Foreign PLMN GUTI Management

This feature allows operators to gain some savings on signaling by avoiding DNS request attempts to foreign PLMNs if a foreign PLMN GUTI is not allowed.

Feature Description

A Foreign PLMN GUTI Management Database can be configured to allow or immediately reject Attach Requests or TAU Requests containing a GUTI from a foreign PLMN. This Foreign PLMN GUTI Management Database contains as many as 16 entries, where each entry consists of a PLMN (MCC and MNC) and an action, which can either be Allow or Reject. If the action is Reject, the MME will not perform any DNS requests to locate a peer MME or SGSN to which any foreign GUTI from that foreign PLMN maps.

How it Works

When an Attach Request or TAU Request containing a foreign GUTI is received, the MME must first determine if the GUTI's PLMN matches either the MME's own PLMN or one of the MME's shared PLMNs. If such a match is found, the foreign GUTI belongs to a local PLMN, no foreign PLMN check is made, and a DNS request for a peer MME or SGSN may be made as the request is processed normally. If the GUTI's PLMN does not match either the MME's own PLMN or one of the MME's shared PLMNs, the foreign GUTI belongs to a foreign PLMN and the MME Service is checked for an association to a Foreign PLMN GUTI Management Database. If there is no such association, all Attach Requests and TAU Requests containing foreign GUTIs from foreign PLMNs are allowed to be processed, and a DNS request for a peer MME or SGSN may be made.

If an association to a Foreign PLMN GUTI Management Database is present, the database is checked for a matching foreign PLMN. If no match is found, the MME continues processing the Attach Request or TAU Request, and a DNS request may be made. If a match is found, the action specified for the foreign PLMN (either Allow or Reject) is applied. If the action is Reject, and the request is a TAU Request, a TAU Reject message is sent immediately with cause code 9 (UE Identity cannot be derived by the network), and no DNS lookup is performed to find a peer MME or SGSN. If the action is Reject, and the request is an Attach Request, the MME sends a NAS Identity Request to the UE to determine its IMSI, and no DNS lookup is performed to find a peer MME or SGSN. If the action is Allow, the MME continues processing the Attach Request or TAU Request, and a DNS request may be made.

If a TAU Request containing a foreign GUTI is rejected due to its PLMN being present in the Foreign PLMN GUTI Management Database, the mme-foreign-plmn-guti-rejected session disconnect reason will be incremented.

Similarly, the emmdisc-foreignplmnreject bulk statistic counter, which tracks the number of times this disconnect reason, is incremented..

Configuring Foreign PLMN GUTI Management

This section explains the configuration procedures required to enable this feature.

Creating a Foreign PLMN GUTI Management Database

A Foreign PLMN GUTI Management Database is configured as part of the LTE Policy configuration mode.

config 
   lte-policy 
      foreign-plmn-guti-mgmt-db fguti_db_name 
      end 

Up to four Foreign PLMN GUTI Management Databases can be configured.

To delete an existing database, in the lte-policy mode include the no prefix with the command. You need to identify the database to be deleted.

no foreign-plmn-guti-mgmt-db fguti-db1 

Configuring Foreign PLMN GUTI Management Database Entries

A Foreign PLMN GUTI Management Database entry consists of an MCC, an MNC, and an action (either Allow or Reject). The following example creates two entries:

configure 
   lte-policy 
      foreign-plmn-guti-mgmt-dbdb_name 
         plmn mcc 123 mnc 456 allow 
         plmn mcc 321 mnc 654 reject 
         end 

The any keyword may be used as a wildcard in place of both the MCC and MNC values, or in place of an MNC value with a specific MCC value. In other words, the following commands are allowed:

plmn mcc 123 mnc any allow 
plmn mcc any mnc any reject 

Important

The examples listed above are only to understand the significance of the keyword any . The examples do not suggest any particular order of configuration.


However, a wildcard MCC is not allowed with a specific MNC value. For example, the following command is not allowed:

plmn mcc any mnc 456 allow 

It is strongly recommended that a Foreign PLMN GUTI Management Database contain an mcc any mnc any entry in order to define the default behavior when a GUTI with an unknown MCC / MNC combination is received. If such an entry is absent, the default behavior will be to allow Attach Requests and TAU Requests with unknown MCC/ MNC combinations, which may result in DNS lookups for peer MMEs and SGSNs. This default behavior would be the same as if there were no Foreign PLMN GUTI Management Database defined.

Up to 16 foreign PLMN entries can be added to a database.

The no prefix followed by a PLMN ID removes a specific entry from the database. Refer to the following example:

no plmn mcc 123 mnc 456 

Associating an MME Service with a Foreign PLMN GUTI Management Database

An MME Service can be associated with a database using the associate foreign-plmn-guti-mgmt-db command in MME Service Configuration mode.

configure 
   context  ctxt_name 
      mme-service  mme_svc 
         associate foreign-plmn-guti-mgmt-db  db_name 
         end 

Multiple MME Services may be associated with a single Foreign PLMN GUTI Management Database. Because of this, it is not possible to cross-check the PLMNs in the database against an MME Service's own PLMN or its shared PLMNs. However, the MME Service's own PLMN or shared PLMNs will never be checked against the Foreign PLMN GUTI Management Database, regardless of whether those PLMNs are configured in the database or not. In other words, any Attach Request or TAU Request containing a GUTI from the MME Service's own PLMN or one of its shared PLMNs will always be processed, and may result in a DNS lookup for a peer MME or SGSN.

The association can be removed using the following command:

no associate foreign-plmn-guti-mgmt-db 

Verifying the Configuration

Use the following command to display the list of Foreign PLMN GUTI Management databases configured on the system:

show lte-policy foreign-plmn-guti-mgmt-db summary 

Use the following command to display the entries configured within a specific Foreign PLMN GUTI Management Database:

show lte-policy foreign-plmn-guti-mgmt-db name fguti-db1 
Foreign PLMN GUTI Mgmt DB fguti-db1     
        PLMN mcc 123 mnc 456 allow 
        PLMN mcc 321 mnc 654 reject 
        PLMN mcc any mnc any reject 
        PLMN mcc 123 mnc any allow 

Use the following command to display the Foreign PLMN GUTI Management database to which an MME Service has been associated:

show mme-service name mme_svc_name 

Refer to the Foreign-PLMN-GUTI-Mgmt-DB field in the output, as shown here:

Foreign-PLMN-GUTI-Mgmt-DB            : fguti-db1 

Monitoring Foreign PLMN GUTI Management

This section provides information on how to monitor the Foreign PLMN GUTI Management feature.

Show Command(s) and/or Outputs

This section provides information regarding show commands and/or their outputs relating to this feature.

show session disconnect-reasons

If a TAU Request containing a foreign GUTI is rejected due to its PLMN being present in the Foreign PLMN GUTI Management Database, the following session disconnect reason is incremented.
  • mme-foreign-plmn-guti-rejected(534)

Bulk Statistics

MME Schema

The following statistic is included in the MME Schema in support of the Foreign PLMN GUTI feature:

  • emmdisc-foreignplmnreject

This statistic increments when an Attach or TAU request containing a foreign GUTI is rejected due to restrictions set in the Foreign PLMN GUTI Management Database.

System Schema

The following statistic is also included in the System Schema in support of the Foreign PLMN GUTI feature:

  • disc-reason-534: mme-foreign-plmn-guti-rejected(534)

This statistic increments when a session is disconnected due to the restrictions set in the Foreign PLMN GUTI Management Database.