Enhanced Whitelisting in SGSN

Feature Summary and Revision History

Summary Data


Applicable Product(s) or Functional Area	SGSN
Applicable Platform(s)	ASR 5500 VPC-DI VPC-SI
Feature Default	Disabled - Configuration Required
Related Changes in This Release	Not Applicable
Related Documentation	Command Line Interface Reference SGSN Administration Guide Statistics and Counters Reference

Revision History


Revision Details	Release
First introduced.	21.16

Feature Description

SGSN is enhanced to support whitelisting based on IMSI and MSISDN in LAC/RAC in addition to the HSS-based Regional Zone Code Restriction. This SGSN feature allows specific subscribers to connect to the network.

Operator policy based support is extended to support up to 10000 subscribers identies (IMSI/MSISDN) configuration. Subscribers are configured based on Routing Areas to enable subscriber whitelisting depending on its current Routing Area Identifier (RAI). A maximum of 10000 IMSI/MSISDN are allowed by LAC/RAC.

The following table lists the whitelist enhancement for SGSN.

Table 1. Whitelist Enhancement
	LAC	RAC
Specific IMSI	Supported	Supported from Release 21.16
Range of IMSI	Supported	Supported from Release 21.16
Group of IMSI (discrete + range)	Supported from Release 21.16	Supported from Release 21.16
Specific MSISDN	Supported from Release 21.16	Supported from Release 21.16
Range MSISDN	Supported from Release 21.16	Supported from Release 21.16
Group of MSISDN (discrete + range)	Supported from Release 21.16	Supported from Release 21.16

How it Works

Architecture

IMSI Group

The SGSN retrieves IMSI for the relevant operator policy, both by IMSI range and IMSI group. After retrieving the operator policy, the active Routing Area Identifier (RAI) with LAC/RAC information in the UE is verified against the operator policy routing-area-list by LAC/RAC combinations. If the RAI isn’t available in the operator policy Routing Area List, the UE is rejected using the specific configured cause value.

The IMSI configuration supports up to 50 IMSI groups per SGSN. After creating IMSI groups, combination of IMSI and IMSI range together provide up to 500 unique IMSI values. Combination of discrete IMSI and IMSI range line are 20 per group. The IMSI group allows to configure multiple IMSIs and IMSI ranges per group to associates it to operator policy.

MSISDN Group

MSISDN group allows to configure multiple MSISDN and MSISDN ranges per group and associate the MSISDN group to an operator policy. The SGSN retrieves MSISDN for the relevant operator policy, both by MSISDN range and MSISDN group.

SGSN retrieving the operator policy, the active RAI with LAC/RAC information in the UE is verified against the operator policy routing-area-list by LAC/RAC combinations. If the RAI isn’t available in the operator policy routing-area-list, the UE is rejected using the specific configured cause value.

The MSISDN configuration supports up to 50 MSISDN groups per SGSN. After creating MSISDN groups, combination of MSISDN and range together can be 500 unique MSISDN values. Combination of discrete MSISDN and range line are 20 per group.

MSIDSN Range

An MSISDN range allows associating a range of MSISDNs to an operator policy. The SGSN searches for operator policy based on the areas in which the MSISDN is retrieved (either through MAP/Diameter/GTP-C message or stored in existing UE context), both by MSISDN range and MSISDN group.

After retrieving a relevant operator policy, the SGSN verifies the active RAI which contains LAC/RAC in which the UE is in against the operator policy routing area list LAC/RAC combinations. If the active RAI is not confirmed, the UE is rejected using the specific configured cause value.

SRNS

The Gn/Gp SGSN and S4-SGSN support inter-SGSN and intra-SGSN Serving Radio Network Subsystem (SRNS) relocation. On the Gn/Gp SGSN, the SRNS relocation is triggered by subscribers (MS/UE) moving from one RNS to another. If the originating RNS and destination RNS are connected to the same SGSN but are in different routing areas, the behavior triggers an intra-SGSN Routing Area Update (RAU). If the RNSs are connected to different SGSNs, the relocation is by an inter-SGSN RAU.

Configuring Enhanced Whitelisting in SGSN

This section describes how to configure Enhanced Whitelisting in SGSN.

Configuring Discrete IMSI Numbers

Use the following configuration to configure discrete IMSI numbers.

configure 
   imsi-group group_name 
      [ no ] imsi mcc mcc mnc mnc msin msin 
      end

NOTES:

mcc mcc : Mobile Country Code of IMSI. mcc must be a three digit integer in the range of 000-999.
mnc mnc : Mobile Network Code of IMSI. mnc must be a two or three digit integer in the range of 00-999.
msin msin : 9/10 digit MSIN numbers, maximum of 500 per group.
no : Disables the configured options.

Configuring IMSI Range

Use the following configuration to configure IMSI range.

configure 
   imsi-group group_name 
      [ no ] range mcc mcc mnc mnc msin first msin_first last msin_last 
      end

NOTES:

range : Range of MSIN numbers (Maximum 20 per group).
mcc mcc : Mobile Country Code of IMSI. mcc must be a three digit integer in the range of 000-999.
mnc mnc : Mobile Network Code of IMSI. mnc must be a two or three digit integer in the range of 00-999.
msin : Mobile Subscriber International Number. Must be a maximun of 9 or 10 digit MSIN numbers. Maximum 500 per group.
first msin_first : Start of Mobile Subscriber International Number Range. Must be a maximun of 9 or 10 digit MSIN numbers.
last msin_last : End of Mobile Subscriber International Number Range. Must be a maximun of 9 or 10 digit MSIN numbers.
no : Disables the configured options.

Configuring Discrete MSISDN Numbers

Use the following configuration to configure discrete list of MSISDN numbers.

configure 
   msisdn-group group_name 
      [ no ] msisdn cc cc number number 
      end

NOTES:

msisdn cc : Discrete list of MSISDN numbers (Combination of discrete and range lines is 20 per group).
cc cc : Country Code of subscriber. Maximum 500 per group.
cc must be three digit number between 1 to 999.
number number : MSISDN number. Maximum 500 per group.
number must be 1 to 14 digit number.

Associating MSISDN Range with Operator Policy

Use the following configuration to associate MSISDN range with Operator Policy.

configure 
   sgsn-global 
      msisdn-range cc cc number first start_range last last_range operator-policy policy_name 
      no msisdn-range cc cc number first start_range last last_range 
      end

NOTES:

msisdn-range : MSISDN Range to which Operator Policy should be associated.
cc cc : Country Code of MSISDN.
cc must be three digit number between 1 to 999.
number : Subscriber Number (and optional NDC/NPA) of MSISDN.
first start_range : Starting range of MSISDN NDC/NPA/Subscriber Number Prefix. start_range must be a number up to 15 digits length.
lastlast_range : End range of MSISDN NDC/NPA/Subscriber Number Prefix. last_range must be a number up to 15 digits length.
operator-policypolicy_name : MSISDN Operator Policy name.
no : Disables the configured options.

Configuring MSISDN Range

Use the following configuration to configure MSISDN range of numbers .

configure 
   msisdn-group group_name 
      [ no ] range cc cc number first number_first last number_last 
      end

NOTES:

range : Range of MSISDN numbers (Combination of discrete and range lines is 20 per group).
cc cc : Country Code of subscriber. cc must be a three digit number between 1 to 999.
number : Specifies 1 to 14 digit. (Maximum 500 per group).
first number_first : Starting value of MSISDN number. number_first must be a number from 1 to 14 digits.
last number_last : Last value of MSISDN number. number_last must be a number from 1 to 14 digits.
no: Disables the configured options.

Configuring Routing Area List

Use the following configuration to configure Routing Area List.

configure 
   call-control-profile profile_name 
      routing-area-list instance instance lac lac rac rac 
      no routing-area-list instance instance 
      end

NOTES:

routing-area-list instance instance : Configure one particular instance. Instance number will be valid only if area code is configured for this instance. instance must be an integer in the range of 1-5.
lac lac : Specifies the LAC value. lac must be an integer from 1 to 65535.
rac rac : Specifies the RAC value. rac must be an integer from 0 to 255.
no: Disables the configured options.

Configuring RAU-inter Restrict for SGSN

Use the following configuration to configure RAU inter-restrict for 2G and 3G.

configure 
   call-control-profile profile_name 
      [ no ] rau-inter restrict access-type { gprs routing-area-list instance instance | umts routing-area-list instance instance  }  
      end

NOTES:

rau-inter: (SGSN) Inter SGSN Routing Area Update.
restrict: Specifies restrict.
access-type: Specifies the inclusion of Access Type Extension.
gprs: Specifies the General Packet Radio Service
rau-inter: (SGSN) Inter SGSN Routing Area Update.
routing-area-list : (SGSN) RAC List to set allow/restrict of services in this routing area. Configure the area codes to define the service.
instance instance : Configures one particular instance. instance must be an integer in the range of 1-5.
no: Disables the configured options.

Configuring RAU-intra Allow for SGSN

Use the following configuration to configure RAU inter-allow for 2G and 3G.

configure 
   call-control-profile profile_name 
      [ no ] rau-intra allow access-type { gprs routing-area-list instance instance | umts routing-area-list instance instance } 
      end

NOTES:

rau-intra: (SGSN) Intra SGSN Routing Area Update.
allow: Specifies allow.
access-type: Specifies the inclusion of Access Type Extension.
gprs: Specifies the General Packet Radio Service
rau-inter: (SGSN) Inter SGSN Routing Area Update.
routing-area-list : (SGSN) RAC List to set allow/restrict of services in this routing area. Configure the area codes to define the service.
instance instance : Configures one particular instance. instance must be an integer in the range of 1-5.
no: Disables the configured options.

Configuring SRNS Intra

Use the following configuration to configure SRNS.

configure 
   call-control-profile profile_name 
      [ no ] srns-intra { allow location-area-list instance instance  | restrict { all | location-area-list instance  instance} 
      end

NOTES:

srns-intra: (SGSN) SRNS Intra SGSN.
allow: Specifies allow.
restrict: Specifies restrict.
location-area-list : (SGSN) LAC List to set allow/restrict of services in this location area. Configures the area codes to define the service.
instance instance : Configures one particular instance. instance must be an integer in the range of 1-5.
no: Disables the configured options.

SGSN Administration Guide, StarOS Release 21.22

Bias-Free Language

Book Title

SGSN Administration Guide, StarOS Release 21.22

Chapter Title