Overview of the Single IP Cisco GGSN
This chapter discusses the concepts related to the Single IP architecture and its implementation with the Cisco GGSN running on the Cisco Service and Application Module for IP (SAMI).
This chapter includes the following sections:
•Single IP Architecture and the Cisco GGSN
•Single IP Components and Concepts
•Single IP Cisco GGSN Usage Notes and Prerequisites
Single IP Architecture and the Cisco GGSN
With the Single IP architecture, the Cisco GGSN Release 10.0 and later on the Cisco SAMI runs on each of the Cisco SAMI PowerPCs (PPCS) like in prior releases, however, the user can configure, manage, and troubleshoot their Cisco GGSN from a single PPC instead of having to establish a session with each of PPCs to configure the Cisco GGSN instance on that PPC.
The Single IP architecture redesigns the functionality of the Cisco SAMI from a model of six independent PPCs, each executing both control and traffic plane functions, to a model where Cisco SAMI PPC3 functions as a Proxy Control Processor (PCOP), and PPCs 4 through 8 function as Traffic and Control Plane processors (TCOPs). The user has to establish only a session with the PCOP to perform all Cisco GGSN related operations.
The Single IP architecture enables a single view of the Cisco GGSN external interfaces (for example, the Gi, Gn, Ga, iSCSI, AAA, Diameter, etc.) and a single point for the following:
•Configuring the Cisco GGSN
•Managing the Cisco GGSN
•Troubleshooting and debugging the Cisco GGSN
Although transparent from the user perspective, to achieve a view of a single GGSN across six different PPCs, the SingleIP architecture incorporates enhancements, or in some cases new functionality, in the following areas:
•Load balancing of sessions across available traffic-handling PPCs.
•Distribution of address pools across available traffic-handling PPCs.
•Distributed application/protocol and interface endpoints across PPCs.
–UDP—Gn, Ga (charging gateway), Cisco Content Services Gateway - 2nd Generation (CSG2), DNS, DHCP
–TCP—Ga (charging gateway), Gy (Diameter), Internet Small Computer System Interface (iSCSI)
–SCTP—Redundancy
•Redundancy state sharing and session state synchronization across PPCs.
Figure 2-1 is a high level representation of the Single IP Cisco GGSN.
Figure 2-1 High Level Representation of Single IP GGSN
In Figure 2-1, using Interprocessor Communication Protocol (IPC), the PCOP distributes configuration information to and aggregates the data received from the TCOPs. When requested, the TCOPs send counter updates to the PCOP.
Note As perceived by external systems, the Cisco GGSN does not change. The Single IP Cisco GGSN looks and feels the same as a non-single IP implementation of the Cisco GGSN executing on a single processor. Additionally, the configuration tasks of the Cisco GGSN do not change from the operator perspective.
Single IP Components and Concepts
The following sections provide an overview of some Single IP components and concepts:
•Single IP Interface
•Session Load Balancing
•Address Pool Management
•Distributed Endpoints
•Distributed Command Line Interface
•Redundancy State Sharing
Single IP Interface
A Single IP architecture enables the support of a single IP address across the Cisco GGSN instances running on the Cisco SAMI PPCs for each the following interfaces:
•Authentication, Authorization, and Accounting (AAA)
•Dynamic Host Configuration Protocol (DHCP)/Domain Name System (DNS)
•Internet Small Computer System Interface (iSCSI)
•Failover
•Charging gateway (Ga)
•Internet/Corporate (Gi)
•Policy Control (Gy)
•Cisco CSG2 (Gx)
In addition the support of a single IP address configuration for the interfaces listed above, Single IP architectures enables the following:
•Single Interface for Configuration
•Single Interface for Troubleshooting and Maintaining
•Single Interface for Network Management
Single Interface for Configuration
The Single IP Cisco GGSN provides a single point from which a user can configure the Cisco GGSN.
From PPC3, a user can configure the Cisco GGSN features across the Cisco SAMI PPCs with a single execution of each command required for a feature. A distributed CLI agent propagates the configuration to the TCOPs (PPCs 4 through 8) without the user having to perform any additional configuration tasks.
Configuration information is propagated to the TCOPs by the distributed CLI agent using IPC messaging between the PCOP and the TCOPs.
By default, all of the Cisco GGSN configuration tasks and associated commands that the user executes from the PCOP are propagated to, and take effect on, all of the TCOPs, except for commands that configure functionality on a TCOP that should be configured only on the PCOP.
For a list of the specific tasks, and their associated commands, that are not propagated to the TCOPs, and are only configured on the PCOP, see "Distributed Configuration Commands" section.
Single Interface for Troubleshooting and Maintaining
The Single IP Cisco GGSN provides a single point from which the user can troubleshoot and maintain the Cisco GGSN. From a session with PPC3, the user can troubleshoot, debug, and maintain the Cisco GGSN using show, debug, and clear commands.
When using show and debug commands:
•show commands for which command output is identical from all the PPCs, the execution of the command is limited to the PCOP. These commands do not require information to be collected from the TCOPs and/or aggregated at the PCOP. The output for these show commands is unchanged from non-single IP versions of the Cisco GGSN.
•For commands that require additional information from a TCOP, the TCOP is identified and the command propagated to the specific TCOP.
•For show commands that display global statistics, the statistics are collected from all of he TCOPs, and combined into a single output display by PCOP. The output for these show commands is unchanged from non-single IP versions of the Cisco GGSN.
By default, all of the Cisco GGSN debug commands are executed on the TCOPs and the trace is displayed on the PCOP. The PCOP does not perform any aggregation for distributed debug.
Single Interface for Network Management
The Single IP Cisco GGSN supports a single IP address as the target address for Simple Network Management Protocol (SNMP) operations. When the user configures the IP address for SNMP operations on the Cisco GGSN, all MIBs on the Cisco SAMI that are related to the Cisco GGSN functionality are accessible through the IP address.
Single IP GGSN supports distributed SNMP MIB support. Information required from Cisco SAMI PPCs other than PPC3 is either pushed to or pulled from the PPCs, depending on the MIB target.
For more information about SNMP and the Cisco GGSN, see Appendix A, "Monitoring Notifications."
Session Load Balancing
Using the session manager function, PPC3 load balances and determines to which TCOP to assign the new session.
The PPC3 only chooses a TCOP for a session. The session manager session load balancing function maintains information about the TCOP selected to host a user in a user session table. Once the user session is established on a TCOP, all data plane packets from that same mobile subscriber are directed to the same TCOP.
Address Pool Management
Although local-pool addresses are configured on the PPC3, the same address pools are available at each TCOP. The Cisco GGSN utilizes a client-server approach with address caching at the TCOP.
Note For IPv4 address pool management support on the Cisco GGSN Release 10.0 and later, configure the Cisco SAMI sami addr-pool cache command.
Distributed Endpoints
Applications which use UDP for communication are assigned the source port ranges to identify the right TCOP. This port range can be configured on the PCOP and the PCOP equally distributes to the TCOPs.
To configure the port range on the PCOP, use the Cisco SAMI sami balance port command. For information about the sami balance port command, see Cisco Service and Application Module for IP User Guide.
The PCOP propagates RADIUS related configuration to the TCOPs, and the source port range is allocated to each TCOP during start up. The TCOPs use the source port from the given range for sending Authentication and Accounting messages so that the responses are forwarded to the correct TCOP.
To enable 200 ports in the range from 21645 to 21844 that will be propagated to the TCOPs to be used as the source ports for sending out RADIUS requests, use the radius-server source-ports extended command in global configuration mode.
Distributed Command Line Interface
The Single IP Cisco GGSN utilizes a distributed CLI agent at PPC3 to distribute configuration information to and retrieve information from the TCOPs using IPC.
The distributed CLI applies to the following types of commands:
•Distributed Configuration Commands
•Distributed Privileged EXEC Commands
Note When using the Single IP Cisco GGSN, if the user attempts to establish a session to a PPC other than the PCOP (PPC3), an EXEC banner displays that warns them to be aware that all "normal" maintenance activities should be run from the PCOP.
Distributed Configuration Commands
By default, the distributed CLI agent propagates all configuration commands to the TCOPs, except for commands that might configure some functionality on the TCOP that belongs only on the PCOP.
The following commands, listed below by their associated task, are only executed on PPC3:
•Configuring a Local IPv6 Prefix Pool
–ipv6 local pool (global configuration)—Configures a local IPv6 prefix pool.
•Enabling HSRP and Configuring an HSRP Primary Group
–standby version 2 (interface configuration)—Changes the HSRP version to HSRP Version 2.
–standby ip (interface configuration)—Enables HSRP on the interface
–standby priority (interface configuration)—Set the Hot Standby priority used in choosing the active router. The priority value range is from 1 to 255, where 1 denotes the lowest priority and 255 denotes the highest priority. Specify that, if the local router has priority over the current active router, the local router should attempt to take its place as the active router.
–standby name (interface configuration)—Specifies the name of the standby group.
–standby use-bia (interface configuration)—Configures HSRP to use the burned-in address of an interface as its virtual MAC address instead of the preassigned MAC address.
•Configuring HSRP Follow Groups
–standby follow (interface configuration)—Specifies the number of the follow group and the name of the primary group to follow and share status.
–standby ip (interface configuration)—Specifies the group number and virtual IP address of the follow group.
•Configuring OSPF
–router ospf process id (global configuration)—Enables OSPF routing, and enters router configuration mode, where process-id specifies an internally used identification parameter for an OSPF routing process.
–network (ospf configuration)—Defines an interface on which OSPF runs and defines the area ID for that interface
•Configuring MS Addressing via Local Pools on the Cisco GGSN
–ip local pool (global configuration)—Configures a local pool of IP addresses to be used when a remote peer connects to a point-to-point interface,
•Configuring the Cisco GGSN as a Dynamic Feedback Protocol (DFP) Agent
–ip dfp agent gprs (global configuration)—Identifies a DFP agent subsystem and initiates DFP agent configuration mode.
–interval (dfp agent configuration)—Identifies a DFP agent subsystem and initiates DFP agent configuration mode.
–password (dfp agent configuration)—(Optional) Configures a DFP agent password for MD5 authentication.
–port (dfp agent configuration)—Defines the port number to be used by the DFP manager to connect to the DFP agent.
–inservice (dfp agent configuration)—Enables the DFP agent for communication with a DFP manager.
•Configuring CAC Failure Notification Support when the Cisco IOS SLB is in Directed Server NAT Mode
–gprs slb mode directed (global configuration)—Defines directed server NAT as the Cisco IOS SLB operation mode for GGSN-IOS SLB messaging.
–gprs slb vserver (global configuration)—Configures the Cisco IOS SLB virtual server(s) to be notified by a GGSN when the condition defined using the gprs slb notify command occurs.
•Configuring Support for GGSN-Cisco IOS SLB Messaging Delete NOtification (GTP' IMSI Sticky Database)
–gprs slb notify session-deletion (global configuration)—Configures the GGSN to send a delete notification message to the Cisco IOS SLB when the last PDP context associated with an IMSI is deleted.
–gprs slb vservers (global configuration)—Configures the Cisco IOS SLB virtual server(s) to be notified by a GGSN when the condition defined using the gprs slb notify command occurs.
Distributed Privileged EXEC Commands
The Single IP Cisco GGSN uses the Cisco SAMI Remote Console and Logging (RCaL) interface from PPC3 to collect and display show and debug command output from the TCOPs.
To use the RCAL interface to issue show and debug commands, use the following command in global configuration mode from the PPC3:
|
|
Router(config)# execute-on {{cpu_number [,cpu_num] | all}
command}}
|
Executes commands remotely when RCAL is enabled, where: •cpu_num—Specifies the TCOP from which the user wants to collect and display command output. Valid values 4 through 8. •all—Executes the command on all TCOPs (PPCs 4 through 8). •command—Specifies the show or debug command to execute on the TCOPs. |
The following sections discuss the following types of distributed privileged EXEC commands:
•Distributed show Commands
•Distributed debug Commands
•Distributed clear Commands
Distributed show Commands
By default, not all show commands are propagated to the TCOP. For show commands for which the output is the same for all PPCs, the execution is restricted to the PCOP.
For show commands that display statistics that are local to a TCOP, the information is retrieved from the TCOP and displayed. For commands that display global statistics from all of the TCOPs, by default, the information is retrieved from all the TCOPs and aggregated at PPC3.
Distributed debug Commands
By default, all Cisco GGSN debug commands are propagated to the TCOPs. PPC does not aggregate any of the distributed debug commands.
Distributed clear Commands
By default, all Cisco GGSN clear commands are propagated to the TCOPs, except for the clear gprs slb statistics command, which is executed only on PPC3. The clear gprs slb statistics command clears Cisco IOS Server Load Balancing (SLB) statistics.
Redundancy State Sharing
With the Single IP Cisco GGSN, PPC3 negotiates the Hot Standby Routing Protocol (HSRP) states and the five TCOPs on their respective cards follow the events generated by the HSRP module. This enables the six PPCs on the Cisco SAMI to function as a single unit.
The TCOPs function as Cisco IOS Redundancy Framework (RF) redundant pairs. Stream Control Transmission Protocol (SCTP) endpoint connections are extended by reserving 12-contiguous ports. In the following example, ports ranging from 5000 to 5011 are reserved by RF for interdevice redundancy for creating SCTP endpoints fro RF and Check-point Facility (CF) on all six Cisco SAMI PPCs.
For information about configuring GTP Session Redundancy, see Chapter 6, "Configuring GGSN GTP Session Redundancy."
Single IP Cisco GGSN Usage Notes and Prerequisites
The following usage notes and prerequisites apply to the implementation of a Single IP GGSN:
•Single IP and IPC support must be configured on the Cisco SAMI. For information about configuring Single IP support on the Cisco SAMI, see Cisco Service and Application Module for IP User Guide.
•To support the Single IP architecture, the following features have been introduced:
–Using Dynamic IP Address Management on the Cisco GGSN, page 4
–Configuring Cisco CSG2 Load Balancing on the Cisco GGSN, page 7
–Configuring OCS Load Balancing, page 9
The following changes exist between the non-Single IP Cisco GGSN and the Single IP Cisco GGSN:
•Configuration
The configuration of a Single IP GGSN does not differ from a non-single IP GGSN. All configurations must be performed on the PCOP, which are then propagated to all TCOPs. Failure of the command in any of the TCOPs causes a rollback of the configuration on the PCOP and other TCOPs.
A few values configured on the PCOP, for example the maximum number of PDP contexts, are distributed to the TCOPs as seen in the following example:
sup-06-3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
PPC3(config)#gprs maximum-pdp-context-allowed ?
<5-4294967295> Max PDP context allowed
PPC3(config)#gprs maximum-pdp-context-allowed 10000
PPC3#show run| i maximum-pdp-context-allowed
gprs maximum-pdp-context-allowed 10000
PPC3#execute-on all sh run | i maximum-pdp-context-allowed
gprs maximum-pdp-context-allowed 2000
gprs maximum-pdp-context-allowed 2000
gprs maximum-pdp-context-allowed 2000
gprs maximum-pdp-context-allowed 2000
gprs maximum-pdp-context-allowed 2000
•show Command Displays
The display of most show commands are aggregated to display consolidated outputs of all the TCOPs. However, a few show commands display the outputs from each TCOP.
For example, the show ip iscsi session command displays output from all TCOPs:
PPC3#show ip iscsi session
----------- Slot 6/CPU 3, show ip iscsi session -------------
ID TARGET STATE CONNECTIONS
--------------------------------------------------------------
----------- Slot 6/CPU 4, show ip iscsi session -------------
ID TARGET STATE CONNECTIONS
--------------------------------------------------------------
----------- Slot 6/CPU 5, show ip iscsi session -------------
ID TARGET STATE CONNECTIONS
--------------------------------------------------------------
----------- Slot 6/CPU 6, show ip iscsi session -------------
ID TARGET STATE CONNECTIONS
--------------------------------------------------------------
----------- Slot 6/CPU 7, show ip iscsi session -------------
ID TARGET STATE CONNECTIONS
--------------------------------------------------------------
----------- Slot 6/CPU 8, show ip iscsi session -------------
ID TARGET STATE CONNECTIONS
--------------------------------------------------------------
Whereas, the show gprs iscsi statistics command aggregates the output from all TCOPs as seen in the following example:
PPC3#show gprs iscsi statistics
GPRS iSCSI statistics for iSCSI Profile LINUX:
Open Requests = 5 , Failed Open Attempts = 0
Write Requests = 0 , Failed Write Requests = 0
Read Requests = 5 , Failed Read Requests = 5
Close Requests = 0 , Failed Close Requests = 0
Number of DTRs in Write Queue = 0
Number of DTRs in Read Queue = 0
•RADIUS
For RADIUS responses to reach the correct TCOP, the following configuration on the Cisco GGSN is mandatory:
PPC3(config)#radius-server source-ports extended
•iSCSI
a. The file systems for ISCSI storage are not visible on the PCOP. To view the file systems, execute the command on all TCOPs using the execute-on all sh file systems command:
Size(b) Free(b) Type Flags Prefixes
* 27740160 27736064 flash rw bootflash:
131072 128947 nvram rw nvram:
PPC3#execute-on all show file systems
----------- Slot 6/CPU 4, show file systems-------------
Size(b) Free(b) Type Flags Prefixes
* 27740160 27736064 flash rw bootflash:
131072 129996 nvram rw nvram:
3217522688 3217506304 disk rw sda0:#
----------- Slot 6/CPU 5, show file systems-------------
Size(b) Free(b) Type Flags Prefixes
* 27740160 27736064 flash rw bootflash:
131072 129996 nvram rw nvram:
3217522688 3217506304 disk rw sda1:#
----------- Slot 6/CPU 6, show file systems-------------
Size(b) Free(b) Type Flags Prefixes
* 27740160 27736064 flash rw bootflash:
131072 129996 nvram rw nvram:
3217522688 3217506304 disk rw sda2:#
----------- Slot 6/CPU 7, show file systems-------------
Size(b) Free(b) Type Flags Prefixes
* 27740160 27736064 flash rw bootflash:
131072 129996 nvram rw nvram:
3217522688 3217506304 disk rw sda3:#
----------- Slot 6/CPU 8, show file systems-------------
Size(b) Free(b) Type Flags Prefixes
* 27740160 27736064 flash rw bootflash:
131072 129996 nvram rw nvram:
3217522688 3217506304 disk rw sda4:#
b. To format iSCSI disks from the Cisco GGSN, establish a session with the TCOP and execute the format command:
sup#session slot 6 proc 4
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.64 ... Open
***********************************************************
** You are accessing the Traffic Processor on this **
** system. It is strongly advised to use the Control **
** Processor (processor 3) for any activity. **
** Please contact your Cisco Technical Support **
** personnel for any support in using this interface. **
***********************************************************
-#- --length-- -----date/time------ path
1 0 Feb 08 2010 16:50:54 root
2 64 Feb 08 2010 16:50:58 root/master.dat
3 0 Feb 08 2010 16:50:56 salvage
3217506304 bytes available (16384 bytes used)
Format operation may take a while. Continue?
Format operation will destroy all data in "sda0:". Continue? Writing Monlib
sectors..
Format: All system sectors written. OK...
Format: Total sectors in formatted partition: 6296544
Format: Total bytes in formatted partition: 3223830528
Format: Operation completed successfully.
SAMI 6/4: Feb 24 06:36:07.129: %RSM-3-WARNING: Warning: iSCSI target in profile
LINUX cannot be used for storing/retrieving CDRs. Disk is formatted. Please
disconnect and connect to the Target.
•Address Pool Management
To support IPv4 address management, the following Cisco SAMI command must be configured on the PCOP:
PPC3(config)#sami addr-pool cache 1-300
•Configuration locking
If any debug error messages such as "Configuration in progress. Dropping the create PDP req. Please try later!" or "APN in config lock and disallows new create" is observed, verify the configure-related PDP creation blocking using the following command in privilege EXEC mode:
Router#show gprs configuration-lock counte
system level lock counter: 0
access point 1 apn1 counter:0
access point 2 apn2 counter:0
This command displays GGSN configuration locking counters. There are two kinds of configuration locking counters, system level locking counters and access-point locking counters. If the system level locking counter is non-zero, any create PDP context requests are blocked. If one access-point locking counter is non-zero, any create PDP context requests referred to that access point are blocked. Typically these counters are zero and a non-zero state is transient. However, if a user observes a configuration-lock counter remains in a non-zero state, use the following command to reset all of the configuration lock counters to zero.
Router# clear gprs configuration-lock counter
A warning message displays if there is non-zero counter.