UPF supports dynamic Advice of Charge (AoC) redirections with URL provided by Online Charging System (OCS). This redirection is performed for a particular Service ID/Rating Group combination without affecting the flows mapped to other Service ID/Rating Group combinations.

For redirection to an AoC or top-up server, the UPF appends the original HTTP URL to the redirected session. To append the original URL for redirection, the OCS indicates to the CP and UP by specifying a special "?" character to the end of the AoC redirection. The redirect URL will be appended with the original URL information using the token name configured with the diameter redirect-url-token command under the Credit Control Configuration mode. The AoC server redirects the user to the original location on completion of AoC.

For more information, refer to the FUI Redirection chapter in the UPC CUPS User Plane Administration Guide.

In CUPS, Sx association flaps occur on the Control Plane (CP) due to delay in processing Sx queue and messenger queue at CP Sx demux. The flaps occur during simultaneous User Plane (UP) registrations with multiple egress contexts. CUPS overcomes this scenario by establishing Sx in groups after CP reboot.

Previous Behavior: During scaled setup, the Sx flap had simultaneous UP registrations.

New Behavior: CUPS supports UP registrations at the rate of 1000 per second with a pacing of 1 ms between subsequent UP registration requests.

Customer Impact: Sx flaps require reregistration of UP.

Important

You must ensure to add the update ip-pool apn all CLI command in the CP configuration, and run it after load or reload. The update ip-pool apn all command is mandatory and must be part of any CP load or reload instances. Otherwise, IP chunking to UPs may not be successful.

In the CUPS Secondary RAT Usage records scenario where the configured number of Secondary RAT Usage records are received at CP, the CP sends the query URR to UP to get the current usage report. The CP generates the PGW-CDR on receipt of the usage report.

Previous Behavior: During load conditions, if more Secondary RAT Usage Reports are received at CP before receiving the usage report from UP, the Secondary RAT Usage records reported in PGW-CDR could be more than the configured limit.

New Behavior: During load conditions, if more Secondary RAT Usage Reports are received at CP before receiving the usage report from UP, the last Secondary RAT Usage record merges with the subsequent records received until the usage report from UP. In normal scenarios, the records reported are within the configured limit. If there is a delay in the usage report due to load conditions, the last record could be bulky.

Customer Impact: There is no impact on charging. With the new behavior, the last Secondary RAT Usage record might be bulky instead of a granular report.

The RCM VM kubernetes container runtime docker is removed and replaced with containerd .

Previous Behavior: The CLI docker was present in the RCM VM.

New Behavior: The docker CLI is replaced with nerdctl CLI. However, as a convenience, the term "docker" has been made an alias for nerdctl --namespace k8s.io .

Also, two new low-level commands crictl and ctr are introduced.

Customer Impact: There is no change in the behavior of containerd . However, any customized script using the docker CLI needs to be changed accordingly.

Previous Behavior: There were no CLIs available for the users to clear or display the neighbor VPPs of any IPv4 or IPv6 address.

New Behavior: 4 new CLIs are introduced to allow the users to clear and display the neighbor VPPs of any IPv4 or IPv6 address.

Customer Impact: The user will be able to clear IP ARPs and neighbors on UPF now.

2 new CLIs are introduced for clearing neighbor VPPs and 2 new CLIs are introduced for displaying the neighbor VPPs.

To clear IPv4 address neighbor VPPs, execute following command:

clear ip neighbors vpp port port-number vlan vlan_tagid 

To clear IPv6 address neighbor VPPs, execute following command:

clear ipv6 neighbors vpp port port-number vlan vlan_tagid 

NOTES:

• vpp—It clears ARP and neighbor table from the VPP for this context.

• port port_number—Slot or port number of the neighbor VPP.

• vlan vlan_tagid—It clears the VLAN NPU counters. It must be followed by VLAN tag ID.

To display IPv4 address neighbor VPPs, execute following command:

show ip neighbors vpp

To display IPv6 address neighbor VPPs, execute following command:

show ipv6 neighbors vpp

Example Configuration

Following is the example configuration for clearing IPv4 address neighbor VPPs:

clear ip neighbors vpp port 1/10 vlan 110 192.168.110.57

Following is the example configuration for clearing IPv6 address neighbor VPPs:

clear ipv6 neighbors vpp port 1/11 vlan 110 fd4d:5643:2886:6e::59:1

Following is the example configuration for displaying IPv4 address neighbor VPPs:

show ip neighbors vpp
 Time             IP             Flags     Ethernet             Interface                 slot/port
 6493.6096     192.168.110.57     D     00:1b:21:87:13:2d     TenGigabitEthernet0/6/0.110   1/10

Following is the example configuration for displaying IPv6 address neighbor VPPs:

show ipv6 neighbors vpp
 Time                     IP             Flags     Ethernet                 Interface                 slot/port
 13089.7977     fe80::250:56ff:fe87:af30    D     00:50:56:87:af:30     TenGigabitEthernet0/7/0.110     1/11 (ifc-6)
 13291.8022     fe80::be16:65ff:fe3d:6b43   D     bc:16:65:3d:6b:43     TenGigabitEthernet0/7/0.110     1/11 (ifc-6)
 13327.3504     fd4d:5643:2886:6e::59:1     D     00:50:56:87:af:30     TenGigabitEthernet0/7/0.110     1/11 (ifc-6)

Previous Behavior: The planned UPF switchover timers were not configurable.

New Behavior: The planned UPF switchover timers are now configurable.

The configured value of the pending standby timer in UP must be greater than or equal to the planned switchover timer value in UPF. The condition for these timers is defined only in UP.

Command Changes

To configure the timers in UPF, use the following comfiguration:

configure 
   rcm-service rcm_svc_name 
      pending-standby-timeout pending_timer_value 
      planned-standby-timeout planned_timer_value 
      exit 

NOTES:

• pending-standby-timeout pending_timer_value —Specify the pending standby timeout, in seconds. This timer is applicable only when UPF is in the Source UPF role. If the source UPF does not receive Standby state from RCM within this timeout period, it will revert back to Active from Pending Standby.

  pending_timer_value is an integer from 300 to 3600. Default: 300 seconds.

• planned-standby-timeout planned_timer_value —Specify the planned switchover timeout, in seconds. This timer is applicable only when UPF is in the Destination UPF role. Destination UPF will reload if the planned UPF switchover does not complete within this timeout period.

  planned_timer_value must be an integer from 300 to 3600. Default: 300 seconds.

To configure the timers in RCM, use the following configuration:

config 
   k8 smf profile rcm-config-ep swo-timeouts { pre-switchover preswitchover_timer_value | stage1-chkpt-flush stage1flush_timer_value | stage2-chkpt-flush stage2flush_timer_value } 
   exit 

NOTES:

• pre-switchover preswitchover_timer_value —Specify the Source UPF preswitchover check timer in seconds. The planned UPF switchover will be aborted on timeout.

  preswitchover_timer_value is an integer from 15 to 3600. Default: 15 seconds.

• stage1-chkpt-flush stage1flush_timer_value —Specify the stage 1 checkpoint flush from Source UPF to CheckpointMgrs, in seconds. The planned UPF switchover will be aborted on timeout. The Source UPF will be reverted to Active and Destination UPF will be reloaded.

  stage1flush_timer_value is an integer from 15 to 3600. Default: 15 seconds.

• stage2-chkpt-flush stage2flush_timer_value —Specify the stage 2 checkpoint flush from Source UPF to CheckpointMgrs, in seconds. Failure or timeout of stage 2 checkpoint flush does not fail the planned UPF switchover.

  stage2flush_timer_value is an integer from 10 to 3600. Default: 10 seconds.

CUPS (control plane and user plane) using VPC-SI supports VMware Release 7. CUPS uses the VMware-based deployments as an alternate deployment model to reduce cost and complexity.

For more information, refer to the Ultra Packet Core CUPS Control Plane Administration Guide or Ultra Packet Core CUPS User Plane Administration Guide.

CUPS supports the VMware-based deployment model on VMware ESXi 6.7, VMXNET3 for GW-C, and PCT-PT for GW-U for Intel 6248R CPU.

For more information, see the Ultra Packet Core CUPS Control Plane Administration Guide or Ultra Packet Core CUPS User Plane Administration Guide.

Previous Behavior: Previously DDN was not getting triggered for RA packets. Due to this, when the UE was in the idle state, it was not receiving any packets. Therefore, the packets and bandwidth were getting wasted at that time.

The CUPS-DI systems uses Galois/Counter Mode (GCM) encryption algorithm for DI-Net traffic encryption. The GCM algorithm replaces Advanced Encryption Standard Cipher Block Chaining (AES CBC) algorithm for better data protection and integrity.

Note	The change in encryption algorithm requires a system reload.

The new encryption algorithm is configurable via boot parameter file. The GCM algorithm supports an authenticated encryption mode. On the decrypting side, GCM uses Additional Authentication Data (AAD) to authenticate the payload.

For more information, see the DI-Net Encryption chapter in the Ultra Packet Core CUPS Control Plane Administration Guide or Ultra Packet Core CUPS User Plane Administration Guide.

CUPS supports enrichment of EDNS requests to enrich and readdress DNS requests of subscribers who are subscribed to the parental control service.

When a subscriber subscribes to a parental control service, DNS requests by the subscriber are enriched with additional information (IMSI, MSISDN, APN) and readdressed to the dedicated DNS server for appropriate analysis and treatment. This additional information is configurable through an eDNS format that specifies different fields (tag values). These fields are encoded and appended to the DNS request header.

For more information, refer to the EDNS Enrichment chapter in the UPC CUPS User Plane Administration Guide.

Previous Behavior: The statistics DNS to EDNS in the show command show subscriber user-plane-only full all and EDNS Encode Success in the show command show user-plane-service statistics analyzer name dns were incremented for uplink TCP control packets or uplink UDP packets with no application data.

New Behavior: The statistics DNS to EDNS and EDNS Encode Success do not get incremented for TCP control packets or UDP packets with no application data.

Previous Behvaior: If a Modify Bearer Request (MBR) on the S11 interface was received with IMSI, there was no validation check to find whether the tunnel on which the message was received belonged to the same IMSI.

New behavior: A validation check is now available to find if the Modify Bearer Request on the S11 interface is received with IMSI and the tunnel on which the message is received belongs to the same IMSI or not. In case the MBR received with a valid TEID is for a different IMSI, Modify Bearer Response is sent with cause "Context Not Found".

Customer Impact: There is a possibility for Modify Bearer Rejection .

The RCM configuration on CUPS UP must include encrypted public and private keys to secure the LI information. When this feature is enabled, the LI information that the RCM receives is in encrypted format.

Important

The users of CUPS UP running the trusted builds must enable this feature. Otherwise, recovery is not supported for LI functionality.

All UPs (both active and standby) should have the same set of public and private keys. Active UP uses public key to encrypt the LI information before sending to RCM. Standby UP uses the private key to decrypt the information received from RCM. If keys are not present in active UP running the trusted build, LI information is not sent to RCM and it impacts the LI recovery functionality. Non-trusted build, with no key configuration, continue sending LI information as plain binary.

Important

The keys once configured, cannot be removed.

For more information, refer to the Lawful Intercept in CUPS chapter in the CUPS LI Guide.

In StarOS, if the password is not reset before the expiration date, you get locked out from the configured gateways. You are allowed to log on back only when the administrator resets the password manually.

Previous Behavior: When the StarOS login password is about to expire, only a warning message was displayed during login attempt. This caused disruption in the RCM workflow and the warning message was disabled for the RCM workflow.

New Behavior: A PasswordExpiryNotification SNMP trap is generated daily every 24 hours during the warning interval before password expiry.

Customer Impact: The SNMP trap gets generated every 24 hours along with the warning message.

For more information, see the Password Expiration Notification chapter in the VPC-SI System Administration Guide.

Previous Behavior: When the existing flow (in any state) gets on-loaded due to any control event or any other reason, it again evaluates if the system is in overload or self-protection mode. If the system is in either of states, the stream goes into the state. Therefore, the packets were getting droppped.

New Behavior: When the system is in Self-protection (overload) mode and the existing flow gets on-loaded due to any control event, in such cases there will not be any change to flow/streams.

To avoid generation of empty EDRs, CUPS supports the following functions:

• For TCP, the non-SYN packets for NAT subscribers will be dropped without creating a new flow.

• For UDP, the packets will be buffered while IP allocation is in progress and will be processed once IP allocation is complete.

Previous Behavior: Each non-SYN TCP packet created a flow and generated an empty EDR when the packet got dropped due to NAT or Firewall, and the flow was cleared. The UDP packets of new flows were dropped while NAT IP allocation was in progress for a subscriber.

New Behavior: For a NAT-enabled subscriber, the non-SYN TCP packet will be dropped without creating a flow. The UDP packets of new flows will not be dropped while NAT IP allocation is in progress for a subscriber. These packets will be buffered and processed once NAT IP allocation is successful.

Previous Behavior: During the Initial Attach procedure, the SGW-S5U interface is configured with IPv4v6 and the PGW-S5U interface is configured with IPv4 as part of the GTPU configurations. The PGW-C does not recognize the interface details of PGW-S5U. The Sx Session Establishment Request that is initiated from CP includes the GTP-U/UDP/IPv6 Outer Header Removal (OHR) in Create PDR and a similar Outer Header Creation (OHC) in Create Far. This results in a mismatch of IE in UP and the Sx Session Establishment Request gets rejected due to which the call fails with the OUTER_HDR_REMOVAL value as PFCP_CAUSE_MANDATORY_IE_INCORRECT.

New Behavior: PGW-U supports common OHR and OHC types for IPv4 and IPv6 based on PGW-U interfaces. GTP-U/UDP/IPv6 support is added for OHR and IPv4v6 support is added for OHC.

Customer Impact: None.

For more information, see the International Roaming chapter in the Ultra Packet Core CUPS Control Plane Administration Guide or Ultra Packet Core CUPS User Plane Administration Guide.

In a VM-based RCM deployment the Kubernetes version is upgraded to 1.30.1.

Monitoring and Troubleshooting

If the Calico CNI pod does not start post Kubernetes upgrade on the VM-based RCM, perform the workaround steps:

1. Check if the interface specified in /etc/netplan/50-cloud-init.yaml is assigned to IPv4 address on the boot.

   Note	It is recommended to assign the IPv4 address through DHCP.

2. If the calico pod does not start, run ifconfig -a to find the RCM VM physical interface.

3. Add a manual IP address through cloud-init network configuration.

4. Redeploy the RCM VM with manual IP address allocation.

CUPS supports S8HR LI application heartbeat messages to be sent from BBIFF to LMISF at periodic intervals. This feature avoids IPsec tunnel termination or TCP socket clearance in the firewall present between BBIFF and LMISF. The keepalive message is sent on both the Xia and Xib interfaces.

This feature is configurable and the command must be executed only on CP. If executed on UP, it throws an error.

Previous Behavior: An IPsec tunnel connects the BBIFF to the firewall when in between BBIFF and LMISF. When the idle timer expires, the firewall clears the port map, resulting in termination of the IPsec tunnel or clearance of TCP sockets.

New Behavior: BBIFF sends a new unidirectional keepalive message to LMISF periodically after a configurable time interval. This avoids IPsec tunnel termination or TCP socket clearance in the firewall present between BBIFF and LMISF.

For more information, contact your Cisco Account representative.

This feature increases the limit for the number of User Plane (UP) groups in the IP pool management policy. The maximum number of UP groups allowed in each IP pool management policy is 100. For more information, refer to the Limitation section of the DNS-based UP Selection chapter in the UPC CUPS User Plane Administration Guide.

Previous Behavior: When the Update Bearer Response included User Location Information (ULI) and the gtpp trigger uli was enabled, there was no Query URR initiated in the Sx Session Modification Request towards the User Plane.

New Behavior: When the Update Bearer Response includes either User Location Information (ULI) or TimeZone (TZ), and the gtpp trigger uli or gtpp trigger ms-timezone-change is enabled, the Query URR is initiated in the Sx Session Modification Request towards the User Plane.

Customer Impact: The Control Plane may send a new Information Element (IE) of Query URR within the existing message when sending the Sx Session Modification Request upon receiving the Update Bearer Response.

If there is no update required for the User Plane and only ULI or TZ is present, the Control Plane can explicitly trigger an Sx Session Modification Request towards the User Plane to query URR .

Previous Behavior: For user plane service and Sx-u service, the GTPU peers were freed only after reaching one million peers.

New Behavior: For user plane service and Sx-u service, the GTPU peer entries will be removed when they become inactive. This happens after the last session associated with a GTPU peer is terminated.

Customer Impact: The user might observe differences in the output of CLI commands related to GTPU peers. Since only active peers remain in the system, the information displayed will pertain to that of active peers. This change will reduce the memory usage of GTPU manager.

After Cisco SSH or SSL upgrade, the port number behavior has changed for the EDR-module configuration.

Previous Behavior: In the EDR-module configuration, the default SFTP port number "0" was selected automatically and connected to port 0 when colon was specified.

For example:

cdr transfer-mode push primary url sftp://root:starent@192.0.2.1:/root/EDR/ via local-context

New Behavior: The EDR-module configuration allows the new default SFTP port number "22" or disallow the port number without specifying a colon.

If colon is specified after host, the port number is mandatory. The default SFTP port number is 22. If colon is not specified after host, the port number need not be entered and the default SFTP port number is used.

For example:

cdr transfer-mode push primary url sftp://root:starent@192.0.2.1:22/root/EDR/ via local-context (with default SFTP port number)

cdr transfer-mode push primary url sftp://root:starent@192.0.2.1/root/EDR/ via local-context (without colon)

For more information about cdr command, see the EDR Module Configuration Mode Commands chapter in the Command Line Interface Reference Guide.

CUPS supports the new standard Quality of Service Class Identifier value (QCI) 67 in addition to the existing values 65, 66, 69 and 70.

This QCI 67 feature supports the following functionality:

• Creates, delets, and updates Dynamic rules from PCRF.

• Creates and deletes Pre-defined rules.

• Allows LTE to Wi-Fi HO for Bearer with QCI.

• Supports S2B/S2A HO with MC QCIs.

• Supprts Bulkstats for APN and SAEGW.

• MC-QCI values supports X-header insertion, DSCP marking, and EDRs.

For more information, refer to the Standard QCI support chapter in the Ultra Packet Core CUPS User Plane Administration and Ultra Packet Core CUPS Control Plane Administration Guides.

Use the qci-qos-mapping CLI command to configure the DSCP marking for QCI.

config 
   qci-qos-mapping name  
      qcinum { gbr }  [ { downlink | uplink } [ user-datagram dscp-marking dscp-marking-value ][ encaps-header { copy-inner | copy-outer | dscp-marking dscp-marking-value ] ] 
    end 

NOTES:

• qcinum : Specify standard QoS Class Identifier between 1-9, 65,66,67,69,70,80,82,83 - integer 1..83.

• gbr: Specifies that this QCI type is Guaranteed Bit Rate (GBR).

• downlink: Configures parameters for downlink traffic.

• uplink: Configures parameters for uplink traffic.

• encaps-header { copy-inner | copy-outer | dscp-marking dscp-marking-value} : Specifies that the DSCP marking must be set on the encapsulation header for IP-in-IP, GRE, or GTP encapsulation.

  • copy-inner : Specifies that the DSCP marking is to be acquired from the UDP headers within the encapsulation.

  • copy-outer used to copy the DSCP value coming in the data packet from S1u interface to the data packet sent on the S5 interface and vice-versa.

  • dscp-marking dscp-marking-value : Specifies that the DSCP marking is to be defined by this keyword.

    dscp-marking-value is expressed as a hexadecimal number from 0x00 through 0x3F.

• user-datagram dscp-marking dscp-marking-value : Specifies that the IP DSCP marking is to be defined by this keyword.

  dscp-marking-value is expressed as a hexadecimal number from 0x00 through 0x3F.

This section provides information regarding monitoring and troubleshooting the feature.

The RCM checkpoint manager now supports aggregate counters for endpoint statistics and Prometheus metrics.

Previous Behavior: RCM supported checkpoint statistics at the session level only.

New Behavior: RCM supports aggregate counters at the checkpoint-manager instance level under thercm endpointstats checkptmgr CLI command and Prometheus metrics.

Customer Impact: The customer can view the new counters in the output of the endpoint statistics command.

The output of the rcm show-statistics bfdmgr command displays additional information.

Previous Behavior: The rcm show-statistics bfdmgr command displayed the following information:

• The minRx and minTx values in microseconds

• The locally configured multipier

• No down detect time

New Behavior: The updated rcm show-statistics bfdmgr command displays the following information:

• The minRx and minTx values in milliseconds

• The remotely configured multiplier when the BFD state is STATE_UP

• The down detect time in milliseconds

Customer Impact: The updated software displays the additional information. The rcm show-statistics bfdmgr command also displays values negotiated by both locally configured Tx/Rx and remotely configured Rx/Tx.

RCM uses Cisco SSL instead of OpenSSL.

Previous Behavior: The RCM VM and rcm-strongswan pod used the following OpenSSL version:

OpenSSL 1.1.1f 31 Mar 2020

New Behavior: The RCM VM and rcm-strongswan pod uses the following Cisco SSL version:

CiscoSSL 1.1.1q.7.2.440

CUPS supports a new CLI command to add a route-map under VPNv6 address-family.

Previous Behavior: CUPS did not support the capability to add a route-map under VPNv6 address-family.

New Behavior: CUPS supports the route-map option CLI command under the BGP Address-Family Configuration mode to apply a route-map.

To apply the route-map to a neighbor, use the following configuration:

configure 
   context context_name 
      router bgp as_number 
         address-family vpnv6 
            neighbor route-map map_name { in | out } 
            end 

NOTES:

• address-family vpnv6 : Configure the IPv6 VPN address family configuration parameters for BGP router.

• neighbor route-map map_name { in | out } : Specify the route map to apply to a neighbor. map_name must be the name of an existing route-map in the current context.

  • in : Indicates that the route map applies to incoming advertisements.

  • out : Indicates that the route map applies to outgoing advertisements.

The RCM supports a combination of both ZLib and LZ4 compression algorithms. For M:N redundancy model, ZLib is the default algorithm that is used to compress the session checkpoint information from UPF to RCM.

In the SRP-based model, the user can choose either of the two compression algorithms for session checkpointing.

Important

For data compression and decompression to work, both active and standby UPs must be configured with the same algorithm.

Use the checkpoint session compression lz4 CLI command in RCM configuration mode to enable the use of LZ4 compression algorithm. You can also revert the compression algorithm to zlib using the checkpoint session compression zlib CLI command.

The following command sequence enables the use of LZ4 compression:

configure 
   context context_name 
      redundancy-configuration-module rcm_name  
         checkpoint session compression lz4 
         end 

NOTES:

• checkpoint session compression : Enables compression of checkpointed session information.

• checkpoint session compression lz4 : Compresses the checkpointed session information using algorithm - lz4.

For detailed configuration steps, see the Configuring LZ4 Compression Algorithm section in the UPC CUPS User Plane Administration Guide.

Previous Behavior: If there was any invalid monitor configuration in Sx endpoints, SNMP traps do not get triggered.

New Behavior: UPF supports the following two SNMP traps to detect misconfiguration in Sx endpoints:

• NotAllSxMonitorsUp—This SNMP trap is sent whenever Sx monitor is configured.

  The following conditions apply at the time of Sx monitor installation:

  1. If an Sx peer is not configured or misconfigured in the Control Group (CG), the generated trap remains as NotAllSxMonitorsUp.

  2. If an Sx peer is configured in the CG and Sx association is Down, the generated trap remains as NotAllSxMonitorsUp.

  3. If an Sx peer is configured in the CG and Sx association is Up, then configured Sx monitors are checked. If any Sx monitor has the NOT STATUS_UP status, the trap generated remains as NotAllSxMonitorsUp. Otherwise, the AllSxMonitorsUp trap is generated.

  4. If an Sx peer is not configured or misconfigured in the CG but the peer is subsequently configured in CG, then the preceding points 2 and 3 will apply.

• AllSxMonitorsUp—When an Sx monitor sends the Sx association status (up or down), the configured Sx monitors are reviewed. If an Sx monitor has the NOT STATUS_UP status, the NotAllSxMonitorsUp trap is generated. Otherwise, the AllSxMonitorsUp trap is generated.

Customer Impact: The new SNMP traps allow easy debugging.

The X-Header Enrichment feature appends headers to HTTP or WSP GET and POST request packets, and HTTP Response packets. This feature is used by end applications for mobile advertisement insertion (MSISDN, IMSI, IP address, and so on).

This release supports spoofing detection in X-header fields using a configurable CLI. The delete-existing keyword option is added under the xheader-format command to enable spoofing detection.

For more information, see the X-Header Insertion and Encryption chapter in the Ultra Packet Core CUPS Control Plane Administration Guide and Ultra Packet Core CUPS User Plane Administration Guide.

The delete-existing option is added to the insert command in the X-Header Format Configuration mode.

The delete-existing option enables spoofing detection in X-header fields. The X-header field configured with this keyword will be removed from the HTTP header if it already exists, and only the gateway inserted field will remain. By default, anti-spoofing is disabled. and if required, should be enabled at a field level.

To configure an X-header format, use the following configuration:

configure  
   active-charging service ecs_service_name 
      xheader-format xheader_format_name 
         insert xheader_field_name string-constant xheader_field_value | variable { bearer { 3gpp { apn | charging-characteristics | charging-id | imei | imsi | qos | rat-type | s-mcc-mnc | sgsn-address } | acr | customer-id | ggsn-address | mdn | msisdn-no-cc | radius-string | radius-calling-station-id | session-id | sn-rulebase | subscriber-ip-address | username } [ encrypt ]  [ delete-existing ]  | http { host | url } } 
         end 

TCP hardening between RCM and UPF is supported with this release. As part of RCM checkpoint manager hardening, UPF supports the heartbeat mechanism between UP sessmgr and RCM checkpoint manager. This feature provides CLI support to enable or disable TCP hardening between RCM and UPF.

Previous Behavior: TCP hardening was not supported and not configurable.

New Behavior: Use the following CLI commands to configure the heartbeat mechanism:

• To enable or disable sending the heartbeat from UP sessmgr to RCM checkpointmgr, use the following command in the Context > Redundancy-Configuration-Module mode. This command is disabled by default.

  up-sm-heartbeat { disable | enable }

  To verify the configuration, use the show config context context_name command.

• To enable or disable heartbeat from RCM to active or standby UPF, use the following command in RCM Ops-center. This command is disabled by default.

  k8 smf profile rcm-config-ep enable-up-heartbeat { false | true }

Customer Impact: The heartbeat mechanism addresses the intermittent issues of TCP connectivity with UP sessmgr and RCM checkpoint managers.

For more information, refer to the UCC 5G RCM Configuration and Administration Guide.

Tunnel Endpoint Identifier (TEID) collisions support the Multiple Operator Core Network (MOCN) scenario on CUPS. During TEID collision, P-GW or GGSN allocates a TEID to a home subscriber. In case of a stale session, in an S-GW or SGSN, the same TEID that is allocated by P-GW or GGSN, is allocated to a roaming subscriber.

To eliminate this scenario, CUPS supports TEID Collision with User Location Information (ULI) change to reject a request by configuring P-GW and GGSN when TEID collision occurs. This feature allows comparison only with Mobile Country Code (MCC) instead of comparison with MCC and Mobile Network Code (MNC). This feature supports the MOCN scenario on GGSN, P-GW, and SAEGW.

For more information, refer to the TEID Collision Handling during MOCN chapter in the Ultra Packet Core CUPS Control Plane Administration Guide.

While selecting a UP, the CP can rule out if a UP is down or in the overload state. When a UP is in normal load state, it connects with the CP, or it rejects the call if the UP is in overload state.

However, due to some issues (such as configuration, software, or interface down issues) at the UP, it rejects the calls even if it is in the normal load state.

This feature enhances the UP selection mechanism by marking the UP as "Busy-Out" in case of high volumes of call failures. This keeps the specific UP out of repeated selections and therefore improves the overall user experience.

Handling the UP selection during the session creation failures requires the operator to configure the parameters that are required for computing the Rejection Rate using following new context configuration under Sx-service:

[ no ] exclude-user-plane minimum-call-failures min_callfail failure-threshold-percentage fail_threshold_percentage failure-rejection-interval fail_reject_int

For more information on UP Selection During Session Creation Failures, refer to the User Plane Selection chapter in the Ultra Packet Core CUPS Control Plane Administration Guide, Release 21.28 .

Previous Behavior: UPF recalculated the URR volume quota values as per the usage after UP recovery.

New Behavior: The volume quota values provided by OCS must be the same after UP recovery.

Previous Behavior: The show subscribers [ tx-data | rx-data | idle-time ] and clear subscribers [ tx-data | rx-data | idle-time ] CLI commands were executed on both user plane and control plane.

New Behavior: The show subscribers [ tx-data | rx-data | idle-time ] and clear subscribers [ tx-data | rx-data | idle-time ] commands are specific to user plane. If these commands are executed on control plane, they will not be processed and CP displays a warning message.

The following is a sample warning message that displays when you configure the show subscribers rx-data or clear subscribers rx-data command:

Warning: rx-data option not relevant on CUPS-CP platform. Please use this option on the UP side

The VPC-DI Control Plane supports Cisco UCS C220 M6 server on the RHOSP.

For more information about the Hardware and Software configurations, refer the VPC-DI System Administration Guide.