ..................................................................................................... 526
TTG Logical Network Interfaces (Reference Points) ...................................................................................... 527
Features and Functionality ................................................................................................................................... 528
PDG Service .................................................................................................................................................... 528
TTG Mode ....................................................................................................................................................... 529
IP Security (IPSec) Encryption ........................................................................................................................ 529
Multiple Digital Certificate Selection Based on APN ..................................................................................... 529
Subscriber Traffic Policing for IPSec Access .................................................................................................. 530
DSCP Marking for IPSec Access .................................................................................................................... 531
WLAN Access Control .................................................................................................................................... 532
RADIUS and Diameter Support ...................................................................................................................... 532
EAP Fast Re-authentication Support ............................................................................................................... 533
Pseudonym NAI Support ................................................................................................................................. 533
Multiple APN Support for IPSec Access ......................................................................................................... 533
Congestion Control .......................................................................................................................................... 534
Bulk Statistics .................................................................................................................................................. 534
Threshold Crossing Alerts ............................................................................................................................... 535
Features Not Supported in This Release ............................................................................................................... 537
How the PDG/TTG Works ................................................................................................................................... 538
TTG Connection Establishment Call Flow ...................................................................................................... 538
Supported Standards ............................................................................................................................................. 542
3GPP References ............................................................................................................................................. 542
IETF References .............................................................................................................................................. 543
PDN Gateway Overview.................................................................................. 545
eHRPD Network Summary .................................................................................................................................. 546
eHRPD Network Components ......................................................................................................................... 547
Evolved Access Network (eAN) ................................................................................................................. 547
Evolved Packet Control Function (ePCF) ................................................................................................... 548
HRPD Serving Gateway (HSGW) .............................................................................................................. 548
SAE Network Summary ....................................................................................................................................... 549
E-UTRAN EPC Network Components ........................................................................................................... 550
eNodeB ....................................................................................................................................................... 551
Mobility Management Entity (MME) ......................................................................................................... 551
Serving Gateway (S-GW) ........................................................................................................................... 552
PDN Gateway (P-GW) ............................................................................................................................... 552
Product Description .............................................................................................................................................. 553
Product Specifications .......................................................................................................................................... 556
Licenses ........................................................................................................................................................... 556
Hardware Requirements .................................................................................................................................. 556
Platforms ..................................................................................................................................................... 556
Components ................................................................................................................................................ 556
Operating System Requirements ..................................................................................................................... 557
Network Deployment(s) ....................................................................................................................................... 558
PDN Gateway Supporting eHRPD to E-UTRAN/EPC Connectivity .............................................................. 558
Supported Logical Network Interfaces (Reference Points) ......................................................................... 559
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
▀ Contents
PDN Gateway in the E-UTRAN/EPC Network .............................................................................................. 565
Supported Logical Network Interfaces (Reference Points) ........................................................................ 566
Features and Functionality - Base Software ......................................................................................................... 571
Subscriber Session Management Features ...................................................................................................... 571
IPv6 Capabilities......................................................................................................................................... 571
Source IP Address Validation ..................................................................................................................... 572
Default and Dedicated EPC Bearers ........................................................................................................... 572
Lawful Intercept ......................................................................................................................................... 573
Local Break-Out ......................................................................................................................................... 574
Subscriber Level Trace ............................................................................................................................... 574
Proxy Mobile IPv6 (S2a) ............................................................................................................................ 575
Mobile IP Registration Revocation ............................................................................................................ 575
Session Recovery Support .......................................................................................................................... 576
Quality of Service Management Features ....................................................................................................... 577
QoS Bearer Management............................................................................................................................ 577
DSCP Marking ........................................................................................................................................... 578
Network Access and Charging Management Features .................................................................................... 578
Enhanced Charging Service (ECS) ............................................................................................................. 578
Online/Offline Charging ............................................................................................................................. 584
AAA Server Groups ................................................................................................................................... 585
Dynamic Policy Charging Control (Gx Reference Interface) ..................................................................... 586
Network Operation Management Functions .................................................................................................... 586
Support Interfaces (Reference Points) ........................................................................................................ 587
Multiple PDN Support ................................................................................................................................ 588
Congestion Control ..................................................................................................................................... 588
IP Access Control Lists .............................................................................................................................. 589
System Management Features ......................................................................................................................... 589
Management System Overview .................................................................................................................. 590
Bulk Statistics Support ............................................................................................................................... 591
Threshold Crossing Alerts (TCA) Support ................................................................................................. 592
ANSI T1.276 Compliance .......................................................................................................................... 593
Features and Functionality - Inline Service Support ............................................................................................ 595
Content Filtering ............................................................................................................................................. 595
Integrated Adult Content Filter ................................................................................................................... 595
ICAP Interface ............................................................................................................................................ 596
Peer-to-Peer Detection .................................................................................................................................... 596
Features and Functionality - External Application Support ................................................................................. 598
Web Element Management System ................................................................................................................. 598
Features and Functionality - Optional Enhanced Feature Software ..................................................................... 600
Inter-Chassis Session Recovery (future release) ............................................................................................. 600
IP Security (IPSec) Encryption ....................................................................................................................... 601
Traffic Policing and Shaping ........................................................................................................................... 602
Traffic Policing ........................................................................................................................................... 602
Traffic Shaping ........................................................................................................................................... 602
Layer 2 Traffic Management (VLANs)........................................................................................................... 603
How the PDN Gateway Works ............................................................................................................................ 604
PMIPv6 PDN Gateway Call/Session Procedures in an eHRPD Network ....................................................... 604
Initial Attach with IPv6/IPv4 Access.......................................................................................................... 604
PMIPv6 Lifetime Extension without Handover ......................................................................................... 606
PDN Connection Release Initiated by UE .................................................................................................. 607
PDN Connection Release Initiated by HSGW............................................................................................ 609
PDN Connection Release Initiated by P-GW ............................................................................................. 610
GTP PDN Gateway Call/Session Procedures in an LTE-SAE Network ......................................................... 612
Subscriber-initiated Attach (initial) ............................................................................................................ 612
Subscriber-initiated Detach ........................................................................................................................ 615
Supported Standards............................................................................................................................................. 617
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Contents ▀
3GPP References ............................................................................................................................................. 617
3GPP2 References ........................................................................................................................................... 618
IETF References .............................................................................................................................................. 618
Object Management Group (OMG) Standards ................................................................................................ 619
Session Control Manager Overview ............................................................. 621
Product Description .............................................................................................................................................. 622
IMS Architecture ............................................................................................................................................. 623
Proxy-CSCF ................................................................................................................................................ 625
Interrogating-CSCF .................................................................................................................................... 626
Serving-CSCF ............................................................................................................................................. 626
Emergency-CSCF ....................................................................................................................................... 628
A-BG........................................................................................................................................................... 628
Product Specifications .......................................................................................................................................... 630
Technical Specifications .................................................................................................................................. 630
Licenses ........................................................................................................................................................... 630
Hardware Requirements .................................................................................................................................. 631
Platforms ..................................................................................................................................................... 631
System Hardware Components ................................................................................................................... 631
Operating System Requirements ..................................................................................................................... 632
Network Deployments and Interfaces .................................................................................................................. 633
SCM in a CDMA2000 Data Network Deployment ......................................................................................... 633
Integrated CSCF / A-BG / HA .................................................................................................................... 633
Logical Network Interfaces (Reference Points) .......................................................................................... 633
SCM in a GSM/UMTS Data Network Deployment ........................................................................................ 634
CSCF / A-BG / GGSN Deployment ........................................................................................................... 635
Logical Network Interfaces (Reference Points) .......................................................................................... 635
Features and Functionality - Base Software ......................................................................................................... 637
Call Abort Handling ........................................................................................................................................ 637
Call Forking ..................................................................................................................................................... 637
Call Types Supported ...................................................................................................................................... 637
Early IMS Security .......................................................................................................................................... 638
Emergency Call Support .................................................................................................................................. 638
Error Handling ................................................................................................................................................. 638
Future-proof Solution ...................................................................................................................................... 638
Intelligent Integration ...................................................................................................................................... 638
Interworking Function ..................................................................................................................................... 638
MSRP Support ................................................................................................................................................. 639
Presence Enabled ............................................................................................................................................. 639
Redirection ...................................................................................................................................................... 639
Redundancy and Session Recovery ................................................................................................................. 639
Registration Event Package ............................................................................................................................. 639
Signaling Compression (SigComp) ................................................................................................................. 639
SIP Denial of Service (DoS) Attack Prevention .............................................................................................. 640
SIP Intelligence at the Core ............................................................................................................................. 640
SIP Large Message Support............................................................................................................................. 640
SIP Routing Engine ......................................................................................................................................... 641
Shared Initial Filter Criteria (SiFC) ................................................................................................................. 641
Telephony Application Server (TAS) Basic Supported ................................................................................... 641
Trust Domain ................................................................................................................................................... 643
Features and Functionality - Licensed Enhanced Feature Support ....................................................................... 644
Interchassis Session Recovery ......................................................................................................................... 644
IPSec Support .................................................................................................................................................. 645
IPv4-IPv6 Interworking ................................................................................................................................... 645
Session Recovery Support ............................................................................................................................... 647
How the SCM Works ........................................................................................................................................... 649
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
▀ Contents
Admission and Routing ................................................................................................................................... 649
CSCF Access Control Lists ........................................................................................................................ 649
Translation Lists ......................................................................................................................................... 649
Route Lists .................................................................................................................................................. 650
Signaling Compression.................................................................................................................................... 650
Supported Standards............................................................................................................................................. 651
Release 7 3GPP References............................................................................................................................. 651
Release 7 3GPP2 References........................................................................................................................... 652
IETF References .............................................................................................................................................. 653
Serving Gateway Overview ............................................................................ 657
eHRPD Network Summary .................................................................................................................................. 658
eHRPD Network Components ........................................................................................................................ 659
Evolved Access Network (eAN) ................................................................................................................ 659
Evolved Packet Control Function (ePCF) .................................................................................................. 660
HRPD Serving Gateway (HSGW) .............................................................................................................. 660
SAE Network Summary ....................................................................................................................................... 661
E-UTRAN EPC Network Components ........................................................................................................... 662
eNodeB ....................................................................................................................................................... 663
Mobility Management Entity (MME)......................................................................................................... 663
Serving Gateway (S-GW) ........................................................................................................................... 663
PDN Gateway (P-GW) ............................................................................................................................... 664
Product Description.............................................................................................................................................. 665
Product Specifications .......................................................................................................................................... 668
Licenses ........................................................................................................................................................... 668
Hardware Requirements .................................................................................................................................. 668
Platforms..................................................................................................................................................... 668
Components ................................................................................................................................................ 668
Operating System Requirements ..................................................................................................................... 669
Network Deployment(s) ....................................................................................................................................... 670
Serving Gateway in the E-UTRAN/EPC Network .......................................................................................... 670
Supported Logical Network Interfaces (Reference Points) ........................................................................ 671
Features and Functionality - Base Software ......................................................................................................... 675
Subscriber Session Management Features ...................................................................................................... 675
IPv6 Capabilities......................................................................................................................................... 675
Lawful Intercept ......................................................................................................................................... 676
Subscriber Level Trace ............................................................................................................................... 676
Session Recovery Support .......................................................................................................................... 677
Quality of Service Management Features ....................................................................................................... 678
QoS Bearer Management............................................................................................................................ 678
Network Access and Charging Management Features .................................................................................... 679
Online/Offline Charging ............................................................................................................................. 679
Network Operation Management Functions .................................................................................................... 680
Support Interfaces (Reference Points) ........................................................................................................ 680
Multiple PDN Support ................................................................................................................................ 681
Congestion Control ..................................................................................................................................... 681
IP Access Control Lists .............................................................................................................................. 682
System Management Features ......................................................................................................................... 682
Management System Overview .................................................................................................................. 683
Bulk Statistics Support ............................................................................................................................... 684
Threshold Crossing Alerts (TCA) Support ................................................................................................. 685
ANSI T1.276 Compliance .......................................................................................................................... 686
Features and Functionality - External Application Support ................................................................................. 688
Web Element Management System ................................................................................................................. 688
Features and Functionality - Optional Enhanced Feature Software ..................................................................... 690
IP Security (IPSec) Encryption ....................................................................................................................... 690
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Contents ▀
Traffic Policing and Shaping ........................................................................................................................... 690
Layer 2 Traffic Management (VLANs) ........................................................................................................... 691
How the Serving Gateway Works ........................................................................................................................ 692
GTP Serving Gateway Call/Session Procedures in an LTE-SAE Network ..................................................... 692
Subscriber-initiated Attach (initial) ............................................................................................................ 692
Subscriber-initiated Detach ......................................................................................................................... 695
Supported Standards ............................................................................................................................................. 697
3GPP References ............................................................................................................................................. 697
3GPP2 References ........................................................................................................................................... 698
IETF References .............................................................................................................................................. 698
Object Management Group (OMG) Standards ................................................................................................ 699
Serving GPRS Support Node (SGSN) Overview .......................................... 701
Product Description .............................................................................................................................................. 702
Product Specifications .......................................................................................................................................... 703
Licenses ........................................................................................................................................................... 703
Hardware Requirements .................................................................................................................................. 703
Platforms ..................................................................................................................................................... 703
ASR 5000 System Hardware Components ................................................................................................. 703
Operating System Requirements ..................................................................................................................... 704
System Configuration Options ........................................................................................................................ 704
Benefits of Co-Located GSNs..................................................................................................................... 705
Network Deployments and Interfaces .................................................................................................................. 706
SGSN and Dual Access SGSN Deployments .................................................................................................. 706
SGSN/GGSN Deployments ............................................................................................................................. 707
SGSN Logical Network Interfaces .................................................................................................................. 708
Features and Functionality - Basic ....................................................................................................................... 712
All-IP Network (AIPN) ................................................................................................................................... 712
SS7 Support ..................................................................................................................................................... 713
PDP Context Support....................................................................................................................................... 713
Mobility Management ..................................................................................................................................... 714
GPRS Attach ............................................................................................................................................... 714
GPRS Detach .............................................................................................................................................. 714
Paging ......................................................................................................................................................... 715
Service Request........................................................................................................................................... 715
Authentication ............................................................................................................................................. 715
P-TMSI Reallocation .................................................................................................................................. 715
Identity Request .......................................................................................................................................... 716
Location Management ..................................................................................................................................... 716
Multiple PLMN Support .................................................................................................................................. 716
Intra/Inter SGSN Serving Radio Network Subsystem (RNS) Relocation (3G only) ....................................... 717
Equivalent PLMN ............................................................................................................................................ 717
Network Sharing .............................................................................................................................................. 717
Benefits of Network Sharing ...................................................................................................................... 717
GWCN Configuration ................................................................................................................................. 718
MOCN Configuration ................................................................................................................................. 718
Implementation ........................................................................................................................................... 719
Session Management ....................................................................................................................................... 720
PDP Context Activation .............................................................................................................................. 720
PDP Context Modification .......................................................................................................................... 720
PDP Context Deactivation .......................................................................................................................... 720
PDP Context Preservation........................................................................................................................... 721
Charging .......................................................................................................................................................... 721
SGSN Call Detail Records (S-CDRs) ......................................................................................................... 721
Mobility Call Detail Records (M-CDRs) .................................................................................................... 721
Short Message Service CDRs ..................................................................................................................... 722
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
▀ Contents
Overcharging Protection.................................................................................................................................. 722
NPU FastPath .................................................................................................................................................. 723
Operator Policy ............................................................................................................................................... 725
What an Operator Policy Can Do ............................................................................................................... 725
How the Operator Policies Work ................................................................................................................ 725
Some Configurable Features for Operator Policies .................................................................................... 726
Default APN .................................................................................................................................................... 727
VLR Pooling via the Gs Interface ................................................................................................................... 727
HSPA Fallback ................................................................................................................................................ 728
Local QoS Capping ......................................................................................................................................... 728
Tracking Usage of GEA Encryption Algorithms ............................................................................................ 728
Features and Functionality - Enhanced and Licensed .......................................................................................... 729
Direct Tunnel................................................................................................................................................... 729
Lawful Intercept .............................................................................................................................................. 730
How LI Works ............................................................................................................................................ 731
QoS Traffic Policing per Subscriber ............................................................................................................... 731
QoS Classes ................................................................................................................................................ 731
QoS Negotiation ......................................................................................................................................... 731
DSCP Marking ........................................................................................................................................... 732
Traffic Policing ........................................................................................................................................... 732
Session Recovery ............................................................................................................................................ 733
SGSN Pooling and Iu-Flex / Gb-Flex.............................................................................................................. 734
Short Message Service (SMS over Gd) ........................................................................................................... 734
How the SGSN Works ......................................................................................................................................... 736
First-Time GPRS Attach ................................................................................................................................. 736
PDP Context Activation Procedures ............................................................................................................... 738
Network-Initiated PDP Context Activation Process........................................................................................ 740
MS-Initiated Detach Procedure ....................................................................................................................... 741
Supported Standards............................................................................................................................................. 743
IETF Requests for Comments (RFCs)............................................................................................................. 743
3GPP Standards ............................................................................................................................................... 743
ITU Standards ................................................................................................................................................. 745
Object Management Group (OMG) Standards ................................................................................................ 745
Content Filtering Support Overview ............................................................. 747
Introduction .......................................................................................................................................................... 748
Supported Platforms and Products ....................................................................................................................... 749
Licenses................................................................................................................................................................ 750
URL Blacklisting ............................................................................................................................................. 750
Category-based Content Filtering.................................................................................................................... 750
URL Blacklisting Support .................................................................................................................................... 751
URL Blacklisting Solution Components ......................................................................................................... 752
Web Element Manager (WEM) .................................................................................................................. 753
Central Decision Point (CF-CDP) .............................................................................................................. 753
How URL Blacklisting Works ........................................................................................................................ 754
Blacklist Updates ........................................................................................................................................ 754
URL Blacklisting Action ............................................................................................................................ 754
Category-based Content Filtering Support ........................................................................................................... 756
Benefits of Category-based Content Filtering ................................................................................................. 756
Static-and-Dynamic Content Filtering ........................................................................................................ 757
ECS and Content Filtering Application ........................................................................................................... 758
Components of Category-based Content Filtering Solution ............................................................................ 759
Category-based Content Filtering Subsystem ................................................................................................. 760
Static Rating Categorization Database (SRDB) ......................................................................................... 761
Dynamic Static Rating Categorization Database ........................................................................................ 761
Rater Package Model Files ......................................................................................................................... 762
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Contents ▀
Content Rating Rules Update Server ............................................................................................................... 762
Master Content Rating Database Server (MCRDBS) ...................................................................................... 762
ECS Storage System ........................................................................................................................................ 763
RADIUS Server and Policy Manager .............................................................................................................. 763
Customer-Care Management Interface (CF-CCI)............................................................................................ 764
Web Element Manager (WEM) ....................................................................................................................... 764
Central Decision Point (CF-CDP) and Report Engine (RE) ............................................................................ 765
Report Engine (RE) .................................................................................................................................... 766
How Category-based Content Filtering Works ................................................................................................ 767
How URL Blacklisting and Category-based Content Filtering Work Concurrently ............................................ 772
Content Filtering Server Group Support............................................................................................................... 773
External Storage System....................................................................................................................................... 775
Minimum System Requirements and Recommendations ..................................................................................... 776
System Requirements for WEM ...................................................................................................................... 776
System Requirements for CF-CDP .................................................................................................................. 776
Special Software Requirement for CF-CCI Server Application ...................................................................... 777
WEM Client System Requirements ................................................................................................................. 777
CF Customer Care Interface Client Recommendations ................................................................................... 777
Additional Requirements on Chassis ............................................................................................................... 778
Enhanced Charging Service Overview ......................................................... 779
Introduction .......................................................................................................................................................... 780
Charging Subsystem ........................................................................................................................................ 780
Traffic Analyzers ........................................................................................................................................ 780
Supported Accounting and Charging Interfaces .............................................................................................. 782
Accounting Interfaces for Postpaid Service ................................................................................................ 782
Accounting and Charging Interface for Prepaid Service............................................................................. 782
Charging Records in ECS ........................................................................................................................... 782
Licensing .............................................................................................................................................................. 784
ECS Architecture .................................................................................................................................................. 785
How ECS Works .................................................................................................................................................. 786
Content Service Steering ................................................................................................................................. 786
Protocol Analyzer ............................................................................................................................................ 786
Protocol Analyzer Software Stack .............................................................................................................. 787
Rule Definitions ............................................................................................................................................... 788
Routing Ruledefs and Packet Inspection..................................................................................................... 790
Charging Ruledefs and the Charging Engine .............................................................................................. 792
Group-of-Ruledefs ........................................................................................................................................... 792
Rulebase .......................................................................................................................................................... 793
Enhanced Services in ECS ................................................................................................................................... 794
Session Control in ECS ................................................................................................................................... 794
Time and Flow-based Bearer Charging in ECS ............................................................................................... 795
Content Filtering Support ................................................................................................................................ 796
Content Filtering Server Group Support ..................................................................................................... 796
In-line Content Filtering Support ................................................................................................................ 796
IP Readdressing Feature .................................................................................................................................. 797
Next-hop Address Configuration ..................................................................................................................... 797
X-Header Insertion and Encryption Feature .................................................................................................... 797
X-Header Insertion ..................................................................................................................................... 798
X-Header Encryption .................................................................................................................................. 798
Limitations to the Header Insertion Feature................................................................................................ 799
Post Processing Feature ................................................................................................................................... 800
How the Post-processing Feature Works .................................................................................................... 800
Time-of-Day Activation/Deactivation of Rules............................................................................................... 801
How the Time-of-Day Activation/Deactivation of Rules Feature Works ................................................... 801
URL Filtering .................................................................................................................................................. 802
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
▀ Contents
ECS Deployment.................................................................................................................................................. 803
Accounting Interfaces .......................................................................................................................................... 804
GTPP Accounting............................................................................................................................................ 804
RADIUS Accounting and Credit Control ........................................................................................................ 804
Diameter Accounting and Credit Control ........................................................................................................ 805
Gx Interface Support .................................................................................................................................. 805
Gy Interface Support .................................................................................................................................. 806
Standard GGSN Call Detail Records (G-CDRs) ........................................................................................ 807
Enhanced GGSN Call Detail Records (eG-CDRs) ..................................................................................... 807
Event Detail Records (EDRs) ..................................................................................................................... 809
Usage Detail Records (UDRs) .................................................................................................................... 811
Charging Record Generation ................................................................................................................................ 812
EDR/UDR/FDR (xDR) Storage ...................................................................................................................... 812
Hard Disk Support on SMC Card ............................................................................................................... 812
Charging Methods and Interfaces ........................................................................................................................ 814
Prepaid Credit Control..................................................................................................................................... 814
Postpaid ........................................................................................................................................................... 814
Prepaid Billing in ECS ......................................................................................................................................... 816
How ECS Prepaid Billing Works .................................................................................................................... 816
Credit Control Application (CCA) in ECS ........................................................................................................... 817
How Credit Control Application (CCA) Works for Prepaid Billing ............................................................... 817
Postpaid Billing in ECS ....................................................................................................................................... 820
How ECS Postpaid Billing Works .................................................................................................................. 820
ECS Postpaid Billing in GPRS/UMTS Networks ...................................................................................... 820
Postpaid Billing in CDMA-2000 Networks................................................................................................ 822
External Storage System ...................................................................................................................................... 824
System Resource Allocation ................................................................................................................................ 825
Redundancy Support in ECS ................................................................................................................................ 826
Intra-chassis Session Recovery Interoperability .............................................................................................. 826
Recovery from Task Failure ....................................................................................................................... 826
Recovery from CPU or Packet Processing Card Failure ............................................................................ 826
Inter-chassis Session Recovery Interoperability .............................................................................................. 827
Inter-chassis Session Recovery Architecture .............................................................................................. 827
Impact on xDR File Naming ........................................................................................................................... 827
Impact on xDR File Content............................................................................................................................ 828
MME in LTE/SAE Wireless Data Services .................................................... 831
Product Description.............................................................................................................................................. 832
Product Specification ........................................................................................................................................... 835
Licenses ........................................................................................................................................................... 835
Hardware Requirements .................................................................................................................................. 835
Platforms..................................................................................................................................................... 835
System Hardware Components................................................................................................................... 835
Operating System Requirements ..................................................................................................................... 836
Network Deployment and Interfaces .................................................................................................................... 837
MME in the LTE/SAE Network...................................................................................................................... 837
Supported Interfaces ........................................................................................................................................ 837
Features and Functionality - Base Software ......................................................................................................... 840
Subscriber Session Management Features ...................................................................................................... 840
EPS Bearer Context Support ...................................................................................................................... 840
NAS Protocol Support ................................................................................................................................ 841
EPS GTPv2 Support on S11 Interface ........................................................................................................ 842
Subscriber Level Session Trace .................................................................................................................. 842
Session and Quality of Service Management .................................................................................................. 844
Network Access Control Functions ................................................................................................................. 844
Authentication and Key Agreement (AKA) ............................................................................................... 844
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Contents ▀
HSS Support Over S6a Interface ................................................................................................................ 845
Network Entity Management ........................................................................................................................... 846
MME Selection ........................................................................................................................................... 846
Packet Data Network Gateway (P-GW) Selection ...................................................................................... 846
Serving Gateway (S-GW) Selection ........................................................................................................... 846
3GPP R8 Identity Support .......................................................................................................................... 847
Tracking Area List Management ................................................................................................................ 848
Reachability Management .......................................................................................................................... 848
Network Operation Management Functions .................................................................................................... 848
Overload Management in MME ................................................................................................................. 848
Radio Resource Management Functions ..................................................................................................... 849
Mobile Equipment Identity Check .............................................................................................................. 849
Multiple PDN Support ................................................................................................................................ 849
System Management Features ......................................................................................................................... 850
Management System Overview .................................................................................................................. 850
Bulk Statistics Support................................................................................................................................ 851
Threshold Crossing Alerts (TCA) Support ................................................................................................. 852
NAS Signalling Security ............................................................................................................................. 853
Features and Functionality - Licensed Enhanced Feature Software ..................................................................... 854
Session Recovery Support ............................................................................................................................... 854
License ........................................................................................................................................................ 855
IPv6 Support .................................................................................................................................................... 855
License ........................................................................................................................................................ 856
IP Security (IPSec) .......................................................................................................................................... 856
License ........................................................................................................................................................ 857
Lawful Intercept .............................................................................................................................................. 857
License ........................................................................................................................................................ 858
MME Inter-Chassis Session Recovery ............................................................................................................ 858
Web Element Management System ................................................................................................................. 859
How MME Works ................................................................................................................................................ 861
EPS Bearer Context Processing ....................................................................................................................... 861
Purge Procedure ............................................................................................................................................... 861
Paging Procedure ............................................................................................................................................. 862
Subscriber Session Processing ......................................................................................................................... 862
Subscriber Registration Setup Procedure......................................................................................................... 862
User-initiated Subscriber De-registration Setup Procedure ........................................................................ 864
Service Request Procedure .............................................................................................................................. 865
User-initiated Service Request Procedure ................................................................................................... 865
Network-initiated Service Request Procedure ............................................................................................ 867
Supported Standards ............................................................................................................................................. 868
3GPP References ............................................................................................................................................. 868
IETF References .............................................................................................................................................. 868
Object Management Group (OMG) Standards ................................................................................................ 871
Peer-to-Peer Overview.................................................................................... 873
Supported Platforms and Products ....................................................................................................................... 874
Licenses ................................................................................................................................................................ 875
P2P Overview ....................................................................................................................................................... 876
Dynamic Signature Updates ............................................................................................................................ 879
P2P Protocol Detection Software Versions................................................................................................. 880
Enabling and Disabling P2P Dynamic Signature Updates .......................................................................... 880
Loading and Unloading P2P Signature File ................................................................................................ 880
How P2P Works ................................................................................................................................................... 882
Advantages of P2P Processing Before DPI ..................................................................................................... 882
P2P Session Recovery ..................................................................................................................................... 883
Recovery from Task Failure ....................................................................................................................... 883
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
▀ Contents
Recovery from CPU or PSC/PSC2 Failure ................................................................................................. 883
Limitations ...................................................................................................................................................... 883
Skype .......................................................................................................................................................... 884
eDonkey...................................................................................................................................................... 884
Yahoo ......................................................................................................................................................... 884
MSN ........................................................................................................................................................... 884
BitTorrent ................................................................................................................................................... 884
Jabber.......................................................................................................................................................... 885
Gnutella / Morpheus ................................................................................................................................... 885
Winny ......................................................................................................................................................... 885
FastTrack .................................................................................................................................................... 885
Gadu-Gadu ................................................................................................................................................. 885
Other Limitations........................................................................................................................................ 885
Personal Stateful Firewall Overview ............................................................. 887
Supported Platforms and Products ....................................................................................................................... 888
Licenses................................................................................................................................................................ 889
Overview .............................................................................................................................................................. 890
Supported Features ............................................................................................................................................... 891
Protection against Denial-of-Service Attacks.................................................................................................. 891
Types of Denial-of-Service Attacks ........................................................................................................... 891
Protection against Port Scanning ................................................................................................................ 893
Application-level Gateway Support ................................................................................................................ 893
Stateful Packet Inspection and Filtering Support ............................................................................................ 894
Stateless Packet Inspection and Filtering Support ........................................................................................... 894
Host Pool, IMSI Pool, and Port Map Support ................................................................................................. 894
Host Pool Support....................................................................................................................................... 895
IMSI Pool Support ...................................................................................................................................... 895
Port Map Support........................................................................................................................................ 895
Flow Recovery Support ................................................................................................................................... 895
SNMP Thresholding Support .......................................................................................................................... 896
Logging Support .............................................................................................................................................. 896
How Personal Stateful Firewall Works ................................................................................................................ 897
Disabling Firewall Policy ................................................................................................................................ 897
Mid-session Firewall Policy Update ............................................................................................................... 898
How it Works .................................................................................................................................................. 898
Understanding Rules with Stateful Inspection ..................................................................................................... 902
Connection State and State Table in Personal Stateful Firewall...................................................................... 902
Transport and Network Protocols and States .............................................................................................. 903
Application-Level Traffic and States .......................................................................................................... 904
GTPP Storage Server Overview .................................................................... 907
Product Description.............................................................................................................................................. 908
Partnering with a GSN .................................................................................................................................... 908
System Requirements and Recommendations ..................................................................................................... 909
Minimum System Requirements for Stand-alone Deployment ....................................................................... 909
Minimum System Requirements for Cluster Deployment .............................................................................. 909
Default Ports for GSS ...................................................................................................................................... 910
GSS Hardware Sizing and Provisioning Guidelines ....................................................................................... 911
Hard Drive Partition Recommendations ..................................................................................................... 911
IP Multipathing (IPMP) on GSS Server (Optional) ............................................................................................. 912
Features of the GSS .............................................................................................................................................. 913
GSS Server Application .................................................................................................................................. 913
PostgreSQL Database Engine 8.2.0 ................................................................................................................. 913
GSS FileGen Utility ........................................................................................................................................ 913
File Format Encoding for CDRs ................................................................................................................. 913
Redundant Data File Support...................................................................................................................... 916
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Contents ▀
PSMON ........................................................................................................................................................... 916
Cluster Support in GSS .................................................................................................................................... 916
Cluster Components ........................................................................................................................................ 917
Multiple Instance GSS ..................................................................................................................................... 917
Monitoring of Disk Partitions .......................................................................................................................... 918
Network Deployments and Interfaces .................................................................................................................. 920
Deploying the GSS .......................................................................................................................................... 920
Cluster Mode GSS Deployment in GPRS/UMTS Network ............................................................................ 922
How the GSS Works ............................................................................................................................................ 924
External Storage System Overview .............................................................. 925
Overview .............................................................................................................................................................. 926
Local, Short-Term External Storage System ................................................................................................... 928
Remote, Long-Term External Storage System ................................................................................................ 928
System Requirements ........................................................................................................................................... 930
ASR 5000 System Requirements ..................................................................................................................... 930
ESS System Requirements .............................................................................................................................. 930
Minimum System Recommendations for Stand-alone Deployment of L-ESS and R-ESS......................... 930
Minimum System Recommendations for Cluster Deployment of L-ESS................................................... 931
Recommendations for R-ESS Reporting System Client (Optional)............................................................ 932
inPilot Overview .............................................................................................. 933
Introduction .......................................................................................................................................................... 934
Report Types.................................................................................................................................................... 934
Exporting Reports to Other File Formats......................................................................................................... 936
inPilot Architecture .............................................................................................................................................. 937
Distributed Architecture of inPilot ....................................................................................................................... 940
How RDP works with inPilot .......................................................................................................................... 941
inPilot Deployment............................................................................................................................................... 943
System Requirements ........................................................................................................................................... 944
Network Address Translation Overview ....................................................... 945
Supported Platforms and Products ....................................................................................................................... 946
Licenses ................................................................................................................................................................ 947
Supported Standards ............................................................................................................................................. 948
NAT Feature Overview ........................................................................................................................................ 949
NAT Realms .................................................................................................................................................... 950
NAT IP Address Allocation and Deallocation................................................................................................. 951
NAT IP Address Allocation ........................................................................................................................ 952
NAT IP Address Deallocation .................................................................................................................... 952
NAT Port-chunk Allocation and Deallocation ................................................................................................ 953
NAT Port-chunk Allocation ........................................................................................................................ 953
NAT Port-chunk Deallocation .................................................................................................................... 953
NAT IP Address/Port Allocation Failure .................................................................................................... 954
TCP 2MSL Timer ............................................................................................................................................ 954
NAT Binding Records ..................................................................................................................................... 954
NAT Binding Updates ..................................................................................................................................... 955
CoA NAT Query ......................................................................................................................................... 956
Firewall-and-NAT Policy ................................................................................................................................ 956
Disabling NAT Policy................................................................................................................................. 957
Updating Firewall-and-NAT Policy in Mid-session ................................................................................... 958
Target-based NAT Configuration ............................................................................................................... 958
NAT Application Level Gateway .................................................................................................................... 959
Supported NAT ALGs ................................................................................................................................ 959
EDRs and UDRs .............................................................................................................................................. 959
EDRs ........................................................................................................................................................... 960
UDRs .......................................................................................................................................................... 960
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
▀ Contents
Bulk Statistics .................................................................................................................................................. 960
Alarms ............................................................................................................................................................. 961
Session Recovery and ICSR ............................................................................................................................ 961
How NAT Works ................................................................................................................................................. 963
Web Element Manager Overview .................................................................. 969
Supported Features ............................................................................................................................................... 970
FCAPS Support ............................................................................................................................................... 970
Fault Management ...................................................................................................................................... 970
Configuration Management ........................................................................................................................ 970
Accounting Management ............................................................................................................................ 971
Performance Management .......................................................................................................................... 972
Security Management ................................................................................................................................. 972
Additional Features .............................................................................................................................................. 974
Web Element Manager System Requirements ..................................................................................................... 975
Server Application........................................................................................................................................... 975
Client Access ................................................................................................................................................... 976
WEM Architecture ............................................................................................................................................... 977
Host Filesystem ............................................................................................................................................... 977
Apache Web Server ......................................................................................................................................... 977
WEM Server FCAPS Support ......................................................................................................................... 977
Fault Management ...................................................................................................................................... 977
Configuration Management ........................................................................................................................ 978
Accounting Management ............................................................................................................................ 979
Performance Management .......................................................................................................................... 980
Security Management ................................................................................................................................. 980
WEM Process Monitor .................................................................................................................................... 981
Bulk Statistics Server ...................................................................................................................................... 982
Script Server .................................................................................................................................................... 982
PostgreSQL Database Server .......................................................................................................................... 982
WEM Logger................................................................................................................................................... 983
Technical Specifications ................................................................................ 985
Physical Dimensions ............................................................................................................................................ 986
Chassis............................................................................................................................................................. 986
Application Cards ............................................................................................................................................ 986
Line Cards ....................................................................................................................................................... 986
Fan Tray Assemblies ....................................................................................................................................... 987
Lower Fan Tray .......................................................................................................................................... 987
Upper Fan Tray........................................................................................................................................... 987
Power Filter Unit ............................................................................................................................................. 987
Weight Specifications...................................................................................................................................... 988
Power Specifications ............................................................................................................................................ 989
Estimating Power Requirements ..................................................................................................................... 989
Mounting Requirements ....................................................................................................................................... 990
Interface Specifications ........................................................................................................................................ 992
SPIO Card Interfaces ....................................................................................................................................... 992
Console Port Interface ................................................................................................................................ 992
Fiber SFP Interface ..................................................................................................................................... 994
10/100/1000 Mbps RJ-45 Interface ............................................................................................................ 995
Central Office Alarm Interface ................................................................................................................... 995
BITS Timing Interface................................................................................................................................ 998
Ethernet 10/100 Line Card Interfaces .............................................................................................................. 999
10/100 Mbps RJ-45 Interface ..................................................................................................................... 999
Ethernet 1000 Line Card/Quad Gigabit Ethernet Line Card (QGLC) SFPs .................................................. 1000
QGLC/1000Base-SX ................................................................................................................................ 1000
QGLC/1000Base-LX Interface ................................................................................................................. 1001
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Contents ▀
RJ-45 SFP Interface .................................................................................................................................. 1002
10 Gigabit Ethernet Line Card (XGLC) SFP+ .............................................................................................. 1003
XGLC 10GBase-SR .................................................................................................................................. 1003
XGLC 10 Base-LR Interface .................................................................................................................... 1003
Fiber ATM/POS OC-3 (OLC and OLC2) Multi-Mode Interface .................................................................. 1004
Fiber ATM/POS OC-3 SM IR-1 Interface ................................................................................................ 1004
Channelized Line Cards ................................................................................................................................. 1005
Channelized Line Cards with Single-mode Interface ............................................................................... 1005
Channelized Line Cards (CLC and CLC2) with Multi-Mode Interface.................................................... 1006
Safety, Electrical, and Environmental Certifications ................................ 1009
Federal Communications Commission Warning ................................................................................................ 1010
ICS Notice ..................................................................................................................................................... 1010
Laser Notice ................................................................................................................................................... 1010
Safety Certifications ........................................................................................................................................... 1011
Electrical Certifications ...................................................................................................................................... 1012
Environmental Certifications.............................................................................................................................. 1013
Environmental Specifications ..................................................................... 1015
Environmental Information ................................................................................................................................ 1016
Storage Temperature and Humidity ............................................................................................................... 1016
Operating Temperature and Humidity ........................................................................................................... 1016
Altitude Operations........................................................................................................................................ 1016
Supported Environmental Standards ............................................................................................................. 1016
Chassis Air Flow ........................................................................................................................................... 1017
Glossary ......................................................................................................... 1019
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
About this Guide
This document pertains to features and functionality that run on and/or that are related to the Cisco® ASR 5000 Chassis,
formerly the Starent Networks ST40.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
About this Guide
▀ Conventions Used
Conventions Used
The following tables describe the conventions used throughout this documentation.
Icon
Notice Type
Description
Information Note
Provides information about important features or instructions.
Caution
Alerts you of potential damage to a program, device, or system.
Warning
Alerts you of potential personal injury or fatality. May also alert you of potential
electrical hazards.
Electro-Static Discharge
(ESD)
Alerts you to take proper grounding precautions before handling a product.
Typeface Conventions
Description
Text represented as a
This typeface represents displays that appear on your terminal screen, for example:
Text represented as
This typeface represents commands that you enter, for example:
This document always gives the full form of a command in lowercase letters. Commands
are not case sensitive.
Text represented as a
This typeface represents a variable that is part of a command, for example:
slot_number is a variable representing the desired chassis slot number.
Text represented as menu or submenu names
This typeface represents menus and sub-menus that you access within a software
application, for example:
Click the File menu, then click New
Command Syntax
Conventions
Description
{
Required keywords and variables are surrounded by grouped brackets.
Required keywords and variables are those components that are required to be entered as part of the
command syntax.
or
}
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
About this Guide
Conventions Used ▀
Command Syntax
Conventions
Description
[
Optional keywords or variables, or those that a user may or may not choose to use, are surrounded by square
brackets.
or
]
|
With some commands there may be a group of variables from which the user chooses one. These are called
alternative variables and are documented by separating each variable with a vertical bar (also known as a
pipe filter).
Pipe filters can be used in conjunction with required or optional keywords or variables. For example:
OR
[
|
]
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
About this Guide
▀ Contacting Customer Support
Contacting Customer Support
Use the information in this section to contact customer support.
For New Customers: Refer to the support area of http://www.cisco.com for up-to-date product documentation or to
submit a service request. A valid username and password is required to this site. Please contact your local sales or
service representative for additional information.
For Existing Customers with support contracts through Starent Networks: Refer to the support area of
https://support.starentnetworks.com/ for up-to-date product documentation or to submit a service request. A valid
username and password is required to this site. Please contact your local sales or service representative for additional
information.
Important: For warranty and repair information, please be sure to include the Return Material Authorization
(RMA) tracking number on the outside of the package.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This 8.0 Release
This chapter provides information on the major features and functionality added to the software with the 8.x release.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This 8.0 Release
▀ Common Features
Common Features
Configurable Transmit Timing Source
It is now possible to configure the transmit clock source, as either Building Integrated Timing Supply (BITS) or linetiming, for application services using SDH or SONET over the Optical line card or the Channelized line card.
BITS-timing provides the transmit timing source, using Stratum 3 compliant BITS modules resident on either the SPIO
with a BITS BNC interface or the SPIO with a BITS 3-pin interface. Line-timing recovers the receive timing from an
external clock source via a port on an Optical or Channelized line card. It is possible to configure both clock sources, so
that one timing source backs up the other.
Configuration of this clock source is explained in Configuring Transmit Timing Source in the System Administration
Guide.
Domain-based L2TP Tunnel Support
Benefits
This feature enables initiation of new L2TP create tunnel request to same LNS address based on the value of attribute
―Tunnel-Server-Auth-ID‖ in Access-Accept message received from AAA server. This value is treated as a key to
identify tunnel. Thus, effectively, this result in multiple L2TP tunnels based on the value of attribute received from
AAA server by a LAC. This value of attribute is treated as a key to identify tunnel.
Description
In earlier implementation, LAC chooses to create a new tunnel between LAC and LNS pair only when existing tunnel
has reached its full capacity of allowed L2TP sessions per tunnel. There was no provision to the further segregation of
the traffic between LAC and LNS.
New CLI command
is added in LAC
service configuration mode to support this feature. This command will provide facility to create new tunnel on the basis
of domain name irrespective of the current capacity of existing tunnels established for different domains.
The domain name (key to tunnel) is taken from the ―Tunnel-Server-Auth-ID‖ attribute received from AAA server and
when the LAC service needs to establish a new L2TP session, it will first check, if there is already an existing L2TP
tunnel with the peer LNS based on the value of key ―Tunnel-Server-Auth-ID‖ attribute value. If no such tunnel exists
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This 8.0 Release
Common Features ▀
for the key, it will create a new tunnel with the LNS. Limit for maximum number of 32000 tunnels per LAC service is
still valid.
Default configuration have selection-key as
in default setup.
. Hence, LAC will not make use of key to choose a tunnel with LNS,
Maximum number of session as configured with
command will be applicable for
each tunnel created through this command. By default each tunnel supports 512 sessions.
If LAC service needs to establish a new tunnel for new L2TP session with LNS and the tunnel create request fails
because maximum tunnel creation limit is reached, LAC will try other LNS addresses received from AAA server in
Access-Accept message for the APN/subscriber. If all available peer-LNS are exhausted, LAC service will reject the
call.
Important:
Currently this support is available for GGSN only.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This 8.0 Release
▀ ESS Features
ESS Features
This section contains information on features that pertain to the Local-External Storage Server (L-ESS) and Remote
(Long Term)-External Storage Server (R-ESS).
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This 8.0 Release
GGSN Features ▀
GGSN Features
Multimedia Broadcast Multicast Service (MBMS)
TP PR = 3915, ST16 PR = 23415
Benefits
MBMS is an IP datacast type of service in GSM and UMTS cellular network. It eliminates unnecessary replication of
data on UMTS wireless networks by transmitting a single stream of data to multiple users. By delivering a single,
unidirectional data stream to many subscribers, MBMS makes more efficient use of wireless network resources than
traditional point to point connections.
MBMS is a solution for transferring light video and audio clips and also a suitable method for mass communications.
MBMS functionality on the system is provided by an existing GGSN and/or SGSN service license. In the absence of a
valid license, the system functions as a standard unicast GGSN. When a GGSN is functioning in a MBMS environment,
it supports Gmb protocol interface with Broadcast/Multicast Service Center (BM-SC) for messaging.
Description
This is an enhanced feature and provides two mode of operations:
MBMS Broadcast Mode
MBMS Multicast Mode
A broadcast mode is a unidirectional point-to-multipoint service in which data is transmitted from a single source to
multiple terminals (UE/MS) in the associated broadcast service area/cell area. The transmitted data can be text to light
multimedia services (Audio, Video etc). On the other hand multicast mode is a unidirectional point-to-multipoint service
in which data is transmitted from a single source to a pre-defined multicast group of users that are subscribed to the
specific multicast service and have joined the multicast group in the associated multicast service area.
The following figure shows the reference architecture of MBMS service in UMTS network.
Figure 1.
MBMS Reference Architecture in UMTS network.
../../../GRAPHICS/Production/System_Enhanced_Feature/MBMS_Reference_v1.wmf
MBMS is able to use NPU assisted MBMS data flow processing on ASR 5000s so that system can relieve the Session
Manager to provide better performance and processing. Currently with NPU assisted data processing ASR 5000 can
support 225 SGSNs per MBMS Bearer Service for downlink of MBMS data.
This enhancement is not applicable to ST16 platforms and a maximum of 15 downlink SGSNs per MBMS Bearer
service are supported.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This 8.0 Release
▀ GGSN Features
For details about this new enhancement, refer MBMS Service Configuration chapter of the System Enhanced Feature
Configuration Guide.
License Keys
No separate license key required.
Traffic Shaping
Benefits
The bandwidth enforcement can be done in the downlink and the uplink direction independently. If there is no more
buffer space available for subscriber data system can be configured to either drop the packets or kept for the next
scheduled traffic session.
Description
This is an enhanced feature and is a traffic rate limiting method similar to the Traffic Policing, but it provides a buffer
facility for packets exceeded the configured limit. Once the packet exceeds the data-rate, the packet queued inside the
buffer to be delivered at a later time.
License Keys
Requires separate feature license key.
Benefits
The ASN Gateway provides following benefits and features
Proven solutions deployed in many of the world‘s largest Tier 1 production networks
Unsurpassed subscriber and network intelligence with unique DPI technology and service steering capabilities
High-capacity system meets and exceeds network requirements without changing or adding hardware
Platform flexibility provides multi-service integration of multiple access gateway functions on same hardware platform
Stateful transaction information, such as charging records, Quality of Service (QoS) and compression contexts, is
seamlessly transferred on handoffs without the need for call re-registrations
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This 8.0 Release
GGSN Features ▀
High value In-line Services enhance subscriber revenue generation opportunities and network efficiency
Description
ASN Gateway is the ideal subscriber mobility access gateway for IEEE 802.16e Mobile WiMAX radio access networks.
The ASN Gateway is designed to support connection management and mobility across cell sites and inter-service
provider network boundaries through processing of subscriber control and bearer data traffic. The ASN Gateway serves
as the Extensible Authentication Protocol (EAP) authenticator for subscriber identity and acts as a RADIUS client to the
operator‘s AAA servers.
ASN Gateway is a high capacity platform with the flexibility for small and large networks and can scale without
changing or adding additional chassis. The system simplifies the network by reducing the required number of devices
under management and minimizes connection set-up latency by reducing the number of call hand-offs in the network.
The ASN Gateway can be integrated with a Home Agent (HA), Gateway GPRS Support Node (GGSN), or WiFi Packet
Data Interworking Function (PDIF) for seamless mobility between Mobile WiMAX, 1xEV-DO, W-CDMA/UMTS, and
WiFi networks. The integration of multiple access gateway functions promotes network simplification, streamlines
network management, provides service ubiquity with no impact on the access network being utilized, and reduces
capital and operational expenses.
The ASN Gateway also provides the benefits of network-based mobility to non-Mobile IP-capable user access devices.
License Keys
Requires separate license key.
Benefits
The ASN Paging Controller and Location Registry provides following benefits and features
Proven solutions deployed in many of the world‘s largest Tier 1 production networks
Unsurpassed subscriber and network intelligence with unique DPI technology and service steering capabilities
High-capacity system meets and exceeds network requirements without changing or adding hardware
Platform flexibility provides multi-service integration of multiple access gateway functions on same hardware platform
Stateful transaction information, such as charging records, Quality of Service (QoS) and compression contexts, is
seamlessly transferred on handoffs without the need for call re-registrations
Description
ASN Paging Controller and Location Registry (PC/LR) provides the paging and location update to WiMAX subscriber
in IEEE 802.16 Mobile WiMAX radio access networks. This service can be used as a standalone product or in
combination with ASN GW as co-located services on same chassis.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This 8.0 Release
▀ GGSN Features
Paging and Idle Mode Operation is responsible to maintain a track and alert for MS when it is in idle mode for battery
power saving reasons. Paging is executed to alert MS when there is an incoming message. The following figure
illustrates the paging operation along with paging and idle mode elements in the system.
ASN Paging Controller and Location Registry (PC/LR) supports connection management and mobility across cell sites
and inter-service provider network boundaries through processing of subscriber control and bearer data traffic.
Figure 2.
ASN Paging Controller and Location Registry Reference Model
../../../GRAPHICS/Production/ASN_GW/Paging_network_reference_model_v1.wmf
In WiMAX networks, MS is tracked when it is in the idle mode and information is stored to a Location Register (LR).
Paging Controller (PG) in retrieves the location from LR and alerts the Paging agent (PA) in BS to signal to MS.
Location information for idle mode subscribers is maintained in a Location Register central database that is co-located
on an anchor paging controller. Idle mode can be initiated by the mobile device or the network.
The ASN PC/LR either run as a stand-alone function in a separate chassis or as an integrated service running on same
chassis as the Anchor Authenticator (A-PC)/Anchor Datapath (A-DP) ASN GW. The current implementation is based
on a topologically unaware paging scheme where the A-PC does not have global awareness of all member base stations
in a paging group. The A-PC uses a single step paging operation where paging notifications are sent to the last reported
serving paging controller or directly attached base station.
License Keys
Requires separate product license key.
Network Controlled QoS
Benefits
This feature provides control of QoS for subscriber from network element side; i.e. GGSN. It uses bearer control mode
and Active Charging Services parameters to provide packet filtering and other quality class identifier related
configurations.
Description
Network-controlled QoS is the method by which the QoS for a PDP context (primary or secondary) is updated on the
request of the GGSN through Network Requested Update PDP Context (NRUPC) message. It can also activate a new
secondary PDP context on Network Requested Secondary PDP Context Activation (NRSPCA) message from the
GGSN.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This 8.0 Release
GGSN Features ▀
License Keys
Requires separate license key.
Benefits
Direct tunnel improves the user experience (e.g. expedited web page delivery, reduced round trip delay for
conversational services, etc.) by eliminating SGSN tunnel ‗switching‘ latency from the user plane. An additional
advantage of Direct Tunnel from an operational and capital expenditure perspective is that direct tunnel optimizes the
usage of user plane resources by removing the requirement for user plane processing on the SGSN.
Description
The Direct Tunnel architecture allows the establishment of a direct user plane tunnel between the RAN and the GGSN,
bypassing the SGSN. The SGSN continues to handle the control plane signalling and typical makes the decision to
establish Direct Tunnel at PDP Context Activation. A Direct Tunnel is achieved at PDP context activation by the SGSN
establishing a user plane (GTP-U) tunnel directly between RNC and GGSN (using an Update PDP Context Request
towards the GGSN).
The following figure illustrates the working of direct Tunnel between RNC and GGSN.
Figure 3.
Direct Tunnel Support in GGSN
../../../GRAPHICS/Production/SGSN/SGSN-Direct-Tunnel_v2.wmf
A major consequence of deploying Direct Tunnel is that it produces a significant increase in control plane load on both
the SGSN and GGSN components of the packet core. It is therefore of paramount importance to a wireless operator to
ensure that the deployed GGSNs are capable of handling the additional control plane loads introduced of part of Direct
Tunnel deployment. The GGSN and SGSN offers massive control plane transaction capabilities, ensuring system
control plane capacity will not be a capacity limiting factor once Direct Tunnel is deployed.
Direct Tunnel Support
TP PR = 4218, ST16 PR = 47324
License Keys
Requires separate license key.
Hard Disk Storage for CDR Files
A hard disk has been introduced in the ASR 5000 to add storage capability.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This 8.0 Release
▀ GGSN Features
When storing CDR files on the SMC hard disk, first they are stored on RAMFS before they are moved to the hard disk
and then they can be off-loaded via ftp or sftp to an external server (such as the L-ESS or the GSS) or billing system.
For additional support information, see .
Use the new command
GTPP Group Configuration Mode to configure and enable hard disk usage.
command in
Use the new show/clear commands
in the Exec Mode to monitor/clear the file counters and statistics on the hard
disk.
Use the new
and
commands in the Global
Configuration Mode to allocate RAM for files and the number of compression process to support the hard disk
functionality.
GRE Protocol Interface
Benefits
GRE protocol functionality adds one additional protocol the ASR 5000 to support mobile users to connect to their
enterprise networks through Generic Routing Encapsulation (GRE).
GRE tunnels can be used by the enterprise customers of a carrier 1) To transport AAA packets corresponding to an APN
over a GRE tunnel to the corporate AAA servers and, 2) To transport the enterprise subscriber packets over the GRE
tunnel to the corporation gateway.
The corporate servers may have private IP addresses and hence the addresses belonging to different enterprises may be
overlapping. Each enterprise needs to be in a unique virtual routing domain, known as VRF. To differentiate the tunnels
between same set of local and remote ends, GRE Key will be used as a differentiator.
Description
GRE Tunneling is a common technique to enable multi-protocol local networks over a single-protocol backbone, to
connect non-contiguous networks and allow virtual private networks across WANs. This mechanism encapsulates data
packets from one protocol inside a different protocol and transports the data packets unchanged across a foreign
network. It is important to note that GRE tunneling does not provide security to the encapsulated protocol, as there is no
encryption involved (like IPSEC offers, for example).
GRE Tunneling consists of three main components:
Passenger protocol-protocol being encapsulated. For example: CLNS, IPv4 and IPv6.
Carrier protocol-protocol that does the encapsulating. For example: GRE, IP-in-IP, L2TP, MPLS and IPSEC.
Transport protocol-protocol used to carry the encapsulated protocol. The main transport protocol is IP.
The most simplified form of the deployment scenario is shown in the following figure, in which GGSN has two APNs
talking to two corporate networks over GRE tunnels.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This 8.0 Release
GGSN Features ▀
Figure 4.
GRE Deployment Scenario
../../../GRAPHICS/Production/System_Enhanced_Feature/GRE_deployment_scenario_v1.wmf
For more information on functioning and configuration of this interface, refer GRE Protocol Interface chapter in System
Enhanced Feature Configuration Guide.
License Keys
Requires separate license key.
Overcharging Protection on Loss of Radio Coverage
Benefits
This solution provides the ability to configure mobile carriers to maximize their network solutions and balancing the
requirements to accurately bill their customer.
Description
Consider scenario where a mobile is streaming or downloading very large files from external sources and the mobile
goes out of radio coverage. If this download is happening on Background/Interactive traffic class then the GGSN is
unaware of such loss of connectivity as SGSN does not perform the Update PDP Context procedure to set QoS to 0kbps
(this is done when traffic class is either Streaming or Conversational only). The GGSN continues to forward the
downlink packets to SGSN. In the loss of radio coverage, the SGSN will do paging request and find out that the mobile
is not responding; SGSN will then drops the packets. In such cases, the G-CDR will have increased counts but S-CDR
will not. This means that when operators charge the subscribers based on G-CDR the subscribers may be overcharged.
This feature is implemented to avoid the overcharging in such cases.
This implementation is based on Cisco-specific private extension to GTP messages and/or any co-relation of G-CDRs
and S-CDRs. It also does not modify any RANAP messages.
For more information of this feature, refer Subscriber Overcharging Protection chapter in System Enhanced Feature
Configuration Guide.
License Keys
Requires separate license key.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This 8.0 Release
▀ GSS Features
GSS Features
This section in development.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This 8.0 Release
HA Features ▀
HA Features
This section in development.
Session Continuity Support for 3GPP2 and WiMAX Handoffs
Benefits
This capability brings the following benefits:
common billing and subscriber management
accessing home 3GPP2 service through Wimax network and vice versa
better user experience with seamless session continuity
Description
This feature provides the session continuity capability to HA that enables a dual mode device (a multi radio device) to
continue its active data session as it changes its active network attachment from 3GPP2 to Wimax and vice versa with
no perceived user impacts from a user experience perspective.
License Keys
Requires separate license key.
Enterprise HA
Description
The Enterprise Home Agent is designed to offer an operator hosted VPN and private networking service for a high
number of enterprise-based subscribers with specialized networking applications. The requirements for this platform
include provisioning of WAN connectivity between the E-HA and enterprise routers on the egress side using various
tunneling protocols such as IPSEC, L2TP LAC and Ethernet VLANs. In this release the E-HA now provides the ability
to provision multiple attached enterprises to the same egress context and use BGP4 route advertisement to dynamically
advertise private overlapping addresses to downstream enterprise CPE routers. When IPSEC tunnels are used there is
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This 8.0 Release
▀ HA Features
also a tighter inter-working between IPSEC tunnel and BGP peering state to insure consistency of state information
between multiple protocol layers.
Benefits
Provides a highly secure network hosted private networking service for large enterprises that have data roaming users
that seek remote connectivity solutions to enterprise managed applications. The enterprise HA also provides a cost
effective solution for telemetry applications such as remote meter reading.
Mobile IPv6
Benefits
Enables use of single mobility core network for provisioning of IPv6 and IPv4 Mobile IP access services. Mitigates
IPv4 address depletion concerns for address intensive always-on applications and interactive applications such as VoIP,
video telephony and Push-to-Talk (PTT).
Description
MIPv6 allows a user to maintain a persistent IPv6 address even when handing off between Access Service Networks
(ASNs) connected to different ASN GWs and allows the access device to be reachable via the same MIPv6 Home of
Address (HoA) irrespective of the current point of attachment. A Mobile IPv6 Node (MN) uses two IPv6 addresses:
Care of Address (CoA) derived from Interface-ID assigned by DHCP Proxy component on ASN GW after verification of
user or device credentials during network access
Home of Address (HoA) assigned by HA during the Mobile IP registration with home network. The MN registers its
current point of attachment by providing its CoA.
The MN can operate in two modes:
Bidirectional tunnel - In this mode, all data traffic originating from or destined to the MNs MIPv6 HoA is
tunneled via the HA.
Route optimization - In this mode, the MN informs its correspondent node of its current point of attachment,
allowing the correspondent node to directly route packets destined to the MN's HoA through its CoA. Route
optimization will not be supported in this release.
Supported Features
MIPv6 message authentication mobility options in binding updates as per RFC 4285
MN-NAI mobility option in binding messages as per RFC 4283. The MN-NAI option must be included in all Binding
messages (Eg initial registration and subsequent updates).
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This 8.0 Release
HA Features ▀
Native 6-in-6 tunneling between ASR 5000 ASN GW and HA's
Session-based 6TO4 tunneling between ASR 5000 HA and ST16 ASN GW
Platform-based 6TO4 tunneling between ASR 5000 HA and adjacent 6BONE gateway routers
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This 8.0 Release
▀ IP Services Gateway Features
IP Services Gateway Features
This section in development.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This 8.0 Release
PDIF/FA Features ▀
PDIF/FA Features
Congestion Control and Overload Disconnect Support
Beginning with the 8.1 release of 01/01/09, PDIF supports congestion control and overload disconnect.
Refer to the ―Congestion Control‖ chapter in the PDIF Administration Guide, and to the Command Line Interface
Reference Guide for more configuration information
Custom DNS Handling
New CLI added to Crypto Template Config Mode: dns-handling { normal | custom }
During IKEv2 session setup, MS may or may not include INTERNAL_IP4_DNS in the Config Payload (CP). PDIF
may obtain one or more DNS addresses for the subscriber in DNS NVSE from a proxy-MIP Registration Reply
message. If Multiple Authentication is used, these DNS addresses may be also received in Diameter AVPs during the
first authentication phase, or in RADIUS attributes in the Access Accept messages during the second authentication
phase.
In
mode, by default PDIF always returns the DNS address in the config payload in the second authentication
phase if one is received from either the configuration or the HA.
mode is a new feature added to the CLI for this release to provide an alternative to the default operation. In
mode, depending on the number of INTERNAL_IP4_DNS, PDIF supports the variety of behaviors described
in the
section in the ―Crypto Template Configuration Mode Commands‖ chapter of the CLI
Reference Guide.
DELETE Payload Default Action Change
The IKEv2 stack currently always inserts a DELETE Payload in an INFORMATIONAL DELETE Response from both
the PDIF and the MN (WMN).
This default behavior has been updated to not insert a DELETE Payload when the response is from the PDIF.
Note that this behavior is supported by clarifications in RFC 4718.
IPMS Support
IPMS is a licensed feature for PDIF. It provides access to more saved reporting and analysis information.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This 8.0 Release
▀ PDIF/FA Features
It supports MIBs as they are developed and bulkstats. It must be configured in its own context.
IPMS is described in detail in its own documentation suite, including online help files.
Multiple Authentication
Multiple Authentication is used when setting up a Proxy-Mobile-IP call with PDIF. In Stage One the device is
authenticated with an HSS server.
In Stage Two, the subscriber is authenticated with a AAA server over a RADIUS interface.
In Stage One, the authentication method must be EAP-AKA. In Stage Two, the authentication must be either MD5 or
GTC. If neither MD5 nor GTC is supported, the PDIF can convert these authentication messages and use standard
PAP/CHAP authentication instead.
This is fully described in the ―PDIF Overview‖ chapter in the PDIF Administration Guide.
Online Upgrade
PDIF is now using an online upgrade model called Active-Standby. This requires a license to activate.
Two chassis are connected by a redundancy link and Service Redundancy Protocol (SRP) is used over the link to
monitor and control chassis state. Both active and standby chassis have SRP-Activated resources defined. Loopback
interfaces are used in the example in the Admin Guide.
―SRP-Activated‖ means that the resource is configured with
to make the protocol work between the
two chassis. These resources are the same between the Active and Standby PDIF. Loop-back IP addresses in Ingress and
Egress contexts and IP pools in egress contexts are usually SRP-Activated resources. Only the active chassis enables the
SRP-Activated resources.
Online upgrade is discussed in the PDIF Administration Guide.
SRP and other required commands are documented in the Command Line Interface Reference.
Public and Private Key Mismatch Check
PDIF supports x.509 certificates. Every certificate has a public key of its own and configuration on a PDIF is done with
the public key and a private key. A mechanism has now been added to verify the AUTH payload from PDIF using
PDIF‘s public key.
If there is a mis-match in the keys, you now see the following warning:
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This 8.0 Release
PDIF/FA Features ▀
Session Recovery
Session Recovery is now a licensed feature for PDIF. It is described in the ―PDIF Session Recovery‖ chapter of the
Enhanced Features Guide and is also described in the PDIF Admin Guide.
It is activated by the CLI
in the Global Config mode.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This 8.0 Release
▀ Mobile WiMAX Access Service Network (ASN) Gateway Support
Mobile WiMAX Access Service Network (ASN) Gateway Support
Our ASN GW compliments our other core networks products to expand our carrier support for WiMAX network
services.
The new ASN GW functionality is fully IEEE 802.16e Mobile WiMAX standards compliant and readily handles the
usual tasks, such as: mobility management, GRE tunneling, intra-ASN and inter-ASN handoffs, and session continuity
support at HA for 3GPP2 and WiMAX subscriber session.
ASN GW supports following WiMAX components as stand-alone or combined services:
ASN Gateway
WiMAX/4G HA Services
Hybrid HA Service for 3GPP2 and WiMAX dual technology mobile node.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This 8.0 Release
Mobile WiMAX ASN Paging Controller and Location Registry Service Support ▀
Mobile WiMAX ASN Paging Controller and Location Registry
Service Support
This service compliments our WiMAX ASN Gateway to expand the WiMAX network services.
The new ASN PC/LR functionality is fully IEEE 802.16e Mobile WiMAX standards compliant and readily handles the
usual tasks, such as: paging controller, idle mode management, and location registry update for WiMAX subscriber
session.
ASN GW supports following WiMAX components as stand-alone or combined services:
ASN Gateway
Paging Controller and Location Registry
WiMAX/4G HA Services
Hybrid HA Service for 3GPP2 and WiMAX dual technology mobile node.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This 8.0 Release
▀ SGSN Features
SGSN Features
The system provides wireless carriers with an unusually flexible form of Serving GPRS Support Node (SGSN) services.
Functioning as an SGSN, the system readily handles wireless data services within 2.5G General Packet Radio Service
(GPRS) and 3G Universal Mobile Telecommunications System (UMTS) data networks.
The following documents have been created or modified to support the SGSN:
Product Overview
SGSN Administration Guide
System Administration Guide
System Enhanced Features Configuration Guide
Command Line Interface Reference
Statistics and Counters Reference
SNMP MIB Reference
CLI Reference Guide
AAA Reference Guide
Thresholding Configuration Guide
ASR 5000 Hardware Installation and Administration Guide
In a GPRS/UMTS network, the SGSN works in conjunction with Radio Access Networks (RANs or UTRANs), Home
Location Registers (HLRs), and Gateway GPRS Support Nodes (GGSNs) to:
Attach/detach subscriber sessions.
Communicate with an HLR to register a subscriber‘s User Equipment (UE), or to authenticate, retrieve or update
subscriber profile information.
Provide Short Message Service (SMS) and other text-based network services for attached subscribers.
Activate and manage IPv4, IPv6, or Point-to-Point Protocol (PPP) -type Packet Data Protocol (PDP) contexts for
a subscriber session.
Setup and manage the data plane between the RNCs and the GGSN.
Provide mobility management, location management, and session management for the duration of a call to
ensure smooth handover.
Provide various types of Charging Data Records (CDRs) to the Charging Gateway Function (CGF).
The remainder of this section contains information on new SGSN features (listed alphabetically) being launched in
release 8.0. Additional information on these features can be found in the Product Overview, SGSN Overview section,
the SGSN Administration Guide, and in the CLI Reference Guide.
2.5G/3G Dual Access
Within the same chassis, the SGSN can simultaneously operate as both a 2.5G SGSN and a 3G SGSN. This co-location
has been done without proprietary protocols thus avoiding problems with mobility and handoff. Dual access provides a
range of benefits, such as: use of the same hardware, load sharing, and the need for fewer IP addresses.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This 8.0 Release
SGSN Features ▀
Attach Rate Throttle
It is unlikely that the SGSN would become a bottleneck because of the SGSN‘s high signaling rates. However, other
nodes in the network may not scale commensurately. To provide network overload protection, the SGSN provides a
mechanism to control the number of attaches occurring through it on a per second basis.
Direct Tunnel Support
Fractional E1/DS1 Support
The SGSN, using the Channelized Line Cards, now supports standard fractional E1/DS1 with up to 8 configurable
groupings of time slots per port. This feature is configured with a combination of the commands in the Card
Configuration Mode and Channelized Port Configuration Mode chapters of the CLI Reference Guide.
Ga Interface to the CGF/GSS
The SGSN now supports the Ga interface to the CGF or GSS for accounting purposes.
The SGSN uses the Ga interface to communicate with the Charging Gateway Function (CGF) or GTPP Storage Server
(GSS) using GTP Prime (GTPP). The charging gateway is responsible for buffering and pre-processing billing records.
One or more Ga interfaces can be configured per system context. This interface is supported through the following
commands in the Context configuration mode:
gtpp charging-agent address
gtpp duplicate-hold-time minutes
gtpp echo-interval
gtpp max-cdrs
gtpp max-pdu-size
gtpp max-retries
gtpp redirection-allowed
gtpp server
gtpp storage-server
gtpp timeout
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This 8.0 Release
▀ SGSN Features
Gb-Flex - SGSN Pooling
The SGSN, with its high capacity, signaling performance, and peering capabilities combined with its level of fault
tolerance, delivers many of the benefits of Flex functionary even without deploying SGSN pooling.
As defined by 3GPP TS 23.236, the SGSN implements Gb-Flex functionality to ensure SGSN pooling for 2.5G accesses
as both separate pools and as dual-access pools. SGSN pooling enables the following:
Eliminates the single point of failure between a BSS and an SGSN.
Ensures geographical redundancy, as a pool can be distributed across sites.
Minimizes subscriber impact during service, maintenance, or node additions or replacements.
Increases overall capacity via load sharing across the SGSNs in a pool.
Reduces the need/frequency for inter-SGSN RAUs. This substantially reduces signaling load and data transfer
delays.
Supports load redistribution with the SGSN offloading procedure.
Gs Interface to the MSC/VLR
In Release 8.0, the SGSN now supports the Gs interface to the MSC/VLR.
This interface is vital in the call-setup process as these databases provide authentication information about MS/UEs
attempting to attach.
The Gs Service Configuration Mode has been added to configure and manage the Gs interface between the SGSN and
the MSC/VLR. This new mode includes the following commands:
associate-sccp-network
bssap+
default
end
exit
max-retransmission
non-pool-area
pool-area
timeout
vlr
The new commands will be found the chapter titled Gs Service Configuration Mode Commands in the Command Line
Interface Reference.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This 8.0 Release
SGSN Features ▀
Hard Disk Storage for CDR Files
A hard disk has been introduced in the ASR 5000 to add storage capability.
When storing CDR files on the SMC hard disk, first they are stored on RAMFS before they are moved to the hard disk
and then they can be off-loaded via ftp or sftp to an external server (such as the L-ESS or the GSS) or billing system.
For additional support information, see .
Use the new command
GTPP Group Configuration Mode to configure and enable hard disk usage.
command in
Use the new show/clear commands
in the Exec Mode to monitor/clear the file counters and statistics on the hard
disk.
Use the new
and
commands in the Global
Configuration Mode to allocate RAM for files and the number of compression process to support the hard disk
functionality.
IuFlex / SGSN Pooling
The SGSN supports 2G Gb Flex with SGSN Pooling and now 3G Iu Flex with SGSN Pooling as an orderable feature.
Iu Flex and SGSN Pooling functionality has been implemented according to 3GPP TS23.236. The SGSN supports
pooling for both 3G and 2G accesses, both as separate pools and as dual-access pools.
IuFlex works by defining NRIs in the SGSN service and configuring RNCs as pooled. Pooled RNCs will be able to coexist with RNCs that are connected to only one SGSN.
Iu Flex offloading is also enabled via configuration. This implementation allows carriers to load balance sessions among
pooled SGSNs; where Iu Flex provides carriers deterministic failure recovery.
Additional benefits of Iu Flex include:
Enables geographical redundancy, as a pool can be distributed across sites.
Increases overall capacity, as load sharing across the SGSNs in a pool is possible.
Reduces signaling load as well as data transfer due to conversion of inter-SGSN RAUs to intra-SGSN RAUs for
moves between RAs controlled by the same pool.
Simplifies introduction of new nodes and replacement of old nodes as subscribers can be moved in a planned
manner to new nodes.
Eliminates single point of failure between an RNC/BSS and SGSN.
Enables service downtime for maintenance scheduling.
Multiple PLMN Support (2.5G only)
With this new feature, the 2.5G SGSN supports cell-sites with more than one PLMN-ID.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This 8.0 Release
▀ SGSN Features
Operators can now assign a different PLMN-ID to each cell in the network (typically, there are no more than 3 or 4
PLMN-IDs in a single network). This multiple PLMN support also enables an operator to 'hire out' their infrastructure to
other operators who wish to use their own PLMN-IDs. Each cell can be part of only one PLMN (one GRPS service). By
configuring the GPRS service for each PLMN-ID, this feature allows the 2.5G SGSN to perform handovers between the
service instances.
Configuring Multiple PLMN Support:
The 2.5G SGSN supports MS handover from one PLMN to another PLMN by configuring multiple instances of the
GPRS service, each with a different PLMN-ID, in the same context.
Each of the GPRS services must use the same MAP, SGTPU and GS services so these only need to be defined one-time
per context. For command details, refer to the GPRS Service Configuration Mode and MAP, SGTP, and GS Service
Configuration Mode chapters in the Command Line Interface Reference.
To enable appropriate S-CDR generation in a multiple PLMN-ID scenario, use the
keyword for
the
command in the GTPP Group Configuration Mode also documented in the CLI Reference.
CLI
SMS is enabled with the
command in the MAP Service configuration mode. Entering this
command accesses the SMS Service configuration mode with the commands to define the SMS service operational
configuration:
Network-Initiated PDP Context Activation
SGSN now supports standards-compliant network-initiated PDP context activation. The network, or actually the GGSN,
is not actually initiating the PDP context activation - it is requesting the MS/UE to activate the PDP context.
Network Sharing
PR6545
The SGSN enables two or more network operators to share common network infrastructure. In accordance with 3GPP
TS 23.251, the SGSN supports two different configurations for network sharing based on the resources being shared:
gateway core network (GWCN) and multi-operator core network (MOCN).
With GWCN, the complete RAN and partial core network are shared among different operators. Each operator will have
its own network node for GGSN/HLR, etc., while sharing SGSN/MSC and the remaining radio network.
../../../GRAPHICS/Production/SGSN/NetShare_GWCN_v1.wmf
With MOCN, the complete radio network is shared among different operators, while each operator maintains its own
separate core network.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This 8.0 Release
SGSN Features ▀
../../../GRAPHICS/Production/SGSN/NetShare_MOCN_v1.wmf
With these two configurations, the SGSN supports multiple scenarios such as MOCN with non-supporting UE, MOCN
with supporting UE, GWCN with supporting UE, and GWCN with non-supporting UE.
NPU FastPath
TP6514
The NPU FastPath feature is proprietary and only available on the ASR 5000 SGSN systems. The purpose of this type
of internal direct tunnel is to optimize resource usage and reduce latency when processing GTP-U packets. Incoming
traffic passes through the switch fabric and the routing headers are changed to re-route traffic from the incoming
Network Processing Unit (NPU) of the ingress PSC directly to the outgoing NPU of the egress PSC. This means that
intervening NPUs and CPUs are by-passed. This provides the SGSN with router-like latency and increased node
signaling capacity.
Figure 5.
SGSN NPU FastPath
../../../GRAPHICS/Production/SGSN/SGSN-FastPath_v3.wmf
Fast path is established when both ends of a tunnel are available. Two fast path flows are established, one for the uplink
and one for the downlink direction for a given PDP context.
If FastPath cannot be established, the NPU forwards the GTP-U packets to a CPU for processing and they are processed
like all other packets.
The following situations will not have packets moved through FastPath:
Traffic Policing & Shaping
Subscriber Monitoring
Lawful Intercept (LI)
IP Source Violation Checks
Intra-SGSN RAU
Iu-connection release
QoS Traffic Policing per Subscriber
The SGSN now offers QoS traffic policing which enables the operator to configure and enforce bandwidth limitations
on individual PDP contexts of a particular traffic class. Traffic policing typically deals with eliminating bursts of traffic
and managing a traffic flow in order to comply with a traffic contract.
The SGSN conforms to the DiffServ model for QoS by handling the 3GPP defined classes of traffic, QoS negotiation,
DSCP marking, traffic policing, and support for HSDPA/HSUPA.
The SGSN can police uplink and downlink traffic according to predefined QoS negotiated limits fixed on the basis of
individual contexts - either primary or secondary. The SGSN employs the Two Rate Three Color Marker (RFC2698)
algorithm for traffic policing.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This 8.0 Release
▀ SGSN Features
For more information, see the SGSN Overview in the Product Overview and the Traffic Policing and Shaping and
Dynamic QoS Renegotiation chapter in System Enhanced Feature Configuration Guide.
Session Recovery Support
The session recovery feature, now available for both 2G and 3G SGSNs, handles SGSN services for all attached and/or
activated subscribers.
When enabled, session recovery provides seamless failover and reconstruction of subscriber session information in the
event of a hardware or software fault within the system preventing a fully connected user session from being
disconnected.
This is an enhanced feature and requires a separate license key to be enabled with the SGSN service. For more
information on session recovery, refer to the System Enhanced Feature Configuration Guide.
Short Message Service - SMS
The SGSN implements a configurable Short Message Service (SMS) to send and receive text messages up to 140 octets
in length.
The SGSN handles multiple, simultaneous messages of both types: those sent from the MS/UE (SMS-MO: mobile
originating) and those sent to the MS/UE (SMS-MT: mobile terminating).
After verifying a subscription for the PLMN‘s SMS service, the SGSN connects with the SMSC (Short Message Service
Center), via a Gd interface, to relay received messages (from a mobile) using MAP-MO-FORWARD-REQUESTs for
store-and-forward. In the reverse, the SGSN awaits messages from the SMSC via MAP-MT-FORWARD-REQUESTs
and checks the subscriber state before relaying them to the target MS/UE. The SGSN will employ both the Page
procedure and MNRG (mobile not reachable for GPRS) flags in an attempt to deliver messages to subscribers that are
absent.
The SGSN supports both charging for SMS messages (MO - mobile originating and MT - mobile terminating) and
lawful intercept of SMS-MO and SMS-MT messages.
Configuration for the service is explained in the SGSN Administration Guide. The various CLI used to enable and
configure the SMS service are defined in the Command Line Interface Reference.
Traffic Handling - QoS Provisioning with ARP
The SGSN now enables setting the priority of service via the configuration of the Allocation/Retention Priority (ARP)
IE. By including this IE in the RANAP message during the RAB assignment procedure it is possible to specify the
relative importance of the radio access bearers for the allocation and retention of traffic. When there is a resource
crunch, the IE is used by the RNC to allocate or deallocate resources according to the defined priority. This IE also tells
whether queuing of packets is allowed or not.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This 8.0 Release
SGSN Features ▀
Although the HLR subscription record only provides a single priority parameter (values 0 to 3), the RNC needs
additional information, which our configuration command maps to the subscription priority. Additional information
needed:
Priority Level: 1..15
Pre-emption Capability Indicator (PCI): shall-not-trigger-pre-emption, may-trigger-pre-emption
Pre-emption Vulnerability Indicator (PVI): pre-emptable, not-pre-emptable
Queuing Allowed: queuing-not-allowed, queuing-allowed
For configuration details, see SGSN APN Configuration Mode in the CLI Reference Guide.
Data Rate Management per RNC
Configurable control of data rates on a per RNC basis enables operators to allow subscribers to roam in and out of
coverages areas with different QoS levels.
The SGSN can now limit data rates (via QoS) on a per-RNC basis. Some RNCs support HSPA rates (up to 16 Mbps in
the downlink and 8 Mbps in the uplink) and cannot support higher data rates - such as those enabled by HSPA+
(theoretically, up to 256 Mbps both downlink and uplink). Being able to specify the QoS individually for each RNC
makes it possible for operators to allow their subscribers to move in-and-out of coverage areas with different QoS
levels, such as those based on 3GPP Release 6 (HSPA) and 3GPP Release 7 (HSPA+).
For example, when a PDP established on an RNC with 21 Mbps is handed off to an RNC supporting only 16 Mbps, the
end-to-end QoS will be re-negotiated to 16 Mbps. Note that an MS/UE may choose to drop the PDP during the QoS
renegotiation to a lower value.
This data rate management per RNC functionality is enabled, in the RNC configuration mode, by specifying the type of
3GPP release specific compliance, either release 7 for HSPA+ rate or pre-release 7 for HSPA rates. For configuration
details, refer to the RNC Configuration Mode chapter in the Command Line Interface Reference (version 8.x).
CLC2 - Channelized Line Card 2
New in release 8.1, the SGSN supports the Channelized Line Card 2 (CLC2), the next-generation SONET/SDH
channelized line card for Frame Relay signaling on the ASR 5000.
In North America, the card supplies ANSI SONET STS-3 (optical OC-3) signaling. In Europe, the card supplies SDH
STM-1 (optical OC-3). The transmission rate for the card is 155.52 Mb/s with 336 SONET channels supplying T1 and
252 SDH channels supplying E1. The CLC2 is RoHs 6/6 compliant. Each CLC2 provides four optical fiber physical
interfaces (ports). For more information about this card, refer to the ASR 5000 Hardware Installation and
Administration Guide.
OLC2 - Optical Line Card 2
New in release 8.1, the SGSN supports, the SGSN supports the Optical Line Card 2 (CLC2), the next-generation
SONET/SDH optical line card for ATM signaling on the ASR 5000.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This 8.0 Release
▀ SGSN Features
The OLC2 supports all features, including 4 ports, available on the original OLC but now includes RoHs 6/6
compliance. For more information about this card, refer to the ASR 5000 Hardware Installation and Administration
Guide.
PSC2 - Packet Services Card 2
New in release 9.0, the SGSN supports the Packet Services Card 2 (PSC2), the next-generation packet forwarding card
for the ASR 5000. The PSC2 provides increased aggregate throughput and performance, and a higher number of
subscriber sessions. For more information about this card, refer to the ASR 5000 Hardware Installation and
Administration Guide.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This 8.0 Release
Web Element Manager Features ▀
Web Element Manager Features
Configuration Audit
The Web Element Manager now supports the ability to audit configuration parameters (attributes) for each managed
chassis.
Audits are performed based on user-specified audit attributes either on-demand or at regularly scheduled intervals.
When an audit is performed, the Web Element Manager executes scripts to pull configuration information from
managed chassis via SSH and parse the configuration for the specified audit attributes. Once gathered, the attribute
information is stored in a database. Attribute information can be viewed through the Web Element Manager application
or in PDF or CSV-formatted reports.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This Release
This chapter provides information on the major features and functionality added to the software with this release. Topics
covered in this chapter are:
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This Release
▀ Common Features
Common Features
Dynamic MPLS Label Support
Benefits
This feature provides dynamic MPLS label support for ingress and egress traffic where system works as MPLSCustomer Edge system and maintains VRF routes in various VRFs and exchanges route information with peer over MPeBGP session with an Autonomous System Border Router (ASBR).
Description
In depolyment scenario the MPLS-CE system maintains VRF routes in various VRFs and exchanges route information
with peer over MP-eBGP session with peer. The peer in this scenario is not a PE router but an ASBR. The ASBR does
not need to maintain any VRF configuration. The PE routers use IBGP to redistribute labeled VPN-IPv4 routes either to
an Autonomous System Border Router (ASBR), or to a route reflector of which an ASBR is a client. The ASBR then
uses eBGP to redistribute those labeled VPN-IPv4 routes to MPLS-CE in another AS. Because of eBGP connection,
ASBR changes the next-hop and labels in the routes learnt from iBGP peers before advertising to MPLS-CE. MPLS-CE
is directly connected eBGP peering and uses only MP-eBGP to advertise and learn routes. MPLS-CE pushes/pops single
label to/from ASBR, which is learnt over MP-eBGP connection. This scenario uses dynamic MPLS lable and avoids
configuration of VRFs on PE, which are already configured on MPLS-CE.
For more information on functioning and configuration of this interface, refer Multiple Protocol Lable Switching
chapter in System Enhanced Feature Configuration Guide.
License Keys
Requires separate license key.
PPC Card
The PPC features a quad-core x86 2.5Ghz CPU and 16GB of RAM. The processor runs a single copy of the operating
system. To check the CPU in the CLI, use the show cpu table command. The operating system running on the PPC
treats the dual-core processor as a 2-way multi-processor. You can see this in the output of the show cpu info verbose
command.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This Release
Common Features ▀
A second-generation data transport fixed programmable gate array (DT2 FPGA, abbreviated as DT2) connects the
PPC‘s NPU bus to the switch fabric interface. The FPGA also provides a bypass path between the line card or
Redundancy Crossbar Card (RCC) and the switch fabric for ATM traffic. Traffic from the line cards or the RCC is
received over the FPGA‘s serial links and is sent to the NPU on its switch fabric interface. The traffic destined for the
line cards or RCC is diverted from the NPU interface and sent over the serial links. DT2 FPGA also connects to the
control processors subsystem via a PCI-E bus. The PCI-E interface allows the control processors to perform register
accesses to the FPGA and some components attached to it, and also allows DMA operations between the NPU and the
control processors‘ memory. A statistics engine is provided in the FPGA. Two reduced latency DRAM (RLDRAM)
chips attached to the FPGA provide 64MB of storage for counters.
For detailed information about the PPC, refer to the ASR 5000 Hardware Administration and Installation Guide.
Side-by-side Redundancy for the 10 Gig Line Card (XGLC)
The ASR 5000 chassis provides the redundancy scheme for using top and bottom line card slots for one-to-one
redundancy for line cards with top and bottom line card slot for one-to-one redundancy. The 10 Gig Line Card (XGLC)
is a full-height card that requires both top and bottom line card slots for a single 10-gigabit port. This means that the
scheme for using top and bottom line card slots for one-to-one redundancy is not workable for XGLCs. This feature
provides side-by-side 1:1 XGLC redundant arrangement from functioning with other Ethernet line card types
Description
The XGLC is a full-height card that requires both top and bottom line card slots for a single 10-gigabit port. This means
that the scheme for using top and bottom line card slots for one-to-one redundancy is not workable for XGLCs. To
achieve one-to-one line card redundancy, user must install two XGLCs in adjacent slots. Otherwise, user can configure
port and card redundancy for the XGLCs in the same way as other line cards. There are no restrictions that prevent the
side-to-side 1:1 XGLC redundant arrangement from functioning with other Ethernet line card types.
Each PSC or PSC2 is mated to a single XGLC. Monitoring functions occur in a distributed fashion. Select the line cards
that act as a redundant pair via the CLI. Configure the redundant pairs prior to configuring the interface bindings so that
proper parallel physical and logical port configurations are established. The card redundancy and monitoring begins as
soon as the PSC or PSC2 in front is active.
Note: Side-by-side 1:1 redundancy only operates on top line card slot numbers: cards 17 through 23 and 26 through 32.
Make sure that both PSCs or PSC2s in front of the line cards are of the same type, configured as a redundant pair, and
active.
For more information on side by side 1:1 redundancy for 10 Gig line card (XGLC), refer to the ASR 5000 Hardware
Installation Guide.
License Keys
No separate license key required.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This Release
▀ Common Features
Benefits
This feature allows the P-CSCF to provide IPv4-IPv6 interworking in the following scenarios:
When UEs are IPv6-only and the IMS core network is IPv4-only
When UEs are IPv4-only and the IMS core network is IPv6-only
In addition, IPv4-IPv6 interworking helps an IPv4 IMS network transition to an all-IPv6 IMS network.
The following interworking requirements are currently supported:
IPv4 TCP and IPv6 TCP
Transport switching allowed based on size for both v4 and v6 network
UDP fragmentation allowed for both v4 and v6 networks
P-CSCF supports Mw and Gm interfaces on both v4 and v6
KPIs for Mw and Gm interfaces are supported on both v4 and v6
DNS supported for v4 and v6 networks
Interworking supported for IM and presence
Both v4 and v6 handsets are supported simultaneously on the same P-CSCF node
Description
P-CSCF will provide IPv4-IPv6 interworking functionality between IPv6-only UEs and IPv4-only core network
elements (I/S-CSCF) by acting as a dual stack. To achieve the dual-stack behavior, P-CSCF will be configured in two
services with the first service (V6-SVC) listening on an IPv6 address and the second service (V4-SVC) listening on an
IPv4 address. SIP messages coming from IPv6 UEs will come to V6-SVC and will be forwarded to the IPv4 core
network through V4-SVC. Similarly, messages from the IPv4 core network come to V4-SVC and will be forwarded to
IPv6 UEs via V6-SVC. P-CSCF also provides interworking functionality between IPV4-only UEs and IPv6-only core
network elements.
To identify the need for v4-v6 interworking for a new incoming IPv6 REGISTER arriving at V6-SVC, a route lookup is
performed based on the request-uri, first in V4-SVC context and then in V6-SVC context if the first lookup does not
return any matching route entry. If a matching IPv4 next-hop route entry is found, then this indicates that interworking
needs to be done. If no route entry is found, then a DNS query on request-uri domain is done for both A and AAAA
type records. If DNS response yields only an IPv4 address, then this is also the case for performing v4-v6 interworking.
Headers (such as Via, Path, etc.) are automatically set to IPv4 bind address of P-CSCF V4-SVC. Remaining headers
will be not be altered and sent as is toward the S-CSCF. The IPv4 address in a Path header received from S-CSCF in
200Ok of REGISTER will be replaced with V6-SVC‘s IPv6 address before forwarding to UE.
P-CSCF handling different v4-v6 interworking scenarios is shown below.
Figure 6.
v4v6interworking.wmf
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This Release
Common Features ▀
Figure 7.
Interworking Between IPv6 UE and IPv4 IMS Core Network
../../../GRAPHICS/Production/SCM/v6v4interworking.wmf
Figure 8.
Interworking Between IPv4 UE and IPv6 IMS Core Network
../../../GRAPHICS/Production/SCM/v4v6interworking.wmf
DCCA URCS (IPC-G) Steering Based on Subscriber IMSI Prefix/Suffix
This release supports peer selection using IMSI prefix or suffix, or IMSI prefix or suffix range. Subscribers are now
assigned to a primary OCS instance based on the IMSI prefix or suffix of a length of 1 to 15 digits. If the prefix or suffix
keyword is not specified, the suffix will be considered. Up to 64 peer selects can be configured. At any time, either
prefix or suffix mode can be used in one DCCA config. If the prefix or suffix mode is used, the lengths of all
prefix/suffix must be equal.
EDR/UDR File Push Directory Structure
In earlier StarOS 9.0 releases, whenever CDR transfer mode push was configured with a remote URL, on the external
server the chassis would by default create an extra directory in the base directory path before creating the edr/udr
directories.
For example, with the following configuration:
The following directory structure was created on the external server:
This enabled to keep EDR and UDR files from multiple chassis pushing to the same external server with same base
directory separate.
In the current release, the default behavior has changed, the extra directory with the chassis host name will not be
created on the external server. This behavior is the same as in the StarOS 8.x releases. The directory structure will be:
| udr
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This Release
▀ Content Filtering in Release 9.0
Content Filtering in Release 9.0
This section provides information for new features in Content Filtering in Release 9.0.
Category-based Static-and-Dynamic Content Filtering
This release introduces support for Category-based Static-and-Dynamic Content Filtering, wherein if static rating
categorizes a URL as either ―dynamic‖ or ―unknown‖, the ―requested content‖ is sent for dynamic rating. Wherein the
―requested content‖ is analyzed and categorized. Action is taken based on the category determined by dynamic rating,
and the action configured for that category in the subscriber‘s content filtering policy. Possible actions include
permitting, blocking, redirecting, and inserting/altering content.
Dynamic Content Filtering enables on-the-fly content analysis of Web traffic using different content analysis
techniques. When a Web page is received, it is analyzed and then categorized according to the content found in the
page. Whether a Web site has existed for five months or for five minutes does not matter since determination of the
category to which the Web page belongs is made just at the time of request. A combination of static filtering and
dynamic inspection provides real accuracy and scalability as the Web weaves an increasingly sophisticated network of
sites.
Important: Category-based Content Filtering can only work in static-only or in static-and-dynamic
modes. Dynamic-only Content Filtering mode is not supported.
For more information, refer to the Content Filtering Services Administration Guide.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This Release
ECS Features ▀
ECS Features
This section provides information on new features in Enhanced Charging Service in Release 9.0.
EDR Generation in Flow-end and Transaction Complete Scenarios with snvolume Fields
In this release sn-volume-amt counters will be re-initialized only when the fields are populated in EDRs. For example,
consider the following two EDR formats:
Previously, if edr2 was generated, even though sn-volume-amt fields are not populated, sn-volume-amt counters (uplink
bytes, uplink packets, downlink bytes, downlink packets) were re-initialized. So the total volume reflected by EDRs in
sn-volume-amt counters was less than the actual count.
In this release, sn-volume-amt counters will be re-initialized only if these fields are populated in the EDRs. Now, if edr2
is generated, these counters will not be re-initialized. These will be re-initialized only when edr1 is generated.
Also, note that only those counters will be re-initialized which are populated in EDR. For example, in the following
EDR format:
If edr3 is generated, only uplink bytes and downlink bytes counters will be re-initialized and uplink packets and
downlink packets will contain the previous values till these fields are populated (say when edr1 is generated).
IPv6 and ICMPv6 Support in the Enhanced Charging Service
StarOS 9.0 introduces support for IPv6 and ICMPv6 packets and their parsing in the Enhanced Charging Service.
ECS can now parse both IPv4 and IPv6 packets and pass them to upper layers for analysis. ECS will match the rule
based on IPv6 fields and generate various statistics for IPv6 packets. Dynamic routing used by various analyzers like
FTP, RTSP, RTP, and SIP also supports IPv6 addresses.
The enhancement to ECS in Release 9.0 provides appropriate CLIs to configure IPv6 fields in rules and EDRs. Various
CLIs are provided to configure rules related to IPv6 fields for charging and routing. Several fields in EDRs give IP
address. ECS will also support IPv6 addresses in these EDR fields. Show command CLIs which show IP addresses
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This Release
▀ ECS Features
support IPv6 addresses as well. The various logs in ECS which log IP addresses along with other information, supports
IPv6 addresses as well. ECS supports various header fields of IPv6 in EDRs. In config-acs-edr mode, ECS supports
generating EDRs for IPv6 fields.
StarOS 9.0 also supports ICMPv6 packets and their parsing in ECSv2. The header structure of ICMP and ICMPv6 is
similar but the values of header fields like type and code have different meaning in the two.
With the support for IPv6 in ECS, AAAA record type is now supported in DNS for IPv6 addresses.
Maximum Number of Charging-Rule-Definition AVPs Supported in a Single
CCA
In earlier releases, there was no limit check for the number of Charging-Rule-Definition AVPs (dynamic rules) that are
processed in a single Gx CCA command. In this release, the number of dynamic rules is limited to 100 per Gx message.
The following per Gx message limits are applicable in this release:
Charging-Rule-Names: 256
Charging-Rule-Base-Names: 20
Charging-Rule-Definitions: 100
Length of Charging-rule-name/base-name: 32
URL Filtering
This release supports the URL Filtering feature, which simplifies using rule definitions for URL detection. Prefixed
URLs are URLs of the proxies. A packet can have a URL of the proxy and the actual URL contiguously. First a packet
is searched for the presence of proxy URL. If the proxy URL is found, it is truncated from the parsed information and
only the actual URL (that immediately follows it) is used for rule matching and EDR generation.
For more information, refer to the Enhanced Charging Service Administration Guide.
3GPP R7 Gx Interface Support
As defined by the 3GPP standards, the R7 Gx interface is located between the GGSN and the Policy Decision Function
(PDF) / Policy and Charging Rule Function (PCRF). It is a Diameter-based interface and provides the functions
provided earlier by the Gx (R6) and Go interfaces. Gx interface as part of a Policy / PCC framework allows the operator
to have dynamic policy and charging control, key features when ―flat rate‖ broadband services are offered. However, it
is paramount that the operator maintains control over the available resources, and provides a fair usage policy to its
subscribers, via bandwidth control, quota management and other mechanisms.
This release supports the following features:
PCEF-based bearer binding.
IMSA support for secondary contexts.
QoS Negotiation AVP and QoS Upgrade AVP in Gx messages.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This Release
ECS Features ▀
Single repository of ruledefs for all PDP contexts.
Moving of PCC rules across PDP contexts if indicated by PCRF.
QoS enforcement per service data flow.
Bearer identifier value extensible to non-GPRS access type.
Ability to define static policies to deny and allow based on 5-tuple information; ability to enable and disable
from the PCRF.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This Release
▀ eHRPD Features
eHRPD Features
This section contains information on new 9.0 features that pertain to the HRPD Serving Gateway (HSGW) and the PDN
Gateway (P-GW) supporting eHRPD network services.
New HSGW Features
The HSGW is new in release 9.0.
The HSGW terminates the eHRPD access network interface from the Evolved Access Network/Evolved Packet Core
Function (eAN/ePCF) and routes UE-originated or terminated packet data traffic. It provides interworking with the
eAN/ePCF and the PDN Gateway (P-GW) within the Evolved Packet Core (EPC) or LTE/SAE core network and
performs the following functions:
Mobility anchoring for inter-eAN handoffs
Transport level packet marking in the uplink and the downlink, e.g., setting the DiffServ Code Point, based on
the QCI of the associated EPS bearer
Uplink and downlink charging per UE, PDN, and QCI
Downlink bearer binding based on policy information
Uplink bearer binding verification with packet dropping of UL traffic that does not comply with established
uplink policy
MAG functions for S2a mobility (i.e., Network-based mobility based on PMIPv6)
Support for IPv4 and IPv6 address assignment
EAP Authenticator function
Policy enforcement functions defined for the Gxa interface
Robust Header Compression (RoHC)
Support for VSNCP and VSNP with UE
Support for packet-based or HDLC-like framing on auxiliary connections
IPv6 SLACC support, generating RAs responding to RSs
New P-GW Features
The P-GW is new in Release 9.0.
The P-GW terminates the SGi interface towards the Packet Data Network (PDN). If a UE is accessing multiple PDNs,
there may be more than one P-GW for that UE. The P-GW provides connectivity to the UE to external packet data
networks by being the point of exit and entry of traffic for the UE. A UE may have simultaneous connectivity with more
than one P-GW for accessing multiple PDNs. The P-GW performs policy enforcement, packet filtering for each user,
charging support, lawful interception and packet screening.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This Release
eHRPD Features ▀
Another key role of the P-GW is to act as the anchor for mobility between 3GPP and non-3GPP technologies such as
WiMAX and 3GPP2 (CDMA 1X and EvDO).
P-GW functions for supporting non-3GPP access (eHRPD) include:
Mobility anchor for mobility between 3GPP access systems and non-3GPP access systems. This is sometimes
referred to as the SAE Anchor function.
Policy enforcement (gating and rate enforcement)
Per-user based packet filtering (deep packet inspection)
Charging support
Lawful Interception
UE IP address allocation
Packet screening
Transport level packet marking in the downlink;
Down link rate enforcement based on Aggregate Maximum Bit Rate (AMBR)
Local Mobility Anchor (LMA) according to draft-ietf-netlmm-proxymip6, if PMIP-based S5 or S8 is used.
DSMIPv6 Home Agent, as described in draft-ietf-mip6-nemo-v4traversal, if S2c is used.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This Release
▀ ESS Features
ESS Features
This section contains information on features that pertain to the Local-External Storage Server (L-ESS) and Remote
(Long Term)-External Storage Server (R-ESS).
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This Release
GSS Features ▀
GSS Features
This section provides information for new GSS features for Release 9.0
Multiple Instance GSS
Release 9.0 enables support for multiple data streams from one server or a single cluster setup to utilize multiple
instances of GSS with a single installation and multiple databases.
In a cluster setup, there is only one installation per node. During installation, GSS is installed at a fixed location
(/opt/gss_global directory). The initial GSS installation does not create any GSS instance. Once GSS is installed on both
the nodes, the /opt/gss_global/make_gss_instance script utility creates instances as an when needed and validates the
conflicting ports/username across the instances.
For all instances on the node, only one set of binaries and scripts are used. Each instance will have its own configuration
file, log directory, tools directory and separate PostgreSQL database. The alarms and events generated by each instance
are sent to its corresponding chassis. Individual GSS instance can also be stopped, started or switched over. Upgrade is
smooth and will involve minimum down time as possible.
Each GSS instance can be uninstalled separately and will not have any impact on the other instances. Global installation
can be only uninstalled if there are no instances configured or running on the system.
The advantages of this feature include:
Only one installation required for multiple instances
One binary used across all the instances on the node
Upgrading one set of binaries would upgrade all the instances
In cluster mode resource groups, instances can be balanced across the nodes
For more information on the installation, uninstallation and upgrade procedures for multiple GSS instances, refer to
Multiple Instances of GSS section in GSS Installation Management chapter of GSS Installation and Administration
Guide.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This Release
▀ HA Features
HA Features
PPC Packet Processing Card
The PPC supports HA functionality in this release. The PPC has features a quad-core x86 2.5Ghz CPU and 16GB of
RAM. The processor runs a single copy of the operating system. The operating system running on the PPC treats the
dual-core processor as a 2-way multi-processor.
For detailed information about the PPC, refer to the Hardware Installation and Administration Guide.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This Release
inPilot Features ▀
inPilot Features
This section provides information for new inPilot features in Release 9.0.
Exporting Reports to PDF format
The inPilot application now supports exporting reports to PDF file format.
To export a report to PDF format, in the HOME and DPI REPORTS tabs of the inPilot GUI, click the Export to PDF
button. The PDF file is displayed in a new window and can be saved for future reference. If there is no data available for
a report, the Export to PDF button is disabled.
Bulkstat and KPI Reports
The Bulkstat report provides details of the processed bulk statistics from any application (PDSN, GGSN, SGSN, and so
on) on the managed nodes in a timely manner. Users need to be assigned to the Region levels so that when a user logs in
to the inPilot Server, the data can be viewed for all nodes under the parent node. Only the Admin users are assigned to
the top of the tree (root node or NOC node) and have access to the whole network data. The Bulkstat Report can be
viewed for the desired bulkstats by selecting the BULKSTAT tab.
The KPI report provides details of the KPIs for each selected schema. The KPI Report can be viewed for the desired
KPIs by selecting the KPI tab.
GUI/Console Based Installation
The inPilot application and its components can be installed and uninstalled using one of the following two methods.
Using script based installer
Using GUI/Console based installer
Log File Path
After inPilot upgrade to newer versions, the log files are generated at /starbi/logs/ directory as against the
/starbi/server/logs directory in previous releases.
For more information on the above mentioned features, refer inPilot Installation and Administration Guide and inPilot
OLH.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This Release
▀ LTE/SAE Features
LTE/SAE Features
This section contains information on new 9.0 features that pertain to the PDN Gateway (P-GW), the Mobility
Management Entity (MME) and the Serving Gateway (S-GW) supporting LTE/SAE network services.
P-GW Features
The P-GW is new in Release 9.0.
The P-GW terminates the SGi interface towards the Packet Data Network (PDN). If a UE is accessing multiple PDNs,
there may be more than one P-GW for that UE. The P-GW provides connectivity to the UE to external packet data
networks by being the point of exit and entry of traffic for the UE. A UE may have simultaneous connectivity with more
than one P-GW for accessing multiple PDNs. The P-GW performs policy enforcement, packet filtering for each user,
charging support, lawful interception and packet screening.
The P-GW provides the following basic functions:
Terminates the interface towards the PDN (SGi)
PGW functions for GTP-based S5/S8 include:
per-user packet filtering (e.g.deep packet inspection)
lawful intercept
UE IP address allocation
UL and DL service level charging, gating control, and service level rate enforcement
DL rate enforcement based on AMBR (Aggregate Max Bit Rate) and based on the accumulated MBRs
of the aggregate of SDFs with the same GBR QCI
DHCPv4 and DHCPv6 functions (client, relay and server)
MME in LTE/SAE Networks
The MME is new in Release 9.0.
With this release, Cisco Systems introduced its own Mobility Management Entity (MME) element. MME is a critical
network function for the 4G mobile core network – known as the Evolved Packet Core (EPC). The MME resides in the
EPC control plane and manages session states, authentication, paging, mobility with 3GPP 2G/3G nodes, roaming, and
other bearer management functions.
Benefits
The MME function delivers unrivaled throughput, call transaction rates, and packet processing, along with significant
memory resources.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This Release
LTE/SAE Features ▀
EPC specifications define a simpler, flatter network architecture. Cisco Systems‘ MME can be a standalone element or
integrated with other EPC elements, including the Serving Gateway (SGW), Packet Data Network Gateway (PGW), and
Release 8 Serving GPRS Support Node (SGSN). The MME can also be integrated with 2G/3G elements, such as the
Serving GPRS Support Node (SGSN) and Gateway GPRS Support Node (GGSN). This integration is the key to
mobility and session management interworking between 2G/3G and 4G mobile networks.
By combining multiple functions into a single carrier-class platform, operators can reduce signaling overhead, distribute
session management, and leverage the control and user plane capabilities.
Additionally, co-location of 2G/3G SGSNs with the MME will reduce signaling and context transfer overhead
significantly. This co-location will also be key to 2G/3G and 4G mobility and session management. The advantage of
integrating or collapsing functional elements into one carrier-class node is paramount to the goals of simplifying and
flattening the network while also reducing latency.
Description
The MME resides in the control plane and manages states (attach, detach, idle, RAN mobility), authentication, paging,
mobility with 3GPP 2G/3G nodes (SGSN), roaming, and other bearer management functions.
The following figure displays simplified network views of the MME in an LTE/SAE network with GPRS/UMTS
network as neighboring network.
Figure 9.
MME in LTE/SAE Networks and Interfaces
For more information on this product, refer to the MME Service in LTE/SAE Networks chapter of this guide.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This Release
▀ LTE/SAE Features
License Keys
Requires separate product license key.
S-GW Features
The Serving Gateway routes and forwards data packets from the UE and acts as the mobility anchor during intereNodeB handovers. Signals controlling the data traffic are received on the S-GW from the MME which determines the
S-GW that will best serve the UE for the session. Every UE accessing the EPC is associated with a single S-GW.
For each UE associated with the EPS, there is a single S-GW at any given time providing the following basic functions:
Terminates the interface towards E-UTRAN (S1-U)
Functions for the GTP-based S5/S8 include:
local mobility anchor point for inter-eNodeB handover
mobility anchoring for inter-3GPP mobility (terminating S4 and relaying the traffic between 2G/3G
system and P-GW)
ECM-IDLE mode downlink packet buffering and initiation of network triggered service request
procedure
lawful intercept
packet routing and forwarding
transport level packet marking in the uplink and the downlink (e.g. setting the DiffServ Code Point)
Accounting
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This Release
PDSN Features ▀
PDSN Features
PPC Packet Processing Card
The PPC supports CDMA functionality in this release. The PPC features a quad-core x86 2.5Ghz CPU and 16GB of
RAM. The processor runs a single copy of the operating system. The operating system running on the PPC treats the
dual-core processor as a 2-way multi-processor.
For detailed information about the PPC, refer to the Hardware Installation and Administration Guide.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This Release
▀ Peer-to-Peer Features
Peer-to-Peer Features
This section provides information for new features for in-line Peer-to-Peer support.
Dynamic P2P Signature Updates
P2P traffic detection is tricky because most of the P2P protocol details are proprietary, and the protocol characteristics
change frequently. As these P2P standards are proprietary, there is a tight coupling between the peers too (all the peers
need to understand the protocols). Since P2P detection depends heavily on the known traffic characteristics the detection
can suffer if the P2P protocol changes, if some existing traffic characteristics were not known (new use case scenarios),
if one P2P traffic characteristic matches with another P2P traffic (false positives), and if there are flaws (bugs) in the
detection logic. Whenever such degradation in P2P detection logic is identified, the P2P detection logic must be
enhanced to improve the detection accuracy.
In earlier releases, the P2P detection logic was part of the chassis software load, to continue to detect new traffic
patterns based on the changing traffic characteristics, operators needed to upgrade the complete software with the
updated detection logic.
This release supports dynamic upgrades of the P2P detection logic (signatures) alone on an active chassis without
warranting a full software upgrade, and hence without a software restart or reboot. This is implemented through
signature files.
Important: This release supports dynamic signature upgrades for the following P2P protocols:
Bittorrent, DirectConnect, eDonkey, Gnutella, Skype, Yahoo.
P2P Protocols Detection Support
With release 9.0, the system supports detection of the following P2P protocols:
GTalk
Voice
Non-voice
ooVoo
With release 9.0, the system supports enhanced detection accuracy, for charging purposes, for the following P2P
protocols:
GTalk
Voice
Non-voice
Mute
ooVoo
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This Release
Peer-to-Peer Features ▀
Oscar:
Voice
Non-voice
Pando
QQlive
SopCast
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
New In This Release
▀ SCM Features
SCM Features
This section provides information for new features in Release 9.0 for the Session Control Manager (SCM). Additional
information on these features can be found in the Session Control Manager Overview chapter, in the Session Control
Manager Administration Guide, and in the CLI Reference Guide.
IPv4-IPv6 Interworking
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
New In This Release
SGSN Features ▀
SGSN Features
PSC2 - Packet Services Card 2
The SGSN now supports the Packet Services Card 2 (PSC2), the next-generation packet forwarding card for the ASR
5000. The PSC2 provides increased aggregate throughput and performance, and a higher number of subscriber sessions.
For more information about this card, refer to the ASR 5000 Hardware Installation and Administration Guide.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Chapter 1
Cisco® ASR 5000 Platforms Introduction
Designed exclusively for the wireless industry, the Cisco® ASR 5000 Chassis provides an ultra-high density solution
for deployment in wireless carrier and operator environments.
The ASR 5000 is a high-performance, carrier-grade platform that offers industry-leading wireless data capacity while
enabling numerous integrated applications for additional revenue generation.
Large, high-demand multimedia applications require an ever increasing amount of processing power and memory. The
ASR 5000 has been designed to address these needs and provide a scalable platform to meet the needs of future fourth
generation (4G) networks.
Figure 10.
The Cisco® ASR 5000
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Cisco® ASR 5000 Platforms Introduction
▀ Characteristics of the System
Characteristics of the System
This section provides an overview of some of the key characteristics of the system. Detailed information for these
characteristics is provided in subsequent chapters of this guide.
Carrier-grade Hardware Design
NEBS Level 3 Compliant components
UL certified
Five 9s availability
Local alarming and alarm cut-off capabilities
High availability design (less than 4.35 minutes of downtime per year)
Redundancy
1:1 Switch Processor Card (SPC)/System Management Card (SMC) redundancy
1:n Packet Services Cards (PSC/PSC2) redundancy - allowing redundancy of multiple active to multiple
redundant for up to 14 total packet processing cards
Important: 1:1 redundancy is supported for these cards however some subscriber sessions and
accounting information may be lost in the event of a hardware or software failure even though the
system remains operational.
1:1 card-level redundancy for Switch Processor Input/Output (SPIO), and all types of line cards
1:1 port-level redundancy for SPIO and all types of line cards
Integrated hardware and software redundancy with automatic failover features
Optional session recovery support for the following call types:
- WiMAX ASN GW services supporting simple IP, Mobile IP, and Proxy Mobile IP
- PDSN services supporting simple IP, Mobile IP, and Proxy Mobile IP
- HA services supporting Mobile IP and/or Proxy Mobile IP session types with or without per-user Layer 3
tunnels
- GGSN services for IPv4 and PPP PDP contexts
- MME services for LTE/SAE networks and 3G services
- LNS session types
Optional Interchassis Session Recovery
Hot swappable cards, allowing dynamic card replacement while the system is operational
Load sharing, hot swappable - 48VDC power filters with redundant power circuitry throughout
High Capacity Design
Self-healing 320 Gbps packet-based Switch Fabric
System Management Bus
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Cisco® ASR 5000 Platforms Introduction
Characteristics of the System ▀
32 Gbps Control Bus
140 Gbps Redundancy Bus
Operating System
Linux™-based
Application hosting capabilities
Modular, distributed processing
Robust development environment
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Cisco® ASR 5000 Platforms Introduction
▀ Features and Benefits
Features and Benefits
Some of the benefits found in deploying the system include.
Table 1. Features and Benefits of the System
Feature
Benefit
Mobility Management Entity
(MME) service support in
LTE/SAE networks
Delivers unrivaled throughput, call transaction rates, and packet processing, along with
significant memory resources.Provides UE state management (attach, detach, idle, RAN
mobility), authentication, paging, mobility with 3GPP 2G/3G nodes (SGSN), roaming, and
other bearer management functions. Also provides Integration of multiple core network
functions.High transaction rates for attaches, activations, TAUs, handoffs, and paging along
with congestion management, load sharing, and MME pooling.MME provides intelligent
signaling heuristics to maximize performance and self Optimizing Network (SON)
capabilities to the radio and packet core network. It also provides dynamic optimization of
network topology based on usage patterns to reduce latency and backhaul costs.Circuit
Switch (CS) Fallback for voice traffic
Mobile data service support for
WiMAX networks
Provides WiMAX ASN GW, WiMAX Foreign Agent (FA), and WiMAX Home Agent (HA)
services within a single chassis, or as distributed network functions supporting both Simple
and Mobile IP.Provides WiMAX ASN Paging Controller and Location Registry (ASN
PC/LR) services within a single chassis, or co-located as distributed network functions
supporting paging procedures for idle mode entry and exit and location update.Provides
multiple host support behind a WiMAX Customer Premise Equipment (CPE) through one
primary airlink sessionProvides optional base station monitoring feature to monitor base
stations attached to it.
Wireless data service support for
3G CDMA2000 and
GPRS/UMTS and for 2.5G/3G
GPRS/UTMS networks
Provides Packet Data Service Node (PDSN), Foreign Agent (FA), and Home Agent
(HA) services within a single chassis, or as distributed network functions supporting
both Simple and Mobile IP.
Provides Gateway GPRS Support Node (GGSN), Foreign Agent (FA), and Home
Agent (HA) services within a single chassis, or as distributed network functions
supporting basic data and Mobile IP functionality.
Provides Serving GPRS Support Node (SGSN) and Gateway GPRS Support Node
(GGSN) services within a single chassis, or as distributed network functions
supporting both the control and data planes.
Wireless data service support for
Femto (UMTS/CDMA)
subscriber in 3G UTMS networks
Provides Home-NodeB Gateway (HNB-GW) service for Femto access network user
to connect voice and IP data traffic with CS/PS core network.
It supports multiple services on a single chassis or as distributed network functions
supporting enhanced voice and IP data functionality.
Proxy Mobile IP
Provides a mobility solution for subscriber‘s with Mobile Nodes (MNs) that do not
implement the Mobile IP protocol stack.
Full Handover Support
Compliance with 3GPP procedures for Mobility Management, Location Management, and
Session Management ensure high volume, load-balancing, and successful handover.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Cisco® ASR 5000 Platforms Introduction
Features and Benefits ▀
Feature
Benefit
Direct Tunneling
Reduces latency by creating GTP-U tunnel for data transport between the RNC and the
GGSN while optimizing SGSN usage for control plane processing and user plane
functionality for cases such as roaming and lawful intercept.
L2TP Tunneling
Layer 2 Tunneling Protocol (L2TP) support encapsulates data packets between an L2TP
Access Concentrator (LAC) and an L2TP Network Server (LNS) to create a Virtual Private
Network (VPN).The system can be configured as either an LAC or LNS in support of
L2TP.LAC is an optional licensed feature.
Lawful Intercept (optional
licensed feature)
Provides Telecommunication Service Providers (TSPs) with a mechanism to assist Law
Enforcement Agencies (LEAs) in the monitoring of suspicious individuals (referred to as
targets) for potential criminal activity.
IPSEC
Secure VPN Connectivity for the enterprise.Secure L2TP and mobile IP tunneling.System
architecture provides IPSEC implementation with no performance degradation.Encryption
Daughter Card (EDC) availability for hardware-based encryption.
OSPF Routing
Provides optional OSPFv2 routing with NSSA support.
BGP-4 Routing
Provides optional BGP-4 routing.
Flow-based Traffic Policing
(optional licensed feature)
Provides the traffic policing to control session flow on a flow classification basis.Provides the
QoS to control session flow on a flow classification basis.
Traffic Policing and Shaping
(optional licensed feature)
Provides the ability to limit network bandwidth on a per subscriber basis.Provides the ability
to buffer packets which exceeds the allowed limit and transmit them once the traffic flow
comes below the exceed limit.
Dynamic QoS Renegotiation
(ECS support required)
Provides the ability to manage the risk of bandwidth mis-appropriation. This feature allows
the Enhanced Charging Service (ECS) to analyze application traffic, and triggers QoS
renegotiation with the AGW to optimize service performance.It provides Network Controlled
QoS (NCQoS) and traffic class-based QoS renegotiation support.
GTPP Server Group support
Provides more than one list of GTPP servers through GTPP server group feature at
context level for GTPP accounting functionality
Provides GTPP accounting functionality to individual subscriber through APN
Session Redirection (―hotlining‖)
(optional licensed feature)
Provides the ability to redirect subscriber traffic to an external server through the application
of Access Control List (ACL) rules.Relies on the Change of Authorization (CoA) feature for
the dynamic redirection of subscriber IP datagrams.
PDSN RAN Optimization
Provides session redirection based on sessions having a specific MSID or received from
specific PCF zones.
Change of Authorization (CoA)
and Packet of Disconnect
RADIUS message support
Allows system contexts to listen for and act upon CoA and/or disconnect messages from a
RADIUS server.CoA messages enable the dynamic changing of subscriber
attributesDisconnect Messages (DMs) allow the termination of subscriber sessions from a
particular RADIUS serverCoA is supported for use with PDSN.
RADIUS Server Group support
(optional licensed feature)
Provides more than one list of AAA servers through RADIUS server group feature at context
level for AAA functionalityProvides AAA functionality to individual subscriber through
realm (domain) APN
Adjunct Compression Server
Reduces network complexity and capital expenditure.Application based compression that
helps conserve radio bandwidth resources.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Cisco® ASR 5000 Platforms Introduction
▀ Features and Benefits
Feature
Benefit
802.1Q VLAN Tagging (optional
licensed feature)
Provides layer 2 VPN connectivity.Simplified network configuration.Allows overlapping IP
addresses within the same context.
Prepaid (optional licensed
feature)
Provides subscriber billing based on data volume or session time.Mid-session account
balance updates.
Robust Header Compression
Provides Robust Header Compression (ROHC) support for IP packets.
HA Proxy DNS Intercept
Provides a solution for unreachable (fire-walled) DNS servers in visited networks.
―In-Line‖ data services capability
(optional licensed feature)
Allows for deep packet inspection to support enhanced/advanced billing techniquesImproved
subscriber awareness to more quickly identify usage trends and tailor content to subscriber's
patternsIncreased revenue opportunities through application of new services with no or
minimal processing degradation
Carrier-grade design
Ensures maximum level of reliability and service availabilityAllows for installation and/or
co-location in central office facilities
Multiple context support
Allows operator to support multiple enterprise and home networks from a single
systemAllows operators to assign duplicate/overlapping IP address ranges in different
contexts
Multimedia Broadcast and
Multicast Service (MBMS)
Provides a solution for transferring light video and audio clips and also a suitable method for
mass communications to operator.It eliminates unnecessary replication of data on UMTS
wireless networks by transmitting a single stream of data to multiple users.
Integrated ―control node‖
function
Eliminates processing bottlenecksIntelligently distributes processing across multiple system
processors for increased throughput
Session Recovery (optional
licensed feature)
Recovers all fully established sessions upon single hardware or software failure for the
following call types:
ASN GW services supporting simple IP, Mobile IP, and Proxy Mobile IP
PDSN services supporting simple IP, Mobile IP, and Proxy Mobile IP
Closed RP PDSN services supporting simple IP, Mobile IP, and Proxy Mobile IP
HA services supporting Mobile IP and/or Proxy Mobile IP session types with or
without per-user Layer 3 tunnels
GGSN services for IPv4 and PPP PDP contextsLNS session types
Restores data and control packet state information, subscriber data statistics,
subscriber idle time and other timer-related data
Provides an in-service recovery mechanism to increase system availability and
overall fault tolerance without significant interruption of subscriber services and
without loss of accounting information.
MIP NAT Traversal (optional
licensed feature)
This feature allows the HA to set up a UDP tunnel for an MN that is behind a NAT device.
IMS Authorization Service and
Gx interface support (optional
licensed feature)
Provides Gx and Gy interface support to implement IMS authorization in GPRS/UMTS
network. described in 3GPP Release 6 and 7.Provide sufficient, uninterrupted, consistent, and
seamless user experience to a roaming IMS subscriber for an application along with dynamic
charging functionality for the particular IMS application used.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Cisco® ASR 5000 Platforms Introduction
Features and Benefits ▀
Feature
Benefit
IMS Authorization Service and
Ty interface support (optional
licensed feature)
Provides Ty interface support for roaming IMS subscriber to implement IMS authorization in
CDMA2000 network as described in 3GPP2 standards.Provide sufficient, uninterrupted,
consistent, and seamless user experience to a roaming IMS subscriber for an application
along with dynamic charging functionality for the particular IMS application used.
IP Services Gateway (optional
licensed product)
Provides legacy access gateways (GGSNs, PDSNs, HAs, etc.) that are not service capable, to
provide managed services such as enhanced charging, stateful firewalls, traffic performance
optimization, and others.
Integrated Session Control
Manager (SCM) Functionality
The SCM provides an easy on-ramp to deploying Session Initiation Protocol (SIP)-based
services and a future-proof migration path to the IP Multimedia Subsystem/Multimedia
Domain (IMS/MMD) architectures.The SCM consists of an IETF-compliant SIP
Proxy/Registrar, a 3GPP/3GPP2-compliant Proxy Call Session Control Function (P-CSCF),
and a Policy Agent (PA).
PCF/BS Monitoring
Provides PDSN service to monitor PCFs attached to it.Provides ASN BS monitoring facility
to AS NGW service attached to it.
Linux-based operating system
Ensures compatibility with leading applicationsAllows for integration of third-party
applications into system to host ―in-line‖ services
Integrated data aggregation
features
Delivers wire speed transport throughout systemEliminates need to add external routing
devices to move from high-speed to low-speed links
Future-proof design
Robust hardware platform allows for easy migration to next-generation data services using
the same chassisScalable hardware and software components allow you to cost effectively
add capacity as your subscriber-base increases
Web-based element management
Reduces operational complexityImproves overall system management accuracy and
securityAllows for remote monitoring and configuration, using SNMPv1 and
CORBAProvides security for management data using Secure Sockets Layer (SSL)
encryptionAllows for seamless integration with external network, service, and business layer
management applications through CORBA interface
Application Programming
Interface for management
Allows for internal development of custom management applicationsAllows integration with
new or existing service management applicationsUses industry standard Interface Definition
Language (IDL) as API for integration
Intelligent Packet Monitoring
System (IPMS)
Provides more detailed network performance information on control events and measures call
success and protocolsVerifies accuracy of accounting records and analyzes set up failure
causesIdentifies network faults and counts number of affected users when manager/line
card/port fails and debugs connection issuesComprehensive query tool to simplify searches
across multiple access gateways and ability to diagnose the calls based on disconnect reasons
Command Line Interface
Designed for intuitive use by experienced network administratorsCLI commands are
designed to be conducive to scripting, allowing operators to easily issue commands using
EXPECT scripts and interactive applications written in Tcl/TkHelps operators securely
configure, upgrade, monitor, and set system triggers from remote locations, supporting Telnet
and Secure Shell (SSH) protocolsRemote management features help manage and deploy large
scale, carrier-class, highly available and very manageable, easily monitored networkContextsensitive Help for all commands, keywords, and variables
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Chapter 2
Product, Service and Feature Licenses
This chapter provides information regarding Cisco Systems‘ licensed products, services, and features. The following
sections are included:
Supported Product_License Quick Reference
Session Use and Feature Use Licenses
Default Licenses
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Product, Service and Feature Licenses
▀ Supported Product/License Quick Reference
Supported Product/License Quick Reference
The following table provides a quick reference list of supported products and license name of services and features for
the ASR 5000 platforms XT2 platform.
Table 2. Supported Products and Licenses
Inline Service/Feature Name
Product
License Name(s)
BCMCS
PDSN
Broadcast & Multicast Services
CoA, RADIUS DM, and Session Redirection (Hotlining)
PDSN
GGSN
IPSG
ASN GW
HA
Dynamic Radius extensions (CoA and
PoD)
Content Filtering ICAP Interface Support
GGSN
Content Filtering ICAP Interface
Dynamic QoS Renegotiation (Traffic Class-based QoS and Network
Controlled QoS)
GGSN
GGSN Dynamic QoS Renegotiation
Dynamic Mobile IP Key Update (DMU)
PDSN
Dynamic Mobile IP Key Update
Enhanced Content Charging
PDSN
HA
ASN GW
GGSN
Enhanced Charging Bundle 1
Enhanced Content Charging
GGSN
Enhanced Charging Bundle 2
Gx Interface Support
GGSN
IPSG
Dynamic Policy Interface
HA DNS Intercept Proxy
HA
HA DNS Intercept Proxy
Integrated Content Filtering
PDSN
HA
GGSN
Integrated Content Filtering
Intelligent Traffic Control (ITC)
ASN GW
PDSN
HA
Intelligent Traffic control
Interchassis Session Recovery
GGSN
SCM
HA
Inter-Chassis Session Recovery
IP Header Compression
HSGW
PDSN
Robust Header Compression
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Product, Service and Feature Licenses
Supported Product/License Quick Reference ▀
Inline Service/Feature Name
Product
License Name(s)
IP Security
ASN GW
GGSN
HA
HSGW
IPSG
PDSN
PDIF
P-GW
SCM
S-GW
IPSec
Lawful Intercept
PDSN
GGSN
ASN GW
HA
PDIF
LNS
SGSN
Lawful Intercept/Enhanced Lawful
Intercept
L2TP Access Concentrator
PDSN
GGSN
IPSG
ASN GW
L2TP LAC
L2TP Network Server
PDSN/LNS
GGSN/LNS
L2TP LNS
MIP NAT Traversal
HA
MIP NAT Traversal
Multi Protocol Label Switching (MPLS)
GGSN
MPLS
Multimedia Broadcast and Multicast Service
GGSN
MBMS
MSID and PCF Zone Based Call Redirection
HA
PDSN RAN Optimization, Bundle 1
Peer to Peer Detection
PDSN
HA
GGSN
ASNGW
Peer to Peer Detection
Traffic Policing and Shaping
ASN GW
GGSN
HA
HSGW
PDSN
P-GW
SCM
S-GW
Per Subscriber Traffic Policing/Shaping
PDSN Closed RP
PDSN
PDSN Closed RP
PCF Monitoring
PDSN
PCF/BS Monitoring
Per Subscriber Stateful Firewall
PDSN
HA
GGSN
Per Subscriber Stateful Firewall
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Product, Service and Feature Licenses
▀ Supported Product/License Quick Reference
Inline Service/Feature Name
Product
License Name(s)
Pre-paid Billing
PDSN
HA
Prepaid Accounting/IS-835C Prepaid
Bundle
Proxy-Mobile IP
PDSN/FA
GGSN/FA
IPSG
ASN
GW/FA
PDIF
Proxy MIP
Remote Address-based RADIUS Accounting
PDSN
GGSN
IPSG
ASN GW
PDIF
HA
Destination Based Accounting
Session Recovery
PDSN
GGSN
SGSN
IPSG
ASN GW
SCM
PDIF
HA
Session Recovery
Ty Interface Support
PDSN
HA
Dynamic Policy Interface
VLANs
ASN GW
GGSN
HA
HSGW
IPSG
PDIF
PDSN
P-GW
SCM
SGSN
S-GW
Layer 2 Traffic Management
WiMAX Paging Controller
ASN GW
WiMAX Paging Controller/Location
Register
PHS Paging Controller
PHS GW
PHS Paging Controller
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Product, Service and Feature Licenses
Session Use and Feature Use Licenses ▀
Session Use and Feature Use Licenses
Session use and feature use licenses are software mechanisms used to provide session limit controls and enable special
features within the system. These electronic licenses are stored in the system's configuration file that is loaded as part of
the system software each time the system is powered on or restarted.
Session Use Licenses
Session use licenses limit the number of concurrent sessions that a system is capable of supporting per service type and
are acquired on an as needed basis. This allows carriers to pay only for what they are using and easily increase capacity
as their subscriber base grows. Session use licenses are available for the following services:
Packet Data Service Node (PDSN) (Includes RADIUS AAA Server Groups)
Home Agent (HA) (Includes RADIUS AAA Server Groups)
HA license for GGSN (Includes RADIUS AAA Server Groups and MIP NAT Traversal)
Gateway GPRS Support Node (GGSN) (Includes RADIUS AAA Server Groups)
HRPD Serving Gateway (HSGW) (Includes Dynamic Policy Interface, Session Recovery, IPv6, Intelligent
Traffic Control, and Enhanced Charging Bundle 2)
PDN Gateway (P-GW) (Includes Dynamic Policy Interface, Lawful Intercept, Session Recovery, RADIUS AAA
Server Groups, IPv6, Intelligent Traffic Control, and Enhanced Charging Bundle 2)
Serving Gateway (S-GW) (Includes Dynamic Policy Interface, Lawful Intercept, Session Recovery, Proxy MIP,
and IPv6)
Mobility Management Entity (MME) (Includes Session Recovery, and Enhanced Lawful Intercept)
L2TP Network Server (LNS)
EV-DO Rev A PDSN (Includes FA, RADIUS AAA Server Groups, and PDSN RAN Optimization, Bundle 1)
EV-DO Rev A / PDSN [UPGRADE] 1k Sessions or 10k Sessions (UPGRADE: Will convert PDSN into EV-DO
Rev A / PDSN)
Enhanced Charging Service (ECS):
Enhanced Charging Bundle 1 1k Sessions
Enhanced Charging Bundle 2 1k Sessions (Includes Diameter and DCCA functionality with ECS)
Peer-to-Peer Detection Bundle 1k Sessions
IP Services Gateway
PDIF-Service (Includes IPSec, FA, and RADIUS AAA Server Groups)
Access Service Network Gateway (ASN GW) (Includes FA, DHCP, Proxy MIP and RADIUS AAA Server
Groups)
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Product, Service and Feature Licenses
▀ Session Use and Feature Use Licenses
Feature Use Licenses
Feature use licenses enable certain features/functionality within the system and are distributed based on the total number
of sessions supported by the system. Licenses are available for each of the following features:
L2TP Access Concentrator (LAC) PDSN/HA/GGSN/ASN GW
Prepaid Accounting (Requires PDSN, HA, EV-DO Rev A / PDSN, and/or ASN GW)
Destination Based Accounting
Session Recovery
PCF/BS Monitoring
Layer 2 Traffic Management (VLAN)
DHCP
IPv6 (this is enabled by default)
Lawful Intercept
Enhanced Lawful Intercept
In-line services usage
Dynamic Mobile IP Key Update
Per Subscriber Traffic Policing/Shaping
GGSN Dynamic QoS Renegotiation
Inter-chassis Session Recovery
Dynamic QoS Traffic Policing
RADIUS AAA Server Groups (Always On)
RP Flow Control
User Layer 3 Tunneling
HA DNS Intercept Proxy
IP Security (IPSec)
Proxy Mobile IP
Mobile Enterprise Security Bundle (Includes IPSec, L2TP LAC PDSN, L2TP LAC HA)
MPLS
Dynamic Radius extensions (CoA and PoD)
Dynamic Mobile IP Key Update
SIP Application Serve
External Service Steering
3GPP2 Always-On RP Extensions
Robust Header Compression (ROHC)
MIP NAT Traversal
IS-835C Prepaid Bundle (Includes Change of Authorization, Destination Based Accounting, and Prepaid
Accounting)
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Product, Service and Feature Licenses
Session Use and Feature Use Licenses ▀
Intelligent Traffic Control
PDSN RAN Optimization Bundle (Includes PCF Monitoring)
IPv4 Routing Protocols
Foreign Agent (FA)
Voice Media Gateway
RADIUS AAA Server Groups
RP Flow Control
User Layer3 Tunneling
PPP Fast Setup
Diameter Closed-Loop Charging Interface
Dynamic Policy Interface (Includes DIAMETER Closed-Loop Charging Interface)
Content Filtering ICAP Interface (Requires Enhanced Charging Bundle 1 or Enhanced Charging Bundle 2)
Secure Combo Phone Bundle (Includes IPSEC, IPSEC NAT Traversal)
Simple IP Fallback
MAC Address Authorization and Sh Interface
IKEv2 including Multi-Authentication
Diameter EAP
Each license is associated with both SPC/SMC cards in a redundant SPC configuration ensuring correct support for the
system in case of an SPC/SMC failover. This license is unique to each system and its respective SPC/SMC-based
CompactFlash cards. Session use licenses can be upgraded remotely to increase system session capacity as new
PAC/PSC cards are added.
Important: In the event that an SPC/SMC requires replacement, you will need to remove the CompactFlash card
from the SPC/SMC being replaced and install it onto the replacement SPC/SMC. Failure to exchange the CompactFlash
card on the SPC/SMC will cause the session license to not match both SPCs/SMCs. The system will recognize that one
of the SPCs match, and the session use license for the system would still be valid. However, unmatched keys would
result in a loss of redundancy for all license-enabled session use and features should the remaining SPC/SMC that
possesses the correctly matched license fail.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Product, Service and Feature Licenses
▀ Default Licenses
Default Licenses
If a system boots with no license key installed, or an invalid license key is specified in the configuration file, a set of
default limited session use and feature licenses is installed. The following Exec Mode command lists the license
information;
The following shows the license information for a system with no license key installed. Notice that the session use
licenses for PDSN, HA, GGSN, and L2TP LNS are limited to 10,000 sessions.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Product, Service and Feature Licenses
Default Licenses ▀
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Chapter 3
ST16 Hardware Platform Overview
This chapter provides information on the hardware components that comprise the ST16 platform.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ST16 Hardware Platform Overview
▀ Chassis Configurations
Chassis Configurations
The system is designed to scale from a minimum configuration as listed in the table below to a fully-loaded redundant
configuration containing a maximum of 48 cards.
Important: If Session Recovery is enabled, the minimum number of Packet Accelerator Cards (PACs) per
chassis increases from one to four cards. Three PACs are active and one PAC is standby (redundant). This minimal
configuration is designed to protect against software failures only. In addition to increased hardware requirements,
Session Recovery may reduce subscriber session capacity, performance, and data throughput.
Table 3. ST16 Chassis Hardware Configuration
Component
Supported Starent
Product
Minimum per
Chassis
Minimum for Redundant
Chassis Configuration
Maximum per
Chassis
Switch Processor Card (SPC)
1
2
2
Packet Accelerator Card (PAC)
(Data application card)
1
2*
14
Switch Processor I/O (SPIO) Card
1
2
2
Redundancy Crossbar Card (RCC)
0
2
2
Power Filter Unit (PFU)
2
2
2
Upper Fan Tray Assembly
1
1
1
Lower Fan Tray Assembly
1
1
1
Line Cards
Fast Ethernet (10/100) Line Card
(FELC)
All
1
2
28**
Gigabit Ethernet Line Card (GELC)
All
1
2
28**
Notes:
1. These numbers represent the minimum number of components with no redundancy.
2. These numbers represent the minimum number of components with hardware redundancy. Additional components
are required if Session Recovery is to be supported.
*1:1 redundancy is supported for these cards however some subscriber sessions and accounting information may be lost
in the event of a hardware or software failure even though the system remains operational.
**The physical maximum number of line cards you can install is 28; however, redundant configurations may use fewer
than the physical maximum number of line cards since they are not required behind standby PACs.
This diagram shows exploded views of the front and rear chassis components. They are described in the table that
follows:
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ST16 Hardware Platform Overview
Chassis Configurations ▀
Figure 11.
Chassis Components (front and rear views)
../../../GRAPHICS/Production/ST-series_Hardware/chassis_frnt_back_explodedv3.wmf
Table 4. Chassis and Sub-component Identification Key
Item
Description
1
Chassis: Supports 16 front-loading slots for application cards and 32 rear-loading slots for line cards.The chassis ships with
blanking panels over every slot except the following: 1, 8, 17, and 24. These are intentionally left uncovered for initial
installation of application and line cards.Refer to the ST16 Chassis Descriptions section for additional information.
2
Mounting brackets: Support installation in a standard 19-inch rack or telecommunications cabinet. Standard and midmount options are supported. In addition, each bracket contains an electro-static discharge jack for use when handling
equipment.Refer to the Mounting Options section for additional information.
3
Upper fan tray: Draws air up through the chassis for cooling and ventilation. It then exhausts air through the vents at the
upper-rear of the chassis.Refer to the Fan Tray Assemblies section for additional information.
4
Upper bezel: Covers the upper fan tray bay.
5
Lower fan tray cover: Secures the lower fan tray assembly in place. The cover also provides an air baffle allowing air to
enter into the chassis.
6
Lower bezel: Covers the lower fan tray bay.
7
Lower fan tray assembly: Draws air through the chassis‘ front and sides for cooling and ventilation. It is equipped with a
particulate air filter to prevent dust and debris from entering the system.Refer to the Fan Tray Assemblies section for
additional information.
8
Power Filter Units (PFUs): Each of the system‘s two PFUs provides -48 VDC power to the chassis and its associated
cards. Each load-sharing PFU operates independently of the other to ensure maximum power feed redundancy.Refer to the
Power Filter Units section for more information.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ST16 Hardware Platform Overview
▀ ST16 Chassis Descriptions
ST16 Chassis Descriptions
Slot Numbering
ST16 chassis features a 48-slot design with 16 front-loading slots for application cards and 32 rear-loading slots (16
upper and 16 lower) for line cards.
Figure 12. Front Slot Numbering Scheme for Application Cards
../../../GRAPHICS/Production/ST-series_Hardware/2D_chassis_front.wmf
The rear of the chassis features a half-slot design that supports up to 32 line cards:
Figure 13.
Rear Slot Numbering Scheme for Line Cards
../../../GRAPHICS/Production/ST-series_Hardware/2D_Chassis_Back.wmf
The following table shows the front slot numbers and their corresponding rear slot numbers.
Table 5. Front and Rear Slot Numbering Relationship
Position
Slot Number
Front
16
15
14
13
12
11
10
9
8
7
6
5
4
3
2
1
Rear Top Slots
32
31
30
29
28
27
26
25
24
23
22
21
20
19
18
17
Rear Bottom
Slots
48
47
46
45
44
43
42
41
40
39
38
37
36
35
34
33
Rear Slot Numbering for Line Cards
Rear-installed line cards must be installed directly behind their respective front-loaded application card. For example, an
application card in Slot 1 must have a corresponding line card in Slot 17. The redundant line card for this configuration
would be placed in Slot 33. This establishes a directly mapped communication path through the chassis midplane
between the application and line cards.
To help identify which rear slot corresponds with the front-loaded application card, note that the upper rear slot numbers
are equal to the slot number of the front-loaded card plus 16. For example, to insert a line card to support an application
card installed in slot 1, add 16 to the slot number of the front-loaded application card (Slot 1 + 16 slots = Slot 17). Slot
17 is the upper right-most slot on the rear of the chassis, directly behind Slot 1.
For lower rear slot numbers, add 32. Again, a redundant line card for an application card in Slot 1 would be (Slot 1 + 32
= Slot 33). Slot 33 is the lower right-most slot on the rear of the chassis, also behind Slot 1.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ST16 Hardware Platform Overview
ST16 Chassis Descriptions ▀
Mounting Options
The chassis is designed for installation in a standard 19-inch wide (48.26 cm) equipment rack. Additional rack hardware
(such as extension brackets) may be used to install the chassis in a standard 23-inch (58.42 cm) rack. Each chassis is
24.50 inches (62.23 cm) high. This equates to roughly 14 Rack Mount Units (RMUs: 1 RMU = 1.75 in (4.45 cm).
You can mount a maximum of three chassis in a standard 48 RMU (7 feet) equipment rack or telco cabinet provided that
all system cooling and ventilation requirements are met. A fully-loaded rack with three chassis installed has
approximately 5.5 inches (13.97 cm, 3.14 RMUs) of vertical space remaining.
There are two options for mounting the chassis in a standard equipment rack or telecommunications cabinet:
Standard: In this configuration, the flanges of the mounting brackets are flush with the front of the chassis. This
is the default configuration as shipped.
Mid-mount: In this configuration, the flanges of the mounting brackets are recessed from the front of the
chassis. To do this, install the mounting brackets toward the middle of the chassis on either side.
Caution: When planning chassis installation, take care to ensure that equipment rack or
cabinet hardware does not hinder air flow at any of the intake or exhaust vents. Additionally, ensure
that the rack/cabinet hardware, as well as the ambient environment, allow the system to function
within the required limits. For more information, refer to the Environmental Specifications chapter
of this guide.
Midplane Architecture
Separating the front and rear chassis slots is the midplane. The connectors on the midplane provide intra-chassis
communications, power connections, and data transport paths between the various installed cards.
The midplane also contains two separate -48 VDC busses (not shown) that distribute redundant power to each card
within the chassis.
Figure 14.
Midplane/Switch Fabric Architecture
../../../GRAPHICS/Production/ST-series_Hardware/chassis_busses_v4.wmf
Table 6. Midplane and Bus Descriptions
Item
Description
1
Slot number 1 (left-most application card slot)
2
Chassis midplane: provides intra-chassis communications and data transport paths between the various installed cards
3
SPIO cross-connect bus
4
Chassis slot number 16: right-most application card slot
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ST16 Hardware Platform Overview
▀ ST16 Chassis Descriptions
Item
Description
5
Chassis slot number 17: upper right-most line card slot.
6
Chassis slot number 48: lower left-most line card slot
The following sections provide descriptions for each bus:
320 Gbps Switch Fabric
Hosted on the Switch Processor Card (SPC), this IP-based, or packetized, switch fabric provides a transport path for
user data throughout the system. The 320 Gbps switch fabric establishes inter-card communication between the SPC(s)
and other application cards within the chassis, and their respective line cards.
32 Gbps Control Bus
The Control Bus features redundant 32 Gbps Ethernet paths that interconnect all control and management processors
within the system. The bus uses a full-duplex Gigabit Ethernet (GE) switching hierarchy from both SPCs to each of the
14 application card slots in the chassis. Each application card is provisioned with a GE switch to meet its specific needs.
This bus also interconnects the two SPC modules.
System Management Bus
The System Management Bus supports management access to each component within the chassis. It provides a
communication path from each SPC to every card in the system supporting a 1 Mbps transfer rate to each card. This
allows the SPCs to manage several low-level system functions, such as supplying power, monitoring temperature, board
status, pending card removals, and data path errors, and controlling redundant/secondary path switchovers, card resets,
and other failover features. Additionally, the System Management Bus monitors and controls the fan trays, power filter
units, and alarming functions.
280 Gbps Redundancy Bus
The Redundancy Bus consists of multiple, full-duplex serial links providing PAC-to-line card redundancy through the
chassis‘ Redundancy Crossbar Cards (RCCs) as shown below.
Figure 15. Logical View of RCC Links for Failover
../../../GRAPHICS/Production/ST-series_Hardware/RCC_LogicalView_v4.wmf
Each RCC facilitates 28 links:
One link with each of the 14 PAC slots
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ST16 Hardware Platform Overview
ST16 Chassis Descriptions ▀
One with 14 of the 28 line card slots
The RCC in slot 40 supports line card slots 17-23 and 26-32 (upper-rear slots)
The RCC in slot 41 supports line card slots 33-39 and 42-48 (lower-rear slots)
Each serial link facilitates up to 5 Gbps symbol rate, equivalent to 4 Gbps of user data traffic, in each direction.
Therefore, the Redundancy Bus provides 140 Gbps symbol rate (112 Gbps user data) of throughput per RCC, 280 Gbps
symbol rate (224 Gbps user data) total for both.
OC-48 TDM Bus
The system also hosts a dual OC-48 TDM bus consisting of 128 independent TDM paths each consisting of 512 DS0
channels. This bus supports voice services on the system. Higher speed TDM traffic requirements are addressed using
the system‘s data fabric.
SPIO Cross-Connect Bus
To provide redundancy between Switch Processor I/O (SPIO) cards, the system possesses a physical interconnect
between the ports on the SPIOs. This cross-connect allows management traffic or alarm outputs to be migrated from an
active SPIO experiencing a failure to the redundant SPIO.
While it is recommended that an SPIO is installed directly behind its corresponding SPC, this bus allows either SPC to
utilize either SPIO.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ST16 Hardware Platform Overview
▀ Power Filter Units
Power Filter Units
Located at the bottom rear of the chassis are slots for two Power Filter Unit (PFU) assemblies. Each PFU provides DC
power from the Central Office (CO) battery sub-system to the chassis and its associated cards. Each load-sharing PFU
operates independently of the other to ensure maximum power feed redundancy. The maximum input operating voltage
range of the PFU is -40 VDC to -60 VDC; the nominal rage is -48 VDC to -60 VDC.
Important:
In the event that the CO has AC power only, a separate rack mount AC to DC converter is required.
There are two versions of the PFU. The versions are differentiated by the current rating of the circuit breakers: 125 amp
and 165 amp. Older versions of the ST16 chassis use the 125A PFU. Newer versions of the ST16 chassis use the 165A
PFU.
Caution:
125A and 165A PFUs are not interchangeable. Both PFUs installed in chassis must be of
the same type.
The following drawing shows the PFU and its connectors. Refer to the Cabling the Power Filter Units chapter for
information on installing and cabling the PF.
Figure 16.
Power Filter Unit
../../../GRAPHICS/Production/ST-series_Hardware/PFUv2.wmf
Table 7. Power Filter Unit Component Descriptions
Item
Description
1
Plastic terminal cover
2
VDC (-48 VDC input terminals)
3
RTN (voltage return terminals)
4
Power filter unit handle
5
Circuit breaker (On/Off) rated at either 125A or 165A depending on chassis requirements
6
Power LED (See Hardware Installation Guide for details.)
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ST16 Hardware Platform Overview
Fan Tray Assemblies ▀
Fan Tray Assemblies
There are two fan tray assemblies within the chassis. A lower fan tray provides air intake and an upper fan tray exhausts
warmed air from the chassis. Each fan tray is connected to both PFUs to ensure power feed redundancy. Both fan tray
assemblies are variable speed units that are automatically adjusted based on temperature or failover situations.
Thermal sensors monitor temperatures within the chassis. In the event of a fan failure or other temperature-related
condition, the Switch Processor Card/Switch Management Card SPC notifies all operable fans in the system to switch to
high speed and generates an alarm.
Lower Fan Tray
The lower fan tray assembly contains multiple fans and pulls air into the chassis from the lower front and sides of the
chassis. The air is then pushed upward across the various cards and midplane within the chassis to support vertical
convection cooling.
Figure 17.
Lower Fan Tray Assembly
../../../GRAPHICS/Production/ST-series_Hardware/lft_nofilter.wmf
Air Filter Assembly
The chassis supports a replaceable particulate air filter that meets UL 94-HF-1 standards for NEBS-compliant
electronics filtering applications. This filter is mounted at the top of the lower fan tray assembly, providing ingress
filtering to remove contaminants before they enter the system. Temperature sensors measure the temperature at various
points throughout the chassis. The system monitors this information, and if it detects a clogged filter, generates a
maintenance alarm.
Figure 18. Particulate Air Filter
../../../GRAPHICS/Production/ST-series_Hardware/airfilter.wmf
Important: A replacement air filter is shipped with each chassis. It is recommended that a minimum of one
replacement air filter for each deployed chassis be kept on site. This ensures that qualified service personnel can quickly
replace the filter when needed.
Upper Fan Tray
The upper fan tray unit contains multiple fans that exhaust air from the upper rear and sides of the chassis.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ST16 Hardware Platform Overview
▀ Fan Tray Assemblies
Figure 19. Upper Fan Tray Assembly
../../../GRAPHICS/Production/ST-series_Hardware/uft.wmf
Chassis Airflow
Airflow within the chassis is designed per Telcordia recommendations to ensure the proper vertical convection cooling
of the system. Detailed information is located in the Chassis Air Flow section in Environmental Specifications chapter
of this guide.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ST16 Hardware Platform Overview
Application and Line Cards ▀
Application and Line Cards
This section describes the application and line card components that comprise the system.
ST16 Application Cards
The following application cards are currently supported by the system:
Switch Processor Card
The SPC serves as the primary controller for the ST16 hardware platform and is used with Packet Accelerator Cards
(PACs). The SPC initializes the entire system and loads the software‘s configuration image into other cards in the
chassis, as applicable. SPCs are installed in slots 8 and 9. During normal operation, the SPC in slot 8 serves is the
primary card, and the SPC in slot 9 is the secondary card. Each SPC has a specialized central processing unit (CPU) and
1GB of random access memory (RAM).
There are two PC-Card slots on the SPC, each of which accepts ATA Type I or Type II PCMCIA cards, that
accommodate removable PC-Cards for temporary storage. These cards can be used to load and store configuration data,
software updates, buffer accounting information, and store diagnostic or troubleshooting information.
The CompactFlash™ slot on the SPC hosts configuration files, software images, and the session limiting/feature use
keys for the system.
The SPC provides the following major functions:
Non-blocking low-latency inter-card communication
1:1 or 1:N redundancy for hardware and software resources
System management control
Persistent storage via a CompactFlash card and two removable PC-Card/PCMCIA slots for field serviceability
Internal gigabit Ethernet switch fabrics for management and control plane communication
The following table shows the front panel of the SPC and identifies its major components.
Table 8. SPC Callout Descriptions
Item
Description
1
Card Ejector Levers - Use to insert/remove card to/from chassis.
2
Interlock Switch —When pulled downward, the interlock switch notifies the system to safely power down card prior to
removal.
3
Card Level Status LEDs —Show the status of the card. (See Hardware Installation Guide for definitions).
4
System Alarm Speaker —Sounds an audible alarm when specific system failures occur.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ST16 Hardware Platform Overview
▀ Application and Line Cards
Item
Description
5
System Level Status LEDs —Show the status of overall system health and/or maintenance requirements. (See Hardware
Installation Guide for definitions).
6
Alarm Cut-Off (ACO)—Press and release this recessed toggle switch to reset the system alarm speaker and other audible
or visual alarm indicators connected to the CO alarm interface on the SPIO.
7
Dual PC-Card/PCMCIA Slots—Stores or moves software, diagnostics, and other information.
Figure 20.
System Processor Card (SPC)
../../../GRAPHICS/Production/ST-series_Hardware/SPC_callout.wmf
Packet Accelerator Card
The PAC provides the packet processing and forwarding within the ST16 hardware platform and used with Switch
Processor Cards (SPCs). Each PAC can support multiple contexts, which allows you to overlap or assign duplicate IP
address ranges in different contexts. PACs are available with either 4 GB or 8GB of memory.
Important:
All of the PACs in a system must be of the same memory capacity.
Specialized hardware engines are deployed to support parallel distributed processing for compression, classification,
traffic scheduling, forwarding, packet filtering, and statistics.
The PAC is also available with an optional Encryption Daughter Card (EDC). The EDC permits hardware-based IPSec
encryption for faster processing of encrypted data packets.
The PAC uses control processors to perform packet-processing operations, and a dedicated high-speed network
processing unit (NPU). The NPU does the following:
Provides ―Fast-path‖ processing of frames using hardware classifiers to determine each packet‘s processing
requirements
Receives and transmits user data frames to and from various physical interfaces
Performs IP forwarding decisions (both unicast and multicast)
Provides per interface packet filtering, flow insertion, deletion, and modification
Manages traffic and traffic engineering
Passes user data frames to and from PAC CPUs
Modifies, adds, or strips datalink/network layer headers
Recalculates checksums
Maintains statistics
Manages both external line card ports and the internal connections to the data and control fabrics
Each PAC has four control processor (CP) subsystems where the bulk of the packet-based user service processing is
done. On 4GB PACs, each CP subsystem has a high-speed CPU and one gigabyte of local memory. On 8GB PACs,
each CP subsystem has a high-speed CPU and two gigabytes of local memory. A fully configured system, utilizing 14
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ST16 Hardware Platform Overview
Application and Line Cards ▀
4GB PACs, has 56 control processors, each with 1GB RAM (total 56 GB RAM) dedicated to packet processing tasks. A
fully configured system, utilizing 14 8GB PACs, has 56 control processors, each with 2GB RAM (total 112GB RAM)
dedicated to packet processing tasks.
To take advantage of the distributed processing capabilities of the system, you can add additional PACs to the chassis
without their supporting line cards, if desired. This results in increased packet handling and control transaction
processing capabilities. Another advantage is a decrease in CPU utilization when the system performs processorintensive tasks such as encryption or data compression.
Install PACs in chassis slots 1 through 7 and 10 through 16. Each installed PAC can either be allocated as active,
available to the system for session processing, or redundant, a standby component available in the event of a failure.
Caution: 4GB and 8GB PACs are treated as different and distinct components by the system.
Therefore, they cannot serve as active/standby pairs. A 4GB PAC cannot serve as a redundant card for an
8GB PAC and vice versa.
The front panel of the PAC and some of its major components is shown below:
Figure 21.
Packet Accelerator Card (PAC)
../../../GRAPHICS/Production/ST-series_Hardware/PAC_callout.wmf
Table 9. Packet Accelerator Card (PAC) Callout Descriptions
Number
Description
1
Card Ejector Levers - Use to insert/remove card to/from chassis.
2
Interlock Switch - When pulled downward, the interlock switch notifies the system to safely power down card prior to
removal.
3
Card Level Status LEDs - Show the status of the card. (See Hardware Installation Guide for definitions)
Line Cards
The following rear-loaded cards are currently supported by the system:
Switch Processor I/O Card
The Switch Processor I/O (SPIO) card provides connectivity for local and remote management, CO alarming, and BITS
timing input. SPIOs are installed in chassis slots 24 and 25, behind SPCs. During normal operation, the SPIO in slot 24
works with the active SPC in slot 8. The SPIO in slot 25 serves as a redundant component. In the event that the SPC in
slot 8 fails, the redundant SPC in slot 9 becomes active and works with the SPIO in slot 24. If the SPIO in slot 24 should
fail, the redundant SPIO in slot 25 takes over.
The following shows the panel of the SPIO card, its interfaces, and other major components.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ST16 Hardware Platform Overview
▀ Application and Line Cards
Figure 22.
Switch Processor I/O Card
../../../GRAPHICS/Production/ST-series_Hardware/ST-series_SPIO_BNC_callout.wmf
Table 10.
SPIO Callout Definitions
Number
Description
1
Card Ejector Levers—Use to insert/remove card to or from the chassis.
2
Interlock Switch—When pulled downward, the interlock switch notifies the system to safely power down card prior to
removal.
3
Card Level Status LEDs—Show the status of the card. See the Hardware Installation Guide for definitions.
4
Optical Gigabit Ethernet Management LAN Interfaces—Two Small Form-factor Pluggable (SFP) optical Gigabit
Ethernet interfaces to connect optical transceivers.
5
10/100/1000 Mbps Ethernet Management LAN Interfaces—Two RJ-45 interfaces, supporting 10/100 Mbps or 1
Gbps Ethernet.
6
Console Port—RJ-45 interface used for local connectivity to the command line interface (CLI).
7
BITS Timing Interface—Either a BNC interface or 3-pin wire wrap connector. Used for application services that use
either the optical or channelized line cards.This interface is not used for systems supporting data services.
8
CO Alarm Interface—Dry contact relay switches, allowing connectivity to central office, rack, or cabinet alarms. See
the Hardware Installation Guide for more information.
Management LAN Interfaces
SPIO management LAN interfaces connect the system to the carrier‘s management network and subsequent
applications, normally located remotely in a Network Operations Center (NOC). You can use the RJ-45 10/100/1000
Mbps Ethernet interfaces or optical SFP Gigabit Ethernet interfaces.
When using the RJ-45 interfaces, CAT5 shielded twisted pair cabling is recommended.
Important: Use shielded cabling whenever possible to further protect the chassis and its installed
components from ESD or other transient voltage damage.
Table 11.
SFP Interface Supported Cable Types
Module
Type
Card
Identification
Interface Type
Cable Specifications
1000BaseSX
Ethernet
1000 SX
Fiber, LC
duplex female
connector
Fiber Type: Multi-mode fiber (MMF), 850 nm wavelengthCore Size
(microns)/Range:62.5/902.23 feet (275 meters)50/1640.42 feet (500
meters)Minimum Tx Power: -9.5 dBmRx Sensitivity: -17 dBmPlease read all the
notices and warnings for Class 1 Laser devices following this table before handling
this component.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ST16 Hardware Platform Overview
Application and Line Cards ▀
Console Port
The console uses an RS-232 serial communications port to provide local management access to the command line
interface (CLI). A 9-pin-to-RJ-45 console cable is supplied with each SPIO card. The console cable must provide
carrier-detect when attached in a null modem configuration.
Should connection to a terminal server or other device requiring a 25-pin D-subminiature connector be required, a
specialized cable can be constructed to support DB-25 to RJ-45 connectivity. Refer to the Technical Specifications
chapter later in this document for the pin-outs for this cable. The baud rate for this interface is configurable between
9600 bps and 115,200 bps (default is 9600 bps).
For detailed information on using the console port, see the Hardware Installation Guide.
BITS Timing
A Building Integrated Timing Supply (BITS) module is available on two versions of the SPIO: one supports a BITS
BNC interface and the other a BITS 3-pin interface. If your system uses the optical and/or channelized line cards (for
SDH/SONET), you can configure it to have the SPIO‘s BITS module provide the transmit timing source, compliant
with Stratum 3 requirements, for all the line cards in the chassis.
Central Office Alarm Interface
The CO alarm interface is a 10-pin connector for up to three dry-contact relay switches to trigger external alarms, such
as lights, sirens or horns, for bay, rack, or CO premise alarm situations. The three Normally Closed alarm relays can be
wired to support Normally Open or Normally Closed devices, indicating minor, major, and critical alarms. Pin-outs and
a sample wiring diagram for this interface are shown in Technical Specifications chapter, later in this guide.
A CO alarm cable is shipped with the product so you can connect the CO Alarm interfaces on the SPIO card to your
alarming devices. The ―Y‖ cable design ensures CO alarm redundancy by connecting to both primary and secondary
SPIO cards.
Redundancy Crossbar Card
The RCC uses 5 Gbps serial links to ensure connectivity between rear-mounted line cards and every non-SPC frontloaded application card slot in the system. This creates a high availability architecture that minimizes data loss and
ensures session integrity. If a PAC were to experience a failure, IP traffic would be redirected to and from the LC to the
redundant PAC in another slot. Each RCC connects up to 14 line cards and 14 PACs for a total of 28 bi-directional links
or 56 serial 2.5 Gbps bi-directional serial paths.
The RCC provides each PAC with a full-duplex 5 Gbps link to 14 (of the maximum 28) line cards placed in the chassis.
This means that each RCC is effectively a 70 Gbps full-duplex crossbar fabric, giving the two RCC configuration (for
maximum failover protection) a 140 Gbps full-duplex redundancy capability.
The RCC located in slot 40 supports line cards in slots 17 through 23 and 26 through 32 (upper rear slots). The RCC in
slot 41 supports line cards in slots 33 through 39 and 42 through 48 (lower rear slots):
Figure 23.
Redundancy Crossbar Card
../../../GRAPHICS/Production/ST-series_Hardware/ST-series_RCC_callout.wmf
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ST16 Hardware Platform Overview
▀ Application and Line Cards
Table 12.
RCC Callout Definitions
Number
Description
1
Card Ejector Levers—Use to insert/remove a card to and from the chassis.
2
Interlock Switch—When pulled downward, the interlock switch notifies the system to safely power down card prior to
removal.
3
Card Level Status LEDs—Show the status of the card. (See Hardware Installation Guide for definitions).
Ethernet 10/100 Line Card
The Ethernet 10/100 line card, commonly referred to as the Fast Ethernet Line Card (FELC), is installed directly behind
its respective PAC, providing network connectivity to the RAN interface and the packet data network. Each card has
eight RJ-45 interfaces, numbered top to bottom from 1 to 8. Each of these IEEE 802.3-compliant interfaces supports
auto-sensing 10/100 Mbps Ethernet. Allowable cabling includes:
100Base-Tx - full or half duplex Ethernet on CAT 5 shielded twisted pair (STP) or unshielded twisted pair (UTP) cable
10Base-T - full or half duplex Ethernet on CAT 3, 4, or 5 STP or UTP cable
Important: Use shielded cabling whenever possible to further protect the chassis and its installed
components from ESD or other transient voltage damage.
The Ethernet 10/100 Line Card can be installed in chassis slots 17 through 23, 26 through 39, and 42 through 48. These
cards are always installed directly behind their respective PACs, but are not required to be placed behind any redundant
PACs (those operating in Standby mode).
The following shows the panel of the Ethernet 10/100 line card, identifying its interfaces and major components:
Figure 24.
Ethernet 10/100 Line Card
../../../GRAPHICS/Production/ST-series_Hardware/ST-series_LCFE_callout.wmf
Table 13.
Ethernet 10/100 Line Card Callout Definitions
Number
Description
1
Card Ejector Levers—Use to insert/remove card to/from chassis.
2
Interlock Switch—When pulled downward, the interlock switch notifies the system to safely power down card
prior to removal.
3
Card Level Status LEDs—Show the status of the card. (See Hardware Installation Guide for definitions).
4
RJ-45 10/100 Ethernet Interfaces—Eight auto-sensing RJ-45 interfaces for R-P interface connectivity, carrying user
data. Ports are numbered 1 through 8 from top to bottom.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ST16 Hardware Platform Overview
Application and Line Cards ▀
Ethernet 1000 (Gigabit Ethernet) Line Cards
The Ethernet 1000 line card is commonly referred to as the GigE or Gigabit Ethernet Line Card (GELC). The Ethernet
1000 line card is installed directly behind its respective PAC, providing network connectivity to the packet data
network. The type of interfaces for the Ethernet 1000 line cards is dictated by the Small Form-factor Pluggable (SFP)
module installed as described below:
Table 14. SFP Modules Supported by the Ethernet 1000 Line Cards
Module
Type
Card
Identification
Interface Type
Cable Specifications
1000BaseSX
Ethernet 1000
SX
Fiber, LC
duplex female
connector
Fiber Type: Multi-mode fiber (MMF), 850 nm wavelengthCore Size
(microns)/Range:62.5/902.23 feet (275 meters)50/1640.42 feet (500
meters)Minimum Tx Power: -9.5 dBmRx Sensitivity: -17 dBmPlease read all
the notices and warnings for Class 1 Laser devices following this table before
handling this component.
1000BaseLX
Ethernet 1000
LX
Fiber, LC
duplex female
connector
Fiber Type: Single-mode fiber (SMF), 1310 nm wavelengthCore Size
(microns)/Range: 9/32808.4 feet (10 Kilometers)Minimum Tx Power: -9.5
dBmRx Sensitivity: -19 dBmPlease read all the notices and warnings for Class 1
Laser devices following this table before handling this component.
1000BaseT
Ethernet 1000
Copper
RJ-45
Operates in full-duplex up to 100 meters of CAT-5 Shielded Twisted Pair (STP)
cable with BER less than 10e-10.Use shielded cabling whenever possible to
further protect the chassis and its installed components from ESD or other
transient voltage damage.
Important: Class 1 Laser Compliance Notice This product has been tested and found to comply with the limits
for Class 1 laser devices for IEC825, EN60825, and 21CFR1040 specifications.
Important:
Disposal of this product should be performed in accordance with all national laws and regulations.
The Ethernet 1000 Line Cards can be installed in chassis slots 17 through 23, 26 through 39, and 42 through 48. These
cards are always installed directly behind their respective PACs, but they are not required behind any redundant PACs
(those operating in Standby mode).
The following shows the panel of the Ethernet 1000 line card with the fiber connector, identifying its interfaces and
major components.
Figure 25.
Ethernet 1000 Line Card
../../../GRAPHICS/Production/ST-series_Hardware/ST-series_LCGE_callout.wmf
General Application and Line Card Information
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ST16 Hardware Platform Overview
▀ Application and Line Cards
Card Interlock Switch
Each card has a switched interlock mechanism that is integrated with the upper card ejector lever. This ensures proper
notification to the system before a card is removed. You cannot configure or place a card into service until you push the
card interlock switch upward. This locks the upper ejector lever in place and signals the system that the card is ready for
use.
Important: You must push the interlock switch upward into position before the upper attaching screw on the card
will properly align with the screw hole in the chassis.
When you pull the interlock downward, it allows the upper ejector lever to be operated. This sliding lock mechanism
provides notification to the system before you physically remove a card from the chassis. This allows the system time to
migrate various processes on the particular operational card.The upper card ejector only operates when the slide lock is
pulled downward to the unlocked position.
Caution: Failure to lower the interlock switch before operating the upper card ejector lever may
result in damage to the interlock switch and possibly the card itself.
The following shows an exploded view of how the card interlock switch works in conjunction with the ejector lever.
Figure 26.
Card Interlock Switch in the Lever Locked Position
../../../GRAPHICS/Production/ST-series_Hardware/ST-series_interlock_switch_detail.wmf
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Chapter 4
ASR 5000 Hardware Platform Overview
This chapter provides information on the hardware components that comprise the ASR 5000.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ Chassis Configurations
Chassis Configurations
The system is designed to scale from a minimum configuration, as shown in the table below to a fully-loaded redundant
configuration containing a maximum of 48 cards.
Note that if Session Recovery is enabled, the minimum number of packet processing cards per chassis increases from
one to four cards. Three packet processing cards are active and one packet processing card is standby (redundant). This
minimal configuration is designed to protect against software failures only. In addition to increased hardware
requirements, Session Recovery may reduce subscriber session capacity, performance, and data throughput.
Important:
For Release 9.0, only PDSN and HA are supported on the PPC.
Component
Supported Cisco
Systems Product
Minimum per
Chassis
Minimum for Redundant
Chassis Configuration
Maximum per
Chassis
System Management Card (SMC)
1
2
2
Packet Processor Card (PPC)
(Data application card)
1
2*
14
Packet Services Card (PSC) (Data
application card)
1
2*
14
Packet Services Card 2 (PSC2)
(Data application card)
1
2
14
Switch Processor I/O (SPIO) Card
1
2
2
Redundancy Crossbar Card (RCC)
0
2
2
Power Filter Unit (PFU)
2
2
2
Upper Fan Tray Assembly
1
1
1
Lower Fan Tray Assembly
1
1
1
Line Cards
Fast Ethernet (10/100) Line Card
(FELC)
All
1
2
28**
Gigabit Ethernet Line Card
(GELC)
All
1
2
28**
Quad Gigabit Ethernet Line Card
(QGLC)
All
1
2
28**
10 Gigabit Ethernet Line Card
(XGLC)
All
1
2
14***
Optical Line Card (OLC)
SGSN only
1
2
28**
Optical Line Card 2 (OLC2)
SGSN only
1
2
28**
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
Chassis Configurations ▀
Component
Supported Cisco
Systems Product
Minimum per
Chassis
Minimum for Redundant
Chassis Configuration
Maximum per
Chassis
Channelized Line Card (CLC)
SGSN only
1
2
28**
Channelized Line Card 2 (CLC2)
SGSN only
1
2
28**
Notes:
1. These numbers represent the minimum number of components with no redundancy.
2. These numbers represent the minimum number of components with hardware redundancy. Additional components
are required if Session Recovery is to be supported.
*1:1 redundancy is supported for these cards however some subscriber sessions and accounting information may be lost
in the event of a hardware or software failure even though the system remains operational.
**The physical maximum number of half-height line cards you can install is 28; however, redundant configurations may
use fewer than the physical maximum number of line cards since they are not required behind standby PSCs or PSC2s.
***The 10 Gigabit Ethernet Line Card is a full-height line card that takes up the upper and lower slots in the back of the
chassis. Use the upper slot number only when referring to installed XGLCs. Slot numbering for other installed halfheight cards is maintained: 17 to 32 and 33 to 48, regardless of the number of installed XGLCs.
Figure 27.
Chassis Components (front and rear views)
This diagram shows exploded views of the front and rear chassis components. They are described below:
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ Chassis Configurations
Table 15.
Chassis and Sub-component Identification Key
Item
Description
1
Chassis: Supports 16 front-loading slots for application cards and 32 rear-loading slots for line cards. To support the
XGLC, a full-height line card, remove the half-height guide from the rear slots.
The chassis ships with blanking panels over every slot except the following: 1, 8, 17, and 24. These are intentionally left
uncovered for initial installation of application and line cards.
Refer to the ASR 5000 Chassis Descriptions section for additional information.
2
Mounting brackets: Support installation in a standard 19-inch rack or telecommunications cabinet. Standard and midmount options are supported. In addition, each bracket contains an electro-static discharge jack for use when handling
equipment.
Refer to the Mounting Options section for additional information.
3
Upper fan tray: Draws air up through the chassis for cooling and ventilation. It then exhausts air through the vents at the
upper-rear of the chassis.
Refer to the Fan Tray Assemblies section for additional information.
4
Upper bezel: Covers the upper fan tray bay.
5
Lower fan tray cover: Secures the lower fan tray assembly in place. The cover also provides an air baffle allowing air to
enter into the chassis.
6
Lower bezel: Covers the lower fan tray bay.
7
Lower fan tray assembly: Draws air through the chassis‘ front and sides for cooling and ventilation. It is equipped with a
particulate air filter to prevent dust and debris from entering the system.
Refer to the Fan Tray Assemblies section for additional information.
8
Power Filter Units (PFUs): Each of the system‘s two PFUs provides -48 VDC power to the chassis and its associated
cards. Each load-sharing PFU operates independently of the other to ensure maximum power feed redundancy.
Refer to the Power Filter Units section for more information.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
ASR 5000 Chassis Descriptions ▀
ASR 5000 Chassis Descriptions
Slot Numbering
ASR 5000 chassis feature a 48-slot design with 16 front-loading slots for application cards and 32 rear-loading slots (16
upper and 16 lower) for line cards.
Figure 28.
Front Slot Numbering Scheme for Application Cards
The rear of the chassis features a half-slot design that supports up to 32 line cards:
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ ASR 5000 Chassis Descriptions
Figure 29.
Rear Slot Numbering Scheme for Line Cards
The following table shows the front slot numbers and their corresponding rear slot numbers.
Table 16.
Front and Rear Slot Numbering Relationship
Position
Slot Number
Front
16
15
14
13
12
11
10
9
8
7
6
5
4
3
2
1
Rear Top Slots
32
31
30
29
28
27
26
25
24
23
22
21
20
19
18
17
Rear Bottom
Slots
48
47
46
45
44
43
42
41
40
39
38
37
36
35
34
33
Rear Slot Numbering for Half-Height Line Cards
Rear-installed line cards must be installed directly behind their respective front-loaded application card. For example, an
application card in Slot 1 must have a corresponding line card in Slot 17. The redundant line card for this configuration
would be placed in Slot 33. This establishes a directly mapped communication path through the chassis midplane
between the application and line cards.
To help identify which rear slot corresponds with the front-loaded application card, note that the upper rear slot numbers
are equal to the slot number of the front-loaded card plus 16. For example, to insert a line card to support an application
card installed in slot 1, add 16 to the slot number of the front-loaded application card (Slot 1 + 16 slots = Slot 17). Slot
17 is the upper right-most slot on the rear of the chassis, directly behind Slot 1.
For lower rear slot numbers, add 32. Again, a redundant line card for an application card in Slot 1 would be (Slot 1 + 32
= Slot 33). Slot 33 is the lower right-most slot on the rear of the chassis, also behind Slot 1.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
ASR 5000 Chassis Descriptions ▀
Rear Slot Numbering with Full-height Line Cards
ASR 5000 systems may be configured with 10 Gigabit Ethernet Line Cards (XGLCs). These are full-height line cards
for which the half-height card guide is removed in order to accommodate the cards. In this case, only the upper slot
number is used to refer to the XGLC. For half-height cards installed with the XGLCs, the half-height slot numbering
scheme is maintained.
For example, XGLCs installed in slots 17 and 32 also take up slots 33 and 48, but are referred to as cards in slots 17 and
32 only. The slots in which the SPIOs and RCCs are installed in the same configuration, are slots 24 and 25, and 40 and
41, respectively.
Mounting Options
The chassis is designed for installation in a standard 19-inch wide (48.26 cm) equipment rack. Additional rack hardware
(such as extension brackets) may be used to install the chassis in a standard 23-inch (58.42 cm) rack. Each chassis is
24.50 inches (62.23 cm) high. This equates to roughly 14 Rack Mount Units (RMUs: 1 RMU = 1.75 in (4.45 cm).
You can mount a maximum of three chassis in a standard 48 RMU (7 feet) equipment rack or telco cabinet provided that
all system cooling and ventilation requirements are met. A fully-loaded rack with three chassis installed has
approximately 5.5 inches (13.97 cm, 3.14 RMUs) of vertical space remaining.
To ensure all Central Office (CO) requirements and regulations are met, Nortel Networks currently mounts two PDSN
16000 shelves in a PTE 2000 frame measuring 600 mm (23.6-inch) wide by 900 mm (35.4-inch) deep by 2125 mm
(6.97-feet) high.
There are two options for mounting the chassis in a standard equipment rack or telecommunications cabinet:
Standard: In this configuration, the flanges of the mounting brackets are flush with the front of the chassis. This
is the default configuration as shipped.
Mid-mount: In this configuration, the flanges of the mounting brackets are recessed from the front of the
chassis. To do this, install the mounting brackets toward the middle of the chassis on either side.
Caution: When planning chassis installation, take care to ensure that equipment rack or cabinet hardware does
not hinder air flow at any of the intake or exhaust vents. Additionally, ensure that the rack/cabinet hardware, as well as
the ambient environment, allow the system to function within the required limits. For more information, refer to the
Environmental Specifications chapter of this guide.
Midplane Architecture
Separating the front and rear chassis slots is the midplane. The connectors on the midplane provide intra-chassis
communications, power connections, and data transport paths between the various installed cards.
The midplane also contains two separate -48 VDC busses (not shown) that distribute redundant power to each card
within the chassis.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ ASR 5000 Chassis Descriptions
Figure 30.
Midplane/Switch Fabric Architecture
Table 17. Midplane and Bus Descriptions
Item
Description
1
Slot number 1 (left-most application card slot)
2
Chassis midplane: provides intra-chassis communications and data transport paths between the various installed cards
3
SPIO cross-connect bus
4
Chassis slot number 16: right-most application card slot
5
Chassis slot number 17: upper right-most line card slot. The 10 Gigabit Ethernet Line Card (XGLC) is a full-height line
card that takes up the upper and lower slots in the back of the chassis. Use the upper slot number only when referring to
installed XGLCs. Slot numbering for other half-height lines cards is maintained: 17 to 32 and 33 to 48, regardless of the
number of installed XGLCs.
6
Chassis slot number 48: lower left-most line card slot
The following sections provide descriptions for each bus:
320 Gbps Switch Fabric
System Management Card (SMC), this IP-based, or packetized, switch fabric provides a transport path for user data
throughout the system. The 320 Gbps switch fabric establishes inter-card communication between the SMC(s) and other
application cards within the chassis, and their respective line cards.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
ASR 5000 Chassis Descriptions ▀
32 Gbps Control Bus
The Control Bus features redundant 32 Gbps Ethernet paths that interconnect all control and management processors
within the system. The bus uses a full-duplex Gigabit Ethernet (GE) switching hierarchy from both SMCs to each of the
14 application card slots in the chassis. Each application card is provisioned with a GE switch to meet its specific needs.
This bus also interconnects the two SMC modules.
System Management Bus
The System Management Bus supports management access to each component within the chassis. It provides a
communication path from each SMC to every card in the system supporting a 1 Mbps transfer rate to each card. This
allows the SMCs to manage several low-level system functions, such as supplying power, monitoring temperature,
board status, pending card removals, and data path errors, and controlling redundant/secondary path switchovers, card
resets, and other failover features. Additionally, the System Management Bus monitors and controls the fan trays, power
filter units, and alarming functions.
280 Gbps Redundancy Bus
The Redundancy Bus consists of multiple, full-duplex serial links providing packet processing card-to-line card
redundancy through the chassis‘ Redundancy Crossbar Cards (RCCs) as shown below.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ ASR 5000 Chassis Descriptions
Figure 31.
LC
Slot 17
Logical View of RCC Links for Failover
LC
Slot 23
PSC/PSC2
Slot 1
RCC
Slot 40
LC
Slot 26
LC
Slot 32
LC
Slot 33
LC
Slot 39
PSC/PSC2
Slot 2
RCC
Slot 41
LC
Slot 42
LC
Slot 48
PSC/PSC2
Slot 3
PSC/PSC2
Slot 16
= 5 Gbps Symbol Rate Serial Link
Each RCC facilitates 28 links:
One link with each of the 14 PSC/PSC2 slots
One link with each of the 14 packet processing card slots
The RCC in slot 40 supports line card slots 17-23 and 26-32 (upper-rear slots)
The RCC in slot 41 supports line card slots 33-39 and 42-48 (lower-rear slots)
Each serial link facilitates up to 5 Gbps symbol rate, equivalent to 4 Gbps of user data traffic, in each direction.
Therefore, the Redundancy Bus provides 140 Gbps symbol rate (112 Gbps user data) of throughput per RCC, 280 Gbps
symbol rate (224 Gbps user data) total for both.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
ASR 5000 Chassis Descriptions ▀
OC-48 TDM Bus
The system also hosts a dual OC-48 TDM bus consisting of 128 independent TDM paths each consisting of 512 DS0
channels. This bus supports voice services on the system. Higher speed TDM traffic requirements are addressed using
the system‘s data fabric.
SPIO Cross-Connect Bus
To provide redundancy between Switch Processor I/O (SPIO) cards, the system possesses a physical interconnect
between the ports on the SPIOs. This cross-connect allows management traffic or alarm outputs to be migrated from an
active SPIO experiencing a failure to the redundant SPIO.
While it is recommended that an SPIO is installed directly behind its corresponding SMC, this bus allows either SMC to
utilize either SPIO.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ Power Filter Units
Power Filter Units
Located at the bottom rear of the chassis are slots for two 165A Power Filter Unit (PFU) assemblies. Each PFU provides
DC power from the Central Office (CO) battery sub-system to the chassis and its associated cards. Each load-sharing
PFU operates independently of the other to ensure maximum power feed redundancy. The maximum input operating
voltage range of the PFU is -40 VDC to -60 VDC; the nominal rage is -48 VDC to -60 VDC.
Important:
In the event that the CO has AC power only, a separate rack mount AC to DC converter is required.
The following drawing shows the PFU and its connectors. Refer to the Cabling the Power Filter Units chapter for
information on installing and cabling the PF.
Figure 32.
Power Filter Unit
Table 18. Power Filter Unit Component Descriptions
Item
Description
1
Plastic terminal cover
2
VDC (-48 VDC input terminals)
3
RTN (voltage return terminals)
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
Power Filter Units ▀
Item
Description
4
Power filter unit handle
5
Circuit breaker (On/Off) rated at 165A
6
Power LED (See Replacing the Chassis‘ Power Filter Unit for details.)
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ Fan Tray Assemblies
Fan Tray Assemblies
There are two fan tray assemblies within the chassis. A lower fan tray provides air intake and an upper fan tray exhausts
warmed air from the chassis. Each fan tray is connected to both PFUs to ensure power feed redundancy. Both fan tray
assemblies are variable speed units that are automatically adjusted based on temperature or failover situations.
Thermal sensors monitor temperatures within the chassis. In the event of a fan failure or other temperature-related
condition, the Switch Management Card (SMC) notifies all operable fans in the system to switch to high speed and
generates an alarm.
Lower Fan Tray
The lower fan tray assembly contains multiple fans and pulls air into the chassis from the lower front and sides of the
chassis. The air is then pushed upward across the various cards and midplane within the chassis to support vertical
convection cooling.
Figure 33.
Lower Fan Tray Assembly
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
Fan Tray Assemblies ▀
Air Filter Assembly
The chassis supports a replaceable particulate air filter that meets UL 94-HF-1 standards for NEBS-compliant
electronics filtering applications. This filter is mounted at the top of the lower fan tray assembly, providing ingress
filtering to remove contaminants before they enter the system. Temperature sensors measure the temperature at various
points throughout the chassis. The system monitors this information, and if it detects a clogged filter, generates a
maintenance alarm.
Figure 34.
Particulate Air Filter
Important: A replacement air filter is shipped with each chassis. It is recommended that a minimum of one
replacement air filter for each deployed chassis be kept on site. This ensures that qualified service personnel can quickly
replace the filter when needed.
Upper Fan Tray
The upper fan tray unit contains multiple fans that exhaust air from the upper rear and sides of the chassis.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ Fan Tray Assemblies
Figure 35.
Upper Fan Tray Assembly
Chassis Airflow
Airflow within the chassis is designed per Telcordia recommendations to ensure the proper vertical convection cooling
of the system. Detailed information is located in the Chassis Air Flow section in Environmental Specifications chapter
of this guide.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
ASR 5000 Application Cards ▀
ASR 5000 Application Cards
The following application cards are supported by the system.
System Management Card
SMCs are installed in the chassis slots 8 and 9. During normal operation, the SMC in slot 8 serves as the primary card
and the SMC in slot 9 serves as the secondary. Each SMC has a dual-core central processing unit (CPU) and 4 GB of
random access memory (RAM).
There is a single PC-card slot on the SMC that supports removable ATA Type I or Type II PCMCIA cards for
temporary storage. Use these cards to load and store configuration data, software updates, buffer accounting
information, and store diagnostic or troubleshooting information.
There is also a type II CompactFlash™ slot on the SMC that hosts configuration files, software images, and the session
limiting/feature use license keys for the system.
The SMC provides the following major functions:
Non-blocking low latency inter-card communication
1:1 or 1:N redundancy for hardware and software resources
System management control
Persistent storage via CompactFlash and PCMCIA cards (for field serviceability), and a hard disk drive for
greater storage capabilities
Internal gigabit Ethernet switch fabrics for management and control plane communication
The front panel of the SMC and its major components is shown below:
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ ASR 5000 Application Cards
Figure 36.
SMC Callout Descriptions
Table 19. System Management Card (SMC)
Item
Description
1
Card Ejector Levers —Use to insert/remove card to/from chassis.
2
Interlock Switch —When pulled downward, the interlock switch notifies the system to safely power down card prior to
removal.
3
Card Level Status LEDs—Show the status of the card. (See Applying Power and Verifying Installation for definitions).
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
ASR 5000 Application Cards ▀
Item
Description
4
System Level Status LEDs—Show the status of overall system health and/or maintenance requirements. (See Applying
Power and Verifying Installation for definitions).
5
PC-Card/PCMCIA Slot—Stores or moves software, diagnostics, and other information.
6
System Alarm Speaker—Sounds an audible alarm when specific system failures occur.
7
Alarm Cut-Off (ACO)—Press and release this recessed toggle switch to reset the system alarm speaker and other audible
or visual alarm indicators connected to the CO Alarm interface on the SPIO.
SMC RAID Support
Each SMC is equipped with a hard disk, commonly referred to as a Small Form Factor (SFF) disk.
Important:
The hard disk is not physically accessible. Disk failure constitutes SMC failure.
To access physical RAID details, such as disk manufacturer, serial number, number of partitions, disk size, and so on, in
the Executive Mode of the CLI, type the command
.
If there is a redundant SMC in the chassis, the standby disk works as a mirror to the disk in the active chassis, forming
an active Redundant Array of Inexpensive Disks (RAID).
Use the HD RAID commands in the Command Line Interface Reference to configure RAID. RAID control mechanisms
allow xDR charging data to be written to the hard disks on both the active and standby SMCs for later upload to a
suitable local or remote storage server. Configuring CDR, EDR, and UDR storage is described in the Command Line
Interface Reference.
Event logs related to disk and RAID include disk name, serial number and RAID UUID for reference. They are
generated at the Critical, Error, Warning, and Informational levels. For more information on configuring and viewing
log files, refer to Configuring and Viewing System Logs in the System Administration Guide.
Event logs at the Critical level are generated for service-affecting events such as:
RAID failure, including failures during runtime and various cases of initial RAID discovery and disk partition
failures
File system failure when the system fails to initialize or mount file systems
Network failure for NFS server-related errors
Event logs at the Error level are generated for important failures:
RAID disk failure, including failures during runtime
Internal errors, including forking process failures
Event logs at Warning level are generated for important abnormal cases:
Overwriting a valid or invalid disk partition, RAID image, and file system
RAID construction in progress and possible failure
Low disk space
Files deleted to free up disk space
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ ASR 5000 Application Cards
Event logs at the Informational level are generated for normal situations:
Disk partition completion
RAID discovery results without overwriting
RAID construction completion
RAID disk added or removed
File system initialization
NFS service start
Files copied/removed from CDR module to RAID disk
The hard disk supports SNMP notifications. These are described in the SNMP MIB Manual.
Packet Processing Cards: PSC, PSC2, and PPC
The Packet Services Cards, PSC and PSC2, and Packet Processing Card (PPC) are used with the System Management
Card (SMC) in the ASR 5000 hardware platform. These cards provide the packet processing and forwarding capabilities
within a system. Each packet processing card type supports multiple contexts, which allows you to overlap or assign
duplicate IP address ranges in different contexts.
Important:
For Release 9.0, the PPC card is limited to CDMA and HA functionality.
Specialized hardware engines support parallel distributed processing for compression, classification, traffic scheduling,
forwarding, packet filtering, and statistics.
The packet processing cards use control processors to perform packet-processing operations, and a dedicated high-speed
network processing unit (NPU). The NPU does the following:
Provides ―Fast-path‖ processing of frames using hardware classifiers to determine each packet‘s processing
requirements
Receives and transmits user data frames to and from various physical interfaces
Performs IP forwarding decisions (both unicast and multicast)
Provides per interface packet filtering, flow insertion, deletion, and modification
Manages traffic and traffic engineering
Modifies, adds, or strips datalink/network layer headers
Recalculates checksums
Maintains statistics
Manages both external line card ports and the internal connections to the data and control fabrics
The following sections describe the differences between the PSC and PSC2 cards.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
ASR 5000 Application Cards ▀
Packet Services Card (PSC) Description
Each PSC has two x86-based control processor (CP) subsystems that perform the bulk of the packet-based user service
processing. The main x86 CP contains 4 cores split across two chips. It is equipped with 16 GB of RAM. Therefore, a
fully-loaded system consisting of 14 PSCs, provides 224 GB of RAM dedicated to packet processing tasks. The second
CP is in the NPU. This CP contains 1.5 GB of memory, but only 512 MB is available to the OS for use in session
processing.The hardware encryption components are part of the standard PSC hardware.
To take advantage of the distributed processing capabilities of the system, you can add additional PSCs to the chassis
without their supporting line cards, if desired. This results in increased packet handling and control transaction
processing capabilities. Another advantage is a decrease in CPU utilization when the system performs processorintensive tasks such as encryption or data compression.
PSCs can be installed in chassis slots 1 through 7 and 10 through 16. Each installed PSC can either be allocated as
active, available to the system for session processing, or redundant, a standby component available in the event of a
failure.
The front panel of the PSC and its major components is shown below:
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ ASR 5000 Application Cards
Figure 37.
Packet Services Card (PSC)
Table 20. PSC Callout Descriptions
Number
Description
1
Card Ejector Levers—Use to insert/remove card to/from chassis.
2
Interlock Switch—When pulled downward, the interlock switch notifies the system to safely power down card prior to
removal.
3
Card Level Status LEDs—Show the current status of the card. (See Applying Power and Verifying Installation for
definitions.)
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
ASR 5000 Application Cards ▀
Packet Services Card 2 (PSC2) Description
The Packet Services Card 2 (PSC2) is the next-generation packet forwarding card for the ASR 5000. The PSC2 provides
increased aggregate throughput and performance, and a higher number of subscriber sessions.
The PSC2 has been enhanced with a faster network processor unit, featuring two quad-core x86 2.5Ghz CPUs, 32 GB of
RAM. These processors run a single copy of the operating system and appear as a single CPU in the
command (CPU0). The operating system running on the PSC treats the two dual-core processors as a 4-way
multi-processor. You can see this in the output of the
command.
The PSC2 provides 2 to 2.7 times the data throughput of the original PSC, and the switch fabric interface has been
doubled. A second-generation data transport fixed programmable gate array (DT2 FPGA, abbreviated as DT2) connects
the PSC2‘s NPU bus to the switch fabric interface. The FPGA also provides a bypass path between the line card or
Redundancy Crossbar Card (RCC) and the switch fabric for ATM traffic. Traffic from the line cards or the RCC is
received over the FPGA‘s serial links and is sent to the NPU on its switch fabric interface. The traffic destined for the
line cards or RCC is diverted from the NPU interface and sent over the serial links.
DT2 FPGA also connects to the control processors subsystem via a PCI-E bus. The PCI-E interface allows the control
processors to perform register accesses to the FPGA and some components attached to it, and also allows DMA
operations between the NPU and the control processors‘ memory. A statistics engine is provided in the FPGA. Two
reduced latency DRAM (RLDRAM) chips attached to the FPGA provide 64MB of storage for counters.
The PSC2 has a 2.5 G/bps-based security processor that provides the highest performance for cryptographic acceleration
of next-generation IP Security (IPsec), Secure Sockets Layer (SSL) and wireless LAN/WAN security applications with
the latest security algorithms.
Interoperability
It is not recommended that you mix PSC2s with PSCs or PPCs, since this prevents the PSC2 from operating at its full
potential. Due to the different processor speeds and memory configurations, the PSC2 cannot be combined in a chassis
with PSCs or PPCs.
The system will reduce the performance of the PSC2 to that of a PSC or PPC if either of those cards are in the system.
This is due to the different performance and switch fabric configuration. A system booting up with mixed cards will
default to the slower performance mode. A PSC or PPC added to a running PSC2 system will be taken offline. A PSC2
added to a running PSC or PPC system will start up in this slower mode.
The PSC2 is capable of dynamically adjusting the line card connection mode to support switching between XGLCs and
non-XGLCs with minimal service interruption.
Redundancy
PSC2 is fully redundant with a spare PSC2.
PSC2 is redundant with PSC, as long as there is no IPSec and the PSC2 is operating in the compatibility mode.
ICSR is not supported between a chassis using PSC2s and a chassis using PSCs or PPCs due to the different
capabilities of the two chassis.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ ASR 5000 Application Cards
Capacity
3 million SAU and 6 million PDP contexts
2 million PDSN sessions
6 million HA sessions
Power Estimate
325W Maximum
The front panel of the PSC2 and its major components is shown below:
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
ASR 5000 Application Cards ▀
Figure 38.
Packet Services Card 2 (PSC2)
Table 21. PSC2 Callout Descriptions
Number
Description
1
Card Ejector Levers—Use to insert/remove card to/from chassis.
2
Interlock Switch—When pulled downward, the interlock switch notifies the system to safely power down card prior to
removal.
3
Card Level Status LEDs—Show the current status of the card. (See Applying Power and Verifying Installation for
definitions)
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ ASR 5000 Application Cards
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
ASR 5000 Line Cards ▀
ASR 5000 Line Cards
The following rear-loaded cards are currently supported by the system.
Switch Processor I/O Card
The Switch Processor I/O (SPIO) card provides connectivity for local and remote management, CO alarming, and BITS
timing input. SPIOs are installed in chassis slots 24 and 25, behind SMCs. During normal operation, the SPIO in slot 24
works with the active SMC in slot 8. The SPIO in slot 25 serves as a redundant component. In the event that the SMC in
slot 8 fails, the redundant SMC in slot 9 becomes active and works with the SPIO in slot 24. If the SPIO in slot 24
should fail, the redundant SPIO in slot 25 takes over.
The following shows the panel of the SPIO card, its interfaces, and other major components.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ ASR 5000 Line Cards
Figure 39.
Switch Processor I/O Card
Table 22. SPIO Callout Definitions
Number
Description
1
Card Ejector Levers—Use to insert/remove card to or from the chassis.
2
Interlock Switch—When pulled downward, the interlock switch notifies the system to safely power down card prior to
removal.
3
Card Level Status LEDs—Show the status of the card. See the Applying Power and Verifying Installation for
definitions.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
ASR 5000 Line Cards ▀
Number
Description
4
Optical Gigabit Ethernet Management LAN Interfaces—Two Small Form-factor Pluggable (SFP) optical Gigabit
Ethernet interfaces to connect optical transceivers.
5
10/100/1000 Mbps Ethernet Management LAN Interfaces—Two RJ-45 interfaces, supporting 10/100 Mbps or 1
Gbps Ethernet.
6
Console Port—RJ-45 interface used for local connectivity to the command line interface (CLI). See Cabling the Switch
Processor Input/Output Line Card for more information.
7
BITS Timing Interface—Either a BNC interface or 3-pin wire wrap connector. Used for application services that use
either the optical or channelized line cards.
8
CO Alarm Interface—Dry contact relay switches, allowing connectivity to central office, rack, or cabinet alarms. See
the Applying Power and Verifying Installation for more information.
Management LAN Interfaces
SPIO management LAN interfaces connect the system to the carrier‘s management network and subsequent
applications, normally located remotely in a Network Operations Center (NOC). You can use the RJ-45 10/100/1000
Mbps Ethernet interfaces or optical SFP Gigabit Ethernet interfaces.
When using the RJ-45 interfaces, CAT5 shielded twisted pair cabling is recommended.
Important: Use shielded cabling whenever possible to further protect the chassis and its installed components
from ESD or other transient voltage damage.
Table 23. SFP Interface Supported Cable Types
Module Type
Card
Identification
Interface Type
Cable Specifications
1000BaseSX
Ethernet 1000
SX
Fiber, LC duplex female
connector
Fiber Type: Multi-mode fiber (MMF), 850 nm
wavelength
Core Size (microns)/Range:
62.5/902.23 feet (275 meters)
50/1640.42 feet (500 meters)
Minimum Tx Power: -9.5 dBm
Rx Sensitivity: -17 dBm
Console Port
The console uses an RS-232 serial communications port to provide local management access to the command line
interface (CLI). A 9-pin-to-RJ-45 console cable is supplied with each SPIO card. The console cable must provide
carrier-detect when attached in a null modem configuration.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ ASR 5000 Line Cards
Should connection to a terminal server or other device requiring a 25-pin D-subminiature connector be required, a
specialized cable can be constructed to support DB-25 to RJ-45 connectivity. Refer to the Technical Specifications
chapter later in this document for the pin-outs for this cable. The baud rate for this interface is configurable between
9600 bps and 115,200 bps (default is 9600 bps).
For detailed information on using the console port, see the See Cabling the Switch Processor Input/Output Line Card.
BITS Timing
A Building Integrated Timing Supply (BITS) module is available on two versions of the SPIO: one supports a BITS
BNC interface and the other a BITS 3-pin interface. If your system uses the optical and/or channelized line cards (for
SDH/SONET), you can configure it to have the SPIO‘s BITS module provide the transmit timing source, compliant
with Stratum 3 requirements, for all the line cards in the chassis.
Central Office Alarm Interface
The CO alarm interface is a 10-pin connector for up to three dry-contact relay switches to trigger external alarms, such
as lights, sirens or horns, for bay, rack, or CO premise alarm situations. The three Normally Closed alarm relays can be
wired to support Normally Open or Normally Closed devices, indicating minor, major, and critical alarms. Pin-outs and
a sample wiring diagram for this interface are shown in Technical Specifications chapter, later in this guide.
A CO alarm cable is shipped with the product so you can connect the CO Alarm interfaces on the SPIO card to your
alarming devices. The ―Y‖ cable design ensures CO alarm redundancy by connecting to both primary and secondary
SPIO cards.
Redundancy Crossbar Card
The RCC uses 5 Gbps serial links to ensure connectivity between rear-mounted line cards and every non-SMC frontloaded application card slot in the system. This creates a high availability architecture that minimizes data loss and
ensures session integrity. If a packet processing card were to experience a failure, IP traffic would be redirected to and
from the LC to the redundant packet processing card in another slot. Each RCC connects up to 14 line cards and 14
packet processing cards for a total of 28 bi-directional links or 56 serial 2.5 Gbps bi-directional serial paths.
The RCC provides each packet processing card with a full-duplex 5 Gbps link to 14 (of the maximum 28) line cards
placed in the chassis. This means that each RCC is effectively a 70 Gbps full-duplex crossbar fabric, giving the two
RCC configuration (for maximum failover protection) a 140 Gbps full-duplex redundancy capability.
The RCC located in slot 40 supports line cards in slots 17 through 23 and 26 through 32 (upper rear slots). The RCC in
slot 41 supports line cards in slots 33 through 39 and 42 through 48 (lower rear slots):
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
ASR 5000 Line Cards ▀
Figure 40.
Redundancy Crossbar Car
Table 24. RCC Callout Definitions
Number
Description
1
Card Ejector Levers—Use to insert/remove a card to and from the chassis.
2
Interlock Switch—When pulled downward, the interlock switch notifies the system to safely power down card prior to
removal.
3
Card Level Status LEDs—Show the status of the card. (See Applying Power and Verifying Installation for
definitions).
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ ASR 5000 Line Cards
Ethernet 10/100 Line Card
The Ethernet 10/100 line card, commonly referred to as the Fast Ethernet Line Card (FELC), is installed directly behind
its respective packet processing card, providing network connectivity to the RAN interface and the packet data network.
Each card has eight RJ-45 interfaces, numbered top to bottom from 1 to 8. Each of these IEEE 802.3-compliant
interfaces supports auto-sensing 10/100 Mbps Ethernet. Allowable cabling includes:
100Base-Tx - full or half duplex Ethernet on CAT 5 shielded twisted pair (STP) or unshielded twisted pair
(UTP) cable
10Base-T - full or half duplex Ethernet on CAT 3, 4, or 5 STP or UTP cable
Important: Use shielded cabling whenever possible to further protect the chassis and its installed components
from ESD or other transient voltage damage.
The Ethernet 10/100 Line Card can be installed in chassis slots 17 through 23, 26 through 39, and 42 through 48. These
cards are always installed directly behind their respective packet processing cards, but are not required to be placed
behind any redundant packet processing cards (those operating in Standby mode).
The following shows the panel of the Ethernet 10/100 line card, identifying its interfaces and major components:
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
ASR 5000 Line Cards ▀
Figure 41.
Ethernet 10/100 Line Card
Table 25. Ethernet 10/100 Line Card Callout Definitions
Number
Description
1
Card Ejector Levers—Use to insert/remove card to/from chassis.
2
Interlock Switch—When pulled downward, the interlock switch notifies the system to safely power down card
prior to removal.
3
Card Level Status LEDs—Show the status of the card. (See Applying Power and Verifying Installation for
definitions).
4
RJ-45 10/100 Ethernet Interfaces—Eight auto-sensing RJ-45 interfaces for R-P interface connectivity, carrying user
data. Ports are numbered 1 through 8 from top to bottom.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ ASR 5000 Line Cards
Ethernet 1000 (Gigabit Ethernet) Line Cards
The Ethernet 1000 line card is commonly referred to as the GigE or Gigabit Ethernet Line Card (GELC). The Ethernet
1000 line card is installed directly behind its respective packet processing card, providing network connectivity to the
packet data network. The type of interfaces for the Ethernet 1000 line cards is dictated by the Small Form-factor
Pluggable (SFP) module installed as described below:
Table 26. SFP Modules Supported by the Ethernet 1000 Line Cards
Module
Type
Card
Identification
Interface Type
Cable Specifications
1000BaseSX
Ethernet 1000
SX
Fiber, LC duplex
female connector
Fiber Type: Multi-mode fiber (MMF), 850 nm wavelength
Core Size (microns)/Range:
62.5/902.23 feet (275 meters)
50/1640.42 feet (500 meters)
Minimum Tx Power: -9.5 dBm
Rx Sensitivity: -17 dBm
1000BaseLX
Ethernet 1000
LX
Fiber, LC duplex
female connector
Fiber Type: Single-mode fiber (SMF), 1310 nm wavelength
Core Size (microns)/Range: 9/32808.4 feet (10 Kilometers)
Minimum Tx Power: -9.5 dBm
Rx Sensitivity: -19 dBm
1000Base-T
Ethernet 1000
Copper
RJ-45
Operates in full-duplex up to 100 meters of CAT-5 Shielded Twisted
Pair (STP) cable with BER less than 10e-10.
Important: Class 1 Laser Compliance Notice This product has been tested and found to comply with the limits
for Class 1 laser devices for IEC825, EN60825, and 21CFR1040 specifications.
WARNING: Only trained and qualified personnel should install, replace, or service this equipment. Invisible laser
radiation may be emitted from the aperture of the port when no cable is connected. Avoid exposure to laser radiation
and do not stare into open apertures. BE SURE TO KEEP COVER ON INTERFACE WHEN NOT IN USE.
Important:
Disposal of this product should be performed in accordance with all national laws and regulations.
The Ethernet 1000 Line Cards can be installed in chassis slots 17 through 23, 26 through 39, and 42 through 48. These
cards are always installed directly behind their respective or packet processing cards, but they are not required behind
any redundant packet processing cards (those operating in Standby mode).
The following shows the panel of the Ethernet 1000 line card with the fiber connector, identifying its interfaces and
major components.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
ASR 5000 Line Cards ▀
Figure 42.
Ethernet 1000 Line Card
Quad Gigabit Ethernet Line Card
The 4-port Gigabit Ethernet line card is commonly referred to as the Quad-GigE Line Card or the QGLC. The QGLC is
installed directly behind its associated packet processing card to provide network connectivity to the packet data
network. There are several different versions of Small Form-factor Pluggable (SFP) modules available:
Table 27. SFP Modules Supported by the QGLC
Module
Type
Card
Identification
Interface Type
Cable Specifications
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ ASR 5000 Line Cards
Module
Type
Card
Identification
Interface Type
Cable Specifications
1000BaseSX
Ethernet 1000
SX
Fiber, LC duplex
female connector
Fiber Type: Multi-mode fiber (MMF), 850 nm wavelength
Core Size (microns)/Range:
62.5/902.23 feet (275 meters)
50/1640.42 feet (500 meters)
Minimum Tx Power: -9.5 dBm
Rx Sensitivity: -17 dBm
1000BaseLX
Ethernet 1000
LX
Fiber, LC duplex
female connector
Fiber Type: Single-mode fiber (SMF), 1310 nm wavelength
Core Size (microns)/Range: 9/32808.4 feet (10 Kilometers)
Minimum Tx Power: -9.5 dBm
Rx Sensitivity: -19 dBm
1000Base-T
Ethernet 1000
Copper
RJ-45
Operates in full-duplex up to 100 meters of CAT-5 Shielded Twisted
Pair (STP) cable with BER less than 10e-10.
Important: Class 1 Laser Compliance Notice This product has been tested and found to comply with the limits
for Class 1 laser devices for IEC825, EN60825, and 21CFR1040 specifications.
WARNING: Only trained and qualified personnel should install, replace, or service this equipment. Invisible laser
radiation may be emitted from the aperture of the port when no cable is connected. Avoid exposure to laser radiation
and do not stare into open apertures. BE SURE TO KEEP COVER ON INTERFACE WHEN NOT IN USE.
Important:
Disposal of this product should be performed in accordance with all national laws and regulations.
Install QGLCs in chassis slots 17 through 23, 26 through 39, and 42 through 48. Always install these cards directly
behind their respective packet processing cards. They are not required behind any redundant packet processing cards
(those operating in Standby mode).
The following shows the front panel of the QGLC, identifying its interfaces and major components:
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
ASR 5000 Line Cards ▀
Figure 43.
Quad Gigabit Line Card (QGLC)
y
db
ail
tiv
an
St
n/ F
Ru
Ac
3
e
2
Link
Activity
SFP
Link
4
Activity
SFP
1
Link
Activity
SFP
Link
Activity
SFP
Ethernet
1000
SX
Table 28. Quad Gigabit Line Card (QGLC) Callout Definitions
Number
Description
1
Card Ejector Levers—Use to insert/remove card to/from chassis.
2
Interlock Switch—When pulled downward, the interlock switch notifies system to safely power down card prior
to removal.
3
Card Level Status LEDs—Show the status of the card. (See Applying Power and Verifying Installation for definitions)
4
Gigabit Ethernet Interface(s)—Gigabit Ethernet (GE) SFP modules.
1000Base-SX, 1000Base-LX, and 1000Base-T interfaces are supported depending on the SFP module installed.
10 Gigabit Ethernet Line Card
The 10 Gigabit Ethernet Line Card is commonly referred to as the XGLC. The XGLC supports higher speed
connections to packet core equipment, increases effective throughput between the ASR 5000 and the packet core
network, and reduces the number of physical ports needed on the ASR 5000.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ ASR 5000 Line Cards
The XGLC is a full-height line card, unlike the other line cards, which are half height. To install an XGLC, you must
remove the half-height card guide in the rear of the chassis. Once installed, use only the upper slot number to refer to or
configure the XGLC. Software refers to the XGLC by the top slot number and port; for example, 17/1, not 33/1. For
half-height cards that are installed with the XGLCs, the half-height slot numbering scheme is maintained.
The one-port XGLC supports the IEEE 802.3-2005 revision which defines full duplex operation of 10 Gigabit Ethernet.
When combined with a PSC or PPC, the XGLC supports a maximum sustained forwarding rate of 2.8 Gbps and can
support bursts up to full line rate. When combined with a PSC2, the XGLC supports a maximum sustained forwarding
rate of 6 Gbps, and can support bursts up to full line rate. The XGLC supports a maximum Ethernet Frame size of
3.5KB.
The XGLC use a Small Form Factor Pluggable (SPF+) module. The modules support one of two media types:
10GBASE-SR (Short Reach) 850nm, 300m over Multimode (MMF), or 10GBASE-LR (Long Reach) 1310nm, 10km
over Single Mode (SMF).
The XGLC is configured and monitored via the System Management Card (SMC) over the system‘s control bus. Both
SMCs must be active to maintain maximum forwarding rates. A feature of the higher speed line cards (10 Gigabit
Ethernet Line Card or XGLC, and the Quad Gigabit Ethernet Line Card or QGLC), is the ability to use the Star Channel
if the firmware needs to be upgraded. The Star Channel is a 2x140Gbps redundancy bus between the packet processing
card and the line card that allows a faster download. Another way to perform a firmware upgrade is via the System
Management Bus, with 1 Mbps throughput, which connects the SMC to every card in the system.
Install XGLCs in chassis slots 17 through 23 and 26 through 32. These cards should always be installed directly behind
their respective packet processing cards, but they are not required behind any redundant packet processing cards (those
operating in Standby mode).
The supported redundancy schemes for XGLC are L3, Equal Cost Multi Path (ECMP) and 1:1 side-by-side redundancy.
Refer to the ―Line Card Installation‖ chapter for additional information.
Power Estimate: 30W maximum
Side by side redundancy allows two XGLC cards installed in neighboring slots to act as a redundant pair. Side by side
pair slots are 17-18, 19-20, 21-22, 23-26, 27-28, 29-30, and 31-32.
Side by side redundancy only works with XGLC cards. When configured for non-XGLC cards, the cards are brought
offline. If the XGLCs are not configured for side by side redundancy, the run independently without redundancy.
When you first configure side by side redundancy, the higher-numbered slot‘s configuration is erased and then
duplicated from the lower-numbered slot. The lower-numbered top slot retains all other configuration settings. While
side by side redundancy is configured, all other configuration commands work as if the side by side slots were topbottom slots. Configuration commands directed at the bottom slots either fail with errors are are disallowed.
When you unconfigure side by side redundancy, the configuration for the higher-numbered top and bottom slots are
initialized to the dfaults. The configuration for the lower-numbered stop slot retains all other configuration settings. If
you install non-XGLC cards in the slots, you may bring them back online.
Table 29.
Module Type
SFP Modules Supported by the XGLC
Card
Identification
Interface Type
Cable Specifications
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
ASR 5000 Line Cards ▀
Module Type
Card
Identification
Interface Type
Cable Specifications
10GBaseSR
Ethernet 10G SR
Fiber, LC duplex female
connector
Fiber Type: Multi-mode fiber (MMF), 850 nm
wavelength
Core Size (microns)/Range:
62.5/902.23 feet (275 meters)
50/1640.42 feet (500 meters)
62.5um/33m (OM1)
50um 500MHz-km/82m (OM2)
50um 2000MHz-km/300m (OM3)
Minimum Tx Power: -7.3 dBm
Rx Sensitivity: -11.1 dBm
10GBaseLR
Ethernet 10G LR
Fiber, LC duplex female
connector
Fiber Type: Single-mode fiber (SMF), 1310 nm
wavelength
Core Size (microns)/Range: 9/32808.4 feet (10
Kilometers)
Minimum Tx Power: -11.0 dBm
Rx Sensitivity: -19 dBm
Important: Class 1 Laser Compliance Notice This product has been tested and found to comply with the limits
for Class 1 laser devices for IEC825, EN60825, and 21CFR1040 specifications.
WARNING: Only trained and qualified personnel should install, replace, or service this equipment. Invisible laser
radiation may be emitted from the aperture of the port when no cable is connected. Avoid exposure to laser radiation
and do not stare into open apertures. BE SURE TO KEEP COVER ON INTERFACE WHEN NOT IN USE.
Important:
Disposal of this product should be performed in accordance with all national laws and regulations.
The following shows the front panel of the XGLC, identifying its interfaces and major components:
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ ASR 5000 Line Cards
Figure 44.
10 Gigabit Ethernet Line Card (XGLC)
2
3
4
1
Ethernet
10G
LR
Table 30.
10 Gigabit Ethernet Line Card (GLC) Callout Definitions
Number
Description
1
Card Ejector Levers—Use to insert/remove card to/from chassis.
2
Interlock Switch—When pulled downward, the interlock switch notifies system to safely power down card prior
to removal.
3
Card Level Status LEDs—Show the status of the card. (See Applying Power and Verifying Installation for definitions)
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
ASR 5000 Line Cards ▀
Number
Description
4
Gigabit Ethernet Interface(s)—10 Gigabit Ethernet (GE) SFP+ modules. 10Base-SR and 10Base-LR interfaces are
supported, depending on the SFP+ module installed.
Optical Line Cards (OLC and OLC2)
There are two optical fiber line cards: OLC and OLC2. The OLC is labeled ATM/POS OC-3. The OLC2 is labeled
OLC2 OC-3/STM-1 Multi Mode (or Single Mode depending on SFP type). Both cards provide either OC-3 or STM-1
signaling and both support ATM. The primary difference between the two cards is that the OLC2 is RoHS 6/6
compliant. RoHS stands for Restriction of Hazardous Substances. It is the European Union directive for restricting the
use of six hazardous substances in the manufacture of electrical components
The OLC/OLC2 support both SDH and SONET. The basic unit of framing in SDH is STM-1 (Synchronous Transport
Module level - 1), which operates at 155.52 Mbit/s. SONET refers to this basic unit as STS-3c (Synchronous Transport
Signal - 3, concatenated), but its high-level functionality, frame size, and bit-rate are the same as STM-1.
SONET offers an additional basic unit of transmission, STS-1 (Synchronous Transport Signal - 1), operating at 51.84
Mbit/s—exactly one third of an STM-1/STS-3c. The OLC/OLC2 concatenates three STS-1 (OC-1) frames to provide
transmission speeds up to 155.52 Mb/s with payload rates of 149.76 Mb/s and overhead rates of 5.76 Mb/s.
The OLC/OLC2 optical fiber line cards support network connectivity through Iu or IuPS interfaces to the UMTS
Terrestrial Radio Access Network (UTRAN). These interfaces are commonly used with our SGSN products to provide
either non-IP 3G traffic or all IP 3G traffic (for all-IP packet-based networking) over ATM (Asynchronous Transfer
Mode).
Each OLC/OLC2 provides four physical interfaces (ports) numbered top-to-bottom from 1 to 4 and populated by Small
Form-factor Pluggable (SFP) modules which include LC-type Bellcore GR-253-CORE compliant connectors. The
Optical (ATM) line Card supports two types of SFP modules (ports) and applicable cabling, but each card supports only
one type at-a-time, as indicated in the following table:
Module Type
Card Identification
Interface Type
Cable Specifications
Single-mode Optical
Fiber
ATM/POS OC-3 SM IR1
Single-mode Fiber, LC duplex female
connector
Fiber Types: Single-mode optical
fiber
Wavelength: 1310 nm
Core Size: 9 micrometers
Cladding Diameter: 125
micrometers
Range: Intermediate/21
kilometers
Attenuation: 0.25 dB/KM
Min/Max Tx Power: -15 dBm/-8
dBm
Rx Sensitivity: -28 dBm
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ ASR 5000 Line Cards
Module Type
Card Identification
Interface Type
Cable Specifications
Multi-mode Optical
Fiber
ATM/POS OC-3 MultiMode
Multi-mode Fiber, LC duplex female
connector
Fiber Types: Multi-mode optical
fiber
Wavelength: 1310 nm
Core Size: 62.5 micrometers
Cladding Diameter: 125
micrometers
Range: Short/2 kilometers
Min/Max Tx Power: -19 dBm/14 dBm
Rx Sensitivity: -30 dBm
Install the OLC/OLC2 directly behind its respective (Active) packet processing card. You may optionally install an
OLC/OLC2 behind a redundant packet processing card (those operating in Standby mode). As with other line cards,
install the Optical (ATM) Line Card in slots 17 through 23, 26 through 39, and 42 through 48.
The following figures show the panel of the OLC and OLC2 Optical (ATM) Line Cards, indicating their ports and
major components.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
ASR 5000 Line Cards ▀
Figure 45.
OLC Optical (ATM) Line Card
2
y
e
db
tiv
an
St
n/F
Ac
Ru
3
ail
1
1
1
SFP
2
4
SFP
3
SFP
4
R
ed
A
Ye larm
llo
w
Li Ala
nk
rm
1
1
5
2
3
4
6
ATM/POS
OC-3
xxxx
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ ASR 5000 Line Cards
Figure 46.
OLC2 Optical (ATM) Line Card
2
y
ail
an
db
St
n/ F
Ac
Ru
3
tiv
e
1
1
1
2
4
3
4
R
ed
A
Ye larm
llo
w
Lin Ala
rm
k
1
1
5
2
3
4
6
OLC2
OC-3/STM-1
xxxx
Table 31. Optical (ATM) Line Card Callout Definitions
Number
Description
1
Card Ejector Levers—Use to insert/remove card to/from chassis.
2
Interlock Switch—When pulled downward, the interlock switch notifies the system to safely power down card prior to
removal.
3
Card Level Status LEDs—Show the status of the card. See the Applying Power and Verifying Installation for
definitions.
4
Port connectors—Fiber LC duplex female connector.
5
Port Level Status LEDs—Show the status of a port. See the Applying Power and Verifying Installation for definitions.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
ASR 5000 Line Cards ▀
Number
Description
6
Line Card Label—Identifies the type of SFP modules and cabling supported:
ATM/POS
OC-3
SM IR-1
ATM/POS
OC-3
Multi-Mode
OLC2
OC-3/STM-1
Single Mode
OLC2
OC-3/STM-1
Multi-Mode
Channelized Line Cards (CLC and CLC2)
There are two types of Channelized STM-1/OC-3 optical fiber line cards. Often referred to as the CLC, CLC2, or Frame
Relay line card, they provide frame relay over SONET or SDH. The CLC/CLC2 supports network connectivity through
a Gb interface to connect to the Packet Control Unit (PCU) of the base station subsystem (BSS). These interfaces are
commonly used with our SGSN products to provide frame relay.
Channelized Line Card (CLC)
In North America, the card supplies ANSI SONET STS-3 (optical OC-3) signaling. In Europe, the card supplies SDH
STM-1 (optical OC-3). The transmission rate for the card is 155.52 Mb/s with 84 SONET channels supplying T1 and 63
SDH channels supplying E1.
Each CLC provides one optical fiber physical interface (port). The port is populated by a Small Form-factor Pluggable
(SFP) module which includes an LC-type connector. The port of the CLC supports two types of SFP modules and
cabling, as shown in the following table.
Channelized Line Card 2 (CLC2)
In North America, the card supplies ANSI SONET STS-3 (optical OC-3) signaling. In Europe, the card supplies SDH
STM-1 (optical OC-3). The transmission rate for the card is 155.52 Mb/s with 336 SONET channels supplying T1 and
252 SDH channels supplying E1. The CLC2 is RoHs 6/6 compliant.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ ASR 5000 Line Cards
Each CLC2 provides four optical fiber physical interfaces (ports). The ports are populated by a Small Form-factor
Pluggable (SFP) modules which include an LC-type connector. The ports of the CLC2 supports two types of SFP
modules and cabling, as shown in the following table.
Module Type
Card Identification
Interface Type
Cable Specifications
Single-mode
Optical Fiber
Channelized (STM-1/OC-3)
SM IR-1
Single-mode Fiber, LC duplex
female connector
Fiber Types: Single-mode
optical fiber
Wavelength: 1310 nm
Core Size: 9 micrometers
Cladding Diameter: 125
micrometers
Range: Intermediate/21
kilometers
Attenuation: 0.25 dB/KM
Min/Max Tx Power: -15 dBm/8 dBm
Rx Sensitivity: -28 dBm
Multi-mode Optical
Fiber
Channelized (STM-1/OC-3)
Multi-Mode
Multi-mode Fiber, LC duplex
female connector
Fiber Types: Multi-mode
optical fiber
Wavelength: 1310 nm
Core Size: 62.5 micrometers
Cladding Diameter: 125
micrometers
Range: Short/2 kilometers
Min/Max Tx Power: -19 dBm/14 dBm
Rx Sensitivity: -30 dBm
Install the CLC/CLC2 directly behind its respective (Active) packet processing card. You may optionally install
CLCs/CLC2s behind a redundant (Standby) packet processing card. As with other line cards, install the Channelized
Line Cards in slots 17 through 23, 26 through 39, and 42 through 48.
The following figures show the panel of the CLC and CLC2 Channelized Line Cards, identifying their interfaces and
major components.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
ASR 5000 Line Cards ▀
Figure 47.
CLC Channelized Line Card
2
y
ail
db
an
St
n /F
Ac
Ru
3
tiv
e
1
1
SFP
4
R
ed
A
Ye larm
llo
w
Li Ala
nk
rm
1
1
5
6
2
STM-1
OC-3
xxxx
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ ASR 5000 Line Cards
Figure 48.
CLC Channelized Line Card
2
n/F
a
Ac
Ru
3
il
tiv
e
St
an
db
y
1
1
1
2
4
3
4
Al
ar
lo
w
nk
Li
ed
R
Ye
l
Al
ar
m
m
1
1
5
2
3
4
6
CLC2
OC-3/STM-1
xxxx
Table 32. Channelized Line Card Callout Definitions
Number
Description
1
Card Ejector Levers—Use to insert/remove card to/from chassis.
2
Interlock Switch—When pulled downward, the interlock switch notifies the system to safely power down card prior to
removal.
3
Card Level Status LEDs—Show the status of the card. See the Applying Power and Verifying Installation for
definitions.
4
Port connectors—Fiber LC duplex female connector.
5
Port Level Status LEDs—Show the status of a port. See the Applying Power and Verifying Installation for definitions.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
ASR 5000 Line Cards ▀
Number
Description
6
Line Card Label—Identifies the type of SFP modules and cabling supported:
STM-1
OC-3
SM IR-1
STM-1
OC-3
Multi-Mode
CLC2
OC-3/STM-1
Single Mode
CLC2
OC-3/STM-1
Multi-Mode
Standards Compliance
The Channelized Line Card (CLC) was developed in compliance with the following standards:
ITU-T - Recommendation G.704 - Synchronous Frame Structures Used at 1544, 6312, 2048, 8448 and 44736
kbit/s Hierarchical Levels, October, 1998.
ITU-T - Recommendation G.706 - Frame Alignment and Cyclic Redundancy Check (CRC) Procedures Relating
to Basic Frame Structures Defined in Recommendation G.704, April 1991.
ITU-T - Recommendation G.707 Network Node Interface for the Synchronous Digital Hierarchy (SDH),
December 2003.
ITU-T - Recommendation G.747 Second Order Digital Multiplex Equipment Operating at 6312 kbit/s and
Multiplexing Three Tributaries at 2048 kbit/s, 1993.
ITU-T - Recommendation G.751 Digital Multiplex Equipments Operating at the Third Order Bit Rate of 34 368
kbit/s and the Fourth Order Bit Rate of 139 264 kbit/s and Using Positive Justification, 1993.
ITU-T - Recommendation G.775, - Loss of Signal (LOS) and Alarm Indication Signal (AIS) Defect Detection
and Clearance Criteria, November 1994.
ITU-T - Recommendation G.783 Characteristics of Synchronous Digital Hierarchy (SDH) Equipment Functional
Blocks, February 2004.
ITU-T - Recommendation G.823, -The Control of Jitter and Wander within Digital Networks which are based on
the 2048 kbit/s Hierarchy, March 2000.
ITU-T - Recommendation G.824 The Control of Jitter and Wander within Digital Networks which are based on
the 1544 kbit/s Hierarchy, March 2000.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASR 5000 Hardware Platform Overview
▀ ASR 5000 Line Cards
ITU-T - Recommendation G.825 Control of Jitter and Wander within Digital Networks Which are Based on the
Synchronous Digital Hierarchy (SDH) Series G: Transmission Systems and Media, Digital Systems and
Networks Digital Networks - Quality and Availability Targets, March 2000.
ITU-T - Recommendation G.832 Transport of SDH elements on PDH networks Frame and multiplexing
structures, October 1998.
ITU-T - Recommendation G.957 Optical interfaces for equipment and systems relating to the Synchronous
Digital Hierarch, March 2006.
ITU-T - Recommendation I.431 - Primary Rate User-Network Interface Layer 1 Specification, March 1993.
ITU-T - Recommendation O.150 - General Requirements for Instrumentation Performance Measurements on
Digital Transmission Equipment, May 1996.
ITU-T - Recommendation O.151 - Error Performance Measuring Equipment Operating at the Primary Rate and
Above, October 1992.
ITU-T - Recommendation O.152 - Error Performance Measuring Equipment for Bit Rates of 64 kbit/s and N x
64 kbit/s, October 1992.
ITU-T - Recommendation O.153 - Basic Parameters for the Measurement of Error Performance at Bit Rates
below the Primary Rate, October 1992.
ITU-T - Recommendation Q.921 - ISDN User-Network Interface - Data Link Layer Specification, September
1997.
ITU-T - Recommendation Q.922 - ISDN data link layer specification for frame mode bearer services.
ITU-T - Recommendation Q.933 Annex E.
Frame Relay Forum - FRF 1.2 - User-to-Network Interface (UNI).
Frame Relay Forum - FRF 2.1 - Frame Relay Network-to-Network Interface (NNI).
Frame Relay Forum - FRF 5.0 - Network Interworking.
Frame Relay Forum - FRF 8.1 - Service Interworking.
Frame Relay Forum - FRF 12.0 - Frame Relay Fragmentation.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASR 5000 Hardware Platform Overview
General Application and Line Card Information ▀
General Application and Line Card Information
Card Interlock Switch
Each card has a switched interlock mechanism that is integrated with the upper card ejector lever. This ensures proper
notification to the system before a card is removed. You cannot configure or place a card into service until you push the
card interlock switch upward. This locks the upper ejector lever in place and signals the system that the card is ready for
use.
Important: You must push the interlock switch upward into position before the upper attaching screw on the card
will properly align with the screw hole in the chassis.
When you pull the interlock downward, it allows the upper ejector lever to be operated. This sliding lock mechanism
provides notification to the system before you physically remove a card from the chassis. This allows the system time to
migrate various processes on the particular operational card.The upper card ejector only operates when the slide lock is
pulled downward to the unlocked position.
Caution: Failure to lower the interlock switch before operating the upper card ejector lever may result in
damage to the interlock switch and possibly the card itself.
The following shows an exploded view of how the card interlock switch works in conjunction with the ejector lever.
Figure 49.
Card Interlock Switch in the Lever Locked Position
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Chapter 5
Software Architecture
The operating system software is based on a Linux software kernel and runs specific applications in the system such as
monitoring tasks, various protocol stacks, and other items. The following figure shows an example block diagram of the
operating system's software architecture.
Figure 50. Software Architecture Block Diagram
Primary
Management Card
High
Availability
Tasks
Resource
Manager
Secondary
Management Card
Boot
Configuration
Switch
Fabric
High
Availability
Tasks
SYNC
Controller Tasks
(VPN, Port, Session, Signaling)
Resource
Manager
Boot
Configuratio
n
Switch
Fabric
Controller Tasks
(VPN, Port, Session, Signaling)
Control
Paths
Processing Card 1
Proc
Card 2
Signaling
Demux
Managers
Session
Managers
In-line
Service
Managers
Session
Managers
Signaling
Demux
Managers
VPN
Manager
NPU
Manager
VPN
Manager
NPU
Manager
NPU
In-line
Manager
VPN
Service
Manager
Managers
Hardware Engines
Encryption
Compression
Filtering
AAA
Managers
Hardware Engines
Encryption
Compression
Filtering
Proc
Card 3
Proc
Card 14
AAA
Managers
Session
Managers
...
Redundant
Hardware Engines
Encryption
Compression
Filtering
The software architecture is designed for high availability, flexibility, and performance. The system achieves these goals
by implementing the following key software features:
Scalable control and data operations:
System resources can be allocated separately for control and data paths. For example, certain processing cards
could be dedicated to performing routing or security control functions while other cards are dedicated to
processing user session traffic. As network requirements grow and call models change, hardware resources can
be added to accommodate processes, such as encryption, packet filtering, etc., that require more processing
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Software Architecture
▀ General Application and Line Card Information
power. Additionally, certain software task sizes are dynamically sized based on hardware and installed licenses
thus conserving system memory.
Fault containment:
The system isolates faults at the lowest possible levels through its High Availability Task (HAT) function that
monitors all system entities for faults and performs automatic recovery and failover procedures using its
Recovery Control Task (RCT).
Processing tasks are distributed into multiple instances running in parallel so if an unrecoverable software fault
occurs, the entire processing capabilities for that task are not lost. User session processes can be sub-grouped
into collections of sessions so that if a problem is encountered in one sub-group users in another sub-group will
not be affected by that problem. The architecture also allows check-pointing of processes, which is a
mechanism to protect the system against any critical software processes that may fail.
The self-healing attributes of the software architecture protects the system by anticipating failures and instantly
spawning mirror processes locally or across card boundaries to continue the operation with little or no
disruption of service. This unique architecture allows the system to perform at the highest level of resiliency
and protects the user's data sessions while ensuring complete accounting data integrity.
Promotes internal location transparency:
Processes can be distributed across the system to fit the needs of the network model and specific process
requirements. For example, most tasks can be configured to execute on an SPC/SMC or a processing card,
while some processor intensive tasks can also be performed across multiple processing cards to utilize multiple
CPU resources. Distribution of these tasks is invisible to the user.
Leverages third party software components:
The use of the Linux operating system kernel enables reuse of many well-tested, stable, core software elements
such as protocol stacks, management services, and application programs.
Supports dynamic hardware removal/additions:
By migrating tasks from one card to another via software controls, application cards can be ―hot swapped‖ to
dynamically add capacity and perform maintenance operations without service interruption.
Multiple context support:
The system can be fully virtualized to support multiple logical instances of each service. This eliminates the
possibility of any one domain disrupting operations for all users in the event of a failure.
Further, multiple context support allows operators to assign duplicate/overlapping IP address ranges in
different contexts.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Software Architecture
Understanding the Distributed Software Architecture ▀
Understanding the Distributed Software Architecture
To better understand the advantages of the system‘s distributed software architecture, this section presents an overview
of the various components used in processing a subscriber session. Numerous benefits are derived from the system‘s
ability to distribute and manage sessions across the entire system. The following information is intended to familiarize
you with some of the components and terminology used in this architecture.
Software Tasks
To provide unprecedented levels of software redundancy, scalability, and robust call processing, the system's software is
divided into a series of tasks that perform specific functions. These tasks communicate with each other as needed to
share control and data information throughout the system.
A task is a software process that performs a specific function related to system control or session processing. There are
three types of tasks that operate within the system:
Critical tasks
These tasks control essential functions to ensure the system‘s ability to process calls. Examples of these would
be system initialization and automatic error detection and recovery tasks.
Controller tasks
These tasks, often referred to as ―Controllers‖, serve several different purposes. These include:
Monitoring the state of their subordinate managers and allowing for intra-manager communication within the
same subsystem.
Enabling inter-subsystem communication by communicating with controllers belonging to other subsystems
Controller tasks mask the distributed nature of the software from the user - allowing ease of management.
Manager tasks
Often referred to as ―Managers‖, these tasks control system resources and maintain logical mappings between
system resources. Some managers are also directly responsible for call processing.
System-level processes can be distributed across multiple processors, thus reducing the overall workload on
any given processor—thereby improving system performance. Additionally, this distributed design provides
fault containment that greatly minimizes the impact to the number of processes or PPP sessions due to a failure.
The SPC/SMC has a single Control Processor (CP) that is responsible for running tasks related to system
management and control.
Each PAC contains four CPs (CPU 0 through 3, with CPU 0 being the primary). Each PSC contains two CPs
(CPU 0 and CPU 1) The CPs on the processing cards are responsible for PPP and call processing, and for
running the various tasks and processes required to handle the mobile data call. In addition to the CPs, the
processing cards also have a high-speed Network Processor Unit (NPU) used for enhanced IP forwarding.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Software Architecture
▀ Understanding the Distributed Software Architecture
Subsystems
Individual tasks that run on CPs can be divided into subsystems. A subsystem is a software element that either performs
a specific task or is a culmination of multiple other tasks. A single subsystem can consist of critical tasks, controller
tasks, and manager tasks.
Following is a list of the primary software subsystems:
System Initiation Task (SIT) Subsystem: This subsystem is responsible for starting a set of initial tasks at
system startup and individual tasks as needed.
High Availability Task (HAT) Subsystem: Working in conjunction with the Recovery Control Task (RCT)
subsystem, HAT is responsible for maintaining the operational state of the system. HAT maintains the system
by monitoring the various software and hardware aspects of the system. On finding any unusual activities, such
as the unexpected termination of a task, the HAT would take a suitable action like triggering an event
prompting the RCT to take some corrective action or report the status.
The benefit of having this subsystem running on every processor is that should an error occur, there is minimal
or no impact to the service.
Recovery Control Task (RCT) Subsystem: Responsible for executing a defined recovery action for any failure
that occurs in the system. The RCT subsystem receives recovery actions from the HAT subsystem.
The RCT subsystem only runs on the active SPC/SMC and synchronizes the information it contains with the
mirrored RCT subsystem on the standby management card.
Shared Configuration Task (SCT) Subsystem: Provides the system with a facility to set, retrieve, and be
notified of system configuration parameter changes. This subsystem is primarily responsible for storing
configuration data for the applications running within the system.
The SCT subsystem runs only on the active SPC/SMC and synchronizes the information it contains with the
mirrored SCT subsystem on the standby management card.
Resource Management (RM) Subsystem: The RM subsystem is responsible for assigning resources to every
system task upon their start-up. Resources are items such as CPU loading and memory. RM also monitors these
items to verify the allocations are being followed. This subsystem is also responsible for monitoring all
sessions and communicating with the Session Controller, a subordinate task of the Session subsystem, to
enforce capacity licensing limits.
Virtual Private Network (VPN) Subsystem: Manages the administrative and operational aspects of all VPNrelated entities in the system. The types of entities managed by the VPN subsystem include:
Creating separate VPN contexts
Starting the IP services within a VPN context
Managing IP pools and subscriber IP addresses
Distributing the IP flow information within a VPN context
All IP operations within the system are done within specific VPN contexts. In general, packets are not
forwarded across different VPN contexts. The only exception to this rule is the Session subsystem.
Network Processing Unit (NPU) Subsystem: The NPU subsystem is responsible for the following:
―Fast-path‖ processing of frames using hardware classifiers to determine each packet‘s processing
requirements
Receiving and transmitting user data frames to/from various physical interfaces
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Software Architecture
Understanding the Distributed Software Architecture ▀
IP forwarding decisions (both unicast and multicast)
Per interface packet filtering, flow insertion, deletion, and modification
Traffic management and traffic engineering
Passing user data frames to/from processing card CPUs
Modifying/adding/stripping datalink/network layer headers
Recalculating checksums
Maintaining statistics
Managing both external line card ports and the internal connections to the data and control fabrics
Card/Slot/Port (CSP) Subsystem: Responsible for coordinating the events that occur when any card is inserted,
locked, unlocked, removed, shut down, or migrated, the CSP subsystem is responsible for all card activity for
each of the 48 slots in the chassis. It is also responsible for performing auto-discovery and configuration of
ports on a newly inserted line card, and determining how line cards map to processing cards (including through
an RCC in failover situations).
The CSP subsystem runs only on the active SPC/SMC and synchronizes the information it contains with the
mirrored SCT subsystem on the standby management card. It is started by the SIT subsystem, and monitored
by the HAT subsystem for failures.
Session Subsystem: The Session subsystem is responsible for performing and monitoring the processing of a
mobile subscriber's data flows. Session processing tasks for mobile data calls include: A10/A11 termination for
CDMA2000 networks, GSM Tunneling Protocol (GTP) termination for GPRS and/or UMTS networks,
asynchronous PPP processing, packet filtering, packet scheduling, Diffserv codepoint marking, statistics
gathering, IP forwarding, and AAA services. Responsibility for each of these items is distributed across
subordinate tasks (called Managers) to provide for more efficient processing and greater redundancy. A
separate Session Controller task serves as an integrated control node to regulate and monitor each of the
Managers and to communicate with the other active subsystems.
This subsystem also manages all specialized user data processing, such as for payload transformation, filtering,
statistics collection, policing, and scheduling.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Chapter 6
Redundancy and Availability Features
Every minute of downtime and every dropped session represents lost revenue to the wireless operator resulting in
potential customer loss and reduced profitability. With this understanding, we have developed a system that exceeds the
availability features found in the majority of today's wireless and wireline access devices.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Redundancy and Availability Features
▀ Service Availability Features
Service Availability Features
In its recommended redundant configuration, the system provides the highest level of service assurance. Following is
detailed information describing the service availability features found in the system.
Hardware Redundancy Features
In addition to providing the highest transaction rates and session capacity, the system is designed to provide robust
hardware reliability and service assurance features.
Features of the hardware design include:
ST16
1:1 Switch Processor Card (SPC)
1:n Packet Accelerator Card (PAC) redundancy, allowing redundancy of multiple active to multiple redundant for up to
14 total PACs
1:1 Switch Processor I/O (SPIO) card redundancy
1:1 10/100 Ethernet Line Card (FELC)
1:1 1000 Gigabit Ethernet Line Cards (GELC)
Configurable line card port redundancy (Ethernet and SPIO line cards)
Redundancy Crossbar Card (RCC) for processor-card-to-line card failover using the 280 Gbps Redundancy Bus
Self-healing redundant 320 Gbps switching fabric
Redundant 32 Gbps Control Bus
Redundant Power Filter Units (PFUs)
Hot-swappable cards, allowing dynamic replacement while the system is operational
ASR 5000
System Management Card (SMC) redundancy
1:n Packet Services Cards (PSC/PSC2) redundancy, allowing redundancy of multiple active to multiple
redundant for up to 14 total PSCs or PSC2s
Important: 1:1 redundancy is supported for these cards however some subscriber sessions
and accounting information may be lost in the event of a hardware or software failure even though
the system remains operational.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Redundancy and Availability Features
Service Availability Features ▀
1:1 Optical (ATM) line card (LC) redundancy (OLC and OLC2)
1:1 Channelized (STM-1/OC-3) line card (LC) redundancy (CLC and CLC2)
1:1 Quad Gigabit Ethernet Line Card (QGLC)
1:1 10 Gigabit Ethernet Line Card (XGLC)
1:1 Switch Processor I/O (SPIO) card redundancy
1:1 10/100 Ethernet Line Card (FELC)
1:1 1000 Gigabit Ethernet Line Cards (GELC)
Configurable line card port redundancy (Ethernet, ATM, and SPIO line cards)
Redundancy Crossbar Card (RCC) for processor-card-to-line card failover using the 280 Gbps Redundancy Bus
Self-healing redundant 320 Gbps switching fabric
Redundant 32 Gbps Control Bus
Redundant Power Filter Units (PFUs)
Hot-swappable cards, allowing dynamic replacement while the system is operational
Hardware Redundancy Configuration
The maximum redundant configuration for a fully loaded system supporting data services consists of the following:
2 SPCs/SMCs: 1 active and 1 standby (redundant)
14 processing cards: 13 active and 1 standby
2 SPIOs: 1 active and 1 standby
26 Ethernet/Gigabit Ethernet line cards: 13 active and 13 standby (10/100 Ethernet Line Card (FELC), 1000
Gigabit Line Card (GELC), and Quad Gigabit Ethernet Line Card (QGLC))
2 1000 Gigabit Ethernet Line Cards (XGLC): 1 active, 1 standby. Note that the XGLC, which is a full-height
line card that populates both the upper and lower slots of the chassis, uses a side-by-side redundancy scheme.
Refer to the Hardware Installation and Administration Guide for more information.
26 Optical (ATM) line cards: 13 active and 13 standby (OLC and OLC2)
26 Channelized line cards: 13 active and 13 standby (CLC and CLC2)
2 RCCs: 2 standby
This configuration allows for the highest session capacity while still providing redundancy. The following figures depict
this recommended maximum redundant configuration.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Redundancy and Availability Features
▀ Service Availability Features
Figure 51.
Recommended Redundant Configuration for Data Services - Front View
Upper Fan Tray Assembly
A
c
t
i
v
e
Active Processor
Cards
S
M
C
1
2
3
4
5
6
7
8
S
t
a
n
d
b
y
S
t
a
n
d
b
y
Active Processor
Cards
S
M
C
9
P
r
o
c
C
a
r
d
10
11
12
13
14
15
16
Lower Fan Tray Assembly
and Particulate Air Filter
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Redundancy and Availability Features
Service Availability Features ▀
Figure 52.
Recommended Redundant Configuration for Data Services - Rear View
Chassis Airflow Exhaust
from Upper Fan Tray
32
31
E
M
P
T
Y
E
M
P
T
Y
E
M
P
T
Y
E
M
P
T
Y
48
47
30
29
28
27
26
E
T
H
E
T
H
E
T
H
E
T
H
E
T
H
L
C
L
C
L
C
L
C
L
C
R
E
D
R
E
D
R
E
D
R
E
D
R
E
D
L
C
L
C
L
C
L
C
L
C
46
45
44
43
42
25
R
e
d
S
P
I
O
24
S
P
I
O
R
C
C
R
C
C
41
40
23
22
21
20 19
18
17
E
T
H
E
T
H
E
T
H
E
T
H
E
T
H
E
T
H
E
T
H
L
C
L
C
L
C
L
C
L
C
L
C
L
C
R
E
D
R
E
D
R
E
D
R
E
D
R
E
D
R
E
D
R
E
D
L
C
L
C
L
C
L
C
L
C
L
C
L
C
39
38
37
36
35
34
33
PFU 1
PFU 2
Maintenance and Failure Scenarios
The following table shows various maintenance and failure scenarios involving the SPC/SMC and SPIO cards; and
explains how each situation is resolved.
Table 33. Service Assurance Features for the SPC/SMC and SPIO
Hardware
Failure
Scenario
Action Taken
Effect on
Accounting
Data
Effect on User
Sessions
Effect on the
Flow of User
Data Packets
Effect on User
Control
Transactions
Effect on
Management
Traffic
SPC/SMC Planned
maintenance
Tasks are switched
over to standby
SPC/SMC. SPIO
remains active.
No impact
No impact
No impact
No impact
< 1 sec. Interrupt
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Redundancy and Availability Features
▀ Service Availability Features
Hardware
Failure
Scenario
Action Taken
Effect on
Accounting
Data
Effect on User
Sessions
Effect on the
Flow of User
Data Packets
Effect on User
Control
Transactions
Effect on
Management
Traffic
Unplanned
SPC/SMC
failure
Standby SPC/SMC
takes control of all
system &
management
processes as SPIO
remains active.
No impact
No impact
< 2 sec.
interrupt
< 1 min.
interrupt
< 1 min.
interrupt
SPIO failure
Standby SPIO takes
over, using active
SPC/SMC.
No impact
No impact
No impact
No impact
< 1 sec. interrupt
Software
upgrade
After applying a soft
busy-out to the
system, performs a
soft boot after the
last session
disconnects.
Service
interrupt for the
duration of
system boot
(~4 min)
Service
interrupt for
the duration
of system
boot (~4 min)
Service
interrupt for
the duration
of system
boot (~4
min)
Service interrupt
for the duration
of system boot
(~4 min)
Service interrupt
for the duration
of system boot
(~4 min)
Important: When an SPC/SMC or SPIO failover occurs, the standby SPC/SMC or SPIO automatically becomes
active. However, should the failed card's error condition be corrected (by replacement or configuration change), the state
of the repaired SPC/SMC or SPIO does not automatically return to the active state. This migration must occur through
manual intervention by a system administrative user.
With the ability of performing on-line process migration, supporting 1:1 SPC/SMC and SPIO redundancy, and utilizing
the fully redundant switching fabric and control bus, single points of failure are eliminated from the switch fabric and
system management capabilities.
The following table shows various maintenance and failure situations involving the processing cards (PSC, PSC2, PPC),
Line Cards (LCs), and RCC cards; and explains how each situation is resolved. Note that LCs are not needed behind the
standby processing cards that provide redundancy.
Table 34.
Service Assurance Features for Processing and Line Cards
Hardware
Failure Scenario
Action Taken
Effect on
Accounting Data
Effect on
User
Sessions
Effect on the flow
of Data Packets
Effect on Control
Transactions
Processing Card
Planned
maintenance
Session managers are
migrated to standby
processing card. Other
tasks are restarted on
standby card. Network
connection is maintained
on existing LC via RCC.
No impact
No impact
< 2 sec. interrupt
to user traffic on
affected
processing card
(user application
will retransmit
data)
< 2 sec. interrupt to new
call setups (PCF/SGSN
and mobile nodes will
retransmit requests)
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Redundancy and Availability Features
Service Availability Features ▀
Hardware
Failure Scenario
Action Taken
Effect on
Accounting Data
Effect on
User
Sessions
Effect on the flow
of Data Packets
Effect on Control
Transactions
Unplanned
processing card
failure, no
Session
Recovery
Tasks are restarted on
standby processing card.
Network connection is
maintained on existing LC
via RCC.
AAA Acct_Stop
record is
generated for all
sessions in the
affected
subgroup
Sessions lost
on affected
processing
card only
Lost only for the
effected sessions
< 5 sec. interrupt until
new A11/GTP-C
manager is available
(new sessions
only)NOTE: Applies
only when A11/GTP-C
manager is on failed
card
Unplanned
processing card
failure, with
Session
Recovery
Sessions are recovered on
the standby processing
card. Network connection
is maintained on existing
LC via RCC
No impact (less
interim update
interval)
No impact
< 5 sec. interrupt
< 5 sec. interrupt (new
sessions only)
Unplanned LC
failure
Standby LC becomes
active if installed in 1:1
redundant configuration.
No impact (less
update interval)
No impact
< 1 sec. interrupt
< 1 sec. interrupt
Unplanned LC
port failure
With LC port redundancy
enabled, standby port is
enabled.
No impact
No impact
< 1 sec. interrupt
< 1 sec. interrupt
1. This does not apply to for deployments containing only 1 active processing card.
Important: If the session recovery feature is enabled, then a processing card hardware failure will not
cause any loss of fully established HA subscriber sessions. This feature does, however, require a minimum
processing card configuration per chassis of three active cards and two standby to prevent all data loss and
session recovery.
Important: When a processing or line card failover occurs, the redundant component (when installed)
automatically begins providing service. However, once the failed card's error condition is corrected (by
replacement or configuration change), there is no automatic return of control to the repaired processing or
line card. This migration must occur through manual intervention by a system administrative user.
Software Assurance Features
Numerous features are built into the system software to ensure the continuation of service in the case of software
process failures. SPC/SMC software controls the management contexts and overall system control, while processing
card software controls the PPP sessions, AAA, and VPN processes.
The following table shows various software process failure situations involving the SPC/SMC and SPIO cards, provides
impact analysis (if any), and explains how each situation is resolved using rapid failure detection techniques found in
the system.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Redundancy and Availability Features
▀ Service Availability Features
Table 35.
Service Assurance Features for the SPC/SMC Software
Software Process
Failure Scenario
Action Taken
Effect on
Accounting
Data
Effect on
User
Sessions
Effect on the
Flow of User
Data Packets
Effect on User
Control
Transactions
Effect on
Management
Traffic
SPC/SMC Management task
failure
Cleanup process
performs automatically,
and process is restarted
No impact
No impact
No impact
No impact
< 1 sec.
interrupt
SPC/SMC System control
task failure
The same process for
unplanned hardware
failure (table above) is
applied
No impact
No impact
< 2 sec.
interrupt
No impact
< 1 min.
interrupt
The following table shows various software process failure situations involving the processing cards, provides impact
analysis (if any), and explains how each situation is resolved using rapid failure detection techniques found in the
system.
Table 36.
Service Assurance Features for the Processing Cards Software
Software
Process
Failure
Scenario
Action Taken
Effect on
Accounting Data
Effect on User Sessions
Effect on
the flow of
Data
Packets
Effect on
Control
Transactions
Processing
Cards Session
Manager Task
failure
Cleanup process
performs
automatically, and
process is restarted
AAA Acct._Stop
record is
generated for all
sessions in the
affected subgroup
Affected subgroup sessions are
lost(For PAC: up to 2,000 for
PDSN, 2000 for ASN GW, 4000
for HA, and 4000 GGSN; For
PSC/PSC2: up to 13200 for PDSN
13200 for PDIF 13200 for ASN
GW, 26400 for HA, and 26400
GGSN)
Lost only
for the
affected
subgroup
Lost only for
the affected
subgroup
Processing
Cards - AAA
failure
Cleanup process
performs
automatically, and
process is restarted
No impact
No impact
No impact
No impact
Processing
Cards - VPN
context failure
Cleanup process
performs
automatically, and
process is restarted
No impact
No impact
< 1 sec.
interrupt for
VPN
context
< 1 sec.
interrupt for
VPN context
1. This Assumes that there is more than 1 active processing card. 2. The information in this row applies to systems on which the
Session Recovery feature is not implemented. With the Session Recovery Feature enabled, no sessions are lost.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Redundancy and Availability Features
Service Availability Features ▀
Session Recovery Feature
This licensed software feature performs an automatic recovery of all fully established subscriber sessions should a
session manager task failure occur. This functionality is available for the following call types:
PDSN PDIF services supporting simple IP, Mobile IP, and Proxy Mobile IP
HA services supporting Mobile IP and/or Proxy Mobile IP session types with or without per-user Layer 3 tunnels
GGSN services for IPv4 and PPP PDP contexts
LNS session types
With this feature enabled, there is no loss of session information as described in table above. Session recovery consists
of the migration and recreation of control and data packet state information, subscriber session statistics, or session time
parameters such as idle timer and others.
Typical recovery time for a single session manager failure is not expected to exceed 10 seconds. Should a processing
card hardware failure occur during a migration, then the time to recover all tasks and subscriber sessions should not
exceed 60 seconds.
This feature is enabled/disabled on a chassis-wide basis and requires additional processing card hardware to ensure that
enough reserve resources (memory, processing, etc.) are available to fully recover session in the event of a software or
hardware failure.
Interchassis Session Recovery
The Interchassis Session Recovery feature provides the highest possible availability for continuous call processing
without interrupting subscriber services. This is accomplished through the use of redundant chassis. The chassis are
configured as primary and backup with one being active and one inactive. Both chassis are connected to the AAA
server. When calls pass the checkpoint duration timer, checkpoint data is sent from the active chassis to the inactive
chassis. If the active chassis handling the call traffic goes out of service, the inactive chassis transitions to the active
state and continues processing the call traffic without interrupting the subscriber session.
The chassis determine which is active through a propriety TCP-based connection called a redundancy link. This link is
used to exchange status messages between the primary and backup chassis and must be maintained for proper system
operation. In the event the redundancy link goes out of service, interchassis session recovery is maintained through the
use of authentication probes and BGP peer monitoring. BGP routing must be enabled.
Interchassis Session Redundancy is currently supported on chassis configured for GGSN service or HA services in
support of Mobile IP and Proxy Mobile IP session types.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Redundancy and Availability Features
▀ Mean Time Between Failure and System Availability
Mean Time Between Failure and System Availability
Mean Time Between Failure (MTBF) data is used to provide statistical information as to the length of time that should
expire before a particular card or system fails. This information is calculated using the following method:
Calculated MTBF - Expected elapsed time before failure occurs using the method defined in Telcordia TR-NWT000332-CORE. This is based on reliability of components and design factors.
Failure per million hours (Fpmh) identifies the predicted failure rate per one million hours (for every 1,000,000 hours of
operation, ―FITS number‖ of failures would be expected to occur) for a component of the system.
MTBF Table
The following table shows the MTBF characteristics of each major component of the system.
Table 37. Mean Time Between Failure Statistics
Chassis
Part Number
Description
MTBF (Hours)
MTBF
(Years)
Fpmh (Failure
per million
hours)
ST16
Only
600-00-1101
ST16 Chassis with
Midplane (125A PFU
support)
16,386,995
1869.38
0.061
600-00-1102
Power Filter Unit (125A)
967,118
110.40
1.03
600-00-1111
ST16 Chassis with
Midplane (165A PFU
support)
16,386,995
1869.38
0.061
600-00-3002
Switch Processor Card
(SPC)
107,890
12.32
9.27
600-00-3001
Packet Accelerator Card
(PAC)
129,614
14.80
7.72
600-00-1111
ASR 5000 Chassis with
Midplane
16,386,995
1869.38
0.061
600-00-3026
System Management Card
104,372
11.91
9.58
600-00-3025
Packet Services Card (PSC
or PSC2)
102,294
11.68
9.78
600-00-5052
10 Gigabit Ethernet Line
Card (XGLC)
247,720
28.28
4.04
600-00-5038 Multi-Mode600-005051 Single Mode600-00-5039
Copper
Quad Gig-E Card (QGLC)
258,606
29.52
3.867
ASR 5000
Only
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Redundancy and Availability Features
Mean Time Between Failure and System Availability ▀
Chassis
Part Number
Description
MTBF (Hours)
MTBF
(Years)
Fpmh (Failure
per million
hours)
600-00-5016
ATM/POS OC-3 SM IR-1
Card optical daughter card
214,492
1,419,581
48.6 73.4
4.66 0.70
ST16 or ASR 5000
600-00-5001
Switch
Processor I/O
Card
333,999
38.13
600-00-5002
Redundancy Crossbar Card
555,862
63.46
1.79
600-00-5003
Ethernet 10/100 Card
(FELC)
495,886
56.61
2.01
600-00-5101
Ethernet 1000 Card
(GELC)
396,715
45.29
2.52
600-00-1112
Power Filter Unit (165A)
967,118
110.40
1.03
600-00-1104
Fan Tray Unit - Lower
70,517
8.05
19.51
600-00-1103
Fan Blower Unit - Upper
120,178
13.72
18.72
Table 38. Mean Time Between Failure Statistics
Part Number
Description
MTBF (Hours)
MTBF
(Years)
Fpmh (Failure per
million hours)
600-00-1111
Chassis with Midplane
16,386,995
1869.38
0.061
600-00-3026
System Management Card
104,372
11.91
9.58
600-00-3025
Packet Services Card (PSC or
PSC2)
102,294
11.68
9.78
600-00-5052
10 Gigabit Ethernet Line Card
(XGLC)
247,720
28.28
4.04
600-00-5038 Multi-Mode 600-00-5051
Single Mode 600-00-5039 Copper
Quad Gig-E Card (QGLC)
258,606
29.52
3.867
600-00-5016
ATM/POS OC-3 SM IR-1 Card
optical daughter card
214,492
1,419,581
48.6 73.4
4.66 0.70
600-00-5001
Switch Processor I/O Card
333,999
38.13
2.99
600-00-5002
Redundancy Crossbar Card
555,862
63.46
1.79
600-00-5003
Ethernet 10/100 Card (FELC)
495,886
56.61
2.01
600-00-5101
Ethernet 1000 Card (GELC)
396,715
45.29
2.52
600-00-1112
Power Filter Unit (165A)
967,118
110.40
1.03
600-00-1104
Fan Tray Unit - Lower
70,517
8.05
19.51
600-00-1103
Fan Blower Unit - Upper
120,178
13.72
18.72
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Redundancy and Availability Features
▀ Mean Time Between Failure and System Availability
System Availability
System-level Mean Time To Failure (MTTF), is the average interval of time that a component will operate before
failing. Reliability information is based on the number of overall anticipated failures of the individual components, in
conjunction with any redundancy schemes employed to minimize the impact of such failures.
The following table provides service availability calculations (based on reliability modeling) for the ST16 and ASR
5000 platformsASR 5000 platform.
Table 39.
Platform Service Availability Calculations
Platform
Operational Uptime
Yearly Downtime
MTTF
(%)
(minutes)
Hours
Years
ST16
99.999173
4.35
336,180
38.37
ASR 5000
99.999978
0.12
14,077,473
1605.91
One suggestion to help improve overall system availability is to institute an on-site spares program, wherein key
components are housed locally with the deployed equipment. The following section defines a recommended spares
program and quantities for the system.
Mean Time To Repair (MTTR) is the amount of time needed to repair a component, recover the system, or otherwise
restore service after a failure. System availability calculations are based on the industry standard of four hours.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Redundancy and Availability Features
Spare Component Recommendations ▀
Spare Component Recommendations
This section provides a recommended quantity of spare parts to be used as part of a spare components program for the
system. The information contained is for informational purposes only, and should only be used as a guideline for
designing a spares program that meets your company's design, deployment, and availability goals.
It is recommended that your company either has fully-trained personnel available to effect the exchange of Field
Replaceable Units (FRUs) within your network, or requests on-site or field engineering resources to perform such
duties.
Based on industry-leading redundancy and failover features found in the system, the following minimum spare parts
levels for any planned deployment are recommended.
Table 40.
Recommended FRU Parts Sparing Quantities
Chassis
Component Name
Minimum number of
spares
For every “n” number of deployed
components
ST16 Only
ST16 Chassis with Midplane (125A PFU
support)
1
20
ST16 Chassis with Midplane (165A PFU
support)
1
20
Switch Processor Card (SPC)
1
10
Power Filter Unit (125A)
1
30
Packet Accelerator Card (PAC)
1
12
ASR 5000 Chassis with Midplane
1
20
System Management Card (SMC)
1
10
Packet Services Card (PSC or PSC2)
1
12
Ethernet 1000/Quad Gig-E (QGLC) Card
1
20
10 Gigabit Ethernet Line Card (XGLC)
1
20
Optical Line Card (OLC or OLC2)
1
20
Channelized Line Card (CLC or CLC2)
1
20
Switch Processor I/O Card (SPIO)
1
18
Redundancy Crossbar Card (RCC)
1
30
Ethernet 10/100 Line Card (FELC)
1
25
Gigabit Ethernet Line Card (GELC)
1
25
Power Filter Unit (165A)
1
30
Upper Fan Tray Unit
1
8
Lower Fan Tray Unit
1
5
ASR 5000 Only
ST16 or ASR
5000
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Redundancy and Availability Features
▀ Spare Component Recommendations
Chassis
Component Name
Minimum number of
spares
For every “n” number of deployed
components
Particulate Air Filter
1
1
Table 41.
Recommended FRU Parts Sparing Quantities
Component Name
Minimum number of spares
For every “n” number of deployed components
ASR 5000 Chassis with Midplane
1
20
System Management Card (SMC)
1
10
Packet Services Card (PSC or PSC2)
1
12
Ethernet 1000/Quad Gig-E (QGLC) Card
1
20
10 Gigabit Ethernet Line Card (XGLC)
1
20
Optical Line Card (OLC or OLC2)
1
20
Channelized Line Card (CLC or CLC2)
1
20
Switch Processor I/O Card (SPIO)
1
18
Redundancy Crossbar Card (RCC)
1
30
Ethernet 10/100 Line Card (FELC)
1
25
Gigabit Ethernet Line Card (GELC)
1
25
Power Filter Unit (165A)
1
30
Upper Fan Tray Unit
1
8
Lower Fan Tray Unit
1
5
Particulate Air Filter
1
1
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Chapter 7
Management System Overview
This chapter outlines the various methods of managing the system. There are multiple ways to locally or remotely
manage the system using its out-of-band management interfaces. These include:
Using the Command Line Interface (CLI)
Remote login using Telnet, and Secure Shell (SSH) access to CLI through SPIO card Ethernet
management interfaces
Local login through the Console port on SPIO card using an RS-232 serial connection
Using the Web Element Manager application
Supports communications through 10 Base-T, 100 Base-TX, 1000 Base-TX, or 1000 Base-SX
management interfaces on the SPIO
Client-Server model supports any browser (i.e. Microsoft Internet Explorer v5.0 and above or Netscape
v4.7 or above, and others)
Supports Common Object Request Broker Architecture (CORBA) protocol, Secure Sockets Layer
(SSL) for encryption of management data, and Simple Network Management Protocol version 1
(SNMPv1) for fault management
Provides complete Fault, Configuration, Accounting, Performance, and Security (FCAPS) capabilities
Can be easily integrated with higher-level network, service, and business layer applications using the
Object Management Group‘s (OMG‘s) Interface Definition Language (IDL)
The following figure demonstrates these various element management options and how they can be utilized within the
wireless carrier network.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Management System Overview
▀ Spare Component Recommendations
Figure 53.
Element Management Methods
The system‘s management capabilities are designed around the Telecommunications Management Network (TMN)
model for management - focusing on providing superior quality Network Element (NE) and element management
system (Web Element Manager) functions. The system provides element management applications that can easily be
integrated, using standards-based protocols (CORBA and SNMPv1), into higher-level management systems - giving
wireless operators the ability to integrate the system into their overall network, service, and business management
systems.
Overview information about each of these methods follows. For detailed information, please see the System
Administration and Configuration Reference, the Web Element Manager Getting Started Guide, or the Web Element
Manager‘s robust Help system.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Management System Overview
Out-of-Band Management ▀
Out-of-Band Management
Management of the system is performed using Out-Of-Band (OOB) transmission methods through either the Console
port or one of the Ethernet management ports on the SPIO. OOB management ensures that no management traffic can
be accessed or viewed by any subscriber. Management data is separated on different physical interfaces from those used
to transport user data. The following figure shows this separation.
Figure 54. Separation of Management Data From User Data
Additionally, the system uses the local context solely for system management purposes. Contexts are described in this
document‘s Glossary, but basically they provide a way to host multiple virtual service or configuration parameter
groups in a single physical device. To ensure OOB management, users are required to create other service-specific
contexts for user data.
By using the local context as the separate management context, network operations personnel are able to utilize their
own RADIUS services for management authentication and accounting, further maintaining the separation of user and
management data.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Management System Overview
▀ Command Line Interface
Command Line Interface
CLI Overview
The CLI is a multi-threaded man machine interface that allows users to manipulate, configure, control, and query the
various components that make up the system and the services hosted within the system. The CLI contains numerous
command sets that perform various pre-defined functions when entered by a user. The CLI communicates with other
controls and software tasks that make up the operating system.
The CLI provides numerous features, including:
Simultaneous multiple CLI user support, providing a CLI instance for every context.
The maximum number of multiple CLI session support is based on the amount of available memory. The
Resource Manager, however, reserves enough resources so that the following minimum number of CLI
sessions are assured:
For ST16s: 7
For ASR 5000s: 15
In both cases, one of the assured sessions is reserved for use exclusively by a CLI session on an SPIO
console interface.
Local or remote management login support
Hierarchical structure supporting two command modes
Exec (execute) Mode, supporting basic commands that allow users to maneuver around system and
perform monitoring functions
Config (configuration) Mode, providing global system configuration and context and service-specific
configuration functions
Differentiated administrative user privileges
Inspector users have minimal read-only privileges
Operator users have read-only privileges. They can maneuver across multiple contexts, but cannot
perform configuration operations
Administrator users have read-write privileges and full access to all contexts and command modes
(except for a few security functions)
Security Administrator users have read-write privileges and full access to all contexts and command
modes
Intuitive CLI command prompt displaying user's exact location within the CLI, command mode, and user
privilege level
CLI command auto-completion feature that allows users to enter only enough characters to make a command
unique, prompting the system to complete the rest of the command or keyword by pressing the <Tab> key
CLI auto-pagination, improving the readability of command output displays
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Management System Overview
Command Line Interface ▀
Complete command history features, allowing users to review all commands previously entered during current
session, and EMACS-style command line manipulation features increasing CLI usability
Interactive, context-sensitive Help, providing two levels of help for CLI commands, keywords, and variables
For more detailed information, reference Command Line Interface Overview chapter in the System Administration and
Configuration Reference.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Management System Overview
▀ Web Element Manager Application
Web Element Manager Application
The Web Element Manager is a client-server application providing complete element management of the system. The
UNIX-based server application works with clients using virtually any Java-enabled web browser to remotely manage
the network elements within the system using the Common Object Request Broker Architecture (CORBA) standard.
The Secure Sockets Layer (SSL) protocol can be used to encrypt management data traffic between the client and the
server. The following figure shows the Web Element Manager application's topology window.
Figure 55. Web Element Manager Topology Window
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Management System Overview
Web Element Manager Application ▀
In addition to its element management capabilities, the Web Element Manager can be integrated with higher-layer
network, service, and business management applications using its northbound CORBA interface.
For more information on Web Element Manager application, refer Web Element Manager Overview section.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Chapter 8
ASN Gateway Overview
Access Service Network Gateway (ASN Gateway) is the subscriber-aware mobility access gateway for IEEE 802.16
mobile WiMAX radio access networks. These carrier- and enterprise-class platforms provide exceptional reliability and
performance characteristics for mobile WiMAX operators.
The ASN Gateway provides inter-technology mobility for 3GPP, 3GPP2, DSL, and WiFi access technologies. This
assures common billing and seamless inter-technology handover.
ASN Gateway is available for all chassis running StarOS Release 7.1 or later.
Important:
The ASN Gateway is a licensed product and requires an Access Service Network Gateway support
license.
ASN Gateway provides the following functionality, all of which is integrated into the chassis:
ASN mobility
Extensible Authentication Protocol (EAP) user authentication/Authentication, Authorization, Accounting (AAA)
client
DHCP proxy server
Connectivity Service Network (CSN) mobility
Intra-ASN and inter-ASN handover
Paging controller/location register
Radio resource controller relay function
Service Flow Authenticator (SFA)
Proxy-Mobile Internet Protocol (P-MIP) client
Mobile IP Foreign Agent (MIP FA) protocol
Data path function
Context server function
Handover relay function
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Mobility Management
ASN Mobility Management
The Access Service Network Gateway (ASN Gateway) processes subscriber control and bearer data traffic, and
supports connection and mobility management across cell sites and inter-service provider network boundaries. An ASN
Gateway is a logical entity in the Access Service Network (ASN) of a WiMAX radio access network and interfaces
directly with base transceiver station or base station via an R6 GRE reference interface. An ASN Gateway performs
control plane functions, bearer plane routing or bridging functions, resident functions in the connectivity service
network, or a function in another ASN.
The ASN Gateway is placed at the edge of an ASN and is the link to the CSN. Each ASN Gateway can concentrate
traffic from multiple radio base stations. This reduces the number of devices to manage and minimizes connection setup latency by decreasing the number of call handovers in the network.
Figure 56.
Basic ASN Gateway Network
Acess Service Network (ASN)
Connectivity Service
Network (CSN)
WiMAX SS/MS
WiMAX Base
Station
ASN Gateway
To support Mobile IP and/or Proxy Mobile IP data applications, you can configure the system to perform the role of the
ASN Gateway/foreign agent and/or the home agent within the connectivity service network (CSN) of your WiMAX
data network. When functioning as a home agent, the system can be located within your WiMAX network or in the
CSN of an external enterprise or ISP network. In either case, the ASN Gateway/foreign agent terminates the mobile
subscriber‘s call session and then routes the subscriber‘s data to and from the appropriate home agent.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
ASN Mobility Management ▀
Figure 57.
Basic ASN Gateway Mobile IP Network
Acess Service Network (ASN)
Connectivity Service Network (CSN)
Enterprise
WiMAX SS/MS
WiMAX Base
Station
ASN Gateway / FA
Home Agent
(HA)
Internet
EAP User Authentication
The ASN Gateway serves as the Extensible Authentication Protocol (EAP) authenticator and mobility key holder for
subscriber connections and RADIUS clients to attached Authorization, Authentication, and Accounting (AAA) servers.
ASN Gateway and AAA
ASN control is handled by the ASN Gateway and the base station. The ASN Gateway control plane handles the feature
set, including AAA functions, context management, profile management, service flow authorization, paging, radio
resource management, and handover. The data plane feature set includes mapping radio bearer to the IP network, packet
inspection, tunneling, admission control, policing, QoS, and data forwarding.
The ASN Gateway acts as an authenticator. It operates in pass-through mode for EAP authentication between the EAP
client (the mobile station) and the EAP (AAA) server. After successful EAP authentication, the AAA server sends the
master session key (MSK) to the ASN Gateway. The ASN Gateway, as authenticator, performs authorization key (AK)
context management. It derives the AK from the MSK and sends it to the base station. As part of the AK context, other
information, such as the AkID and CMAC are sent to the base station to secure the R1 interface.
An AAA module in the ASN Gateway provides flow information for accounting. Every detail about a flow, such as the
transferred or received number of bits, the duration of the connection, and the applied policy, is retrievable from the data
plane.
Profile Management
The ASN Gateway provides profile management and a policy function that resides in the connectivity network. Profile
management identifies a subscriber‘s feature set, such as the allowed QoS rate, number of flows, and type of flows.
In addition, the ASN Gateway maintains a context for the mobile subscriber and the base station. Each subscriber‘s
context contains the subscriber‘s profile and security context, and the characteristics of the subscriber‘s mobile device.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Mobility Management
The subscriber‘s context is retrieved and exchanged between the serving base station and a target base station during
handover.
The ASN Gateway authorizes service flows according to the subscriber‘s profile. Allowed service flows and active
service flows can change over time, so the ASN Gateway provides admission control for downlink traffic. The ASN
Gateway creates a GRE tunnel per service flow.
Inter-ASN Handovers
During a handover, the ASN Gateway provides the subscriber‘s context to a target base station and when requested,
changes the data path. To minimize latency and packet loss, the ASN Gateway implements data integrity through bicasting or multi-casting. For paging, buffering is also supported. A foreign agent maintains the IP connectivity if the
mobile subscriber initiates an inter-ASN handover. The ASN Gateway supports either Proxy-Mobile IP (PMIP) or
Client-Mobile IP (CMIP) in order to communicate with home agents.
The ASN Gateway maintains location information to provide the paging service that tracks subscribers when they are
operating in idle mode. If there is any download traffic, ASN Gateway requests the PC to trigger paging. During active
operation, location information is also updated as the mobile subscriber moves to a new base station.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
Supported Features ▀
Supported Features
The Access Service Network Gateway (ASN Gateway) provides ASN Gateway control and bearer plane routing
functions:
BS Interface: R6 IP/GRE bearer plane
Inter-ASN handovers to other ASN Gateways: R4 IP/GRE bearer plane
Interactions with AAA management or policy servers: R3 RADIUS interface
Mobile IP Interface to HA in Connectivity Service Network: R3 IP-in-IP tunneling
A Profile C ASN Gateway is one of three alternative designs for radio resource management proposed by the WiMAX
Forum. In a Profile C architecture, the handover control component resides in the base stations. The ASN Gateway
represents a transparent message relay point between neighboring base stations. The Radio Resource Controller (RRC)
component in every BTS periodically polls its neighbors to build a resource availability database that it checks prior to
triggering call handovers.
provides a high performance ASN Gateway platform with the following supported features in the current software
version.
Important:
Not all features are supported on all platforms.
Simple IPv4 Support
A Simple IP model supports non-mobile IP terminals and provides ASN-anchored mobility for fixed, nomadic, or
portable mobility applications. A Simple IP architecture removes dependencies for separate foreign agent and home
agent functions. ASN Gateway handles simultaneous combinations of Simple IP, Mobile IP, or Proxy Mobile IP calls. A
Simple IP model permits the ASN to be combined or split from the CSN, depending upon the need for roaming. The
Simple IP implementation includes a DHCP Proxy Server function for local or AAA-provided IP address assignment.
Simple IP provides a solution for stationary wireless DSL-like applications. It enables mobility on intra-ASN handovers
between neighboring base stations and permits inter-ASN mobility via an R4 interface between ASN Gateways.
DHCP Proxy Server
Compared to 3G wireless technologies such as EV-DO (Evolution-Data Optimized) or PDP (Packet Data Protocol)
Type PPP (Point-to-Point Protocol) contexts in General Packet Radio Service/Wideband Code division Multiple Access
(GPRS/W-CDMA) networks, WiMAX networks do not use a PPP data link layer between access devices and the ASN
Gateway. An alternative approach to IP address allocation is needed in Simple IP and Proxy Mobile IP usage models.
The ASN-GW includes a DHCP proxy/server/relay that interacts with the DHCP client function on the access device. In
a Simple IP usage model, the DHCP server allocates dynamic addresses from a local address pool or fetches static
addresses from subscriber profiles during authentication from a AAA server. Alternatively, the ASN-GW uses a DHCP
relay process to forward the DHCP request to an external DHCP server.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ Supported Features
In a Proxy Mobile IP use case, the ASN-GW uses a DHCP proxy to trigger a local foreign agent function to initiate a
Mobile IP Request via the R3 interface to a home agent. The home agent returns the address via the Mobile IP
Response. The DHCP Proxy component on the ASN Gateway conveys the address in a DHCP Response message to the
DHCP client running on the user‘s access device.
This solution enables mobility on intra-ASN handovers between neighboring base stations. It also permits inter-ASN
mobility via an R4 interface between ASN Gateways.
ASN Gateway Micro-Mobility
ASN Gateway micro-mobility provides ASN Gateway-anchored L2 handovers. This low-latency procedure assures the
seamless mobility of mobile access devices within a WiMAX network. The ASN Gateway supports both uncontrolled
and controlled handovers for micro-mobility.
Uncontrolled Handovers
In an uncontrolled handover scenario, a mobile subscriber attempts to re-enter the WiMAX network at a target base
station without the handover preparation procedures with the serving base station. In order to authenticate the roaming
user, the target base station obtains the subscriber and security context information from the serving ASN. The anchor
authenticator ASN Gateway conveys the context response message and assists in the establishment of a new R6 GRE
bearer connection to the target base station. It is referred to as an L2 operation because the previously assigned IP
address for the binding remains the same on the anchor authenticator/data path ASN Gateway while the L2 BSID
(Ethernet MAC address) is updated for the target base station. Uncontrolled handovers are supported for both Simple IP
or Mobile IP use cases.
With uncontrolled L2 handover procedures, interactive and non-real-time applications incur minimal performance
degradation and packet loss during subscriber movement between cell sites.
Controlled Handovers
A controlled handover occurs when a subscriber access device explicitly requests handover assistance from the serving
base station to a new target base station. This process minimizes packet loss to the WiMAX access device. During the
handover request, the serving base station provides the subscriber‘s context information to the anchor authenticator
ASN Gateway and a list of target base stations that are preferred by the mobile device. Upon a successful response from
potential target base stations, the anchor authenticator ASN Gateway initiates a data path for the mobile subscriber to
the target base station. It also transfers all contextual information for the session to the target base station. The downlink
traffic for the mobile subscriber is simultaneously broadcast and subsequently buffered by each of the target base
stations.
Controlled handovers may be triggered by the mobile access device or the serving base station as a congestion overload
control mechanism.
Controlled handovers and associated data path pre-registrations minimize the impact on performance to a greater extent
than uncontrolled handovers and significantly reduce datapath outages.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
Supported Features ▀
WiMAX R4 Inter-ASN Mobility Management
R4 inter-ASN mobility management procedures enable low latency call handovers between neighboring ASN Gateways
located in different geographical regions or different operator networks. During mobility operations, the call is anchored
on the anchor authenticator ASN Gateway. When a mobile subscriber roams to a destination cell site, the target base
station connects to the anchor gateway over the serving ASN Gateway‘s R4 interface. The R4 interface provides control
functions such as security context transfers and IP/GRE bearer level connections. The data conveyed to the subscriber
by the remote hosts is subsequently tunneled over R4 by the anchor authenticator gateway to the serving gateway. The
current ASN Gateway implementation supports the co-existence of anchor authenticator and anchor datapath functions
in the same ASN Gateway.
Supported R4 functionality includes:
R4 over Simple IP connections
R4 over Mobile IP connections
Anchor Gateway bi-casting over simultaneous R6 and R4 sessions
Co-location of DHCPv4 Proxy and PMIPv4 FA on anchor authenticator gateway
Support for multiple QoS service flows per-session via R4 tunnels
Important: Both the anchor gateway session and non-anchor gateway sessions are counted towards the session
license separately. Licensed session limits are enforced based on the total number of anchor and non-anchor sessions.
WiMAX R3 CSN Anchored Mobility Management
The R3 reference point defines a set of control plane protocols between the Access Service Network (ASN) and
Connectivity Service Network (CSN) to support AAA, policy enforcement, and mobility management functions. The
R3 reference interface is used in a mobile IP application with the home agent acting as the call anchor point. In contrast
to L2-based ASN anchored mobility procedures, CSN anchored mobility is L3-based and supports both proxy mobile IP
and mobile IP calls. The R3 interface uses mobile IP signaling and IP-in-IP tunneling or GRE tunneling and includes
standard features such as dynamic Home of Address (HoA) address allocation. Mobility signaling messages are
authenticated by the home agent based on a dynamic user identity called a pseudo-NAI which changes after each
authentication.
Mobile IP applications are well suited for inter-provider roaming applications and inter-technology handovers such as
WiMAX-HRPD Rev A, WiMAX-WiFi, and WiMAX-W-CDMA. Mobile IP also provides an attractive solution for
operators with a heterogeneous radio access network who want to support seamless mobility across base transfer
stations from multiple RAN suppliers.
Important:
Support for this function requires the HA feature license key.
Proxy Mobile IPv4 (PMIPv4)
The P-MIP procedure is designed for Simple IP-capable access devices for which mobility procedures are performed
entirely in the network. Certain events on the access device require relocation of the L3 anchor point (for example,
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ Supported Features
CoA). One case is for the initial connection establishment in which the home agent or H-AAA server assigns an IP
address and generates the mobility binding. Another is when the mobile subscriber roams across cell sites or ASNs and
attaches to a target ASN Gateway.
Client Mobile IPv4 (CMIPv4)
CMIPv4 provides mobility procedures for mobile IP-capable access devices. In contrast to PMIPv4, where stateful
DHCP proxy signaling triggers R3 signaling between the ASN Gateway and the home agent, CMIPv4 uses agent
advertisement between the foreign agent component in the ASN Gateway and mobile IP client on subscriber access
device. Mobile IP signaling occurs directly between the access device and the anchor foreign agent component in the
ASN Gateway.
Authenticator
The authenticator function in the ASN Gateway acts as an anchored authenticator for a subscriber for the duration of the
session. For example, as a subscriber moves between base stations served by the ASN Gateway, the authenticator
anchor remains stationary. If a subscriber moves to a base station served by a different ASN Gateway, the anchor
authenticator is hosted at that ASN Gateway. If the R4 interface is not supported between both gateways, only the
subscriber needs to be re-authenticated.
The RADIUS client for authentication and accounting is collocated with the authenticator function. The ASN Gateway
acts as an EAP relay and is agnostic to the EAP method. EAP transport between the ASN Gateway and the base station
is performed as a control exchange. The base station functions as an EAP relay, converting Pair-wise Master Key
version 2 (PKMv2) to the EAP messages for the ASN Gateway. The ASN Gateway works in pass-through mode and
any EAP method that generates keys, such as MSK or EMSK, is supported in the system.
PKMv2 performs over-the-air user authentication. PKMv2 transfers EAP over the IEEE 802.16 air interface between
the MS and the base station. The base station relays the EAP messages to the authenticator in the ASN Gateway. The
AAA client on the authenticator encapsulates the EAP message in AAA protocol packets, and forwards them through
one or more AAA proxies to the AAA server in the CSN of the home NSP. In roaming scenarios, one or more AAA
brokers with AAA proxies may exist between the authenticator and the AAA server. AAA sessions always exist
between the Authenticator and AAA server, with optional AAA brokers providing a conduit for NAI realm-based
routing.
EAP Authentication Methods
WiMAX networks use Ethernet as the L2 protocol for network access authentication. The Extensible Authentication
Protocol (EAP) provides the network authorization function. The ASN Gateway represents the EAP authenticator and
supports a transparent relay point between the EAP client on the subscriber access device and EAP server on the AAA.
The ASN Gateway triggers an EAP-identity request to the subscriber device. The subscriber device responds with an
EAP-identity response. It subsequently unpacks EAP messages over the R6 interface and transfers them via RADIUS or
Diameter signaling to the AAA server.
EAP authentication provide multiple authentication methods that can be tailored to the operator‘s preference toward
user-level, device-level, or user- and device-level network authorization. At the H-AAA server in Home Network
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
Supported Features ▀
Service Provider (H-NSP), device-level authentication in a roaming application guards against unauthorized network
access by users with stolen access devices.
Supported RADIUS Methods
ASN Gateway supports following EAP authentication and authorization methods using RADIUS:
EAP-Pre-shared Key (EAP-PSK)
EAP-Transport Layer Security (EAP-TLS)
EAP-Tunneled Transport Layer Security (EAP-TTLS)
EAP-Authentication and Key Agreement (EAP-AKA)
EAP-Pre-shared Key (EAP-PSK)
EAP-PSK is a symmetric mutual authentication method that uses manually provisioned pre-shared keys between an
EAP client on an access device and an EAP server component on AAA. The size of the pre-shared key can be up to 256
bytes.
EAP-Transport Layer Security (EAP-TLS)
EAP-TLS is an asymmetric authentication method that uses X.509 digital certificates, for example public/private key
pairs, and enables device-based authentication.
EAP-Tunneled Transport Layer Security (EAP-TTLS)
EAP-TTLS is a multi-level authentication scheme to enable device and user-based authentication. The first level
handshake provides device-level authentication and uses the same encryption and ciphering algorithms as EAP-TLS.
The secure connection established through the first level handshake is then extended with MS-CHAP-V2 authentication
to verify user credentials. As with other EAP methods, successful EAP transactions at AAA result in a Master Session
Key (MSK) that is returned over an encrypted connection. The ASN Gateway uses the key to generate a derivative key
for securing the air interface between ASN and user access device.
EAP-Authentication and Key Agreement (EAP-AKA)
EAP-AKA uses symmetric cryptography based on pre-shared private client/server keys and challenge-response
mechanisms similar to other EAP methods. It verifies credentials for users of Removable User Identity Modules (RUIMs).
Supported Diameter Methods
ASN Gateway supports the following Diameter methods for EAP authentication and authorization:
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ Supported Features
EAP-Authentication and Key Agreement (EAP-AKA)
EAP-AKA uses symmetric cryptography based on pre-shared private client/server keys and challenge-response
mechanisms similar to other EAP methods. It verifies credentials for users of Removable User Identity Modules (RUIMs).
WiMAX Prepaid Accounting
The system supports prepaid accounting for clients on the ASN Gateway.
Clients can communicate directly to a home AAA server or be proxied through a visited network‘s AAA server. The
following figure shows a typical prepaid network topology.
Figure 58.
Prepaid Network Topology
Home
AAA
Prepaid
Server
IP Network
WiMAX
Prepaid User
WiMAX Base
Station
ASN Gateway
Prepaid Client
Home Agent
(HA)
Volume and Duration-based Prepaid Accounting
Prepaid accounting is a licensed-enabled feature. The ASN Gateway supports both volume threshold and duration
threshold based prepaid accounting. Even though session-level accounting is performed for both volume and duration,
the number of bytes in a multi-flow session are applied to a duration-based configuration.
RADIUS attributes identify thresholds and quotas for both volume (number of bytes) and duration (length of session).
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
Supported Features ▀
Supported Enhanced Features
All enhanced features described in this section require the appropriate feature license keys.
Lawful Intercept Enhancements
Lawful Intercept (LI) provides a mechanism for telecommunication service providers (TSPs) to assist Law Enforcement
Agencies (LEAs) in monitoring suspicious individuals (referred to as targets) for potential criminal activity. LEAs
provide one or more TSPs with court orders or warrants requesting the monitoring of a particular target. The target is
identified by information such as their Mobile Station Identification (MSID) number, their name, or their assigned IP
address.
It is not possible to provision an LI trigger on the ASN Gateway (Simple IP) or home agent (Mobile IP) with pseudoNAI identifiers, since the outer identity is concealed from the gateway. For this reason, if it is necessary to provision
triggers with the pseudo-NAI, the basic LI license (with AAA event detection) must be used.
Once the target has been identified the system, functioning as either an ASN Gateway (Simple IP) or home agent
(Mobile IP), serves as an access function (AF) and monitors new data sessions or sessions already in progress. While
monitoring, the system intercepts and duplicates session content and forwards it to a delivery function (DF) over an
extensible, proprietary interface. The DF delivers the intercepted content to one or more collection functions.
The WiMAX implementation of LI monitoring includes the following features:
Active triggers (using AAA assist for control plane event detection)
Event delivery (AF to DF) with ability to configure UDP/IP message acknowledgements
Intelligent Traffic Control
Intelligent Traffic Control (ITC) supports customizable policy definitions. The policies enforce and manage service
level agreements for a subscriber profile, thus enabling differentiated levels of services for native and roaming
subscribers.
ITC includes features such as traffic prioritization, for example, marking DiffServ codepoints to enable unique
treatments for the five WiMAX classes of service, queue redirection, and per-subscriber/per-flow traffic bandwidth
control. Traffic policing enables maximum rate-based services and tiered bandwidth charging models. ITC includes a
local policy engine that runs on an ASN Gateway in a Simple IP usage model, or as a home agent in a Mobile IP
application. You can configure ITC policies statically with Class-Maps to identify applications flows that use L3/L4 5tuple identifiers. You can then apply the resulting policy actions through policy maps and policy groups. The detection
and programming of the local policy engine can alternatively be triggered on network access at the ASN Gateway as it
retrieves QoS profiles for each authenticated user.
This feature provides a policy mechanism so you can enable user entitlements and provision treatments for native users
and applications relative to roaming subscribers, Mobile Virtual Network Operators (MVNOs), and offnet P2P traffic.
Hotlining/Dynamic RADIUS Attributes
WiMAX is an all IP-based networking technology in which mobile operators seek a more profitable business model.
One way to do this is to avoid traditional device subsidization that accompanies the sale of locked devices that restrict
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ Supported Features
access to provisioned subscribers of an operator‘s network. The WiMAX Forum has proposed remote Over-the-Air
(OTA) activation protocols such as Open Mobile Alliance Device Management (OMA DM) to enable self-provisioned,
self-configured, retail subscription models.
The ASN GW supports hotlining on a session basis. This capability is enabled by default. The rule-based hotlines use an
IP redirection rule with the standard attribute Filter-ID. The server sends the ACL names in the Filter-ID attribute,
which in turn, locates the rules.
Upon receiving a RADIUS Access-Accept message containing the Filter-ID attribute, the ASN GW locates the rule list,
using the name contained in Filter-ID, and applies them to the session.
Configure the rules locally on the ASN GW under ACL groups.
In this scenario:
A user with an unprovisioned access device registers with a special decorated NAI that represents him/her as a
non-subscriber to the AAA.
The AAA grants limited network access by returning a hotlining filter rule to the ASN Gateway. ASN GW
hotlining support uses the standard attribute Filter-ID, along with the session identification parameters UserName, Calling-Station-ID, and AAA-Session-ID.
An IP address is assigned during initial network entry. The ASN Gateway uses the redirect address associated
with the filter rule to hotline the call to a web activation portal.
The user profile and subscription activation process is completed. The call is forwarded to the OMA DM server.
The OMA DM server triggers a network-initiated bootstrapping session with the OMA DM client on the user
access device.
The OMA DM uses XML messaging over a secure OTA connection to remotely configure the access device.
If a session and an ACL list are located, the rules are applied to the session and a COA-ACK is returned. The
AAA server transmits a RADIUS message to the ASN Gateway instructing it to ―unhotline‖ the session.
At this point, the user is a known subscriber to the back-end subscription database and is granted unrestricted
access to the network.
This feature facilitates a non-subsidized retail activation model through over-the-air user-driven subscription and remote
device configuration. It also prevents unprovisioned users unrestricted access to the wireless operator‘s network. This is
a complementary technique you can use with operator fraud prevention systems by quarantining fraudulent user sessions
or redirecting them to a billing/web portal.
Multi-flow QoS
Within a WiMAX ASN, QoS enforcement is administered by the Service Flow Authorization (SFA) component in the
ASN Gateway (also referred to as Anchor Policy Charging Enforcement Function, or A-PCEF). SFA provides traffic
management and QoS policy management for subscriber service flows.
Multi-flow QoS enables the establishment of static traffic policies for various subscriber application level service flows.
It can be used in Simple IP or Mobile IP usage scenarios. The policies are stored in a Subscriber Policy Repository
(SPR) database and retrieved as authenticated QoS profiles by the ASN Gateway. The A-PCEF negotiates via R6 with
the Service Flow Manager (SFM) function on the base station. If the authorized QoS profile matches the available base
station resources, the request is granted. The A-PCEF provides the following:
Traffic classification
Admission control
Prioritization (DSCP marking)
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
Supported Features ▀
Per-session/per-flow bandwidth control
Flow mapping across application-specific R6/R4 GRE tunnels
In conjunction with multiflow QoS, the ASN Gateway offers configurable accounting on a per-session, per-R6, or perservice flow basis. Multi-flow QoS enables the OFDM radio access connection to be separated into multiple logical
Connection ID‘s (CIDs) with each pair of forward and reverse sub-channels transporting one or more application flows.
Currently, the ASN Gateway supports static pre-provisioned service flows. A total of up to three bi-directional or 6
unidirectional service flows per subscriber R6 or R4 session are possible.
Multi-flow QoS provides enhanced an user experience via end-to-end differentiated QoS connection-oriented services
and stringent treatment for isochronous voice and delay-sensitive multimedia applications over broadband WiMAX
networks. This feature also enables service convergence and is the foundation for delivery of IMS service control.
ASN Gateway Intra-Chassis Session Recovery
This feature enables the system to recover from single software or hardware faults without interrupting subscriber
sessions or losing accounting information. Intra-chassis session recovery uses regular task check-pointing of active call
states to insure that the fail-over task has the identical configuration and state as the failed process.
Session recovery is supported for the following major features:
Simple IP, Proxy Mobile IP or Client Mobile IP calls
R6 or R4 control signaling and bearer level subscriber traffic
Paging Controller/Location Register (PC/LR) idle mode sessions. PC/LR is a licensed-based feature.
L2TP LAC & LNS tunnels and sessions
Important: Minimum hardware requirements consist of four processing cards (3 Active, 1 Standby). When
session recovery is enabled, overall system capacity may be reduced, depending upon configuration.
Intra-chassis session recovery provides hitless in-service recovery that increases system availability. This eliminates the
need for the Radio Access Network to re-register large blocks of simultaneous users. It also minimizes the likelihood of
revenue leakage due to the failure of network elements.
This feature requires a feature license key for ASN Gateway session recovery.
Supported Inline Services
All inline services described in this section require the appropriate feature license keys.
Enhanced Charging Service
The Enhanced Charging Service (ECS) is an in-line service feature integrated with the system. ECS provides flexible,
differentiated, and detailed billing to subscribers by using Layer 3 through Layer 7 packet inspection. ECS can integrate
with a back-end billing system. ECS functionality is supported at the point where sessions are anchored—for example,
on the ASN Gateway for Simple IP sessions and on the home agent for Mobile IP sessions.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ Supported Features
For more information about ECS, refer to the Enhanced Charging Services Administration Guide.
Multi-host Support
ASN Gateway‘s multi-host feature provides multiple host connectivity.
A WiMAX CPE modem supports multiple IP hosts in fixed/nomadic applications. The modem shares a single WiMAX
airlink to connect to the WiMAX IP network. This feature is an effective solution for small or home office users to
provide multiple station connectivity through one airlink.
Figure 59.
Multi Host Support in WiMAX Network
The WiMAX ASN Gateway allows each WiMAX MS (identified by its 6-byte MSID) to be assigned a single IP
address. IP accounting is maintained for the IP address.
How it Works
The DHCP proxy server and the IP pool hosted locally on the ASN Gateway provide the primary IP address from a
primary IP pool to the WiMAX customer premise equipment (CPE). The CPE is identified by its WiMAX R6 MSID (6byte MAC address).
Important:
Multiple IP hosts feature is not supported for Proxy-MIP session.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
Supported Features ▀
Once a primary IP address is assigned dynamically to the WiMAX CPE, additional IP addresses are assigned
dynamically to other IP hosts. Each of the IP hosts is identified by its unique 6-byte MAC address. The DHCP proxy on
the ASN Gateway manages the IP addresses by mapping them to the unique MAC addresses supplied by the client in
the chaddr option field in DHCP DISCOVER or REQUEST messages.
The primary IP address is assigned to the CPE first via DHCP. It is followed by requests for additional IP addresses by
individual IP hosts behind the CPE. The ASN Gateway allocates secondary hosts on-demand, up to the configured limit
of 4.
Primary IP addresses assigned to WiMAX CPE and secondary IP addresses assigned to the IP hosts, are configured in
separate IP pools or the same IP pool. Accounting is based on the primary IP address assigned to CPE and UDR
accounting is enabled only for the primary session (flow/session based). No accounting is performed for secondary subsessions.
Using the device credentials of the WiMAX CPE, authentication is performed with the EAP-TLS method. There is no
authentication for each assigned IP address, and no validation of MAC addresses contained in DHCP requests, except to
make sure that they are unique across all subscribers connected to the DHCP proxy server.
IP Address Allocation through DHCP
The dynamic IP address allocation procedure for primary node and secondary hosts is described below:
After the initial network entry for WiMAX CPE is completed, the WiMAX CPE acts as a primary node and
starts the DHCP process with the WiMAX ASN Gateway.
The DHCP proxy server hosted on the ASN Gateway allocates the Primary IP address to the WiMAX CPE as a
primary node from the configured primary IP Pool.
The primary IP address is the first IP address assigned to the WiMAX CPE. The DHCP DISCOVER and
REQUEST messages for this must contain the WiMAX R6 MSID as the chaddr field. After this IP address is
assigned, the session goes into Connected state and is ready to accept DHCP requests for additional IP
addresses for other IP hosts.
Once the primary IP address is assigned to the primary node (WiMAX CPE), hosts behind the CPE start the
DHCP process with the WiMAX ASN Gateway for each host mapping to its 6-byte MAC address.
The DHCP proxy server hosted in the ASN Gateway allocates the secondary IP addresses to the hosts behind the
CPE as an auxiliary node from the configured secondary IP Pool.
When session termination is requested, the primary IP address is the last IP address to be released by the clients
and ASN Gateway. This means the primary IP address must be in use and in lease for the session to continue in
Connected state. When the Primary IP address is released, the ASN Gateway session is terminated and all IP
addresses are freed.
The auxiliary IP addresses can be assigned and freed any time during the call via DHCP messages.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Gateway in a WiMAX Network
ASN Gateway in a WiMAX Network
In a WiMAX network architecture, each of the entities, Subscriber Station (SS)/Mobile Station (MS), Access Service
Network (ASN) and Connectivity Service Network (CSN) represent a grouping of functional entities.
Each of these functions may be in a single physical device or distributed over multiple physical devices to meet
functional and interoperability requirements. The following figure shows a high-level example of WiMAX network
architecture
Figure 60.
WiMAX Network Architecture
CDMA 2000 1xEV-DO Rev. 0, Rev. A;
UMTS/W-CDMA/LTE/SAE
Connectivity Service Network (CSN)
Home Agent
(HA)
WiMAX SS/MS
WiMAX Base
Station
Enterprise
ASN Gateway
Internet
WiMAX SS/MS
ASN Gateway
Acess Service Network (ASN)
Another CSN
Authorization
Authentication,
and Accounting
(AAA) Server
Another ASN
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
ASN Gateway in a WiMAX Network ▀
Access Service Network (ASN)
The ASN is an aggregation of functional entities and corresponding message flows associated with the access services.
The ASN represents a boundary for functional interoperability with WiMAX clients, WiMAX connectivity service
functions, and other vendor-specific functions.
An ASN is defined as a complete set of network functions that provide radio access to a WiMAX subscriber. The ASN
provides the following functions:
WiMAX Layer-2 (L2) connectivity with WiMAX SS/MS
The transfer of AAA messages to WiMAX subscribers‘ Home Network Service Provider (H-NSP) for
authentication, authorization, and session accounting for subscriber sessions
Network discovery and the selection of an appropriate NSP from which WiMAX subscribers accesses WiMAX
service(s)
Relay functionality for establishing Layer-3 (L3) connectivity with a WiMAX SS/MS (IP address allocation)
Radio resource management
ASN-CSN tunneling
In addition to the above mandatory functions, for a portable and mobile environment the ASN supports the following
functions:
ASN anchor mobility
CSN anchor mobility
Paging and location management
The ASN has the following network elements:
The WiMAX base station, which is a logical entity that embodies a full instance of the WiMAX Medium Access
Control (MAC) layer and physical layer in compliance with the IEEE 802.16 suite of applicable standards. The
base station may host one or more access functions and is logically connected to one or more ASN Gateways.
The ASN Gateway (ASN Gateway), which is a logical entity that represents an aggregation of control plane
functional entities. These entities are paired with a corresponding function in the ASN, for example a base
station instance, a resident function in the CSN, or a function in another ASN.
The ASN Gateway may also perform bearer plane routing or bridging functions.
The ASN consists of at least one instance of a base station and at least one instance of an ASN Gateway (ASN
Gateway). An ASN may be shared by more than one Connectivity Service Networks (CSN).
The ASN decomposition with Network Reference Model (NRM) is shown in the following figure.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Gateway in a WiMAX Network
Figure 61.
ASN Network Reference Model with ASN Gateway
Network Access Privider
(NAP)
Network Service Privider
(NSP)
ASN
CSN
R6
ASN Gateway
HA
BS
R3
R8
R6
H-AAA
R4
R5
BS
Another CSN
Another ASN/
ASN-GW
Connectivity Service Network (CSN)
The Connectivity Service Network (CSN) is a set of network functions that provide IP connectivity services to the
WiMAX subscriber. A CSN provides the following functions:
SS/MS IP address and endpoint parameter allocation for user sessions
Internet access
AAA proxy or server
Policy and admission control based on user subscription profiles
ASN-CSN tunneling support,
WiMAX subscriber billing and inter-operator settlement
Inter-CSN tunneling for roaming
Inter-ASN mobility
Home agent
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
ASN Gateway in a WiMAX Network ▀
The CSN also provides location-based services, connectivity for peer-to-peer services, provisioning, authorization
and/or connectivity to IP multimedia services, and support for lawful intercept services in the WiMAX radio access
network.
Important:
CSN is out of the scope of this document.
WiMAX Reference Points and Interfaces
A reference point (RP) in a WiMAX network is a conceptual link. An RP connects two groups of functions that reside
in different functional entities of an ASN, CSN, or mobile station (MS). It is not necessarily a physical interface; an RP
becomes a physical interface only when the functional entities on either side of it are contained in different physical
devices.
Following are the reference points implemented with the ASN Gateway for WiMAX mobility functions:
R3 Reference Point—Consists of the set of control plane protocols between the ASN and the CSN to support
AAA, policy enforcement, and mobility management capabilities. It also encompasses the bearer plane
methods (for example, tunneling) to transfer user data between the ASN and the CSN. R3 supports three types
of clients: PMIPv4, CMIPv4, CMIPv6 (this is IPv4 and IPv6 support for Proxy Mobile IP (PMIP)) and Client
Mobile IP (CMIP).
R4 Reference Point—Consists of the set of control and bearer plane protocols originating and terminating in
various functional entities of an ASN that coordinate MS mobility between ASNs and ASN Gateways. R4 is
the only interoperable RP between similar or heterogeneous ASNs.
R5 Reference Point—Consists of the set of control plane and bearer plane protocols for internetworking
between the CSN operated by the home NSP and that operated by a visited NSP.
R6 Reference Point—Consists of the set of control and bearer plane protocols for communication between the
base station and the ASN Gateway. The bearer plane is an intra-ASN datapath between the base station and
ASN gateway. The control plane includes protocols for datapath establishment, modification, and release
control, in accordance with the MS mobility events. R6, in combination with R4, may serve as a conduit for
exchange of MAC state information between base stations that cannot interoperate over R8.
R7 Reference Point—Consists of an optional set of control plane protocols, for example, AAA and policy
coordination in the ASN gateway as well as other protocols for coordination between the two groups of
functions identified in R6. The decomposition of the ASN functions using the R7 protocols is optional.
Important: To provide high throughput and high density call processing, the ASN Gateway
integrates both the Decision Point and Enforcement Point functions. Therefore, the R7 reference
point is not exposed.
Message Relay in ASN
The ASN Gateway provides relay procedures to send or distribute received messages with responses from a base station
or another ASN Gateway. Supported types of relay functions are:
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Gateway in a WiMAX Network
Passive Relay: In this type of message relay, when the ASN Gateway receives a message on an R4 or R6
interface, it retrieves the destination ID and forwards the same request message to the given destination.
Active Relay: In this type of message relay, upon receiving the message on R4/R6 interface, the ASN Gateway
creates a similar R4/R6 message on the basis of original message and relays it to the destination. For example,
if during the inter-ASN Gateway handover a non-anchor ASN Gateway receives the data path registration
request from the target base station, it creates a new data path registration request and sends it to the anchor
ASN Gateway. After receiving the duplicate message, the anchor ASN Gateway sends the data path
registration response to the non-anchor ASN Gateway. When it receives that message, the non-anchor ASN
Gateway creates a new response message and sends the new data path registration response to the target base
station.
ASN Gateway Architecture and Deployment Profiles
The ASN Gateway is part of the Access Service Network (ASN) within the WiMAX network. The ASN Gateway
comprises logical and functional elements that provide different functionality in an ASN.
ASN profiles provide a framework for interoperability among entities within an ASN. At a high level, the WiMAX
forum has defined groups of functionality for an ASN. These are called Profile Mappings A, B, and C. The key
attributes of the profile mappings are:
ASN Profile-A
Handover control and Radio Resource control (RRC) in the ASN Gateway
ASN anchored mobility among base stations using R6 and R4 reference points
CSN anchored mobility among ASNs using PMIP/CMIP (R3)
Paging Controller and Location Register in the ASN Gateway
Profile-B: ASN Profile-B removes the ASN Gateway altogether and pushes all its functionality into the base
station. This functionality includes the following:
Radio Resource control (RRC) handling within the base station
R3 reference point
R4 reference point
Profile-C: ASN Profile-C functionality is a subset of Profile-A with following functionality in Base Station:
HO control
Radio Resource Controller (RRC)
The ASN Gateway supports ASN Profile-C functionality. Form more information on supported features and
functionality, refer to the Supported Feature section.
The following figure shows the mapping of functional entities in an ASN Gateway for Profile-C.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
ASN Gateway in a WiMAX Network ▀
Figure 62.
Functional view of ASN Gateway Profile-C
ASN Gateway
R3
R6
Paging Controller
Location Register
Data Path Function
Key Distributor
Context Function
DHCP Proxy/Relay
P-MIP Client
Service Flow
Authorization
AAA Client
MIP Foreign Agent
(MIP-FA)
R4
Authenticator
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ WiMAX Network Deployment Configurations
WiMAX Network Deployment Configurations
This section provides examples of how the system can be deployed within a WiMAX carrier‘s network. As noted
previously, the system can be deployed in standalone configurations, serving as an Access Service Network
Gateway/Foreign Agent (ASN Gateway/FA), a Home Agent (HA), or in a combined ASN Gateway/FA/HA
configuration which provides all services from a single chassis.
Standalone ASN Gateway/FA and HA Deployments
The ASN Gateway/foreign agent (FA) serves as an integral part of a WiMAX network by providing packet processing
and re-direction to a mobile user‘s home network through communications with the home agent (HA). No redirection is
required when mobile users connect to an ASN Gateway that serves their home network.
The following figure shows an example of a network configuration in which the ASN Gateway/FA and HA are separate
systems.
Figure 63.
ASN Gateway/FA and HA Network Deployment Configuration Example
Access Service Network
Connectivity Service Network
Foreign
AAA
Home
AAA
AAA
AAA
R3
R6
R3
PDN
IP Network
MN
Internet
or PDN
CN
WiMAX
BS
ASN GW
/FA
HA
Co-Located Deployments
An advantage of the system is its ability to support both high-density ASN Gateway/FA and HA configurations within
the same chassis. The economies of scale presented in this configuration example provide both improved session
handling and reduced cost in deploying a WiMAX data network.
The following figure shows an example of a co-located deployment.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
WiMAX Network Deployment Configurations ▀
Figure 64.
Co-located ASN Gateway/FA and HA Network Deployment Configuration Example
Carrier 1 Network
Foreign
AAA
Home
AAA
AAA
R6
IP Network
R3
R4
MN
WiMAX
BS
Combined
ASN GW/FA
and HA
Internet
or PDN
R4
R6
R3
R3
MN
WiMAX
BS
ASN GW/FA
HA
Carrier 2 Network
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Call Procedure Flows
ASN Call Procedure Flows
This section provides information on the function of the ASN Gateway in a WiMAX network and presents call
procedure flows for different stages of session setup.
Functional Components for Handover
This section describes the functional components used during handover between ASN Gateways on R4 and R6
interfaces.
Anchor ASN Gateway
The anchor ASN Gateway is the ASN Gateway that holds the anchor data path functions for a given MS. As shown in
the following figure, the anchor ASN Gateway hosts the following functions:
Authenticator (includes Accounting Client)
Anchor DP function
DHCP proxy
PMIP client
MIP FA
Anchor SFA
DHCP proxy function
The ASN Gateway service IP address is the R6 and R4 tunnel endpoint and handles both R6 and R4 traffic.
Anchor Session
The following identifiers identify the anchor ASN Gateway session:
MSID
MS NAI
MS IP address
DHCP MAC address
The ASN Gateway session consists of an access R6 session and a MIP FA network session. The R6 session has a GRE
data path to a base station for an active session. In this session the ASN Gateway service IP address is the R6 and R4
tunnel endpoint and handles both R6 and R4 traffic.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
ASN Call Procedure Flows ▀
Upon initial network entry, when the DPF is in the anchor ASN Gateway, there is no R4 session. After a MS does a
handover to a target BS, it connects to the anchor GW over R4 via a different serving ASN Gateway. At this point, the
anchor GW session has an access R4 session and a MIP FA network session. The anchor GW can maintain the R6
session and a R4 session simultaneously.
Note that R6 and R4 tunnels are handled uniformly by the anchor GW as both are access-side tunnels. The anchor GW
can check the IP address of the non-anchor GW peer against the configured list of peer ASN Gateway‘s, so that it can
control which R4 connections are accepted.
The anchor GW handles all the Layer 3 processing for the subscriber without including any other rule and policy.
When an anchor GW receives a request message, it reads the source ID in this request and sends the response to this
source ID as destination ID. The anchor ASN Gateway remembers the source IP address of the peer from where the
message was received, if it is different from the source ID of the message. The response message is sent to this peer IP
address, which is the immediate peer.
Non-Anchor ASN Gateway
The non-anchor ASN Gateway hosts the following functions:
Serving DP Function: The subscriber data is not processed in the non-anchor GW. It relays the subscriber data
to anchor ASN Gateway over R4. When the inner IP packet emerges from R6 tunnel at the non-anchor ASN
Gateway, the packet is sent over R4 data path tunnel to the Anchor ASN Gateway.
Serving SFA Function: No packet classification is performed in this function. It provides only tunnel switching
between R4 to R6 or vice versa.
DHCP Proxy relay Function: DHCP messages are not processed in the non-anchor GW and relayed to the
DHCP proxy in the anchor ASN Gateway over R4. When the inner IP packet emerges from the R6 tunnel at
the non-anchor ASN Gateway, a check is made to see if DHCP proxy is co-located in the ASN Gateway. and
whether to process DHCP packet locally or not. If the session is not anchored locally, that is, the DHCP proxy
is not co-located, the non-anchor ASN Gateway sends the DHCP packet over an R4 data path tunnel to the
anchor ASN Gateway.
Relay Function: The non-anchor ASN Gateway provides relay functions to distribute received messages and
subscriber information. The message relay is supported for following functions:
Context transfer
Paging
Accounting
Authentication
Handover (HO)
Radio Resource Controller (RRC)
Non-Anchor Session
A non-anchor session is created upon receiving an R6 Data Path Registration Request from the target base station. Note
that the non-anchor ASN Gateway session is identified by MSID only. This non-anchor ASN Gateway does NOT know
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Call Procedure Flows
the MS NAI and MS IP address of the subscriber, since the authenticator, DHCP and PMIP functions are not exposed
here and the MSID is used as the username in session manager. The non-anchor session has the following attributes:
The Registration Type in the request is set to HO.
The Destination ID in the message does not match the destination IP address of the message. It needs to match
the anchor ASN Gateway ID in the message if an R6 and R4 Data Path setup is intended.
The anchor ASN Gateway is one of the peer ASN Gateway configured in the ASN Gateway service.
Initial Network Entry and Data Path Establishment without Authentication
This section describes the procedure of initial entry and data session establishment for a WiMAX subscriber station (SS)
or MS without authentication by ASN Gateway.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
ASN Call Procedure Flows ▀
Figure 65.
Initial Network Entry and Data Session Establishment without Authentication Call Flow
MS/SS
ASN-GW/
Authenticator
ASN BS
CSN/PDN/
Internet
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
16
DATA
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Call Procedure Flows
Table 42. Initial Network Entry and Data Session Establishment without Authentication Call Flow Description
Step
Description
1
MS performs initial ranging with the ASN BS. Ranging is a process by which an MS becomes time-aligned with the ASN
BS. The MS is synchronized with the BS at the successful completion of ranging and is ready to set up a connection.
2
MS sends basic capability exchange request (SBC-REQ) to ASN BS.
3
ASN BS sends MS-Pre-Attachment Request (authorization policy request) to ASN Gateway.
4
ASN Gateway sends MS-Pre-Attachment Response on the basis of authorization policy to ASN BS for MS.
5
ASN BS sends basic capability exchange response (SBC-RSP) to MS.
6
If authorization policy allows, ASN BS sends MS Pre-Attachment Acknowledgement to ASN Gateway.
7
MS sends Registration-Request (REG-REQ) to ASN BS.
8
ASN BS sends MS-Attachment-Request to ASN Gateway.
9
ASN Gateway sends MS-Attachment-Response to ASN BS and reserves the resource.
10
ASN BS sends Registration-Response to MS.
11
ASN BS sends MS-Attachment-Acknowledgement to ASN Gateway.
12
ASN Gateway sends Path Registration Request to ASN BS.
13
ASN BS creates 802.16 connection and establishes path with MS.
14
ASN BS sends Path Registration Response to ASN Gateway and ASN Gateway creates service flow with CSN over which
PDUs can be sent and received.
15
ASN Gateway sends Path Registration Acknowledgment to ASN BS.
16
GRE tunnel mapped to 802.16 connection between MS and ASN BS.
17
R6 GRE data path established between ASN BS and ASN Gateway and data flow starts.
Initial Network Entry and Data Path Establishment with Authentication (Single
EAP)
This section describes the procedure of initial entry and data session establishment for a WiMAX Subscriber Station
(SS) or MS with single EAP authentication.
The following figure provides a high-level view of the steps involved for initial network entry of an SS/MS with EAP
authentication and data link establishment. The following table explains each step in detail.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
ASN Call Procedure Flows ▀
Figure 66.
Initial Network Entry and Data Session Establishment with Authentication Call Flow
MS/SS
ASN-GW/
Authenticator
ASN BS
H-AAA
Server
CSN/PDN/
Internet
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
DATA
Table 43. Initial Network Entry and Data Session Establishment with Authentication Call Flow Description
Step
Description
1
MS performs initial ranging with the BS. Ranging is a process by which an MS becomes time aligned with the BS. The MS
is synchronized with the BS at the successful completion of ranging and is ready to set up a connection.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Call Procedure Flows
Step
Description
2
SS Basic capability exchange (SBC-REQ) between MS and BS starts and MS-Info-Request for authorization policy sent to
AAA client/authenticator in ASN Gateway.
3
AAA client/authenticator (ASN Gateway) sends MS-Info-Report to BS and BS sends SS Basic Capability Response (SBCRSP) to MS.
4
BS acknowledges the MS-Info-Report to AAA client/authenticator.
5
AAA client/authenticator (ASN Gateway) starts EAP transfer request to BS and MS.
6
MS and BS sends EAP transfer response to AAA client/authenticator.
7
The MS progresses to an authentication phase with home AAA Server. Authentication is based on PKMv2 as defined in the
IEEE standard 802.16 specification. EAP authentication process starts
8
EAP authentication successful and AAA client/authenticator starts security context transfer.
9
PKMv.2-RSP/EAP-Transfer/SA-TEK-Challenge-Request-Response/Key-Request-Response exchange between MS and
BS.
10
MS sends 802.16 Registration Request (REG-REQ) to ASN BS and ASN BS sends MS-Info-Request to AAA
client/authenticator.
11
AAA client/authenticator sends MS-Info-Report to BS and BS sends Registration Response (REG-RESP) to MS and MSInfo-Report Acknowledge to AAA client/authenticator.
12
ASN Gateway sends Path Registration Request to ASN BS.
13
ASN BS creates 802.16e connection and establishes path with MS.
14
ASN BS sends Path Registration Response to ASN Gateway and ASN Gateway creates service flow with CSN over which
PDUs can be sent and received.
15
ASN Gateway sends Path Registration Acknowledgment to ASN BS.
16
GRE tunnel mapped to 802.16 connection between MS and ASN BS.
17
R6 GRE data path established between ASN BS and ASN Gateway and data flow starts.
Unexpected Network Re-entry
An unexpected network re-entry is when a mobile station starts the process of initial network entry to the ASN Gateway
via the same or new base station while an existing call for the MS is still in progress or being set up. When this occurs,
the ASN Gateway‘s default behavior is to:
Accept the new call regardless of the existing call state if the pre-attachment request of the new call comes from
a different BS.
Accept the new call if the original call is in any state past the pre-attachment phase and the pre-attachment
request of the new call comes from the same BS.
Drop the original call in favor of new call.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
ASN Call Procedure Flows ▀
To disable this default behavior use the
command in the ASN
Gateway Service Configuration Mode. For more information regarding this command, refer to the Cisco Systems
Command Line Interface Reference.
MS Triggered Network Exit
This section describes the procedure of MS Triggered network exit for a WiMAX Subscriber Station (SS) or MS in
normal mode.
The following figure provides a high-level view of the steps involved for network exit of an SS/MS in normal mode.
The following table explains each step in detail.
Figure 67.
MS/SS
MS Triggered Network Exit Call Flow
ASN-GW/FA/
Authenticator
ASN BS
CSN HA
CSN/PDN/
Internet
H-AAA
Server
DATA
1
2
3
4
5
6
7
8
9
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Call Procedure Flows
Table 44. MS Triggered Network Exit Call Flow Description
Step
Description
1
MS sends DREG_REQ message to ASN BS in serving ASN, including De-Registration_Request Code=0x00.
2
ASN BS sends R6 Path_Dereg_Req message to ASN Gateway.
3
ASN Gateway/FA and HA starts MIP release procedure.
4
ASN Gateway/FA starts MS context delete procedure.
5
ASN Gateway sends Accounting-Stop-Request (Release Indication) message to AAA.
6
AAA replies with Accounting-Stop-Response message to ASN Gateway.
7
ASN Gateway/FA replies with Path_Dereg_Response message to ASN BS.
8
ASN BS sends DREG_CMD message to MS, including Action Code=0x04.
9
ASN BS sends R6 Path_Dereg_Ack to the ASN Gateway and related entities releases the retained MS context and the
assigned data path resource for the MS.
Network Triggered Network Exit
This section describes the procedure of a network triggered network exit for a WiMAX Subscriber Station (SS) or MS
in normal mode.
The following figure provides a high-level view of the steps involved for a network-triggered network exit of an SS/MS
in normal mode. The following table explains each step in detail.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
ASN Call Procedure Flows ▀
Figure 68.
MS/SS
Network Triggered Network Exit Call Flow
ASN-GW/FA/
Authenticator
ASN BS
CSN HA
CSN/PDN/
Internet
H-AAA
Server
DATA
1
2
3
4
5
6
7
8
9
10
11
Table 45. Network Triggered Network Exit Call Flow Description
Step
Description
1
Network entities, such as AAA Server, ASN Gateway FA/HA, trigger Session Release Trigger to ASN BS. This can be
from H-AAA ServerAnchor ASN Gateway/FA/HAServing ASN BS, etc.
2
ASN BS sends DREG_CMD message to MS, including Action Code=0x00 to indicate MS existing network.
3
IP session for DHCP/MIP release starts between MS and network entities.
4
MS sends DREG_REQ to ASN BS with De-Registration_Request_Code=0x02.
5
ASN BS sends Path_Dereg_Req message to ASN Gateway.
6
ASN Gateway/FA and HA starts MIP release procedure.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Call Procedure Flows
Step
Description
7
ASN Gateway/FA exchanges NetExit_MS_State_Change_Req and NetExit_MS_State_Change_Rsp messages with the
anchor accounting client, anchor authenticator, and MIP client to delete MS contexts.
8
ASN Gateway sends Accounting-Stop-Request (Release Indication) message to H-AAA.
9
AAA replies with Accounting-Stop-Response message to ASN Gateway.
10
ASN Gateway/FA replies with Path_Dereg_Response message to ASN BS.
11
ASN BS sends R6 Path_Dereg_Ack to the ASN Gateway and related entities releases the retained MS context and the
assigned data path resource for the MS.
Intra-ASN Gateway Handover
This section describes the handover procedure between two ASN BSs connected to one ASN Gateway. The ASN
Gateway supports following types of handover:
Intra-anchor ASN Gateway Uncontrolled Handover
Intra Non-anchor ASN Gateway Uncontrolled Handover
Intra-anchor ASN Gateway Controlled Handover
Intra Non-anchor ASN Gateway Controlled Handover
Details regarding controlled and uncontrolled handovers for the anchor ASN gateways are provided below.
Intra-anchor ASN Gateway Uncontrolled Handover
This section describes the procedure for an uncontrolled intra-anchor ASN Gateway handover for a WiMAX Subscriber
MS.
The following figure provides a high-level view of the steps involved in an intra-anchor ASN Gateway uncontrolled
handover of an SS/MS. The following table explains each step in detail.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
ASN Call Procedure Flows ▀
Figure 69.
Intra-ASN Gateway Uncontrolled Handover Call Flow
MS/SS
Anchor
ASN-GW
Serving
ASN BS
Target
ASN BS
DATA
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Table 46. Intra-ASN Gateway Uncontrolled Handover Call Flow Description
Step
Description
1
MS sends RNG-REQ message to target ASN BS.
2
Target ASN BS sends Context-Request message to anchor ASN Gateway for this MS.
3
Anchor ASN Gateway forwards Context-Request message to serving ASN BS.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Call Procedure Flows
Step
Description
4
Serving ASN BS sends Context-Report message with MS context information to anchor ASN Gateway.
5
Anchor ASN Gateway forwards Context-Report message with MS context information to target ASN BS.
6
Target ASN BS sends Path Registration Request to anchor ASN Gateway.
7
Anchor ASN Gateway replies with Path Registration Response to target ANS BS.
8
Target ANS BS sends ranging response with RNG_RSP message to MS.
9
Target ASN BS sends Path Registration Acknowledge to anchor ASN Gateway.
10
R6 GRE data path established between target ASN BS and anchor ASN Gateway and data flow starts.
11
Target ASN BS sends CMAC Key Count Update message to anchor ASN Gateway.
12
Anchor ASN Gateway replies with CMAC Key Count Update ACK message to target ASN BS.
13
Anchor ASN Gateway sends Path_De-Reg_Req message to release data path to serving BS.
14
Serving ASN BS sends Path_De-Reg_Rsp message to anchor ASN Gateway.
15
R6 GRE data path terminated between serving ASN BS and anchor ASN Gateway.
Intra-anchor ASN Gateway Controlled Handover
An intra-anchor ASN Gateway controlled handover consists of the following types and phases.
MS Initiated Intra-anchor ASN Gateway Controlled Handover
This section describes the intra-anchor ASN Gateway controlled handover between two base stations initiated by a
mobile station.
HO Preparation Phase
This is the initial phase for a controlled handover between two BSs.
The following figure and table describe the call flow for the steps involved in an uncontrolled intra-ASN Gateway
handover preparation phase between two BSs.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
ASN Call Procedure Flows ▀
Figure 70.
MS initiated Uncontrolled Intra-ASN Gateway Handover Preparation Phase
Serving
ASN BS
MN
Anchor ASN-GW/
Authenticator
Target
ASN BS
Data Path Established
Mob_Msho-Req
1
HO-Req
2
R8_HO_Req_Timer
4
5
3
HO-Rsp
Mob_Msho-Rsp
HO-Ack
6
Table 47. MS initiated Uncontrolled Intra-ASN Gateway Handover Preparation Phase Description
Step
Description
1
MS sends MOB_MSHO_REQ messages to serving BS
2
Upon receiving MS initiated handover request (MOB_MSHO_REQ), the serving BS sends HO_Req messages to target BS
selected by MS and starts R8_HO_Req timer
3
Targeted BS tests the acceptability of the requested HO by comparing the amount of available resources and required
bandwidth/QoS parameters in the HO request received from serving BS
4
Once a target BS accepts the request it sends the HO_Rsp message to the serving BS
5
Serving BS sends MOB_MSHO_RSP response t o MS
6
Serving BS sends HO_Ack message to the target BS and HO preparation phase is completed
HO Action Phase
The following figure and table describe the call flow for the steps involved in uncontrolled intra-ASN Gateway
handover action phase between two BSs.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Call Procedure Flows
Figure 71.
MS initiated Uncontrolled Intra-ASN Gateway Handover Action Phase
Serving
ASN BS
MN
Anchor ASN-GW/
Authenticator
Target
ASN BS
Data Path Established
Mob_Ho_Ind
1
HO-Conf
2
R8_HO_Req_Timer
3
HO-Ack
MAC_Context-Req
4
MAC_Context-Req
5
MAC_Context-Rep
6
Auth_Context-Req
RNG-Req
10
7
8
9
MAC_Context-Rep
Auth_Context-Rep
Network Re-entry Completion
DP_Reg-Req
11
12
DP_Reg-Ack
DP_Reg-Rsp
13
R6 DP Established
14
Key_Count-Update
15
Key_Count-Ack
Data Path Established
16 (DP De-registration Process)
17
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
ASN Call Procedure Flows ▀
Table 48. MS initiated Uncontrolled Intra-ASN GW Handover Phase
Step
Description
1
Once HO preparation phase is completed and target BS receives HO-Ack message, the MS sends MOB_HO-IND messages
to the serving BS.
2
The serving BS sends HO_Conf messages to the selected target BS with other context information and starts
R8_HO_Confirm Timer.
3
The target BS accepts the request and sends the HO_Ack message to serving BS and serving BS stops R8_HO_Confirm
Timer.
4
Target BS sends MAC Context Request message to the anchor ASN Gateway.
5
The anchor ASN Gateway forwards the MAC Context Request to the serving BS.
6
Serving BS sends MAC Context Report information to anchor ASN Gateway.
7
Anchor ASN Gateway forwards MAC Context Report information to the target BS.
8
Target BS sends Authentication Context Request to anchor ASN Gateway.
9
Anchor ASN Gateway transfers Authentication Context information to target BS.
10
MS starts ranging with target BS and sends RNG-REQ to the target BS and network reentry completed.
11
Target BS sends Data Path Registration Request to anchor ASN Gateway.
12
Anchor ASN Gateway sends Data Path Registration Response to target BS.
13
Target BS sends Data Path Registration Ack message to Anchor ASN Gateway and R6 data path is established.
14
Target BS sends CMAC Key count Update message to anchor ASN Gateway.
15
Anchor ASN Gateway sends CMAC Key Count Update Ack message to target BS and handover completed.
16
Anchor AS NGW starts Data Path De-registration process with serving BS.
17
Serving BS releases all resources and terminates data path with MS.
BS Initiated Intra Anchor ASN Gateway Controlled Handover
This section describes the intra-anchor ASN Gateway controlled handover between two base stations initiated by
serving base station.
HO Preparation Phase
This is the initial phase for a controlled handover between two BSs.
The following figure and table describe the call flow for the steps involved in uncontrolled intra-ASN Gateway
handover preparation phase between two BSs.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Call Procedure Flows
Figure 72.
BS initiated Uncontrolled Intra-ASN Gateway Handover Preparation Phase
Serving
ASN BS
MN
Target
ASN BS
Anchor ASN-GW/
Authenticator
Data Path Established
HO-Req
1
R8_HO_Req_Timer
3
4
HO-Rsp
Mob_Bsho-Req
HO-Ack
Table 49.
2
5
BS initiated Uncontrolled Intra-ASN Gateway Handover Preparation Phase Description
Step
Description
1
In BS initiated HO scenario, the serving BS sends HO_Req messages to target BS from its peer list and starts R8_HO_Req
timer.
2
Targeted BS tests the acceptability of the requested HO by comparing the amount of available resources and required
bandwidth/QoS parameters in the HO request received from serving BS.
3
Once a target BS accepts the request it sends the HO_Rsp message to the serving BS.
4
Serving BS sends MOB_MSHO_RSP response t o MS.
5
Serving BS sends HO_Ack message to the target BS and HO preparation phase is completed.
HO Action Phase
The following figure and table describe the call flow for the steps involved in an uncontrolled intra-ASN Gateway
handover action phase between two BSs.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
ASN Call Procedure Flows ▀
Figure 73.
MN
BS initiated Uncontrolled Intra-ASN Gateway Handover Action Phase
Serving
ASN BS
Anchor ASN-GW/
Authenticator
Target
ASN BS
Data Path Established
HO-Conf
2
R8_HO_Req_Timer
3
HO-Ack
MAC_Context-Req
4
MAC_Context-Req
5
MAC_Context-Rep
6
Auth_Context-Req
RNG-Req
10
7
8
9
MAC_Context-Rep
Auth_Context-Rep
Network Re-entry Completion
DP_Reg-Req
11
12
DP_Reg-Ack
DP_Reg-Rsp
13
R6 DP Established
14
Key_Count-Update
15
Key_Count-Ack
Data Path Established
16 (DP De-registration Process)
17
Table 50.
BS initiated Uncontrolled Intra-ASN Gateway Handover Action Phase Description
Step
Description
1
Handover preparation phase is completed and data path is established.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Call Procedure Flows
Step
Description
2
The serving BS sends HO_Conf messages to the selected target BS with other context information and starts
R8_HO_Confirm Timer.
3
The target BS accepts the request and sends the HO_Ack message to serving BS and serving BS stops R8_HO_Confirm
Timer.
4
Target BS sends MAC Context Request message to the anchor ASN Gateway.
5
The Anchor ASN Gateway forwards the MAC Context Request to the serving BS.
6
Serving BS sends MAC Context Report information to anchor ASN Gateway.
7
Anchor ASN Gateway forwards MAC Context Report information to the target BS.
8
Target BS sends Authentication Context Request to anchor ASN Gateway.
9
Anchor ASN Gateway transfers Authentication Context information to target BS.
10
MS starts ranging with target BS and sends RNG-REQ to the target BS and network reentry completed.
11
Target BS sends Data Path Registration Request to anchor ASN Gateway.
12
Anchor ASN Gateway sends Data Path Registration Response to target BS.
13
Target BS sends Data Path Registration Ack message to anchor ASN Gateway and R6 data path established.
14
Target BS sends CMAC Key count Update message to anchor ASN Gateway.
15
Anchor ASN Gateway sends CMAC Key Count Update Ack message to target BS and handover completed.
16
Anchor AS NGW starts Data Path De-registration process with serving BS.
17
Serving BS releases all resources and terminates data path with MS.
Inter-ASN Gateway Handover
This section describes the procedure of inter-ASN Gateway handovers through an R4 interface for a WiMAX
Subscriber Station (SS). The R4 reference is the interface over which ASN control and data messages are exchanged
between two ASN Gateways, either within the same ASN or across separate ASNs.
For a given subscriber, a WiMAX session may be handled by ASN Gateway functions located in different physical
nodes in the network. For example, the authenticator and FA may be located in ASN Gatewayx and the R6 Data Path
Function in ASN Gatewayy. The various ASN Gateway functions communicate over the R4 interface.
The following inter-ASN Gateway handover scenarios are supported on the ASN Gateway over the R4 interface:
Important:
Not all features are supported on all platforms.
Controlled Anchor ASN Gateway to Non-Anchor ASN Gateway Handover
Controlled Non-Anchor ASN Gateway to Anchor ASN Gateway Handover
Controlled Non-Anchor ASN Gateway to Non-Anchor ASN Gateway Handover
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
ASN Call Procedure Flows ▀
Uncontrolled Anchor ASN Gateway to Non-Anchor ASN Gateway Handover
Uncontrolled Non-Anchor ASN Gateway to Anchor ASN Gateway Handover
Uncontrolled Non-Anchor ASN Gateway to Non-Anchor ASN Gateway Handover
ASN Gateway Function for Handovers
An ASN Gateway configured for inter-ASN Gateway handovers requires the following functionality to support the
handover via an R4 interface.
The following figure provides a high-level view of the components and functions distribution in ASN Gateway.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Call Procedure Flows
Figure 74.
Distribution of Components and Function in ASN Gateway for Handover
Anchor ASN
GW
To ASN BS(s)
R6
Authenticator
(AAA Client +
Accounting)
DHCP Proxy
Relay
Anchor Service
Flow Auth.
(A-SFA)
Proxy MIP Client
Anchor Data
Path Function
(A-DPF)
Mobile IP
Foreign Agent
(MIP FA)
Context Function
Paging
Controller/
Location Updator
To ASN HA
R3
R4
To ASN BS(s)
R6
Authenticator
(AAA Client +
Accounting)
Paging
Controller/
Location Updator
Serving Service
Flow Auth
(S-SFA)
Proxy MIP Client
Serving Data
Path Function
(S-DPF)
Mobile IP
Foreign Agent
(MIP FA)
Context Function
DHCP Proxy
Relay
Non-Anchor ASN
GW
Controlled Anchor ASN Gateway to Non-Anchor ASN Gateway Handover
For Controlled handovers, the ASN Gateway provides and/or supports the following functions:
Message Relay: The ASN Gateway provides the passive relay function for HO Request, HO Response, HO Ack,
HO Confirm, and HO Complete messages in a stateless fashion. The gateway keeps the statistics of the
different types of messages it has relayed. Retransmission of these messages is handled by the BS.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
ASN Call Procedure Flows ▀
The serving BS generates these messages. The serving BS generates a different HO Request transaction for
each target BS. In other words, the gateway does not generate multiple HO Request messages after receiving a
single HO Request message with multiple target BSs. Generally, the HO transaction is initiated by the serving
BS which also chooses the selected target BS to which the handover will take place.
Security Context Retrieval: The ASN Gateway supports the retrieval of the security context using Context
Request and Context Report messages. This retrieval is also stateless. The context retrieval operation can be
performed at any time during the lifetime of a call.
Data Path Registration: After Pre-Registration, the target BS performs Data Path Registration. Data Path
Registration is performed using a 3-way handshake. If Pre-Registration has occurred, the Data Path
Registration messages do not contain any service flow information.
If Pre-Registration has not occurred, the Data Path Registration messages carry the service flow
information.
Data Path Pre-Registration and Data Path Registration is initiated by the BS.
Preparation Phase
The following figure and table provides a high-level view of the steps involved during the preparation phase of a
controlled inter-ASN Gateway handover of an SS/MS from an anchored gateway to a non-anchored gateway.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Call Procedure Flows
Figure 75.
Controlled Inter-ASN Gateway Handover Procedure - Preparation Phase
Serving
ASN BS
MS/SS
Anchor
ASN-GW
Target
ASN BS
Non-Anchor
Target ASN -GW
DATA
1
2
3
4
5
6
7*
8*
9*
10*
11*
12*
13
14
15
Table 51. Controlled Inter-ASN Gateway Handover Procedure - Preparation Phase Description
Step
Description
1
MS sends a MOB_MSHO-REQ message to the serving ASN BS.
2
Serving ASN BS sends a Handover Request message to the target ASN BS.
3
Target ASN BS sends a Context-Request message to the target non-anchor ASN Gateway for this MS.
4
Target non-anchor ASN Gateway forwards the Context-Request message to the anchor ASN Gateway.
5
Anchor ASN Gateway sends a Context-Report message to the target non-anchor ASN Gateway.
6
Target non-anchor ASN Gateway forwards the Context-Report message to the target ASN BS.
7
Target ASN BS sends a Path Pre-Registration Request message to the target non-anchor ASN Gateway. Pre-registration is
optional.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
ASN Call Procedure Flows ▀
Step
Description
8
Target non-anchor ASN Gateway forwards the Path Pre-Registration Request message to the anchor ASN Gateway. Preregistration is optional.
9
Anchor ASN Gateway sends a Path Pre-Registration Response message to the target non-anchor ANS GW. Pre-registration
is optional.
10
Target non-anchor ASN Gateway forwards the Path Pre-Registration Response message to the target ASN BS. Preregistration is optional.
11
Target ASN BS sends a Path Pre-Registration Acknowledge message to the target non-anchor ASN Gateway. Preregistration is optional.
12
Target non-anchor ASN Gateway forwards the Path Pre-Registration Acknowledge message to the anchor ASN Gateway.
Pre-registration is optional.
13
Target BS sends a Handover Response message to the serving BS.
14
Serving BS sends a MOB_BSHO-RSP message to the MS.
15
Serving BS sends a Handover Acknowledge message to the target BS.
Action Phase
The following figure and table provides a high-level view of the steps involved during the action phase of a controlled
inter-ASN Gateway handover of an SS/MS from an anchored gateway to a non-anchored gateway.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Call Procedure Flows
Figure 76.
Controlled Inter-ASN Gateway Handover Procedure - Action Phase
Anchor
ASN-GW
Serving
ASN BS
MS/SS
Target
ASN BS
Non-Anchor
Target ASN -GW
DATA
1
2
3
4
5
3
4
8
9
10
11
12
13
14
Table 52. Controlled Inter-ASN Gateway Handover Procedure - Action Phase Description
Step
Description
1
MS sends a MOB_MSHO-IND message to the serving ASN BS.
2
Serving ASN BS sends a Handover Confirm message to the target ASN BS.
3
Target ASN BS sends a Handover Acknowledge message to the serving ASN BS.
4
MS moves off of the serving ASN Gateway and re-enters the network through target ASN BS.
5
Target ASN BS sends a Path Registration Request message to the target non-anchor ASN Gateway.
6
Target non-anchor ASN Gateway forwards the Path Registration Request message to the anchor ASN Gateway.
7
Anchor ASN Gateway sends a Path Registration Response message to the target non-anchor ANS GW.
8
Target non-anchor ASN Gateway forwards the Path Registration Response message to the target ASN BS.
9
Target ASN BS sends a Path Registration Acknowledge message to the target non-anchor ASN Gateway.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
ASN Call Procedure Flows ▀
Step
Description
10
Target non-anchor ASN Gateway forwards the Path Registration Acknowledge message to the anchor ASN Gateway.
11
Target non-anchor ASN Gateway sends/receives CMAC Key Count Update and Acknowledge messages to/from anchor
ASN Gateway.
12
Target ASN BS sends a Handover Complete message to the serving ASN BS.
13
Anchor ASN Gateway sends/receives Path De-Reg Req/Rsp/Ack messages (to release the data path) to/from Serving BS.
14
R6 GRE data path terminated between Serving ASN BS and Anchor ASN Gateway.
Uncontrolled Anchor ASN Gateway to Non-Anchor ASN Gateway Handover
The following figure and table provides a high-level view of the steps involved in an uncontrolled inter-ASN Gateway
handover of an SS/MS from an anchored gateway to a non-anchored gateway.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Call Procedure Flows
Figure 77.
MS/SS
Uncontrolled Inter-ASN Gateway Handover Procedure
Anchor
ASN-GW
Serving
ASN BS
Target
ASN BS
Non-Anchor
Target ASN -GW
DATA
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
16
17
18
Table 53. Uncontrolled Inter-ASN Gateway Handover Procedure Description
Step
Description
1
MS sends RNG-REQ message to target ASN BS.
2
Target ASN BS sends Context-Request message to serving ASN BS.
3
Serving ASN BS sends Context-Report message with MS context information to target ASN BS.
4
Target ASN BS sends Context-Request message to target non-anchor ASN Gateway.
5
Target non-anchor ASN Gateway forwards Context-Request message to anchor ASN Gateway.
6
Anchor ASN Gateway sends Context-Report message with MS context information to target non-anchor ASN Gateway.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
ASN Call Procedure Flows ▀
Step
Description
7
Target non-anchor ASN Gateway forwards Context-Report message to target ASN BS.
8
Target ASN BS sends Path Registration Request to target non-anchor ASN Gateway.
9
Target non-anchor ASN Gateway forwards Path Registration Request to anchor ASN Gateway.
10
Anchor ASN Gateway replies with Path Registration Response to target non-anchor ANS GW.
11
Target non-anchor ASN Gateway forwards Path Registration Response to target ASN BS.
12
Target ANS BS sends ranging response with RNG_RSP message to MS.
13
Target ASN BS sends Path Registration Acknowledge to target non-anchor ASN Gateway.
14
Target non-anchor ASN Gateway forwards Path Registration Acknowledge to anchor ASN Gateway.
15
R6 GRE data path established between Target ASN BS and anchor ASN Gateway. Data flow starts.
16
Target ASN BS sends/receives CMAC Key Count Update and Acknowledge messages to/from anchor ASN Gateway via
target non-anchor ASN Gateway.
17
Anchor ASN Gateway sends/receives Path De-Reg Req/Rsp/Ack messages to release data path to/from serving BS.
18
R6 GRE data path terminated between Serving ASN BS and anchor ASN Gateway.
RADIUS-based Prepaid Accounting for WiMax
Online accounting is set up by the exchange of RADIUS Access-Request and Access-Accept packets. The initial
Access-Request packet from the ASN GW and/or the home agent includes a prepaid accounting capability (PPAC)
vendor specific attribute too the prepaid server (PPS). This indicates support for online accounting at the ASN and/or
the home agent. If the subscriber‘s session requires online charging, the PPS assigns a prepaid accounting quota (PPAQ)
to the PPC with RADIUS Access-Accept packets. As the session continues, the PPC and the PPS replenish the quotas
by exchanging RADIUS packets.
Note the following:
ASN GW operates as the prepaid client (PPC).
In the case of a mobile IP call, both the ASN GW and the home agent work independently as the prepaid client.
Both the ASN GW and the home agent send online access requests to the configured RADIUS servers
independently.
Only session-based online accounting is supported.
Obtaining More Quota after the Quota is Reached
The following figure and table provide a high-level view of the steps involved in allocating additional quotas for prepaid
calls once the original quota is reached.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Call Procedure Flows
Figure 78.
Call Flow Showing How Additional Quota is Obtained
ASN-GW
(PPC)
MS
PPS
(H-AAA)
1
Access-Request/PPAC
2
Access-Accept/PPAC
Threshold Reached
IP Datagrams
3
Access-Request/PPAC
4
Access-Accept/PPAC
Threshold Reached
IP Datagrams
5
Access-Request/PPAC
6
Access-Accept/PPAC
Quota Expiry
IP Datagrams
7
Access-Request/PPAC
8
Access-Accept
Table 54. Call Flow Showing How Additional Quota is Obtained
Step
Description
1
During network entry, a NAS sends an Access-Request packet to the HCSN. If the NAS supports a PPC, the NAS includes
the PPAC attributes, indicating it prepaid capabilities.
2
If the subscriber session is a prepaid session, the PPS (HAAA) assigns the initial prepaid quota(s) by including one or more
PPAQ attributes in the Access-Accept packet.
3
Once the threshold for the quota(s) is reached, the PPC sends an Authorize-Only Access-Request to request additional
quota. The request contains one or more PPAQs that indicate which quota(s) need to be replenished to the PPS.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
ASN Call Procedure Flows ▀
Step
Description
4
The PPS responds with an Access-Accept packet that contains one or more replenished quotas.
5
Once again, a threshold is reached for one or more of the quotas. The PPC sends an Authorize-Only Access-Request to the
PPS to request more quota.
6
The PPS responds with the final quota in an Access-Accept. The final quota is indicated by the presence of the TerminateAction subtype. The Terminate-Action subtype includes the action for the PPC to take once the quota is reached.
7
The quota expires. The PPC sends an Authorize-Only Access-Request packet to indicate that the quota has expired.
8
The PPS responds with an Access-Accept. If there are additional resources, the PPS allocates additional quotas and the
service continues.
Applying HTTP Redirection Rule when Quota is Reached
The following figure and table provide a high-level view of the steps showing how the HTTP Redirection Rule is
applied once a quota is reached.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Call Procedure Flows
Figure 79.
MS
Call Flow for Applying HTTP Redirection Rule on Quota-Reach
ASN-GW
PPS
AAA Server
Portal
Internet
1
Normal Internet traffic
Quota Reached
2
Online Access Request
sent after quota reached
3
Access-Accept with
Termination -Action=Redirect/
Filter and HTTP-RedirectionRule
User recharged
4
MS has recharged from portal
during HTTP redirection
5
PPS updates AAA
server with
recharged quota
attributes for the
MS
6
CoA from AAA server to
PPAC with HTTPRedirection-Rule to clear,
and with new quota
attributes in PPAQ
7
Normal Internet traffic
Table 55. Call Flow for Applying HTTP Redirection Rule on Quota-Reach
Step
Description
1
The Volume or Duration quota is reached. The Termination-Action is Request More Quota.
2
The PPC sends an Online Access Request to the AAA server and waits for Access-Accept.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
ASN Call Procedure Flows ▀
Step
Description
3
The Access-Accept is received. It contains no additional quota attributes. The Termination-Action is Redirect/Filter. There
is an HTTP Redirection Rule with redirect rule present in the Access-Accept.
4
The PPC (home agent) applies the HTTP Redirection Rule for the HTTP traffic. All other traffic is dropped. During this
period, the MS recharges from the portal.
5
The PPC sends updated quota attributes to the AAA server based on the MS recharge from the portal.
6
The AAA server sends a CoA message to the PPC (home agent) with the new quota attributes in PPAQ and also sends the
HTTP Redirection Rule to clear the HTTP Redirection rule at the PPC.
7
Normal traffic, including HTTP traffic, is allowed, per the new quota attributes.
Applying HTTP Redirection Rule CoA is Received
The following figure and table show the steps involved in applying the HTTP Redirection Rule when the PPAC receives
a change of authorization (CoA) from a AAA server.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Call Procedure Flows
Figure 80.
MS
Call Flow for Applying HTTP-Redirection Rule when CoA is Received
ASN-GW
PPS
AAA Server
Portal
Internet
1
Normal Internet traffic
2
PPS updates AAA
server so that AAA
dynamically
enforces HTTPRedirection-Rule at
PPAC
3
CoA with HTTP-RedirectionRule
User recharged
4
MS has recharged from portal
during HTTP redirection
5
PPS updates AAA
server with
recharged quota
attributes for the
MS
6
CoA from AAA server to
PPAC with HTTPRedirection-Rule to clear,
and with new quota
attributes in PPAQ
7
Normal Internet traffic
Table 56. Call Flow for Applying HTTP-Redirection Rule Received by CoA
Step
Description
1
The PPS updates the AAA server so that the AAA server dynamically enforces HTTP Redirection Rule at the PPC.
2
The AAA server sends a CoA message to the PPC (home agent) with the HTTP Redirection Rule.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
ASN Call Procedure Flows ▀
Step
Description
3
The PPC (home agent) applies the HTTP Redirection Rule for the HTTP traffic. All other traffic is dropped. During this
period, the MS is recharged from the portal.
4
The PPC sends updated quota attributes to the AAA server based on the MS recharge from the portal.
5
The AAA server sends a CoA message to the PPC (home agent) with the new quota attributes in PPAQ and also sends the
HTTP Redirection Rule to clear the HTTP Redirection rule at the PPC.
6
Normal traffic, including HTTP traffic, is allowed, per the new quota attributes.
Terminating the Call when Quota is Reached
The following figure and table provide a high-level view of the steps involved in allocating additional quotas for prepaid
calls once the original quota is reached.
Figure 81.
MS
Call Flow for Terminating the Call on Quota-Reach
ASN-GW
AAA Server
Internet
1
Normal Internet traffic
Quota Reached
2
Online Access-Request
sent after quota reached
3
Access-Accept with same quota
attributes. (No additional-quota and
Termination -Action=Terminate
Session Termination
4
Final Online Access-Request
sent after quota reached
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ ASN Call Procedure Flows
Table 57. Call Flow for Terminating the Call on Quota-Reach
Step
Description
1
Volume or Duration quota is reached. If the termination-action is Request-More-Quota, step 2 occurs next. If terminationaction is Terminate, step 4 occurs next.
2
If the termination-action is Request-More-Quota, the PPC sends an Online-Access-Request to the AAA server and waits for
Access-Accept.
3
The PPC receives the Access-Accept, which contains no additional quota attributes.
4
Session is terminated at the PPC (home agent) and at the ASN GW.
5
The PPC sends the final Online-Access-Request.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
CSN Procedure Flows ▀
CSN Procedure Flows
This section provides an overview of CSN procedure and working of ASN Gateway in CSN procedure.
Following procedures are discussed in this section:
PMIP4 Connection Setup and Call Flow with DHCP Proxy
This section describes the CSN procedure of simple IP with DHCP proxy triggering PMIPv4 for a WiMAX subscriber.
The following figure and table provide a high-level view of the steps involved in PMIP4 connection and call flow of an
SS/MS.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ CSN Procedure Flows
Figure 82.
PMIP4 Connection Setup Call Flow
ASN GW/PMIP/ FA/
DHCP Proxy
MS/SS
CSN HA
1
2
3
4
5
6
7
8
9
Table 58. PMIP4 Connection Setup Call Flow Description
Step
Description
1
Initial network entry completed as described in ASN Procedures.
2
MS sends DHCP DISCOVER message to DHCP Proxy (co-located with ASN Gateway) to discover a DHCP server for IP
host configuration.
3
Upon receiving the DHCP DISCOVER message, the DHCP Proxy in the NAS triggers the PMIP4 client to initiate 8 the
Mobile IPv4 Registration procedure.The PMIP4 client uses the HoA information and constructs a Mobile IPv4 Registration
Request message and sends the Mobile IPv4 Registration Request to the FA address. The FA forwards the registration
request to the CSN HA.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
CSN Procedure Flows ▀
Step
Description
4
CSN HA processes the MIPv4 Registration Request.If a HoA is 0.0.0.0 in the Mobile IP Registration Request message, the
HA assigns a HoA. Otherwise, the HoA in the Mobile IP Registration Request message is used.
5
The HA responds with the Mobile IP Registration Response message.The source address for this Mobile IPv4 message
over R3 is HA, and the destination address is FA-CoA.The FA forwards the message to the PMIP4 client. The PMIP4
client passes this information to the DHCP proxy.
6
The DHCP proxy sends the DHCP OFFER message to the MS.
7
MS sends a DHCP REQUEST to the DHCP Proxy with the information received in the DHCP OFFER.
8
The DHCP Proxy acknowledges the use of this IP address and other configuration parameters by sending the DHCP ACK
message.
9
WiMAX session established between MS and CSN HA.
PMIP4 Session Release
This section describes the CSN procedure of PMIPv4 session release during a WiMAX subscriber session.
The following figure and table provide a high-level view of the steps involved in PMIPv4 session release and
termination of connection an SS/MS.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ CSN Procedure Flows
Figure 83.
PMIP4 Session Release Call Flow
ASN GW/PMIP/ FA/
DHCP Proxy
MS/SS
CSN HA
1
2
3
4
5
Table 59. PMIP4 Session Release Call Flow Description
Step
Description
1
The session release trigger send by MS sending DHCP-Release message to the ASN GS or DHCP proxy has expired on
lease time or FA initiates session release.
2
ASN Gateway initiates the session release with PMIPv4 client by sending FA_Revoke_Req and sends PMIP De-Reg RRQ
(Registration Revocation) message to CSN HA.
3
CSN HA starts release of MIP binding.
4
CSN HA sends PMIP De-Reg RRQ (Registration Revocation) message to ASN Gateway and PMIP client sends
GA_Revoke_Rsp message to ASN Gateway.
9
WiMAX session terminated between MS and CSN HA.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
WiMAX Deployment with Legacy Core Networks ▀
WiMAX Deployment with Legacy Core Networks
ASN Gateway Interoperability with 3GPP Overlay
The following figure shows a typical interoperability scenario between WiMAX and 3GPP legacy networks with
reference points and interfaces.
Figure 84.
ASN Gateway with 3GPP Overlay
WiMAX Elements
3GPP Network
ASN
3GPP AAA
Server
ASN-GW
Wa
R6
CSN
R1
R3
WAG
BS
Wn
R4
WiMAX
SS/MS
R6
BS
R3
HA
PDG
Wp
Wi/
Gi
3GPP PS
Services
CSN IWU
ASN-GW
Wu
ASN Gateway Interoperability with 3GPP2 Overlay
The following figure shows a typical interoperability scenario between WiMAX and 3GPP2 legacy networks with
reference points and interfaces.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ WiMAX Deployment with Legacy Core Networks
Figure 85.
ASN Gateway with 3GPP2 Overlay
WiMAX Elements
3GPP2 Network
ASN
3GPP2 AAA
Server
ASN-GW
Wa
R6
CSN
R1
R3
PDG/PDSN
BS
PDN
Wn
R4
WiMAX
SS/MS
R6
BS
Internet
R3
HA
CSN IWU
ASN-GW
Wu
Session Continuity Support for 3GPP2 and WiMAX Handovers
This feature provides seamless 3GPP2 session mobility for WiMAX subscribers and other access technology
subscribers. With the implementation of this feature, the HA can be configured for:
3GPP2 HA service
3GPP HA service
WiMAX HA service
A combination of 3GPP2 and WiMAX HA services
The above configurations provide the session continuity capability that enables a dual-mode device (a multi-radio
device) to continue its active data session as it changes its active network attachment from 3GPP2 to Wimax and vice
versa, with no perceived impact from a user perspective. This capability brings the following benefits:
Common billing and customer care
Accessing home 3GPP2 service through Wimax network and vice versa
Better user experience with seamless session continuity
For more information on this support, refer to the HA Administration Guide.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Gateway Overview
Supported Standards ▀
Supported Standards
WiMAX/IEEE References
WiMAX ASN Profiles, WiMAX Forum
Initial Network Entry Stage 3 Draft Specification WiMAX Forum
Procedures and Messages for ASN Anchored Mobility with Profile C: Stage 3 draft, WiMAX Forum
Procedures for CSN Anchored Mobility Stage 3 draft, WiMAX Forum
―WiMAX End-to-End Network Systems Architecture: Stage 2 Draft Specification‖, Release 1.0.0 Draft, March
28, 2007, WiMAX Forum
―WiMAX End-to-End Network Systems Architecture: Stage 3: Detailed Protocols and Procedures‖, Release
1.0.0 Draft, March 28, 2007, WiMAX Forum
IEEE Standards
IEEE 802.16e/D12 September 2005, Local and Metropolitan Area Networks – Part 16: Air Interface for Fixed
Broadband Wireless Access Systems, Feb 2006.
802.1Q VLAN Standard
IETF References
RFC-1701, Generic Routing Encapsulation (GRE), October 1994
RFC-2131, Dynamic Host Configuration Protocol (DHCP), March 1997
RFC-2794, Mobile NAI Extension
RFC-2865, Remote Authentication Dial In User Service (RADIUS), June 2000
RFC-2866, RADIUS Accounting, June 2000
RFC-3012, Mobile Ipv4 Challenge/Response Extensions, November 2000
RFC-3024, Reverse Tunneling for Mobile IP, revised, January 2001
RFC-3046, DHCP Relay Agent Information Option, January 2001
RFC-3344, Mobile IP support for Ipv4, August 2002
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Gateway Overview
▀ Supported Standards
RFC-3579, RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication
Protocol (EAP), September 2003
RFC-3588, Diameter Base Protocol, September 2003
RFC-3748, Extensible Authentication Protocol, June 2004
RFC 1918, NWG, Stage 2 Architecture, 121505
RFC 3115, Mobile IP Vendor/Organization-specific Extensions
Object Management Group (OMG) Standards
CORBA 2.6 Specification 01-09-35, Object Management Group
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Chapter 9
ASN Paging Controller and Location Registry Overview
The ASN Paging Controller and Location Registry (PC/LR) provides the paging and location update to WiMAX
subscriber in IEEE 802.16 Mobile WiMAX radio access networks. This service can be used as a standalone product or
in combination with ASN Gateway as co-located services on same chassis.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Paging Controller and Location Registry Overview
▀ Introduction
Introduction
ASN Paging Controller and Location Registry (PC/LR) supports connection management and mobility across cell sites
and inter-service provider network boundaries by processing subscriber control and bearer data traffic.
Each ASN Gateway can concentrate traffic from many radio base stations. This reduces the required number of devices
under management and minimizes connection set-up latency by decreasing the number of call hand-offs in the network.
Paging and Idle Mode Operation maintains a track and alert for MSs when they are in idle mode to save battery power.
Paging is executed to alert MSs when there is an incoming message. Figure 8 illustrates the paging operation and paging
and idle mode elements in the WiMAX network system.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Paging Controller and Location Registry Overview
Introduction ▀
Figure 86.
ASN Paging Controller and Location Registry in WiMAX Networks
ASN 1
Paging Group A
PA1
ASN GW
R6
PA2
R6
PC
LR
R6
PA3
Paging Group B
R4
MS
ASN 2
Paging Group C
PA4
R6
PA5
R6
PC
LR
R6
PA7
ASN GW
In WiMAX networks, a mobile station is tracked when it is in idle mode. The information is stored to a location register
(LR). The tracking area is larger than the cell size because a paging group (PG) comprises multiple cells. When a
mobile station moves across paging groups, its location is updated via R6 and/or R4. The paging controller (PG) in
ASN-GW retrieves the location from the LR and alerts the paging agent in (PA) in the base station to signal to the
mobile station.
Location information for idle mode subscribers is maintained in a location register central database that is co-located on
an anchor paging controller. Idle mode can be initiated by the mobile device or the network. The paging controller
retains subscriber session context information in addition to supervising paging activities. It also represents an
authentication liaison between the user device and the AAA server. As the subscriber roams across cell sites, it is
associated with a group of base stations known as a paging group. Location updates to the LR database are conveyed
over R6 and R4 messages between the relay paging controller serving ASN and the A-PC/LR. When a remote host
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Paging Controller and Location Registry Overview
▀ Introduction
attempts to reach an idle mode subscriber device, the anchor paging controller alerts the paging group members when it
receives downlink traffic by requesting the paging agent in the base station to signal the idle mode subscriber.
Description of PC/LR Support
The PC/LR runs as a stand-alone function in a separate chassis or as an integrated service on same chassis as the Anchor
Authenticator (A-PC)/Anchor Datapath (A-DP) ASN Gateway. The idle mode LR database uses distributed software
architecture and provides an LR manager task that partitions smaller database volumes across separately running session
manager tasks in the system. The implementation is based on a topologically unaware paging scheme in which the A-PC
does not have global awareness of all member base stations in a paging group. The A-PC uses a single-step paging
operation where paging notifications are sent to the last-reported serving paging controller or directly attached base
station.
Idle mode operation is very important in order for any cellular system to keep the mobile device reachable when it is
inactive. It enables mobility in addition to conserving battery life. Idle mode paging also eliminates the requirements of
independent VLRs/HLRs, when it is supported as an integrated function in the ASN Gateway system.
Licenses
The ASN PC/LR service is a separate product from the ASN Gateway. You must purchase the WiMAX Paging
Controller/Location Register product license separately to enable this service.
Paging and Location Update Procedures
This section provides an overview of the ASN Gateway‘s paging and location update procedures.
The system provides following components for the paging controller, paging group and location registry functionality.
Paging Controller (PC)
The paging controller is a functional entity that administers the activity of idle mode mobile stations in the network. It is
identified by PC ID, which maps to the address of a functional entity in a WiMAX network. In this implementation, the
PC is co-located with ASN Gateway. There are two types of PCs:
Anchor PC: For each idle mode MS, there is a single anchor PC that contains the updated location information
of the MS.
Relay PC: There are one or more other PCs in the network, called relay PCs, that participate in relaying paging
and location management messages between the paging agent and the anchor PC.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Paging Controller and Location Registry Overview
Introduction ▀
Paging Agent (PA)
The paging agent is a functional entity, implemented in an ASN base station, that handles the interaction between PCand paging-related functionality.
Paging Group (PG)
A paging group is a logical entity comprising one or more paging agents. A paging group resides entirely within a NAP
boundary. Paging groups are managed by the network management system and provisioned per the access network
operator‘s provisioning requirements.
Location Register (LR)
A location register is a distributed database, with each instance corresponding to an anchor PC. Location registers
contain information about idle mode MSs. The information for each MS includes:
MS paging information: Information about each MS that has registered in the past in the network but is currently
in idle mode
Current paging group ID (PGID)
PAGING_CYCLE
PAGING_OFFSET
Last reported BSID
Last reported relay PCID
MS service flow Information comprising
Idle mode retention information for each MS in idle mode
Information about the service flows associated with the MS
An instance of a location register is associated with every anchor PC.
Paging Controller and Location Update functionality supports following operation and procedures in ASN Gateway:
Location Update Procedure
Location Update with Paging Controller Relocation
Paging Operation
MS Initiated Idle Mode Entry
MS Initiated Idle Mode Exit
Location Update Procedure
This section describes the secure location update procedure for a WiMAX MS.
The following figure and table provides a high-level view of the steps involved in a secure location update.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Paging Controller and Location Registry Overview
▀ Introduction
Figure 87.
Location Update Flow
Serving ASN
ASN-GW/PC/
Authenticator/DPF
ASN-GW/
Local-PC
ASN BS
MS/SS
Anchor ASN
1
2
3
4
5
6
7
8
9
10
Table 60.
Location Update Procedure Flow Description
Step
Description
1
The MS initiates a secure Location Update procedure by sending a RNG-REQ message to Serving ASN BS, which
includes the Ranging Purpose Indication TLV set to indicate Idle Mode Location Update, the PC ID TLV which points to
the Anchor ASN Gateway acting as the Anchor PC function for the MS, and the HMAC/CMAC tuple.
2
The serving ASN BS sends an R6 LU_Req message to the serving ASN Gateway and starts timer TR6_LU_Req. The
message may include the PG ID, Paging Offset, and Paging Cycle TLVs if the serving ASN BS proposes an update to these
parameters.
3
The Serving ASN Gateway (associated with the local Paging Controller) sends an R4 LU_Req message to the Anchor PC
(associated with Anchor ASN Gateway) and starts timer TR6_LU_Req. The message may include the PG ID, Paging
Offset, and Paging Cycle TLVs if the Serving ASN Gateway proposes an update to these parameters.Note: This message
may be relayed by several intermittent ASNs before reaching the Anchor PC (Anchor ASN Gateway).
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Paging Controller and Location Registry Overview
Introduction ▀
Step
Description
4
If the Anchor PC retains context information for the MS including its Authenticator ID, the Anchor PC initiates a Context
Request procedure with the Anchor Authenticator/ASN Gateway.If the Anchor Authenticator/ASN Gateway has valid key
material for the MS, it returns AK context for the MS to the Anchor PC.
5
Upon successful retrieval of the AK context, the Anchor PC sends an R4 LU_Rsp message back to the Serving ASN
Gateway and starts timer TR4_LU_Conf.The message includes the MSID, BSID, Authenticator ID, assigned PGID, Paging
Offset, Paging Cycle, Anchor PC ID TLVs, and Location Update Status TLV set to Accept. Upon receipt of the R4
LU_Rsp message, Serving ASN Gateway stops timer TR4_LU_Req.
6
Upon receipt of the R4 LU_Rsp message, the Serving ASN Gateway stops timer TR4_LU_Req, sends an R6 LU_Rsp
message to the Serving ASN BS, and starts timer TR6_LU_Conf. The message includes the Location Update Status TLV
set to Accept, AK Context TLVs, as well as the assigned Paging Information TLV if they were included in the
corresponding R4 message.
7
Based on the AK and AK context received from the Anchor PC, the Serving BS (associated with Local PC/Relay PC in
Serving ASN Gateway) successfully authenticates the RNG_REQ message received from the MS and sends a RNG_RSP
message with HMAC/CMAC and Successful LU_Rsp indication to the MS.
8
The Serving ASN BS initiates an R6 CMAC Key Count Update procedure with the ASN Gateway. The Serving ASN
Gateway initiates an R4 CMAC Key Count Update procedure with the Authenticator ASN to update it with the latest
CMAC Key Count.
9
The Serving ASN BS sends an R6 LU_Cnf message to the serving ASN Gateway with Location Update TLV indicating
success. Upon receipt of the message, the serving ASN Gateway stops timer TR6_LU_Conf.
10
The Serving ASN Gateway sends an R4 LU_Cnf message with a successful LU indication to the Anchor PC and stops
timer TR6_LU_Req.Upon receipt of the message, the Anchor PC updates the LR with MS Idle Mode information and stops
timer TR4_LU_Conf.
Location Update with Paging Controller Relocation
This section describes the secure location update with PC relocation procedure for a WiMAX MS.
The following figure and table provides a high-level view of the steps involved in a secure location update with PC
relocation.
Table 61.
Location Update with PC Relocation - Procedure Flow
Step
Description
1
The MS initiates a secure Location Update procedure by sending a RNG-REQ message to the Serving ASN BS, which
includes the Ranging Purpose Indication TLV set to indicate Idle Mode Location Update, the PC ID TLV which points to
the Anchor ASN Gateway acting as the Anchor PC function for the MS, and the HMAC/CMAC tuple.
2
The serving BS sends an R6 LU_Req message to the serving ASN Gateway and starts timer TR6_LU_Req. The message
may include the PG ID, Paging Offset, and Paging Cycle TLVs if the serving BS proposes an update to these parameters.
3
The Serving ASN Gateway (associated with the serving BS and local PC) sends an R4 LU_Req message to the Anchor PC
ASN associated and starts timer TR4_LU_Req. The message may include the PG ID, Paging Offset, and Paging Cycle
TLVs if the Serving ASN proposes an update to these parameters.Note that this message may be relayed by several
intermittent ASNs before reaching the current Anchor PC ASN. The Serving ASN or any intermittent ASN along the path
may request PC relocation.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Paging Controller and Location Registry Overview
▀ Introduction
Step
Description
4
Upon receipt of the R4 LU_Req message, a relay PC ASN adds the Anchor PC Relocation Destination TLV to initiate PC
relocation to. The message is forwarded to the Anchor PC ASN. New Anchor PC ASN starts timer TR4_LU_Request.
5
Refer to section 4.13 for the call flow. If the current Anchor PC ASN retains context information for the MS, including its
Authenticator ID, the current Anchor PC ASN initiates a Context Request procedure with the Anchor Authenticator ASN.
If the Anchor Authenticator ASN has valid key material for the MS, it returns AK context for the MS to the Anchor PC
ASN.
6
The current Anchor PC ASN sends an R4 LU_Rsp message back to the new Anchor PC ASN and starts timer
TR4_LU_Conf. The message includes the MSID, BSID, Authenticator ID, assigned PGID, Paging Offset, Paging Cycle,
Anchor PC ID TLVs, and Location Update Status TLV set to Accept. The Anchor PC Relocation Request Response TLV
is set to Accept to indicate that the Current Anchor PC ASN accepted the PC_Relocation_Req and the Anchor PC ID TLV
is set to the identifier of New Anchor PC ASN ID which was received in the Anchor PC Relocation Destination TLV in the
R4 LU_Req message. The R4 LU_Rsp message also includes MS Info TLV containing MS context for transfer to the new
Anchor PC ASN.If the new Anchor PC ASN does not request PC Relocation, the current Anchor PC MAY still request to
perform the procedure by including the PC Relocation Indication TLV. If the new Anchor PC does not accept the
relocation, it reports a failure in step 17.
7
Upon receipt of the R4 LU_Rsp message from current Anchor PC ASN, new Anchor PC ASN stops timer TR4_LU_Req,
stores the MS context received from current Anchor PC ASN, updates the Paging Information (Paging Group ID, Paging
Cycle, Paging Offset), forwards the R4 LU_Rsp message on to the Serving ASN, and starts timerTR4_LU_Conf.
8
Upon receipt of the R4 LU_Rsp message, the Serving ASN-GW stops timer TR4_LU_Req, sends an R6 LU_Rsp message
to the S-BS, and starts timerTR6_LU_Conf. The message includes the Location Update Status TLV set to Accept, MS Info,
AK Context, Anchor PC ID, and old Anchor PC ID TLV. The message may include the paging Information TLV if they
were included in the corresponding R4 message.
9
Based on the AK and AK context received from the current Anchor PC, the Serving BS (associated with Local PC/Relay
PC) successfully authenticates the RNG_REQ message received from the MS. The serving BS sends a RNG_RSP message
with HMAC/CMAC and Successful Location Update Response indication to the MS.
10
The Serving BS sends an R6 LU_Cnf message to the serving ASN-GW with Location Update TLV indicating success.
Upon receipt of the message, the serving ASN-GW stops timer TR6_LU_Conf.
11
The Serving ASN sends an R4 LU_Cnf message with a successful LU indication to new Anchor PC ASN (as indicated by
the Anchor PC ID received from the BS) and stops timer TR6_LU_Req. Alternatively, the Relay PC ASN forwards
LU_Cnf to the ASN associated with new Anchor PC with the result indication reassigned by Relay PC. Upon receipt of the
message, new Anchor PC ASN stops timer TR4_LU_Conf.
12
Upon receipt of the LU_Cnf message, the new Anchor PC ASN sends an R4 PC_Relocation_Ind to the Anchor DP/FA
ASN, and starts timer TR4_PC_Reloc_Upd_ADP.
13
The Anchor DP/FA ASN updates the Anchor PC for the MS with the new Anchor PC ASN ID and responds with an R4
PC_Relocation_Ack message confirming the Anchor PC update. Upon receipt of the message, the new Anchor PC ASN
stops timer TR4_PC_Reloc_Upd_ADP. The new Anchor PC ASN hosts the Anchor PC function and becomes the new
current Anchor PC ASN for the MS. The Anchor PC is de-allocated from the old current Anchor PC ASN.
14
Simultaneous with sending PC_Relocation_Ind to Anchor DP/FA, the new Anchor PC sends an R4 PC Relocation
Indication to Anchor Authenticator ASN to inform the change of the Anchor PC, and starts timer TR4PC_Reloc_Upd_AA.
15
The Anchor Authenticator ASN updates the Anchor PC for the MS with the New Anchor PC ASN ID and responds with an
R4 PC_Relocation_Ack message confirming the Anchor PC update. Upon receipt of the message, the New Anchor PC
ASN stops timer TR4-PC_Reloc_Upd_AA. At this point, New Anchor PC ASN hosts the Anchor PC function and
becomes the new Current Anchor PC ASN for the MS. The Anchor PC is de-allocated from the old Current Anchor PC
ASN.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Paging Controller and Location Registry Overview
Introduction ▀
Step
Description
16
The new Anchor PC ASN sends an R4 LU_Cnf message with a successful LU indication to the current Anchor PC ASN
and stops timer TR4_LU_Conf. The old current Anchor PC ASN clears its LR context for the MS.
17
This step is optional. If Anchor PC ASN receives CMAC Key Count TLV update in LU_Cnf message, it should perform an
R4 CMAC Key Count Update procedure with the Authenticator ASN to update it with the latest CMAC Key Count. Refer
to section 4.13 for the call flow.
Paging Operation
This section describes the paging operation for a WiMAX MS.
The following figure and table provides a high-level view of the steps involved in the paging operation call flow of an
MS.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Paging Controller and Location Registry Overview
▀ Introduction
Figure 88.
Paging Operation Procedure Flow
Serving ASN
ASN-GW/
Local-PC/DPF
ASN BS
MS/SS
Anchor ASN
ASN-GW/PC/LR
/FA/DPF
1
2
3
4
5
6
7
8
9
10
Table 62. Paging Operation Procedure Flow Description
Step
Description
1
Data from HA arrives through the tunnel at the FA and its associated DPF. The Anchor DPF buffers the data.
2
Anchor Data Path Function (DPF) sends an R4 Initiate_Paging_Req message to Anchor PC/LR to request paging.
Optionally the R4 Initiate_Paging_Req message contains the QoS parameters of the flow for which the data arrived at the
Anchor DPF. This helps set priority treatment of the Paging operation based on the QoS parameters and flow types. The
Anchor DPF may have policies for triggering paging based on the QoS parameters for the data received. The Anchor DP
Function starts timer TInit_Page_Req.Note: When MS is in Idle Mode, if data not belonging to any saved Service Flow
(SF) of the MS arrives, the decision to initiate paging or not is on the basis of operator‘s setting.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Paging Controller and Location Registry Overview
Introduction ▀
Step
Description
3
Anchor PC/LR retrieves the information related to the MS and sends an R4 Initiate_Paging_Rsp to Anchor Data Path
function. This message indicates whether the MS context as contained in the PC/LR is correct and the requested paging
action is authorized. Exclusion of the Response Code TLV indicates intent to page the MS. Upon receipt of this message
the Anchor DP Function starts timer TInit_Page_Req if running.
4
If paging action is authorized, Anchor PC retrieves the MS paging information and constructs Paging_Announce message.
The Anchor PC issues one or more Paging_Announce messages based on its knowledge of the Paging Region topology as
shown in sections XXXXX.The Anchor PC starts a timer TR4_Paging_Announce when it sends out the first
Paging_Announce message and waits for the paging response. The Anchor PC sets a paging re-transmission counter . If
the Anchor PC does not receive a paging response, it retransmits the Paging_Announce message prior to the expiration of
the timer TR4_Paging_Announce.If the Anchor PC is topologically aware of the defined Paging Group (PG), including the
last BS from which the MS performed location update, the Anchor PC directly issues Paging_Announce messages to all or
some subset of the Paging Group members. The members consist of BSs and/or relay PCs in the region.If the Anchor PC is
topologically unaware of the Paging region or the BSs defined in the Paging group, the Paging_Announce messages are
sent to the known Relay PC(s). The Relay PC(s) forwards the announce message to one or more BSs in the Paging region.
5
The ASN Gateway that contains the local/relay PC function for the MS initiates the paging operation and sends the R6
Paging_Announce message to the BS(s) associated with the Paging Group ID (PGID) received in R4 Paging_Announce.
The ASN Gateway performs single- or multi-step paging based on whether the BS ID TLV or the L-BSID TLV is present.
Associated with each R4 Paging_Announce message, the ASN Gateway starts timer TR6_Paging_Announce.
6
Once the Paging Agent (PA) at the BS receives the Paging_Announce message with the requested action set to Start, it
extracts the relevant paging parameters for the MS (Paging Cycle, Paging Offset). It then initiates the paging action
requested by sending out MOB-PAG_ADV message over the airlink as per the indicated paging cycle and the paging
offset.The optional SF Flow info in the message helps the BS implement a paging priority scheme for faster call setup
when bandwidth is constrained or for resource allocation. The PA continues to page the MS for the duration specified by
the Paging Announce Timer TLV, until the appropriate response is received from the MS, or a stop page indication is
received from the Local PC.
7
Upon being successfully paged the MS performs a Idle Mode Exit or a Location Update procedure.If any Paging Agent
(PA) receives a successful reply from the paged MS, the Paging Agent notifies the Local PC by sending a R6 LU_Req
message in the case of Network Initiated location update or R6 IM_Exit_State_Change_Req message in the case of data
delivery to MS in idle mode.Upon receipt of a such a message the Local PC stops timer TR6_Paging_Announce if running,
and sends the appropriate R4 LU_Req or R4 IM_Exit_State_Change_Req message to the Anchor PC.Upon receipt of such
a message, the Anchor PC stops timer TR4_Paging_Announce, if running. The Anchor PC also initiate stop paging
procedures as described at step 8 and onward.
8
Upon receipt of a response from the MS as mentioned at step 7, and Anchor PC wants to initiate stop paging procedure, the
Anchor PC sends a R4 Paging_Announce message to all BSs in the PG. The R4 Paging_Announce message has the Paging
Start/Stop TLV set to 0.
9
The Local PC sends a R6 Paging_Announce message to the BSs. The R6 Paging_Announce message has the Paging
Start/Stop TLV set to 0.
10
Upon receipt of the R6 Paging_Announce message with Paging Start/Stop = 0, the BS terminate/cease a MOB_PAG-ADV
messages over the air.
MS Initiated Idle Mode Entry
This section describes the MS-initiated idle mode entry procedure for a WiMAX subscriber.
The following figure and table provides a high-level view of the steps involved in MS-initiated idle mode entry call flow
of an SS/MS.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Paging Controller and Location Registry Overview
▀ Introduction
Figure 89.
MS Initiated Idle Mode Entry Procedure Flow
Serving ASN
ASN-GW/PC/
Authenticator/DPF
ASN-GW/
Local-PC
ASN BS
MS/SS
Anchor ASN
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Paging Controller and Location Registry Overview
Introduction ▀
Table 63.
MS Initiated Idle Mode Entry Procedure Flow Description
Step
Description
1
MS decides to enter Idle Mode and sends DREG_REQ formatted as described in IEEE 802.16e.The De-Registration
Request code is set to 0x01 indicating that the MS intends to enter Idle Mode.
2
Based on the MS‘s request, the serving ASN BS (Paging Agent) in Serving ASN sends an R6
IM_Entry_State_Change_Req message to its ASN Gateway. Timer TR4_IM_Entry_Req is started to monitor R6
IM_Entry_State_Change_Rsp at the serving ASN BS(PA).
3
The local Relay PC in Serving ASN Gateway chooses an Anchor PC for the MS and sends inter-ASN R4
IM_Entry_State_Change_Req message to the Anchor ASN associated with the chosen Anchor PC.Timer
TR4_IM_Entry_Req_ASN is started to monitor the R4 IM_Entry_State_Change_Rsp.
4
The Anchor PC/LR, sends R4 IM_Entry_State_Change_Req to Anchor Authenticator to verify whether MS is allowed to
go in to Idle mode. Timer TR4_IM_Entry_Req_APC is started at this time to monitor the R4
IM_Entry_State_Change_Rsp from the Anchor Authenticator.This step is optional if the Anchor Authenticator and Anchor
PC/LR are collocated in the same ASN Gateway.
5
Anchor Authenticator checks if the MS is allowed to enter Idle Mode and saves necessary information if allowed, then
sends back R4 IM_Entry_State_Change_Rsp to Anchor PC/LR including MSID, IDLE mode authorization indication. If
Anchor Authenticator rejects the Idle mode entry request, the Idle Mode Authorization TLV contains the rejection code.
When R4 IM_Entry_State_Change_Rsp for MS entering Idle Mode is send successfully, Anchor Authenticator stores
Anchor PC ID for this MS. Upon reception of this message at Anchor PC, TR4_IM_Entry_Req_APC is stopped.This step
is optional if the Anchor Authenticator and Anchor PC/LR are collocated in the same ASN Gateway.
6
According to the reported information in R4 IM_Entry_State_Change_Rsp, based on the content of Idle mode
authorization indication IE, Anchor PC updates the LR with current MS location information (PGID) and other parameters,
and sends back R4 IM_Entry_State_Change_Rsp message to the Serving ASN Gateway. When this message is received at
serving ASN Gateway timer TR4_IM_Entry_Req_ASN is stopped.
7
Serving ASN Gateway forwards the R6 IM_Entry_State_Change_Rsp to serving BS (PA) including IDLE Mode
authorization indication and accepted Paging parameters.Upon reception of this message at the BS, timer
TR6_IM_Entry_Req is stopped.
8
Serving ASN BS sends DREG_CMD to the MS. The DREG_CMD conveys ―PC ID‖ field pointing to Anchor PC for the
MS and allocated Idle mode parameters.
9
After sending the DREG_CMD to the MS, the serving ASN BS(PA) acknowledges the successful delivery of
DREG_CMD to the local Relay PC in serving ASN Gateway by sending R6 IM_Entry_State_Change_Ack.
10,
11
The local Relay PC in serving ASN Gateway forwards the successful entry of MS in to Idle mode to the Anchor PC in
Anchor ASN Gateway by sending R4 IM_Entry_State_Change_Ack. Upon reception of this message at Anchor PC, timer
TR4_IM_Entry_Rsp is stopped.
12
Anchor ASN Gateway associated with Anchor PC/LR updates the information of MS into LR database and sends Anchor
PC Indication message to Anchor DPF/FA to reflect the success of MS entering Idle Mode. Timer TR4_APC_Ind is started
at this time when Anchor PC Indication is send, to monitor the response.
13
The Anchor DPF/FA finally updates the information of MS including the Anchor PC ID of this MS and acknowledges to
the Anchor PC/LR by Anchor PC Ack message. When Anchor PC Ack is received at Anchor ASN Gateway timer
TR4_APC_Ind is stopped.
14
After the expiration of the Management Resource Holding Timer (an 802.16e parameter), serving BS initiates the related
R6 data Path Dereg procedure by sending R6 Path_Dereg_Req to the Anchor ASN Gateway.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Paging Controller and Location Registry Overview
▀ Introduction
Step
Description
15
Serving ASN Gateway completes the data path de-registration from its side and send R4 Path_Dereg_Ack to Anchor
DPF/FA. Upon reception of this message Anchor ASN Gateway stops timer TPath_Dereg_Rsp_ADPF and serving
BS(PA) updates the Anchor Authenticator with the CMAC Key count for the MS via the serving ASN Gateway as per the
CMAC Key count update procedure.The Anchor Authenticator acknowledges the CMAC update for the MS. Optionally
this procedure may be invoked anytime after step 11.
MS Initiated Idle Mode Exit
This section describes the MS-initiated idle mode exit procedure for a WiMAX subscriber.
The following figure and table provides a high-level view of the steps involved in MS- initiated idle mode exit call flow
of an SS/MS.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Paging Controller and Location Registry Overview
Introduction ▀
Figure 90.
MS Initiated Idle Mode Exit Procedure Flow
Serving ASN
ASN-GW/PC/
Authenticator/DPF
ASN-GW/
Local-PC
ASN BS
MS/SS
Anchor ASN
1
2
3
4
5
6
7
8
9
10
11
Table 64. MS Initiated Idle Mode Exit Procedure Flow Description
Step
Description
1
MS initiates exit procedure from IDLE mode and sends RNG_REQ to serving ASN BS. The Ranging Purpose Indication
TLV is set to one and PC ID TLV is included, thus indicating that the MS intends to Re-Entry from Idle Mode.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
ASN Paging Controller and Location Registry Overview
▀ Introduction
Step
Description
2
The ASN BS receives the RNG_REQ message from MS indicating Idle mode exit and sends R6
IM_Exit_State_Change_Req to the Relay PC in the ASN Gateway, indicating that the MS wants to become active. Timer
TR6_IM_Exit_Ctx_Req is started at this point by the BS to monitor the response for this message.
3
The Relay PC in the Serving ASN Gateway receives the R6 IM_Exit_State_Change_Req from the BS indicating Idle mode
exit and sends R4 IM_Exit_State_Change_Req to the Anchor PC/LR in Anchor ASN Gateway, indicating that the MS
wants to become active. Timer TR4_IM_Exit_Ctx_Req is started at this point by the Anchor ASN Gateway to monitor the
response for this message.In the event that the relay PC is the anchor PC, this step is not required.
4
On receiving the R4 IM_Exit_State_Change_Req, the Anchor PC/LR proceeds to request the security context from the
Anchor Authenticator in Anchor ASN Gateway using the R4 IM_Exit_State_Change_Req. Timer TR4_lMexit_ctx_req_PC
is started at this point by the Anchor PC to monitor the response for this message.This step is optional if the Anchor
Authenticator and Anchor PC/LR are co-located in the same ASN Gateway.
5
Anchor Authenticator responds with the security context back to the Anchor PC/LR with R4 IM_Exit_State_Change_Rsp
message. Once the Anchor PC receives this message, Timer TIM_Exit_Ctx_Req_PC is stopped.This step is optional if the
Anchor Authenticator and Anchor PC/LR are collocated in the same ASN Gateway.
6
Anchor PC/LR, sends R4 IM_Exit_State_Change_Rsp to the Relay PC. Once the relay PC receives this message, Timer
TR4_IM_Exit_Ctx_Req is stopped.R4 IM_Exit_State_Change_Rsp contains the stored information for the MS at the
Anchor PC.
7
Serving ASN Gateway retrieves the MS context from Anchor PC ASN and forwards the MS context to the serving BS on
the R6 interface.Once the BS receives this message, Timer TR6_IM_Exit_Ctx_Req is stopped. The AK fetched from the
authenticator is used to verify the RNG-REQ.
8
After successful authentication, the BS starts data path establishment across the serving BS, Serving ASN Gateway, Relay
PC, Anchor PC, Authenticator, and DPF.
9
Serving BS uses MS service and operational information indicated by IDLE Mode Retain Info obtained by Step 7 to
construct HO Process Optimization TLV settings in the RNG-RSP based on local policy; then sends RNG_RSP message to
the MS formatted according to IEEE 802.16e specification. This message delivers all the required information to resume
service in accordance with Idle Mode Retain Information.
10
When R4 Path_Reg_Ack is received at Anchor DPF, the Data Path function associated with FA sends a
Delete_MS_Entry_Req message to PC/LR in order to delete the Idle mode entry associated with the MS. If MS is exiting
Idle mode due to a network initiated Idle mode exit, the PC/LR will cease all Paging Announce operations.
11
The serving BS updates the Anchor Authenticator with the CMAC Key count for the MS via the serving ASN Gateway.
The Anchor Authenticator acknowledges the CMAC update for the MS.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
ASN Paging Controller and Location Registry Overview
Supported Platforms and Software ▀
Supported Platforms and Software
ASN PC-LR is available for all chassis running StarOS Release 8.0 or later.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Chapter 10
CDMA2000 Wireless Data Services
The ASR 5000 provides wireless carriers with a flexible solution that functions as a Packet Data Support Node (PDSN)
in CDMA 2000 wireless data networks.
This overview provides general information about the PDSN including:
Product Description
System Components and Capacities
Features and FunctionalityBase Software
Features and Functionality - Optional Enhanced Software Features
CDMA2000 Data Network Deployment Configurations
Understanding Simple IP and Mobile IP
Supported Standards
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ Product Description
Product Description
The system provides wireless carriers with a flexible solution that can support both Simple IP and Mobile IP
applications (independently or simultaneously) within a single scalable platform.
When supporting Simple IP data applications, the system is configured to perform the role of a Packet Data Serving
Node (PDSN) within the carrier's 3G CDMA2000 data network. The PDSN terminates the mobile subscriber‘s Point-toPoint Protocol (PPP) session and then routes data to and from the Packet Data Network (PDN) on behalf of the
subscriber. The PDN could consist of Wireless Application Protocol (WAP) servers or it could be the Internet.
When supporting Mobile IP and/or Proxy Mobile IP data applications, the system can be configured to perform the role
of the PDSN/Foreign Agent (FA) and/or the Home Agent (HA) within the carrier's 3G CDMA2000 data network. When
functioning as an HA, the system can either be located within the carrier‘s 3G network or in an external enterprise or
ISP network. Regardless, the PDSN/FA terminates the mobile subscriber‘s PPP session, and then routes data to and
from the appropriate HA on behalf of the subscriber.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
System Components ▀
System Components
This section describes the hardware and software requirements for a PDSN service.
Licenses
The PDSN is a licensed product. A session use license key must be acquired and installed to use the PDSN service.
The following licenses are available for this product:
PDSN Software License, 10K Sessions
PDSN Software License, 1K Sessions
Hardware Requirements
This section describes the hardware required to enable the PDSN service.
Platforms
The PDSN service operates on the following platform(s):
ST16
ASR 5000
ST16 Platform System Hardware Components
The following application and line cards are required to support CDMA2000 wireless data services on the system:
Switch Processor Cards (SPCs): Provides full system control and management of all cards within the ST16
platform. Up to two SPCs can be installed; one active, one redundant.
Packet Accelerator Cards (PACs): Provides high-speed, multi-threaded PPP processing capabilities to support
either PDSN/FA or HA services. Up to 14 PACs can be installed, allowing for multiple active and/or redundant
cards.
Important: PACs are available with either 4GB or 8GB of memory. All of the PACs in a
system must be of the same memory capacity.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ System Components
Switch Processor Input/Outputs (SPIO): Installed in the upper-rear chassis slots directly behind the
SPCs/SMCs, SPIOs provide connectivity for local and remote management, central office (CO) alarms. Up to
two SPIOs can be installed; one active, one redundant.
Ethernet 10/100 and/or Ethernet 1000 Line Cards: Installed directly behind PACs, these cards provide the
RP, AAA, PDN, and Pi interfaces to elements in the data network. Up to 26 line cards should be installed for a
fully loaded system with 13 active PACs/PSCs, 13 in the upper-rear slots and 13 in the lower-rear slots for
redundancy. Redundant PACs/PSCs do no not require line cards.
Redundancy Crossbar Cards (RCCs): Installed in the lower-rear chassis slots directly behind the SPCs, RCCs
utilize 5 Gbps serial links to ensure connectivity between Ethernet 10/100 or Ethernet 1000 line cards/QGLCs
and every PAC/PSC in the system for redundancy. Two RCCs can be installed to provide redundancy for all
line cards and PACs/PSCs.
ASR 5000 Platform System Hardware Components
The following application and line cards are required to support CDMA2000 wireless data services on the system:
System Management Cards (SMCs): Provides full system control and management of all cards within the ASR
5000 platform. Up to two SMC can be installed; one active, one redundant.
Packet Services Cards (PSCs): Within the ASR 5000 platform, PSCs provide high-speed, multi-threaded PPP
processing capabilities to support either PDSN/FA or HA services. Up to 14 PSCs can be installed, allowing
for multiple active and/or redundant cards.
Switch Processor Input/Outputs (SPIO): Installed in the upper-rear chassis slots directly behind the
SPCs/SMCs, SPIOs provide connectivity for local and remote management, Central Office (CO) alarms. Up to
two SPIOs can be installed; one active, one redundant.
Ethernet 10/100 and/or Ethernet 1000/Quad Gig-E Line Cards (QGLC): Installed directly behind PSCs,
these cards provide the RP, AAA, PDN, and Pi interfaces to elements in the data network. Up to 26 line cards
should be installed for a fully loaded system with 13 active PSCs, 13 in the upper-rear slots and 13 in the
lower-rear slots for redundancy. Redundant PSCs do no not require line cards.
Redundancy Crossbar Cards (RCCs): Installed in the lower-rear chassis slots directly behind the SMCs,
RCCs utilize 5 Gbps serial links to ensure connectivity between Ethernet 10/100 or Ethernet 1000 line
cards/QGLCs and every PSC in the system for redundancy. Two RCCs can be installed to provide redundancy
for all line cards and PSCs.
Important: Additional information pertaining to each of the application and line cards
required to support CDMA2000 wireless data services is located in the Product Overview Guide.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
Features and Functionality—Base Software ▀
Features and Functionality—Base Software
This section describes the features and functions supported by default in base software on PDSN service and do not
require any additional licenses.
Important: To configure the basic service and functionality on the system for PDSN service, refer configuration
examples provide in the PDSN Administration Guide.
This section describes following features:
RADIUS Support
Access Control List Support
IP Policy Forwarding
AAA Server Groups
Overlapping IP Address Pool Support
Routing Protocol Support
Management System Overview
Bulk Statistics Support
Threshold Crossing Alerts (TCA) Support
IP Header Compression - Van Jacobson
DSCP Marking
RADIUS Support
Benefits
Provides a mechanism for performing authorization, authentication, and accounting (AAA) for subscriber PDP contexts
based on the following standards:
RFC-2618, RADIUS Authentication Client MIB, June 1999
RFC-2620, RADIUS Accounting Client MIB, June 1999
RFC-2865, Remote Authentication Dial In User Service (RADIUS), June 2000
RFC-2866, RADIUS Accounting, June 2000
RFC-2867, RADIUS Accounting Modifications for Tunnel Protocol Support, June 2000
RFC-2868, RADIUS Attributes for Tunnel Protocol Support, June 2000
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ Features and Functionality—Base Software
RFC-2869, RADIUS Extensions, June 2000
Description
The Remote Authentication Dial-In User Service (RADIUS) protocol is used to provide AAA functionality for
subscriber PDP contexts.
Within context contexts configured on the system, there are AAA and RADIUS protocol-specific parameters that can be
configured. The RADIUS protocol-specific parameters are further differentiated between RADIUS Authentication
server RADIUS Accounting server interaction.
Among the RADIUS parameters that can be configured are:
Priority: Dictates the order in which the servers are used allowing for multiple servers to be configured in a
single context.
Routing Algorithm: Dictate the method for selecting among configured servers. The specified algorithm
dictates how the system distributes AAA messages across the configured AAA servers for new sessions. Once
a session is established and an AAA server has been selected, all subsequent AAA messages for the session
will be delivered to the same server.
In the event that a single server becomes unreachable, the system attempts to communicate with the other servers that
are configured. The system also provides configurable parameters that specify how it should behave should all of the
RADIUS AAA servers become unreachable.
The system provides an additional level of flexibility by supporting the configuration RADIUS server groups. This
functionality allows operators to differentiate AAA services based on the subscriber template used to facilitate their
PDP context.
In general, 128 AAA Server IP address/port per context can be configured on the system and it selects servers from this
list depending on the server selection algorithm (round robin, first server). Instead of having a single list of servers per
context, this feature provides the ability to configure multiple server groups. Each server group, in turn, consists of a list
of servers.
This feature works in following way:
All RADIUS authentication/accounting servers configured at the context-level are treated as part of a server
group named ―default‖. This default server group is available to all subscribers in that context through the
realm (domain) without any configuration.
It provides a facility to create ―user defined‖ RADIUS server groups, as many as 399 (excluding ―default‖ server
group), within a context. Any of the user defined RADIUS server groups are available for assignment to a
subscriber through the subscriber configuration within that context.
Since the configuration of the subscriber can specify the RADIUS server group to use as well as IP address pools from
which to assign addresses, the system implements a mechanism to support some in-band RADIUS server
implementations (i.e. RADIUS servers which are located in the corporate network, and not in the operator's network)
where the NAS-IP address is part of the subscriber pool. In these scenarios, the PDSN supports the configuration of the
first IP address of the subscriber pool for use as the RADIUS NAS-IP address.
Important: For more information on RADIUS AAA configuration, refer AAA Interface
Administration and Reference.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
Features and Functionality—Base Software ▀
Access Control List Support
Access Control Lists provide a mechanism for controlling (i.e permitting, denying, redirecting, etc.) packets in and out
of the system.
IP access lists, or Access Control Lists (ACLs) as they are commonly referred to, are used to control the flow of packets
into and out of the system. They are configured on a per-context basis and consist of ―rules‖ (ACL rules) or filters that
control the action taken on packets that match the filter criteria. Once configured, an ACL can be applied to any of the
following:
An individual interface
All traffic facilitated by a context (known as a policy ACL)
An individual subscriber
All subscriber sessions facilitated by a specific context
There are two primary components of an ACL:
Rule: A single ACL consists of one or more ACL rules. As discussed earlier, the rule is a filter configured to
take a specific action on packets matching specific criteria. Up to 128 rules can be configured per ACL.
Each rule specifies the action to take when a packet matches the specifies criteria. This section discusses the
rule actions and criteria supported by the system.
Rule Order: A single ACL can consist of multiple rules. Each packet is compared against each of the ACL rules,
in the order in which they were entered, until a match is found. Once a match is identified, all subsequent rules
are ignored.
Important: For more information on Access Control List configuration, refer IP Access Control List chapter in
System Enhanced Feature Configuration Guide.
IP Policy Forwarding
IP Policy Forwarding enables the routing of subscriber data traffic to specific destinations based on configuration. This
functionality can be implemented in support of enterprise-specific applications (i.e. routing traffic to specific enterprise
domains) or for routing traffic to back-end servers for additional processing.
Description
The system can be configured to automatically forward data packets to a predetermined network destination. This can
be done in one of three ways:
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ Features and Functionality—Base Software
IP Pool-based Next Hop Forwarding - Forwards data packets based on the IP pool from which a subscriber
obtains an IP address.
ACL-based Policy Forwarding - Forwards data packets based on policies defined in Access Control Lists
(ACLs) and applied to contexts or interfaces.
Subscriber specific Next Hop Forwarding - Forwards all packets for a specific subscriber.
The simplest way to forward subscriber data is to use IP Pool-based Next Hop Forwarding. An IP pool is configured
with the address of a next hop gateway and data packets from all subscribers using the IP pool are forward to that
gateway.
Subscriber Next Hop forwarding is also very simple. In the subscriber configuration a nexthop forwarding address is
specified and all data packets for that subscriber are forwarded to the specified nexthop destination.
ACL-based Policy Forwarding gives you more control on redirecting data packets. By configuring an Access Control
List (ACL) you can forward data packets from a context or an interface by different criteria, such as; source or
destination IP address, ICMP type, or TCP/UDP port numbers.
ACLs are applied first. If ACL-based Policy Forwarding and Pool-based Next Hop Forwarding or Subscriber are
configured, data packets are first redirected as defined in the ACL, then all remaining data packets are redirected to the
next hop gateway defined by the IP pool or subscriber profile.
AAA Server Groups
Value-added feature to enable VPN service provisioning for enterprise or MVNO customers. Enables each corporate
customer to maintain its own AAA servers with its own unique configurable parameters and custom dictionaries.
Description
This feature provides support for up to 800 AAA (RADIUS and Diameter) server groups and 800 NAS IP addresses that
can be provisioned within a single context or across the entire chassis. A total of 128 servers can be assigned to an
individual server group. Up to 1,600 accounting, authentication and/or mediation servers are supported per chassis and
may be distributed across a maximum of 1,000 subscribers. This feature also enables the AAA servers to be distributed
across multiple subscribers within the same context.
Important: Due to additional memory requirements, this service can only be used with 8GB Packet Accelerator
Cards (PACs) or Packet Service Cards (PSCs)
Important:
For more information on AAA Server Group configuration, refer AAA Interface Administration and
Reference.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
Features and Functionality—Base Software ▀
Overlapping IP Address Pool Support
Overlapping IP Address Pools provides a mechanism for allowing operators to more flexibly support multiple corporate
VPN customers with the same private IP address space without the expensive investments in physically separate routers,
or expensive configurations using virtual routers.
Important: For more information on IP pool overlapping configuration, refer VLANs chapter in System
Enhanced Feature Configuration Guide.
Routing Protocol Support
The system's support for various routing protocols and routing mechanism provides an efficient mechanism for ensuring
the delivery of subscriber data packets.
Description
The following routing mechanisms and protocols are supported by the system:
Static Routes: The system supports the configuration of static network routes on a per context basis. Network
routes are defined by specifying an IP address and mask for the route, the name of the interface in the currant
context that the route must use, and a next hop IP address.
Open Shortest Path First (OSPF) Protocol version 2: A link-state routing protocol, OSPF is an Interior
Gateway Protocol (IGP) that routes IP packets based solely on the destination IP address found in the IP packet
header using the shortest path first. IP packets are routed ―as is‖, meaning they are not encapsulated in any
further protocol headers as they transit the network.
Variable length subnetting, areas, and redistribution into and out of OSPF are supported.
OSPF routing is supported in accordance with the following standards:
RFC-1850, OSPF Version 2 Management Information Base, November 1995
RFC-2328, OSPF Version 2, April 1998
RFC-3101 OSPF-NSSA Option, January 2003
Border Gateway Protocol version 4 (BGP-4): The system supports a subset of BGP (RFC-1771, A Border
Gateway Protocol 4 (BGP-4)), suitable for eBGP support of multi-homing typically used to support
geographically redundant mobile gateways, is supported.
EBGP is supported with multi-hop, route filtering, redistribution, and route maps. The network command is
support for manual route advertisement or redistribution.
BGP route policy and path selection is supported by the following means:
Prefix match based on route access list
AS path access-list
Modification of AS path through path prepend
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ Features and Functionality—Base Software
Origin type
MED
Weight
Route Policy: Routing policies modify and redirect routes to and from the system to satisfy specific routing
needs. The following methods are used with or without active routing protocols (i.e. static or dynamic routing)
to prescribe routing policy:
Route Access Lists: The basic building block of a routing policy, route access lists filter routes based
upon a specified range of IP addresses.
IP Prefix Lists: A more advanced element of a routing policy. An IP Prefix list filters routes based
upon IP prefixes.
AS Path Access Lists: A basic building block used for Border Gateway Protocol (BGP) routing, these
lists filter Autonomous System (AS) paths.
Route Maps: Route-maps are used for detailed control over the manipulation of routes during route selection or
route advertisement by a routing protocol and in route redistribution between routing protocols. This detailed
control is achieved using IP Prefix Lists, Route Access Lists and AS Path Access Lists to specify IP addresses,
address ranges, and Autonomous System Paths.
Equal Cost Multiple Path (ECMP): ECMP allows distribution of traffic across multiple routes that have the
same cost to the destination. In this manner, throughput load is distributed across multiple path, typically to
lessen the burden on any one route and provide redundancy. The mobile gateway supports from four to ten
equal-cost paths.
Important: For more information on IP Routing configuration, refer Routing chapter in System Enhanced
Feature Configuration Guide.
Management System Overview
The system's management capabilities are designed around the Telecommunications Management Network (TMN)
model for management -- focusing on providing superior quality Network Element (NE) and element management
system (Web Element Manager) functions. The system provides element management applications that can easily be
integrated, using standards-based protocols (CORBA and SNMPv1, v2), into higher-level management systems -giving wireless operators the ability to integrate the system into their overall network, service, and business
management systems. In addition, all management is performed out-of-band for security and to maintain system
performance.
Description
Cisco‘s O&M module offers comprehensive management capabilities to the operators and enables them to operate the
system more efficiently. There are multiple ways to manage the system either locally or remotely using its out-of-band
management interfaces.
These include:
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
Features and Functionality—Base Software ▀
Using the Command Line Interface (CLI)
Remote login using Telnet, and Secure Shell (SSH) access to CLI through SPIO card's Ethernet management
interfaces
Local login through the Console port on SPIO card using an RS-232 serial connection
Using the Web Element Manager application
Supports communications through 10 Base-T, 100 Base-TX, 1000 Base-TX, or 1000
Base-SX (optical gigabit Ethernet) Ethernet management interfaces on the SPIO
Client-Server model supports any browser (i.e. Microsoft Internet Explorer v5.0 and above or Netscape v4.7 or
above, and others)
Supports Common Object Request Broker Architecture (CORBA) protocol and Simple Network Management
Protocol version 1 (SNMPv1) for fault management
Provides complete Fault, Configuration, Accounting, Performance, and Security (FCAPS) capabilities
Can be easily integrated with higher-level network, service, and business layer applications using the Object
Management Group's (OMG‘s) Interface Definition Language (IDL)
Important: For more information on command line interface based management, refer Command Line Interface
Reference and PDSN Administration Guide.
Bulk Statistics Support
The system's support for bulk statistics allows operators to choose to view not only statistics that are of importance to
them, but also to configure the format in which it is presented. This simplifies the post-processing of statistical data
since it can be formatted to be parsed by external, back-end processors.
When used in conjunction with the Web Element Manager, the data can be parsed, archived, and graphed.
Description
The system can be configured to collect bulk statistics (performance data) and send them to a collection server (called a
receiver). Bulk statistics are statistics that are collected in a group. The individual statistics are grouped by schema. The
following schemas are supported:
System: Provides system-level statistics
Card: Provides card-level statistics
Port: Provides port-level statistics
BCMCS: Provides BCMCS service statistics
FA: Provides FA service statistics
HA: Provides HA service statistics
IP Pool: Provides IP pool statistics
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ Features and Functionality—Base Software
MIPv6HA: Provides MIPv6HA service statistics
PPP: Provides Point-to-Point Protocol statistics
RADIUS: Provides per-RADIUS server statistics
ECS: Provides Enhanced Charging Service Statistics
The system supports the configuration of up to 4 sets (primary/secondary) of receivers. Each set can be configured with
to collect specific sets of statistics from the various schemas. Statistics can be pulled manually from the IMG or sent at
configured intervals. The bulk statistics are stored on the receiver(s) in files.
The format of the bulk statistic data files can be configured by the user. Users can specify the format of the file name,
file headers, and/or footers to include information such as the date, IMG host name, IMG uptime, the IP address of the
system generating the statistics (available for only for headers and footers), and/or the time that the file was generated.
When the Web Element Manager is used as the receiver, it is capable of further processing the statistics data through
XML parsing, archiving, and graphing.
The Bulk Statistics Server component of the Web Element Manager parses collected statistics and stores the information
in the PostgreSQL database. If XML file generation and transfer is required, this element generates the XML output and
can send it to a Northbound NMS or an alternate bulk statistics server for further processing.
Additionally, if archiving of the collected statistics is desired, the Bulk Statistics server writes the files to an alternative
directory on the server. A specific directory can be configured by the administrative user or the default directory can be
used. Regardless, the directory can be on a local file system or on an NFS-mounted file system on the Web Element
Manager server.
Threshold Crossing Alerts (TCA) Support
Thresholding on the system is used to monitor the system for conditions that could potentially cause errors or outage.
Typically, these conditions are temporary (i.e high CPU utilization, or packet collisions on a network) and are quickly
resolved. However, continuous or large numbers of these error conditions within a specific time interval may be
indicative of larger, more severe issues. The purpose of thresholding is to help identify potentially severe conditions so
that immediate action can be taken to minimize and/or avoid system downtime.
The system supports Threshold Crossing Alerts for certain key resources such as CPU, memory, IP pool addresses, etc.
With this capability, the operator can configure threshold on these resources whereby, should the resource depletion
cross the configured threshold, a SNMP Trap would be sent.
Description
The following thresholding models are supported by the system:
Alert: A value is monitored and an alert condition occurs when the value reaches or exceeds the configured high
threshold within the specified polling interval. The alert is generated then generated and/or sent at the end of
the polling interval.
Alarm: Both high and low threshold are defined for a value. An alarm condition occurs when the value reaches
or exceeds the configured high threshold within the specified polling interval. The alert is generated then
generated and/or sent at the end of the polling interval.
Thresholding reports conditions using one of the following mechanisms:
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
Features and Functionality—Base Software ▀
SNMP traps: SNMP traps have been created that indicate the condition (high threshold crossing and/or clear) of
each of the monitored values.
Generation of specific traps can be enabled or disabled on the chassis. Ensuring that only important faults get
displayed. SNMP traps are supported in both Alert and Alarm modes.
Logs: The system provides a facility called threshold for which active and event logs can be generated. As with
other system facilities, logs are generated Log messages pertaining to the condition of a monitored value are
generated with a severity level of WARNING.
Logs are supported in both the Alert and the Alarm models.
Alarm System: High threshold alarms generated within the specified polling interval are considered
―outstanding‖ until a the condition no longer exists or a condition clear alarm is generated. ―Outstanding‖
alarms are reported to the system's alarm subsystem and are viewable through the Alarm Management menu in
the Web Element Manager.
The Alarm System is used only in conjunction with the Alarm model.
Important:
For more information on threshold crossing alert configuration, refer Thresholding Configuration
Guide.
IP Header Compression - Van Jacobson
Implementing IP header compression provides the following benefits:
Improves interactive response time
Allows the use of small packets for bulk data with good line efficiency
Allows the use of small packets for delay sensitive low data-rate traffic
Decreases header overhead
Reduces packet loss rate over lossy links
Description
The system supports the Van Jacobson (VJ) IP header compression algorithms by default for subscriber traffic.
The VJ header compression is supported as per RFC 1144 (CTCP) header compression standard developed by V.
Jacobson in 1990. It is commonly known as VJ compression. It describes a basic method for compressing the headers of
IPv4/TCP packets to improve performance over low speed serial links.
By default IP header compression using the VJ algorithm is enabled for subscribers. You can also turn off IP header
compression for a subscriber.
Important: For more information on IP header compression support, refer IP Header Compression chapter in
System Enhanced Feature Configuration Guide.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ Features and Functionality—Base Software
DSCP Marking
Provides support for more granular configuration of DSCP marking.
For different Traffic class, the PDSN supports per-service and per-subscriber configurable DSCP marking for Uplink
and Downlink direction based on Allocation/Retention Priority in addition to the current priorities.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
Features and Functionality - Optional Enhanced Software Features ▀
Features and Functionality - Optional Enhanced Software
Features
This section describes the optional enhanced features and functions for PDSN service.
Each of the following features require the purchase of an additional license to implement the functionality with the
PDSN service.
This section describes following features:
Session Recovery Support
IPv6 Support
L2TP LAC Support
L2TP LNS Support
Proxy Mobile IP
IP Security (IPSec)
Traffic Policing and Rate Limiting
Dynamic RADIUS Extensions (Change of Authorization)
Web Element Management System
Session Recovery Support
The Session Recovery feature provides seamless failover and reconstruction of subscriber session information in the
event of a hardware or software fault within the system preventing a fully connected user session from being
disconnected.
Description
Session recovery is performed by mirroring key software processes (e.g. session manager and AAA manager) within the
system. These mirrored processes remain in an idle state (in standby-mode), wherein they perform no processing, until
they may be needed in the case of a software failure (e.g. a session manager task aborts). The system spawns new
instances of ―standby mode‖ session and AAA managers for each active Control Processor (CP) being used.
Additionally, other key system-level software tasks, such as VPN manager, are performed on a physically separate
Packet Accelerator Card (PAC) to ensure that a double software fault (e.g. session manager and VPN manager fails at
same time on same card) cannot occur. The PAC used to host the VPN manager process is in active mode and is
reserved by the operating system for this sole use when session recovery is enabled.
The additional hardware resources required for session recovery include a standby System Processor Card (SPC) and a
standby PAC.
There are two modes for Session Recovery.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ Features and Functionality - Optional Enhanced Software Features
Task recovery mode: Wherein one or more session manager failures occur and are recovered without the need
to use resources on a standby PAC. In this mode, recovery is performed by using the mirrored ―standby-mode‖
session manager task(s) running on active PACs. The ―standby-mode‖ task is renamed, made active, and is
then populated using information from other tasks such as AAA manager.
Full PAC recovery mode: Used when a PAC hardware failure occurs, or when a PAC migration failure
happens. In this mode, the standby PAC is made active and the ―standby-mode‖ session manager and AAA
manager tasks on the newly activated PAC perform session recovery.
Session/Call state information is saved in the peer AAA manager task because each AAA manager and session manager
task is paired together. These pairs are started on physically different PACs to ensure task recovery.
Important: For more information on session recovery support, refer Session Recovery chapter in System
Enhanced Feature Configuration Guide.
IPv6 Support
This feature allows IPv6 subscribers to connect via the CDMA 2000 infrastructure in accordance with the following
standards:
RFC 2460: Internet Protocol, Version 6 (IPv6) Specification
RFC 2461: Neighbor Discovery for IPv6
RFC 2462: IPv6 Stateless Address Autoconfiguration
RFC 3314: Recommendations for IPv6 in 3GPP Standards
RFC 3316: Internet Protocol Version 6 (IPv6) for Some Second and Third Generation Cellular Hosts
RFC 3056: Connection of IPv6 domains via IPv4 clouds
3GPP TS 23.060: General Packet Radio Service (GPRS) Service description
3GPP TS 27.060: Mobile Station Supporting Packet Switched Services
3GPP TS 29.061: Interworking between the Public Land Mobile Network (PLMN) supporting Packet Based
Services and Packet Data Networks (PDN)
Description
The PDSN allows a subscriber to be configured for IPv6 PDP contexts. Also, a subscriber may be configured to
simultaneously allow IPv4 PDP contexts.
The PDSN supports IPv6 stateless dynamic auto-configuration. The mobile station may select any value for the
interface identifier portion of the address. The link-local address is assigned by the PDSN to avoid any conflict between
the mobile station link-local address and the PDSN address. The mobile station uses the interface identifier assigned by
the PDSN during the stateless address auto-configuration procedure. Once this has completed, the mobile can select any
interface identifier for further communication as long as it does not conflict with the PDSN's interface identifier that the
mobile learned through router advertisement messages from the PDSN.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
Features and Functionality - Optional Enhanced Software Features ▀
Control and configuration of the above is specified as part of the subscriber configuration on the PDSN, e.g., IPv6
address prefix and parameters for the IPv6 router advertisements. RADIUS VSAs may be used to override the
subscriber configuration.
Following IPv6 PDP context establishment, the PDSN can perform either manual or automatic 6to4 tunneling,
according to RFC 3056, Connection of IPv6 Domains Via IPv4 Clouds.
L2TP LAC Support
The system configured as a Layer 2 Tunneling Protocol Access Concentrator (LAC) enables communication with L2TP
Network Servers (LNSs) for the establishment of secure Virtual Private Network (VPN) tunnels between the operator
and a subscriber's corporate or home network.
Description
The use of L2TP in VPN networks is often used as it allows the corporation to have more control over authentication
and IP address assignment. An operator may do a first level of authentication, however use PPP to exchange user name
and password, and use IPCP to request an address. To support PPP negotiation between the PDSN and the corporation,
an L2TP tunnel must be setup in the PDSN running a LAC service.
L2TP establishes L2TP control tunnels between LAC and LNS before tunneling the subscriber PPP connections as
L2TP sessions. The LAC service is based on the same architecture as the PDSN and benefits from dynamic resource
allocation and distributed message and data processing. This design allows the LAC service to support over 4000 setups
per second or a maximum of over 3G of throughput. There can be a maximum up to 65535 sessions in a single tunnel
and as many as 500,000 L2TP sessions using 32,000 tunnels per system.
The LAC sessions can also be configured to be redundant, thereby mitigating any impact of hardware of software
issues. Tunnel state is preserved by copying the information across processor cards.
Important:
For more information on L2TP Access Concentrator support, refer L2TP Access Concentrator
chapter in System Enhanced Feature Configuration Guide.
L2TP LNS Support
The system configured as a Layer 2 Tunneling Protocol Network Server (LNS) supports the termination secure Virtual
Private Network (VPN) tunnels between from L2TP Access Concentrators (LACs).
Description
The LNS service takes advantage of the high performance PPP processing already supported in the system design and is
a natural evolution from the LAC. The LNS can be used as a standalone, or running alongside a PDSN service in the
same platform, terminating L2TP services in a cost effective and seamless manner.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ Features and Functionality - Optional Enhanced Software Features
L2TP establishes L2TP control tunnels between LAC and LNS before tunneling the subscriber PPP connections as
L2TP sessions. There can be a maximum of up to 65535 sessions in a single tunnel and up to 500,000 sessions per LNS.
The LNS architecture is similar to the PDSN and utilizes the concept of a de-multiplexer to intelligently assign new
L2TP sessions across the available software and hardware resources on the platform without operator intervention..
Important: For more information on L2TP LNS support support, refer L2TP Access Concentrator chapter in
System Enhanced Feature Configuration Guide.
Proxy Mobile IP
Mobility for subscriber sessions is provided through the Mobile IP protocol as defined in RFCs 2002-2005. However,
some older Mobile Nodes (MNs) do not support the Mobile IP protocol. The Proxy Mobile IP feature provides a
mobility solution for these MNs.
Description
For IP PDP contexts using Proxy Mobile IP, the MN establishes a session with the PDSN as it normally would.
However, the PDSN/FA performs Mobile IP operations with an HA (identified by information stored in the subscriber's
profile) on behalf of the MN (i.e. the MN is only responsible for maintaining the IP PDP context with the PDSN, no
Agent Advertisement messages are communicated with the MN).
The MN is assigned an IP address by either the HA, an AAA server, or on a static-basis. The address is stored in a
Mobile Binding Record (MBR) stored on the HA. Therefore, as the MN roams through the service provider's network,
each time a hand-off occurs, the MN will continue to use the same IP address stored in the MBR on the HA.
Proxy Mobile IP can be performed on a per-subscriber basis based on information contained in their user profile, or for
all subscribers facilitated by a specific subscriber. In the case of non-transparent IP PDP contexts, attributes returned
from the subscriber's profile take precedence over the configuration of the subscriber.
Important: For more information on Proxy Mobile IP configuration, refer Proxy Mobile IP chapter in System
Enhanced Feature Configuration Guide.
IP Security (IPSec)
IP Security provides a mechanism for establishing secure tunnels from mobile subscribers to pre-defined endpoints (i.e.
enterprise or home networks) in accordance with the following standards:
RFC 2401, Security Architecture for the Internet Protocol
RFC 2402, IP Authentication Header (AH)
RFC 2406, IP Encapsulating Security Payload (ESP)
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
Features and Functionality - Optional Enhanced Software Features ▀
RFC 2409, The Internet Key Exchange (IKE)
RFC-3193, Securing L2TP using IPSEC, November 2001
Description
IP Security (IPSec) is a suite of protocols that interact with one another to provide secure private communications across
IP networks. These protocols allow the system to establish and maintain secure tunnels with peer security gateways.
IPSec can be implemented on the system for the following applications:
PDN Access: Subscriber IP traffic is routed over an IPSec tunnel from the system to a secure gateway on the
Packet Data Network (PDN) as determined by Access Control List (ACL) criteria.
Mobile IP: Mobile IP control signals and subscriber data is encapsulated in IPSec tunnels that are established
between Foreign Agents (FAs) and Home Agents (HAs) over the Pi interfaces.
Once an IPSec tunnel is established between an FA and HA for a particular subscriber, all new Mobile IP
sessions using the same FA and HA are passed over the tunnel regardless of whether or not IPSec is supported
for the new subscriber sessions. Data for existing Mobile IP sessions is unaffected.
L2TP: L2TP-encapsulated packets are routed from the system to an LNS/secure gateway over an IPSec tunnel.
Important: For more information on IPSec support, refer IP Security chapter in System Enhanced Feature
Configuration Guide.
Traffic Policing and Rate Limiting
Allows the operator to proportion the network and support Service-level Agreements (SLAs) for customers
Description
The Traffic-Policing/Shaping feature enables configuring and enforcing bandwidth limitations on individual PDP
contexts of a particular 3GPP traffic class. Values for traffic classes are defined in 3GPP TS 23.107 and are negotiated
with the SGSN during PDP context activation using the values configured for the subscriber on the PDSN.
Configuration and enforcement is done independently on the downlink and the uplink directions for each of the 3GPP
traffic classes. Configuration is on a per-subscriber basis, but may be overridden for individual subscribers or subscriber
tiers during RADIUS authentication/authorization.
A Token Bucket Algorithm (a modified trTCM, as specified in RFC2698) is used to implement the Traffic-Policing
feature. The algorithm measures the following criteria when determining how to mark a packet.
Committed Data Rate (CDR): The guaranteed rate (in bits per second) at which packets may be transmitted/received for
the subscriber during the sampling interval.
Peak Data Rate (PDR): The maximum rate (in bits per second) that packets may be transmitted/received for the
subscriber during the sampling interval.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ Features and Functionality - Optional Enhanced Software Features
Burst-size: The maximum number of bytes that may be transmitted/received for the subscriber during the sampling
interval for both committed (CBS) and peak (PBS) rate conditions. This represents the maximum number of tokens that
can be placed in the subscriber's ―bucket‖. Note that the committed burst size (CBS) equals the peak burst size (PBS) for
each subscriber.
Tokens are removed from the subscriber's bucket based on the size of the packets being transmitted/received. Every
time a packet arrives, the system determines how many tokens need to be added (returned) to a subscriber's CBS (and
PBS) bucket. This value is derived by computing the product of the time difference between incoming packets and the
CDR (or PDR). The computed value is then added to the tokens remaining in the subscriber's CBS (or PBS) bucket. The
total number of tokens can not be greater than the configured burst-size. If the total number of tokens is greater than the
burst-size, the number is set to equal the burst-size. After passing through the Token Bucket Algorithm, the packet is
internally classified with a color, as follows:
There are not enough tokens in the PBS bucket to allow a packet to pass, then the packet is considered to be in
violation and is marked ―red‖ and the violation counter is incremented by one.
There are enough tokens in the PBS bucket to allow a packet to pass, but not in the CBS ―bucket‖, then the
packet is considered to be in excess and is marked ―yellow‖, the PBS bucket is decremented by the packet size,
and the exceed counter is incremented by one.
There are more tokens present in the CBS bucket than the size of the packet, then the packet is considered as
conforming and is marked ―green‖ and the CBS and PBS buckets are decremented by the packet size.
The subscriber on the PDSN can be configured with actions to take for red and yellow packets. Any of the following
actions may be specified:
Drop: The offending packet is discarded.
Transmit: The offending packet is passed.
Lower the IP Precedence: The packet's ToS octet is set to ―0‖, thus downgrading it to Best Effort, prior to
passing the packet.
Buffer the Packet: The packet stored in buffer memory and transmitted to subscriber once traffic flow comes in
allowed bandwidth.
Different actions may be specified for red and yellow, as well as for uplink and downlink directions and different 3GPP
traffic classes.
Refer to the Intelligent Traffic Control section for additional policing and shaping capabilities of the PDSN.
Important: For more information on per subscriber traffic policing and shaping, refer Traffic Policing and
Shaping chapter in System Enhanced Feature Configuration Guide.
Intelligent Traffic Control
Enables operators to provide differentiated tiered service provisioning for native and non-native subscribers.
Description
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
Features and Functionality - Optional Enhanced Software Features ▀
Mobile carriers are looking for creative methods for maximizing network resources while, at the same time, enhancing
their end users overall experience. These same mobile operators are beginning to examine solutions for providing
preferential treatment for their native subscribers and services as compared to, for example, roaming subscribers,
Mobile Virtual Network Operators (MVNOs) and/or Peer-to-Peer (P2P) applications. The overall end goal is to provide
superior levels of performance for their customers/services, while ensuring that non-native users/applications do not
overwhelm network resources.
ITC provides the ability to examine each subscriber session and respective flow(s) such that selective, configurable
limits on a per-subscriber/per-flow basis can be applied. Initially, QoS in this context is defined as traffic policing on a
per-subscriber/per-flow basis with the potential to manipulate Differentiated Services Code Points (DSCPs), queue
redirection (i.e. move traffic to a Best Effort (BE) classification) and/or simply dropping out of profile traffic. ITC
enables 5 tuple packet filters for individual application flows to be either manually configured via CLI or dynamically
established via RSVP TFT information elements in 1xEV-DO Rev A or as a consequence of PDP context
establishments in CDMA networks. Policy rules may be locally assigned or obtained from an external PCRF via
push/pull policy signaling interactions. Policies may be applied on a per-subscriber, per-context and/or chassis-wide
basis.
Important: For more information on intelligent traffic control support, refer Intelligent Traffic Control chapter in
System Enhanced Feature Configuration Guide.
Dynamic RADIUS Extensions (Change of Authorization)
Dynamic RADIUS extension support provide operators with greater control over subscriber PDP contexts by providing
the ability to dynamically redirect data traffic, and or disconnect the PDP context.
This functionality is based on the RFC 3576, Dynamic Authorization Extensions to Remote Authentication Dial In User
Service (RADIUS), July 2003 standard.
Description
The system supports the configuration and use of the following dynamic RADIUS extensions:
Change of Authorization: The system supports CoA messages from the AAA server to change data filters
associated with a subscriber session. The CoA request message from the AAA server must contain attributes to
identify NAS and the subscriber session and a data filter ID for the data filter to apply to the subscriber session.
Disconnect Message: The DM message is used to disconnect subscriber sessions in the system from a RADIUS
server. The DM request message should contain necessary attributes to identify the subscriber session.
The above extensions can be used to dynamically re-direct subscriber PDP contexts to an alternate address for
performing functions such as provisioning and/or account set up. This functionality is referred to as Session Redirection,
or Hotlining.
Session redirection provides a means to redirect subscriber traffic to an external server by applying ACL rules to the
traffic of an existing or a new subscriber session. The destination address and optionally the destination port of TCP/IP
or UDP/IP packets from the subscriber are rewritten so the packet is forwarded to the designated redirected address.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ Features and Functionality - Optional Enhanced Software Features
Return traffic to the subscriber has the source address and port rewritten to the original values. The redirect ACL may be
applied dynamically by means of the Radius Change of Authorization (CoA) extension.
Important: For more information on dynamic RADIUS extensions support, refer CoA, RADIUS, And Session
Redirection (Hotlining) chapter in System Enhanced Feature Configuration Guide.
Web Element Management System
Benefits
Provides a Graphical User Interface (GUI) for performing Fault, Configuration, Accounting, Performance, and Security
(FCAPS) management of the ST-series Multimedia Core Platforms.
Description
The Web Element Manager is a Common Object Request Broker Architecture (CORBA)-based application that
provides complete Fault, Configuration, Accounting, Performance, and Security (FCAPS) management capability for
the system.
For maximum flexibility and scalability, the Web Element Manager application implements a client-server architecture.
This architecture allows remote clients with Java-enabled web browsers to manage one or more systems via the server
component which implements the CORBA interfaces. The server component is fully compatible with the fault-tolerant
Sun® Solaris® operating system.
Important:
For more information on WEM support, refer WEM Installation and Administration Guide.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
CDMA2000 Data Network Deployment Configurations ▀
CDMA2000 Data Network Deployment Configurations
This section provides examples of how the system can be deployed within a wireless carrier‘s network. As noted
previously in this chapter, the system can be deployed in standalone configurations, serving as a Packet Data Serving
Node/Foreign Agent (PDSN/FA), a Home Agent (HA), or in a combined PDSN/FA/HA configuration providing all
services from a single chassis. Although XT-2 systems are highly flexible, but XT-2 systems are pre-loaded with
purchased services and operator can not add additional services through license. Operator needs to predefine the
services required on a system.
Standalone PDSN/FA and HA Deployments
The PDSN/FA serves as an integral part of a CDMA2000 network by providing the packet processing and re-direction
to the mobile user's home network through communications with the HA. In cases where the mobile user connects to a
PDSN that serves their home network, no re-direction is required.
The following figure depicts a sample network configuration wherein the PDSN/FA and HA are separate systems.
Figure 91.
PDSN/FA and HA Network Deployment Configuration Example
The HA allows mobile nodes to be reached, or served, by their home network through its home address even when the
mobile node is not attached to its home network. The HA performs this function through interaction with an FA that the
mobile node is communicating with using the Mobile IP protocol. Such transactions are performed through the use of
virtual private networks that create Mobile IP tunnels between the HA and FA.
Interface Descriptions
This section describes the primary interfaces used in a CDMA2000 wireless data network deployment.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ CDMA2000 Data Network Deployment Configurations
R-P Interface
This interface exists between the Packet Control Function (PCF) and the PDSN/FA and implements the A10 and A11
(data and bearer signaling respectively) protocols defined in 3GPP2 specifications.
The PCF can be co-located with the Base Station Controller (BSC) as part of the Radio Access Node (RAN). The
PDSN/FA is connected to the RAN via Ethernet line cards installed in the rear of the chassis. The system supports either
8-port Fast Ethernet line cards (Ethernet 10/100) or single-port small form-factor pluggable (SFP) optical gigabit
Ethernet line cards (Ethernet 1000) or four-port Quad Gig-E line cards (QGLC). These line cards also support outbound
IP traffic that carries user data to the HA for Mobile IP services, or to the Internet or Wireless Access Protocol (WAP)
gateway for Simple IP services.
Pi Interfaces
The Pi interface provides connectivity between the HA and its corresponding FA. The Pi interface is used to establish a
Mobile IP tunnels between the PDSN/FA and HA.
PDN Interfaces
PDN interface provide connectivity between the PDSN and/or HA to packet data networks such as the Internet or a
corporate intranet.
AAA Interfaces
Using the LAN ports located on the Switch Processor I/O (SPIO) and Ethernet line cards, these interfaces carry AAA
messages to and from RADIUS accounting and authentication servers. The SPIO supports RADIUS-capable
management interfaces using either copper or fiber Ethernet connectivity through two auto-sensing 10/100/1000 Mbps
Ethernet interfaces or two SFP optical gigabit Ethernet interfaces. User-based RADIUS messaging is transported using
the Ethernet line cards.
While most carriers will configure separate AAA interfaces to allow for out-of-band RADIUS messaging for system
administrative users and other operations personnel, it is possible to use a single AAA interface hosted on the Ethernet
line cards to support a single RADIUS server that supports both management users and network users.
Important:
Subscriber AAA interfaces should always be configured using Ethernet line card interfaces for the
highest performance. The out-of-band local context should not be used for service subscriber AAA functions.
Co-Located Deployments
An advantage of the system is its ability to support both high-density PDSN/FA and HA configurations within the same
chassis. The economies of scale presented in this configuration example provide for both improved session handling and
reduced cost in deploying a CDMA2000 data network.
The following figure depicts a sample co-located deployment.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
CDMA2000 Data Network Deployment Configurations ▀
Figure 92.
Co-located PDSN/FA and HA Configuration Example
It should be noted that all interfaces defined within the 3GPP2 standards for 1x deployments exist in this configuration
as they are described in the two previous sections. This configuration can support communications to external, or
standalone, PDSNs/FAs and/or HAs using all prescribed standards.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ Understanding Simple IP and Mobile IP
Understanding Simple IP and Mobile IP
From a mobile subscriber's perspective, packet data services are delivered from the service provider network using two
access methods:
Local and public network access
Private network access
Within the packet data network, access is similar to accessing the public Internet through any other access device. In a
private network access scenario, the user must be tunneled into the private network after initial authentication has been
performed.
These two methods are provided using one of the following access applications:
Simple IP: The mobile user is dynamically assigned an IP address from the service provider. The user can
maintain this address within a defined geographical area, but when the user moves outside of this area, their IP
address will be lost. This means that whenever a mobile user moves to a new location, they will need to reregister with the service provider to obtain a new IP address.
Mobile IP: The mobile subscriber uses either a static or dynamically assigned IP address that belongs to their
home network. As the subscriber roams through the network, the IP address is maintained providing the
subscriber with the opportunity to use IP applications that require seamless mobility such as performing file
transfers.
Proxy Mobile IP: Provides a mobility solution for subscribers whose Mobile Nodes (MNs) do not support the
Mobile IP protocol. The PDSN/FA proxy the Mobile IP tunnel with the HA on behalf of the MS. The
subscriber receives an IP address from either the service provider or from their home network. As the
subscriber roams through the network, the IP address is maintained providing the subscriber with the
opportunity to use IP applications that require seamless mobility such as transferring files.
The following sections outline both Simple IP, Mobile IP, and Proxy Mobile IP and how they work in a 3G network.
Simple IP
From a packet data perspective, Simple IP is similar to how a dial-up user would connect to the Internet using the Pointto-Point Protocol (PPP) and the Internet Protocol (IP) through an Internet Service Provider (ISP). With Simple IP, the
mobile user is assigned a dynamic IP address from a PDSN or AAA server that is serving them locally (a specific
geographic area). Once the mobile user is connected to the particular radio network that the assigning PDSN belongs to,
an IP address is assigned to the mobile node. The PDSN provides IP routing services to the registered mobile user
through the wireless service provider's network.
There is no mobility beyond the PDSN that assigns the dynamic IP address to the mobile user, which means that should
the mobile user leave the geographic area where service was established (moves to a new radio network service area),
they will need to obtain a new IP address with a new PDSN that is serving the new area. This new connection may or
may not be provided by the same service provider.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
Understanding Simple IP and Mobile IP ▀
How Simple IP Works
As described earlier, Simple IP uses two basic communications protocols, PPP and IP. The following figure depicts
where each of these protocols are used in a Simple IP call.
Figure 93. Simple IP Protocol Usage
As depicted in the figure above, PPP is used to establish a communications session between the MN and the PDSN.
Once a PPP session is established, the Mobile Node (MN) and end host communicate using IP packets.
The following figure and table provides a high-level view of the steps required to make a Simple IP call that is initiated
by the MN to an end host. Users should keep in mind that steps 2, 3, 11, and 12 in the call flow are related to the Radio
Access Node (RAN) functions and are intended to show a high-level overview of radio communications iterations, and
as such are outside the scope of packet-based communications presented here.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ Understanding Simple IP and Mobile IP
Figure 94.
Simple IP Call Flow
Table 65.
Simple IP Call Flow Description
Step
Description
1
Mobile Node (MN) secures a traffic channel over the airlink with the RAN through the BSC/PCF.
2
The PCF and PDSN establish the R-P interface for the session.
3
The PDSN and MN negotiate Link Control Protocol (LCP).
4
Upon successful LCP negotiation, the MN sends a PPP Authentication Request message to the PDSN.
5
The PDSN sends an Access Request message to the RADIUS AAA server.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
Understanding Simple IP and Mobile IP ▀
Step
Description
6
The RADIUS AAA server successfully authenticates the subscriber and returns an Access Accept message to the PDSN.
The Accept message may contain various attributes to be assigned to the MN.
7
The PDSN sends a PPP Authentication Response message to the MN.
8
The MN and the PDSN negotiate the Internet Protocol Control Protocol (IPCP) that results in the MN receiving an IP
address.
9
The PDSN forwards a RADIUS Accounting Start message to the AAA server fully establishing the session allowing the
MN to send/receive data to/from the PDN.
10
Upon completion of the session, the MN sends an LCP Terminate Request message to the PDSN to end the PPP session.
11
The BSC closes the radio link while the PCF closes the R-P session between it and the PDSN. All PDSN resources used to
facilitate the session are reclaimed (IP address, memory, etc.).
12
The PDSN sends accounting stop record to the AAA server, ending the session.
Mobile IP
Mobile IP provides a network-layer solution that allows mobile nodes (MNs, i.e. mobile phones, wireless PDAs, and
other mobile devices) to receive routed IP packets from their home network while they are connected to any visitor
network using their permanent or home IP address. Mobile IP allows mobility in a dynamic method that allows nodes to
maintain ongoing communications while changing links as the user traverses the global Internet from various locations
outside their home network.
In Mobile IP, the Mobile Node (MN) receives an IP address, either static or dynamic, called the ―home address‖
assigned by its Home Agent (HA). A distinct advantage with Mobile IP is that MNs can hand off between different
radio networks that are served by different PDSNs.
In this scenario, the PDSN in the visitor network performs as a Foreign Agent (FA), establishing a virtual session with
the MN's HA. Each time the MN registers with a different PDSN/FA, the FA assigns the MN a care-of-address. Packets
are then encapsulated into IP tunnels and transported between FA, HA, and the MN.
Mobile IP Tunneling Methods
Tunneling by itself is a technology that enables one network to send its data via another network's connections.
Tunneling works by encapsulating a network protocol within a packet, carried by the second network. Tunneling is also
called encapsulation. Service providers typically use tunneling for two purposes; first, to transport otherwise un-routable
packets across the IP network and second, to provide data separation for Virtual Private Networking (VPN) services. In
Mobile IP, tunnels are used to transport data packets between the FA and HA.
The system supports the following tunneling protocols, as defined in the IS-835-A specification and the relevant
Request For Comments (RFCs) for Mobile IP:
IP in IP tunnels
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ Understanding Simple IP and Mobile IP
IP in IP tunnels basically encapsulate one IP packet within another using a simple encapsulation technique. To
encapsulate an IP datagram using IP in IP encapsulation, an outer IP header is inserted before the datagram's existing IP
header. Between them are other headers for the path, such as security headers specific to the tunnel configuration. Each
header chains to the next using IP Protocol values. The outer IP header Source and Destination identify the ―endpoints‖
of the tunnel. The inner IP header Source and Destination identify the original sender and recipient of the datagram,
while the inner IP header is not changed by the encapsulator, except to decrement the TTL, and remains unchanged
during its delivery to the tunnel exit point. No change to IP options in the inner header occurs during delivery of the
encapsulated datagram through the tunnel. If needed, other protocol headers such as the IP Authentication header may
be inserted between the outer IP header and the inner IP header.
The Mobile IP working group has specified the use of encapsulation as a way to deliver datagrams from an MN's HA to
an FA, and conversely from an FA to an HA, that can deliver the data locally to the MN at its current location.
GRE tunnels
The Generic Routing Encapsulation (GRE) protocol performs encapsulation of IP packets for transport across disparate
networks. One advantage of GRE over earlier tunneling protocols is that any transport protocol can be encapsulated in
GRE. GRE is a simple, low overhead approach—the GRE protocol itself can be expressed in as few as eight octets as
there is no authentication or tunnel configuration parameter negotiation. GRE is also known as IP Protocol 47.
Important: The chassis simultaneously supports GRE protocols with key in accordance with RFC-1701/RFC2784 and ―Legacy‖ GRE protocols without key in accordance to RFC-2002.
Another advantage of GRE tunneling over IP-in-IP tunneling is that GRE tunneling can be used even when conflicting
addresses are in use across multiple contexts (for the tunneled data).
Communications between the FA and HA can be done in either the forward or reverse direction using the above
protocols. Additionally, another method of routing information between the FA and various content servers used by the
HA exists. This method is called Triangular Routing. Each of these methods is explained below.
Forward Tunneling
In the wireless IP world, forward tunneling is a tunnel that transports packets from the packet data network towards the
MN. It starts at the HA and ends at the MN's care-of address. Tunnels can be as simple as IP-in-IP tunnels, GRE
tunnels, or even IP Security (IPSec) tunnels with encryption. These tunnels can be started automatically, and are
selected based on the subscriber's user profile.
The following figure shows an example of how forward tunneling is performed.
Reverse Tunneling
A reverse tunnel starts at the MN's care-of address, which is the FA, and terminates at the HA.
When an MN arrives at a foreign network, it listens for agent advertisements and selects an FA that supports reverse
tunnels. The MN requests this service when it registers through the selected FA. At this time, the MN may also specify a
delivery technique such as Direct or the Encapsulating Delivery Style.
Using the Direct Delivery Style, which is the default mode for the system, the MN designates the FA as its default
router and sends packets directly to the FA without encapsulation. The FA intercepts them, and tunnels them to the HA.
Using the Encapsulating Delivery Style, the MN encapsulates all its outgoing packets to the FA. The FA then deencapsulates and re-tunnels them to the HA, using the FA's care-of address as the entry-point for this new tunnel.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
Understanding Simple IP and Mobile IP ▀
Following are some of the advantages of reverse tunneling:
All datagrams from the mobile node seem to originate from its home network
The FA can keep track of the HA that the mobile node is registered to and tunnel all datagrams from the mobile
node to its HA
Triangular Routing
Triangular routing is the path followed by a packet from the MN to the Correspondent Node (CN) via the FA. In this
routing scenario, the HA receives all the packets destined to the MN from the CN and redirects them to the MN's careof-address by forward tunneling. In this case, the MN sends packets to the FA, which are transported using conventional
IP routing methods.
A key advantage of triangular routing is that reverse tunneling is not required, eliminating the need to encapsulate and
de-capsulate packets a second time during a Mobile IP session since only a forward tunnel exists between the HA and
PDSN/FA.
A disadvantage of using triangular routing is that the HA is unaware of all user traffic for billing purposes. Also, both
the HA and FA are required to be connected to a private network. This can be especially troublesome in large networks,
serving numerous enterprise customers, as each FA would have to be connected to each private network.
The following figure shows an example of how triangular routing is performed.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ Understanding Simple IP and Mobile IP
Figure 95.
Mobile IP, FA and HA Tunneling/Transport Methods
How Mobile IP Works
As described earlier, Mobile IP uses three basic communications protocols; PPP, IP, and Tunneled IP in the form of IPin-IP or GRE tunnels. The following figure depicts where each of these protocols are used in a basic Mobile IP call.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
Understanding Simple IP and Mobile IP ▀
Figure 96. Mobile IP Protocol Usage
As depicted in the figure above, PPP is used to establish a communications session between the MN and the FA. Once a
PPP session is established, the MN can communicate with the HA, using the FA as a mediator or broker. Data transport
between the FA and HA use tunneled IP, either IP-in-IP or GRE tunneling. Communication between the HA and End
Host can be achieved using the Internet or a private IP network and can use any IP protocol.
The following figure provides a high-level view of the steps required to make a Mobile IP call that is initiated by the
MN to a HA and table that follows, explains each step in detail. Users should keep in mind that steps in the call flow
related to the Radio Access Node (RAN) functions are intended to show a high-level overview of radio communications
iterations, and as such are outside the scope of packet-based communications presented here.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ Understanding Simple IP and Mobile IP
Figure 97.
Mobile IP Call Flow
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
Understanding Simple IP and Mobile IP ▀
Table 66.
Mobile IP Call Flow Description
Step
Description
1
Mobile Node (MN) secures a traffic channel over the airlink with the RAN through the BSC/PCF.
2
The PCF and PDSN establish the R-P interface for the session.
3
The PDSN and MN negotiate Link Control Protocol (LCP).
4
The PDSN and MN negotiate the Internet Protocol Control Protocol (IPCP).
5
The PDSN/FA sends an Agent Advertisement to the MN.
6
The MN sends a Mobile IP Registration Request to the PDSN/FA.
7
The PDSN/FA sends an Access Request message to the visitor AAA server.
8
The visitor AAA server proxies the request to the appropriate home AAA server.
9
The home AAA server sends an Access Accept message to the visitor AAA server.
10
The visitor AAA server forwards the response to the PDSN/FA.
11
Upon receipt of the response, the PDSN/FA forwards a Mobile IP Registration Request to the appropriate HA.
12
The HA sends an Access Request message to the home AAA server to authenticate the MN/subscriber.
13
The home AAA server returns an Access Accept message to the HA.
14
Upon receiving response from home AAA, the HA sends a reply to the PDSN/FA establishing a forward tunnel. Note that
the reply includes a Home Address (an IP address) for the MN.
15
The PDSN/FA sends an Accounting Start message to the visitor AAA server. The visitor AAA server proxies messages to
the home AAA server as needed.
16
The PDSN return a Mobile IP Registration Reply to the MN establishing the session allowing the MN to send/receive data
to/from the PDN.
17
Upon session completion, the MN sends a Registration Request message to the PDSN/FA with a requested lifetime of 0.
18
The PDSN/FA forwards the request to the HA.
19
The HA sends a Registration Reply to the PDSN/FA accepting the request.
20
The PDSN/FA forwards the response to the MN.
21
The MN and PDSN/FA negotiate the termination of LCP effectively ending the PPP session.
22
The PCF and PDSN/FA close terminate the R-P session.
23
The HA sends an Accounting Stop message to the home AAA server.
24
The PDSN/FA sends an Accounting Stop message to the visitor AAA server.
25
The visitor AAA server proxies the accounting data to the home AAA server.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ Understanding Simple IP and Mobile IP
Proxy Mobile IP
Proxy Mobile IP provides mobility for subscribers with MNs that do not support the Mobile IP protocol stack.
For subscriber sessions using Proxy Mobile IP, R-P and PPP sessions get established as they would for a Simple IP
session. However, the PDSN/FA performs Mobile IP operations with an HA (identified by information stored in the
subscriber‘s profile) on behalf of the MN while the MN performs only Simple IP processes. The protocol details are
similar to those displayed in figure earlier for Mobile IP.
The MN is assigned an IP address by either the PDSN/FA or the HA. Regardless of its source, the address is stored in a
Mobile Binding Record (MBR) stored on the HA. Therefore, as the MN roams through the service provider‘s network,
each time a hand-off occurs, the MN will receive the same IP address stored in the MBR on the HA.
Note that unlike Mobile IP-capable MNs that can perform multiple sessions over a single PPP link, Proxy Mobile IP
allows only a single session over the PPP link. In addition, simultaneous Mobile and Simple IP sessions will not be
supported for an MN by an FA currently facilitating a Proxy Mobile IP session for the MN.
How Proxy Mobile IP Works
This section contains call flows displaying successful Proxy Mobile IP session setup scenarios. Two scenarios are
described based on how the MN receives an IP address:
Scenario 1: The AAA server specifies an IP address that the PDSN allocates to the MN from one of its locally
configured static pools.
Scenario 2: The HA assigns an IP address to the MN from one of its locally configured dynamic pools.
Scenario 1: AAA server and PDSN/FA Allocate IP Address
The following figure and table display and describe a call flow in which the MN receives its IP address from the AAA
server and PDSN/FA.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
Understanding Simple IP and Mobile IP ▀
Figure 98. AAA/PDSN Assigned IP Address Proxy Mobile IP Call Flow
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ Understanding Simple IP and Mobile IP
Table 67. AAA/PDSN Assigned IP Address Proxy Mobile IP Call Flow Description
Step
Description
1
Mobile Node (MN) secures a traffic channel over the airlink with the RAN through the BSC/PCF.
2
The PCF and PDSN/FA establish the R-P interface for the session.
3
The PDSN/FA and MN negotiate Link Control Protocol (LCP).
4
Upon successful LCP negotiation, the MN sends a PPP Authentication Request message to the PDSN/FA.
5
The PDSN/FA sends an Access Request message to the RADIUS AAA server.
6
The RADIUS AAA server successfully authenticates the subscriber and returns an Access Accept message to the
PDSN/FA. The Accept message may contain various attributes to be assigned to the MN including the MN‘s Home
Address (IP address) and the IP address of the HA to use.
7
The PDSN/FA sends a PPP Authentication Response message to the MN.
8
The MN sends an Internet Protocol Control Protocol (IPCP) Configuration Request message to the PDSN/FA with an MN
address of 0.0.0.0.
9
The PDSN/FA forwards a Proxy Mobile IP Registration Request message to the HA. The message includes such things as
the MN‘s home address, the IP address of the FA (the care-of-address), and the FA-HA extension (security parameter index
(SPI)).
10
While the FA is communicating with the HA, the MN may send additional IPCP Configuration Request messages.
11
The HA responds with a Proxy Mobile IP Registration Response after validating the home address against it‘s pool(s). The
HA also creates a Mobile Binding Record (MBR) for the subscriber session.
12
The MN and the PDSN/FA negotiate IPCP. The result is that the MN is assigned the home address originally specified by
the AAA server.
13
While the MN and PDSN/FA are negotiating IPCP, the HA and AAA server initiate accounting.
14
Upon completion of the IPCP negotiation, the PDSN/FA and AAA server initiate accounting fully establishing the session
allowing the MN to send/receive data to/from the PDN.
15
Upon completion of the session, the MN sends an LCP Terminate Request message to the PDSN to end the PPP session.
16
The PDSN/FA sends a Proxy Mobile IP De-registration Request message to the HA.
17
The PDSN/FA send an LCP Terminate Acknowledge message to the MN ending the PPP session.
18
The HA sends a Proxy Mobile IP De-Registration Response message to the FA terminating the Pi interface
19
The PDSN/FA and the PCF terminate the R-P session.
20
The HA and the AAA server stop accounting for the session.
21
The PDSN and the AAA server stop accounting for the session.
Scenario 2: HA Assigns IP Address to MN from Locally Configured Dynamic Pools
The following figure and table display and describe a call flow in which the MN receives its IP address from the AAA
server and PDSN/FA.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
Understanding Simple IP and Mobile IP ▀
Figure 99. HA Assigned IP Address Proxy Mobile IP Call Flow
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ Understanding Simple IP and Mobile IP
Table 68. HA Assigned IP Address Proxy Mobile IP Call Flow Description
Step
Description
1
Mobile Node (MN) secures a traffic channel over the airlink with the RAN through the BSC/PCF.
2
The PCF and PDSN/FA establish the R-P interface for the session.
3
The PDSN/FA and MN negotiate Link Control Protocol (LCP).
4
Upon successful LCP negotiation, the MN sends a PPP Authentication Request message to the PDSN/FA.
5
The PDSN/FA sends an Access Request message to the RADIUS AAA server.
6
The RADIUS AAA server successfully authenticates the subscriber and returns an Access Accept message to the
PDSN/FA. The Accept message may contain various attributes to be assigned to the MN including the IP address of the
HA to use.
7
The PDSN/FA sends a PPP Authentication Response message to the MN.
8
The MN sends an Internet Protocol Control Protocol (IPCP) Configuration Request message to the PDSN/FA with an MN
address of 0.0.0.0.
9
The PDSN/FA forwards a Proxy Mobile IP Registration Request message to the HA. The message includes such things as a
Home Address indicator of 0.0.0.0, the IP address of the FA (the care-of-address), the IP address of the FA (the care-ofaddress), and the FA-HA extension (Security Parameter Index (SPI)).
10
While the FA is communicating with the HA, the MN may send additional IPCP Configuration Request messages.
11
The HA responds with a Proxy Mobile IP Registration Response. The response includes an IP address from one of its
locally configured pools to assign to the MN (its Home Address). The HA also creates a Mobile Binding Record (MBR) for
the subscriber session.
12
The MN and the PDSN/FA negotiate IPCP. The result is that the MN is assigned the home address originally specified by
the AAA server.
13
While the MN and PDSN/FA are negotiating IPCP, the HA and AAA server initiate accounting.
14
Upon completion of the IPCP negotiation, the PDSN/FA and AAA server initiate accounting fully establishing the session
allowing the MN to send/receive data to/from the PDN.
15
Upon completion of the session, the MN sends an LCP Terminate Request message to the PDSN to end the PPP session.
16
The PDSN/FA sends a Proxy Mobile IP De-registration Request message to the HA.
17
The PDSN/FA send an LCP Terminate Acknowledge message to the MN ending the PPP session.
18
The HA sends a Proxy Mobile IP De-Registration Response message to the FA terminating the Pi interface
19
The PDSN/FA and the PCF terminate the R-P session.
20
The HA and the AAA server stop accounting for the session.
21
The PDSN and the AAA server stop accounting for the session.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
Supported Standards ▀
Supported Standards
The system supports the following industry standards for 1x/CDMA2000/EV-DO devices.
Requests for Comments (RFCs)
RFC-768, User Datagram Protocol (UPD), August 1980
RFC-791, Internet Protocol (IP), September 1982
RFC-793, Transmission Control Protocol (TCP), September 1981
RFC-894, A Standard for the Transmission of IP Datagrams over Ethernet Networks, April 1984
RFC-1089, SNMP over Ethernet, February 1989
RFC-1144, Compressing TCP/IP headers for low-speed serial links, February 1990
RFC-1155, Structure and Identification of Management Information for TCP/IP-based Internets, May 1990
RFC-1157, Simple Network Management Protocol (SNMP) Version 1, May 1990
RFC-1212, Concise MIB Definitions, March 1991
RFC-1213, Management Information Base for Network Management of TCP/IP-based Internets: MIB-II, March
1991
RFC-1215, A Convention for Defining Traps for use with the SNMP, March 1991
RFC-1224, Techniques for Managing Asynchronously Generated Alerts, May 1991
RFC-1256, ICMP Router Discovery Messages, September 1991
RFC-1305, Network Time Protocol (Version 3) Specification, Implementation and Analysis, March 1992
RFC-1332, The PPP Internet Protocol Control Protocol (IPCP), May 1992
RFC-1398, Definitions of Managed Objects for the Ethernet-Like Interface Types, January 1993
RFC-1418, SNMP over OSI, March 1993
RFC-1570, PPP LCP Extensions, January 1994
RFC-1643, Definitions of Managed Objects for the Ethernet-like Interface Types, July 1994
RFC-1661, The Point to Point Protocol (PPP), July 1994
RFC-1662, PPP in HDLC-like Framing, July 1994
RFC-1701, Generic Routing Encapsulation (GRE), October 1994
RFC-1771, A Border Gateway Protocol 4 (BGP-4)
RFC-1850, OSPF Version 2 Management Information Base, November 1995
RFC-1901, Introduction to Community-based SNMPv2, January 1996
RFC-1902, Structure of Management Information for Version 2 of the Simple Network Management Protocol
(SNMPv2), January 1996
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ Supported Standards
RFC-1903, Textual Conventions for Version 2 of the Simple Network Management Protocol (SNMPv2),
January 1996
RFC-1904, Conformance Statements for Version 2 of the Simple Network Management Protocol (SNMPv2),
January 1996
RFC-1905, Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2), January
1996
RFC-1906, Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2), January
1996
RFC-1907, Management Information Base for Version 2 of the Simple Network Management Protocol
(SNMPv2), January 1996
RFC-1908, Coexistence between Version 1 and Version 2 of the Internet-standard Network Management
Framework, January 1996
RFC-1918, Address Allocation for Private Internets, February 1996
RFC-1919, Classical versus Transparent IP Proxies, March 1996
RFC-1962, The PPP Compression Control Protocol (CCP), June 1996
RFC-1974, PPP STAC LZS Compression Protocol, August 1996
RFC-2002, IP Mobility Support, May 1995
RFC-2003, IP Encapsulation within IP, October 1996
RFC-2004, Minimal Encapsulation within IP, October 1996
RFC-2005, Applicability Statement for IP Mobility Support, October 1996
RFC-2118, Microsoft Point-to-Point Compression (MPPC) Protocol, March 1997
RFC-2136, Dynamic Updates in the Domain Name System (DNS UPDATE)
RFC-2211, Specification of the Controlled-Load Network Element Service
RFC-2246, The Transport Layer Security (TLS) Protocol Version 1.0, January 1999
RFC-2290, Mobile IPv4 Configuration Option for PPP IPCP, February 1998
RFC-2328, OSPF Version 2, April 1998
RFC-2344, Reverse Tunneling for Mobile IP, May 1998
RFC-2394, IP Payload Compression Using DEFLATE, December 1998
RFC-2401, Security Architecture for the Internet Protocol, November 1998
RFC-2402, IP Authentication Header (AH), November 1998
RFC-2406, IP Encapsulating Security Payload (ESP), November 1998
RFC-2408, Internet Security Association and Key Management Protocol (ISAKMP), November 1998
RFC-2409, The Internet Key Exchange (IKE), November 1998
RFC-2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers, December
1998
RFC-2475, An Architecture for Differentiated Services, December 1998
RFC-2484, PPP LCP Internationalization Configuration Option, January 1999
RFC-2486, The Network Access Identifier (NAI), January 1999
RFC-2571, An Architecture for Describing SNMP Management Frameworks, April 1999
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
Supported Standards ▀
RFC-2572, Message Processing and Dispatching for the Simple Network Management Protocol (SNMP), April
1999
RFC-2573, SNMP Applications, April 1999
RFC-2574, User-based Security Model (USM) for version 3 of the Simple Network Management Protocol
(SNMPv3), April 1999
RFC-2597, Assured Forwarding PHB Group, June 1999
RFC2598 - Expedited Forwarding PHB, June 1999
RFC-2618, RADIUS Authentication Client MIB, June 1999
RFC-2620, RADIUS Accounting Client MIB, June 1999
RFC-2661, Layer Two Tunneling Protocol ―L2TP‖, August 1999
RFC-2697, A Single Rate Three Color Marker, September 1999
RFC-2698, A Two Rate Three Color Marker, September 1999
RFC-2784, Generic Routing Encapsulation (GRE) - March 2000, IETF
RFC-2794, Mobile IP Network Access Identifier Extension for IPv4, March 2000
RFC-2809, Implementation of L2TP Compulsory Tunneling via RADIUS, April 2000
RFC-2845, Secret Key Transaction Authentication for DNS (TSIG), May 2000
RFC-2865, Remote Authentication Dial In User Service (RADIUS), June 2000
RFC-2866, RADIUS Accounting, June 2000
RFC-2867, RADIUS Accounting Modifications for Tunnel Protocol Support, June 2000
RFC-2868, RADIUS Attributes for Tunnel Protocol Support, June 2000
RFC-2869, RADIUS Extensions, June 2000
RFC-3007, Secure Domain Name System (DNS) Dynamic Update, November 2000
RFC-3012, Mobile IPv4 Challenge/Response Extensions, November 2000
RFC-3095, Robust Header Compression (ROHC): Framework and four profiles: RTP, UDP, ESP and
uncompressed, July 2001
RFC-3101, OSPF NSSA Option, January 2003.
RFC-3141, CDMA2000 Wireless Data Requirements for AAA, June 2001
RFC-3143, Known HTTP Proxy/Caching Problems, June 2001
RFC-3193, Securing L2TP using IPSEC, November 2001
RFC-3241 Robust Header Compression (ROHC) over PPP, April 2002
RFC-3409, Lower Layer Guidelines for Robust (RTP/UDP/IP) Header Compression, December 2002
RFC-3519, NAT Traversal for Mobile IP, April 2003
RFC-3543, Registration Revocation in Mobile IPv4, August 2003
RFC 3576 - Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS), July
2003
RFC-3706, A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers, February 2004
RFC-3759, Robust Header Compression (ROHC): Terminology and Channel Mapping Examples, April 2004
RFC-3588, Diameter Based Protocol, September 2003
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
CDMA2000 Wireless Data Services
▀ Supported Standards
RFC-4005, Diameter Network Access Server Application, August 2005
RFC-4006, Diameter Credit-Control Application, August 2005
Draft, Generalized Key Distribution Extensions for Mobile IP
Draft, AAA Keys for Mobile IP
TIA and Other Standards
Telecommunications Industry Association (TIA) Standards
TIA/EIA/IS-835-A, CDMA2000 Wireless IP Network Standard, April 2001
TIA/EIA/IS-835-B, CDMA2000 Wireless IP Network Standard, October 2002
TIA/EIA/IS-835-C, CDMA2000 Wireless IP Network Standard, August 2003
TIA/EIA/IS-707-A-1, Data Service Options for Wideband Spread Spectrum Systems
TIA/EIA/IS-707-A.5 Packet Data Services
TIA/EIA/IS-707-A.9 High Speed Packet Data Services
TIA/EIA/IS-2000.5, Upper Layer (Layer 3) Signaling for CDMA2000 Spread Spectrum Systems
TIA/EIA/IS-2001, Interoperability Specifications (IOS) for CDMA2000 Access Network Interfaces
TIA/EIA/TSB100, Wireless Network Reference Model
TIA/EIA/TSB115, CDMA2000 Wireless IP Architecture Based on IETF Protocols
TIA/EIA J-STD-025 PN4465, TR-45 Lawfully Authorized Electronic Surveillance
Object Management Group (OMG) Standards
CORBA 2.6 Specification 01-09-35, Object Management Group
3GPP2 Standards
3GPP2 A.S0001-A v2: 3GPP2 Access Network Interfaces Interoperability Specification (also known as 3G-IOS
v4.1.1)
3GPP2 P.S0001-A-3: Wireless IP Network Standard
3GPP2 P.S0001-B: Wireless IP Network Standard
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
CDMA2000 Wireless Data Services
Supported Standards ▀
3GPP2 S.R0068: Link Layer Assisted Robust Header Compression
[9] 3GPP2 C.S0047-0: Link Layer Assisted Service Options for Voice-over-IP: Header Removal (SO60) and
Robust Header Compression (SO61)
3GPP2 A.S0008 v3.0 Interoperability Specification (IOS) for High Rate Packet Data (HRPD) Access Network
Interfaces
3GPP2 A.S0015-0 v2: Interoperability Specification (IOS) for CDMA2000 11 Access Network Interfaces —
Part 5 (A3 and A7 12 Interfaces) (Partial Support) (also know as 3G-IOSv4.2)
3GPP2 P.S0001-B V1.0.0 Wireless IP Network Standard October 25, 2002 (relating to MIP interactions with
IPSEC)
3GPP2 P.S0001 (TIA/EIA/IS-835-1) Version 1.0, Wireless IP Network Standard - December 10, 1999
3GPP2 P.R0001 (TSB115) Version 1.0.0, Wireless IP: Architecture Based on IETF Protocols - July 14, 2000
3GPP2 3GPP2 X.S0011-005-C Version: 1.0.0, CDMA2000 Wireless IP Network Standard: Accounting Services
and 3GPP2 RADIUS VSAs - August 2003
3GPP2 X.S0011-006-C Version: 1.0.0, CDMA2000 Wireless IP Network Standard: PrePaid Packet Data Service
- Date: August 2003
3GPP2 TSGA A.S0013-c v0.4 Interoperability Specification (IOS) for CDMA2000 June 2004
3GPP2 TSG-A A.S.0017-C baseline Interoperability Specification (IOS) for CDMA2000 Access Network
Interfaces - Part 7(A10 and A11 Interfaces) (IOS v5.0 baseline) June 2004
3GPP2 A.S0012-D Segmentation for GRE January, 2005
Inter-operability Specification (IOS) for CDMA2000 Access Network Interfaces
3GPP2 X.S0011-005-D Accounting Services and 3GPP2 RADIUS VSAs, February 2006
3GPP2 TSG-X (PSN) X.P0013-014-0, Service Based Bearer Control – Ty Interface Stage-3
IEEE Standards
802.1Q VLAN Standard
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Chapter 11
GGSN Support in GPRS/UMTS Wireless Data Services
The ST16 and Cisco® ASR 5000 chassis provides wireless carriers with a flexible solution that functions as a Gateway
GPRS Support Node (GGSN) in General Packet Radio Service (GPRS) or Universal Mobile Telecommunications
System (UMTS) wireless data networks.
This overview provides general information about the GGSN including:
Product Description
Product Specification
Network Deployment and Interfaces
Features and Functionality - Base Software
Features and Functionality - Optional Enhanced Feature Software
How GGSN Works
Supported Standards
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Product Description
Product Description
The GGSN works in conjunction with Serving GPRS Support Nodes (SGSNs) within the network to perform the
following functions:
Establish and maintain subscriber Internet Protocol (IP) or Point-to-Point Protocol (PPP) type Packet Data
Protocol (PDP) contexts originated by either the mobile or the network
Provide charging detail records (CDRs) to the charging gateway (CG, also known as the Charging Gateway
Function (CGF))
Route data traffic between the subscriber‘s Mobile Station (MS) and a Packet Data Networks (PDNs) such as the
Internet or an intranet
PDNs are associated with Access Point Names (APNs) configured on the system. Each APN consists of a set of
parameters that dictate how subscriber authentication and IP address assignment is to be handled for that APN.
In addition, to providing basic GGSN functionality as described above, the system can be configured to support Mobile
IP and/or Proxy Mobile IP data applications in order to provide mobility for subscriber IP PDP contexts. When
supporting these services, the system can be configured to either function as a GGSN and Foreign Agent (FA), a standalone Home Agent (HA), or a GGSN, FA, and HA simultaneously within the carrier's network.
Figure 100.
Basic GPRS/UMTS Network Topology
In accordance with RFC 2002, the FA is responsible for mobile node registration with, and the tunneling of data traffic
to/from the subscriber‘s home network. The HA is also responsible for tunneling traffic, but also maintains subscriber
location information in Mobility Binding Records (MBRs).
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Product Specification ▀
Product Specification
This section describes the hardware and software requirement for GGSN service.
The following information is located in this section:
Licenses
Hardware Requirements
Operating System Requirements
Licenses
The GGSN is a licensed product. A session use license key must be acquired and installed to use the GGSN service.
The following licenses are available for this product:
GGSN Software License, 10K Sessions 600-00-7544
GGSN Software License, 1K Sessions 600-00-7545
Apart from base software license, GGSN requires feature licenses for various enhanced features supported on ST16 and
ASR 5000 platform in GGSN service. The following table lists the supported licensed feature and required license part
number for enhanced licensed features supported with this product:
Important: For more information on requirement of licenses for optional enhanced features, refer to Features and
Functionality - Optional Enhanced Feature Software section.
Hardware Requirements
Information in this section describes the hardware required to enable the GGSN service.
ST16 Platform System Hardware Components
The following application and line cards are required to support GPRS/UMTS wireless data services on the system:
Switch Processor Cards (SPCs): Provides full system control and management of all cards within the ST16
platform. Up to two SPCs can be installed; one active, one redundant.
Packet Accelerator Cards (PACs): Provides high-speed, multi-threaded PDP context processing capabilities
for GGSN services. Up to 14 PACs can be installed, allowing for multiple active and/or redundant cards.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Product Specification
Switch Processor Input/Outputs (SPIOs): Installed in the upper-rear chassis slots directly behind the SPCs,
SPIOs provide connectivity for local and remote management, Central Office (CO) alarms. Up to two SPIOs
can be installed; one active, one redundant.
Ethernet 10/100 and/or Ethernet 1000: Installed directly behind PACs, these cards provide the physical
interfaces to elements in the GPRS/UMTS data network. Up to 26 line cards should be installed for a fully
loaded system with 13 active PSCs, 13 in the upper-rear slots and 13 in the lower-rear slots for redundancy.
Redundant PSCs do not require line cards.
Important: PACs are available with either 4GB or 8GB of memory. All PACs in a system
must be of the same memory capacity.
Redundancy Crossbar Cards (RCCs): Installed in the lower-rear chassis slots directly behind the SMCs, RCCs
utilize 5 Gbps serial links to ensure connectivity between Ethernet 10/100 or Ethernet 1000 line cards/QGLCs
and every packet processing card in the system for redundancy. Two RCCs can be installed to provide
redundancy for all line cards and packet processing cards.
ASR 5000 Platform System Hardware Components
The following application and line cards are required to support GPRS/UMTS wireless data services on the system:
System Management Cards (SMCs): Provides full system control and management of all cards within the ASR
5000 platform. Up to two SMC can be installed; one active, one redundant.
Packet Processing Cards (PSCs/PSC2s/PPCs):In the ASR 5000 platform, packet processing cards provide
high-speed, multi-threaded PDP context processing capabilities for GGSN services. Up to 14 packet processing
cards can be installed, allowing for multiple active and/or redundant cards.
Switch Processor Input/Outputs (SPIO): Installed in the upper-rear chassis slots directly behind the SMCs,
SPIOs provide connectivity for local and remote management, central office (CO) alarms. Up to two SPIOs
can be installed; one active, one redundant.
Line Cards: The following rear-loaded line cards are currently supported by the system:
Ethernet 10/100 and/or Ethernet 1000 Line Cards: Installed directly behind packet processing cards,
these cards provide the physical interfaces to elements in the LTE/SAE network. Up to 26 line cards
should be installed for a fully loaded system with 13 active packet processing cards, 13 in the upperrear slots and 13 in the lower-rear slots for redundancy. Redundant packet processing cards do not
require line cards.
Quad Gig-E Line Cards (QGLCs): The 4-port Gigabit Ethernet line card is used in the ASR 5000
system only and is commonly referred to as the Quad-GigE Line Card or the QGLC. The QGLC is
installed directly behind its associated packet processing card to provide network connectivity to the
packet data network.
10 Gig-E Line Cards (XGLCs): The 10 Gigabit Ethernet Line Card is used in the ASR 5000 system
only and is commonly referred to as the XGLC. The XGLC supports higher speed connections to
packet core equipment, increases effective throughput between the ASR 5000 and the packet core
network, and reduces the number of physical ports needed on the ASR 5000.
The one-port XGLC supports the IEEE 802.3-2005 revision which defines full duplex operation of 10
Gigabit Ethernet.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Product Specification ▀
The XGLC is configured and monitored via the System Management Card (SMC) over the system‘s
control bus. Both SMCs must be active to maintain maximum forwarding rates.
Redundancy Crossbar Cards (RCCs): Installed in the lower-rear chassis slots directly behind the SMCs, RCCs
utilize 5 Gbps serial links to ensure connectivity between Ethernet 10/100 or Ethernet 1000 line cards/QGLCs
and every packet processing card in the system for redundancy. Two RCCs can be installed to provide
redundancy for all line cards and packet processing cards.
Important: Additional information pertaining to each of the application and line cards required to support
GPRS/UMTS wireless data services is located in the Hardware Platform Overview chapter of the Product Overview
Guide.
Operating System Requirements
The GGSN is available for ST16 and ASR 5000 chassis running StarOS™ Release 7.1 or later.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Network Deployment and Interfaces
Network Deployment and Interfaces
This section describes the supported interfaces and deployment scenario of GGSN in GPRS/UMPS network.
The following information is provided in this section:
GGSN in the GPRSUMTS Data Network
Supported Interfaces
GGSN in the GPRS/UMTS Data Network
The figures that follow display simplified network views of the GGSN in a GPRS/UMTS network and the system
supporting Mobile IP and Proxy Mobile IP function both the GGSN/Foreign Agent (FA) and GGSN/FA/Home Agent
(HA) combinations respectively.
Figure 101. Basic GPRS/UMTS Network Topology
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Network Deployment and Interfaces ▀
Figure 102. Combined GGSN/FA Deployment for Mobile IP and/or Proxy Mobile IP Support
Figure 103. Combined GGSN/FA/HA Deployment for Mobile IP and/or Proxy Mobile IP Support
Supported Interfaces
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Network Deployment and Interfaces
In support of both mobile and network originated subscriber PDP contexts, the system GGSN provides the following
network interfaces:
Gn: This is the interface used by the GGSN to communicate with SGSNs on the same GPRS/UMTS Public
Land Mobile Network (PLMN). This interface serves as both the signaling and data path for establishing and
maintaining subscriber PDP contexts.
The GGSN communicates with SGSNs on the PLMN using the GPRS Tunnelling Protocol (GTP). The
signaling or control aspect of this protocol is referred to as the GTP Control Plane (GTPC) while the
encapsulated user data traffic is referred to as the GTP User Plane (GTPU).
One or more Gn interfaces can be configured per system context.
Ga: This is the interface used by the GGSN to communicate with the Charging Gateway (CG). The charging
gateway is responsible for sending GGSN Charging Data Records (G-CDRs) received from the GGSN for each
PDP context to the billing system. System supports TCP and UDP as transport layer for this interface.
The GGSN communicates with the CGs on the PLMN using GTP Prime (GTPP).
One or more Ga interfaces can be configured per system context.
Gc: This is the interface used by the GGSN to communicate with the Home Location Register (HLR) via a GTPto-MAP (Mobile Application Part) protocol convertor. This interface is used for network initiated PDP
contexts.
For network initiated PDP contexts, the GGSN will communicate with the protocol convertor using GTP. The
convertor, in turn, will communicate with the HLR using MAP over Signaling System 7 (SS7).
One Gc interface can be configured per system context.
Gi: This is the interface used by the GGSN to communicate with Packet Data Networks (PDNs) external to the
PLMN. Examples of PDNs are the Internet or corporate intranets.
Inbound packets received on this interface could initiate a network requested PDP context if the intended MS is
not currently connected.
For systems configured as a GGSN/FA, this interface is used to communicate with HAs for Mobile IP and
Proxy Mobile IP support.
One or more Gi interfaces can be configured per system context. For Mobile IP and Proxy Mobile IP, at least
one Gi interface must be configured for each configured FA service. Note that when the system is
simultaneously supporting GGSN, FA, and HA services, traffic that would otherwise be routed over the Gi
interface is routed inside the chassis.
Gp: This is the interface used by the GGSN to communicate with GPRS Support Nodes (GSNs, e.g. GGSNs
and/or SGSNs) on different PLMNs. Within the system, a single interface can serve as both a Gn and a Gp
interface.
One or more Gn/Gp interfaces can be configured per system context.
AAA: This is the interface used by the GGSN to communicate with an authorization, authentication, and
accounting (AAA) server on the network. The system GGSN communicates with the AAA server using the
Remote Authentication Dial In User Service (RADIUS) protocol.
This is an optional interface that can be used by the GGSN for subscriber PDP context authentication and
accounting.
DHCP: This is the interface used by the GGSN to communicate with a Dynamic Host Control Protocol (DHCP)
Server. The system can be configured as DHCP-Proxy or DHCP Client to provide IP addresses to MS on PDP
contexts activation the DHCP server dynamically.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Network Deployment and Interfaces ▀
Gx: This is an optional Diameter protocol-based interface over which the GGSN communicates with a Charging
Rule Function (CRF) for the provisioning of charging rules that are based on the dynamic analysis of flows
used for an IP Multimedia Subsystem (IMS) session. The system provides enhanced support for use of Service
Based Local Policy (SBLP) to provision and control the resources used by the IMS subscriber. It also provides
Flow based Charging (FBC) mechanism to charge the subscriber dynamically based on content usage.
Important: The Gx interface is a license-enabled support. For more information on this
support, refer Gx Interface Support in Features and Functionality - Optional Enhanced Feature
Software section.
Gy: This is an optional Diameter protocol-based interface over which the GGSN communicates with a Charging
Trigger Function (CTF) server that provides online charging data. Gy interface support provides an online
charging interface that works with the ECS deep packet inspection feature. With Gy, customer traffic can be
gated and billed in an ―online‖ or ―prepaid‖ style. Both time- and volume-based charging models are
supported. In all of these models, differentiated rates can be applied to different services based on shallow or
deep packet inspection.
Important: This interface is supported through Enhanced Charging Service. For more
information on this support, refer Enhanced Charging Service Administration Guide.
GRE: This new protocol interface in GGSN platform adds one additional protocol to support mobile users to
connect to their enterprise networks: Generic Routing Encapsulation (GRE). GRE Tunneling is a common
technique to enable multi-protocol local networks over a single-protocol backbone, to connect non-contiguous
networks and allow virtual private networks across WANs. This mechanism encapsulates data packets from
one protocol inside a different protocol and transports the data packets unchanged across a foreign network. It
is important to note that GRE tunneling does not provide security to the encapsulated protocol, as there is no
encryption involved (like IPSEC offers, for example).
Important: The GRE protocol interface is a license-enabled support. For more information on
this support, refer GRE Protocol Interface Support in Features and Functionality - Optional
Enhanced Feature Software section.
Important: GGSN Software also supports additional interfaces. For more information on additional interfaces,
refer Features and Functionality - Optional Enhanced Feature Software section.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Features and Functionality - Base Software
Features and Functionality - Base Software
This section describes the features and functions supported by default in base software on GGSN service and do not
require any additional licenses.
Important: To configure the basic service and functionality on the system for GGSN service, refer configuration
examples provide in the GGSN Administration Guide.
This section describes following features:
16,000 SGSN Support
AAA Server Groups
Access Control List Support
ANSI T1.276 Compliance
APN Support
Bulk Statistics Support
Direct Tunnel Support
DHCP Support
DSCP Marking
Generic Corporate APN
GTPP Support
Host Route Advertisement
IP Policy Forwarding
IP Header Compression - Van Jacobson
Management System Overview
Overlapping IP Address Pool Support
Per APN Configuration to Swap out Gn to Gi APN in CDRs
Port Insensitive Rule for Enhanced Charging Service
Quality of Service Support
RADIUS Support
PDP Context Support
RADIUS VLAN Support
Routing Protocol Support
Support of Charging Characteristics Provided by AAA Server
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Features and Functionality - Base Software ▀
Support of all GGSN generated causes for partial G-CDR closure
Threshold Crossing Alerts (TCA) Support
16,000 SGSN Support
With growing roaming agreements, many more GPRS/UMTS networks support certain APNs and therefore the number
of SGSNs that could connect to the GGSN increases. This feature increases the number of connected SGSNs thereby
allowing a single GGSN service to support a much larger roaming network.
The GGSN service supports a maximum of 16,000 SGSN IP addresses. The chassis limit for bulk statistics collection is
also limit to 16,000. No change in configuration is needed to support this feature.
AAA Server Groups
Value-added feature to enable VPN service provisioning for enterprise or MVNO customers. Enables each corporate
customer to maintain its own AAA servers with its own unique configurable parameters and custom dictionaries.
This feature provides support for up to 800 AAA (RADIUS and Diameter) server groups and 800 NAS IP addresses that
can be provisioned within a single context or across the entire chassis. A total of 128 servers can be assigned to an
individual server group. Up to 1,600 accounting, authentication and/or mediation servers are supported per chassis and
may be distributed across a maximum of 1,000 APNs. This feature also enables the AAA servers to be distributed across
multiple APN within the same context.
Important:
Due to additional memory requirements, this service can only be used with 8GB minimum packet
processing cards.
Important:
For more information on AAA Server Group configuration, refer AAA Interface Administration and
Reference.
Access Control List Support
Access Control Lists provide a mechanism for controlling (i.e permitting, denying, redirecting, etc.) packets in and out
of the system.
IP access lists, or Access Control Lists (ACLs) as they are commonly referred to, are used to control the flow of packets
into and out of the system. They are configured on a per-context basis and consist of ―rules‖ (ACL rules) or filters that
control the action taken on packets that match the filter criteria
Once configured, an ACL can be applied to any of the following:
An individual interface
All traffic facilitated by a context (known as a policy ACL)
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Features and Functionality - Base Software
An individual subscriber
All subscriber sessions facilitated by a specific context
There are two primary components of an ACL:
Rule: A single ACL consists of one or more ACL rules. As discussed earlier, the rule is a filter configured to
take a specific action on packets matching specific criteria. Up to 128 rules can be configured per ACL.
Each rule specifies the action to take when a packet matches the specifies criteria. This section discusses the
rule actions and criteria supported by the system.
Rule Order: A single ACL can consist of multiple rules. Each packet is compared against each of the ACL rules,
in the order in which they were entered, until a match is found. Once a match is identified, all subsequent rules
are ignored.
Important: For more information on Access Control List configuration, refer IP Access Control List chapter in
System Enhanced Feature Configuration Guide.
ANSI T1.276 Compliance
ANSI T1.276 specifies security measures for Network Elements (NE). In particular it specifies guidelines for password
strength, storage, and maintenance security measures.
ANSI T1.276 specifies several measures for password security.
These measures include:
Password strength guidelines
Password storage guidelines for network elements
Password maintenance, e.g. periodic forced password changes
These measures are applicable to the ST16 and ASR 5000 and the Web Element Manager since both require password
authentication. A subset of these guidelines where applicable to each platform will be implemented. A known subset of
guidelines, such as certificate authentication, are not applicable to either product. Furthermore, the platforms support a
variety of authentication methods such as RADIUS and SSH which are dependent on external elements. ANSI T1.276
compliance in such cases will be the domain of the external element. ANSI T1.276 guidelines will only be implemented
for locally configured operators.
APN Support
The GGSN's Access Point Name (APN) support offers several benefits:
Extensive parameter configuration flexibility for the APN.
Creation of subscriber tiers for individual subscribers or sets of subscribers within the APN.
Virtual APNs to allow differentiated services within a single APN.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Features and Functionality - Base Software ▀
Up to 1024 APNs can be configured in the GGSN. An APN may be configured for any type of PDP context, i.e., PPP,
IPv4, IPv6 or both IPv4 and IPv6. Many dozens of parameters may be configured independently for each APN.
Here are a few highlights of what may be configured:
Accounting: RADIUS, GTPP or none. Server group to use. Charging characteristics. Interface with mediation
servers.
Authentication: Protocol, such as, CHAP or PAP or none. Default username/password. Server group to use.
Limit for number of PDP contexts.
Enhanced Charging: Name of rulebase to use, which holds the enhanced charging configuration (e.g., eG-CDR
variations, charging rules, prepaid/postpaid options, etc.).
IP: Method for IP address allocation (e.g., local allocation by GGSN, Mobile IP, DHCP, DHCP relay, etc.). IP
address ranges, with or without overlapping ranges across APNs.
Tunneling: PPP may be tunneled with L2TP. IPv4 may be tunneled with GRE, IP-in-IP or L2TP. Loadbalancing across multiple tunnels. IPv6 is tunneled in IPv4. Additional tunneling techniques, such as, IPsec and
VLAN tagging may be selected by the APN, but are configured in the GGSN independently from the APN.
QoS: IPv4 header ToS handling. Traffic rate limits for different 3GPP traffic classes. Mapping of R98 QoS
attributes to work around particular handset defections. Dynamic QoS renegotiation (described elsewhere).
After an APN is determined by the GGSN, the subscriber may be authenticated/authorized with an AAA server. The
GGSN allows the AAA server to return VSAs (Vendor Specific Attributes) that override any/all of the APN
configuration. This allows different subscriber tier profiles to be configured in the AAA server, and passed to the GGSN
during subscriber authentication/authorization.
The GGSN's Virtual APN feature allows the carrier to use a single APN to configure differentiated services. The APN
that is supplied by the SGSN is evaluated by the GGSN in conjunction with multiple configurable parameters. Then the
GGSN selects an APN configuration based on the supplied APN and those configurable parameters. The configurable
parameters are the subscriber's mcc/mnc, whether the subscriber is home/visiting/roaming, the subscriber's domain
name and the IP address/range of the SGSN.
Important:
For more information on APN configuration, refer APN Configuration in GGSN Service
Configuration.
Bulk Statistics Support
The system's support for bulk statistics allows operators to choose to view not only statistics that are of importance to
them, but also to configure the format in which it is presented. This simplifies the post-processing of statistical data
since it can be formatted to be parsed by external, back-end processors.
When used in conjunction with the Web Element Manager, the data can be parsed, archived, and graphed.
The system can be configured to collect bulk statistics (performance data) and send them to a collection server (called a
receiver). Bulk statistics are statistics that are collected in a group. The individual statistics are grouped by schema.
The following schemas are supported for GGSN service:
System: Provides system-level statistics
Card: Provides card-level statistics
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Features and Functionality - Base Software
Port: Provides port-level statistics
FA: Provides FA service statistics
HA: Provides HA service statistics
IP Pool: Provides IP pool statistics
PPP: Provides Point-to-Point Protocol statistics
GTPC: Provides GPRS Tunneling Protocol - Control message statistics
GTPP: Provides GPRS Tunneling Protocol - Prime message statistics
APN: Provides Access Point Name statistics
RADIUS: Provides per-RADIUS server statistics
ECS: Provides Enhanced Charging Service Statistics
The system supports the configuration of up to 4 sets (primary/secondary) of receivers. Each set can be configured with
to collect specific sets of statistics from the various schemas. Statistics can be pulled manually from the system or sent
at configured intervals. The bulk statistics are stored on the receiver(s) in files.
The format of the bulk statistic data files can be configured by the user. Users can specify the format of the file name,
file headers, and/or footers to include information such as the date, system host name, system uptime, the IP address of
the system generating the statistics (available for only for headers and footers), and/or the time that the file was
generated.
When the Web Element Manager is used as the receiver, it is capable of further processing the statistics data through
XML parsing, archiving, and graphing.
The Bulk Statistics Server component of the Web Element Manager parses collected statistics and stores the information
in the PostgreSQL database. If XML file generation and transfer is required, this element generates the XML output and
can send it to a Northbound NMS or an alternate bulk statistics server for further processing.
Additionally, if archiving of the collected statistics is desired, the Bulk Statistics server writes the files to an alternative
directory on the server. A specific directory can be configured by the administrative user or the default directory can be
used. Regardless, the directory can be on a local file system or on an NFS-mounted file system on the Web Element
Manager server.
Direct Tunnel Support
Direct tunnel improves the user experience (e.g. expedited web page delivery, reduced round trip delay for
conversational services, etc.) by eliminating SGSN tunnel ‗switching‘ latency from the user plane. An additional
advantage of Direct Tunnel from an operational and capital expenditure perspective is that direct tunnel optimizes the
usage of user plane resources by removing the requirement for user plane processing on the SGSN.
The Direct Tunnel architecture allows the establishment of a direct user plane tunnel between the RAN and the GGSN,
bypassing the SGSN. The SGSN continues to handle the control plane signalling and typical makes the decision to
establish Direct Tunnel at PDP Context Activation. A Direct Tunnel is achieved at PDP context activation by the SGSN
establishing a user plane (GTP-U) tunnel directly between RNC and GGSN (using an Update PDP Context Request
towards the GGSN).
The following figure illustrates the working of Direct Tunnel between RNC and GGSN.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Features and Functionality - Base Software ▀
Figure 104.
Direct Tunnel Support in GGSN
A major consequence of deploying Direct Tunnel is that it produces a significant increase in control plane load on both
the SGSN and GGSN components of the packet core. It is therefore of paramount importance to a wireless operator to
ensure that the deployed GGSNs are capable of handling the additional control plane loads introduced of part of Direct
Tunnel deployment. The Cisco GGSN and SGSN offers massive control plane transaction capabilities, ensuring system
control plane capacity will not be a capacity limiting factor once Direct Tunnel is deployed.
DHCP Support
Dynamic IP address assignment to subscriber IP PDP contexts using the Dynamic Host Control Protocol as defined by
the following standards:
RFC 2131, Dynamic Host Configuration Protocol
RFC 2132, DHCP Options and BOOTP Vendor Extensions
As described in the PDP Context Support section of this document, the method by which IP addresses are assigned to a
PDP context is configured on an APN-by-APN basis. Each APN template dictates whether it will support static or
dynamic addresses.
Dynamically assigned IP addresses for subscriber PDP contexts can be assigned through the use of DHCP.
The system can be configured to support DHCP using either of the following mechanisms:
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Features and Functionality - Base Software
DHCP-proxy: The system acts as a proxy for client (MS) and initiates the DHCP Discovery Request on behalf
of client (MS). Once it receives an allocated IP address from DHCP server in response to DHCP Discovery
Request, it assigns the received IP address to the MS. This allocated address must be matched with the an
address configured in an IP address pool on the system. This complete procedure is not visible to MS.
DHCP-relay: The system acts as a relay for client (MS) and forwards the DHCP Discovery Request received
from client (MS). Once it receives an allocated IP address from DHCP server in response to DHCP Discovery
Request, it assigns the received IP address to the MS.
Important: For more information on DHCP service configuration, refer DHCP Configuration section in GGSN
Service Configuration chapter.
DSCP Marking
Provides support for more granular configuration of DSCP marking.
For different Traffic class, the GGSN supports per-GGSN service and per-APN configurable DSCP marking for Uplink
and Downlink direction based on Allocation/Retention Priority in addition to the current priorities.
Generic Corporate APN
Any operator may not be aware of the IP address that a corporation may assign to subscribers through AAA or DHCP
and the traffic is sent from the GGSN to the corporation over a tunnel, this feature allows the operator to terminate such
users.
Normally the GGSN validates the IP address assigned by RADIUS, however this feature removes the need for this, but
does assume that the subscriber traffic is forwarded out of the GGSN through a tunnel.
When the IP address is statically assigned, i.e., either MS provided, RADIUS provided or DHCP provided, the IP
address validation is not performed if the address policy is set to disable address validation.
ACL and Policy Group Info processing would still be performed.
Additionally, there is support for Virtual APN selection based on RADIUS VSA returned during Authentication.
The existing Virtual APN selection mechanism is being enhanced to select the Virtual APN based on RADIUS VSA
returned during authentication.
The selected V-APN may further require AAA authentication (and accounting) with its own servers.
GTPP Support
Support for the GPRS Tunnelling Protocol Prime (GTPP) in accordance with the following standards:
3GPP TS 32.015 v3.12.0 (2003-12): 3rd Generation Partnership project; Technical Specification Group Services
and System Aspects; Telecommunication Management; Charging and billing; GSM call and event data for the
Packet Switched (PS) domain (Release 1999) for support of Charging on GGSN
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Features and Functionality - Base Software ▀
3GPP TS 32.215 v5.9.0 (2005-06): 3rd Generation Partnership Project; Technical Specification Group Services
and System Aspects; Telecommunication management; Charging management; Charging data description for
the Packet Switched (PS) domain (Release 4)
3GPP TS 29.060 v7.9.0 (2008-09): Technical Specification; 3rd Generation Partnership Project; Technical
Specification Group Core Network; General Packet Radio Service (GPRS); GPRS Tunnelling Protocol (GTP)
across the Gn and Gp interface (Release 6)
The system supports the use of GTPP for PDP context accounting. When the GTPP protocol is used, accounting
messages are sent to the Charging Gateways (CGs) over the Ga interface. The Ga interface and GTPP functionality are
typically configured within the system's source context. As specified by the standards, a CDR is not generated when a
session starts. CDRs are generated according to the interim triggers configured using the charging characteristics
configured for the GGSN, and a CDR is generated when the session ends. For interim accounting, STOP/START pairs
are sent based on configured triggers.
GTPP version 2 is always used. However, if version 2 is not supported by the CGF, the system reverts to using GTPP
version 1. All subsequent CDRs are always fully-qualified partial CDRs. All CDR fields are R4.
Whether or not the GGSN accepts charging characteristics from the SGSN can be configured on a per-APN basis based
on whether the subscriber is visiting, roaming or, home.
By default, the GGSN always accepts the charging characteristics from the SGSN. They must always be provided by the
SGSN for GTPv1 requests for primary PDP contexts. If they are not provided for secondary PDP contexts, the GGSN
re-uses those from the primary.
If the system is configured to reject the charging characteristics from the SGSN, the GGSN can be configured with its
own that can be applied based on the subscriber type (visiting, roaming, or home) at the APN level. GGSN charging
characteristics consist of a profile index and behavior settings. The profile indexes specify the criteria for closing
accounting records based specific criteria.
Important: For more information on GTPP group configuration, refer GTPP Accounting Configuration in GGSN
Service Configurationchapter.
Host Route Advertisement
When subscribers are assigned IP addresses from RADIUS or HLR, yet are allowed to connect to multiple GGSNs
through the use of DNS round robin or failover, the IP addresses of the subscribers can be advertised on a per user (host)
basis to the Gi network using dynamic routing, thereby providing IP reachability to these users.
IP address pools are configured on the GGSN for many reasons, although one of them is so that the pool subnets can be
automatically advertised to the network. These are connected routes and are advertised for all non-tunneling pools.
A configuration
is provided to the IP pool configuration and when this option is
enabled, the subnet(s) of the pool are not added to routing table and routing protocols like OSPF and BGP do not know
of these addresses and hence do not advertise the subnet(s).
As calls come up, and addresses from this pool (with the ―explicit-route-advertise‖ flag) are used, the assigned addresses
are added to the routing table and these addresses can be advertised by OSPF or BGP through the network or the
―redistribute connected‖ command.
Example
A subscriber connecting to GGSN A with an IP address from a pool P1 will be assigned the IP address and the routing
domain will be updated with the host route. When a subscriber connects to GGSN B with an IP address from the same
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Features and Functionality - Base Software
pool, the subscriber will be assigned the requested IP address and the routing domain will then learn its host route.
When the subscriber disconnects, the route is removed from the routing table and the routing domain is updated.
The explicit-route-advertise option can be applied and removed from the pool at any time and the routing tables are
updated automatically.
The overlap and resource pool behavior does not change therefore it does not make sense to configure an
overlap/resource pool with the ―explicit-route-advertise‖ option.
IP Policy Forwarding
IP Policy Forwarding enables the routing of subscriber data traffic to specific destinations based on configuration. This
functionality can be implemented in support of enterprise-specific applications (i.e. routing traffic to specific enterprise
domains) or for routing traffic to back-end servers for additional processing.
The system can be configured to automatically forward data packets to a predetermined network destination. This can
be done in one of three ways:
IP Pool-based Next Hop Forwarding - Forwards data packets based on the IP pool from which a subscriber
obtains an IP address.
ACL-based Policy Forwarding - Forwards data packets based on policies defined in Access Control Lists
(ACLs) and applied to contexts or interfaces.
Subscriber specific Next Hop Forwarding - Forwards all packets for a specific subscriber.
The simplest way to forward subscriber data is to use IP Pool-based Next Hop Forwarding. An IP pool is configured
with the address of a next hop gateway and data packets from all subscribers using the IP pool are forward to that
gateway.
Subscriber Next Hop forwarding is also very simple. In the subscriber configuration a nexthop forwarding address is
specified and all data packets for that subscriber are forwarded to the specified nexthop destination.
ACL-based Policy Forwarding gives you more control on redirecting data packets. By configuring an Access Control
List (ACL) you can forward data packets from a context or an interface by different criteria, such as; source or
destination IP address, ICMP type, or TCP/UDP port numbers.
ACLs are applied first. If ACL-based Policy Forwarding and Pool-based Next Hop Forwarding or Subscriber are
configured, data packets are first redirected as defined in the ACL, then all remaining data packets are redirected to the
next hop gateway defined by the IP pool or subscriber profile.
Important: For more information on IP Policy Forwarding configuration, refer Policy Forwarding chapter in
System Enhanced Feature Configuration Guide.
IP Header Compression - Van Jacobson
Implementing IP header compression provides the following benefits:
Improves interactive response time
Allows the use of small packets for bulk data with good line efficiency
Allows the use of small packets for delay sensitive low data-rate traffic
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Features and Functionality - Base Software ▀
Decreases header overhead
Reduces packet loss rate over lossy links
The system supports the Van Jacobson (VJ) IP header compression algorithms by default for subscriber traffic.
The VJ header compression is supported as per RFC 1144 (CTCP) header compression standard developed by V.
Jacobson in 1990. It is commonly known as VJ compression. It describes a basic method for compressing the headers of
IPv4/TCP packets to improve performance over low speed serial links.
By default IP header compression using the VJ algorithm is enabled for subscribers. You can also turn off IP header
compression for a subscriber.
Important: For more information on IP header compression support, refer IP Header Compression chapter in
System Enhanced Feature Configuration Guide.
IPv6 Support
Native IPv6 support allows for the configuration of interfaces/routes with IPv6 (128 bit) addressing. The increased
address space allows for future subscriber growth beyond what is currently possible in IPv4. Native IPv6 support on the
Gi interface allows support for packets coming from or destined to a mobile over the Gi interface. IPv6 address
assignment is supported from a dynamic or static pool via standard 3GPP attributes. The GGSN can communicate using
DIAMETER as the transport protocol for Gx to the AAA. Overlapping address space or resource pools are supported if
they are in different VPNs. The VPN subsystem is responsible for the configuration and recovery of IP interfaces and
routes. IP resources are grouped into separate routing domains know as contexts. The VPN subsystem creates and
maintains each context and the resources associated with them. The existing IPv4 model of interface and route
notification will be extended to support IPv6.
This feature allows IPv6 subscribers to connect via the GPRS/UMTS infrastructure in accordance with the following
standards:
RFC 2460: Internet Protocol, Version 6 (IPv6) Specification
RFC 2461: Neighbor Discovery for IPv6
RFC 2462: IPv6 Stateless Address Autoconfiguration
RFC 3314: Recommendations for IPv6 in 3GPP Standards
RFC 3316: Internet Protocol Version 6 (IPv6) for Some Second and Third Generation Cellular Hosts
RFC 3056: Connection of IPv6 domains via IPv4 clouds
3GPP TS 23.060: General Packet Radio Service (GPRS) Service description
3GPP TS 27.060: Mobile Station Supporting Packet Switched Services
3GPP TS 29.061: Interworking between the Public Land Mobile Network (PLMN) supporting Packet Based
Services and Packet Data Networks (PDN)
IP version 6 is enhanced version of IP version 4 with following modifications:
Expanded addressing capabilities with 128 bit for address as compared to 32 bits in IPv4.
Header format simplification
Improved support of extensions and options
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Features and Functionality - Base Software
Flow labeling capability
Authentication and Privacy capabilities
IPv6 Neighbor Discovery protocol is used to dynamically discover the directly attached devices on IPv6 Interfaces. It
facilitates the mapping of MAC addresses to IPv6 Addresses. The GGSN supports a subset of IPv6 Neighbor Discovery
as defined by RFC 2461, including the following:
The GGSN uses IPv6 Neighbor Discovery to learn the Ethernet link-layer addresses of the directly connected
next-hop gateway.
The GGSN supports configuration of the static IPv6 neighbor (next-hop gateway).
Link-local addresses will be automatically added to Ethernet type interfaces.
The GGSN performs Unsolicited Neighbor Advertisement on line card switchover.
The GGSN will reply to neighbor discovery requests for the node's IPv6 addresses.
ICMPv6 is a protocol for IPv6 networks to allow error reporting and check connectivity via echo messages. The GGSN
supports a subset of ICMPv6 as defined by [RFC-4443]. The GGSN replies to the link-local, configured IP address, and
the all-hosts IP address.
Native IPv6 Routing allows the forwarding of IPv6 packets between IPv6 Networks. The forwarding lookup is based on
a longest prefix match of the destination IPv6 address. The GGSN supports configuration of IPv6 routes to directly
attached next hops via an IPv6 Interface.
Important: Native IPv6 is only available on the ASR 5000 or higher platform. In Release 9.0 Native IPv6 is
available on the GGSN.
Management System Overview
The system's management capabilities are designed around the Telecommunications Management Network (TMN)
model for management -- focusing on providing superior quality Network Element (NE) and element management
system (Web Element Manager) functions. The system provides element management applications that can easily be
integrated, using standards-based protocols (CORBA and SNMPv1, v2), into higher-level management systems -giving wireless operators the ability to integrate the system into their overall network, service, and business
management systems. In addition, all management is performed out-of-band for security and to maintain system
performance.
The Operation and Maintenance module of ST16 and ASR 5000 offers comprehensive management capabilities to the
operators and enables them to operate the system more efficiently. There are multiple ways to manage the system either
locally or remotely using its out-of-band management interfaces.
These include:
Using the Command Line Interface (CLI)
Remote login using Telnet, and Secure Shell (SSH) access to CLI through SPIO card's Ethernet management
interfaces
Local login through the Console port on SPIO card using an RS-232 serial connection
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Features and Functionality - Base Software ▀
Using the Web Element Manager application
Supports communications through 10 Base-T, 100 Base-TX, 1000 Base-TX, or 1000
Base-SX (optical gigabit Ethernet) Ethernet management interfaces on the SPIO
Client-Server model supports any browser (i.e. Microsoft Internet Explorer v5.0 and above or Netscape v4.7 or
above, and others)
Supports Common Object Request Broker Architecture (CORBA) protocol and Simple Network Management
Protocol version 1 (SNMPv1) for fault management
Provides complete Fault, Configuration, Accounting, Performance, and Security (FCAPS) capabilities
Can be easily integrated with higher-level network, service, and business layer applications using the Object
Management Group's (OMG‘s) Interface Definition Language (IDL)
The following figure demonstrates these various element management options and how they can be utilized within the
wireless carrier network.
Figure 105. Element Management Methods
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Features and Functionality - Base Software
Important: GGSN management functionality is enabled by default for console-based access. For GUI-based
management support, refer Web Element Management System section.
Important: For more information on command line interface based management, refer Command Line Interface
Reference and GGSN Administration Guide.
Overlapping IP Address Pool Support
Overlapping IP Address Pools provides a mechanism for allowing operators to more flexibly support multiple corporate
VPN customers with the same private IP address space without the expensive investments in physically separate routers,
or expensive configurations using virtual routers.
The system supports two type of overlapping pools: resource and overlap. Resource pools are designed for dynamic
assignment only, and use a VPN tunnel, such as a GRE tunnel, to forward and received the private IP addresses to and
from the VPN. Overlapping type pools can be used for both dynamic and static, and use VLANs and a next hop
forwarding address to connect to the VPN customer.
To forward downstream traffic to the correct PDP context, the GGSN uses either the GRE tunnel ID, or the VLAN ID to
match the packet. When forwarding traffic upstream, the GGSN uses the tunnel and forwarding information in the IP
pool configuration, so overlapping pools must be configured in the APN for this feature to be used.
When a PDP context is created, the IP addresses is either assigned from the IP pool, in this case the forwarding rules are
also configured into the GGSN at this point. If the address is assigned statically, when the GGSN confirms the IP
address from the pool configured in the APN, the forwarding rules are also applied.
The GGSN can scale to as many actual overlapping pools as there are VLAN interfaces per context, and there can be
multiple contexts per GGSN, or when using resource then the limit is the number of IP pools. This scalability allows
operators, who wish to provide VPN services to customers using the customer's private IP address space, need not be
concerned about escalating hardware costs, or complex configurations.
Important: For more information on IP pool overlapping configuration, refer VLANs chapter in System Enhanced
Feature Configuration Guide.
PDP Context Support
Support for subscriber primary and secondary Packet Data Protocol (PDP) contexts in accordance with the following
standards:
3GPP TS 23.060 v7.4.0 (2007-9): 3rd Generation Partnership project; Technical Specification Group Services
and System Aspects; General Packet Radio Service (GPRS); Service description (Release 1999) as an
additional reference for GPRS/UMTS procedures
3GPP TS 29.061 v7.6.0 (2008-09): 3rd Generation Partnership Project; Technical Specification Group Core
Network; Packet Domain; Interworking between the Public Land Mobile Network (PLMN) supporting Packet
Based Services and Packet Data Networks (PDN) (Release 4)
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Features and Functionality - Base Software ▀
PDP context processing is based on the APN that the subscriber is attempting to access. Templates for all of the possible
APNs that subscribers will be accessing must be configured within the system. Up to 1024 APNs can be configured on
the system.
Each APN template consists of parameters pertaining to how PDP contexts are processed such as the following:
Type (IPv4, IPv6, and/or PPP)
Accounting protocol (GTPP or RADIUS
Authentication protocol (CHAP, MSCHAP, PAP, MSID-based)
Charging characteristics (use SGSN-supplied or use configured)
IP address allocation method (static or dynamic)
PDP Context timers
Quality of Service
A total of 11 PDP contexts are supported per subscriber. These could be all primaries, or 1 Primary and 10 secondaries
or any combination of primary and secondary. Note that there must be at least one primary PDP context in order for
secondaries to come up.
Per APN Configuration to Swap out Gn to Gi APN in CDRs
In order to allow for better correlation of CDRs with the network or application used by the subscriber, a configuration
option has been added to the GGSN replace the Gn APN with the Gi (virtual) APN in emitted G-CDRs.
When virtual APNs are used, the operator can specify via EMS or a configuration command that the Gi APN should be
used in the ―Access Point Name Network Identifier‖ field of emitted G-CDRs, instead of the Gn APN.
Port Insensitive Rule for Enhanced Charging Service
This feature allows a single host or url rule to be applied to two different addresses, one with and one without the port
number appended. As adding the port to the address is optional, this means that the number of rules could be halved.
Browser applications can sometimes appended the port number to the host or url when sending the host or URL fields.
RFC 2616 for example states that port should be appended but if it is omitted then 80 should be assumed.
When configuring rules to define the content, as the web browser may provide the port number, even if it is the default
one of 80 for HTTP, then two of each URL are needed.
Example
This feature provides a means to configure the rule such that the traffic is matched irrespective of the presence of a port
number.
A new configurable has been added to the rulebase configuration that will ignore the port numbers embedded in the
application headers of HTTP, RTSP, SIP, and WSP protocols.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Features and Functionality - Base Software
When this feature is enabled, a single rule, such as ―host = www.w3.org‖ would be matched even if the port number is
appended and in this case the host field has the value www.w3.org:80, thereby cutting the number of rules needed by up
to a half.
Important: For more information on enhanced charging service, refer Enhanced Charging Service
Administration Guide.
Quality of Service Support
Provides operator control over the prioritization of different types of traffic.
Quality of Service (QoS) support provides internal processing prioritization based on needs, and DiffServ remarking to
allow external devices to perform prioritization.
Important: The feature described here is internal prioritization and DiffServ remarking for external prioritization.
For additional QoS capabilities of the GGSN, refer Features and Functionality - Optional Enhanced Feature Software
section.
External prioritization (i.e., the value to use for the DiffServ marking) is configured for the uplink and downlink
directions. In the uplink direction, each APN is configurable for the DiffServ ToS value to use for each of the 3GPP
traffic classes. Alternatively, you can configure ―pass-through‖, whereby the ToS value will pass through unchanged.
In the downlink direction, the ToS value of the subscriber packet is not changed, but you can configure what to use for
the ToS value of the outer GTP tunnel. The value for ToS is configurable for each of the 3GPP traffic classes. In
addition, the connections between the GGSN and one or more SGSNs can be configured as a ―GGSN Service‖, and
different values for ToS for the same 3GPP traffic class may be configured for different GGSN Services.
RADIUS Support
Provides a mechanism for performing authorization, authentication, and accounting (AAA) for subscriber PDP contexts
based on the following standards:
RFC-2618, RADIUS Authentication Client MIB, June 1999
RFC-2620, RADIUS Accounting Client MIB, June 1999
RFC-2865, Remote Authentication Dial In User Service (RADIUS), June 2000
RFC-2866, RADIUS Accounting, June 2000
RFC-2867, RADIUS Accounting Modifications for Tunnel Protocol Support, June 2000
RFC-2868, RADIUS Attributes for Tunnel Protocol Support, June 2000
RFC-2869, RADIUS Extensions, June 2000
The Remote Authentication Dial-In User Service (RADIUS) protocol is used to provide AAA functionality for
subscriber PDP contexts. (RADIUS accounting is optional since GTPP can also be used.)
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Features and Functionality - Base Software ▀
Within context contexts configured on the system, there are AAA and RADIUS protocol-specific parameters that can be
configured. The RADIUS protocol-specific parameters are further differentiated between RADIUS Authentication
server RADIUS Accounting server interaction.
Among the RADIUS parameters that can be configured are:
Priority: Dictates the order in which the servers are used allowing for multiple servers to be configured in a
single context.
Routing Algorithm: Dictate the method for selecting among configured servers. The specified algorithm
dictates how the system distributes AAA messages across the configured AAA servers for new sessions. Once
a session is established and an AAA server has been selected, all subsequent AAA messages for the session
will be delivered to the same server.
In the event that a single server becomes unreachable, the system attempts to communicate with the other servers that
are configured. The system also provides configurable parameters that specify how it should behave should all of the
RADIUS AAA servers become unreachable.
The system provides an additional level of flexibility by supporting the configuration RADIUS server groups. This
functionality allows operators to differentiate AAA services for subscribers based on the APN used to facilitate their
PDP context.
In general, 128 AAA Server IP address/port per context can be configured on the system and it selects servers from this
list depending on the server selection algorithm (round robin, first server). Instead of having a single list of servers per
context, this feature provides the ability to configure multiple server groups. Each server group, in turn, consists of a list
of servers.
This feature works in following way:
All RADIUS authentication/accounting servers configured at the context-level are treated as part of a server
group named ―default‖. This default server group is available to all subscribers in that context through the
realm (domain) without any configuration.
It provides a facility to create ―user defined‖ RADIUS server groups, as many as 399 (excluding ―default‖ server
group), within a context. Any of the user defined RADIUS server groups are available for assignment to a
subscriber through the APN configuration within that context.
Since the configuration of the APN can specify the RADIUS server group to use as well as IP address pools from which
to assign addresses, the system implements a mechanism to support some in-band RADIUS server implementations (i.e.
RADIUS servers which are located in the corporate network, and not in the operator's network) where the NAS-IP
address is part of the subscriber pool. In these scenarios, the GGSN supports the configuration of the first IP address of
the subscriber pool for use as the RADIUS NAS-IP address.
Important:
For more information on RADIUS AAA configuration, refer AAA Interface Administration and
Reference.
RADIUS VLAN Support
VPN customers often use private address space which can easily overlap with other customers. The subscriber addresses
are supported with overlapping pools which can be configured in the same virtual routing context.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Features and Functionality - Base Software
This feature now allows Radius Server and NAS IP addresses to also overlapping without the need to configure separate
contexts, thereby simplifying APN and RADIUS configuration and network design.
This feature now allows Radius Server and NAS IP addresses to also overlapping without the need to configure
separate contexts, thereby simplifying APN and RADIUS configuration and network design.
This feature supports following scenarios to be defined in the same context:
Overlapping RADIUS NAS-IP address for various RADIUS server groups representing different APNs.
Overlapping RADIUS server IP address for various RADIUS servers groups.
Previously, the above scenarios were supported, albeit only when the overlapping addresses were configured in different
contexts. Moreover a static route was required in each context for IP connectivity to the RADIUS server.
The new feature utilizes the same concept as overlapping IP pools such that every overlapping NAS-IP address is giving
a unique next-hop address which is then bound to an interface that is bound to a unique VLAN, thereby allowing the
configuration to exist within the same context.
RADIUS access requests and accounting messages are forwarded to the next hop defined for that NAS-IP and it is then
up to the connected router's forward the messages to the RADIUS server. The next hop address determines the interface
and VLAN to use. Traffic from the server is identified as belonging to a certain NAS-IP by the port/VLAN
combination.
The number of Radius NAS-IP addresses that can be configured is limited by the number of loopback addresses that can
be configured.
Important: For more information on VLAN support, refer VLANs chapter in System Enhanced Feature
Configuration Guide.
Routing Protocol Support
The system's support for various routing protocols and routing mechanism provides an efficient mechanism for ensuring
the delivery of subscriber data packets.
GGSN node supports Routing Protocol in different way to provide an efficient mechanism for delivery of subscriber
data.
The following routing mechanisms and protocols are supported by the system:
Static Routes: The system supports the configuration of static network routes on a per context basis. Network
routes are defined by specifying an IP address and mask for the route, the name of the interface in the currant
context that the route must use, and a next hop IP address.
Open Shortest Path First (OSPF) Protocol: A link-state routing protocol, OSPF is an Interior Gateway
Protocol (IGP) that routes IP packets based solely on the destination IP address found in the IP packet header
using the shortest path first. IP packets are routed ―as is‖, meaning they are not encapsulated in any further
protocol headers as they transit the network.
Variable length subnetting, areas, and redistribution into and out of OSPF are supported.
OSPF routing is supported in accordance with the following standards:
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Features and Functionality - Base Software ▀
RFC-1850, OSPF Version 2 Management Information Base, November 1995
RFC-2328, OSPF Version 2, April 1998
RFC-3101 OSPF-NSSA Option, January 2003
Border Gateway Protocol version 4 (BGP-4): The system supports a subset of BGP (RFC-1771, A Border
Gateway Protocol 4 (BGP-4)), suitable for eBGP support of multi-homing typically used to support
geographically redundant mobile gateways, is supported.
EBGP is supported with multi-hop, route filtering, redistribution, and route maps. The network command is
support for manual route advertisement or redistribution.
BGP route policy and path selection is supported by the following means:
Prefix match based on route access list
AS path access-list
Modification of AS path through path prepend
Origin type
MED
Weight
Route Policy: Routing policies modify and redirect routes to and from the system to satisfy specific routing
needs. The following methods are used with or without active routing protocols (i.e. static or dynamic routing)
to prescribe routing policy:
Route Access Lists: The basic building block of a routing policy, route access lists filter routes based
upon a specified range of IP addresses.
IP Prefix Lists: A more advanced element of a routing policy. An IP Prefix list filters routes based
upon IP prefixes
AS Path Access Lists: A basic building block used for Border Gateway Protocol (BGP) routing, these
lists filter Autonomous System (AS) paths.
Route Maps: Route-maps are used for detailed control over the manipulation of routes during route selection or
route advertisement by a routing protocol and in route redistribution between routing protocols. This detailed
control is achieved using IP Prefix Lists, Route Access Lists and AS Path Access Lists to specify IP addresses,
address ranges, and Autonomous System Paths.
Equal Cost Multiple Path (ECMP): ECMP allows distribution of traffic across multiple routes that have the
same cost to the destination. In this manner, throughput load is distributed across multiple path, typically to
lessen the burden on any one route and provide redundancy. The mobile gateway supports from four to ten
equal-cost paths.
Important: For more information on IP Routing configuration, refer Routing chapter in System Enhanced
Feature Configuration Guide.
Support of Charging Characteristics Provided by AAA Server
This feature provides the ability for operators to apply Charging Characteristics (CC) from the AAA server instead of a
hard coded local profile during access authentication.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Features and Functionality - Base Software
The RADIUS attribute 3GPP-Chrg-Char can be used to get the charging characteristics from RADIUS in AccessAccept message. Accepting the RADIUS returned charging characteristic profile must be enabled per APN. The CC
profile returned by AAA will override any CC provided by the SGSN, the GGSN or per APN configuration. All 16
profile behaviors can be defined explicitly or the default configuration for that profile is used.
Support of all GGSN generated causes for partial G-CDR closure
Provides more detailed eG-CDR and/or G-CDR closure causes as per 3GPP TS 32.298.
System handles the GGSN generated causes for partial closure of CDRs. It supports various type of causes including
Radio Access Technology Change, MS Time Zone Change, Cell update, inter-PLMN SGSN change, PLMN id change,
QoS, Routing-Area update etc.
Threshold Crossing Alerts (TCA) Support
Thresholding on the system is used to monitor the system for conditions that could potentially cause errors or outage.
Typically, these conditions are temporary (i.e high CPU utilization, or packet collisions on a network) and are quickly
resolved. However, continuous or large numbers of these error conditions within a specific time interval may be
indicative of larger, more severe issues. The purpose of thresholding is to help identify potentially severe conditions so
that immediate action can be taken to minimize and/or avoid system downtime.
The system supports Threshold Crossing Alerts for certain key resources such as CPU, memory, IP pool addresses, etc.
With this capability, the operator can configure threshold on these resources whereby, should the resource depletion
cross the configured threshold, a SNMP Trap would be sent.
The following thresholding models are supported by the system:
Alert: A value is monitored and an alert condition occurs when the value reaches or exceeds the configured high
threshold within the specified polling interval. The alert is generated then generated and/or sent at the end of
the polling interval.
Alarm: Both high and low threshold are defined for a value. An alarm condition occurs when the value reaches
or exceeds the configured high threshold within the specified polling interval. The alert is generated then
generated and/or sent at the end of the polling interval.
Thresholding reports conditions using one of the following mechanisms:
SNMP traps: SNMP traps have been created that indicate the condition (high threshold crossing and/or clear) of
each of the monitored value.
Generation of specific traps can be enabled or disabled on the chassis. Ensuring that only important faults get
displayed. SNMP traps are supported in both Alert and Alarm modes.
Logs: The system provides a facility called threshold for which active and event logs can be generated. As with
other system facilities, logs are generated Log messages pertaining to the condition of a monitored value are
generated with a severity level of WARNING
Logs are supported in both the Alert and the Alarm models.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Features and Functionality - Base Software ▀
Alarm System: High threshold alarms generated within the specified polling interval are considered
―outstanding‖ until a the condition no longer exists or a condition clear alarm is generated. ―Outstanding‖
alarms are reported to the system's alarm subsystem and are viewable through the Alarm Management menu in
the Web Element Manager.
The Alarm System is used only in conjunction with the Alarm model.
Important:
For more information on threshold crossing alert configuration, refer Thresholding Configuration
Guide.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Features and Functionality - Optional Enhanced Feature Software
Features and Functionality - Optional Enhanced Feature
Software
This section describes the optional enhanced features and functions for GGSN service.
Each of the following features require the purchase of an additional license to implement the functionality with the
GGSN service.
This section describes following features:
Converged DSL Support on the GGSN
Dynamic RADIUS Extensions (Change of Authorization)
GRE Protocol Interface Support
Gx Interface Support
Inter-Chassis Session Recovery
IP Security (IPSec)
IPv6 Support
L2TP LAC Support
L2TP LNS Support
Lawful Intercept
Mobile IP Home and Foreign Agents
Mobile IP NAT Traversal
Multimedia Broadcast Multicast Services Support
Overcharging Protection on Loss of Coverage
Proxy Mobile IP
Session Persistence
Session Recovery Support
Traffic Policing and Rate Limiting
Web Element Management System
Converged DSL Support on the GGSN
Digital Subscriber Line (DSL) is one of the dominant technologies used to provide wired broadband access to
consumers and SOHO/ROBO today. DSL operates over copper telephone line owned by Local Exchange Carriers, who
often have strong relationships to the Mobile Wireless Operators either through shared ownership or joint holdings. This
feature allows Mobile Wireless Operators to provide DSL converged services with the GGSN.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Features and Functionality - Optional Enhanced Feature Software ▀
Dynamic RADIUS Extensions (Change of Authorization)
Dynamic RADIUS extension support provide operators with greater control over subscriber PDP contexts by providing
the ability to dynamically redirect data traffic, and or disconnect the PDP context.
This functionality is based on the RFC 3576, Dynamic Authorization Extensions to Remote Authentication Dial In User
Service (RADIUS), July 2003 standard.
The system supports the configuration and use of the following dynamic RADIUS extensions:
Change of Authorization: The system supports CoA messages from the AAA server to change data filters
associated with a subscriber session. The CoA request message from the AAA server must contain attributes to
identify NAS and the subscriber session and a data filter ID for the data filter to apply to the subscriber session.
Disconnect Message: The DM message is used to disconnect subscriber sessions in the system from a RADIUS
server. The DM request message should contain necessary attributes to identify the subscriber session.
The above extensions can be used to dynamically re-direct subscriber PDP contexts to an alternate address for
performing functions such as provisioning and/or account set up. This functionality is referred to as Session Redirection,
or Hotlining.
Session redirection provides a means to redirect subscriber traffic to an external server by applying ACL rules to the
traffic of an existing or a new subscriber session. The destination address and optionally the destination port of TCP/IP
or UDP/IP packets from the subscriber are rewritten so the packet is forwarded to the designated redirected address.
Return traffic to the subscriber has the source address and port rewritten to the original values. The redirect ACL may be
applied dynamically by means of the Radius Change of Authorization (CoA) extension.
Important: For more information on dynamic RADIUS extensions support, refer CoA, RADIUS, And Session
Redirection (Hotlining) chapter in System Enhanced Feature Configuration Guide.
GRE Protocol Interface Support
GGSN supports GRE generic tunnel interface support in accordance with RFC-2784, Generic Routing Encapsulation
(GRE).
GRE protocol functionality adds one additional protocol on ASR 5000 to support mobile users to connect to their
enterprise networks through Generic Routing Encapsulation (GRE).
GRE tunnels can be used by the enterprise customers of a carrier 1) To transport AAA packets corresponding to an APN
over a GRE tunnel to the corporate AAA servers and, 2) To transport the enterprise subscriber packets over the GRE
tunnel to the corporation gateway.
The corporate servers may have private IP addresses and hence the addresses belonging to different enterprises may be
overlapping. Each enterprise needs to be in a unique virtual routing domain, known as VRF. To differentiate the tunnels
between same set of local and remote ends, GRE Key will be used as a differentiation.
GRE Tunneling is a common technique to enable multi-protocol local networks over a single-protocol backbone, to
connect non-contiguous networks and allow virtual private networks across WANs. This mechanism encapsulates data
packets from one protocol inside a different protocol and transports the data packets unchanged across a foreign
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Features and Functionality - Optional Enhanced Feature Software
network. It is important to note that GRE tunneling does not provide security to the encapsulated protocol, as there is no
encryption involved (like IPSEC offers, for example).
GRE Tunneling consists of three main components:
Passenger protocol-protocol being encapsulated. For example: CLNS, IPv4 and IPv6.
Carrier protocol-protocol that does the encapsulating. For example: GRE, IP-in-IP, L2TP, MPLS and IPSEC.
Transport protocol-protocol used to carry the encapsulated protocol. The main transport protocol is IP.
The most simplified form of the deployment scenario is shown in the following figure, in which GGSN has two APNs
talking to two corporate networks over GRE tunnels.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Features and Functionality - Optional Enhanced Feature Software ▀
Figure 106.
GRE Deployment Scenario
Mobile
Node
Corporate A
gateway
Corporate A
network
Access
Network
GRE Tunnel
GGSN
IPv4
Network
GRE Tunnel
Corporate B
gateway
Corporate B
network
Gx Interface Support
Gx interface support on the system enables the wireless operator to:
Implement differentiated service profiles for different subscribers
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Features and Functionality - Optional Enhanced Feature Software
Intelligently charge the services accessed depending on the service type and parameters
This interface is particularly suited to control and charge multimedia applications and IMS services. This interface
support is compliant to following standards:
3GPP TS 23.203 V7.6.0 (2008-03): 3rd Generation Partnership Project; Technical Specification Group Services
and System Aspects; Policy and charging control architecture (Release 7)
3GPP TS 29.210 V6.2.0 (2005-06): 3rd Generation Partnership Project; Technical Specification Group Core
Network and Terminals; Charging rule provisioning over Gx interface; (Release 6)
3GPP TS 29.212 V7.4.0 (2008-03): 3rd Generation Partnership Project; Technical Specification Group Core
Network and Terminals; Policy and Charging Control over Gx reference point (Release 7)
3GPP TS 29.213 V7.4.0 (2008-03): 3rd Generation Partnership Project; Technical Specification Group Core
Network and Terminals; Policy and Charging Control signalling flows and QoS parameter mapping; (Release
7)
RFC 3588, Diameter Base Protocol
RFC 4006, Diameter Credit-Control Application
In addition to the above RFCs and standards IMS authorization partially supports 3GPP TS 29.212 for Policy and
Charging Control over Gx reference point functionality.
The goal of the Gx interface is to provide network based QoS control as well as dynamic charging rules on a per bearer
basis. The Gx interface is in particular needed to control and charge multimedia applications.
The Gx interface is located between the GGSN and the E-PDF / PCRF. It is a Diameter- based interface and provides
the functions provided earlier by the Gx and Go interfaces:
QoS control based on either a token-based or token-less mechanism. In the token-based mechanism, the E-PDF
or PCRF dynamically assign network resources to the different bearers used by the subscriber. These resource
assignments are transmitted in Tokens carried over the Gx interface. The authorization tokens are allocated by
the network (E-PDF/PCRF), hence the network is in full control of the mechanism since it only authorizes
resources. The token-less mechanism is for further study.
Dynamic rules for Flexible Bearer Charging. These dynamic charging rules are carried in the resource
assignment tokens and provide 5-tuple type charging rules that enables to implement a specific charging policy
for each subscriber bearer. These charging rules will be applied by the FBC function of the GGSN, and
produce the appropriate eG-CDRs or the appropriate messages on the Gy interface to the OCS.
Important: For more information on Gx interface support, refer Gx Interface Support chapter in System
Enhanced Feature Configuration Guide.
Inter-Chassis Session Recovery
The ST16 and ASR 5000 provides industry leading carrier class redundancy. The systems protects against all single
points of failure (hardware and software) and attempts to recover to an operational state when multiple simultaneous
failures occur.
The system provides several levels of system redundancy:
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Features and Functionality - Optional Enhanced Feature Software ▀
Under normal N+1 packet processing card hardware redundancy, if a catastrophic packet processing card failure
occurs all affected calls are migrated to the standby packet processing card if possible. Calls which cannot be
migrated are gracefully terminated with proper call-termination signaling and accounting records are generated
with statistics accurate to the last internal checkpoint
If the Session Recovery feature is enabled, any total packet processing card failure will cause a packet
processing card switchover and all established sessions for supported call-types are recovered without any loss
of session.
Even though chassis provides excellent intra-chassis redundancy with these two schemes, certain catastrophic failures
which can cause total chassis outages, such as IP routing failures, line-cuts, loss of power, or physical destruction of the
chassis, cannot be protected by this scheme. In such cases, the GGSN Inter-Chassis Session Recovery feature provides
geographic redundancy between sites. This has the benefit of not only providing enhanced subscriber experience even
during catastrophic outages, but can also protect other systems such as the RAN from subscriber re-activation storms.
The Interchassis Session Recovery feature allows for continuous call processing without interrupting subscriber
services. This is accomplished through the use of redundant chassis. The chassis are configured as primary and backup
with one being active and one in recovery mode. A checkpoint duration timer is used to control when subscriber data is
sent from the active chassis to the inactive chassis. If the active chassis handling the call traffic goes out of service, the
inactive chassis transitions to the active state and continues processing the call traffic without interrupting the subscriber
session. The chassis determines which is active through a propriety TCP-based connection called a redundancy link.
This link is used to exchange Hello messages between the primary and backup chassis and must be maintained for
proper system operation.
Interchassis Communication:
Chassis configured to support Interchassis Session Recovery communicate using periodic Hello messages.
These messages are sent by each chassis to notify the peer of its current state. The Hello message contains
information about the chassis such as its configuration and priority. A dead interval is used to set a time limit
for a Hello message to be received from the chassis' peer. If the standby chassis does not receive a Hello
message from the active chassis within the dead interval, the standby chassis transitions to the active state. In
situations where the redundancy link goes out of service, a priority scheme is used to determine which chassis
processes the session. The following priority scheme is used:
router identifier
chassis priority
SPIO MAC address
Checkpoint Message:p
Checkpoint messages are sent from the active chassis to the inactive chassis. Checkpoint messages are sent at
specific intervals and contain all the information needed to recreate the sessions on the standby chassis, if that
chassis were to become active. Once a session exceeds the checkpoint duration, checkpoint data is collected on
the session. The checkpoint parameter determines the amount of time a session must be active before it is
included in the checkpoint message.
Important: For more information on inter-chassis session recovery support, refer Interchassis Session Recovery
chapter in System Enhanced Feature Configuration Guide.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Features and Functionality - Optional Enhanced Feature Software
IP Security (IPSec)
IP Security provides a mechanism for establishing secure tunnels from mobile subscribers to pre-defined endpoints (i.e.
enterprise or home networks) in accordance with the following standards:
RFC 2401, Security Architecture for the Internet Protocol
RFC 2402, IP Authentication Header (AH)
RFC 2406, IP Encapsulating Security Payload (ESP)
RFC 2409, The Internet Key Exchange (IKE)
RFC-3193, Securing L2TP using IPSEC, November 2001
IP Security (IPSec) is a suite of protocols that interact with one another to provide secure private communications across
IP networks. These protocols allow the system to establish and maintain secure tunnels with peer security gateways.
IPSec can be implemented on the system for the following applications:
PDN Access: Subscriber IP traffic is routed over an IPSec tunnel from the system to a secure gateway on the
Packet Data Network (PDN) as determined by Access Control List (ACL) criteria.
Mobile IP: Mobile IP control signals and subscriber data is encapsulated in IPSec tunnels that are established
between Foreign Agents (FAs) and Home Agents (HAs) over the Pi interfaces.
Important: Once an IPSec tunnel is established between an FA and HA for a particular
subscriber, all new Mobile IP sessions using the same FA and HA are passed over the tunnel
regardless of whether or not IPSec is supported for the new subscriber sessions. Data for existing
Mobile IP sessions will be unaffected.
L2TP: L2TP-encapsulated packets are routed from the system to an LNS/secure gateway over an IPSec tunnel.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Features and Functionality - Optional Enhanced Feature Software ▀
Figure 107.
IPSec Application
PDN Access
Application
IPSec Tunnel
Packet Data Network
Security
Gateway
Core service
or HA
IPSec Tunnel
Mobile IP
Application
Core
service/FA
L2TP
Application
HA
IPSec Tunnel
Core service/LAC
HA/LAC
LNS/Security
Gateway
Important: For more information on IPSec support, refer IP Security chapter in System Enhanced Feature
Configuration Guide.
IPv6 Support
Native IPv6 support allows for the configuration of interfaces/routes with IPv6 (128 bit) addressing. The increased
address space allows for future subscriber growth beyond what is currently possible in IPv4. Native IPv6 support on the
Gi interface allows support for packets coming from or destined to a mobile over the Gi interface. IPv6 address
assignment is supported from a dynamic or static pool via standard 3GPP attributes. The GGSN can communicate using
Diameter as the transport protocol for Gx to the AAA. Overlapping address space or resource pools are supported if
they are in different VPNs. The VPN subsystem is responsible for the configuration and recovery of IP interfaces and
routes. IP resources are grouped into separate routing domains know as contexts. The VPN subsystem creates and
maintains each context and the resources associated with them. The existing IPv4 model of interface and route
notification will be extended to support IPv6.
This feature allows IPv6 subscribers to connect via the GPRS/UMTS infrastructure in accordance with the following
standards:
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Features and Functionality - Optional Enhanced Feature Software
RFC 2460: Internet Protocol, Version 6 (IPv6) Specification
RFC 2461: Neighbor Discovery for IPv6
RFC 2462: IPv6 Stateless Address Autoconfiguration
RFC 3314: Recommendations for IPv6 in 3GPP Standards
RFC 3316: Internet Protocol Version 6 (IPv6) for Some Second and Third Generation Cellular Hosts
RFC 3056: Connection of IPv6 domains via IPv4 clouds
3GPP TS 23.060: General Packet Radio Service (GPRS) Service description
3GPP TS 27.060: Mobile Station Supporting Packet Switched Services
3GPP TS 29.061: Interworking between the Public Land Mobile Network (PLMN) supporting Packet Based
Services and Packet Data Networks (PDN)
IP version 6 is enhanced version of IP version 4 with following modifications:
Expanded addressing capabilities with 128 bit for address as compared to 32 bits in IPv4.
Header format simplification
Improved support of extensions and options
Flow labeling capability
Authentication and Privacy capabilities
IPv6 Neighbor Discovery protocol is used to dynamically discover the directly attached devices on IPv6 Interfaces. It
facilitates the mapping of MAC addresses to IPv6 Addresses. The GGSN supports a subset of IPv6 Neighbor Discovery
as defined by RFC 2461, including the following:
The GGSN uses IPv6 Neighbor Discovery to learn the Ethernet link-layer addresses of the directly connected
next-hop gateway.
The GGSN supports configuration of the static IPv6 neighbor (next-hop gateway).
Link-local addresses will be automatically added to Ethernet type interfaces.
The GGSN performs Unsolicited Neighbor Advertisement on line card switchover.
The GGSN will reply to neighbor discovery requests for the node's IPv6 addresses.
ICMPv6 is a protocol for IPv6 networks to allow error reporting and check connectivity via echo messages. The GGSN
supports a subset of ICMPv6 as defined by [RFC-4443]. The GGSN replies to the link-local, configured IP address, and
the all-hosts IP address.
Native IPv6 Routing allows the forwarding of IPv6 packets between IPv6 Networks. The forwarding lookup is based on
a longest prefix match of the destination IPv6 address. The GGSN supports configuration of IPv6 routes to directly
attached next hops via an IPv6 Interface.
Important: Native IPv6 is available only on ASR 5000 or higher platforms. In Release 9.0 Native IPv6 is
available on the GGSN.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Features and Functionality - Optional Enhanced Feature Software ▀
L2TP LAC Support
The system configured as a Layer 2 Tunneling Protocol Access Concentrator (LAC) enables communication with L2TP
Network Servers (LNSs) for the establishment of secure Virtual Private Network (VPN) tunnels between the operator
and a subscriber's corporate or home network.
The use of L2TP in VPN networks is often used as it allows the corporation to have more control over authentication
and IP address assignment. An operator may do a first level of authentication, however use PPP to exchange user name
and password, and use IPCP to request an address. To support PPP negotiation between the GGSN and the corporation,
an L2TP tunnel must be setup in the GGSN running a LAC service.
L2TP establishes L2TP control tunnels between LAC and LNS before tunneling the subscriber PPP connections as
L2TP sessions. The LAC service is based on the same architecture as the GGSN and benefits from dynamic resource
allocation and distributed message and data processing. This design allows the LAC service to support over 4000 setups
per second or a maximum of over 3G of throughput. There can be a maximum up to 65535 sessions in a single tunnel
and as many as 500,000 L2TP sessions using 32,000 tunnels per system.
The LAC sessions can also be configured to be redundant, thereby mitigating any impact of hardware of software
issues. Tunnel state is preserved by copying the information across processor cards.
Important: For more information on this feature support, refer L2TP Access Concentrator chapter in System
Enhanced Feature Configuration Guide.
L2TP LNS Support
The system configured as a Layer 2 Tunneling Protocol Network Server (LNS) supports the termination secure Virtual
Private Network (VPN) tunnels between from L2TP Access Concentrators (LACs).
The LNS service takes advantage of the high performance PPP processing already supported in the system design and is
a natural evolution from the LAC. The LNS can be used as a standalone, or running alongside a GGSN service in the
same platform, terminating L2TP services in a cost effective and seamless manner.
L2TP establishes L2TP control tunnels between LAC and LNS before tunneling the subscriber PPP connections as
L2TP sessions. There can be a maximum of up to 65535 sessions in a single tunnel and up to 500,000 sessions per LNS.
The LNS architecture is similar to the GGSN and utilizes the concept of a de-multiplexer to intelligently assign new
L2TP sessions across the available software and hardware resources on the platform without operator intervention.
Important: For more information on this feature support, refer L2TP Network Server chapter in System Enhanced
Feature Configuration Guide.
Lawful Intercept
The system supports the Lawful Interception (LI) of subscriber session information. This functionality provides
Telecommunication Service Providers (TSPs) with a mechanism to assist Law Enforcement Agencies (LEAs) in the
monitoring of suspicious individuals (referred to as targets) for potential criminal activity.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Features and Functionality - Optional Enhanced Feature Software
The following standards were referenced for the system's LI implementation:
TR-45 Lawfully Authorized Electronic Surveillance TIA/EIA J-STD-025 PN4465 RV 1.7
3GPP TS 33.106 V6.1.0 (2004-06): 3rd Generation Partnership Project; Technical Specification Group Services
and System Aspects; 3G security; Lawful Interception requirements (Release 6)
3GPP TS 33.107 V6.2.0 (2004-06): 3rd Generation Partnership Project; Technical Specification Group Services
and System Aspects; 3G security; Lawful interception architecture and functions (Release 6)
3GPP TS 33.108 V9.0.0 (2009-09): 3rd Generation Partnership Project; Technical Specification Group Services
and System Aspects; 3G security; Handover interface for Lawful Interception (LI) (Release 9)
Technical Directive: Requirements for implementing statutory telecommunications interception measures (TR
TKÜ), Version 4.0
LEAs provide one or more TSPs with court orders or warrants requesting the monitoring of a particular target. The
target is identified by information such as their mobile station Integrated Services Digital Network (MSISDN) number,
or their International Mobile Subscriber Identification (IMSI) number.
Once the target has been identified, the system, functioning as either a GGSN or HA, serves as an Access Function (AF)
and performs monitoring for both new PDP contexts or PDP contexts that are already in progress. While monitoring, the
system intercepts and duplicates Content of Communication (CC) and/or Intercept Related Information (IRI) and
forwards it to a Delivery Function (DF) over an extensible, proprietary interface. Note that when a target establishes
multiple, simultaneous PDP contexts, the system intercepts CC and IRI for each of them. The DF, in turn, delivers the
intercepted content to one or more Collection Functions (CFs).
On ASR 5000 or higher platforms with StarOS version 9.0 or later, this feature enhanced to allow 20,000 LI targets to
be provisioned as well as monitored.
Caution: This capacity improvement impacts performance over various network scenario and in order to reach
the full target of 20000 LI targets, it is required that the used platform have at least 12 active packet processing cards
installed.
Important:
For more information on this feature support, refer Lawful Intercept Configuration Guide.
Mobile IP Home and Foreign Agents
Consolidation of GGSN, HA and/or FA services on the same platform eliminates CapEx and OpEx requirements for
separate network elements and devices under management. Service integration also enables seamless mobility and intertechnology roaming between 1xEV-DO and UMTS/W-CDMA/GPRS/EDGE radio access networks. This shared
configuration also enables common address pools to be applied across all service types. In addition, this combination of
collapsed services does not create dependencies for Mobile IP client software on the user access device and
consequently does not introduce additional requirements for Mobile IP signaling in the 3GPP radio access network.
This functionality provides the following benefits:
Timely release of Mobile IP resources at the FA and/or HA
Accurate accounting
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Features and Functionality - Optional Enhanced Feature Software ▀
Timely notification to mobile node of change in service
The ST16 and ASR 5000 system are capable of supporting both GGSN and Mobile IP functions on a single chassis. For
Mobile IP applications, the system can be configured to provide the function of a Gateway GPRS Support Node/Foreign
Agent (GGSNSN/FA) and/or a Home Agent (HA).
HA and FA components are defined by RFC 2002 in support of Mobile IP. Mobile IP provides a network-layer solution
that allows Mobile Nodes (MNs, i.e. mobile phones, wireless PDAs, and other mobile devices) to receive routed IP
packets from their home network while they are connected to any visitor network using their permanent or home IP
address. Mobile IP allows mobility in a dynamic method that allows nodes to maintain ongoing communications while
changing links as the user traverses the global Internet from various locations outside their home network.
When configured to support HA functionality, the system is capable of supporting following enhanced features:
Mobile IP HA Session Rejection/Redirection: Enables the HA service to either reject new calls or redirect
them to another HA when a destination network connection failure is detected. When network connectivity is
re-established, the HA service begins to accept calls again in the normal manner. This feature provides the
benefit of reducing OpEx through increased operational efficiency and limiting of system downtime.
Mobile IP Registration Revocation: Registration Revocation is a general mechanism whereby the HA
providing Mobile IP or Proxy Mobile IP functionality to a mobile node can notify the GGSN/FA of the
termination of a binding. Mobile IP Registration Revocation can be triggered at the HA by any of the
following:
Administrative clearing of calls
Session Manager software task outage resulting in the loss of FA sessions (sessions that could not be
recovered)
Session Idle timer expiry (when configured to send Revocation)
Any other condition under which a binding is terminated due to local policy (duplicate IMSI detected,
duplicate home address requested)
Important: For more information on Mobile IP HA service and FA service configuration, refer HA
Administration Guide and GGSN Administration Guide respectively
Mobile IP NAT Traversal
This functionality enables converged WiFi-cellular data deployments in which the system is used to concentrate and
switch traffic between WiFi hotspots. UDP/IP tunneling enables NAT firewalls in WLAN hotspots to maintain state
information for address translation between NATed public address/UDP ports and addresses that are privately assigned
for the mobile access device by a local DHCP server.
The Mobile IP protocol does not easily accommodate subscriber mobile nodes that are located behind WLAN or WANbased NAT devices because it assumes that the addresses of mobile nodes or FA's are globally routable prefixes.
However, the mobile node‘s co-located care of address (CCoA/CoA) is a private address. This presents a problem when
remote hosts try to reach the mobile node via the public advertised addresses. The system provides a solution that
utilizes UDP tunneling subject to subscriber reservation requests. In this application, the HA uses IP UDP tunneling to
reach the mobile subscriber and includes the same private address that was provided in original reservation request in
the encapsulated IP payload packet header.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Features and Functionality - Optional Enhanced Feature Software
Important: For more information on this feature, refer MIP NAT Traversal chapter in System Enhanced Feature
Configuration Guide.
Multimedia Broadcast Multicast Services Support
Multimedia services are taking on an ever-increasing role in the wireless carriers' plans for an application centric service
model. As such, any next generation GGSN platform must be capable of supporting the requirements of multimedia
service delivery, including:
Higher bandwidth requirements of streaming audio and video delivery
Efficient broadcast and multicast mechanisms, to conserve resources in the RAN
MBMS represents the evolutionary approach to multicast and broadcast service delivery. MBMS uses spectrum
resources much more efficiently than Multicast-over-Unicast by optimizing packet replication across all critical
components in the bearer path. Thus, services requiring largely uni-directional multicast flows towards the UE are
particularly well suited to the MBMS approach. These would include news, event streaming, suitably
encoded/compressed cable/radio programs, video-on-demand, multi-chat / group-push-to-talk/video-conferencing
sessions with unicast uplink and multicast downlink connections, and other applications.
For MBMS functionality, the system supports the Gmb interface, which is used signal to the BM-SC
Important: For more information on this feature, refer Multicast Broadcast Service chapter in System Enhanced
Feature Configuration Guide.
Overcharging Protection on Loss of Coverage
This solution provides the ability to configure mobile carriers to maximize their network solutions and balancing the
requirements to accurately bill their customer.
Considerin a scenario where a mobile is streaming or downloading very large files from external sources and the mobile
goes out of radio coverage. If this download is happening on Background/Interactive traffic class then the GGSN is
unaware of such loss of connectivity as SGSN does not perform the Update PDP Context procedure to set QoS to 0kbps
(this is done when traffic class is either Streaming or Conversational only). The GGSN continues to forward the
downlink packets to SGSN. In the loss of radio coverage, the SGSN will do paging request and find out that the mobile
is not responding; SGSN will then drops the packets. In such cases, the G-CDR will have increased counts but S-CDR
will not. This means that when operators charge the subscribers based on G-CDR the subscribers may be overcharged.
This feature is implemented to avoid the overcharging in such cases.
This implementation is based on Cisco-specific private extension to GTP messages and/or any co-relation of G-CDRs
and S-CDRs. It also does not modify any RANAP messages.
Important: For more information on this feature, refer Subscriber Overcharging Protection chapter in System
Enhanced Feature Configuration Guide.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Features and Functionality - Optional Enhanced Feature Software ▀
Proxy Mobile IP
Mobility for subscriber sessions is provided through the Mobile IP protocol as defined in RFCs 2002-2005. However,
some older Mobile Nodes (MNs) do not support the Mobile IP protocol. The Proxy Mobile IP feature provides a
mobility solution for these MNs.
For IP PDP contexts using Proxy Mobile IP, the MN establishes a session with the GGSN as it normally would.
However, the GGSN/FA performs Mobile IP operations with an HA (identified by information stored in the subscriber's
profile) on behalf of the MN (i.e. the MN is only responsible for maintaining the IP PDP context with the GGSN, no
Agent Advertisement messages are communicated with the MN).
The MN is assigned an IP address by either the HA, an AAA server, or on a static-basis. The address is stored in a
Mobile Binding Record (MBR) stored on the HA. Therefore, as the MN roams through the service provider's network,
each time a hand-off occurs, the MN will continue to use the same IP address stored in the MBR on the HA.
Proxy Mobile IP can be performed on a per-subscriber basis based on information contained in their user profile, or for
all subscribers facilitated by a specific APN. In the case of non-transparent IP PDP contexts, attributes returned from the
subscriber's profile take precedence over the configuration of the APN.
Important: For more information on this feature, refer Proxy Mobile IP chapter in System Enhanced Feature
Configuration Guide.
Session Persistence
Important: Other licenses (i.e. IP Security and L2TP) may be additionally required depending on your network
deployment and implementation.
Provides seamless mobility to mobile subscribers as they roam between WiLAN and 3G cellular access networks. This
type of inter-technology roaming is ordinarily not possible as wireline access networks do not include SGSNs to permit
inter-SGSN call hand-offs with cellular access networks.
The Cisco Session Persistence Solution maintains consistent user identities and application transparency for your mobile
subscribers as they roam across bearer access networks. This is accomplished through the integration of Home Agent
(HA) and GGSN functionality on the wireless access gateway in the packet network and the use of standards-based
protocols such as Mobile IP and Mobile IP NAT Traversal. The solution also includes Session Persistence client
software that runs on dual-mode WiFi/GPRS/EDGE and/or UMTS/W-CDMA access devices including cellular phones
and laptop computers with wireless data cards.
The Session Persistence client is designed to permit Mobile IP tunneling over the applicable underlying network
including cellular access connections and cable or XDSL broadband access networks. When the user is attached to a
WiFi access network, the Session Persistence client utilizes a Mobile IP Co-located Care of Address Foreign Agent
Service (CCoA FA) and establishes a MIP tunnel to the HA service in the platform. This scenario is completely
transparent to the GGSN service that operates in the same system. The Mobile IP protocol requires a publicly
addressable FA service; however, this is a problem when the mobile subscriber is located behind a NAT firewall. In this
case, the NAT firewall has no way of maintaining state to associate the public NATed address with the private address
assigned to the user by local DHCP server. Mobile IP NAT Traversal solves this problem by establishing a UDP/IP
tunnel between the subscriber access device and Home Agent. The NAT firewall uses the UDP port address to build
state for the subscriber session. During this Mobile IP transaction, the HA establishes a mobility binding record for the
subscriber session.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Features and Functionality - Optional Enhanced Feature Software
When the subscriber roams to a 3GPP cellular access network, it uses the IP address from normal PDP IP context
establishment as its new Mobile IP Care of Address to refresh the mobility binding record at the Home Agent. For
reduced latency between access hand-offs, it is also possible to utilize a permanent 'always-on' PDP IP context with the
IP address maintained in the MIP session persistence client. In this scenario, the mobile access device only needs to reestablish the dormant RAB wireless connection with the 3GPP access network prior to transmitting a new Mobile IP
registration.
The system also enables network-provisioned VPNs for Session Persistence applications by permitting use of
overlapping address pools on the HA and using various tunneling protocols including IPSEC, Layer 2 Tunneling
Protocol (L2TP) and Ethernet IEEE 802.1Q VLANs for separation of subscriber traffic. This application may be further
augmented by additional features such as 800 RADIUS Server Groups to permit use of enterprise controlled AAA
servers and custom dictionaries.
Session Recovery Support
The Session Recovery feature provides seamless failover and reconstruction of subscriber session information in the
event of a hardware or software fault within the system preventing a fully connected user session from being
disconnected.
Session recovery is performed by mirroring key software processes (e.g. session manager and AAA manager) within the
system. These mirrored processes remain in an idle state (in standby-mode), wherein they perform no processing, until
they may be needed in the case of a software failure (e.g. a session manager task aborts). The system spawns new
instances of ―standby mode‖ session and AAA managers for each active Control Processor (CP) being used.
Additionally, other key system-level software tasks, such as VPN manager, are performed on a physically separate
packet processing card to ensure that a double software fault (e.g. session manager and VPN manager fails at same time
on same card) cannot occur. The packet processing card used to host the VPN manager process is in active mode and is
reserved by the operating system for this sole use when session recovery is enabled.
The additional hardware resources required for session recovery include a standby System Processor Card (SPC) and a
standby packet processing card.
There are two modes for Session Recovery.
Task recovery mode: Wherein one or more session manager failures occur and are recovered without the need
to use resources on a standby packet processing card. In this mode, recovery is performed by using the
mirrored ―standby-mode‖ session manager task(s) running on active packet processing cards. The ―standbymode‖ task is renamed, made active, and is then populated using information from other tasks such as AAA
manager.
Full packet processing card recovery mode: Used when a packet processing card hardware failure occurs, or
when a packet processing card migration failure happens. In this mode, the standby packet processing card is
made active and the ―standby-mode‖ session manager and AAA manager tasks on the newly activated packet
processing card perform session recovery.
Session/Call state information is saved in the peer AAA manager task because each AAA manager and session manager
task is paired together. These pairs are started on physically different Ppacket processing cards to ensure task recovery.
Important: For more information on this feature, refer Session Revocery chapter in System Enhanced Feature
Configuration Guide.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Features and Functionality - Optional Enhanced Feature Software ▀
Traffic Policing and Rate Limiting
Allows the operator to proportion the network and support Service-level Agreements (SLAs) for customers.
The Traffic-Policing/Shaping feature enables configuring and enforcing bandwidth limitations on individual PDP
contexts of a particular 3GPP traffic class. Values for traffic classes are defined in 3GPP TS 23.107 and are negotiated
with the SGSN during PDP context activation using the values configured for the APN on the GGSN. Configuration and
enforcement is done independently on the downlink and the uplink directions for each of the 3GPP traffic classes.
Configuration is on a per-APN basis, but may be overridden for individual subscribers or subscriber tiers during
RADIUS authentication/authorization.
A Token Bucket Algorithm (a modified trTCM, as specified in RFC2698) is used to implement the Traffic-Policing
feature. The algorithm measures the following criteria when determining how to mark a packet.
Committed Data Rate (CDR): The guaranteed rate (in bits per second) at which packets may be
transmitted/received for the subscriber during the sampling interval.
Peak Data Rate (PDR): The maximum rate (in bits per second) that packets may be transmitted/received for the
subscriber during the sampling interval.
Burst-size: The maximum number of bytes that may be transmitted/received for the subscriber during the
sampling interval for both committed (CBS) and peak (PBS) rate conditions. This represents the maximum
number of tokens that can be placed in the subscriber's ―bucket‖. Note that the committed burst size (CBS)
equals the peak burst size (PBS) for each subscriber.
Tokens are removed from the subscriber's bucket based on the size of the packets being transmitted/received. Every
time a packet arrives, the system determines how many tokens need to be added (returned) to a subscriber's CBS (and
PBS) bucket. This value is derived by computing the product of the time difference between incoming packets and the
CDR (or PDR). The computed value is then added to the tokens remaining in the subscriber's CBS (or PBS) bucket. The
total number of tokens can not be greater than the configured burst-size. If the total number of tokens is greater than the
burst-size, the number is set to equal the burst-size. After passing through the Token Bucket Algorithm, the packet is
internally classified with a color, as follows:
There are not enough tokens in the PBS bucket to allow a packet to pass, then the packet is considered to be in
violation and is marked ―red‖ and the violation counter is incremented by one.
There are enough tokens in the PBS bucket to allow a packet to pass, but not in the CBS ―bucket‖, then the
packet is considered to be in excess and is marked ―yellow‖, the PBS bucket is decremented by the packet size,
and the exceed counter is incremented by one.
There are more tokens present in the CBS bucket than the size of the packet, then the packet is considered as
conforming and is marked ―green‖ and the CBS and PBS buckets are decremented by the packet size.
The APN on the GGSN can be configured with actions to take for red and yellow packets. Any of the following actions
may be specified:
Drop: The offending packet is discarded.
Transmit: The offending packet is passed.
Lower the IP Precedence: The packet's ToS octet is set to ―0‖, thus downgrading it to Best Effort, prior to
passing the packet.
Buffer the Packet: The packet stored in buffer memory and transmitted to subscriber once traffic flow comes in
allowed bandwidth.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Features and Functionality - Optional Enhanced Feature Software
Different actions may be specified for red and yellow, as well as for uplink and downlink directions and different 3GPP
traffic classes.
Important: For more information on this feature, refer Traffic Policing and Shaping chapter in System Enhanced
Feature Configuration Guide.
Web Element Management System
Provides a Graphical User Interface (GUI) for performing Fault, Configuration, Accounting, Performance, and Security
(FCAPS) management of the ST16 and ASR 5000.
The Web Element Manager is a Common Object Request Broker Architecture (CORBA)-based application that
provides complete Fault, Configuration, Accounting, Performance, and Security (FCAPS) management capability for
the system.
For maximum flexibility and scalability, the Web Element Manager application implements a client-server architecture.
This architecture allows remote clients with Java-enabled web browsers to manage one or more systems via the server
component which implements the CORBA interfaces. The server component is fully compatible with the fault-tolerant
Sun® Solaris® operating system.
The following figure demonstrates various interfaces between the Cisco Web Element Manager and other network
components.
Figure 108. Web Element Manager Network Interfaces
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Features and Functionality - Optional Enhanced Feature Software ▀
Important:
For more information on on WEM support, refer WEM Installation and Administration Guide.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ How GGSN Works
How GGSN Works
This section provides information on the function of the GGSN in a GPRS/UMTS network and presents call procedure
flows for different stages of session setup.
The following topics and procedure flows are included:
PDP Context Processing
Dynamic IP Address Assignment
Subscriber Session Call Flows
PDP Context Processing
PDP context processing is based on the APN that the subscriber is attempting to access. Templates for all of the possible
APNs that subscribers will be accessing must be configured within the system. Up to 1024 APNs can be configured on
the system.
Each APN template consists of parameters pertaining to how PDP contexts are processed such as the following:
Type: The system supports IPv4, IPv6, and PPP PDP contexts.
Accounting protocol: Support is provided for using either the GTPP or Remote Authentication Dial-In User
Service (RADIUS) protocols. In addition, an option is provided to disable accounting if desired.
Authentication protocol: Support is provided for using any of the following:
Challenge Handshake Authentication Protocol (CHAP)
Microsoft CHAP (MSCHAP)
Password Authentication Protocol (PAP)
Mobile Station Identity (MSID)-based authentication
In addition, an option is provided to disable authentication if desired.
Charging characteristics: Each APN template can be configured to either accept the charging characteristics it
receives from the SGSN for a PDP context or use it‘s own characteristics.
IP address allocation method: IP addresses for PDP contexts can be assigned using one of the following
methods:
Statically: The APN template can be configured to provide support for MS-requested static IP
addresses. Additionally, a static address can be configured in a subscriber‘s profile on an
authentication server and allocated upon successful authentication.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
How GGSN Works ▀
Important: Static IP addresses configured in subscriber profiles must also be part of
a static IP address pool configured locally on the system.
Dynamically :The APN template can be configured to dynamically assign an IP address from locally
configured address pools or via a Dynamic Host Control Protocol (DHCP) server. Additional
information on dynamic address assignment can be found in the Dynamic IP Address Assignment
section that follows.
Selection mode: The MS‘s right to access the APN can be either verified or unverified. For verified access, the
SGSN specifies the APN that should be used. For unverified access, the APN can be specified by either the
SGSN or the MS.
Timeout: Absolute and idle session timeout values specify the amount of time that an MS can remain connected.
Mobile IP configuration: Mobile IP requirements, HA address, and other related parameters are configured in
the APN template.
Proxy Mobile IP support: Mobile IP support can be enabled for all subscribers facilitated by the APN.
Alternatively, it can be enabled for individual subscribers via parameters in their RADIUS or local-user
profiles.
Quality of Service: Parameters pertaining to QoS feature support such as for Dynamic Renegotiation, Traffic
Policing, and DSCP traffic class.
A total of 11 PDP contexts are supported per subscriber. These could be all primaries, or 1 Primary and 10 secondaries
or any combination of primary and secondary. Note that there must be at least one primary PDP context in order for
secondaries to come up.
Dynamic IP Address Assignment
IP addresses for PDP contexts can either be static—an IP address is permanently assigned to the MS—or dynamic—an
IP address is temporarily assigned to the MS for the duration of the PDP context.
As previously described in the PDP Context Processing section of this chapter, the method by which IP addresses are
assigned to a PDP context is configured on an APN-by-APN basis. Each APN template dictates whether it will support
static or dynamic addresses. If dynamic addressing is supported, the following methods can be implemented:
Local pools: The system supports the configuration of public or private IP address pools. Addresses can be
allocated from these pools as follows:
Public pools: Provided that dynamic assignment is supported, a parameter in the APN configuration
mode specifies the name of the local public address pool to use for PDP contexts facilitated by the
APN.
Private pools: Provided that dynamic assignment is supported, the name of the local private pool can
be specified in the subscriber‘s profile. The receipt of a valid private pool name will override the
APN‘s use of addresses from public pools.
Dynamic Host Control Protocol (DHCP): The system can be configured to use DHCP PDP context address
assignment using either of the following mechanisms:
DHCP-proxy: The system acts as a proxy for client (MS) and initiates the DHCP Discovery Request
on behalf of client (MS). Once it receives an allocated IP address from DHCP server in response to
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ How GGSN Works
DHCP Discovery Request, it assigns the received IP address to the MS. This allocated address must
be matched with the an address configured in an IP address pool on the system. This complete
procedure is not visible to MS.
DHCP-relay: The system acts as a relay for client (MS) and forwards the DHCP Discovery Request
received from client (MS). Once it receives an allocated IP address from DHCP server in response to
DHCP Discovery Request, it assigns the received IP address to the MS.
In addition to the above methods, IP addresses for subscriber Mobile IP sessions are also dynamically assigned by the
subscriber‘s home network upon registration. The GGSN/FA, in turn, provide the assigned address to the mobile station.
Subscriber Session Call Flows
This section provides information on how GPRS/UMTS subscriber data sessions are processed by the system GGSN.
The following data session scenarios are provided:
Transparent IP: The subscriber is provided basic access to a PDN without the GGSN authenticating the
subscriber. Either a static or dynamic IP address can be assigned to the MS in this scenario.
Non-transparent IP: The GGSN provides subscriber authentication services for the data session. Either a static
or dynamic IP address can be assigned to the MS in this scenario.
Network-initiated: An IP Packet Data Unit (PDU) is received by the GGSN from the PDN for a specific
subscriber. If configured to support network-initiated sessions, the GGSN, will initiate the process of paging
the MS and establishing a PDP context.
PPP Direct Access: The GGSN terminates the subscriber‘s PPP session and provides subscriber authentication
services for the data session. Either a static or dynamic IP address can be assigned to the MS in this scenario.
Virtual Dialup Access: The GGSN functions as an LAC, encapsulates subscriber packets using L2TP, and
tunnels them directly to an LNS for processing.
Corporate IP VPN Connectivity: Similar to the Virtual Dialup Access model, however, the GGSN is
configured to tunnel subscriber packets to a corporate server using IP-in-IP.
Mobile IP: Subscriber traffic is routed to their home network via a tunnel between the GGSN/FA and an HA.
The subscriber‘s IP PDP context is assigned an IP address from the HA.
Proxy Mobile IP: Provides a mobility solution for subscribers whose Mobile Nodes (MNs) do not support the
Mobile IP protocol. The GGSN/FA proxy the Mobile IP tunnel with the HA on behalf of the MS. The
subscriber receives an IP address from their home network. As the subscriber roams through the network, the
IP address is maintained providing the subscriber with the opportunity to use IP applications that require
seamless mobility such as transferring files.
IPv6 Stateless Address Autoconfiguration: The mobile station may select any value for the interface identifier
portion of the address. The only exception is the interface identifier for the link-local address used by the
mobile station. This interface identifier is assigned by the GGSN to avoid any conflict between the mobile
station link-local address and the GGSN address. The mobile station uses the interface ID assigned by the
GGSN during stateless address auto-configuration procedure (e.g., during the initial router advertisement
messages). Once this is over, the mobile can select any interface ID for further communication as long as it
does not conflict with the GGSN‘s interface ID (that the mobile would learn through router advertisement
messages from the GGSN).
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
How GGSN Works ▀
Additionally, this section also provides information about the process used by the system to dynamically assign IP
addresses to the MS.
Transparent Session IP Call Flow
The following figure and the text that follows describe the call flow for a successful transparent data session.
Figure 109.
Transparent IP Session Call Flow
1. The Mobile Station (MS) goes through the process of attaching itself to the GPRS/UMTS network.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ How GGSN Works
2. The MS sends an Activate PDP Context Request message that is received by an SGSN. The message contains
information about the subscriber such as the Network layer Service Access Point Identifier (NSAPI), PDP
Type, PDP Address, Access Point Name (APN), Quality of Service (QoS) requested, and PDP configuration
options.
3. The SGSN authenticates the request message and sends a Create PDP Context Request message to a GGSN
using the GPRS Tunneling Protocol (GTPC, ―C‖ indicates the control signaling aspect of the protocol). The
recipient GGSN is selected based on either the request of the MS or is automatically selected by the SGSN.
The message consists of various information elements including: PDP Type, PDP Address, APN, charging
characteristics, and Tunnel Endpoint Identifier (TEID, if the PDP Address was static).
4. The GGSN determines if it can facilitate the session (in terms of memory or CPU resources, configuration, etc.)
and creates a new entry in its PDP context list and provides a Charging ID for the session.
If the MS required the dynamic assignment of an IP address (i.e., the PDP Address received from the mobile
was null), the GGSN will assign one. The IP address assignment methods supported by the system GGSN are
described in the Dynamic IP Address Assignment section of this guide.
The GGSN replies with an affirmative Create PDP Context Response using GTPC. The response will contain
information elements such as the PDP Address representing either the static address requested by the MS or the
address assigned by the GGSN, the TEID used to reference PDP Address, and PDP configuration options
specified by the GGSN.
5. The SGSN returns an Activate PDP Context Accept response to the MS.
The MS can now send and receive data to or from the PDN until the session is closed or times out. The MS can
initiate multiple PDP contexts if desired and supported by the system. Each additional PDP context can share
the same IP address or use alternatives.
6. The MS can terminate the data session at any time. To terminate the session, the MS sends a Deactivate PDP
Context Request message that is received by the SGSN.
7. The SGSN sends a Delete PDP Context Request message to the GGSN facilitating the data session. The message
includes the information elements necessary to identify the PDP context (i.e., TEID, and NSAPI).
8. The GGSN removes the PDP context from memory and returns a Delete PDP Context Response message to the
SGSN. If the PDP context was the last associated with a particular dynamically assigned PDP Address, the
GGSN will re-claim the IP address for use by subsequent PDP contexts.
9. The SGSN returns a Deactivate PDP Context Accept message to the MS.
10.The GGSN delivers the GGSN Charging Detail Records (G-CDRs) to a Charging Gateway (CG) using GTP
Prime (GTPP). Note that, though not shown in this example, the GGSN could optionally be configured to send
partial CDRs while the PDP context is active.
11.For each accounting message received from the GGSN, the CG responds with an acknowledgement.
Non-Transparent IP Session Call Flow
The following figure and the text that follows describe the call flow for a successful non-transparent data session.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
How GGSN Works ▀
Figure 110.
Non-Transparent IP Session Call Flow
1. The Mobile Station (MS) goes through the process of attaching itself to the GPRS/UMTS network.
2. The Terminal Equipment (TE) aspect of the MS sends AT commands to the Mobile Terminal (MT) aspect of the
MS to place it into PPP mode.
The Link Control Protocol (LCP is then used to configure the Maximum-Receive Unit size and the
authentication protocol (Challenge-Handshake Authentication Protocol (CHAP), Password Authentication
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ How GGSN Works
Protocol (PAP), or none). If CHAP or PAP is used, the TE will authenticate itself to the MT, which, in turn,
stores the authentication information.
Upon successful authentication, the TE sends an Internet Protocol Control Protocol (IPCP) Configure-Request
message to the MT. The message will either contain a static IP address to use or request that one be
dynamically assigned.
3. The MS sends an Activate PDP Context Request message that is received by an SGSN. The message contains
information about the subscriber such as the Network layer Service Access Point Identifier (NSAPI), PDP
Type, PDP Address, Access Point Name (APN), Quality of Service (QoS) requested, and PDP configuration
options.
4. The SGSN authenticates the request message and sends a Create PDP Context Request message to a GGSN
using the GPRS Tunneling Protocol (GTPC, ―C‖ indicates the control signaling aspect of the protocol). The
recipient GGSN is selected based on either the request of the MS or is automatically selected by the SGSN.
The message consists of various information elements including: PDP Type, PDP Address, APN, charging
characteristics, and tunnel endpoint identifier (TEID, if the PDP Address was static).
5. The GGSN determines if it can facilitate the session (in terms of memory or CPU resources, configuration, etc.)
and creates a new entry in its PDP context list and provides a Charging ID for the session.
From the APN specified in the message, the GGSN determines whether or not the subscriber is to be
authenticated, how an IP address should be assigned if using dynamic allocation, and how to route the session.
If authentication is required, the GGSN attempts to authenticate the subscriber locally against profiles stored in
memory or send a RADIUS Access-Request message to an AAA server.
If the MS required the dynamic assignment of an IP address (i.e., the PDP Address received from the mobile
was null), the GGSN will assign one. The IP address assignment methods supported by the system GGSN are
described in the Dynamic IP Address Assignment section of this chapter.
6. If the GGSN authenticated the subscriber to an AAA server, the AAA server responds with a RADIUS AccessAccept message indicating successful authentication.
7. The GGSN replies with an affirmative Create PDP Context Response using GTPC. The response will contain
information elements such as the PDP Address representing either the static address requested by the MS or the
address assigned by the GGSN, the TEID used to reference PDP Address, and PDP configuration options
specified by the GGSN.
8. The SGSN returns an Activate PDP Context Accept message to the MS. The message includes response to the
configuration parameters sent in the initial request.
9. The MT, will respond to the TE‘s IPCP Config-request with an IPCP Config-Ack message.
The MS can now send and receive data to or from the PDN until the session is closed or times out. The MS can
initiate multiple PDP contexts if desired and supported by the system. Each additional PDP context can share
the same IP address or use alternatives.
10.The MS can terminate the data session at any time. To terminate the session, the MS sends a Deactivate PDP
Context Request message that is received by the SGSN.
11.The SGSN sends a Delete PDP Context Request message to the GGSN facilitating the data session. The message
includes the information elements necessary to identify the PDP context (i.e., TEID, and NSAPI).
12.The GGSN removes the PDP context from memory and returns a Delete PDP Context Response message to the
SGSN. If the PDP context was the last associated with a particular dynamically assigned PDP Address, the
GGSN will re-claim the IP address for use by subsequent PDP contexts.
13.The SGSN returns a Deactivate PDP Context Accept message to the MS.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
How GGSN Works ▀
14.The GGSN delivers the GGSN Charging Detail Records (G-CDRs) to a Charging Gateway (CG) using GTP
Prime (GTPP). Note that, though not shown in this example, the GGSN could optionally be configured to send
partial CDRs while the PDP context is active.
15.For each accounting message received from the GGSN, the CG responds with an acknowledgement.
Network-Initiated Session Call Flow
The following figure and the text that follows describe the call flow for a successful network-initiated data session.
Figure 111.
Network-initiated Session Call Flow
1. An IP Packet Data Unit (PDU) is received by the GGSN from the PDN. The GGSN determines if it is configured
to support network-initiated sessions. If not, it will discard the packet. If so, it will begin the NetworkRequested PDP Context Activation procedure.
2. The GGSN may issue a Send Routing Information for GPRS request to the HLR to determine if the MS is
reachable. The message includes the MS‘s International Mobile Subscriber Identity (IMSI).
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ How GGSN Works
3. If the MS is reachable, the HLR returns a Send Routing Information for GPRS Ack containing the address of the
SGSN currently associated with the MS‘s IMSI.
4. The GGSN sends a PDU Notification Request message to the SGSN address supplied by the HLR. This message
contains the IMSI, PDP Type, PDP Address, and APN associated with the session.
5. The SGSN sends a PDU Notification Response to the GGSN indicating that it will attempt to page the MS
requesting that it activate the PDP address indicated in the GGSN‘s request.
6. The SGSN sends a Request PDP Context Activation message to the MS containing the information supplied by
the GGSN.
7. The MS begins the PDP Context Activation procedure as described in step 2 through step 5 of the Transparent
Session IP Call Flow section of this chapter.
Upon PDP context establishment, the MS can send and receive data to or from the PDN until the session is
closed or times out.
8. The MS can terminate the data session at any time. To terminate the session, the MS begins the PDP Context
De-Activation procedure as described in step 6 through step 11 of the Transparent Session IP Call Flow
section of this chapter.
PPP Direct Access Call Flow
The following figure and the text that follows describe the call flow for a successful PPP Direct Access data session.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
How GGSN Works ▀
Figure 112.
PPP Direct Access Call Flow
1. The Mobile Station (MS) goes through the process of attaching itself to the GPRS/UMTS network.
2. The MS sends an Activate PDP Context Request message that is received by an SGSN. The message contains
information about the subscriber such as the Network layer Service Access Point Identifier (NSAPI), PDP
Type, PDP Address, Access Point Name (APN), Quality of Service (QoS) requested, and PDP configuration
options.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ How GGSN Works
3. The SGSN authenticates the request message and sends a Create PDP Context Request message to a GGSN
using the GPRS Tunneling Protocol (GTPC, ―C‖ indicates the control signaling aspect of the protocol). The
recipient GGSN is automatically selected by the SGSN. The message consists of various information elements
including: PDP Type, PDP Address, APN, and charging characteristics.
4. The GGSN determines if it can facilitate the session (in terms of memory or CPU resources, configuration, etc.)
and creates a new entry in its PDP context list and provides a Charging ID for the session. It determines that
the PDP context type is PPP and based on the APN, what authentication protocol to use and how to perform IP
address assignment.
The GGSN replies with an affirmative Create PDP Context Response using GTPC.
5. The SGSN returns an Activate PDP Context Accept response to the MS.
6. The MS and the GGSN negotiate PPP.
7. The GGSN forwards authentication information received from the MS as part of PPP negotiation to the AAA
server in the form of an Access-Request.
8. The AAA server authenticates the MS and sends an Access-Accept message to the GGSN.
9. The GGSN assigns an IP address to the MS and completes the PPP negotiation process. More information about
IP addressing for PDP contexts is located in the PDP Context Processing and Dynamic IP Address Assignment
sections of this chapter.
Once the PPP negotiation process is complete, the MS can send and receive data.
10.The MS can terminate the data session at any time. To terminate the session, the MS sends a Deactivate PDP
Context Request message that is received by the SGSN.
11.The SGSN sends a Delete PDP Context Request message to the GGSN facilitating the data session. The message
includes the information elements necessary to identify the PDP context.
12.The GGSN removes the PDP context from memory and returns a Delete PDP Context Response message to the
SGSN. If the PDP context was the last associated with a particular dynamically assigned PDP Address, the
GGSN will re-claim the IP address for use by subsequent PDP contexts.
13.The SGSN returns a Deactivate PDP Context Accept message to the MS.
14.The GGSN delivers the GGSN Charging Detail Records (G-CDRs) to a Charging Gateway (CG) using GTP
Prime (GTPP). Note that, though not shown in this example, the GGSN could optionally be configured to send
partial CDRs while the PDP context is active.
15.For each accounting message received from the GGSN, the CG responds with an acknowledgement.
Virtual Dialup Access Call Flow
The following figure and the text that follows describe the call flow for a successful VPN Dialup Access data session.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
How GGSN Works ▀
Figure 113.
Virtual Dialup Access Call Flow
1. The Mobile Station (MS) goes through the process of attaching itself to the GPRS/UMTS network.
2. The MS sends an Activate PDP Context Request message that is received by an SGSN. The message contains
information about the subscriber such as the Network layer Service Access Point Identifier (NSAPI), PDP
Type, PDP Address, Access Point Name (APN), Quality of Service (QoS) requested, and PDP configuration
options.
3. The SGSN authenticates the request message and sends a Create PDP Context Request message to a GGSN
using the GPRS Tunneling Protocol (GTPC, ―C‖ indicates the control signaling aspect of the protocol). The
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ How GGSN Works
recipient GGSN is automatically selected by the SGSN. The message consists of various information elements
including: PDP Type, PDP Address, APN, and charging characteristics.
4. The GGSN determines if it can facilitate the session (in terms of memory or CPU resources, configuration, etc.)
and creates a new entry in its PDP context list and provides a Charging ID for the session. It determines the
PDP context type and based on the APN, what authentication protocol to use and how to perform IP address
assignment.
The GGSN replies with an affirmative Create PDP Context Response using GTPC.
5. The SGSN returns an Activate PDP Context Accept response to the MS.
6. The MS sends packets which are received by the GGSN.
7. The GGSN encapsulates the packets from the MS using L2TP and tunnels them to the LNS.
8. The LNS terminates the tunnel and un-encapsulates the packets.
The MS can send and receive data over the L2TP tunnel facilitated by the GGSN.
9. The MS can terminate the data session at any time. To terminate the session, the MS sends a Deactivate PDP
Context Request message that is received by the SGSN.
10.The SGSN sends a Delete PDP Context Request message to the GGSN facilitating the data session. The message
includes the information elements necessary to identify the PDP context.
11.The GGSN removes the PDP context from memory and returns a Delete PDP Context Response message to the
SGSN. If the PDP context was the last associated with a particular dynamically assigned PDP Address, the
GGSN will re-claim the IP address for use by subsequent PDP contexts.
12.The SGSN returns a Deactivate PDP Context Accept message to the MS.
13.The GGSN delivers the GGSN Charging Detail Records (G-CDRs) to a Charging Gateway (CG) using GTP
Prime (GTPP). Note that, though not shown in this example, the GGSN could optionally be configured to send
partial CDRs while the PDP context is active.
14.For each accounting message received from the GGSN, the CG responds with an acknowledgement.
Corporate IP VPN Connectivity Call Flow
The following figure and the text that follows describe the call flow for a successful Corporate IP Connectivity data
session.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
How GGSN Works ▀
Figure 114.
Corporate IP VPN Connectivity Call Flow
1. The Mobile Station (MS) goes through the process of attaching itself to the GPRS/UMTS network.
2. The MS sends an Activate PDP Context Request message that is received by an SGSN. The message contains
information about the subscriber such as the Network layer Service Access Point Identifier (NSAPI), PDP
Type, PDP Address, Access Point Name (APN), Quality of Service (QoS) requested, and PDP configuration
options.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ How GGSN Works
3. The SGSN authenticates the request message and sends a Create PDP Context Request message to a GGSN
using the GPRS Tunneling Protocol (GTPC, ―C‖ indicates the control signaling aspect of the protocol). The
recipient GGSN is automatically selected by the SGSN. The message consists of various information elements
including: PDP Type, PDP Address, APN, and charging characteristics.
4. The GGSN determines if it can facilitate the session (in terms of memory or CPU resources, configuration, etc.)
and creates a new entry in its PDP context list and provides a Charging ID for the session. It determines the
PDP context type and based on the APN, what authentication protocol to use and how to perform IP address
assignment.
If the MS required the dynamic assignment of an IP address (i.e., the PDP Address received from the mobile
was null), the GGSN will assign one. The IP address assignment methods supported by the system GGSN are
described in the Dynamic IP Address Assignment section of this chapter.
The GGSN replies with an affirmative Create PDP Context Response using GTPC.
5. The SGSN returns an Activate PDP Context Accept response to the MS.
6. The MS sends IP packets which are received by the GGSN.
7. The GGSN encapsulates the IP packets from the MS using IP-in-IP and tunnels them to the subscriber‘s
corporate network.
All data sent and received by the MS over the IP-in-IP tunnel facilitated by the GGSN.
8. The MS can terminate the data session at any time. To terminate the session, the MS sends a Deactivate PDP
Context Request message that is received by the SGSN.
9. The SGSN sends a Delete PDP Context Request message to the GGSN facilitating the data session. The message
includes the information elements necessary to identify the PDP context.
10.The GGSN removes the PDP context from memory and returns a Delete PDP Context Response message to the
SGSN. If the PDP context was the last associated with a particular dynamically assigned PDP Address, the
GGSN will re-claim the IP address for use by subsequent PDP contexts.
11.The SGSN returns a Deactivate PDP Context Accept message to the MS.
12.The GGSN delivers the GGSN Charging Detail Records (G-CDRs) to a Charging Gateway (CG) using GTP
Prime (GTPP). Note that, though not shown in this example, the GGSN could optionally be configured to send
partial CDRs while the PDP context is active.
13.For each accounting message received from the GGSN, the CG responds with an acknowledgement.
Mobile IP Call Flow
The following figure and the text that follows describe the call flow for a successful Corporate IP Connectivity data
session.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
How GGSN Works ▀
Figure 115.
Mobile IP Call Flow
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ How GGSN Works
1. The Mobile Station (MS) goes through the process of attaching itself to the GPRS/UMTS network.
2. The Terminal Equipment (TE) aspect of the MS sends AT commands to the Mobile Terminal (MT) aspect of the
MS to place it into PPP mode.
The Link Control Protocol (LCP is then used to configure the Maximum-Receive Unit size and the
authentication protocol (Challenge-Handshake Authentication Protocol (CHAP), Password Authentication
Protocol (PAP), or none). If CHAP or PAP is used, the TE will authenticate itself to the MT, which, in turn,
stores the authentication information.
Upon successful authentication, the TE sends an Internet Protocol Control Protocol (IPCP) Configure-Request
message to the MT. The message will either contain a static IP home address to use or request that one be
dynamically assigned.
3. The MS sends an Activate PDP Context Request message that is received by an SGSN. The message contains
information about the subscriber such as the Network layer Service Access Point Identifier (NSAPI), PDP
Type, Access Point Name (APN), Quality of Service (QoS) requested, and PDP configuration options.
Note that regardless of whether or not the MS has a static address or is requesting a dynamic address, the
―Requested PDP Address‖ field is omitted from the request when using Mobile IP.
4. The SGSN authenticates the request message and sends a Create PDP Context Request message to a GGSN
using the GPRS Tunneling Protocol (GTPC, ―C‖ indicates the control signaling aspect of the protocol). The
recipient GGSN is selected based on either the request of the MS or is automatically selected by the SGSN.
The message consists of various information elements including: PDP Type, Requested PDP con, APN,
charging characteristics, and Tunnel Endpoint Identifier (TEID).
5. The GGSN determines if it can facilitate the session (in terms of memory or CPU resources, configuration, etc.)
and creates a new entry in its PDP context list and provides a Charging ID for the session.
From the APN specified in the message, the GGSN determines how to handle the PDP context including
whether or not Mobile IP should be used.
If authentication is required, the GGSN attempts to authenticate the subscriber locally against profiles stored in
memory or send a RADIUS Access-Request message to an AAA server.
6. If the GGSN authenticated the subscriber to an AAA server, the AAA server responds with a RADIUS AccessAccept message indicating successful authentication.
7. The GGSN replies to the SGSN with a PDP Context Response using GTPC. The response will contain
information elements such as the PDP Address, and PDP configuration options specified by the GGSN. Note
that for Mobile IP, the GGSN returns a PDP Address of 0.0.0.0 indicating that it will be reset with a Home
address after the PDP context activation procedure.
8. The SGSN returns an Activate PDP Context Accept message to the MS. The message includes response to the
configuration parameters sent in the initial request.
9. The MT, will respond to the TE‘s IPCP Config-request with an IPCP Config-Ack message. This ends the PPP
mode between the MT and TE components of the MS.
Data can now be transmitted between the MS and the GGSN.
10.The FA component of the GGSN sends an Agent Advertisement message to the MS. The message contains the
FA parameters needed by the mobile such as one or more card-of addresses. The message is sent as an IP
limited broadcast message (i.e. destination address 255.255.255.255), however only on the requesting MS‘s
TEID to avoid broadcast over the radio interface.
11.The MS sends a Mobile IP Registration request to the GGSN/FA. This message includes either the MS‘s static
home address or it can request a temporary address by sending 0.0.0.0 as its home address. Additionally, the
request must always include the Network Access Identifier (NAI) in a Mobile-Node-NAI Extension.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
How GGSN Works ▀
12.The FA forwards the registration request from the MS to the HA while the MS‘s home address or NAI and TEID
are stored by the GGSN.
13.The HA sends a registration response to the FA containing the address assigned to the MS.
14.The FA extracts the home address assigned to the MS by the HA from the response and the GGSN updates the
associated PDP context. The FA then forwards it to the MS (identified by either the home address or the NAI
and TEID).
15.The GGSN issues a PDP context modification procedure to the SGSN in order to update the PDP address for the
MS.
16.The SGSN forwards the PDP context modification message to the MS.
The MS can now send and receive data to or from their home network until the session is closed or times out.
Note that for Mobile IP, only one PDP context is supported for the MS.
17.The MS can terminate the Mobile IP data session at any time. To terminate the Mobile IP session, the MS sends
a Registration Request message to the GGSN/FA with a requested lifetime of 0.
18.The FA component forwards the request to the HA.
19.The HA sends a Registration Reply to the FA accepting the request.
20.The GGSN/FA forwards the response to the MN.
21.The MS sends a Deactivate PDP Context Request message that is received by the SGSN.
22.The SGSN sends a Delete PDP Context Request message to the GGSN facilitating the data session. The message
includes the information elements necessary to identify the PDP context.
23.The GGSN removes the PDP context from memory and returns a Delete PDP Context Response message to the
SGSN.
24.The SGSN returns a Deactivate PDP Context Accept message to the MS.
25.The GGSN delivers the GGSN Charging Detail Records (G-CDRs) to a Charging Gateway (CG) using GTP
Prime (GTPP). Note that, though not shown in this example, the GGSN could optionally be configured to send
partial CDRs while the PDP context is active.
26.For each accounting message received from the GGSN, the CG responds with an acknowledgement.
Proxy Mobile IP Call Flows
The following figure and the text that follows describe a sample successful Proxy Mobile IP session setup call flow in
which the MS receives its IP address from the HA.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ How GGSN Works
Figure 116.
HA Assigned IP Address Proxy Mobile IP Call Flow
1. The Mobile Station (MS) goes through the process of attaching itself to the GPRS/UMTS network.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
How GGSN Works ▀
2. The Terminal Equipment (TE) aspect of the MS sends AT commands to the Mobile Terminal (MT) aspect of the
MS to place it into PPP mode.
The Link Control Protocol (LCP is then used to configure the Maximum-Receive Unit size and the
authentication protocol (Challenge-Handshake Authentication Protocol (CHAP), Password Authentication
Protocol (PAP), or none). If CHAP or PAP is used, the TE will authenticate itself to the MT, which, in turn,
stores the authentication information.
Upon successful authentication, the TE sends an Internet Protocol Control Protocol (IPCP) Configure-Request
message to the MT. The message will either contain a static IP address to use or request that one be
dynamically assigned.
3. The MS sends an Activate PDP Context Request message that is received by an SGSN. The message contains
information about the subscriber such as the Network layer Service Access Point Identifier (NSAPI), PDP
Type, PDP Address, Access Point Name (APN), Quality of Service (QoS) requested, and PDP configuration
options.
4. The SGSN authenticates the request message and sends a Create PDP Context Request message to a GGSN
using the GPRS Tunneling Protocol (GTPC, ―C‖ indicates the control signaling aspect of the protocol). The
recipient GGSN is selected based on either the request of the MS or is automatically selected by the SGSN.
The message consists of various information elements including: PDP Type, PDP Address, APN, charging
characteristics, and Tunnel Endpoint Identifier (TEID, if the PDP Address was static).
5. The GGSN determines if it can facilitate the session (in terms of memory or CPU resources, configuration, etc.)
and creates a new entry in its PDP context list and provides a Charging ID for the session.
From the APN specified in the message, the GGSN determines whether or not the subscriber is to be
authenticated, if Proxy Mobile IP is to be supported for the subscriber, and if so, the IP address of the HA to
contact.
Note that Proxy Mobile IP support can also be determined by attributes in the user‘s profile. Attributes in the
user‘s profile supersede APN settings.
If authentication is required, the GGSN attempts to authenticate the subscriber locally against profiles stored in
memory or send a RADIUS Access-Request message to an AAA server.
6. If the GGSN authenticated the subscriber to an AAA server, the AAA server responds with a RADIUS AccessAccept message indicating successful authentication and any attributes for handling the subscriber PDP
context.
7. If Proxy Mobile IP support was either enabled in the APN or in the subscriber‘s profile, the GGSN/FA forwards
a Proxy Mobile IP Registration Request message to the specified HA. The message includes such things as the
MS‘s home address, the IP address of the FA (the care-of-address), and the FA-HA extension (Security
Parameter Index (SPI)).
8. The HA responds with a Proxy Mobile IP Registration Response. The response includes an IP address from one
of its locally configured pools to assign to the MS (its Home Address). The HA also creates a Mobile Binding
Record (MBR) for the subscriber session.
9. The HA sends a RADIUS Accounting Start request to the AAA server which the AAA server responds to.
10.The GGSN replies with an affirmative Create PDP Context Response using GTPC. The response will contain
information elements such as the PDP Address representing either the static address requested by the MS or the
address assigned by the GGSN, the TEID used to reference PDP Address, and PDP configuration options
specified by the GGSN.
11.The SGSN returns an Activate PDP Context Accept message to the MS. The message includes response to the
configuration parameters sent in the initial request.
12.The MT, will respond to the TE‘s IPCP Config-request with an IPCP Config-Ack message.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ How GGSN Works
The MS can now send and receive data to or from the PDN until the session is closed or times out. Note that
for Mobile IP, only one PDP context is supported for the MS.
13.The FA periodically sends Proxy Mobile IP Registration Request Renewal messages to the HA. The HA sends
responses for each request.
14.The MS can terminate the data session at any time. To terminate the session, the MS sends a Deactivate PDP
Context Request message that is received by the SGSN.
15.The SGSN sends a Delete PDP Context Request message to the GGSN facilitating the data session. The message
includes the information elements necessary to identify the PDP context (i.e., TEID, and NSAPI).
16.The GGSN removes the PDP context from memory and the FA sends a Proxy Mobile IP Deregistration Request
message to the HA.
17.The GGSN returns a Delete PDP Context Response message to the SGSN.
18.The HA replies to the FA with a Proxy Mobile IP Deregistration Request Response.
19.The HA sends a RADIUS Accounting Stop request to the AAA server which the AAA server responds to.
20.The SGSN returns a Deactivate PDP Context Accept message to the MS.
21.The GGSN delivers the GGSN Charging Detail Records (G-CDRs) to a Charging Gateway (CG) using GTP
Prime (GTPP). Note that, though not shown in this example, the GGSN could optionally be configured to send
partial CDRs while the PDP context is active.
22.For each accounting message received from the GGSN, the CG responds with an acknowledgement.
IPv6 Stateless Address Autoconfiguration Flows
The following figure and the text that follows describe a sample IPv6 stateless address auto configuration session setup
call flow in which the MS receives its IP address from the RADIUS DHCP server.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
How GGSN Works ▀
Figure 117.
IPv6 Stateless Address Autoconfiguration Flow
1. The MS uses the IPv6 interface identifier provided by the GGSN to create its IPv6 link-local unicast address.
Before the MS communicates with other hosts or mobile stations on the intranet/ISP, the MS must obtain an
IPv6 global or site-local unicast address.
2. After the GGSN sends a create PDP context response message to the SGSN, it starts sending router
advertisements periodically on the new MS-GGSN link established by the PDP context.
3. When creating a global or site-local unicast address, the MS may use the interface identifier received during the
PDP context activation or it generates a new interface identifier. There is no restriction on the value of the
interface identifier of the global or site-local unicast address, since the prefix is unique.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Supported Standards
Supported Standards
The GGSN complies with the following standards for 3GPP wireless data services.
3GPP References
IETF References
Object Management Group (OMG) Standards
3GPP References
3GPP TS 09.60 v7.10.0 (2001-09): 3rd Generation Partnership project; Technical Specification Group Core
Network; General Packet Radio Services (GPRS); GPRS Tunneling Protocol (GTP) across the Gn and Gp
Interface (Release 1998) for backward compatibility with GTPv0
3GPP TS 23.060 v7.6.0 (2007-9): 3rd Generation Partnership project; Technical Specification Group Services
and System Aspects; General Packet Radio Service (GPRS); Service description (Release 1999) as an
additional reference for GPRS/UMTS procedures
3GPP TS 23.107 v7.1.0 (2007-09): 3rd Generation Partnership Project; Technical Specification Group Services
and System Aspects; QoS Concept and Architecture
3GPP TS 23.203 V7.7.0 (2006-08): 3rd Generation Partnership Project; Technical Specification Group Services
and System Aspects; Policy and charging control architecture (Release 7)
3GPP TS 23.246 v7.4.0 (2007-09): 3rd Generation Partnership Project, Technical Specification Group Services
and System Aspects; Multimedia Broadcast/Multicast Service (MBMS); Architecture and functional
description (Release 7)
3GPP TS 24.008 v7.11.0 (2001-06): Mobile radio interface layer 3 specification; Core Network Protocols- Stage
3 (Release 1999) as an additional reference for GPRS/UMTS procedures
3GPP TS 29.060 v7.9.0 (2008-09): 3rd Generation Partnership Project; Technical Specification Group Core
Network; General Packet Radio Services (GPRS); GRPS Tunneling Protocol (GTP) across the Gn and Gp
Interface (Release 4) for the Core GTP Functionality
3GPP TS 29.061 v7.7.0 (2008-09): 3rd Generation Partnership Project; Technical Specification Group Core
Network; Packet Domain; Interworking between the Public Land Mobile Network (PLMN) supporting Packet
Based Services and Packet Data Networks (PDN)
3GPP 29.212 v7.6.0 (2008-09) 3rd Generation Partnership Project, Technical Specification Group Core Network
and Terminals; Policy and Charging Control over Gx reference point (Release 7)
3GPP TS 29.213 V7.5.0 (2005-08): 3rd Generation Partnership Project; Technical Specification Group Core
Network and Terminals; Policy and Charging Control signalling flows and QoS parameter mapping; (Release
7)
3GPP TR 29.846 6.0.0 (2004-09) 3rd Generation Partnership Project, Technical Specification Group Core
Networks; Multimedia Broadcast/Multicast Service (MBMS); CN1 procedure description (Release 6)
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Supported Standards ▀
3GPP TS 32.015 v3.12.0 (2003-12): 3rd Generation Partnership Project, Technical Specification Group Services
and System Aspects; Telecommunication Management; Charging management; Call and event data for the
Packet Switched (PS) domain (Release 1999) for support of Charging on GGSN
3GPP TS 32.215 v5.9.0 (2005-06): 3rd Generation Partnership Project, Technical Specification Group Services
and System Aspects; Telecommunication Management; Charging Management; Charging data description for
the Packet Switched (PS) domain (Release 5)
3GPP 32.251 v7.5.1 (2007-10) 3rd Generation Partnership Project, Technical Specification Group Services and
System Aspects; Telecommunication management; Charging management; Packet Switched (PS) domain
charging (Release 7)
3GPP TS 32.298 v7.4.0 (2007-09): 3rd Generation Partnership Project; Technical Specification Group Service
and System Aspects; Telecommunication management; Charging management; Charging Data Record (CDR)
parameter description
3GPP TS 32.299 v7.7.0 (2007-10): 3rd Generation Partnership Project; Technical Specification Group Service
and System Aspects; Telecommunication management; Charging management; Diameter charging applications
(Release 7)
3GPP TS 32.403 V7.1.0: Technical Specification Performance measurements - UMTS and combined
UMTS/GSM
3GPP TS 33.106 V7.0.1 (2001-06): 3rd Generation Partnership Project; Technical Specification Group Services
and System Aspects; 3G security; Lawful Interception requirements (Release 7)
3GPP TS 33.107 V7.7.0 (2007-09): 3rd Generation Partnership Project; Technical Specification Group Services
and System Aspects; 3G security; Lawful interception architecture and functions (Release 7)
IETF References
RFC-768, User Datagram Protocol (UPD), August 1980
RFC-791, Internet Protocol (IP), September 1982
RFC-793, Transmission Control Protocol (TCP), September 1981
RFC-894, A Standard for the Transmission of IP Datagrams over Ethernet Networks, April 1984
RFC-1089, SNMP over Ethernet, February 1989
RFC-1144, Compressing TCP/IP headers for low-speed serial links, February 1990
RFC-1155, Structure & identification of management information for TCP/IP-based internets, May 1990
RFC-1157, Simple Network Management Protocol (SNMP) Version 1, May 1990
RFC-1212, Concise MIB Definitions, March 1991
RFC-1213, Management Information Base for Network Management of TCP/IP-based Internets: MIB-II, March
1991
RFC-1215, A Convention for Defining Traps for use with the SNMP, March 1991
RFC-1224, Techniques for managing asynchronously generated alerts, May 1991
RFC-1256, ICMP Router Discovery Messages, September 1991
RFC-1305, Network Time Protocol (Version 3) Specification, Implementation and Analysis, March 1992
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Supported Standards
RFC-1332, The PPP Internet Protocol Control Protocol (IPCP), May 1992
RFC-1398, Definitions of Managed Objects for the Ethernet-Like Interface Types, January 1993
RFC-1418, SNMP over OSI, March 1993
RFC-1570, PPP LCP Extensions, January 1994
RFC-1643, Definitions of Managed Objects for the Ethernet-like Interface Types, July 1994
RFC-1661, The Point to Point Protocol (PPP), July 1994
RFC-1662, PPP in HDLC-like Framing, July 1994
RFC-1701, Generic Routing Encapsulation (GRE), October 1994
RFC-1850, OSPF Version 2 Management Information Base, November 1995
RFC-1901, Introduction to Community-based SNMPv2, January 1996
RFC-1902, Structure of Management Information for Version 2 of the Simple Network Management Protocol
(SNMPv2), January 1996
RFC-1903, Textual Conventions for Version 2 of the Simple Network Management Protocol (SNMPv2),
January 1996
RFC-1904, Conformance Statements for Version 2 of the Simple Network Management Protocol (SNMPv2),
January 1996
RFC-1905, Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2), January
1996
RFC-1906, Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2), January
1996
RFC-1907, Management Information Base for Version 2 of the Simple Network Management Protocol
(SNMPv2), January 1996
RFC-1908, Coexistence between Version 1 and Version 2 of the Internet-standard Network Management
Framework, January 1996
RFC-1918, Address Allocation for Private Internets, February 1996
RFC-1919, Classical versus Transparent IP Proxies, March 1996
RFC-1962, The PPP Compression Control Protocol (CCP), June 1996
RFC-1974, PPP STAC LZS Compression Protocol, August 1996
RFC-2002, IP Mobility Support, May 1995
RFC-2003, IP Encapsulation within IP, October 1996
RFC-2004, Minimal Encapsulation within IP, October 1996
RFC-2005, Applicability Statement for IP Mobility Support, October 1996
RFC-2118, Microsoft Point-to-Point Compression (MPPC) Protocol, March 1997
RFC 2131, Dynamic Host Configuration Protocol
RFC 2132, DHCP Options and BOOTP Vendor Extensions
RFC-2136, Dynamic Updates in the Domain Name System (DNS UPDATE)
RFC-2211, Specification of the Controlled-Load Network Element Service
RFC-2246, The Transport Layer Security (TLS) Protocol Version 1.0, January 1999
RFC-2290, Mobile-IPv4 Configuration Option for PPP IPCP, February 1998
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
Supported Standards ▀
RFC-2328, OSPF Version 2, April 1998
RFC-2344, Reverse Tunneling for Mobile IP, May 1998
RFC-2394, IP Payload Compression Using DEFLATE, December 1998
RFC 2401, Security Architecture for the Internet Protocol
RFC 2402, IP Authentication Header (AH)
RFC 2406, IP Encapsulating Security Payload (ESP)
RFC 2409, The Internet Key Exchange (IKE)
RFC-2460, Internet Protocol Version 6 (IPv6)
RFC-2461, Neighbor Discovery for IPv6
RFC-2462, IPv6 Stateless Address Autoconfiguration
RFC-2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers, December
1998
RFC-2475, An Architecture for Differentiated Services, December 1998
RFC-2484, PPP LCP Internationalization Configuration Option, January 1999
RFC-2486, The Network Access Identifier (NAI), January 1999
RFC-2571, An Architecture for Describing SNMP Management Frameworks, April 1999
RFC-2572, Message Processing and Dispatching for the Simple Network Management Protocol (SNMP), April
1999
RFC-2573, SNMP Applications, April 1999
RFC-2574, User-based Security Model (USM) for version 3 of the Simple Network Management Protocol
(SNMPv3), April 1999
RFC-2597, Assured Forwarding PHB Group, June 1999
RFC-2598, Expedited Forwarding PHB, June 1999
RFC-2618, RADIUS Authentication Client MIB, June 1999
RFC-2620, RADIUS Accounting Client MIB, June 1999
RFC-2661, Layer Two Tunneling Protocol ―L2TP‖, August 1999
RFC-2697, A Single Rate Three Color Marker, September 1999
RFC-2698, A Two Rate Three Color Marker, September 1999
RFC-2784, Generic Routing Encapsulation (GRE) - March 2000, IETF
RFC-2794, Mobile IP Network Access Identifier Extension for IPv4, March 2000
RFC-2809, Implementation of L2TP Compulsory Tunneling via RADIUS, April 2000
RFC-2845, Secret Key Transaction Authentication for DNS (TSIG), May 2000
RFC-2865, Remote Authentication Dial In User Service (RADIUS), June 2000
RFC-2866, RADIUS Accounting, June 2000
RFC-2867, RADIUS Accounting Modifications for Tunnel Protocol Support, June 2000
RFC-2868, RADIUS Attributes for Tunnel Protocol Support, June 2000
RFC-2869, RADIUS Extensions, June 2000
RFC-3007, Secure Domain Name System (DNS) Dynamic Update, November 2000
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
GGSN Support in GPRS/UMTS Wireless Data Services
▀ Supported Standards
RFC-3012, Mobile IPv4 Challenge/Response Extensions, November 2000
RFC-3056, Connection of IPv6 Domains via IPv4 Clouds, February 2001
RFC-3101 OSPF-NSSA Option, January 2003
RFC-3143, Known HTTP Proxy/Caching Problems, June 2001
RFC-3193, Securing L2TP using IPSEC, November 2001
RFC-3314, Recommendations for IPv6 in Third Generation Partnership Project (3GPP) Standards, September
2002
RFC-3316, Internet Protocol Version 6 (IPv6) for Some Second and Third Generation Cellular Hosts, April 2003
RFC-3706, A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers, February 2004
RFC-3543, Registration Revocation in Mobile IPv4, August 2003
RFC 3588, Diameter Base Protocol, September 2003
RFC 4006, Diameter Credit-Control Application, August 2005
Draft, Route Optimization in Mobile IP
Draft, Generalized Key Distribution Extensions for Mobile IP
Draft, AAA Keys for Mobile IP
Object Management Group (OMG) Standards
CORBA 2.6 Specification 01-09-35, Object Management Group
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Chapter 12
HA Overview
The Home Agent (HA) allows mobile nodes to be reached, or served, by their home network through its home address
even when the mobile node is not attached to its home network. The HA performs this function through interaction with
a Foreign Agent (FA) that the mobile node is communicating with using the Mobile IP (MIP) standard. Such
transactions are performed through the use of virtual private networks that create MIP tunnels between the HA and FA.
When functioning as an HA, the system can either be located within the carrier‘s 3G network or in an external enterprise
or ISP network. Regardless, the FA terminates the mobile subscriber‘s PPP session, and then routes data to and from the
appropriate HA on behalf of the subscriber.
This chapter includes the following sections:
System Components and Capacities
Network Deployment Configurations
Understanding Mobile IP
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HA Overview
▀ System Components
System Components
The following application and line cards are required to support CDMA2000 wireless data services on the system:
ASR 5000 Platform:
System Management Cards (SMCs): Provides full system control and management of all cards within the ASR
5000 platform. Up to two SMC can be installed; one active, one redundant.
Packet Processing Cards (PSC, PSC2, PPC): Within the ASR 5000 platform, packet processing cards provide
high-speed, multi-threaded PPP processing capabilities to support HA services. Up to 14 packet processing
cards can be installed, allowing for multiple active and/or redundant cards.
Switch Processor Input/Outputs (SPIO): Installed in the upper-rear chassis slots directly behind the SMCs,
SPIOs provide connectivity for local and remote management, Central Office (CO) alarms. Up to two SPIOs
can be installed; one active, one redundant.
Ethernet 10/100 and/or Ethernet 1000/Quad Ethernet 1000 Line Cards: Installed directly behind processing
cards, these cards provide the RP, AAA, PDN, and Pi interfaces to elements in the data network. Up to 26 line
cards should be installed for a fully loaded system with 13 active processing cards, 13 in the upper-rear slots
and 13 in the lower-rear slots for redundancy. Redundant processing cards do no not require line cards.
Redundancy Crossbar Cards (RCCs): Installed in the lower-rear chassis slots directly behind the SMCs,
RCCs utilize 5 Gbps serial links to ensure connectivity between Ethernet 10/100 or Ethernet 1000/Quad
Ethernet 1000 line cards and every processing card in the system for redundancy. Two RCCs can be installed
to provide redundancy for all line cards and processing cards.
Important: Additional information pertaining to each of the application and line cards required to support
CDMA2000 wireless data services is located in the Product Overview Guide.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HA Overview
Supported Standards ▀
Supported Standards
The system supports the following industry standards for 1x/CDMA2000/EV-DO devices.
Requests for Comments (RFCs)
RFC-768, User Datagram Protocol (UPD), August 1980
RFC-791, Internet Protocol (IP), September 1982
RFC-793, Transmission Control Protocol (TCP), September 1981
RFC-894, A Standard for the Transmission of IP Datagrams over Ethernet Networks, April 1984
RFC-1089, SNMP over Ethernet, February 1989
RFC-1144, Compressing TCP/IP headers for low-speed serial links, February 1990
RFC-1155, Structure and Identification of Management Information for TCP/IP-based Internets, May 1990
RFC-1157, Simple Network Management Protocol (SNMP) Version 1, May 1990
RFC-1212, Concise MIB Definitions, March 1991
RFC-1213, Management Information Base for Network Management of TCP/IP-based Internets: MIB-II, March
1991
RFC-1215, A Convention for Defining Traps for use with the SNMP, March 1991
RFC-1224, Techniques for Managing Asynchronously Generated Alerts, May 1991
RFC-1256, ICMP Router Discovery Messages, September 1991
RFC-1305, Network Time Protocol (Version 3) Specification, Implementation and Analysis, March 1992
RFC-1332, The PPP Internet Protocol Control Protocol (IPCP), May 1992
RFC-1398, Definitions of Managed Objects for the Ethernet-Like Interface Types, January 1993
RFC-1418, SNMP over OSI, March 1993
RFC-1570, PPP LCP Extensions, January 1994
RFC-1643, Definitions of Managed Objects for the Ethernet-like Interface Types, July 1994
RFC-1661, The Point to Point Protocol (PPP), July 1994
RFC-1662, PPP in HDLC-like Framing, July 1994
RFC-1701, Generic Routing Encapsulation (GRE), October 1994
RFC-1771, A Border Gateway Protocol 4 (BGP-4)
RFC-1850, OSPF Version 2 Management Information Base, November 1995
RFC-1901, Introduction to Community-based SNMPv2, January 1996
RFC-1902, Structure of Management Information for Version 2 of the Simple Network Management Protocol
(SNMPv2), January 1996
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HA Overview
▀ Supported Standards
RFC-1903, Textual Conventions for Version 2 of the Simple Network Management Protocol (SNMPv2),
January 1996
RFC-1904, Conformance Statements for Version 2 of the Simple Network Management Protocol (SNMPv2),
January 1996
RFC-1905, Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2), January
1996
RFC-1906, Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2), January
1996
RFC-1907, Management Information Base for Version 2 of the Simple Network Management Protocol
(SNMPv2), January 1996
RFC-1908, Coexistence between Version 1 and Version 2 of the Internet-standard Network Management
Framework, January 1996
RFC-1918, Address Allocation for Private Internets, February 1996
RFC-1919, Classical versus Transparent IP Proxies, March 1996
RFC-1962, The PPP Compression Control Protocol (CCP), June 1996
RFC-1974, PPP STAC LZS Compression Protocol, August 1996
RFC-2002, IP Mobility Support, May 1995
RFC-2003, IP Encapsulation within IP, October 1996
RFC-2004, Minimal Encapsulation within IP, October 1996
RFC-2005, Applicability Statement for IP Mobility Support, October 1996
RFC-2118, Microsoft Point-to-Point Compression (MPPC) Protocol, March 1997
RFC-2136, Dynamic Updates in the Domain Name System (DNS UPDATE)
RFC-2211, Specification of the Controlled-Load Network Element Service
RFC-2246, The Transport Layer Security (TLS) Protocol Version 1.0, January 1999
RFC-2290, Mobile IPv4 Configuration Option for PPP IPCP, February 1998
RFC-2328, OSPF Version 2, April 1998
RFC-2344, Reverse Tunneling for Mobile IP, May 1998
RFC-2394, IP Payload Compression Using DEFLATE, December 1998
RFC-2401, Security Architecture for the Internet Protocol, November 1998
RFC-2402, IP Authentication Header (AH), November 1998
RFC-2406, IP Encapsulating Security Payload (ESP), November 1998
RFC-2408, Internet Security Association and Key Management Protocol (ISAKMP), November 1998
RFC-2409, The Internet Key Exchange (IKE), November 1998
RFC-2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers, December
1998
RFC-2475, An Architecture for Differentiated Services, December 1998
RFC-2484, PPP LCP Internationalization Configuration Option, January 1999
RFC-2486, The Network Access Identifier (NAI), January 1999
RFC-2571, An Architecture for Describing SNMP Management Frameworks, April 1999
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HA Overview
Supported Standards ▀
RFC-2572, Message Processing and Dispatching for the Simple Network Management Protocol (SNMP), April
1999
RFC-2573, SNMP Applications, April 1999
RFC-2574, User-based Security Model (USM) for version 3 of the Simple Network Management Protocol
(SNMPv3), April 1999
RFC-2597, Assured Forwarding PHB Group, June 1999
RFC2598 - Expedited Forwarding PHB, June 1999
RFC-2618, RADIUS Authentication Client MIB, June 1999
RFC-2620, RADIUS Accounting Client MIB, June 1999
RFC-2661, Layer Two Tunneling Protocol ―L2TP‖, August 1999
RFC-2697, A Single Rate Three Color Marker, September 1999
RFC-2698, A Two Rate Three Color Marker, September 1999
RFC-2784, Generic Routing Encapsulation (GRE) - March 2000, IETF
RFC-2794, Mobile IP Network Access Identifier Extension for IPv4, March 2000
RFC-2809, Implementation of L2TP Compulsory Tunneling via RADIUS, April 2000
RFC-2845, Secret Key Transaction Authentication for DNS (TSIG), May 2000
RFC-2865, Remote Authentication Dial In User Service (RADIUS), June 2000
RFC-2866, RADIUS Accounting, June 2000
RFC-2867, RADIUS Accounting Modifications for Tunnel Protocol Support, June 2000
RFC-2868, RADIUS Attributes for Tunnel Protocol Support, June 2000
RFC-2869, RADIUS Extensions, June 2000
RFC-3007, Secure Domain Name System (DNS) Dynamic Update, November 2000
RFC-3012, Mobile IPv4 Challenge/Response Extensions, November 2000
RFC-3095, Robust Header Compression (ROHC): Framework and four profiles: RTP, UDP, ESP and
uncompressed, July 2001
RFC-3101, OSPF NSSA Option, January 2003.
RFC-3141, CDMA2000 Wireless Data Requirements for AAA, June 2001
RFC-3143, Known HTTP Proxy/Caching Problems, June 2001
RFC-3193, Securing L2TP using IPSEC, November 2001
RFC-3241 Robust Header Compression (ROHC) over PPP, April 2002
RFC-3409, Lower Layer Guidelines for Robust (RTP/UDP/IP) Header Compression, December 2002
RFC-3519, NAT Traversal for Mobile IP, April 2003
RFC-3543, Registration Revocation in Mobile IPv4, August 2003
RFC 3576 - Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS), July
2003
RFC-3706, A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers, February 2004
RFC-3759, Robust Header Compression (ROHC): Terminology and Channel Mapping Examples, April 2004
RFC-3588, Diameter Based Protocol, September 2003
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HA Overview
▀ Supported Standards
RFC-4005, Diameter Network Access Server Application, August 2005
RFC-4006, Diameter Credit-Control Application, August 2005
Draft, Generalized Key Distribution Extensions for Mobile IP
Draft, AAA Keys for Mobile IP
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HA Overview
Network Deployment Configurations ▀
Network Deployment Configurations
This section provides examples of how the system can be deployed within a wireless carrier‘s network. As noted
previously in this chapter, the system can be deployed in standalone configurations, serving as a Home Agent (HA) and
a Packet Data Serving Node/Foreign Agent (PDSN/FA), or in a combined PDSN/FA/HA configuration providing all
services from a single chassis.
Standalone PDSN/FA and HA Deployments
The following figure depicts a sample network configuration wherein the HA and the PDSN/FA are separate systems.
Figure 118. PDSN/FA and HA Network Deployment Configuration Example
The HA allows mobile nodes to be reached, or served, by their home network through its home address even when the
mobile node is not attached to its home network. The HA performs this function through interaction with an FA that the
mobile node is communicating with using the Mobile IP protocol. Such transactions are performed through the use of
virtual private networks that create Mobile IP tunnels between the HA and FA.
Interface Descriptions
This section describes the primary interfaces used in a CDMA2000 wireless data network deployment.
Pi Interfaces
The Pi interface provides connectivity between the HA and its corresponding FA. The Pi interface is used to establish a
Mobile IP tunnels between the PDSN/FA and HA.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HA Overview
▀ Network Deployment Configurations
PDN Interfaces
PDN interface provide connectivity between the PDSN and/or HA to packet data networks such as the Internet or a
corporate intranet.
AAA Interfaces
Using the LAN ports located on the Switch Processor I/O (SPIO) and Ethernet line cards, these interfaces carry AAA
messages to and from RADIUS accounting and authentication servers. The SPIO supports RADIUS-capable
management interfaces using either copper or fiber Ethernet connectivity through two auto-sensing 10/100/1000 Mbps
Ethernet interfaces or two SFP optical gigabit Ethernet interfaces. User-based RADIUS messaging is transported using
the Ethernet line cards.
While most carriers will configure separate AAA interfaces to allow for out-of-band RADIUS messaging for system
administrative users and other operations personnel, it is possible to use a single AAA interface hosted on the Ethernet
line cards to support a single RADIUS server that supports both management users and network users.
Important: Subscriber AAA interfaces should always be configured using Ethernet line card interfaces for the
highest performance. The local context should not be used for service subscriber AAA functions.
Co-Located Deployments
An advantage of the system is its ability to support both high-density HA and PDSN/FA configurations within the same
chassis. The economies of scale presented in this configuration example provide for both improved session handling and
reduced cost in deploying a CDMA2000 data network.
The following figure depicts a sample co-located deployment.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HA Overview
Network Deployment Configurations ▀
Figure 119. Co-located PDSN/FA and HA Configuration Example.
It should be noted that all interfaces defined within the 3GPP2 standards for 1x deployments exist in this configuration
as they are described in the two previous sections. This configuration can support communications to external, or
standalone, HAs and/or PDSNs/FAs using all prescribed standards.
Mobile IP Tunneling Methods
Tunneling by itself is a technology that enables one network to send its data via another network's connections.
Tunneling works by encapsulating a network protocol within a packet, carried by the second network. Tunneling is also
called encapsulation. Service providers typically use tunneling for two purposes; first, to transport otherwise un-routable
packets across the IP network and second, to provide data separation for Virtual Private Networking (VPN) services. In
Mobile IP, tunnels are used to transport data packets between the FA and HA.
The system supports the following tunneling protocols, as defined in the IS-835-A specification and the relevant
Request For Comments (RFCs) for Mobile IP:
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HA Overview
▀ Network Deployment Configurations
IP in IP tunnels
IP in IP tunnels basically encapsulate one IP packet within another using a simple encapsulation technique. To
encapsulate an IP datagram using IP in IP encapsulation, an outer IP header is inserted before the datagram's existing IP
header. Between them are other headers for the path, such as security headers specific to the tunnel configuration. Each
header chains to the next using IP Protocol values. The outer IP header Source and Destination identify the ―endpoints‖
of the tunnel. The inner IP header Source and Destination identify the original sender and recipient of the datagram,
while the inner IP header is not changed by the encapsulator, except to decrement the TTL, and remains unchanged
during its delivery to the tunnel exit point. No change to IP options in the inner header occurs during delivery of the
encapsulated datagram through the tunnel. If needed, other protocol headers such as the IP Authentication header may
be inserted between the outer IP header and the inner IP header.
The Mobile IP working group has specified the use of encapsulation as a way to deliver datagrams from an MN's HA to
an FA, and conversely from an FA to an HA, that can deliver the data locally to the MN at its current location.
GRE tunnels
The Generic Routing Encapsulation (GRE) protocol performs encapsulation of IP packets for transport across disparate
networks. One advantage of GRE over earlier tunneling protocols is that any transport protocol can be encapsulated in
GRE. GRE is a simple, low overhead approach—the GRE protocol itself can be expressed in as few as eight octets as
there is no authentication or tunnel configuration parameter negotiation. GRE is also known as IP Protocol 47.
Important: The chassis simultaneously supports GRE protocols with key in accordance with RFC-1701/RFC2784 and ―Legacy‖ GRE protocols without key in accordance to RFC-2002.
Another advantage of GRE tunneling over IP-in-IP tunneling is that GRE tunneling can be used even when conflicting
addresses are in use across multiple contexts (for the tunneled data).
Communications between the FA and HA can be done in either the forward or reverse direction using the above
protocols. Additionally, another method of routing information between the FA and various content servers used by the
HA exists. This method is called Triangular Routing. Each of these methods is explained below.
Forward Tunneling
In the wireless IP world, forward tunneling is a tunnel that transports packets from the packet data network towards the
MN. It starts at the HA and ends at the MN's care-of address. Tunnels can be as simple as IP-in-IP tunnels, GRE
tunnels, or even IP Security (IPSec) tunnels with encryption. These tunnels can be started automatically, and are
selected based on the subscriber's user profile.
Reverse Tunneling
A reverse tunnel starts at the MN's care-of address, which is the FA, and terminates at the HA.
When an MN arrives at a foreign network, it listens for agent advertisements and selects an FA that supports reverse
tunnels. The MN requests this service when it registers through the selected FA. At this time, the MN may also specify a
delivery technique such as Direct or the Encapsulating Delivery Style.
Using the Direct Delivery Style, which is the default mode for the system, the MN designates the FA as its default
router and sends packets directly to the FA without encapsulation. The FA intercepts them, and tunnels them to the HA.
Using the Encapsulating Delivery Style, the MN encapsulates all its outgoing packets to the FA. The FA then deencapsulates and re-tunnels them to the HA, using the FA's care-of address as the entry-point for this new tunnel.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HA Overview
Network Deployment Configurations ▀
Following are some of the advantages of reverse tunneling:
All datagrams from the mobile node seem to originate from its home network
The FA can keep track of the HA that the mobile node is registered to and tunnel all datagrams from the mobile
node to its HA
Triangular Routing
Triangular routing is the path followed by a packet from the MN to the Correspondent Node (CN) via the FA. In this
routing scenario, the HA receives all the packets destined to the MN from the CN and redirects them to the MN's careof-address by forward tunneling. In this case, the MN sends packets to the FA, which are transported using conventional
IP routing methods.
A key advantage of triangular routing is that reverse tunneling is not required, eliminating the need to encapsulate and
de-capsulate packets a second time during a Mobile IP session since only a forward tunnel exists between the HA and
PDSN/FA.
A disadvantage of using triangular routing is that the HA is unaware of all user traffic for billing purposes. Also, both
the HA and FA are required to be connected to a private network. This can be especially troublesome in large networks,
serving numerous enterprise customers, as each FA would have to be connected to each private network.
The following figure shows an example of how triangular routing is performed.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HA Overview
▀ Network Deployment Configurations
Figure 120. Mobile IP, FA and HA Tunneling/Transport Methods.
How Mobile IP Works
As described earlier, Mobile IP uses three basic communications protocols; PPP, IP, and Tunneled IP in the form of IPin-IP or GRE tunnels. The following figure depicts where each of these protocols are used in a basic Mobile IP call.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HA Overview
Network Deployment Configurations ▀
Figure 121.
Mobile IP Protocol Usage.
As depicted above, PPP is used to establish a communications session between the MN and the FA. Once a PPP session
is established, the MN can communicate with the HA, using the FA as a mediator or broker. Data transport between the
FA and HA use tunneled IP, either IP-in-IP or GRE tunneling. Communication between the HA and End Host can be
achieved using the Internet or a private IP network and can use any IP protocol.
The following figure provides a high-level view of the steps required to make a Mobile IP call that is initiated by the
MN to a HA. The following table explains each step in detail. Users should keep in mind that steps in the call flow
related to the Radio Access Node (RAN) functions are intended to show a high-level overview of radio communications
iterations, and as such are outside the scope of packet-based communications presented here.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HA Overview
▀ Network Deployment Configurations
Figure 122. Mobile IP Call Flow
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HA Overview
Network Deployment Configurations ▀
Table 69.
Mobile IP Call Flow Description
Step
Description
1
Mobile Node (MN) secures a traffic channel over the airlink with the RAN through the BSC/PCF.
2
The PCF and PDSN establish the R-P interface for the session.
3
The PDSN and MN negotiate Link Control Protocol (LCP).
4
The PDSN and MN negotiate the Internet Protocol Control Protocol (IPCP).
5
The PDSN/FA sends an Agent Advertisement to the MN.
6
The MN sends a Mobile IP Registration Request to the PDSN/FA.
7
The PDSN/FA sends an Access Request message to the visitor AAA server.
8
The visitor AAA server proxies the request to the appropriate home AAA server.
9
The home AAA server sends an Access Accept message to the visitor AAA server.
10
The visitor AAA server forwards the response to the PDSN/FA.
11
Upon receipt of the response, the PDSN/FA forwards a Mobile IP Registration Request to the appropriate HA.
12
The HA sends an Access Request message to the home AAA server to authenticate the MN/subscriber.
13
The home AAA server returns an Access Accept message to the HA.
14
Upon receiving response from home AAA, the HA sends a reply to the PDSN/FA establishing a forward tunnel. Note that
the reply includes a Home Address (an IP address) for the MN.
15
The PDSN/FA sends an Accounting Start message to the visitor AAA server. The visitor AAA server proxies messages to
the home AAA server as needed.
16
The PDSN return a Mobile IP Registration Reply to the MN establishing the session allowing the MN to send/receive data
to/from the PDN.
17
Upon session completion, the MN sends a Registration Request message to the PDSN/FA with a requested lifetime of 0.
18
The PDSN/FA forwards the request to the HA.
19
The HA sends a Registration Reply to the PDSN/FA accepting the request.
20
The PDSN/FA forwards the response to the MN.
21
The MN and PDSN/FA negotiate the termination of LCP effectively ending the PPP session.
22
The PCF and PDSN/FA close terminate the R-P session.
23
The HA sends an Accounting Stop message to the home AAA server.
24
The PDSN/FA sends an Accounting Stop message to the visitor AAA server.
25
The visitor AAA server proxies the accounting data to the home AAA server.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HA Overview
▀ Understanding Mobile IP
Understanding Mobile IP
Mobile IP provides a network-layer solution that allows Mobile Nodes (MNs, i.e. mobile phones, wireless PDAs, and
other mobile devices) to receive routed IP packets from their home network while they are connected to any visitor
network using their permanent or home IP address. Mobile IP allows mobility in a dynamic method that allows nodes to
maintain ongoing communications while changing links as the user traverses the global Internet from various locations
outside their home network.
In Mobile IP, the Mobile Node (MN) receives an IP address, either static or dynamic, called the ―home address‖
assigned by its Home Agent (HA). A distinct advantage with Mobile IP is that MNs can hand off between different
radio networks that are served by different PDSNs.
In this scenario, the Network Access Function (such as a PDSN) in the visitor network performs as a Foreign Agent
(FA), establishing a virtual session with the MN's HA. Each time the MN registers with a different PDSN/FA, the FA
assigns the MN a care-of-address. Packets are then encapsulated into IP tunnels and transported between FA, HA, and
the MN.
Session Continuity Support for 3GPP2 and WiMAX Handoffs
HA provides this feature for seamless session mobility for WiMAX subscriber and other access technology subscribers
as well. By implementation of this feature HA can be configured for:
3GPP2 HA Service
3GPP HA Service
WiMAX HA Service
Combination of 3GPP2 and WiMAX HA Services for Dual mode device
The above configurations provide the session continuity capability that enables a dual mode device (a multi radio
device) to continue its active data session as it changes its active network attachment from 3GPP2 to Wimax and vice
versa with no perceived user impacts from a user experience perspective. This capability brings the following benefits:
common billing and customer care
accessing home 3GPP2 service through Wimax network and vice versa
better user experience with seamless session continuity
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Chapter 13
HRPD Serving Gateway Overview
The ASR 5000 provides wireless carriers with a flexible solution that functions as an HRPD Serving Gateway (HSGW)
in 3GPP2 evolved High Rate Packet Data (eHRPD) wireless data networks.
This overview provides general information about the HSGW including:
eHRPD Network Summary
Product Description
Product Specifications
Network Deployment(s)
Features and Functionality - Base Software
Features and Functionality - External Application Support
Features and Functionality - Optional Enhanced Feature Software
CallSession Procedure Flows
Supported Standards
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ eHRPD Network Summary
eHRPD Network Summary
In a High Rate Packet Data (HRPD) network, the method of mobility is performed using client-based mobile IPv6 or
Client Mobile IPv6 (CMIPv6). This involves the mobile node with an IPv6 stack maintaining a binding between its
home address and its care-of address. The mobile node must also send mobility management signaling messages to a
home agent.
The primary difference in an evolved HRPD (eHRPD) network is the use of network mobility (via proxy) allowing the
network to perform mobility management, instead of the mobile node. This form of mobility is known as Proxy Mobile
IPv6 (PMIPv6).
The eHRPD network‘s main function is to provide interworking of the mobile node with the Evolved Packet System
(EPS). The EPS is a 3GPP Enhanced UMTS Terrestrial Radio Access Network/Evolved Packet Core (E-UTRAN/EPC).
The E-UTRAN/EPC is the core data network of the 4G System Architecture Evolution (SAE) network supporting the
Long Term Evolution Radio Access Network (LTE RAN).
The following figure shows the physical relationship of the eHRPD network with the E-UTRAN/EPC.
E-UTRAN
EPC
HSS
MME
PCRF
S-GW
P-GW
3GPP AAA
eNodeB
eHRPD
eAN/ePCF
HSGW
Enterprise
Internet
The primary functions of the eHRPD network are:
Connectivity to LTE core (EPC)
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
eHRPD Network Summary ▀
Support for multiple PDN connections
Leverage existing CDMA infrastructure
Migration path to LTE
Minimal changes to RAN infrastructure
Support handoffs between LTE RAN(E-UTRAN) and eHRPD
eHRPD Network Components
The eHRPD network is comprised of the following components:
Evolved Access Network (eAN)
The eAN is a logical entity in the radio access network used for radio communications with an access terminal (mobile
device). The eAN is equivalent to a base station in 1x systems. The eAN supports operations for EPS – eHRPD RAN in
addition to legacy access network capabilities.
Evolved Packet Control Function (ePCF)
The EPCF is an entity in the radio access network that manages the relay of packets between the eAN and the HSGW.
The ePCF supports operations for the EPS – eHRPD RAN in addition to legacy packet control functions.
The ePCF supports the following:
Main service connection over SO59
Uses PDN-MUX and allows multiplexing data belonging to multiple PDNs
Signaling over Main A10
LCP messages for PPP link establishment
EAP messages used for authentication
VSNCP messages for establishment of PDNs
VSNP for establishment of EPS bearers and QoS mappings (RSVP)
HRPD Serving Gateway (HSGW)
The HSGW is the entity that terminates the HRPD access network interface from the eAN/PCF. The HSGW
functionality provides interworking of the AT with the 3GPP EPS architecture and protocols specified in 23.402
(mobility, policy control (PCC), and roaming). The HSGW supports efficient (seamless) inter-technology mobility
between LTE and HRPD with the following requirements:
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ eHRPD Network Summary
Sub 300ms bearer interruption
Inter-technology handoff between 3GPP E-UTRAN and HRPD
Intra-technology handoff between an HSGW and an existing PDSN
Support for inter-HSGW fast handoff via PMIPv6 Binding Update
E-UTRAN EPC Network Components
The E-UTRAN EPC network is comprised of the following components:
eNodeB
The eNodeB (eNB) is the LTE base station and is one of two nodes in the SAE Architecture user plane (the other is the
S-GW). The eNB communicates with other eNBs via the X2 interface. The eNB communicates with the EPC via the S1
interface. The user plane interface is the S1-U connection to S-GW. The signaling plane interface is the S1-MME
connection to MME.
Basic functions supported include:
Radio resource management, radio bearer control, and scheduling
IP header compression and encryption of user data stream
Selection of MME at UE attachment (if not determined by information sent from the UE)
Scheduling and transmission of paging messages (originated from the MME)
Scheduling and transmission of broadcast information (originated from the MME or OA&M)
Measurement & measurement reporting configuration for mobility and scheduling
Mobility Management Entity (MME)
The MME is the key control-node for the LTE access-network. The MME provides the following basic functions:
NAS
signalling
signalling security
UE access in ECM-IDLE state (including control and execution of paging retransmission)
Tracking Area (TA) list management
PGW and SGW selection
MME selection for handovers with MME change
SGSN selection for handovers to 2G or 3G 3GPP access networks
Terminates interface to HSS (S6a)
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
eHRPD Network Summary ▀
Authentication
Bearer management functions including dedicated bearer establishment
HRPD access node (terminating S101 reference point) selection for handovers to HRPD
Transparent transfer of HRPD signalling messages and transfer of status information between E-UTRAN and
HRPD access, as specified in the pre-registration and handover flows
Serving Gateway (S-GW)
For each UE associated with the EPS, there is a single S-GW at any given time providing the following basic functions:
Terminates the interface towards E-UTRAN (S1-U)
Functions (for both the GTP-based and the PMIP-based S5/S8) include:
local mobility anchor point for inter-eNodeB handover
mobility anchoring for inter-3GPP mobility (terminating S4 and relaying the traffic between 2G/3G
system and P-GW)
ECM-IDLE mode downlink packet buffering and initiation of network triggered service request
procedure
lawful intercept
packet routing and forwarding
transport level packet marking in the uplink and the downlink (e.g. setting the DiffServ Code Point)
Accounting
Handling of Router Solicitation and Router Advertisement messages if PMIP based S5 and S8 are used
MAG for PMIP based S5 and S8
PDN Gateway (P-GW)
For each UE associated with the EPS, there is at least one P-GW providing access to the requested PDN. If a UE is
accessing multiple PDNs, there may be more than one P-GW for that UE. The P-GW provides the following basic
functions:
Terminates the interface towards the PDN (SGi)
PGW functions (for both the GTP-based and the PMIP-based S5/S8) include:
per-user packet filtering (e.g. deep packet inspection)
lawful intercept
UE IP address allocation
UL and DL service level charging, gating control, and service level rate enforcement
DL rate enforcement based on AMBR (Aggregate Max Bit Rate) and based on the accumulated MBRs
of the aggregate of SDFs with the same GBR QCI
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ eHRPD Network Summary
DHCPv4 and DHCPv6 functions (client, relay and server)
LMA for PMIP6
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
Product Description ▀
Product Description
The HSGW terminates the eHRPD access network interface from the Evolved Access Network/Evolved Packet Core
Function (eAN/ePCF) and routes UE-originated or terminated packet data traffic. It provides interworking with the
eAN/ePCF and the PDN Gateway (P-GW) within the Evolved Packet Core (EPC) or LTE/SAE core network and
performs the following functions:
Mobility anchoring for inter-eAN handoffs
Transport level packet marking in the uplink and the downlink, e.g., setting the DiffServ Code Point, based on
the QCI of the associated EPS bearer
Uplink and downlink charging per UE, PDN, and QCI
Downlink bearer binding based on policy information
Uplink bearer binding verification with packet dropping of UL traffic that does not comply with established
uplink policy
MAG functions for S2a mobility (i.e., Network-based mobility based on PMIPv6)
Support for IPv4 and IPv6 address assignment
EAP Authenticator function
Policy enforcement functions defined for the Gxa interface
Robust Header Compression (RoHC)
Support for VSNCP and VSNP with UE
Support for packet-based or HDLC-like framing on auxiliary connections
IPv6 SLACC support, generating RAs responding to RSs
An HSGW also establishes, maintains and terminates link layer sessions to UEs. The HSGW functionality provides
interworking of the UE with the 3GPP EPS architecture and protocols. This includes support for mobility, policy control
and charging (PCC), access authentication, and roaming. The HSGW also manages inter-HSGW handoffs.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ Product Description
Figure 123. eHRPD Basic Network Topology
HSS
MME
S6a
PCRF
OFCS
SWx
3GPP
AAA
Gxc
Rf
S11
Gx
S-GW
P-GW
S1-MME
S6b
S5/S8
eNodeB
S1-U
Gy
Rf
S101
OCS
S103
S2a
eHRPD
Gxa
SGi
STa
HSGW
eAN/ePCF
A10/A11
Enterprise
Internet
Basic Features
Authentication
The HSGW supports the following authentication features:
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
Product Description ▀
EAP over PPP
UE and HSGW negotiates EAP as the authentication protocol during LCP
HSGW is the EAP authenticator
EAP-AKA‘ (trusted non-3GPP access procedure) as specified in TS 33.402
EAP is performed between UE and 3GPP AAA over PPP/STa
For more information on authentication features, refer to the Network Access and Charging Management Features
section in this overview.
IP Address Allocation
The HSGW supports the following IP address allocation features:
Support for IPv4 and IPv6 addressing
Types of PDNs - IPv4, IPv6 or IPv4v6
IPv6 addressing
Interface Identifier assigned during initial attach and used by UE to generate it‘s link local address
HSGW sends the assigned /64 bit prefix in RA to the UE
Configure the 128-bits IPv6 address using IPv6 SLAAC (RFC 4862)
Optional IPv6 parameter configuration via stateless DHCPv6(Not supported)
IPv4 address
IPv4 address allocation during attach
Deferred address allocation using DHCPv4(Not supported)
Option IPv4 parameter configuration via stateless DHCPv4(Not supported)
Quality of Service
The HSGW supports the following QoS features:
HRPD Profile ID to QCI Mapping
DSCP Marking
UE Initiated Dedicated Bearer Resource Establishment
QCI to DSCP Mapping
For more information on QoS features, refer to the Quality of Service Management Features section in this overview.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ Product Description
AAA, Policy and Charging
The HSGW supports the following AAA, policy and charging features:
EAP Authentication (STa)
Rf Diameter Accounting
AAA Server Groups
Dynamic Policy and Charging: Gxa Reference Interface
Intelligent Traffic Control
For more information on policy and charging features, refer to the Network Access and Charging Management Features
section in this overview.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
Product Specifications ▀
Product Specifications
The following information is located in this section:
Licenses
Hardware Requirements
Operating System Requirements
Licenses
The HSGW is a licensed product. A session use license key must be acquired and installed to use the HSGW service.
The following licenses are available for this product:
HSGW Software License, 10k Sessions - 600-00-7641
HSGW Software License, 1k Sessions - 600-00-7650
Hardware Requirements
Information in this section describes the hardware required to enable HSGW services.
Platforms
The HSGW service operates on the ASR 5000 platform.
Components
The following application and line cards are required to support HSGW functionality on an ASR 5000:
System Management Cards (SMCs): Provides full system control and management of all cards within the
chassis. Up to two SMCs can be installed; one active, one redundant.
Packet Services Cards (PSCs): The PSCs provide high-speed, multi-threaded PDP context processing
capabilities for HSGW services. Up to 14 PSCs can be installed, allowing for multiple active and/or redundant
cards.
Switch Processor Input/Outputs (SPIOs): Installed in the upper-rear chassis slots directly behind the SMCs,
SPIOs provide connectivity for local and remote management, central office (CO) alarms. Up to two SPIOs
can be installed; one active, one redundant.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ Product Specifications
Line Cards: Installed directly behind PSCs, these cards provide the physical interfaces to elements in the
eHRPD data network. Up to 26 line cards can be installed for a fully loaded system with 13 active PSCs, 13 in
the upper-rear slots and 13 in the lower-rear slots for redundancy. Redundant PSCs do not require line cards.
Ethernet 10/100 and/or Ethernet 1000 line cards for IP connections to the HSGW or other network
elements.
Redundancy Crossbar Cards (RCCs): Installed in the lower-rear chassis slots directly behind the SPCs/SMCs,
RCCs utilize 5 Gbps serial links to ensure connectivity between Ethernet 10/100 or Ethernet 1000 line cards
and every PSC in the system for redundancy. Two RCCs can be installed to provide redundancy for all line
cards and PSCs.
Important: Additional information pertaining to each of the application and line cards required to support
LTE/SAE services is located in the Hardware Platform Overview chapter of the Product Overview Guide.
Operating System Requirements
The HSGW is available for all Cisco Systems ASR 5000 platforms running StarOS Release 9.0 or later.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
Network Deployment(s) ▀
Network Deployment(s)
This section describes the supported interfaces and the deployment scenario of an HSGW in an eHRPD network.
HRPD Serving Gateway in an eHRPD Network
The following figure displays a simplified network view of the HSGW in an eHRPD network and how it interconnects
with a 3GPP Evolved-UTRAN/Evolved Packet Core network. The interfaces shown in the following graphic are
standards-based and are presented for informational purposes only. For information on interfaces supported by Cisco
Sytems‘ HSGW, refer to the next section, .
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ Network Deployment(s)
Figure 124. HSGW in an eHRPD Network Architecture
E-UTRAN
EPC
HSS
MME
S6a
PCRF
Signaling Interface
OFCS
SWx
Bearer Interface
3GPP
AAA
Gxc
Rf
S11
Gx
S-GW
P-GW
S1-MME
S6b
S5/S8
eNodeB
S1-U
Gy
Rf
S101
OCS
S103
S2a
eHRPD
Gxa
SGi
STa
HSGW
eAN/ePCF
A10/A11
Enterprise
Internet
Supported Logical Network Interfaces (Reference Points)
The HSGW supports many of the standards-based logical network interfaces or reference points. The graphic below and
following text define the supported interfaces. Basic protocol stacks are also included.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
Network Deployment(s) ▀
Figure 125. HSGW Supported Network Interfaces
P-GW
OFCS
PCRF
Signaling Interface
Bearer Interface
Rf
S2a
eHRPD
Gxa
3GPP
AAA
HSGW
eAN/ePCF
A10/A11
STa
In support of both mobile and network originated subscriber PDP contexts, the HSGW provides the following network
interfaces:
A10/A11
This interface exists between the Evolved Access Network/Evolved Packet Control
Function (eAN/ePCF) and the HSGW and implements the A10 (signaling) and A11 (bearer) protocols defined in
3GPP2 specifications.
eAN/ePCF
A10/A11
HSGW
A10
A10
L1/L2
L1/L2
S2a Interface
This reference point supports the bearer interface by providing signaling and mobility support between a trusted non3GPP access point (HSGW) and the PDN Gateway. It is based on Proxy Mobile IP but also supports Client Mobile IPv4
FA mode which allows connectivity to trusted non-3GPP IP access points that do not support PMIP.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ Network Deployment(s)
Transport Layer: UDP, TCP
Tunneling: GRE
Network Layer: IPv4, IPv6
Data Link Layer: ARP
Physical Layer: Ethernet
HSGW
(MAG)
P-GW
(LMA)
S2a
Transport
Transport
IPv4/IPv6
IPv4/IPv6
GRE
GRE
UDP
UDP
IPv4/IPv6
IPv4/IPv6
L1/L2
L1/L2
STa Interface
This signaling interface supports Diameter transactions between a 3GPP2 AAA proxy and a 3GPP AAA server. This
interface is used for UE authentication and authorization.
Transport Layer: TCP, SCTP
Network Layer: IPv4, IPv6
Data Link Layer: ARP
Physical Layer: Ethernet
HSGW
STa
3GPP AAA
Diameter
Diameter
TCP / SCTP
TCP / SCTP
IPv4 / IPv6
IPv4 / IPv6
L1/L2
L1/L2
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
Network Deployment(s) ▀
Gxa Interface
This signalling interface supports the transfer of policy control information (QoS) between the HSGW (BBERF) and a
PCRF.
Transport Layer: TCP, SCTP
Network Layer: IPv4, IPv6
Data Link Layer: ARP
Physical Layer: Ethernet
HSGW
Gxa
PCRF
Diameter
Diameter
TCP / SCTP
TCP / SCTP
IPv4 / IPv6
IPv4 / IPv6
L1/L2
L1/L2
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ Features and Functionality - Base Software
Features and Functionality - Base Software
This section describes the features and functions supported by default in the base software for the HSGW service and do
not require any additional licenses to implement the functionality.
Important: To configure the basic service and functionality on the system for the HSGW service, refer to the
configuration examples provided in the HSGW Administration Guide.
The following features are supported and described in this section:
Subscriber Session Management Features
Quality of Service Management Features
Network Access and Charging Management Features
Network Operation Management Functions
System Management Features
Subscriber Session Management Features
This section describes the following features:
Proxy Mobile IPv6 (S2a)
Mobile IP Registration Revocation
Session Recovery Support
Non-Optimized Inter-HSGW Session Handover
Proxy Mobile IPv6 (S2a)
Provides a mobility management protocol to enable a single LTE-EPC core network to provide the call anchor point for
user sessions as the subscriber roams between native EUTRAN and non-native e-HRPD access networks
S2a represents the trusted non-3GPP interface between the LTE-EPC core network and the evolved HRPD network
anchored on the HSGW. In the e-HRPD network, network-based mobility provides mobility for IPv6 nodes without
host involvement. Proxy Mobile IPv6 extends Mobile IPv6 signaling messages and reuses the HA function (now known
as LMA) on PDN Gateway. This approach does not require the mobile node to be involved in the exchange of signaling
messages between itself and the Home Agent. A proxy mobility agent (Eg MAG function on HSGW) in the network
performs the signaling with the home agent and does the mobility management on behalf of the mobile node attached to
the network
The S2a interface uses IPv6 for both control and data. During the PDN connection establishment procedures the PDN
Gateway allocates the IPv6 Home Network Prefix (HNP) via Proxy Mobile IPv6 signaling to the HSGW. The HSGW
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
Features and Functionality - Base Software ▀
returns the HNP in router advertisement or based on a router solicitation request from the UE. PDN connection release
events can be triggered by either the UE, the HSGW or the PGW.
In Proxy Mobile IPv6 applications the HSGW (MAG function) and PDN GW (LMA function) maintain a single shared
tunnel and separate GRE keys are allocated in the PMIP Binding Update and Acknowledgement messages to distinguish
between individual subscriber sessions. If the Proxy Mobile IP signaling contains Protocol Configuration Options
(PCO's) it can also be used to transfer P-CSCF or DNS server addresses
Mobile IP Registration Revocation
Mobile IP registration revocation functionality provides the following benefits:
Timely release of Mobile IP resources at the HSGW and/or P-GW
Accurate accounting
Timely notification to mobile node of change in service
Registration Revocation is a general mechanism whereby either the P-GW or the HSGW providing Mobile IP
functionality to the same mobile node can notify the other mobility agent of the termination of a binding. Mobile IP
Registration Revocation can be triggered at the HSGW by any of the following:
Session terminated with mobile node for whatever reason
Session renegotiation
Administrative clearing of calls
Session Manager software task outage resulting in the loss of HSGW sessions (sessions that could not be
recovered)
Important: Registration Revocation functionality is also supported for Proxy Mobile IP. However, only the PGW can initiate the revocation for Proxy-MIP calls. For more information on MIP registration revocation support, refer
to the Mobile IP Registration Revocation chapter in the System Enhanced Feature Configuration Guide.
Session Recovery Support
The Session Recovery feature provides seamless failover and reconstruction of subscriber session information in the
event of a hardware or software fault within the system preventing a fully connected user session from being
disconnected.
This feature is also useful for Software Patch Upgrade activities. If session recovery feature is enabled during the
software patch upgrading, it helps to permit preservation of existing sessions on the active PSC during the upgrade
process.
Session recovery is performed by mirroring key software processes (e.g. session manager and AAA manager) within the
system. These mirrored processes remain in an idle state (in standby-mode), wherein they perform no processing, until
they may be needed in the case of a software failure (e.g. a session manager task aborts). The system spawns new
instances of ―standby mode‖ session and AAA managers for each active control processor (CP) being used.
Additionally, other key system-level software tasks, such as VPN manager, are performed on a physically separate
Packet Service Card (PSC) to ensure that a double software fault (e.g. session manager and VPN manager fails at same
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ Features and Functionality - Base Software
time on same card) cannot occur. The PSC used to host the VPN manager process is in active mode and is reserved by
the operating system for this sole use when session recovery is enabled.
The additional hardware resources required for session recovery include a standby system processor card (SPC) and a
standby PSC.
There are two modes for Session Recovery.
Task recovery mode: Wherein one or more session manager failures occur and are recovered without the need
to use resources on a standby PSC. In this mode, recovery is performed by using the mirrored ―standby-mode‖
session manager task(s) running on active PSCs. The ―standby-mode‖ task is renamed, made active, and is then
populated using information from other tasks such as AAA manager.
Full PSC recovery mode: Used when a PSC hardware failure occurs, or when a PSC migration failure happens.
In this mode, the standby PSC is made active and the ―standby-mode‖ session manager and AAA manager
tasks on the newly activated PSC perform session recovery.
Session/Call state information is saved in the peer AAA manager task because each AAA manager and session manager
task is paired together. These pairs are started on physically different PSCs to ensure task recovery.
Important: For more information on session recovery support, refer to the Session Recovery chapter in the
System Enhanced Feature Configuration Guide.
Non-Optimized Inter-HSGW Session Handover
Enables non-optimized roaming between two eHRPD access networks that lack a relationship of trust and when there
are no SLA's in place for low latency hand-offs.
Inter-HSGW hand-overs without context transfers are designed for cases in which the user roams between two eHRPD
networks where no established trust relationship exists between the serving and target operator networks. Additionally
no H1/H2 optimized hand-over interface exists between the two networks and the Target HSGW requires the UE to
perform new PPP LCP and attach procedures. Prior to the hand-off the UE has a complete data path with the remote
host and can send and receive packets via the eHRPD access network and HSGW & PGW in the EPC core.
The UE eventually transitions between the Serving and Target access networks in active or dormant mode as identified
via A16 or A13 signaling. The Target HSGW receives an A11 Registration Request with VSNCP set to ―Hand-Off‖.
The request includes the IP address of the Serving HSGW, the MSID of the UE and information concerning existing
A10 connections. Since the Target HSGW lacks an authentication context for the UE, it sends the LCP config-request to
trigger LCP negotiation and new EAP-AKA procedures via the STa reference interface. After EAP success, the UE
sends its VSNCP Configure Request with Attach Type equal to ―Hand-off‖. It also sets the IP address to the previously
assigned address in the PDN Address Option. The HSGW initiates PMIPv6 binding update signaling via the S2a
interface to the PGW and the PGW responds by sending a PMIPv6 Binding Revocation Indication to the Serving
HSGW.
Quality of Service Management Features
This section describes the following features:
DSCP Marking
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
Features and Functionality - Base Software ▀
UE Initiated Dedicated Bearer Resource Establishment
DSCP Marking
Provides support for more granular configuration of DSCP marking.
For Interactive Traffic class, the HSGW supports per-HSGW service and per-APN configurable DSCP marking for
Uplink and Downlink direction based on Allocation/Retention Priority in addition to the current priorities.
The following matrix may be used to determine the Diffserv markings used based on the configured traffic class and
Allocation/Retention Priority:
Table 70.
Default DSCP Value Matrix
Allocation Priority
1
2
3
1
ef
ef
ef
2
af21
af21
af21
3
af21
af21
af21
Traffic Handling Priority
UE Initiated Dedicated Bearer Resource Establishment
Enables a real-time procedure as applications are started, for the Access Terminal to request the appropriate end-to-end
QoS and service treatment to satisfy the expected quality of user experience.
Existing HRPD applications use UE/AT initiated bearer setup procedures. As a migration step toward the EUTRANbased LTE-SAE network model, the e-HRPD architecture has been designed to support two approaches to resource
allocation that include network initiated and UE initiated dedicated bearer establishment. In the StarOS 9.0 release, the
HSGW will support only UE initiated bearer creation with negotiated QoS and flow mapping procedures.
After the initial establishment of the e-HRPD radio connection, the UE/AT uses the A11' signaling to establish the
default PDN connection with the HSGW. As in the existing EV-DO Rev A network, the UE uses RSVP setup
procedures to trigger bearer resource allocation for each additional dedicated EPC bearer. The UE includes the PDN-ID,
ProfileID, UL/DL TFT, and ReqID in the reservation.
Each Traffic Flow Template (referred to as Service Data Flow Template in the LTE terminology) consists of an
aggregate of one or more packet filters. Each dedicated bearer can contain multiple IP data flows that utilize a common
QoS scheduling treatment and reservation priority. If different scheduling classes are needed to optimize the quality of
user experience for any service data flows, it is best to provision additional dedicated bearers. The UE maps each TFT
packet filter to a Reservation Label/FlowID. The UE sends the TFT to the HSGW to bind the DL SDF IP flows to a
FlowID that is in turn mapped to an A10 tunnel toward the RAN. The HSGW uses the RSVP signaling as an event
trigger to request Policy Charging and Control (PCC) rules from the PCRF. The HSGW maps the provisioned QoS PCC
rules and authorized QCI service class to ProfileID's in the RSVP response to the UE. At the final stage the UE
establishes the auxiliary RLP and A10' connection to the HSGW. Once that is accomplished traffic can begin flowing
across the dedicated bearer.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ Features and Functionality - Base Software
Network Access and Charging Management Features
This section describes the following features:
EAP Authentication (STa)
Rf Diameter Accounting
AAA Server Groups
Dynamic Policy and Charging: Gxa Reference Interface
Intelligent Traffic Control
EAP Authentication (STa)
Enables secure user and device level authentication with a 3GPP AAA server or via 3GPP2 AAA proxy and the
authenticator in the HSGW.
In an evolved HRPD access network, the HSGW uses the Diameter based STa interface to authenticate subscriber
traffic with the 3GPP AAA server. Following completion of the PPP LCP procedures between the UE and HSGW, the
HSGW selects EAP-AKA as the method for authenticating the subscriber session. EAP-AKA uses symmetric
cryptography and pre-shared keys to derive the security keys between the UE and EAP server. EAP-AKA user identity
information (Eg NAI=IMSI) is conveyed over EAP-PPP between the UE and HSGW.
The HSGW represents the EAP authenticator and triggers the identity challenge-response signaling between the UE and
back-end 3GPP AAA server. On successful verification of user credentials the 3GPP AAA server obtains the Cipher
Key and Integrity Key from the HSS. It uses these keys to derive the Master Session Keys (MSK) that are returned on
EAP-Success to the HSGW. The HSGW uses the MSK to derive the Pair-wise Mobility Keys (PMK) that are returned
in the Main A10' connection to the e-PCF. The RAN uses these keys to secure traffic transmitted over the wireless
access network to the UE.
After the user credentials are verified by the 3GPP AAA and HSS the HSGW returns the PDN address in the VSNCP
signaling to the UE. In the e-HRPD connection establishment procedures the PDN address is triggered based on
subscription information conveyed over the STa reference interface. Based on the subscription information and
requested PDN-Type signaled by the UE, the HSGW informs the PDN GW of the type of required address (Eg v6 HNP
and/or IPv4 Home Address Option for dual IPv4/v6 PDN's).
Rf Diameter Accounting
Provides the framework for offline charging in a packet switched domain. The gateway support nodes use the Rf
interface to convey session related, bearer related or service specific charging records to the CGF and billing domain for
enabling charging plans.
The Rf reference interface enables offline accounting functions on the HSGW in accordance with 3GPP Release 8
specifications. In an LTE application the same reference interface is also supported on the S-GW and PDN Gateway
platforms. The systems use the Charging Trigger Function (CTF) to transfer offline accounting records via a Diameter
interface to an adjunct Charging Data Function (CDF) / Charging Gateway Function (CGF). The HSGW and Serving
Gateway collect charging information for each mobile subscriber UE pertaining to the radio network usage while the PGW collects charging information for each mobile subscriber related to the external data network usage.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
Features and Functionality - Base Software ▀
The ASR 5000 Charging Trigger Function features dual redundant 140GB RAID hard drives and up to 100GB of
capacity on each drive is reserved for writing charging records (Eg CDRs, UDRs, FDRs) to local file directories with
non-volatile persistent memory. The CTF periodically uses the sFTP protocol to push charging files to the CDF/CGF. It
is also possible for the CDF/CGF to pull offline accounting records at various intervals or times of the day.
The HSGW, SGW and PGW collect information per-user, per IP CAN bearer or per service. Bearer charging is used to
collect charging information related to data volumes sent to and received from the UE and categorized by QoS traffic
class. Users can be identified by MSISDN or IMSI. Flow Data Records (FDR's) are used to correlate application
charging data with EPC bearer usage information. The FDR's contain application level charging information like service
identifiers, rating groups, IMS charging identifiers that can be used to identify the application. The FDR's also contain
the authorized QoS information (QCI) that was assigned to a given flow. This information is used correlate charging
records with EPC bearers.
AAA Server Groups
Value-added feature to enable VPN service provisioning for enterprise or MVNO customers. Enables each corporate
customer to maintain its own AAA servers with its own unique configurable parameters and custom dictionaries.
This feature provides support for up to 800 AAA server groups and 800 NAS IP addresses that can be provisioned
within a single context or across the entire chassis. A total of 128 servers can be assigned to an individual server group.
Up to 1,600 accounting, authentication and/or mediation servers are supported per chassis.
Important: Due to additional memory requirements, this service can only be used with 8GB Packet Service Cards
(PSCs).
Dynamic Policy and Charging: Gxa Reference Interface
Enables network initiated policy based usage controls for such functions as service data flow authorization for EPS
bearers, QCI mapping, modified QoS treatments and per-APN AMBR bandwidth rate enforcement.
As referenced in Figure 1 below, in an e-HRPD application the Gxa reference point is defined to transfer QoS policy
information between the PCRF and Bearer Binding Event Reporting Function (BBERF) on the HSGW. In contrast with
an S5/S8 GTP network model where the sole policy enforcement point resides on the PGW, the S2a model introduces
the additional BBERF function to map EPS bearers to the main and auxiliary A10 connections. Gxa is sometimes
referred to as an off-path signaling interface because no in-band procedure is defined to convey PCC rules via the
PMIPv6 S2a reference interface. Gxa is a Diameter based policy signaling interface.
Gxa signaling is used for bearer binding and reporting of events. It provides control over the user plane traffic handling
and encompasses the following functionalities:
Provisioning, update and removal of QoS rules from PCRF to BBERF.
Bearer binding: Associates Policy Charging and Control (PCC) rules with default or dedicated EPS bearers. For
a service data flow that is under QoS control, the Bearer Binding Function (BBF) within the HSGW ensures
that the service data flow is carried over the bearer with the appropriate QoS service class.
Bearer retention and teardown procedures
Event reporting: Transmission of traffic plane events from BBERF to PCRF.
Service data flow detection for tunneled and un-tunelled service data flows: The HSGW uses service data flow
filters received from the PCRF for service data flow detection.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ Features and Functionality - Base Software
QoS interworking/mapping between 3GPP QoS (QCI, GBR, MBR) and 3GPP2 ProfileID's
Intelligent Traffic Control
Intelligent Traffic Control (ITC) supports customizable policy definitions that enforce and manage service level
agreements for a subscriber profile, thus enabling differentiated levels of services for native and roaming subscribers.
In 3GPP2, service ITC uses a local policy look-up table and permits either static EV-DO Rev 0 or dynamic EV-DO Rev
A policy configuration.
Important: ITC includes the class-map, policy-map and policy-group commands. Currently ITC does not include
an external policy server interface.
ITC provides per-subscriber/per-flow traffic policing to control bandwidth and session quotas. Flow-based traffic
policing enables the configuring and enforcing bandwidth limitations on individual subscribers, which can be enforced
on a per-flow basis on the downlink and the uplink directions.
Flow-based traffic policies are used to support various policy functions like Quality of Service (QoS), and bandwidth,
and admission control. It provides the management facility to allocate network resources based on defined traffic-flow,
QoS, and security policies.
Network Operation Management Functions
This section describes the following features:
A10A11
Multiple PDN Support
PPP VSNCP
Congestion Control
IP Access Control Lists
A10/A11
Provides a lighter weight PPP network control protocol designed to reduce connection set-up latency for delay sensitive
multimedia services. Also provides a mechanism to allow user devices in an evolved HRPD network to request one or
more PDN connections to an external network.
The HRPD Serving Gateway connects the evolved HRPD access network with the Evolved Packet Core (EPC) as a
trusted non-3GPP access network. In an e-HRPD network the A10'/A11' reference interfaces are functionally equivalent
to the comparable HRPD interfaces. They are used for connection and bearer establishment procedures. In contrast to
the conventional client-based mobility in an HRPD network, mobility management in the e-HRPD application is
network based using Proxy Mobile IPv6 call anchoring between the MAG function on HSGW and LMA on PDN GW.
Connections between the UE and HSGW are based on Simple IPv6. A11' signaling carries the IMSI based user identity.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
Features and Functionality - Base Software ▀
The main A10' connection (SO59) carries PPP traffic including EAP-over-PPP for network authentication. The UE
performs LCP negotiation with the HSGW over the main A10' connection. The interface between the e-PCF and HSGW
uses GRE encapsulation for A10's. HDLC framing is used on the Main A10 and SO64 auxiliary A10's while SO67 A10
connections use packet based framing. After successful authentication, the HSGW retrieves the QoS profile from the
3GPP HSS and transfers this information via A11' signaling to the e-PCF.
Multiple PDN Support
Enables an APN-based user experience that enables separate connections to be allocated for different services including
IMS, Internet, walled garden services, or offdeck content services.
The MAG function on the HSGW can maintain multiple PDN or APN connections for the same user session. The MAG
runs a single node level Proxy Mobile IPv6 tunnel for all user sessions toward the LMA function of the PDN GW.
When a user wants to establish multiple PDN connections, the MAG brings up the multiple PDN connections over the
same PMIPv6 session to one or more PDN GW LMA's. The PDN GW in turn allocates separate IP addresses (Home
Network Prefixes) for each PDN connection and each one can run one or multiple EPC default & dedicated bearers. To
request the various PDN connections, the MAG includes a common MN-ID and separate Home Network Prefixes,
APN's and a Handover Indication Value equal to one in the PMIPv6 Binding Updates.
Performance: In the current release, each HSGW maintains a limit of up to 3 PDN connections per user session.
PPP VSNCP
VSNCP offers streamlined PPP signaling with fewer messages to reduce connection set-up latency for VoIP services
(VORA). VSNCP also includes PDN connection request messages for signaling EPC attachments to external networks.
Vendor Specific Network Control Protocol (VSNCP) provides a PPP vendor protocol in accordance with IETF RFC
3772 that is designed for PDN establishment and is used to encapsulate user datagrams sent over the main A10'
connection between the UE and HSGW. The UE uses the VSNCP signaling to request access to a PDN from the
HSGW. It encodes one or more PDN-ID's to create multiple VSNCP instances within a PPP connection. Additionally,
all PDN connection requests include the requested Access Point Name (APN), PDN Type (IPv4, IPv6 or IPv4/v6) and
the PDN address. The UE can also include the Protocol Configuration Options (PCO) in the VSNCP signaling and the
HSGW can encode this attribute with information such as primary/secondary DNS server or P-CSCF addresses in the
Configuration Acknowledgement response message.
Congestion Control
The congestion control feature allows you to set policies and thresholds and specify how the system reacts when faced
with a heavy load condition.
Congestion control monitors the system for conditions that could potentially degrade performance when the system is
under heavy load. Typically, these conditions are temporary (for example, high CPU or memory utilization) and are
quickly resolved. However, continuous or large numbers of these conditions within a specific time interval may have an
impact the system‘s ability to service subscriber sessions. Congestion control helps identify such conditions and invokes
policies for addressing the situation.
Congestion control operation is based on configuring the following:
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ Features and Functionality - Base Software
Congestion Condition Thresholds: Thresholds dictate the conditions for which congestion control is enabled
and establishes limits for defining the state of the system (congested or clear). These thresholds function in a
way similar to operation thresholds that are configured for the system as described in the Thresholding
Configuration Guide. The primary difference is that when congestion thresholds are reached, a service
congestion policy and an SNMP trap, starCongestion, are generated.
A threshold tolerance dictates the percentage under the configured threshold that must be reached in order for
the condition to be cleared. An SNMP trap, starCongestionClear, is then triggered.
Port Utilization Thresholds: If you set a port utilization threshold, when the average utilization of all
ports in the system reaches the specified threshold, congestion control is enabled.
Port-specific Thresholds: If you set port-specific thresholds, when any individual port-specific
threshold is reached, congestion control is enabled system-wide.
Service Congestion Policies: Congestion policies are configurable for each service. These policies dictate how
services respond when the system detects that a congestion condition threshold has been crossed.
Important:
For more information on congestion control, refer to the Congestion Control chapter in this guide.
IP Access Control Lists
IP access control lists allow you to set up rules that control the flow of packets into and out of the system based on a
variety of IP packet parameters.
IP access lists, or access control lists (ACLs) as they are commonly referred to, are used to control the flow of packets
into and out of the system. They are configured on a per-context basis and consist of ―rules‖ (ACL rules) or filters that
control the action taken on packets that match the filter criteria. Once configured, an ACL can be applied to any of the
following:
An individual interface
All traffic facilitated by a context (known as a policy ACL)
An individual subscriber
All subscriber sessions facilitated by a specific context
Important: For more information on IP access control lists, refer to the IP Access Control Lists chapter in the
System Enhanced Feature Configuration Guide.
System Management Features
This section describes following features:
Management System
Bulk Statistics Support
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
Features and Functionality - Base Software ▀
Threshold Crossing Alerts (TCA) Support
ANSI T1.276 Compliance
Management System
The system's management capabilities are designed around the Telecommunications Management Network (TMN)
model for management - focusing on providing superior quality network element (NE) and element management system
(Web Element Manager) functions. The system provides element management applications that can easily be integrated,
using standards-based protocols (CORBA and SNMPv1, v2), into higher-level management systems - giving wireless
operators the ability to integrate the system into their overall network, service, and business management systems. In
addition, all management is performed out-of-band for security and to maintain system performance.
Cisco Systems' O&M module offers comprehensive management capabilities to the operators and enables them to
operate the system more efficiently. There are multiple ways to manage the system either locally or remotely using its
out-of-band management interfaces.
These include:
Using the command line interface (CLI)
Remote login using Telnet, and Secure Shell (SSH) access to CLI through SPIO card's Ethernet management
interfaces
Local login through the Console port on SPIO card using an RS-232 serial connection
Using the Web Element Manager application
Supports communications through 10 Base-T, 100 Base-TX, 1000 Base-TX, or 1000
Base-SX (optical gigabit Ethernet) Ethernet management interfaces on the SPIO
Client-Server model supports any browser (i.e. Microsoft Internet Explorer v5.0 and above or Netscape v4.7 or
above, and others)
Supports Common Object Request Broker Architecture (CORBA) protocol and Simple Network Management
Protocol version 1 (SNMPv1) for fault management
Provides complete Fault, Configuration, Accounting, Performance, and Security (FCAPS) capabilities
Can be easily integrated with higher-level network, service, and business layer applications using the Object
Management Group's (OMG‘s) Interface Definition Language (IDL)
The following figure demonstrates these various element management options and how they can be utilized within the
wireless carrier network.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ Features and Functionality - Base Software
Figure 126. Element Management Methods
Important: P-GW management functionality is enabled by default for console-based access. For GUI-based
management support, refer to the Web Element Management System section in this chapter. For more information on
command line interface based management, refer to the Command Line Interface Reference and P-GW Administration
Guide.
Bulk Statistics Support
The system's support for bulk statistics allows operators to choose to view not only statistics that are of importance to
them, but also to configure the format in which it is presented. This simplifies the post-processing of statistical data
since it can be formatted to be parsed by external, back-end processors.
When used in conjunction with the Web Element Manager, the data can be parsed, archived, and graphed.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
Features and Functionality - Base Software ▀
The system can be configured to collect bulk statistics (performance data) and send them to a collection server (called a
receiver). Bulk statistics are statistics that are collected in a group. The individual statistics are grouped by schema.
Following is a partial list of supported schemas:
System: Provides system-level statistics
Card: Provides card-level statistics
Port: Provides port-level statistics
Context: Provides context-level statistics
IP Pool: Provides IP pool statistics
MAG: Provides Mobile Access Gateway statistics
ECS: Provides Enhanced Charging Service statistics
RADIUS: Provides AAA RADIUS statistics
The system supports the configuration of up to 4 sets (primary/secondary) of receivers. Each set can be configured with
to collect specific sets of statistics from the various schemas. Statistics can be pulled manually from the chassis or sent
at configured intervals. The bulk statistics are stored on the receiver(s) in files.
The format of the bulk statistic data files can be configured by the user. Users can specify the format of the file name,
file headers, and/or footers to include information such as the date, chassis host name, chassis uptime, the IP address of
the system generating the statistics (available for only for headers and footers), and/or the time that the file was
generated.
When the Web Element Manager is used as the receiver, it is capable of further processing the statistics data through
XML parsing, archiving, and graphing.
The Bulk Statistics Server component of the Web Element Manager parses collected statistics and stores the information
in the PostgreSQL database. If XML file generation and transfer is required, this element generates the XML output and
can send it to a Northbound NMS or an alternate bulk statistics server for further processing.
Additionally, if archiving of the collected statistics is desired, the Bulk Statistics server writes the files to an alternative
directory on the server. A specific directory can be configured by the administrative user or the default directory can be
used. Regardless, the directory can be on a local file system or on an NFS-mounted file system on the Web Element
Manager server.
Important: For more information on bulk statistic configuration, refer to the Configuring and Maintaining Bulk
Statistics chapter in the System Administration Guide.
Threshold Crossing Alerts (TCA) Support
Thresholding on the system is used to monitor the system for conditions that could potentially cause errors or outage.
Typically, these conditions are temporary (i.e high CPU utilization, or packet collisions on a network) and are quickly
resolved. However, continuous or large numbers of these error conditions within a specific time interval may be
indicative of larger, more severe issues. The purpose of thresholding is to help identify potentially severe conditions so
that immediate action can be taken to minimize and/or avoid system downtime.
The system supports Threshold Crossing Alerts for certain key resources such as CPU, memory, IP pool addresses, etc.
With this capability, the operator can configure threshold on these resources whereby, should the resource depletion
cross the configured threshold, a SNMP Trap would be sent.
The following thresholding models are supported by the system:
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ Features and Functionality - Base Software
Alert: A value is monitored and an alert condition occurs when the value reaches or exceeds the configured high
threshold within the specified polling interval. The alert is generated then generated and/or sent at the end of
the polling interval.
Alarm: Both high and low threshold are defined for a value. An alarm condition occurs when the value reaches
or exceeds the configured high threshold within the specified polling interval. The alert is generated then
generated and/or sent at the end of the polling interval.
Thresholding reports conditions using one of the following mechanisms:
SNMP traps: SNMP traps have been created that indicate the condition (high threshold crossing and/or clear) of
each of the monitored values.
Generation of specific traps can be enabled or disabled on the chassis. Ensuring that only important faults get
displayed. SNMP traps are supported in both Alert and Alarm modes.
Logs: The system provides a facility called threshold for which active and event logs can be generated. As with other
system facilities, logs are generated Log messages pertaining to the condition of a monitored value are generated with a
severity level of WARNING.
Logs are supported in both the Alert and the Alarm models.
Alarm System: High threshold alarms generated within the specified polling interval are considered ―outstanding‖ until a
the condition no longer exists or a condition clear alarm is generated. ―Outstanding‖ alarms are reported to the system's
alarm subsystem and are viewable through the Alarm Management menu in the Web Element Manager.
The Alarm System is used only in conjunction with the Alarm model.
Important:
For more information on threshold crossing alert configuration, refer Thresholding Configuration
Guide.
ANSI T1.276 Compliance
ANSI T1.276 specifies security measures for Network Elements (NE). In particular it specifies guidelines for password
strength, storage, and maintenance security measures.
ANSI T1.276 specifies several measures for password security. These measures include:
Password strength guidelines
Password storage guidelines for network elements
Password maintenance, e.g. periodic forced password changes
These measures are applicable to the ASR 5000 and the Web Element Manager since both require password
authentication. A subset of these guidelines where applicable to each platform will be implemented. A known subset of
guidelines, such as certificate authentication, are not applicable to either product. Furthermore, the platforms support a
variety of authentication methods such as RADIUS and SSH which are dependent on external elements. ANSI T1.276
compliance in such cases will be the domain of the external element. ANSI T1.276 guidelines will only be implemented
for locally configured operators.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
Features and Functionality - External Application Support ▀
Features and Functionality - External Application Support
This section describes the features and functions of external applications supported on the HSGW. These services
require additional licenses to implement the functionality.
Web Element Management System
Web Element Management System
Provides a graphical user interface (GUI) for performing fault, configuration, accounting, performance, and security
(FCAPS) management for the ASR 5000.
The Web Element Manager is a Common Object Request Broker Architecture (CORBA)-based application that
provides complete fault, configuration, accounting, performance, and security (FCAPS) management capability for the
system.
For maximum flexibility and scalability, the Web Element Manager application implements a client-server architecture.
This architecture allows remote clients with Java-enabled web browsers to manage one or more systems via the server
component which implements the CORBA interfaces. The server component is fully compatible with the fault-tolerant
Sun® Solaris® operating system.
The following figure demonstrates various interfaces between the Web Element Manager and other network
components.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ Features and Functionality - External Application Support
Figure 127. Web Element Manager Network Interfaces
License Keys: A license key is required in order to use the Web Element Manager application. Please contact your local
Sales or Support representative for more information.
Important:
For more information on WEM support, refer to the WEM Installation and Administration Guide.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
Features and Functionality - Optional Enhanced Feature Software ▀
Features and Functionality - Optional Enhanced Feature
Software
This section describes the optional enhanced features and functions for the S-GW service.
Each of the following features require the purchase of an additional license to implement the functionality with the SGW service.
This section describes following features:
IP Header Compression (RoHCv1 for IPv6)
IP Security (IPSec)
Traffic Policing and Shaping
Layer 2 Traffic Management (VLANs)
IP Header Compression (RoHCv1 for IPv6)
Dynamic header compression contexts enable more efficient memory utilization by allocating and deleting header
compression contexts based on the presence/absence of traffic flowing over an S067 A10 bearer connection.
In order to provision VoIP services over an e-HRPD network the StarOS 9.0 release adds support for ROHC
compression contexts over IPv6 datagrams using the RTP profile over S067 auxiliary A10' connections. The e-HRPD
application uses pre-established SO67 A10' connections for VoIP bearers. A header compression context is allocated for
the first time when a new SO67 A10' connection request comes with negotiated ROHC parameters.
In order to optimize memory allocation and system performance, the HSGW uses configured inactivity time of traffic
over the bearer to dynamically determine when the ROHC compression context should be removed. This feature is also
useful for preserving compression contexts on intra-HSGW call hand-offs. The dynamic header compression context
parameters are configured in the ROHC profile that is associated with the subscriber session.
Important: For more information on IP header compression support, refer IP Header Compression chapter in
System Enhanced Feature Configuration Guide.
IP Security (IPSec)
IP Security provides a mechanism for establishing secure tunnels from mobile subscribers to pre-defined endpoints (i.e.
enterprise or home networks) in accordance with the following standards:
RFC 2401, Security Architecture for the Internet Protocol
RFC 2402, IP Authentication Header (AH)
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ Features and Functionality - Optional Enhanced Feature Software
RFC 2406, IP Encapsulating Security Payload (ESP)
RFC 2409, The Internet Key Exchange (IKE)
In order to provision VoIP services over an e-HRPD network the StarOS 9.0 release adds support for ROHC
compression contexts over IPv6 datagrams using the RTP profile over S067 auxiliary A10' connections. The e-HRPD
application uses pre-established SO67 A10' connections for VoIP bearers. A header compression context is allocated for
the first time when a new SO67 A10' connection request comes with negotiated ROHC parameters.
In order to optimize memory allocation and system performance, the HSGW uses configured inactivity time of traffic
over the bearer to dynamically determine when the ROHC compression context should be removed. This feature is also
useful for preserving compression contexts on intra-HSGW call hand-offs. The dynamic header compression context
parameters are configured in the ROHC profile that is associated with the subscriber session.
Important: For more information on IP header compression support, refer IP Header Compression chapter in
System Enhanced Feature Configuration Guide.
Traffic Policing and Shaping
Traffic policing and shaping allows you to manage bandwidth usage on the network and limit bandwidth allowances to
subscribers. Shaping allows you to buffer excesses to be delivered at a later time.
Traffic Policing
Traffic policing enables the configuring and enforcing of bandwidth limitations on individual subscribers and/or APNs
of a particular traffic class in 3GPP/3GPP2 service.
Bandwidth enforcement is configured and enforced independently on the downlink and the uplink directions.
A Token Bucket Algorithm (a modified trTCM) [RFC2698] is used to implement the Traffic-Policing feature. The
algorithm used measures the following criteria when determining how to mark a packet:
Committed Data Rate (CDR): The guaranteed rate (in bits per second) at which packets can be
transmitted/received for the subscriber during the sampling interval.
Peak Data Rate (PDR): The maximum rate (in bits per second) that subscriber packets can be
transmitted/received for the subscriber during the sampling interval.
Burst-size: The maximum number of bytes that can be transmitted/received for the subscriber during the
sampling interval for both committed (CBS) and peak (PBS) rate conditions. This represents the maximum
number of tokens that can be placed in the subscriber‘s ―bucket‖. Note that the committed burst size (CBS)
equals the peak burst size (PBS) for each subscriber.
The system can be configured to take any of the following actions on packets that are determined to be in excess or in
violation:
Drop: The offending packet is discarded.
Transmit: The offending packet is passed.
Lower the IP Precedence: The packet‘s ToS bit is set to ―0‖, thus downgrading it to Best Effort, prior to passing
the packet. Note that if the packet‘s ToS bit was already set to ―0‖, this action is equivalent to ―Transmit‖.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
Features and Functionality - Optional Enhanced Feature Software ▀
Traffic Shaping
Traffic Shaping is a rate limiting method similar to the Traffic Policing, but provides a buffer facility for packets
exceeded the configured limit. Once the packet exceeds the data-rate, the packet queued inside the buffer to be delivered
at a later time.
The bandwidth enforcement can be done in the downlink and the uplink direction independently. If there is no more
buffer space available for subscriber data system can be configured to either drop the packets or kept for the next
scheduled traffic session.
Important: For more information on traffic policing and shaping, refer to the Traffic Policing and Shaping
chapter in the System Enhanced Feature Configuration Guide.
Layer 2 Traffic Management (VLANs)
Virtual LANs (VLANs) provide greater flexibility in the configuration and use of contexts and services.
IP Security (IPSec) is a suite of protocols that interact with one another to provide secure private communications across
IP networks. These protocols allow the system to establish and maintain secure tunnels with peer security gateways. For
IPv4, IKEv1 is used and for IPv6, IKEv2 is supported. IPSec can be implemented on the system for the following
applications:
PDN Access: Subscriber IP traffic is routed over an IPSec tunnel from the system to a secure gateway on the
packet data network (PDN) as determined by access control list (ACL) criteria.
Mobile IP: Mobile IP control signals and subscriber data is encapsulated in IPSec tunnels that are established
between foreign agents (FAs) and home agents (HAs) over the Pi interfaces.
Important: Once an IPSec tunnel is established between an FA and HA for a particular subscriber, all new
Mobile IP sessions using the same FA and HA are passed over the tunnel regardless of whether or not IPSec is
supported for the new subscriber sessions. Data for existing Mobile IP sessions is unaffected.
Important: For more information on IPSec support, refer to the IP Security chapter in the System Enhanced
Feature Configuration Guide.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ Call/Session Procedure Flows
Call/Session Procedure Flows
This section provides information on the function of the HSGW in an eHRPD network and presents call procedure
flows for different stages of session setup.
The following topics and procedure flows are included:
Initial Attach with IPv6IPv4 Access
PMIPv6 Lifetime Extension without Handover
PDN Connection Release Initiated by UE
PDN Connection Release Initiated by HSGW
PDN Connection Release Initiated by P-GW
Initial Attach with IPv6/IPv4 Access
This section describes the procedure of initial attach and session establishment for a subscriber (UE).
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
Call/Session Procedure Flows ▀
Figure 128.
Initial Attach with IPv6/IPv4 Access Call Flow
UE
eAN/ePCF
1
HSGW (MAG)
Session
Setup
A11
RRP
3b
3GPP AAA
A11 RRQ
(IMSI)
2a
3a
P-GW (LMA)
2b
LCP
PPP-EAP (IMSI-NAI)
A11
SUP
4b
EAP (IMSI-NAI)
3c
4a
A11
SUA
PPP-VSNPC-Conf-Req
5a
5b
PBU
PBA
PPP-VSNPC-Conf-Ack
PPP-VSNPC-Conf-Req (PDNID)
5f
5c
5d
5e
PPP-VSNPC-Conf-Ack (PDNID)
6
RS
RA (prefix = assigned HNP)
7
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ Call/Session Procedure Flows
Table 71. Initial Attach with IPv6/IPv4 Access Call Flow Description
Step
Description
1
The subscriber (UE) attaches to the eHRPD network.
2a
The eAN/PCF sends an A11 RRQ to the HSGW. The eAN/PCF includes the true IMSI of the UE in the A11 RRQ.
2b
The HSGW establishes A10s and respond back to the eAN/PCF with an A11 RRP.
3a
The UE performs LCP negotiation with the HSGW over the established main A10.
3b
The UE performs EAP over PPP.
3c
EAP authentication is completed between the UE and the 3GPP AAA. During this transaction, the HSGW receives the
subscriber profile from the AAA server.
4a
After receiving the subscriber profile, the HSGW sends the QoS profile in A11 Session Update Message to the eAN/PCF.
4b
The eAN/PCF responds with an A11 Session Update Acknowledgement (SUA).
5a
The UE initiates a PDN connection by sending a PPP-VSNCP-Conf-Req message to the HSGW. The message includes the
PDNID of the PDN, APN, PDN-Type=IPv6/[IPv4], PDSN-Address and, optionally, PCO options the UE is expecting from
the network.
5b
The HSGW sends a PBU to the P-GW.
5c
The P-GW processes the PBU from the HSGW, assigns an HNP for the connection and responds back to the HSGW with
PBA.
5d
The HSGW responds to the VSNCP Conf Req with a VSNCP Conf Ack.
5e
The HSGW sends a PPP-VSNCP-Conf-Req to the UE to complete PPP VSNCP negotiation.
5f
The UE completes VSNCP negotiation by returning a PPP-VSNCP-Conf-Ack.
6
The UE optionally sends a Router Solicitation (RS) message.
7
The HSGW sends a Router Advertisement (RA) message with the assigned Prefix.
PMIPv6 Lifetime Extension without Handover
This section describes the procedure of a session registration lifetime extension by the P-GW without the occurrence of
a handover.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
Call/Session Procedure Flows ▀
Figure 129.
PMIPv6 Lifetime Extension (without handover) Call Flow
UE
eAN/ePCF
1
HSGW (MAG)
P-GW (LMA)
Attached
2
Lifetime refresh trigger
3
PBU
New lifetime
4
PBA
5
Table 72. PMIPv6 Lifetime Extension (without handover) Call Flow Description
Step
Description
1
The UE is attached to the EPC and has a PDN connection with the P-GW where PDNID=x and an APN with assigned
HNP.
2
The HSGW MAG service registration lifetime nears expiration and triggers a renewal request for the LMA.
3
The MAG service sends a Proxy Binding Update (PBU) to the P-GW LMA service with the following attributes: Lifetime,
MNID, APN, ATT=HRPD, HNP.
4
The P-GW LMA service updates the Binding Cache Entry (BCE) with the new granted lifetime.
5
The P-GW responds with a Proxy Binding Acknowledgement (PBA) with the following attributes: Lifetime, MNID, APN.
PDN Connection Release Initiated by UE
This section describes the procedure of a session release by the UE.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ Call/Session Procedure Flows
Figure 130.
PDN Connection Release by the UE Call Flow
UE
eAN/ePCF
1
2
HSGW (MAG)
P-GW (LMA)
Attached
PPP VSNCP-Term-Req
PPP VSNCP-Term-Ack
3
PBU
4
PBA
RA
5
6
Table 73. PDN Connection Release by the UE Call Flow Description
Step
Description
1
The UE is attached to the EPC and has a PDN connection with the P-GW for PDN-ID=x and APN with assigned HNP.
2
The UE decides to disconnect from the PDN and sends a PPP VSNCP-Term-Req with PDNID=x.
3
The HSGW starts disconnecting the PDN connection and sends a PPP-VSNCP-Term-Ack to the UE (also with PDNID=x).
4
The HSGW begins the tear down of the PMIP session by sending a PBU Deregistration to the P-GW with the following
attributes: Lifetime=0, MNID, APN, ATT=HRPD, HNP. The PBU Deregistration message should contain all the mobility
options that were present in the initial PBU that created the binding.
5
The P-GW looks up the Binding Cache Entry (BCE) based on the HNP, deletes the binding, and responds to the HSGW
with a Deregistration PBA with the same attributes (Lifetime=0, MNID, APN, ATT=HRPD, HNP).
6
The HSGW optionally sends a Router Advertisement (RA) with assigned HNP and prefix lifetime=0.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
Call/Session Procedure Flows ▀
PDN Connection Release Initiated by HSGW
This section describes the procedure of a session release by the HSGW.
Figure 131.
PDN Connection Release by the HSGW Call Flow
UE
eAN/ePCF
1
HSGW (MAG)
P-GW (LMA)
Attached
PMIPv6 Tunnel
2
PPP VSNCP-Term-Req
4
MAG Release Trigger
3
PPP VSNCP-Term-Ack
5
PBU
PBA
RA
6
7
Table 74. PDN Connection Release by the HSGW Call Flow Description
Step
Description
1
The UE is attached to the EPC and has a PDN connection with the P-GW for PDN-ID=x and APN with assigned HNP.
2
The HSGW MAG service triggers a disconnect of the PDN connection for PDNID=x.
3
The HSGW sends a PPP VSNCP-Term-Req with PDNID=x to the UE.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ Call/Session Procedure Flows
Step
Description
4
The UE acknowledges the receipt of the request with a VSNCP-Term-Ack (PDNID=x).
5
The HSGW begins the tear down of the PMIP session by sending a PBU Deregistration to the P-GW with the following
attributes: Lifetime=0, MNID, APN, HNP. The PBU Deregistration message should contain all the mobility options that
were present in the initial PBU that created the binding.
6
The P-GW looks up the BCE based on the HNP, deletes the binding, and responds to the HSGW with a Deregistration PBA
with the same attributes (Lifetime=0, MNID, APN, ATT=HRPD, HNP).
7
The HSGW optionally sends a Router Advertisement (RA) with assigned HNP and prefix lifetime=0.
PDN Connection Release Initiated by P-GW
This section describes the procedure of a session release by the P-GW.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
Call/Session Procedure Flows ▀
Figure 132.
PDN Connection Release by the HSGW Call Flow
UE
eAN/ePCF
1
HSGW (MAG)
P-GW (LMA)
Attached
PMIPv6 Tunnel
BRI
3
4
PPP VSNCP-Term-Req
6
2
BRA
MAG Disconnect UE
5
PPP VSNCP-Term-Ack
RA
7
Table 75. PDN Connection Release by the HSGW Call Flow Description
Step
Description
1
The UE is attached to the EPC and has a PDN connection with the P-GW for PDN-ID=x and APN with assigned HNP.
2
A PGW trigger causes a disconnect of the PDN connection for PDNID=x and the PGW sends a Binding Revocation
Indication (BRI) message to the HSGW with the following attributes: MNID, APN, HNP.
3
The HSGW responds to the BRI message with a Binding Revocation Acknowledgement (BRA) message with the sane
attributes (MNID, APN, HNP).
4
The HSGW MAG service triggers a disconnect of the UE PDN connection for PDNID=x.
5
The HSGW sends a PPP VSNCP-Term-Req with PDNID=x to the UE.
6
The UE acknowledges the receipt of the request with a VSNCP-Term-Ack (PDNID=x).
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ Call/Session Procedure Flows
Step
Description
7
The HSGW optionally sends a Router Advertisement (RA) with assigned HNP and prefix lifetime=0.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
HRPD Serving Gateway Overview
Supported Standards ▀
Supported Standards
The HSGW complies with the following standards.
3GPP References
3GPP2 References
IETF References
Object Management Group (OMG) Standards
3GPP References
3GPP TR 23.401 General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio
Access Network (E-UTRAN) access
3GPP TS 23.402 Architecture enhancements for non-3GPP accesses
3GPP TS 29.273 Evolved Packet System (EPS);3GPP EPS AAA interfaces
3GPP TS 29.275 Proxy Mobile IPv6 (PMIPv6) based Mobility and Tunnelling protocols; Stage 3
3GPP TS 32.299 Rf Offline Accounting Interface
3GPP2 References
X.P0057-0 v0.11.0 E-UTRAN - eHRPD Connectivity and Interworking: Core Network Aspects
X.S0057-0 v1.0: ―E-UTRAN - eHRPD Connectivity and Interworking: Core Network Aspects‖
A.S0008-C v1.0: Interoperability Specification (IOS) for High Rate Packet Data (HRPD) Radio Access Network
Interfaces with Session Control in the Access Network, August 2007. (HRPD IOS)
A.S0009-C v1.0: Interoperability Specification (IOS) for High Rate Packet Data (HRPD) Radio Access Network
Interfaces with Session Control in the Packet Control Function, August 2007. (HRPD IOS)
A.S0022-0 v1.0: E-UTRAN - HRPD Connectivity and Interworking: Access Network Aspects (E-UTRAN –
HRPD IOS), March 2009.
A.S0017-D v1.0: Interoperability Specification (IOS) for cdma2000 Access Network Interfaces - Part 7 (A10
and A11 Interfaces), June, 2007.
X.S0011-D v1.0: cdma2000 Wireless IP Network Standard, March 2006.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
HRPD Serving Gateway Overview
▀ Supported Standards
IETF References
RFC 1661 (July 1994): The Point-to-Point Protocol (PPP)
RFC 2205 (September 1997): Resource Reservation Protocol (RSVP)
RFC 2473 (December 1998): Generic Packet Tunneling in IPv6 Specification
RFC 3095 (July 2001): RObust Header Compression (ROHC): Framework and four profiles: RTP, UDP, ESP,
and uncompressed
RFC 3748 (June 2004): Extensible Authentication Protocol (EAP)
RFC 3772 (May 2004): PPP Vendor Protocol
RFC 3775 (June 2004): Mobility Support in IPv6
RFC 4283 (November 2005): Mobile Node Identifier Option for Mobile IPv6 (MIPv6)
RFC 5094 (February 2008): Service Selection for Mobile IPv6
RFC 5149 (December 2007): Mobile IPv6 Vendor Specific Option
RFC 5213 (August 2008): Proxy Mobile IPv6
Internet-Draft (draft-ietf-netlmm-pmip6-ipv4-support-09.txt): IPv4 Support for Proxy Mobile IPv6
Internet-Draft (draft-ietf-netlmm-grekey-option-06.txt): GRE Key Option for Proxy Mobile IPv6
Internet-Draft (draft-meghana-netlmm-pmipv6-mipv4-00): Proxy Mobile IPv6 and Mobile IPv4 interworking
Internet-Draft (draft-ietf-mip6-nemo-v4traversal-06.txt): Mobile IPv6 support for dual stack Hosts and Routers
(DSMIPv6)
Internet-Draft (draft-ietf-netlmm-proxymip6-07.txt): Proxy Mobile IPv6
Internet-Draft (draft arkko-eap-aka-kdf): Improved Extensible Authentication Protocol Method for 3rd
Generation Authentication and Key Agreement (EAP-AKA)
Internet-Draft (draft-muhanna-mext-binding-revocation-01): Binding Revocation for IPv6 Mobility
Object Management Group (OMG) Standards
CORBA 2.6 Specification 01-09-35, Object Management Group
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Chapter 14
IP Services Gateway Overview
This chapter provides an overview of the IP Services Gateway (IPSG).
This chapter covers the following topics:
Introduction
Service Modes
In-line Services
Enhanced Feature Support
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
IP Services Gateway Overview
▀ Introduction
Introduction
The IP Services Gateway (IPSG) is a stand-alone device capable of providing managed services to IP flows. The IPSG
is situated on the network side of legacy, non-service capable GGSNs, PDSNs, HAs, and other subscriber management
devices. The IPSG can provide per-subscriber services such as enhanced charging, stateful firewall, traffic performance
optimization, and others.
The IPSG allows the carrier to roll out advanced services without requiring a replacement of the HA, PDSN, GGSN, or
other access gateways and eliminates the need to add multiple servers to support additional services.
Important:
The IPSG is a license-dependent feature.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
IP Services Gateway Overview
Service Modes ▀
Service Modes
The IPSG supports the following service modes:
RADIUS Server Mode
RADIUS Snoop Mode
RADIUS Server Mode
When configured in RADIUS server mode, the IPSG inspects identical RADIUS accounting request packets sent to the
RADIUS accounting server and the IPSG simultaneously.
As shown in the following figure, the IPSG inspects the RADIUS accounting request, extracts the required user
information, then sends a RADIUS accounting response message back to the access gateway. The IPSG has three
reference points: sn, si, and sr. The sn interface transmits/receives data packets to/from the access gateway (GGSN, HA,
PDSN, etc.). The si interface transmits/receives data packets to/from the Internet or a packet data network. The sr
interface receives RADIUS accounting requests from the access gateway. The system inspects the accounting request
packets and extracts information to be used to determine the appropriate service(s) to apply to the flow.
Figure 133. IPSG Message/Data Flow (RADIUS Server Mode)
RADIUS
Server
Acct Resp
Acct Req
Acct Req
sr
Acct Resp
Mobile
Station
IP Data
Access Gateway
(GGSN/PDSN/HA)
si
sn
IP Data
Internet
IPSG
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
IP Services Gateway Overview
▀ Service Modes
RADIUS Proxy
In the event that the Access Gateway is incapable of sending two separate RADIUS Start message, the IPSG can be
configured as a RADIUS Proxy. As shown in the following figure, the IPSG receives an IPSG RADIUS proxy Access
request, then generates the Authentication and Accounting requests to the AAA Server.
Figure 134. IPSG Message/Data Flow (RADIUS Server Mode - RADIUS Proxy)
RADIUS Snoop Mode
When configured in RADIUS snoop mode, the IPSG simply inspects RADIUS accounting request packets sent to a
RADIUS server through the IPSG.
As shown in the following figure, the IPSG has three reference points: sn, si, and sr. The sn interface transmits/receives
data packets to/from the access gateway (GGSN, HA, PDSN, etc.). The si interface transmits/receives data packets
to/from the Internet or a packet data network. The sr interface receives RADIUS accounting requests from the access
gateway. The system inspects the accounting request packets and extracts information to be used to determine the
appropriate service(s) to apply to the flow. Information is not extracted from the RADIUS accounting responses so they
are sent directly to the access gateway by the RADIUS Server, but can also be sent back through the IPSG.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
IP Services Gateway Overview
Service Modes ▀
Figure 135. IPSG Message/Data Flow (RADIUS Snoop Mode)
RADIUS
Server
Acct Resp
Acct Req
Acct Req
Mobile
Station
IP Data
sr
si
sn
IP Data
Internet
Access Gateway
(GGSN/PDSN/HA)
IPSG
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
IP Services Gateway Overview
▀ In-line Services
In-line Services
As described previously, the IPSG provides a method of inspecting RADIUS packets to discover user identity for the
purpose of applying enhanced services to the subsequent data flow. Internal applications such as the Enhanced Charging
Service, Content Filtering, and Peer-to-Peer Detection are primary features that take advantage of the IPSG service.
Enhanced Charging Service
Enhanced Charging Service (ECS)/Active Charging Service (ACS) is the primary vehicle performing packet inspection
and applying rules to the session which includes the delivery of enhanced services.
For more information, refer to the Enhanced Charging Service Administration Guide.
Content Filtering
Content Filtering is an in-line service feature that filters HTTP and WAP requests from mobile subscribers based on the
URLs in the requests. This enables operators to filter and control the content that an individual subscriber can access, so
that subscribers are inadvertently not exposed to universally unacceptable content and/or content inappropriate as per
the subscribers‘ preferences.
For more information, refer to the Content Filtering Services Administration Guide.
Peer-to-Peer
Peer-to-Peer is an in-line service feature that detects peer-to-peer protocols in real time and applies actions such as
permitting, blocking, charging, bandwidth control, and TOS marking.
For more information, refer to the Peer-to-Peer Detection Administration Guide.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
IP Services Gateway Overview
Enhanced Feature Support ▀
Enhanced Feature Support
This section describes the enhanced features supported by IPSG.
IMS Authorization Service
To support roaming IMS subscribers in a GPRS/UMTS network, the IPSG must be able to charge only for the amount
of resources consumed by the particular IMS application and bandwidth used. The IPSG must also allow for the
provisioning and control of the resources used by the IMS subscriber. To facilitate this, the IPSG supports the R7 Gx
interface to a Policy Control and Charging Rule Function (PCRF).
For detailed information on the Gx Interface support, refer to the Gx Interface Support chapter of the System Enhanced
Feature Configuration Guide.
Note the following for IPSG:
Only single bearer/session concept is supported. Multiple bearer concept is not applicable.
Only PCRF binding is applicable. PCEF binding is not applicable.
The following figure shows the interface and basic message flow of the Gx interface.
Figure 136. PSG Message/Data Flow (RADIUS Server Mode - IMS Auth Service)
IPSG also supports IMS Authorization Service Session Recovery with the following limitations:
Active calls only
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
IP Services Gateway Overview
▀ Enhanced Feature Support
The number of rules recovered is limited to the following:
3 flow-descriptions per charging-rule-definition
3 Charging-rule-definitions per PDP context
The above are combined limits for opened/closed gates and for uplink and downlink rules. IMSA sessions with
rules more than the above are not recoverable.
Content Service Steering
Content Service Steering (CSS), defines how traffic is handled by the system based on the content of the data presented
by a mobile subscriber. CSS can be used to direct traffic to in-line services that are internal to the system. CSS controls
how subscriber data is forwarded to a particular in-line service, but does not control the content.
IPSG supports steering subscriber sessions to Content Filtering Service based on their policy setting. If a subscriber
does not have a policy setting (ACL name) requiring Content Filtering, their session will bypass the Content Filtering
Service and will be routed on to the destination address.
If subscriber policy entitlements indicate filtering is required for a subscriber, CSS will be used to steer subscriber
sessions to the Content Filtering in-line service.
If a subscriber is using a mobile application with protocol type not supported, their session will bypass the Content
Filtering Service and will be efficiently routed on to destination address.
For more information regarding CSS, refer to the Content Service Steering chapter of the System Enhanced Feature
Configuration Guide.
Multiple IPSG Services
Multiple IPSG services, can be configured on the system in different contexts. Both source and destination contexts
should be different for the different IPSG services. Each such IPSG service functions independently as an IPSG.
Session Recovery
The Session Recovery feature provides seamless failover and reconstruction of subscriber session information in the
event of a hardware or software fault within the system preventing a fully connected user session from being
disconnected.
For more information on this feature, please refer to the Session Recovery chapter in the System Enhanced Feature
Configuration Guide.
Inter-Chassis Session Recovery is not supported.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Chapter 15
Packet Data Interworking Function Overview
This chapter discusses the features and functions of Packet Data Interworking Function (PDIF) software. It includes the
following topics:
Product Description
Product Specifications
Interfaces
Sample Deployments
Features and Functionality - Base Software
Features and Functionality - Licensed Enhanced Feature Support
Supported Standards and RFCs
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Packet Data Interworking Function Overview
▀ Product Description
Product Description
The goal of the Fixed Mobile Convergence (FMC) application is to enhance the in-building cellular coverage for FMC
subscribers, to reduce the cost of the infrastructure required to carry these calls, and to provide secure access to the
carrier‘s network from a non-secure network. Designed for use exclusively on the Cisco® ASR 5000 Chassis, the
Packet Data Interworking Function (PDIF) is a network function based on the 3GPP2 X.S0028-200 standard defining
cdma2000 Packet Data Services over an 802.11 WLAN.
A PDIF allows mobile devices to access the Internet over an all-IP WLAN using IKEv2 as the signaling interface. The
IKEv2 control path exists between the mobile station (MS) (a dual-mode handset (DMH)) and the PDIF establishing an
IPSec tunnel. PDIF also acts as a security gateway protecting CDMA network resources and data (see the Interfaces
section). The PDIF is tightly integrated with a collocated Foreign Agent (FA) service, and the PDIF is known
throughout this manual as PDIF/FA.
For handsets that do not support mobile IP, PDIF supports proxy mobile IP. If the MS is not suitable for proxy mobile
IP registration, it may still be allowed to establish a simple IP session, in which case the traffic is directly routed to the
Internet or corporate network from the PDIF. This behavior is controlled through the
configuration in the domain, local default subscriber, or the corresponding Diameter AVP or RADIUS Access Accept.
If this is not present, establishing a simple IP session is permitted. Proxy-MIP is documented in the System Enhanced
Features Configuration Guide. Although not required for Proxy-MIP, this manual documents Proxy-MIP with a customdesigned feature called multiple authentication (Multi-Auth). Instead of the more usual subscriber authentication, MultiAuth requires both the device and the subscriber be authenticated using EAP/AKA authentication for the first stage (the
device authentication) and GTC/MD5 for the second stage (the subscriber authentication). For this installation, neither
GTC nor MD5 is supported, which means authentication is done using PAP/CHAP instead.
When the subscriber is mobile, the MS operates as a normal mobile phone, sending voice and data over the CDMA
network. When the FMC subscriber returns home, or encounters a WiFi hotspot, the MS detects the presence of the
WiFi network, and automatically establishes an IPSec session with the PDIF/FA. When the secure connection has been
established and mobile IP registration procedures successfully finished, the PDIF/FA works with other network
elements to provide the MS with access to packet data services.
From here, all voice and data communication is carried over the IPSec tunnel and the PDIF/FA functions as a passthrough for the authentication and accounting information on a RADIUS and/or Diameter server. The MS continues
operating over the IPSec tunnel until such time as it can no longer access the WiFi Access Point (AP). At this point, the
MS switches back to the CDMA network for normal mobile operation.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Packet Data Interworking Function Overview
Product Specifications ▀
Product Specifications
The following information is located in this section:
Operating System Requirements
Platforms
Hardware Requirements
Licenses
Operating System Requirements
The PDIF operates on the ASR 5000 running StarOS Release 8.1 or later.
Platforms
The PDIF operates on the ASR 5000.
Hardware Requirements
System Management Cards (SMCs): SMCs provide full system control and management of all cards within
the ASR 5000. Up to two SMCs can be installed; one active, one redundant.
Packet Services Cards (PSCs/PSC2s): PSCs provide high-speed, multi-threaded PDP context processing
capability. Up to 14 PSCs can be installed, allowing for multiple active and/or redundant cards.
Switch Processor Input/Outputs (SPIOs): Installed in the upper-rear chassis slots directly behind the SMCs,
SPIOs provide connectivity for local and remote management. Up to 2 SPIOs can be installed: one active, one
redundant.
Line Cards: Installed directly behind the PSCs, these cards provide the physical interfaces from the PDIF to
various elements in the network. Up to 26 line cards can be installed for a fully loaded system with 13 active
PSCs: 13 in the upper-rear slots and 13 in the lower-rear slots for redundancy. Redundant PSCs do not require
line cards. Ethernet 10/100 Fast Ethernet and/or Gigabit Ethernet 1000 and/or four-port Quad Gig-E line cards
(QGLCs) all provide redundant IP connections.
Redundancy Crossbar Cards (RCCs): Installed in the lower-rear chassis slots directly behind the SMCs,
RCCs utilize 5 Gbps serial links to ensure connectivity between Ethernet 10/100 or Ethernet 1000 line
cards/QGLCs and every PSC in the system for redundancy. Two RCCs can be installed to provide redundancy
for line cards and PSCs.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Packet Data Interworking Function Overview
▀ Product Specifications
Table 76. PDIF Chassis Hardware Configuration Options
Component
Minimum per
Chassis
Minimum for Redundant Chassis
Configuration
Maximum per
Chassis
System Management Card (SMC)
1
2
2
Packet Services Card (PSC/PSC2)
1
2
14
Switch Processor I/O (SPIO) Card
1
2
2
Redundancy Crossbar Card (RCC)
0
2
2
Power Filter Unit (PFU)
2
2
2
Upper Fan Tray Assembly
1
1
1
Lower Fan Tray Assembly
1
1
1
Fast Ethernet (10/100) Line Card
(FELC)
1
2
28
Gigabit Ethernet Line Card (GELC)
1
2
28
Quad Gigabit Ethernet Line Card
(QGLC)
1
2
28
Line Cards
For full descriptions, and for more information on installing, populating, and maintaining the ASR 5000 and its
hardware, refer to the Hardware Installation and Administration Guide.
Licenses
The PDIF is a licensed product with a session counting license, which can be purchased in 1,000 or 10,000 session
increments. For information about PDIF licenses, contact your sales representative.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Packet Data Interworking Function Overview
Interfaces ▀
Interfaces
The figure below shows how the PDIF/FA acts as a security gateway between the Internet and packet data services. All
components are located in the home network.
Figure 137.
PDIF/FA Mobile IP Interfaces
Home
Subscriber
Server
Home
AAA
SIP Core
IPSec Tunnel
WiFi
DMH
WiFi
Access
Point
Broadband
Network
IP Core
ST40 PDIF
CDMA
IP Access
Network
PDSN
PLMN/PSTN
BSC/PCF
MSC/VLR
1. The IPSec virtual tunnel interface with the MS: The Mode keyword in the IPSec-transform-set configuration
mode defaults to Tunnel. In Tunnel mode, the IP datagram is passed to IPSec, where a new IP header is created
ahead of the AH and/or ESP IPSec headers. The original IP header is left intact.
2. The Diameter interface: In a mobile IP network, the IMS Sh interface is used for MAC address validation with
the HSS as well as HSS subscriber profile updates. In a Proxy-MIP network using multiple authentication, the
HSS server is used to authenticate the device during Stage 1 authentication using the EAP-AKA authentication
method.
3. The RADIUS authentication and accounting interface: In a mobile IP network, this interface is used for
subscriber authentication using the EAP-AKA authentication method. For subscriber accounting, the PDIF/FA
sends start, stop and interim messages to the accounting server. When used in a Proxy-MIP network using
multiple authentication, RADIUS is used with the AAA servers to authenticate the subscriber using the
GTC/MD5 authentication methods.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Packet Data Interworking Function Overview
▀ Interfaces
4. The home agent interface: This interface is used for Proxy mobile IP and mobile IP subscribers. All mobile
station packets are tunneled to the HA through this interface. This interface is not used for simple IP
subscribers.
5. The simple IP interface: This interface provides internet access for simple IP users.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Packet Data Interworking Function Overview
Sample Deployments ▀
Sample Deployments
The following are some sample deployments using a PDIF/FA.
Mobile Station using Mobile IP with PDIF/FA
Overview
As shown in the figure below, the PDIF/FA supports the Fixed Mobile Convergence (FMC) application, which employs
a Dual Mode Handset (DMH) to provide a VoIP solution over an IP-based WiFi broadband network. The DMH can
access the traditional CDMA voice and data networks over the Radio Access Network (RAN). Over the RAN, the DMH
implements circuit-switched voice and standard mobile IP (MIP) data over EVDO Rev. A, using the services of a PDSN
and an HA.
Figure 138.
PDIF/FA Mobile IP Implementation
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Packet Data Interworking Function Overview
▀ Sample Deployments
Alternately, the DMH can send both voice and data over WiFi when a local AP is available. When the DMH connects to
the AP, it establishes an IPSec tunnel over the broadband access network. This tunnel terminates at the PDIF/FA.
The DMH initially gets an IP address, also known as a Tunnel Inner Address (TIA), from the PDIF/FA when the DMH
establishes the first IPSec tunnel. The PDIF/FA assigns the TIA from its IP address pool. The DMH then starts mobile
IP through this initial TIA-based IPSec tunnel.
When the DMH successfully sets up mobile IP, it receives the home address from the HA. The DMH then establishes a
second IPSec tunnel using this HA. Once the DMH successfully establishes the second IPSec tunnel with the PDIF/FA,
the PDIF/FA tears down the first TIA-based IPSec tunnel to free the TIA, which then returns to the IP address pool. If
required, use the
command in config-subscriber mode to prevent the TIA from returning to the
pool. The DMH sends packetized voice and data through the PDIF/FA to the HA through the second IPSec tunnel.
In this scenario, the PDIF/FA forwards all the packets between the DMH and the HA. From there, voice packets are
delivered to the Session Initiation Protocol (SIP) infrastructure, while data is delivered to the Internet or other
appropriate destinations.
Mobile IP / Native Simple IP Call Minimum Requirements
The following provides the minimum requirements for each call type:
Mobile IP Calls
The PDIF/FA assumes MIP tunnel establishment over IPSec tunnel as part of the PDIF call flow as soon as any one of
the following three possible conditions is met:
1. The default subscriber profile has configured, or:
2. The Radius VSA SN1-PDIF-MIP-Required is returned by AAA during user authentication, or,
3. The MS requests the MIP session type by injecting the IKEv2 configuration attribute 3GPP2_MIP4_MODE.
Native Simple IP Calls
The PDIF/FA assumes a native simple IP session over an IPSec tunnel if:
1. The MS (DMH) does not request 3GPP2_MIP4_MODE in IKEv2 exchange, and:
2. If a subscriber profile is defined, it does not have the pdif mobile-ip required parameter, and:
3. The AAA server does not return the VSA SN1-PDIF-MIP-Required during MS user authentication.
Mobile IP Session Setup over IPSec
The following diagram and table describe the mobile IP session setup over IPSec.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Packet Data Interworking Function Overview
Sample Deployments ▀
Figure 139. Mobile IP Session Setup over IPSec
Table 77. Mobile IP over IPSec Call Flow Description
Step
Description
1
After the MS learns the IP address of the PDIF, the MS and the PDIF/FA exchange IKE_SA_INIT messages to negotiate
an acceptable cryptographic suite.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Packet Data Interworking Function Overview
▀ Sample Deployments
Step
Description
2
The MS initiates IKE_AUTH exchange messages with the PDIF/FA. The MS omits the AUTH parameter to the PDIF/FA,
indicating that it wants to use EAP over IKEv2. The MS includes its identity in the IDi payload of the IKE_AUTH request.
The IDi is set to be the same as the NAI and the NAI realm is chosen appropriately for M-NAI devices.The MS embeds the
MAC address of the WiFi access point (AP) in the NAI and includes the IKEv2 configuration payload. Attributes included
in the CFG_REQUEST are at least the INTERNAL_IP4_ADDRESS (with the length set to zero), the
INTERNAL_IP4_DNS, and the 3GPP2_MIP_MODE.
3
When the PDIF/FA receives the IKE_AUTH request, it checks if MAC address authorization is enabled. If so, the
PDIF/FA uses the ims-sh-service interface to the HSS and requests the list of authorized APs for this user via a User Data
Request (UDR).
4
The HSS answers with the list of authorized WiFi APs for the user.
5
After checking that the AP MAC address in the realm portion of the NAI matches with one of the authorized MAC
addresses received from the HSS, the PDIF/FA strips the AP MAC address from the realm portion of the NAI and sends
the resulting NAI as an EAP response identity to the H-AAA using a RADIUS Access-Request message. This message
includes at least the user-name set as the NAI being sent in the EAP response identity, the 3GPP2 correlation ID, the EAPMessage attribute, and the message-authenticator attribute.
6
The H-AAA verifies the identity and checks that WiFi service is allowed for the subscriber. The H-AAA generates a
random value RAND and AUTN based on the shared DMU CHAP-key and a sequence number.The H-AAA sends the
EAP-Request/AKA Challenge to the PDIF/FA via a RADIUS access-challenge. The EAP-Request/AKA Challenge
contains the AT_RAND, AT_AUTN, and the AT_MAC attribute to protect the integrity of the EAP message.
7
The PDIF/FA sends an IKE_AUTH response to the MS with the EAP-Request/AKA-Challenge message received from the
H-AAA.
8
The MS verifies the authentication parameters in the EAP-Request/AKA-Challenge message and if the verification is
successful, it responds to the challenge with an IKE_AUTH Request message to the PDIF/FA. The main payload of this
message is the EAP-Response/AKA-Challenge message.
9
The PDIF/FA forwards the EAP-Response/AKA-Challenge message to the H-AAA via a RADIUS access-request message
(RRQ).
10
If authentication succeeds, the H-AAA sends a RADIUS access-accept message with the EAP-message attribute containing
EAP Success. The H-AAA sends the EAP-Success and the MSK generated during the EAP-AKA authentication process to
the PDIF/FA. The 64-byte MSK is split into two 32-byte parts, with the first 32 bytes sent in the MS-MPPE-REC-KEY and
the second 32 bytes sent in the MS-MPEE-SEND-KEY.Both of these attributes (the values of which are encrypted) are
needed to construct the 64-byte MSK at the PDIF/FA. If either are missing, the PDIF/FA rejects the session. In addition,
the H-AAA sends other attributes equivalent to what it normally sends to the PDSN for a simple IP session. The attributes
include at least the following: The Framed-Pool (if required) so that the PDIF/FA can assign a TIA from the right IP
address pool, the Session-Timeout, and The Idle-Timeout.
11
The PDIF/FA forwards the EAP Success message to the MS in an IKE_AUTH Response message.
12
The MS calculates the MSK (RFC 4187) and uses it to generate the AUTH payload to authenticate the first IKE_SA_INIT
message. The MS sends the AUTH payload in an IKE_AUTH Request message to the PDIF/FA.
13
The PDIF/FA uses the MSK to check the correctness of the AUTH payload received from the MS and calculates its own
AUTH payload for the MS to verify [RFC 4306]. The PDIF/FA sends the AUTH payload to the MS together with the
Configuration Payload (CP) containing security associations and the rest of the IKEv2 parameters in the IKE_AUTH
Response message, and the IKEv2 negotiation terminates.The CP contains the TIA and IP address of the DNS servers that
the device had requested earlier. Although the MS requested a DNS address by including only a single payload option for
INTERNAL_IP4_DNS, the PDIF/FA may include both a primary DNS address and a secondary DNS address if one is
available.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Packet Data Interworking Function Overview
Sample Deployments ▀
Step
Description
14
After a CHILD_SA is created using the TIA, if the PDIF/FA received 3GPP2_MIP_MODE during the IKEv2 negotiation,
or if MIP_Required subscriber configuration is present in the subscriber profiles, the PDIF/FA sends agent advertisements
to the MS.
15
The MS sends a MIP RRQ (including the NAI extension), an MN-AAA authentication extension, etc., to the FA. The HA
IP address is set to 0 (zero) because the H-AAA assigns the HA. This is the usual NAI without the MAC address of the
WiFi AP in the realm.
16
The PDIF/FA sends a RADIUS access-request to the H-AAA to authenticate the MS credential conveyed in the MN-AAA
authentication extension and requests the assignment of an HA.
17
The H-AAA authenticates the MS successfully and sends the RADIUS access-accept message with the HA IP address.
18
The PDIF/FA forwards the RRQ to the HA.
19
The HA sends an access-request to the H-AAA to retrieve the MN-HA key in order to authenticate the MN-HA extension.
20
The HA receives the MN-HA key and authenticates the extension.
21
The HA assigns the IP address (HoA) for the MS and sends the RRP back to the PDIF/FA.
22
The PDIF/FA sends the HoA IP address to the MS.
23
After the MS obtains the HoA in the RRP, the MS sends the CREATE_CHILD_SA message with the Traffic Selector
payload for Initiator (TSi) set to the HoA. This IKEv2 exchange creates a new IPSec SA.
24
The PDIF/FA sends a RADIUS accounting start message to the H-AAA.
25
The PDIF/FA then updates the subscriber's HSS profile with the indication that the IPSec session is active and the
appropriate IP address.In this case, since it is MIP, it is the HoA assigned by the HA. In the case of simple IP Fallback, it
would be the TIA assigned by the PDIF/FA. The HSS profile is updated using the Profile Update-Request (PUR)
command.
26
PDIF/FA sends Delete payload in the informational message to delete the old IPSec SA associated with the previously
assigned TIA.
Simple IP and Simple IP Fallback
For some simple IP deployments, the PDIF/FA authenticates the MS and provides an IP address for packet data
services. In addition, the PDIF/FA supports Simple IP fallback if the MS abandons mobile IP operations due to not
being able to successfully finish mobile IP registration after the first TIA-based IPSec tunnel is established. These
scenarios are described below.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Packet Data Interworking Function Overview
▀ Sample Deployments
Figure 140.
PDIF Simple IP Implementation
Home
Subscriber
Server
Home
AAA
SIP Core
IPSec Tunnel
WiFi
DMH
WiFi
Access
Point
Broadband
Network
IP Core
ST40 PDIF
CDMA
IP Access
Network
PDSN
PLMN/PSTN
BSC/PCF
MSC/VLR
As described for mobile IP, during the initial IPSec tunnel establishment the MS gets a publicly routable TIA from a
pool specified in the Framed Pool RADIUS attribute. When the IKEv2 negotiation finishes, an IPSec SA with a TIA is
established as shown above.
Under normal situations, the MS successfully finishes mobile IP and establishes a new IPSec tunnel. However, if mobile
IP fails, and simple IP fallback mode is enabled, the MS can revert to simple IP fallback mode and start using the TIA as
the source IP address for all communication.
Important: Simple IP fallback is disabled by default. Use the
command in config-subscriber mode to enable simple IP fallback.
Under these circumstances, the PDIF/FA opens the IPSec tunnel to data traffic and forwards any packets from the MS to
the Internet directly. Any received packets from the Internet will be forwarded to the MS. A summary of this process
from the point the TIA is assigned is given below:
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Packet Data Interworking Function Overview
Sample Deployments ▀
Figure 141. Simple IP Fallback Message Sequence
Table 78.
Simple IP Fallback Message Sequence
Step
Description
1
With the IPSec Child SA (Security Association) and TIA already in place, the PDIF sends advertisements to the MS.
2
The MS sends a Registration Request (RRQ) message to the PDIF. The PDIF sends an authentication request to the AAA
server over the RADIUS interface.
3
The AAA server authenticates successfully and sends the IP address of the HA.
4
The PDIF forwards the RRQ message to the HA.
5
The HA denies the request. The PDIF forwards the denial code to the MS.
6
The session setup timer expires and the PDIF goes into fallback mode. The PDIF sends a RADIUS Accounting Start
message.
7
The AAA server sends a RADIUS Accounting Response message.
8
The PDIF updates the HSS with the TIA address of the subscriber.
9
The HSS sends an acknowledgement to the PDIF.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Packet Data Interworking Function Overview
▀ Sample Deployments
Simple IP Fallback Minimum Requirements
There are certain minimum requirements for simple IP fallback, as follows:
There must be a context defined in the CLI configuration.
The default subscriber must be defined in the CLI configuration.
Mobile IP Simple IP Fallback must be defined in the CLI configuration. For example:
The MS has to request MIP by sending an RRQ message to the PDIF/FA. If the MS indicated an intent to use
mobile IP (or was configured with the MIP_Required parameter) but failed to send an RRQ message, the IPSec
session would be disconnected rather than completing a simple IP fallback call.
On supported networks, the PDIF/FA only assumes simple IP fallback mode if mobile IP is attempted but fails
when the MS tries to use mobile IP as the first choice but encounters a problem such as the HA not responding.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Packet Data Interworking Function Overview
Features and Functionality - Base Software ▀
Features and Functionality - Base Software
This section describes the features and functions supported by default in the base PDIF software and the benefits they
provide.
Important:
All known restrictions are shown in Appendix B.
The following is a list of the features in this section:
Duplicate Session Detection
Unsupported Critical Payload Handling
Registration Revocation
CHILD SA Rekey Support
Denial of Service (DoS) Protection: Cookie Challenge
MAC Address Validation
RADIUS Accounting
Special RADIUS Attribute Handling
IPv6 Support
IPv6 Neighbor Discovery
IPv6 Static Routing
Port-Switch-On-L3-Fail for IPv6
IKEv2 Keep-Alive (Dead Peer Detection (DPD))
Congestion Control and Overload Disconnect
SCTP (Stream Control Transmission Protocol) Support
X.509 Digital Trusted Certificate Support
Custom DNS Handling
Duplicate Session Detection
When an MS sets up a new session, the PDIF automatically checks for any remnants of abandoned calls and if found,
clears them.
During a call, the processes of clearing the old session and establishing the new session run in parallel, optimizing
processing functions.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Packet Data Interworking Function Overview
▀ Features and Functionality - Base Software
With every new session setup, the PDIF supports a mechanism to verify whether there is any old session that is bound
with the same International Mobile Subscriber Identity (IMSI) number. This is derived from the Callback-Id AVP in the
last DEA message from the HSS after it has verified the subscriber.
For example, if an MS accesses the PDIF and subsequently moves out of the Wi-Fi coverage area, when the MS comes
back on line, it could initiate a new session. After authentication, if an old session with the same IMSI is detected, the
PDIF starts clearing it by sending a proxy-MIP Deregistration request to the HA. Once a Deregistration request is sent
and a Deregistration response is received, the PDIF resumes the new session setup by sending a proxy-MIP Registration
request. This setup procedure continues after the PDIF receives a proxy-MIP Deregistration response from the HA.
IMSI-based duplicate session detection is supported per source PDIF context. The PDIF requires only one source
context to be configured per PDIF, therefore duplicate session detection across the entire chassis is possible. The feature
is designed with the assumption that no more than one call with duplicate identifies are in the setup stage at any time.
There is no limit to the number of duplicate session handling iterations.
When an old session is cleared, the PDIF sends Diameter STR messages and Radius Accounting STOP messages to
corresponding AAA servers.
The PDIF allows duplicate session detection based on the NAI or IMSI. Note that when detecting based on the NAI, it is
the first-phase (Multi-Authentication device authentication phase) NAI that is used.
If NAI-based duplication session handling is enabled, the PDIF sends an INFORMATIONAL (Delete) message to the
MS.
Duplicate Session Detection is configured in PDIF-Service mode. The default is NAI-based.
Note that this configuration applies only to calls established after the configuration is made. It is therefore suggested that
this selection be made in the boot-time configuration before any calls are established. For example, if NAI-based is used
initially and an X number of calls is established, and then the configuration changes to IMSI-based, IMSI-based
duplicate session handling does not apply to the calls established before the configuration change.
Unsupported Critical Payload Handling
This feature provides a mechanism whereby the PDIF ignores all unsupported critical payloads and continues
processing as if those payloads were never received.
For MOBIKE IKEv2 messages, the PDIF returns UNSUPPORTED_CRITICAL_PAYLOAD in the IKEv2 response
messages. The PDIF also drops all NAT-T keep-alive messages.
Registration Revocation
Registration Revocation is a general mechanism whereby the HA providing mobile IP or proxy mobile IP functionality
to a mobile node notifies the PDIF/FA of the termination of a binding. This functionality provides the following
benefits:
Timely release of mobile IP resources at the FA and/or HA
Accurate accounting
Timely notification to mobile node of change in service
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Packet Data Interworking Function Overview
Features and Functionality - Base Software ▀
Important: Mobile IP registration revocation is also supported for proxy mobile IP. However, in this
implementation, only the HA can initiate the revocation.
Important: For more information, see Mobile-IP Registration Revocation in the System Enhanced Feature
Configuration Guide.
CHILD SA Rekey Support
During Child SA (Security Association) rekeying, there exists momentarily (500ms or less) two Child SAs. This is to
make sure that transient packets for the old Child SA are still processed and not dropped.
PDIF-initiated rekeying is disabled by default. This is the recommended setting, although rekeying can be enabled
through the Crypto Configuration Payload mode commands. By default, rekey request messages from the MS are
ignored.
Denial of Service (DoS) Protection: “Cookie Challenge”
There are several known Denial of Service (DoS) attacks associated with IKEv2. Through a configurable option in the
mode, the PDIF can implement the IKEv2 ―cookie challenge‖ payload method as
described in [RFC 4306]. This is intended to protect against the PDIF creating too many half-opened sessions or other
similar mechanisms. The default is not enabled. If the IKEv2 cookie feature is enabled, when the number of half-opened
IPSec sessions exceeds the reasonable limit (or the trigger point with other detection mechanisms), the PDIF invokes the
cookie challenge payload mechanism to insure that only legitimate subscribers are initiating the IKEv2 tunnel request,
and not a spoofed attack.
If the IKEv2 cookie feature is enabled, and the number of half-opened IPSec sessions exceeds the configured limit of
any integer between 0 and 100,000, the call setup is as shown in the figure below.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Packet Data Interworking Function Overview
▀ Features and Functionality - Base Software
Figure 142. DoS Cookie-Challenge-Enabled IKEv2 Message Exchange
Table 79. DoS Cookie Challenge Enabled IKEv2 Message Exchange
Step
Description
1
The MS places a call to the WiFi AP.
2
The WiFi AP returns the IP address of the PDIF.
3
The MS sends an IKE_SA_INIT request. message.
4
The PDIF sends the Notify (cookie) payload to the MS to request retransmission of the IKE_SA_INIT request message to
include the Notify (cookie) payload in the message.
5
Upon receipt of the retransmitted message, the PDIF verifies the cookie payload and ensures it is the same cookie as the
one it had sent.
6
If the cookie challenge is met, setup continues as normal with an IKE_SA_INIT response message.
Cookie Challenge Statistics
Cookie challenge statistics appear in the outputs for the following commands:
: Shows the total number of invalid cookies per
manager instance.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Packet Data Interworking Function Overview
Features and Functionality - Base Software ▀
: Shows NPU statistics on each IPSec manager.
: Shows the combined data statistics for the given context name. Includes the
number of cookie flows, the number of cookie flow packets, and the total number of cookie errors.
: Shows the control statistics for a given context name. Includes the
output for
plus Total IKEv2 Cookie Statistics, Cookie Notify Sent, Cookie
Notify Received, Cookie Notify Match, Cookie Notify NOT Match, and Invalid Notify Payload Cookie.
MAC Address Validation
The MS embeds the MAC address from the WiFi AP in the NAI when it sends an IKEv2 AUTH request. If MAC
address validation is enabled on the PDIF, it sends a Diameter User-Data-Request (UDR) message to the HSS with the
NAI from the MS. The HSS returns a User-Data-Answer (UDA) message to the PDIF containing a list of authorized
MAC addresses.
If the PDIF finds the MAC address in this list, the MAC address validation succeeds, and the PDIF continues with the
IKEv2 call. The MS starts EAP authentication through IKEv2 AUTH procedures. If configured to do so, the PDIF
removes the MAC address from the NAI when sending authentication requests to external RADIUS servers. If the
embedded MAC address is not removed, the authentication check fails, because the AAA server cannot accommodate
embedded MAC addresses.
If the MAC address is not in the list, the MAC address authorization fails, and the IKEv2 session is terminated with a
Notify Message Type 16382 - Private User Errors message.
If the HSS interface is not reachable, it is possible that the IKEv2 session setup could continue as if the MAC
authorization had succeeded. However, such error behaviors, including various Diameter error codes from the HSS, are
configuration options. That means if an HSS returns an error, the action could be either to continue or to terminate the
session. This is discussed in Diameter Failure Handling.
Important:
See also Diameter Authentication Failure-Handling in the Command Line Interface Reference.
RADIUS Accounting
RADIUS Accounting messages are not generated while mobile IP setup is in progress.
A RADIUS accounting START message is generated when the session is established.
RADIUS INTERIM accounting messages are generated at configured intervals in a call.
A RADIUS STOP accounting message is sent to the AAA server when the call ends.
There is no session dormancy in the PDIF. Once the session is active, the session never goes to a dormant state.
Important: RADIUS attributes and customizable dictionary types are described in the AAA Interface
Administration and Reference. For the impact of attributes in Request and Reply messages, see also Mobile IP Native
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Packet Data Interworking Function Overview
▀ Features and Functionality - Base Software
Simple IP Call Minimum Requirements. There is additional attribute information in the Session Termination section in
Troubleshooting.
Special RADIUS Attribute Handling
Certain attributes require special handling on the PDIF with the attribute values either controlled by a RADIUS
dictionary entry or a PDIF-service configurable. No configuration has no behavioral effect.
3GPP2-Serving-PCF. The generation of each new custom dictionary requires a new PDIF image. Configured in
the pdif-service mode, the command
<
>
specifies the required values for the attribute without building a new software image. If configured, this
attribute is sent in RADIUS accounting messages.
The following attributes are in custom dictionaries but have a customer-requested component.
Calling-Station-ID. Required for PDIF RADIUS messages, there is a ―dummy‖ value of 000000000000000
(fifteen zeros) set in this attribute. For non-PDIF product lines, the configured value may be taken only if no
attributes are received through the corresponding access protocols. Configurable in the PDIF-service.
NAS-Port-Type. The 3GPP2 X.P0028-200 standard requires this value to be set as ―5 (= Virtual).‖ Controlled
through the RADIUS dictionary.
Service-Type. Cisco specifies a Service Type of ―framed‖ for PDIF messages. Controlled through the RADIUS
dictionary.
Framed-Protocol. There is no attribute value defined for IPSec. Cisco specifies a value of ―PPP‖ for PDIF
messages. Controlled through the RADIUS dictionary.
BSID. Base Station ID is used in billing for calculating time-zone offsets. There is a dummy value set in this
attribute for RADIUS messages from the PDIF. Configured in the PDIF-service.
3GPP2-MEID and 3GPP2-ESN. Since the customer billing system expects these attributes, a null value is set in
these attributes for RADIUS messages from the PDIF. Mobile Equipment Identifier (MEID) uniquely
identifies the mobile equipment and is the future replacement for Electronic Serial Number (ESN) of the
Mobile Station. Controlled through the RADIUS dictionary.
3GPP2-Last-Activity. The event timestamp is set in this attribute where applicable in RADIUS messages from
PDIF. This attribute is the same as the 3GPP2-Last-User-Activity-Time standard attribute.
3GPP2-Service-Option. Set with a default value of 4095. Configurable in the PDIF-service.
SN-Disconnect-Reason.This is a Cisco VSA that specifies a more detailed reason for session disconnection.
3GPP2-Active-Time If required for billing purposes, this VSA could be populated with the session length by
generating a new RADIUS dictionary with this attribute. Unless specifically requested, a custom RADIUS
dictionary does not include the 3GPP2-Active-Time VSA.
Mobile IP and Proxy Mobile IP Attributes
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Packet Data Interworking Function Overview
Features and Functionality - Base Software ▀
Important: The SN-Proxy-MIP attribute is required when PDIF supports proxy mobile IP. The PDIF-Mobile-IPRequired attribute is SN1-PDIF-MIP-Required. These attributes need to be returned in a AAA response message or the
mobile IP call fails, although there might be an option for simple IP call setup. See the Sample Deployments section for
more information on attribute messaging.
IPv6 Support
This section describes the level of IPv6 support. All known restrictions are shown in Engineering Restrictions.
Configuration examples are shown in Configuration.
Native IPv6 supports configuration of interfaces and routes with IPv6 (128-bit) addressing. PDIF supports IPv6 for
communication with Diameter servers over SCTP. Using the Diameter proxy mechanism, each PSC needs a unique
IPv6 address. Multiple IPv6 interfaces per context are supported.
Native IPv6 interfaces communicate with the Diameter servers. PDIF supports the configuration of 32 IPv6 Ethernet
interfaces and 32 IPv6 loopback interfaces per context:
One configured (CIDR global or site-local) IPv6 address per interface.
Support for auto-configuration of link-local address based on an assigned MAC address. If the MAC address
changes, the link-local addresses are updated accordingly. If a virtual MAC address is configured, it uses that
MAC address for the link-local IFID. Note that this is distinct from the manual configuration of IPv6 addresses
described below.
IPv6 Neighbor Discovery
IPv6 Neighbor Discovery protocol is used to dynamically discover the directly attached devices on IPv6 interfaces. It
facilitates the mapping of MAC addresses to IPv6 Addresses. PDIF supports a subset of IPv6 Neighbor Discovery as
defined by [RFC 2461] as follows:
Uses IPv6 Neighbor Discovery to learn the Ethernet link-layer addresses of the directly connected next-hop
gateway.
Supports configuration of static IPv6 neighbors.
Adds link-local addresses to Ethernet type interfaces automatically.
Performs Unsolicited Neighbor Advertisement on line card switchover.
Responds to neighbor discovery requests for the PDIF IPv6 addresses.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Packet Data Interworking Function Overview
▀ Features and Functionality - Base Software
IPv6 Static Routing
Native IPv6 routing allows the forwarding of IPv6 packets between IPv6 networks. The forwarding lookup is based on
destination IPv6 address longest prefix match.
PDIF supports configuration of static routes including a default route. If a default route is configured, all IPv6 traffic is
forwarded to the configured next-hop defined by the default route.
Port-Switch-On-L3-Fail for IPv6
IPv4 port failover redundancy if L3 connectivity is lost is extended to support IPv6 addresses.
For more information on configuring port-switch-on-l3-fail, see Ethernet Interface Configuration Commands in the
Command Line Interface Reference and Creating and Configuring Ethernet Interfaces and Ports in the System Element
Configuration Procedures section of the System Administration Guide.
IKEv2 Keep-Alive (Dead Peer Detection (DPD))
PDIF supports DPD protocol messages originating from both the MS and the PDIF/FA. DPD is configured on a perPDIF-service basis. The administrator can also disable DPD and the PDIF/FA does not initiate DPD exchanges with the
MS when disabled. However, the PDIF/FA always responds to DPD availability checks initiated by the MS regardless
of the PDIF/FA idle timer configuration.
Important:
For a number of failure scenarios involving Dead Peer Detection, refer to the Troubleshooting
chapter.
Congestion Control and Overload Disconnect
Congestion control is an operator-configurable facility. When the PDIF chassis reaches certain limits (based on CPU
utilization, port utilization, and other controls) the system enters a congested state. When in a congested state, existing
calls are not impacted but new calls are potentially restricted.There is a separate subscriber-level configuration to
enable/disable the feature on a per-subscriber basis. There is also a subscriber-level configurable for
and
thresholds to remove some old and abandoned calls from the system.
The disconnection scenario is as follows:
If only
disconnection.
If only
disconnection.
is configured, sessions exceeding this threshold would be selected for
is configured, sessions exceeding this threshold would be selected for
If both
and
are configured, sessions with an idletime greater than the idle-time threshold and a connect-time greater than the connect-time-threshold would be
selected for disconnection.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Packet Data Interworking Function Overview
Features and Functionality - Base Software ▀
If neither
nor
is configured, sessions are sorted
based on the idle-timer, and sessions with a longer idle-timer are deleted first.
SCTP (Stream Control Transmission Protocol) Support
PDIF provides support for SCTP (Stream Control Transmission Protocol) for use in communicating with Diameter
peers over IPv6.
Diameter/SCTP connections are set up for administratively enabled Diameter peers whenever the system configuration
is loaded. In the event of certain card or task-level failures, SCTP connections are torn down and re-established (but
note that the Diameter state will still be maintained).
SCTP complies with the description in [RFC 2960 Section 5.1.1] for how to handle the case where the peer is incapable
of supporting all of the outbound streams that the endpoint wants to configure. Specifically, PDIF does not abort the
session but instead adjusts the association's number of outbound streams to match the number of inbound streams
advertised by the peer (in the event that the number sent is less).
X.509 Digital Trusted Certificate Support
A digital certificate is an electronic credit card that establishes one's credentials when doing business or other
transactions on the Web. Some digital certificates conform to ITU-T standard X.509 for a Public Key Infrastructure
(PKI) and Privilege Management Infrastructure (PMI). X.509 specifies, among other things, standard formats for public
key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.
The PDIF generates an SNMP notification when the certificate is within 30 days of expiration and approximately once a
day until a new certificate is provided. The operator needs to generate a new certificate and then configure the new
certificate using the CLI. The certificate is then used for all new sessions.
Important:
For more configuration information, refer to Global Configuration in the Command Line Interface
Reference.
Custom DNS Handling
By default, the PDIF always returns a DNS address in the CP payload if one is received from the configuration or the
HA. A new CLI has been added defining an alternate series of supported behaviors depending on the number of
INTERNAL_IP4_DNS. These include, but are not limited to, the following:
Provides a mechanism whereby the DNS address present in configurations will be sent to the MS in the CP
payload only if the MS requests one.
The address 0.0.0.0 is treated as invalid and not included.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Packet Data Interworking Function Overview
▀ Features and Functionality - Base Software
Important: For more information including full definitions for each of the trigger behaviors, see Configuring
Crypto Template in Configuration, and also see the Command Line Interface Reference.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Packet Data Interworking Function Overview
Features and Functionality - Licensed Enhanced Feature Support ▀
Features and Functionality - Licensed Enhanced Feature
Support
This section covers any feature not covered by the base PDIF software and is licensed either separately or in a
customized bundle of feature licenses.
Important: For detailed information on obtaining and installing licenses, refer to the Managing License Keys
section of Software Management Operations in the System Administration Guide.
This section describes the following features:
PDIF Service
Lawful Intercept
Diameter Authentication Failure Handling
Online Upgrade
Operation Over a Common IPv4 Network
Operation Over a Common IPv6 Network
Session Recovery Support
IPSec/IKEv2
Simple IP Fallback
Simple IP
Proxy Mobile IP
Multiple Authentication in a Proxy Mobile IP Network
RADIUS Authentication
Termination
Session Recovery
Intelligent Packet Monitoring System (IPMS)
Multiple Traffic Selectors
Selective Diameter Profile Update Request Control
PDIF Service
The PDIF service and the processes associated with it define the PDIF itself. The PDIF service enables mobile stations
to interface with the PDIF.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Packet Data Interworking Function Overview
▀ Features and Functionality - Licensed Enhanced Feature Support
The PDIF service configuration includes the following:
The IPv4 address for the service: This is the PDIF IP address to which the MS tries to connect. The MS sends
IKEv2 messages to this IP address and this address must be a valid address in the context. PDIF service will
not be up and running if this IP address is not configured.
The name of the crypto template for IKEv2: A crypto template is used to configure an IKEv2 PDIF IPSec
policy. It includes most of the IPSec parameters and IKEv2 parameters for keep-alive, lifetime, NAT-T and
cryptographic and authentication algorithms. There must be one crypto template per PDIF service. The PDIF
service will not be up and running without a crypto-template configuration.
The EAP profile name: This profile defines the EAP authentication methods.
Multiple authentication support: The multiple authentication configuration is a part of the crypto template.
IKEv2 and IPSec transform sets: These define the negotiable algorithms for IKE SA and CHILD SA setup to
connect calls to the PDIF/FA.
Configure the setup timeout value: The MS connection attempt is terminated if the MS does not establish a
successful connection within the configured value.
Mobile IP foreign agent context and foreign agent service: This defines the system context where mobile IP
foreign agent functionalities are configured.
Max-sessions: The maximum number of subscriber sessions allowed by this PDIF service.
PDIF supports a domain template for storing domain related configuration: The domain name is taken from
the received NAI and searched in the domain template database.
3GPP2 serving PCF address: This configurable specifies what value in the RADIUS attribute when sending
authentication and accounting messages.
Duplicate session detection parameters: PDIF supports either NAI (first phase authentication) or IMSI to be
used for duplicate session detection. This configuration specifies whether duplicate session detection is based
on IMSI or NAI. The default is NAI.
When the PDIF service is configured in the system with the IP address, crypto template, etc., the PDIF is ready to accept
IKEv2 control packets for establishing IKEv2 PDIF sessions.
There is a limit to the number of CHILD SAs supported by each PDIF service. Traditionally, other Cisco services limit
this to the number of subscriber sessions. The PDIF treats this as the number of CHILD SAs. This means that if each
subscriber establishes only a single CHILD SA, the limit will be equal to the number of subscriber sessions. During
CHILD SA rekeying, for a small duration of time, there are two CHILD SAs in the system. This is to make sure that
transient packets for the old CHILD SA are still processed (not dropped).
Lawful Intercept
The PDIF supports the Lawful Interception (LI) of subscriber session information. This functionality provides
Telecommunication Service Providers (TSPs) with a mechanism to assist Law Enforcement Agencies (LEAs) in the
monitoring of suspicious individuals (referred to as targets) for potential criminal activity.
The following standards were referenced:
TR-45 Lawfully Authorized Electronic Surveillance TIA/EIA J-STD-025 PN4465 RV 1.7
3GPP TS 33.106 V6.1.0 (2004-06): 3rd Generation Partnership Project; Technical Specification Group Services
and System Aspects; 3G security; Lawful Interception requirements (Release 6)
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Packet Data Interworking Function Overview
Features and Functionality - Licensed Enhanced Feature Support ▀
3GPP TS 33.107 V6.2.0 (2004-06): 3rd Generation Partnership Project; Technical Specification Group Services
and System Aspects; 3G security; Lawful interception architecture and functions (Release 6)
Technical Directive: Requirements for implementing statutory telecommunications interception measures (TR
TKÜ), Version 4.0
LEAs provide one or more TSPs with court orders or warrants requesting the monitoring of a particular target. The
target is identified by information such as their Mobile Station Integrated Services Digital Network (MSISDN) number,
or their International Mobile Subscriber Identification (IMSI) number.
Once the target has been identified, the system, functioning as either a GGSN or HA, serves as an Access Function (AF)
and performs monitoring for both new PDP contexts or PDP contexts that are already in progress. While monitoring, the
system intercepts and duplicates Content of Communication (CC) and/or Intercept Related Information (IRI) and
forwards it to a Delivery Function (DF) over an extensible, proprietary interface. Note that when a target establishes
multiple, simultaneous PDP contexts, the system intercepts CC and IRI for each of them. The DF, in turn, delivers the
intercepted content to one or more Collection Functions (CFs).
Diameter Authentication Failure Handling
Diameter EAP failure handling defines error handling for both Session Termination Requests and for EAP Requests.
Specific actions (continue, retry-and-terminate, or terminate) can be associated with each possible result-code. EAP
failure handling is flexible enough that wide ranges of result codes can be defined with the same action, or actions can
be bound on a per-result-code basis.
A failure does not necessarily mean a summary termination of a call.
The following configuration:
configures result codes 5001, 5002, 5004 and 5005 to mean the session could continue regardless of the error,
and
configures result code 5003 to mean terminate the session immediately.
In this scenario, the PDIF receives the DEA from an HSS with the failure code 5003 to terminate the IKE setup for the
session. The PDIF sends the IKE_AUTH Response containing a Notify Payload with the type as AUTH_FAILED plus
the EAP payload if one was received in the DEA.
When the PDIF received the last DEA message with AVPs that are not in the dictionary, and with the M-bit set to 1, the
PDIF disconnects the session.
Important: Refer to Configuring Diameter Authentication Failure Handling in the AAA Interface Administration
and Reference and the Command Line Interface Reference for more information.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Packet Data Interworking Function Overview
▀ Features and Functionality - Licensed Enhanced Feature Support
Online Upgrade
The customer has the benefits of upgrading software from a fully redundant device without the expense of maintaining a
fully loaded, fully redundant ASR 5000 in a permanent state of standby.
The PDIF supports online software upgrades with a single software version difference between two chassis. For
example, upgrading from Release 8.1 to 8.2 is supported. Support for a chassis running greater differences in software
versions would be qualified by Cisco on an as-needed basis.
Important:
Refer to the Maintenance chapter in this guide for information on how to perform the upgrade.
The online upgrade process calls for a spare ASR 5000 to temporarily perform the services currently being provided by
a live networked chassis and upgrade the software with minimal service interruption. This model is called ActiveStandby, as one chassis is designated as active and the other as standby. The standby chassis does not handle any new,
incoming sessions because the DNS allocating new sessions does not know about the backup chassis. The backup is
only required to handle sessions that were already on the primary chassis when it was administratively disconnected
from the DNS server. Except for the data loss during the brief chassis switch-over, the session information (accounting
and timers) are synchronized so that they are accurate when the backup becomes the active PDIF.
Important: Online upgrade requires miscellaneous internal processing that may result in intensive CPU
utilization. Up to 50% CPU utilization overhead should be expected during the upgrade.
The Active-Standby Upgrade Model
The Active-Standby model is shown below:
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Packet Data Interworking Function Overview
Features and Functionality - Licensed Enhanced Feature Support ▀
Figure 143. Active-Standby Online Upgrade Model
The active and standby chassis are connected by an SRP redundancy link to monitor and control the chassis state. Both
active and standby chassis have SRP-activated resources defined. Resources could mean loopback interfaces, broadcast
interfaces, or IP pools, depending on the installation. For this example, use loopback interfaces.
These resources are the same between the active and standby PDIF. Loopback IP addresses in ingress and egress
contexts, and IP pools in egress contexts, are usually SRP-activated resources. The result is that only the currently active
chassis enables the SRP-activated resources. The activate command is
.
Important:
Ingress and egress contexts could be the same context. The SRP context must be a separate context.
In the network diagram below, each ingress context has loopback interface A defined, which is SRP-activated. PDIF
service A is bound to this interface. The standby chassis has the same interface and PDIF service defined. Both interface
and service can only be enabled on the active chassis. Similarly, interface B is defined in the egress context, which can
be activated only in the active chassis.
When the active chassis switches over, the standby chassis becomes active and enables all SRP-activated IP interfaces
and IP pools so that it can function as a mirror image of the former primary PDIF.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Packet Data Interworking Function Overview
▀ Features and Functionality - Licensed Enhanced Feature Support
Figure 144. Loopback Interface Configuration
Primary PDIF Chassis
AAA
Context
I/F
A
I/F
C
Ingress
Context
Egress
Context
I/F
B
Egress
Context
I/F
B
SRP Link
SRP
Context
SRP
Context
I/F
A
Ingress
Context
AAA
Context
I/F
C
Backup PDIF Chassis
I/F
A
Active SRP – Activated loopback interface
I/F
A
Standby SRP – Activated loopback interface
Operation Over a Common IPv4 Network
The PDIF supports L2 switching to enable carriers not using dynamic routing between the core nodes to perform an
online upgrade.
In the example below, the SRP virtual MAC address is configured for the SRP-activated loopback address for the
subnet. This allows the standby chassis to seamlessly assume the active role in the network after a switchover. Attached
devices continue to send to the same SRP virtual MAC address and the currently active chassis responds to ARP
requests for the shared loopback IP address. This scheme allows fast standby-to-active transitions, since the SRP virtual
MAC address does not change during the switchover.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Packet Data Interworking Function Overview
Features and Functionality - Licensed Enhanced Feature Support ▀
When the ASR 5000 transitions from backup to primary, the PDIF sends Gratuitous ARPs to update the port-MAC table
of the adjacent switch.
Figure 145. Switchover Example for Common IPv4 Subnet
Operation Over a Common IPv6 Network
For AAA context with Diameter/SCTP/IPv6 configuration, multiple loopback IPv6 addresses are configured as
Diameter endpoints. The customer can SRP-activate these loopback addresses and, upon SRP switchover, the HSS/SLF
still sees the same Diameter peer endpoint. No new Diameter peer configuration to the HSS/SLF is required.
With SRP switchover operation in effect, the PDIF shuts down all the SCTP connections to the HSS/SLF. Then the
former backup PDIF immediately creates new SCTP connections with the HSS/SLF. In this reestablishment process, the
backup chassis sends an Unsolicited Neighbor Advertisement message to the adjacent switch, which is then used to
overwrite its port MAC address table as shown in the diagram below.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Packet Data Interworking Function Overview
▀ Features and Functionality - Licensed Enhanced Feature Support
Figure 146. Switchover Example for a Common IPv6 Subnet
Other Devices
The following table summarizes how other network devices see two ASR 5000s chassis during online upgrade. The
table below assumes that a SRP-activated loopback address is configured in the source (toward the MS), the destination
(toward the HA), and the AAA contexts (Diameter and RADIUS).
Table 80. The Chassis as seen from Other Network Devices During Upgrade
Network
Entity
Consideration in Two-Chassis Configuration
L3 switch
(MS ~
PDIF)
This L3 switch sees two chassis as a single entity. Only the physical port in the switch changes due to the
switchover operation by G-ARP. The rest of the ASR 5000 information (IP address and MAC address) remain the
same.
L3 switch
(PDIF ~
HA)
This L3 switch sees two chassis as a single entity. Only the physical port in the switch changes due to the
switchover operation by G-ARP. The rest of the ASR 5000 information (IP address and MAC address) remains the
same.
Diameter
Server
The MS sees two PDIFs as the same entity. However, upon switchover the SCTP connection is disconnected and
then a new SCTP connection with ASR 5000 is established immediately.If an L3 switch exists between the PDIF
and Diameter server, it sees two chassis as a single entity. Only the physical port in the switch changes due to the
switchover operation by IPv6 Unsolicited Neighbor Advertisement. The rest of the ASR 5000 information (IP
address and MAC address) remains the same.
RADIUS
Server
This L3 switch sees these two chassis as a single entity. Only the physical port in the switch changes due to the
switchover operation by G-ARP. The rest of the chassis information (IP address and MAC address) remains the
same.If there should be an L3 switch between the PDIF and a RADIUS server, it sees two chassis as a single
entity. Only the physical port in the switch changes due to the switchover operation by G-ARP, and the rest of the
ASR 5000 information (IP address and MAC address) remains the same.
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Packet Data Interworking Function Overview
Features and Functionality - Licensed Enhanced Feature Support ▀
Network
Entity
Consideration in Two-Chassis Configuration
IPMS Server
Each chassis is connected to an independent IPMS Server. When a switchover takes place, the new IPMS Server
continues to capture and store the call logs (signaling messages and events).
O&M
Device
Each chassis is connected to an independent O&M Device. When a switchover takes place, the new O&M Device
continues to perform the function as the original device was configured.
Session Recovery Support
The session recovery feature provides seamless failover and almost instantaneous reconstruction of subscriber session
information in the event of a hardware or software fault within the same chassis, preventing a fully connected user
session from being dropped.
Session recovery is performed by mirroring key software processes (the session manager and the AAA manager, for
example) within a single PDIF. These mirrored processes remain in an idle state (in standby mode), wherein they
perform no processing, until they may be needed in the case of a software failure (a session manager task aborts, for
example). The system spawns new instances of standby mode sessions and AAA managers for each active Control
Processor (CP) being used.
Additionally, other key system-level software tasks such as VPN manager are performed on a physically separate Packet
Services Card (PSC/PSC2) to ensure that a double software fault (the session manager and the VPN manager fail at
same time on same card, for example) cannot occur. The PSC used to host the VPN manager process is in active mode
and is reserved by the operating system for this sole use when session recovery is enabled.
The additional hardware resources required for session recovery include a standby System Management Card (SMC)
and a standby PSC.
There are two modes for session recovery.
Task recovery mode: Wherein one or more session manager failures occur and are recovered without the need
to use resources on a standby PSC. In this mode, recovery is performed by using the mirrored standby-mode
session manager tasks running on active PSCs. The standby-mode task is renamed, made active, and is then
populated using information from other tasks such as AAA manager.
Full PSC recovery mode: Used when a PSC hardware failure occurs, or when a PSC migration failure happens.
In this mode, the standby PSC is made active and the standby-mode session manager and AAA manager tasks
on the newly-activated PSC perform session recovery.
Session/call state information is saved in the peer AAA manager task because each AAA manager and session manager
task is paired together. To ensure task recovery, these pairs are started on physically different PSCs.
Important: For more information on session recovery support, refer to Session Recovery in the System Enhanced
Feature Configuration Guide.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Packet Data Interworking Function Overview
▀ Features and Functionality - Licensed Enhanced Feature Support
IPSec/IKEv2
IKEv2 and IPSec transform sets configured in the crypto template define the negotiable algorithms for IKE SA and
CHILD SA setup to connect calls to the PDIF/FA by creating two secure tunnels. The first, called the Tunnel Inner
Address (TIA) is for signaling traffic, but in some cases it can be used for user traffic which can then use the TIA IP
address. The second IPSec SA connects the MS to an HA for a mobile IP call.
Refer to Sample Deployments for a full description of how a variety of calls are successfullyset up (and torn down) in a
variety of network scenarios.
At the beginning of IKEv2 session setup, the PDIF and MS exchange capability for multiple authentication. Multiple
authentication is configured in the crypto template of the PDIF service. When multiple authentication is enabled in the
PDIF service, the PDIF will include MULTIPLE_AUTH_SUPPORTED Notify payload in the initial IKEv2 setup
response.
The MS first sends an NAI for the device authentication, in which EAP-AKA is used. After the successful EAP-AKA
transaction between the MS and the HSS, the HSS is expected to return the IMSI number for this subscriber. The PDIF
uses the authorized IMSI number for session management.
Once the device authentication is successful, the MS notifies the PDIF of its intention to continue subscriber
authentication only if the PDIF indicates it has multiple authentication support during the initial IKEv2 exchanges. The
MS sends the second NAI that may be different from the first one used during the device authentication. The subscriber
authentication is completed either using EAP-MD5 or EAP-GTC. Upon successful authentication, the PDIF continues
proxy MIP registration before granting its access to the network.
Even if the PDIF sends the MULTIPLE_AUTH_SUPPORTED capability in the initial IKEv2 setup response, the MS
may not support multiple authentication and hence may not include MULTIPLE_AUTH_SUPPORTED Notify payload
in the subsequent IKEv2 AUTH exchange. In this case, the MS may only go through the first authentication (which is
EAP-AKA authentication). After EAP-AKA authentication, if proxy-mip-required is configured for the session (either
through the domain or the default subscriber or the corresponding Diameter AVP), the PDIF will establish a proxy
mobile IP session with the HA. The assigned IP address is normally done by the HA and the PDIF receives this address
through proxy mobile IP RRP. The PDIF will pass this address back to the MS through the final IKE_AUTH exchange.
On the other hand, if proxy-mip-required configuration is not present or disabled, then the PDIF will continue the
simple IP session setup by allocating the IP address for the MS from the locally configured pool.
When the MS sends MULTI_AUTH_SUPPORTED Notify payload in subsequent IKE_ AUTH exchanges, the PDIF
knows the MS wants to do the second authentication. After the first successful EAP-AKA authentication, the MS will
indicate to the PDIF regarding the second authentication (through ANOTHER_AUTH_FOLLOWS Notify payload in
the final IKEv2 AUTH request). Please note that the IP address of the MS will not be assigned during the first
authentication if the second authentication is to happen. The MS will then initiate the second authentication IKEv2
exchanges. In some networks, this second authentication uses the RADIUS AAA interface. The proxy-mip-required
attribute will normally be present in the subscriber profile (or in the domain or default subscriber template) through a
RADIUS attribute in the Access Accept message. After successful authentication, if proxy-mip-required is enabled, the
PDIF will setup a proxy mobile IP session with the HA, and the HA assigns an IP address to the MS. If proxy-miprequired is disabled (or not present in the subscriber/domain profile), the PDIF establishes a simple IP session and routes
traffic using the direct IP interface.
Simple IP Fallback
Network operators with handsets that are mobile IP capable may want the MS to be connected to the network and
capable of doing data transfer even though the mobile IP registration process might fail under certain situations. If the
mobile IP registration failures are due to HA reachability issues or any authentication problems, the MS should still be
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
Packet Data Interworking Function Overview
Features and Functionality - Licensed Enhanced Feature Support ▀
able to connect to the network using a simple IP connection, assuming that simple IP fallback is enabled in the PDIF
configuration. See Simple IP and Simple IP Fallback in this chapter for a full description of this type of network
configuration.
Simple IP
Simple IP is a solution for network providers whose subscribers fall primarily within a limited set of requirements. It
provides the following:
A mobility solution for subscribers who do not typically roam outside their immediate coverage area.
An appropriate level of service for users who do not use the network in such as way as to need constant service
between coverage areas. For example, subscribers who do not perform large file downloads.
A mechanism to complete a call even if the proxy-mip-required or mip-required attributes are not configured in
the subscriber or domain profile.
Proxy Mobile IP
Proxy mobile IP has the following benefits:
Allows an MS that does not support mobile IP to have the same roaming benefits of one that does.
The PDIF communicates with the HA and acts as if the PDIF itself were the handset.
Proxy mobile IP is configured through the
configuration, or the corresponding
Diameter AVP or RADIUS Access Accept messages. If neither are present, the PDIF establishes a simple IP
session and the PDIF routes the call to the Internet or corporate network.
Proxy mobile IP provides a mobility solution for subscribers whose mobile nodes do not support mobile IP protocol.
The PDIF sets up the mobile IP tunnel with the HA and the PDIF proxies or acts on behalf of the handset as if it were
the handset. The subscriber receives an IP address from either the service provider or from their home network. As the
subscriber roams through the network as if it were using a full mobile IP connection, the IP address is maintained
providing the subscriber with the opportunity to use IP applications that require seamless mobility such as transferring
files.
Important:
Refer to Proxy Mobile-IP in the System Administration Guide for more information.
Multiple Authentication in a Proxy Mobile IP Network
Multiple authentication requires authenticating both the device and the subscriber.
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Packet Data Interworking Function Overview
▀ Features and Functionality - Licensed Enhanced Feature Support
At the beginning of the IKEv2 session setup, the PDIF and the MS exchange capability for multiple authentication.
Multiple authentication is configured in the PDIF service as part of the crypto template where it is associated with an
EAP profile. The EAP profile defines the authentication mode and method. If multiple authentication is enabled in the
crypto template, the PDIF includes a MULTIPLE_AUTH_SUPPORTED Notify payload in the initial IKEv2 setup
response.
Important: Even if the PDIF confirms MULTIPLE_AUTH_SUPPORTED capability in the initial IKEv2 setup
response, the MS may not support multiple authentication and hence may not include a
MULTIPLE_AUTH_SUPPORTED Notify payload in the subsequent IKEv2 AUTH exchange. In this case, the MS may
only go through the first-phase (EAP-AKA) of device authentication.
During initial IKEv2/IPSec security setup exchanges, the MS undergoes both device authentication and subscriber
authentication. This is because even if the device is fully authenticated, a PDIF may not be able to tell which servic