Table Of Contents
Cisco Service Control GRE and GTP Insertion Solution Guide,
Release 3.6.xOverview of the Service Control GRE and GTP Insertion Solution
GRE Tunnel Concatenation (GRE over Other Tunnels)
GTP Configuration and Monitoring
GRE and GTP Insertion Solution Limitations
Example of GTP-U Packets With Sequence Number Option
Example of GTP-U Packets Without Sequence Number Option
Obtaining Documentation and Submitting a Service Request
Solution Guide
Cisco Service Control GRE and GTP Insertion Solution Guide,
Release 3.6.x
Revised: March 28, 2010, OL-20612-01
Note This document supports all 3.6.x releases.
1 Overview of the Service Control GRE and GTP Insertion Solution
This section provides an overview of the GRE and GTP insertion solution. The GRE and GTP insertion solution enables the SCE to monitor and control the GRE and GTP tunneling protocols. This section contains:
GRE Feature Overview
Tunneling protocols are used in many networks for various purposes, including virtual private networks (VPNs), traffic engineering, security, and so forth. Some encapsulations are IP based such as GRE, and some are placed in lower levels; for example in layer 2.5.
The SCE natively analyzes IP based traffic. IP addresses are the basis for the flow classification (the 5-tuple contains IP addresses), and for subscriber identification (most commonly used subscriber ID is the subscriber IP address).
In tunneled networks, the IP packet is further encapsulated by some encapsulation protocol. In order for the SCE to analyze the IP packet, specific parsing of the encapsulating protocol needs to be performed.
Furthermore, in some networks, the IP addresses used inside the tunneled traffic are private IP addresses. For example, addresses that are not unique among the flows seen on a single SCE. In these cases, the identification of the source/destination of the packet must be based on both the IP address and the tunnel information found in the packet.
In networks with private IP addresses, or without them, it is desirable to treat a whole segment of the network as a single subscriber. Such a segment may be a whole VPN, a specific VLAN, a specific tunnel and so forth. In these cases, the subscriber is defined by a general identifier that applies to all the IP addresses generating traffic over that network segment. This allows the SCE to disregard the specific client, and only refer to the group it is associated with, when defining the subscribers.
GTP Feature Overview
In General Packet Radio Service (GPRS) backbone network GPRS Tunneling Protocol (GTP) is a high level tunneling protocol used to carry signaling and data.
GPRS backbone network (or core network) contains several nodes of GPRS Support Node (GSN), which communicate with each other using Internet Protocol (IP) as shown in Figure 1. GSNs are either SGSNs or GGSNs. The Serving GPRS Support Node (SGSN) is used to communicate with Mobile Terminal (MT) equipment or relay data inside the backbone network to outside connections which in turn are controlled by the Gateway GPRS Support Nodes (GGSNs). This relaying is implemented in the backbone network using GTP on top of UDP/IP (GTPv1).
Figure 1 Cisco eGGGSN PCC Reference Model With DPI Intercept Application Manager
A GTP Tunnel is a virtual connection between two GSNs (usually between SGSN/RNC and GGSN). One GTP Tunnel can contain several multiplexed user data connections (several MTs can share same GTP tunnel without any knowledge of each other). GTP Tunnel uses a packet data path in the GPRS backbone network, which is UDP/IP path.
The evolvement of the wireless technology makes the wireless segment more and more similar to the wire line market and as a result the demand for DPI applications in this segment is increased.
The GTP support will allow SCE to monitor local and roaming traffic in the Gn/Gp pipes. DCSP marking active application can be implemented in GTP environment as well.
2 GRE Tunneling Feature Details
This section summarizes the SCE8000 support for GRE tunneling. The following GRE tunneling information is described:
•GRE is supported only in SCE8000 from SCOS V3.5.5.
•GRE is supported on top of other tunnels - MPLS and VLAN.
•GRE is supported alongside plain IP and other types of tunnels - MPLS and VLAN.
•L7 Classification and load balancing relate to the internal IP packet.
•Accounting and BW control are based on the length of the internal IP.
•Active actions based on packet injection are supported.
This section contains the following subsections:
•GRE Tunnel Concatenation (GRE over Other Tunnels)
•GTP Tunneling Feature Details
GRE Skip Mode
For GRE support to work, the GRE skip mode must be enabled. The default setting of the GRE skip mode is disabled. The GRE skip mode is configured by an administrator level CLI command. For additional information, refer to GRE and GTP CLI Commands.
GRE Active Actions
Active actions (drop/block, redirect, and so forth) have the same level of support for GRE tunneling (including GRE over other tunnels) as in case of plain IP.
GRE Internal Protocol
The protocol field in the GRE header indicates the protocol of the inner payload; the only supported protocol type is IPv4 with the value of 0x800. However, the system may be configured using the CLI to also support the value of 0xFFFF as the protocol value for protocol type IPv4. For additional information, refer to GRE and GTP CLI Commands.
GRE IP Fragmentation
The SCOS supports internal and external fragmentation of the GRE tunneling protocol. When the GRE skip mode is disabled, the SCE hardware treats the GRE tunneling protocol as plain IP. When GRE skip is enabled, the fragments are handled as described in the following sections.
Internal Fragments
Internal fragments are fully supported using the same process as plain IP.
External Fragments
The first external fragment is delivered to the SCOS and then, if required, to the application. The additional fragments are bypassed.
Reorder
Minimal reordering of external fragments might be experienced since the first fragment is sent to the software application while the following fragments are bypassed.
The reordering can be prevented using an appropriate Quick Forwarding Traffic rule. Note that using a Quick Forwarding rule might result in loss of certain active actions support, such as HTTP redirect.
Accounting and BW Management
Accounting and bandwidth management are handled as usual in the context of fragmented GRE traffic.
GRE and Other Traffic
GRE and Plain IP
A mix of GRE traffic and plain IP traffic is fully supported.
GRE and Other Tunnels
A mix of GRE traffic and traffic over other tunnels is fully supported.
This means that any type of tunnel supported by the SCE is still supported in GRE skip mode. For example: GRE alongside MPLS/VPN, and so forth.
GRE Tunnel Concatenation (GRE over Other Tunnels)
GRE tunneling can configured over other tunneling protocols.
The following combinations are supported:
•VLAN (skip mode only) + GRE
•MPLS (skip mode only) + GRE
•VLAN (skip mode only) + MPLS (skip mode only) + GRE
GRE DSCP Marking
In the GRE skip mode, DSCP marking can be configured on either the external IP header or the internal IP header. Both headers cannot be marked concurrently. The default is to mark the external header. Marking the internal IP header is configured through the CLI. For additional information, refer to GRE and GTP CLI Commands.
In external fragmentation, only the first fragment is marked.
GRE Versions and Platforms
GRE tunneling is supported only on SCE8000 from Release 3.5.5 onwards.
3 GTP Tunneling Feature Details
The behavior of the SCE in association with GTP tunneling is as follows:
•The SCE skips the GTP header and use the internal IP headers for the classification.
•The SCE ignores the GTP header (for example. accounting header).
•The SCE supports mix of GTP traffic and pure IP traffic in the network.
•DSCP marking in GTP tunnel is performed on the TOS byte of the external IP header or the internal IP header.
•The support for internal fragments is identical to the fragments support in pure IP traffic.
–Internal fragments—The internal packet is fragmented.
–External fragments—The original packet was encapsulated with the tunnel header and then it was fragmented)
–For external fragments—The mid/last fragments will be bypassed.
This section describes the additional details of the GTP tunneling protocol. This section contains the following subsection:
•GTP Configuration and Monitoring
GTP Configuration and Monitoring
GTP is yet another tunnel header that the SCE supports such as IPinIP, GRE, L2TP and MPLS. In general, the SCE has two modes of support for tunnels; skip and VPN aware where the SCE uses the tunnel information for the classification. For GTP tunneling the SCE only supports the skip mode.
GTP skip is configured using a CLI command. Quick forwarding on all GTP traffic is applied by the hardware when GTP skip mode is configured to avoid GTP-U packet reordering. Additionally, the FPGA configuration of the GTP-U UDP port (default is 2152) is configured using a CLI command. For additional information on the CLI command, refer to GRE and GTP CLI Commands.
The GTP-U UDP port is searched on UDP destination port.
For distinguishing if there is L3 data over GTP-U, the GTP header message type is compared to 0xFF to verify if the GTP-U data has message type of 0xFF. GTP-U data with a message type other than 0xFF is bypassed through quick forwarding using the skip mode. The default of the SCE GTP skip mode configuration is disabled.
The SCE has a counter that counts the amount of GTP-U packets received by the SCE.
4 GRE and GTP Insertion Solution Limitations
Table 1 lists the hardware platform limitations for the GTP and GRE insertion solution.
Table 1 GTP and GRE Insertion Solution Hardware Limitations
Protocol HW Platform LimitationsGRE
Supported Only on SCE8000
GTP
Supported Only on SCE8000
5 GRE and GTP CLI Commands
Table 2 lists the GRE and GTP CLI commands.
6 Protocol Packet Examples
This section contains examples of protocol packets and contains the following subsections:
•Example of GTP-U Packets With Sequence Number Option
•Example of GTP-U Packets Without Sequence Number Option
Example of GTP-U Packets With Sequence Number Option
No. Time Source Destination Protocol Info843 25.211434 172.16.108.65 13.248.2.1 GTP <TCP> [TCP segment of a reassembled PDU]Frame 843 (1314 bytes on wire, 1314 bytes captured)Ethernet II, Src: FoundryN_52:92:85 (00:0c:db:52:92:85), Dst: RisqModu_04:78:7a (00:c0:8b:04:78:7a)Internet Protocol, Src: 172.17.171.1 (172.17.171.1), Dst: 172.18.10.1 (172.18.10.1)User Datagram Protocol, Src Port: 2152 (2152), Dst Port: 2152 (2152)Source port: 2152 (2152)Destination port: 2152 (2152)Length: 1280Checksum: 0x0000 (none)GPRS Tunneling ProtocolFlags: 0x32001. .... = Version: GTP release 99 version (1)...1 .... = Protocol type: GTP (1).... 0... = Reserved: 0.... .0.. = Is Next Extension Header present?: no.... ..1. = Is Sequence Number present?: yes.... ...0 = Is N-PDU number present?: noMessage Type: T-PDU (0xff)Length: 1264TEID: 0x2c883699Sequence number: 0x01a5N-PDU Number: 0x00Next extension header type: 0x00Internet Protocol, Src: 172.16.108.65 (172.16.108.65), Dst: 13.248.2.1 (13.248.2.1)Transmission Control Protocol, Src Port: http (80), Dst Port: 11328 (11328), Seq: 420524, Ack: 908, Len: 1220Example of GTP-U Packets Without Sequence Number Option
No. Time Source Destination Protocol Info845 25.249872 13.248.2.1 172.16.108.65 GTP <TCP> 11328 > http [ACK] Seq=908 Ack=415208 Win=12287 Len=0Frame 845 (90 bytes on wire, 90 bytes captured)Ethernet II, Src: FoundryN_52:92:85 (00:0c:db:52:92:85), Dst: Cisco_21:44:80 (00:13:5f:21:44:80)Internet Protocol, Src: 172.18.10.1 (172.18.10.1), Dst: 172.17.171.1 (172.17.171.1)User Datagram Protocol, Src Port: 2152 (2152), Dst Port: 2152 (2152)Source port: 2152 (2152)Destination port: 2152 (2152)Length: 56Checksum: 0xd8af [correct]GPRS Tunneling ProtocolFlags: 0x30001. .... = Version: GTP release 99 version (1)...1 .... = Protocol type: GTP (1).... 0... = Reserved: 0.... .0.. = Is Next Extension Header present?: no.... ..0. = Is Sequence Number present?: no.... ...0 = Is N-PDU number present?: noMessage Type: T-PDU (0xff)Length: 40TEID: 0x00000016Internet Protocol, Src: 13.248.2.1 (13.248.2.1), Dst: 172.16.108.65 (172.16.108.65)Transmission Control Protocol, Src Port: 11328 (11328), Dst Port: http (80), Seq: 908, Ack: 415208, Len: 07 Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2010 Cisco Systems, Inc. All rights reserved.