Routing Behind the Mobile Station on an APN

The routing behind the Mobile Station(MS) feature enables the routing of packets to IPv4 addresses that do not belong to the PDN Session (the MS), but exist behind it. The network address of the destination can be different than the Mobile Station address.

This chapter includes the following topics:

Feature Description

The Framed-Route attribute provides routing information to be configured for the user on the network access server (NAS). The Framed-Route information is returned to the RADIUS server in the Access-Accept message. Framed-Route can work at a context level or VRF level. VRFs can be on per enterprise and each can have its own set of framed-routes. In such configuration, framed routes will be installed in VRF's dedicated for respective enterprise. Association of Framed-Route with VRF will be done based on subscriber IP pool.

Mobile Router enables a router to create a PDN Session which the GGSN authorizes using RADIUS server. The RADIUS server authenticates this router and includes a Framed-Route attribute in the access-accept response packet. Framed-Route attribute also specifies the subnet routing information to be installed in the GGSN for the "mobile router." If the GGSN receives a packet with a destination address matching the Framed-Route, the packet is forwarded to the mobile router through the associated PDN session.

How It Works

Routing Behind the Mobile Station on an APN

The following rules apply:

  • AAA interface of GGSN/P-GW supports receiving "Framed Route AVP" in Radius Access-Accept Message from the Radius Server.
  • AAA interface of GGSN/P-GW supports maximum 16 "Framed Route AVP" in Radius Access-Accept Message
  • GGSN/P-GW does not accept framed route with destination address as 0.0.0.0 and/or netmask as 0.0.0.0.
  • GGSN/P-GW does not accept framed route where gateway address in the route is not matching with the address that would be assigned to Mobile station.
  • GGSN/P-GW ignores duplicate framed routes.
  • GGSN/P-GW supports controlling enabling/disabling of this feature through CLI in APN Configuration.
  • GGSN/P-GW supports controlling number of framed-routes to be installed through this feature.
  • GGSN/P-GW supports controlling number of hosts (addresses) supported behind the mobile station per route.
  • The routing behind an MS is supported only for IPv4 PDP contexts.
  • Packets routed behind the MS share the same 3GPP QoS settings of the MS.

Configuring Routing Behind the Mobile Station

The routing behind the MS feature enables the routing of packets to IPv4 addresses that do not belong to the PDN Session (the MS), but exist behind it. The network address of the destination can be different than the MS address.

Before enabling routing behind the MS, the following requirements must be met:

  • The MS must use RADIUS for authentication and authorization.

  • The Framed-Route (attribute 22) as defined in Internet Engineering Task Force (IETF) standard RFC 2865, must be configured in the profile of a user and contain at least one route, and up to 16 routes for each MS that is to use the routing behind the MS feature.

    When configured, the Framed-Route attribute is automatically downloaded to the GGSN during the RADIUS authentication and authorization phase of the PDN Session creation. If routing behind the MS has not been enabled using the network-behind-mobile command in access-point configuration mode, the GGSN ignores the Framed-Route attribute.

    When the MS session is no longer active, the routes are deleted.

  • Static routes are not configured. The configuration of the routing behind the mobile station feature (Framed Route, attribute 22) and static routes at the same time is not supported.

Creating an APN Profile

Use the following example to create an APN profile on the P-GW/SAEGW/S-GW: 

config 
   context context_name 
      apn apn_name 
      end

Notes:

  • The apn name must be an alphanumeric string from 1 to 64 characters in length.
  • Once you have created an APN profile, you will enter the Access Point Profile Configuration Mode.

Enabling Routing Behind the Mobile Station

To enable routing behind an MS, use the following steps command in access-point configuration mode: 

config 
   network-behind-mobile { max-addresses-behind-mobile max_addrs | max-subnets max_subnets } 
   { default | no } network-behind-mobile  
 end

Notes:

  • default

    Enables the default settings for this function. It enables NBMS with max-subnets as 10 and max-addresses-behind-mobile as 16,777,214 default values.

  • no

    Disables the network behind mobile station functionality on the APN.

  • max-addresses-behind-mobile max_addrs

    Configures the maximum number of addresses that are allowed in a single Network/subnet Behind MS.

  • max-subnets max_subnets

    Specifies the maximum number of subnets that can be enabled for a call in the APN.

    max_subnets must be an integer from1 through 16.

    Default: 10

Verifying the Routing Behind the Mobile Station

To verify the routing behind the mobile station configuration, use the following show commands. 

  1. Router show ip route vrf vpn_am2 
"*" indicates the Best or Used route.  S indicates Stale. 
Destination         Nexthop          Protocol   Prec Cost Interface 
*17.18.19.20/32      10.7.104.2       bgp        20   0    bgp_neighbour        (nhlfe-ix:3) 
*17.18.19.21/32      0.0.0.0          connected  0    0    vpn_am2lb1 
*40.40.41.0/24       0.0.0.0          connected  0    0 
*41.40.41.0/24       0.0.0.0          connected  0    0 
*42.40.41.0/24       0.0.0.0          connected  0    0 
*43.40.41.0/24       0.0.0.0          connected  0    0 
*44.40.41.0/24       0.0.0.0          connected  0    0 
*45.40.41.0/24       0.0.0.0          connected  0    0 
*46.40.41.0/24       0.0.0.0          connected  0    0 
*47.40.41.0/24       0.0.0.0          connected  0    0 
*48.40.41.0/24       0.0.0.0          connected  0    0 
*49.40.41.0/24       0.0.0.0          connected  0    0 
*106.106.0.0/16      0.0.0.0          connected  0    0    pool pool_test_3  
Total route count : 13 
Unique route count: 13 
Connected: 12 BGP: 1  
  2. show subscribers pgw-only full all 
Username: starent 
  Subscriber Type : Visitor 
  Status          : Online/Active 
  State           : Connected 
  Connect Time    : Mon Oct 12 12:23:52 2015 
  Auto Delete     : No 
  Idle time       : 00h00m50s 
  MS TimeZone     : n/a                  Daylight Saving Time: n/a 
  Access Type: gtp-pdn-type-ipv4         Network Type: IP 
  Access Tech: eUTRAN                    pgw-service-name: PGW21 
  Callid: 0db5d3a3                       IMSI: 123456789012345 
  Protocol Username: starent             MSISDN: 9326737733 
  Interface Type: S5S8GTP                Low Access Priority: N/A 
  Emergency Bearer Type: N/A 
  IMS-media Bearer: No 
  S6b Auth Status: N/A 
  Access Peer Profile: default 
  Acct-session-id (C1): 141414650F55554B 
  ThreeGPP2-correlation-id (C2): 17767C4D / 6SKDhW-2 
  Card/Cpu: 12/0                         Sessmgr Instance: 47 
  Bearer Type: Default                   Bearer-Id: 5 
  Bearer State: Active 
  IP allocation type: local pool 
  IPv6 allocation type: N/A 
  IP address: 209.165.200.225 
  Framed Routes:                                  Framed Routes Source: RADIUS 
    40.40.41.0      255.255.255.0   106.106.0.5 
    41.40.41.0      255.255.255.0   106.106.0.5 
    43.40.41.0      255.255.255.0   106.106.0.5 
    44.40.41.0      255.255.255.0   106.106.0.5 
    45.40.41.0      255.255.255.0   106.106.0.5 
    46.40.41.0      255.255.255.0   106.106.0.5 
    47.40.41.0      255.255.255.0   106.106.0.5 
    48.40.41.0      255.255.255.0   106.106.0.5 
    49.40.41.0      255.255.255.0   106.106.0.5 
    42.40.41.0      255.255.255.0   106.106.0.5 
  ULI: 
   TAI-ID: 
    MCC: 214  MNC: 365 
    TAC: 0x6789 
   ECGI-ID: 
  MCC: 214 MNC: 365 
    ECI: 0x1234567 
  Accounting mode: None                  APN Selection Mode: Sent by MS 
  MEI: 1122334455667788                  Serving Nw: MCC=123, MNC=765 
  charging id: 257250635                    charging chars: normal 
  Source context: EPC2                   Destination context: ISP1 
 S5/S8/S2b/S2a-APN: cisco.com 
  SGi-APN:   cisco.com 
  APN-OI:    n/a 
  Restoration priority level: n/a 
  traffic flow template: none 
 IMS Auth Service : IMSGx 
  active input ipv4 acl: IPV4ACL         active output ipv4 acl: IPV4ACL 
active input ipv6 acl:                 active output ipv6 acl: 
ECS Rulebase: cisco 
Bearer QoS: 
QCI: 5 
ARP: 0x04 
PCI: 0 (Enabled) 
PL : 1 
PVI: 0 (Enabled) 
MBR Uplink(bps): 0                    MBR Downlink(bps): 0 
GBR Uplink(bps): 0                    GBR Downlink(bps): 0 
PCRF Authorized Bearer QoS: 
QCI: n/a 
ARP: n/a 
PCI: n/a 
PL: n/a 
PVI: n/a 
MBR uplink (bps): n/a                       MBR downlink (bps): n/a 
GBR uplink (bps): n/a                       GBR downlink (bps): n/a 
Downlink APN AMBR: n/a                  Uplink APN AMBR: n/a 
P-CSCF Address Information: 
Primary IPv6  :   n/a 
  Secondary IPv6:   n/a 
Tertiary IPv6 :   n/a 
 Primary IPv4  :   n/a 
  Secondary IPv4:   n/a 
   Tertiary IPv4 :   n/a 
Access Point MAC Address:  N/A 
  pgw c-teid: [0x8000002f] 2147483695    pgw u-teid: [0x8000002f] 2147483695 
  sgw c-teid: [0x50010001] 1342242817    sgw u-teid: [0x60010001] 1610678273 
  ePDG c-teid: N/A                       ePDG u-teid: N/A 
  cgw c-teid: N/A                        cgw u-teid: N/A 
  pgw c-addr: 2002::2:101                pgw u-addr: 209.165.200.232    2002::2:101 
  sgw c-addr: 2002::2:61                 sgw u-addr: 2002::2:61 
  ePDG c-addr: N/A                       ePDG u-addr: N/A 
  cgw c-addr: N/A                        cgw u-addr: N/A 
  Downlink APN AMBR:   16534000 bps    Uplink APN AMBR:   16534000 bps 
Mediation context: None                Mediation no early PDUs: Disabled 
  Mediation No Interims: Disabled        Mediation Delay PBA: Disabled 
  input pkts: 0                                   output pkts: 0 
  input bytes: 0                                  output bytes: 0 
  input bytes dropped: 0                          output bytes dropped: 0 
  input pkts dropped: 0                           output pkts dropped: 0 
  input pkts dropped due to lorc    : 0           output pkts dropped due to lorc    : 0 
  input bytes dropped due to lorc   : 0 
  in packet dropped suspended state: 0            out packet dropped suspended state: 0 
 in bytes dropped suspended state: 0             out bytes dropped suspended state: 0 
  in packet dropped overcharge protection: 0      out packet dropped overcharge protection: 0 
  in bytes dropped overcharge protection: 0       out bytes dropped overcharge protection: 0 
  in packet dropped sgw restoration state: 0      out packet dropped sgw restoration state: 0 
  in bytes dropped sgw restoration state: 0       out bytes dropped sgw restoration state: 0 
 pk rate from user(bps): 0                       pk rate to user(bps): 0 
  ave rate from user(bps): 0                      ave rate to user(bps): 0 
  sust rate from user(bps): 0                     sust rate to user(bps): 0 
  pk rate from user(pps): 0                       pk rate to user(pps): 0 
  ave rate from user(pps): 0                      ave rate to user(pps): 0 
  sust rate from user(pps): 0                     sust rate to user(pps): 0 
  link online/active percent: 65 
  ipv4 bad hdr: 0                                 ipv4 ttl exceeded: 0 
  ipv4 fragments sent: 0                          ipv4 could not fragment: 0 
  ipv4 input acl drop: 0                          ipv4 output acl drop: 0 
  ipv4 bad length trim: 0 
 ipv4 input mcast drop: 0                        ipv4 input bcast drop: 0 
  ipv6 input acl drop: 0                          ipv6 output acl drop: 0 
  ipv4 input css down drop: 0                     ipv4 output css down drop: 0 
  ipv4 input css down drop: 0                     ipv4 output css down drop: 0 
  ipv4 output xoff pkts drop: 0                   ipv4 output xoff bytes drop: 0 
  ipv6 output xoff pkts drop: 0                   ipv6 output xoff bytes drop: 0 
  ipv6 input ehrpd-access drop: 0                 ipv6 output ehrpd-access drop: 0 
input pkts dropped (0 mbr): 0                   output pkts dropped (0 mbr): 0 
  ip source violations: 0                         ipv4 output no-flow drop: 0 
  ipv6 egress filtered: 0 
  ipv4 proxy-dns redirect: 0                      ipv4 proxy-dns pass-thru: 0 
  ipv4 proxy-dns drop: 0 
  ipv4 proxy-dns redirect tcp connection: 0 
  ipv6 bad hdr: 0                                 ipv6 bad length trim: 0 
  ip source violations no acct: 0 
  ip source violations ignored: 0 
  dormancy total: 0                               handoff total: 0 
  ipv4 icmp packets dropped: 0 
  APN AMBR Input Pkts Drop: 0                     APN AMBR Output Pkts Drop: 0 
  APN AMBR Input Bytes Drop: 0                    APN AMBR Output Bytes Drop: 0

Monitoring and Troubleshooting the Routing Behind the Mobile Station

Routing Behind the Mobile Station Show Command(s) and/or Outputs

show apn name <apn_name> 

... 
proxy-mip: Disabled 
proxy-mipv6: Disabled 
proxy-mip null-username static home address: Disabled 
Network Behind Mobile Station: Enabled 
Maximum subnets behind Mobile station: 10 
Maximum Addresses Behind Mobile Station:  16777214 
Tunnel peer load-balancing : random 
L3-to-L2 tunnel address-policy no-alloc-validate 
tunnel address-policy alloc-validate 
NPU QoS Traffic Priority: Derive from packet DSCP