Example 1: Mobile IP Support Using the System as a GGSN/FA
For Mobile IP applications, the system can be configured to perform the function of a Gateway GPRS Support Node/Foreign Agent (GGSN/FA) and/or a Home Agent (HA). This example describes what is needed for and how the system performs the role of the GGSN/FA. Examples 2 and 3 provide information on using the system to provide HA functionality.
The system's GGSN/FA configuration for Mobile IP applications is best addressed with three contexts (one source, one AAA, and one Mobile IP destination) configured as shown in the figure that follows.
 Important |
A fourth context that serves as a destination context must also be configured if Reverse Tunneling is disabled in the FA service configuration. Reverse Tunneling is enabled by default. |
The source context will facilitate the GGSN service(s), and the Ga and Gn interfaces. The AAA context will be configured to provide foreign AAA functionality for subscriber PDP contexts and facilitate the AAA interfaces. The MIP destination context will facilitate the FA service(s) and the Gi interface(s) from the GGSN/FA to the HA.
The optional destination context will allow the routing of data from the mobile node to the packet data network by facilitating a packet data network (PDN) interface. This context will be used only if reverse tunneling is disabled.
Information Required
Prior to configuring the system as shown in this example, there is a minimum amount of information required. The following sections describe the information required to configure the source and destination contexts.
Source Context Configuration
The following table lists the information that is required to configure the source context.
| Required Information | Description | ||
|---|---|---|---|
| Source context name | An identification string from 1 to 79 characters
(alpha and/or numeric) by which the source context will be recognized by the
system.
|
||
| Gn Interface Configuration | |||
| Gn interface name | An identification string between 1 and 79
characters (alpha and/or numeric) by which the interface will be recognized by
the system.
Multiple names are needed if multiple interfaces will be configured. |
||
| IP address and subnet | These will be assigned to the Gn interface.
Multiple addresses and/or subnets are needed if multiple interfaces will be configured. |
||
| Physical port number | The physical port to which the interface will be
bound.
Ports are identified by the chassis slot number where the line card resides in, followed by the number of the physical connector on the line card. For example, port 17/1 identifies connector number 1 on the card in slot 17.A single physical port can facilitate multiple interfaces. |
||
| Physical port description | An identification string from 1 to 79 characters
(alpha and/or numeric) by which the physical port will be recognized by the
system.
Multiple descriptions are needed if multiple ports will be used. Physical ports are configured within the source context and are used to bind logical Gn interfaces. |
||
| Gateway IP address | Used when configuring static routes from the Gn interface(s) to a specific network. | ||
| GGSN service Configuration | |||
| GGSN service name | An identification string from 1 to 63 characters
(alpha and/or numeric) by which the GGSN service will be recognized by the
system.
Multiple names are needed if multiple GGSN services will be used. |
||
| Accounting context | The name of the context configured on the system
in which the processing of GTPP accounting records is performed.
The context name is an identification string from 1 to 79 characters (alpha and/or numeric). By default, the system attempts to use the same context as the one in which the GGSN service is configured. |
||
| UDP port number for GTPC traffic | The port used by the GGSN service and the SGSN
for communicating GTPC sockets for GTPv1.
The UDP port number and can be any integer value from 1 to 65535. The default value is 2123. |
||
| Public Land Mobile Network (PLMN) Identifiers | Mobile Country Code (MCC): The MCC can be configured to any integer value from 0 to 999. | ||
| Mobile Network Code (MNC): The MNC can be configured to any integer value from 0 to 999. | |||
| SGSN information (optional) | The GGSN can be configured with information
about the SGSN(s) that it is to communicate with.
This includes the SGSN's IP address and subnet mask and whether or not the SGSN is on a foreign PLMN.Multiple SGSNs can be configured. |
||
| GGSN charging characteristics (CC) (optional) | Behavior Bits: If charging
characteristics will be configured on the GGSN, behavior bits for the following
conditions can be configured:
Each value must be a unique bit from 1 to 12 to represent the 12 possible behavior bits allowed for in the standards. The default configuration is disabled (0). |
||
Profile Index: If the GGSN's charging
characteristics will be used for subscriber PDP contexts, profile indexes can
be modified/configured for one or more of the following conditions:
The system supports the configuration of up to 16 profile indexes numbered 0 through 15. |
|||
| PLMN policy | The GGSN can be configured treat communications
from unconfigured SGSNs in one of the following ways:
|
||
| Ga Interface Configuration | |||
| Ga interface name | An identification string from 1 to 79 characters
(alpha and/or numeric) by which the interface will be recognized by the system.
Multiple names are needed if multiple interfaces will be configured. |
||
| IP address and subnet | These will be assigned to the Ga interface.
Multiple addresses and/or subnets are needed if multiple interfaces will be configured. |
||
| Physical port number | The physical port to which the interface will be
bound. Ports are identified by the chassis slot number where the line card
resides in, followed by the number of the physical connector on the line card.
For example, port 17/1 identifies connector number 1 on the card in slot 17.
A single physical port can facilitate multiple interfaces. |
||
| Physical port description | An identification string between 1 and 79
characters (alpha and/or numeric) by which the physical port will be recognized
by the system.
Multiple descriptions are needed if multiple ports will be used. Physical ports are configured within the source context and are used to bind logical Ga interfaces. |
||
| Gateway IP address | Used when configuring static routes from the Ga interface(s) to a specific network. | ||
| GTPP Configuration | |||
| Charging gateway address | The IP address of the system's GGSN interface. | ||
| CGF server information | IP address: The IP address of the CGF
server to which the GGSN will send accounting information
.Multiple CGFs can be configured. |
||
| Priority: If more than on CGF is
configured, this is the server's priority. It is used to determine the rotation
order of the CGFs when sending accounting information.
The priority can be configured to any integer value from 1 to 1000. The default is 1. |
|||
| Maximum number of messages: The maximum
number of outstanding or unacknowledged GTPP messages allowed for the CGF.
The maximum number can be configured to any integer value from 1 to 256. The default is 256. |
|||
| GCDR optional fields | The following optional fields can be
specified/configured in CDRs generated by the GGSN:
|
||
AAA Context Configuration
| Required Information | Description | ||
|---|---|---|---|
| AAA context name | An identification string from 1 to 79 characters
(alpha and/or numeric) by which the AAA context will be recognized by the
system.
|
||
| APN Configuration | |||
| APN name | An identification string by which the APN will be
recognized by the system. The name can be from 1 to 62 alpha and/or numeric
characters and is not case sensitive. It may also contain dots ( . ) and/or
dashes ( - ).
Multiple names are needed if multiple APNs will be used. |
||
| Accounting mode | Selects the accounting protocol. GTPP or RADIUS
are supported. In addition, accounting can be completely disabled. The default
is to perform accounting using GTPP.
|
||
| Authentication protocols used | Specifies how the system handles authentication: using a protocol (such as CHAP, PAP, or MSCHAP), or not requiring any authentication. | ||
| APN charging characteristics (CC) (optional) | Specifies whether or not the GGSN accepts the CC
from the SGSN for home, visiting, and roaming subscribers.
By default the GGSN accepts the CC from the SGSN for all three scenarios. If the GGSN is to use its own CC for any of these scenarios, then each scenario requires the specification of behavior bits and a profile index to use.
|
||
| Domain Name Service (DNS) information (optional) | If DNS will be used for the APN, IP addresses can be configured for primary and secondary DNS servers. | ||
| IP destination context name | The name of the system destination context to use for subscribers accessing the APN. If no name is specified, the system automatically uses the system context in which the APN is configured. | ||
| Maximum number of PDP contexts | The maximum number of PDP contexts that are
supported for the APN.
The maximum number can be configured to any integer value from 1 to 1500000. The default is 1000000. |
||
| PDP type | The type of PDP contexts supported by the APN. The type can be IPv4, IPv6, both IPv4 and IPv6, or PPP. IPv4 support is enabled by default. | ||
| Verification selection mode | The level of verification that will be used to
ensure a MS's subscription to use the APN. The GGSN uses any of the following
methods:
|
||
| Mobile IP Configuration | Home Agent IP Address: The IP address of an
HA with which the system will tunnel subscriber Mobile IP sessions.
Configuring this information tunnels all subscriber Mobile IP PDP contexts facilitated by the APN to the same HA unless an individual subscriber profile provides an alternate HA address. Parameters stored in individual profiles supersede parameters provided by the APN. |
||
| Mobile IP Requirement: The APN can be configured to require Mobile IP for all sessions it facilitates. Incoming PDP contexts that do/can not use Mobile IP are dropped. | |||
| AAA Interface Configuration | |||
| AAA interface name | This is an identification string from 1 to 79
characters (alpha and/or numeric) by which the interface will be recognized by
the system.
Multiple names are needed if multiple interfaces will be configured. |
||
| IP address and subnet | These will be assigned to the AAA interface.
Multiple addresses and/or subnets are needed if multiple interfaces will be configured. |
||
| Physical port number | This specifies the physical port to which the
interface will be bound. Ports are identified by the chassis slot number where
the line card resides in, followed by the number of the physical connector on
the line card. For example, port 17/1 identifies connector number 1 on the card
in slot 17.
A single physical port can facilitate multiple interfaces. |
||
| Physical port description | This is an identification string from 1 to 79
characters (alpha and/or numeric) by which the physical port will be recognized
by the system.
Multiple descriptions are needed if multiple ports will be used. Physical ports are used to bind logical AAA interfaces. |
||
| Gateway IP address | Used when configuring static routes from the AAA interface(s) to a specific network. | ||
| Foreign RADIUS Server Configuration | |||
| Foreign RADIUS Authentication server | IP Address: Specifies the IP address of the
Foreign RADIUS authentication server the system will communicate with to
provide subscriber authentication functions.
Multiple addresses are needed if multiple RADIUS servers. Foreign RADIUS servers are configured with in the source context. Multiple servers can be configured and each can be assigned a priority. |
||
| Shared Secret: The shared secret is a
string between 1 and 15 characters (alpha and/or numeric) that specifies the
key that is exchanged between the RADIUS authentication server and the source
context.
A shared secret is needed for each configured RADIUS server. |
|||
| UDP Port Number: Specifies the port used by the source context and the RADIUS authentication server for communications. The UDP port number can be any integer value between 1 and 65535. The default value is 1812. | |||
| Foreign RADIUS Accounting server (optional) | IP Address: Specifies the IP address of the
foreign RADIUS accounting server that the source context will communicate with
to provide subscriber accounting functions.
Multiple addresses are needed if multiple RADIUS servers will be configured.RADIUS accounting servers are configured within the source context. Multiple servers can be configured and each assigned a priority. |
||
| Shared Secret: The shared secret is a
string between 1 and 15 characters (alpha and/or numeric) that specifies the
key that is exchanged between the foreign RADIUS accounting server and the
source context.
A shared secret is needed for each configured RADIUS server. |
|||
| UDP Port Number: Specifies the port used by the source context and the foreign RADIUS Accounting server for communications. The UDP port number can be any integer value between 1 and 65535. The default value is 1813. | |||
| RADIUS attribute NAS Identifier | Specifies the name by which the source context will be identified in the Access-Request message(s) it sends to the RADIUS server. The name must be from 1 to 32 alpha and/or numeric characters and is case sensitive. | ||
| RADIUS NAS IP address | Specifies the IP address of the system's AAA interface. A secondary address can be optionally configured. | ||
Mobile IP Destination Context Configuration
| Required Information | Description | ||
|---|---|---|---|
| Mobile IP Destination context name | This is an identification string between 1 and 79
characters (alpha and/or numeric) by which the Mobile IP destination context
will be recognized by the system.
|
||
| Gi Interface Configuration | |||
| Gi interface name | This is an identification string between 1 and 79
characters (alpha and/or numeric) by which the interface will be recognized by
the system.
Multiple names are needed if multiple interfaces will be configured. Gi interfaces are configured in the destination context. |
||
| IP address and subnet | These will be assigned to the Gi interface.
Multiple addresses and/or subnets are needed if multiple interfaces will be configured. |
||
| Physical port number | This specifies the physical port to which the
interface will be bound. Ports are identified by the chassis slot number where
the line card resides in, followed by the number of the physical connector on
the line card. For example, port 17/1 identifies connector number 1 on the card
in slot 17.
A single physical port can facilitate multiple interfaces. |
||
| Physical port description(s) | This is an identification string between 1 and 79
characters (alpha and/or numeric) by which the physical port will be recognized
by the system.
Multiple descriptions will be needed if multiple ports will be used. Physical ports are configured within the destination context and are used to bind logical Gi interfaces. |
||
| Gateway IP address(es) | Used when configuring static routes from the Gi interface(s) to a specific network. | ||
| FA Service Configuration | |||
| FA service name | This is an identification string between 1 and 63
characters (alpha and/or numeric) by which the FA service will be recognized by
the system
.Multiple names are needed if multiple FA services will be used. FA services are configured in the destination context. |
||
| UDP port number for Mobile IP traffic | Specifies the port used by the FA service and the HA for communications. The UDP port number can be any integer value between 1 and 65535. The default value is 434. | ||
| Security Parameter Index (indices) Information | HA IP address: Specifies the IP address of the HAs with which the FA service communicates. The FA service allows the creation of a security profile that can be associated with a particular HA. | ||
| Index: Specifies the shared SPI between the FA service and a particular HA. The SPI can be configured to any integer value between 256 and 4294967295.Multiple SPIs can be configured if the FA service is to communicate with multiple HAs. | |||
| Secrets: Specifies the shared SPI secret between the FA service and the HA. The secret can be between 1 and 127 characters (alpha and/or numeric).An SPI secret is required for each SPI configured. | |||
| Hash-algorithm: Specifies the algorithm used to hash the SPI and SPI secret. The possible algorithms that can be configured are MD5 per RFC 1321 and keyed-MD5 per RFC 2002. The default is hmac-md5.A hash-algorithm is required for each SPI configured. | |||
| FA agent advertisement lifetime | Specifies the time (in seconds) that an FA agent
advertisement remains valid in the absence of further advertisements.
The time can be configured to any integer value between 1 and 65535. The default is 9000. |
||
| Number of allowable unanswered FA advertisements | Specifies the number of unanswered agent
advertisements that the FA service will allow during call setup before it will
reject the session.
The number can be any integer value between 1 and 65535. The default is 5. |
||
| Maximum mobile-requested registration lifetime allowed | Specifies the longest registration lifetime that
the FA service will allow in any Registration Request message from the mobile
node.
The lifetime is expressed in seconds and can be configured between 1 and 65534. An infinite registration lifetime can be configured by disabling the timer. The default is 600 seconds. |
||
| Registration reply timeout | Specifies the amount of time that the FA service
will wait for a Registration Reply from an HA.
The time is measured in seconds and can be configured to any integer value between 1 and 65535. The default is 7. |
||
| Number of simultaneous registrations | Specifies the number of simultaneous Mobile IP
sessions that will be supported for a single subscriber.
The maximum number of sessions is 3. The default is 1. NOTE: The system will only support multiple Mobile IP sessions per subscriber if the subscriber's mobile node has a static IP address. |
||
| Mobile node re-registration requirements | Specifies how the system should handle
authentication for mobile node re-registrations.
The FA service can be configured to always require authentication or not. If not, the initial registration and de-registration will still be handled normally. |
||
| Maximum registration lifetime | Specifies the longest registration lifetime that
the HA service will allow in any Registration Request message from the mobile
node.
The time is measured in seconds and can be configured to any integer value between 1 and 65535. An infinite registration lifetime can also be configured by disabling the timer. The default is 600. |
||
| Maximum number of simultaneous bindings | Specifies the maximum number of "care-of"
addresses that can simultaneously be bound for the same user as identified by
NAI and Home address.
The number can be configured to any integer value between 1 and 5. The default is 3. |
||
Optional Destination Context Configuration
The following table lists the information required to configure the optional destination context. As discussed previously, this context is required if: 1) reverse tunneling is disabled in the FA service, or 2) if access control lists (ACLs) are used
Important |
If ACLs are used, the destination context would only consist of the ACL configuration. Interface configuration would not be required. |
| Required Information | Description | ||
|---|---|---|---|
| Destination context name | This is an identification string between 1 and
79 characters (alpha and/or numeric) by which the destination context will be
recognized by the system.
|
||
| PDN Interface Configuration | |||
| PDN interface name | This is an identification string between 1 and
79 characters (alpha and/or numeric) by which the interface will be recognized
by the system.
Multiple names are needed if multiple interfaces will be configured.PDN interfaces are configured in the destination context. |
||
| IP address and subnet | These will be assigned to the PDN interface.
Multiple addresses and/or subnets are needed if multiple interfaces will be configured. |
||
| Physical port number | This specifies the physical port to which the
interface will be bound. Ports are identified by the chassis slot number where
the line card resides in, followed by the number of the physical connector on
the line card. For example, port 17/1 identifies connector number 1 on the card
in slot 17.
A single physical port can facilitate multiple interfaces. |
||
| Physical port description | This is an identification string between 1 and
79 characters (alpha and/or numeric) by which the physical port will be
recognized by the system.Multiple descriptions are needed if multiple ports
will be used.
Physical ports are configured within the destination context and are used to bind logical PDN interfaces. |
||
| Gateway IP address(es) | Used when configuring static routes from the PDN interface(s) to a specific network. | ||
How This Configuration Works
The following figure and the text that follows describe how this configuration with a single source and destination context would be used by the system to process a Mobile IP data call.
-
A Create PDP Context Request message for a subscriber session is sent from the SGSN to the GGSN service over the Gn interface. The message contains information such as the PDP Type, APN, and charging characteristics.
-
The GGSN determines whether or not it is configured with an APN identical to the one specified in the message. If so, it determines how to process the session based on the configuration of the APN. In this case, it is determined that Mobile IP must be used. From the APM configuration, the system also determines the context in which the FA service is configured.
-
If subscriber authentication is required, the GGSN authenticates the subscriber by communicating with a RADIUS server over the AAA interface.
-
The GGSN returns an affirmative Create PDP Context Response to the SGSN over the Gn interface. The home address assigned to the mobile as part of the response is 0.0.0.0 indicating that it will be reset with a Home address after the PDP context activation procedure.
-
The FA component of the GGSN sends a Agent Advertisement message to the MS. The message contains the FA parameters needed by the mobile such as one or more card-of addresses. The message is sent as an IP limited broadcast message (i.e. destination address 255.255.255.255), however only on the requesting MS's TEID to avoid broadcast over the radio interface.
-
The MS sends a Mobile IP Registration request to the GGSN/FA. This message includes either the MS's static home address or it can request a temporary address by sending 0.0.0.0 as its home address. Additionally, the request must always include the Network Access Identifier (NAI) in a Mobile-Node-NAI Extension.
-
The FA forwards the registration request from the MS to the HA while the MS's home address or NAI and TEID are stored by the GGSN. In response the HA sends a registration response to the FA containing the address assigned to the MS.
-
The FA extracts the home address assigned to the MS by the HA from the response and the GGSN updates the associated PDP context. The FA then forwards it to the MS (identified by either the home address or the NAI and TEID).
-
The GGSN issues a PDP context modification procedure to the SGSN in order to update the PDP address for the MS.
-
The MS sends/receives data to/from the packet data network over the GGSN's PDN interface.
-
Upon termination of the subscriber session, the GGSN sends GGSN charging detail records to the CGF using GTPP over the Ga interface.
Feedback