Configuring User Plane in CUPS

This section describes the CLI commands available to configure User Plane in CUPS.

Important

For information related to following configurations, refer the Ultra Packet Core CUPS Sx Interface Administration and Reference Guide:

Configuring Sx Service for CUPS
Configuring Sx-u Interface for CUPS
Configuring Sx Demux for CUPS

Important

The following configuration limit applies in CUPS:
- Rulebase - 512
- Ruledef - 2500
- Charging-action - 2048
The following CLI command is not recommended to be used, with active subscriber sessions, in production environment: no active-charging service service_name

Configuring User Plane Service

Use the following CLI commands to configure the User Plane service.

configure 
   context context_name 
      [ no ] user-plane-service service_name 
      end

NOTES:

user-plane-service service_name : Creates the specified User Plane service name to allow configuration of User Plane service. The service_name is a mandatory parameter to define the User Plane service.
[ no ] user-plane-service service_name : Removes the User Plane service from the particular context.
By default, the CLI is disabled.

Starting a User Plane Service

The following minimum and critical parameters must be configured to start the User Plane service:

One Sx-Service.

Three GTP-U Services of interface type P-GW ingress, S-GW-ingress, and S-GW-egress.

Important

Removal or change of any critical parameters from User Plane service results in the User Plane service getting stopped.

The services that are associated with User Plane service should be in running mode. Else, stop in any associated service triggers stopping of User Plane service.

Associating GTP-U Service with User Plane Service

To associate the GTPU service with the User Plane service, execute the following CLI commands:

configure 
   context context_name 
      user-plane-service service_name 
      [ no ] associate gtpu-service gtpu_service_name { pgw-ingress | sgw-ingress | sgw-egress } 
      end

NOTES:

no : Removes association of GTP-U service with the specified interface type from User Plane service.
associate : Associates User Plane service with GTP-U service.
gtpu-service gtpu_service_name : Specifies the GTP-U service for the User Plane service.
pgw-ingress : Configures the interface type as P-GW ingress.
sgw-ingress : Configures the interface type as S-GW ingress.
sgw-egress : Configures the interface type as S-GW egress.
By default, this command is disabled.

Associating Sx Service to User Plane Service

Use the following CLI commands to associate Sx service with User Plane service.

configure 
   contextcontext_name 
      user-plane-service service_name 
         associate sx-service sx_service_name 
         no associate sx-service 
         end

NOTES:

no : Removes association of Sx service from User Plane service.
Associating Sx service with User Plane service is a mandatory parameter.
By default, this CLI command is disabled.

Recommended Timers

The following table provides the recommended timer values for CLI commands related to IPSec, Sx, and SRP.


IPSEC	CP	UP
ikev2-ikesa max-retransmission	`3`	`3`
ikev2-ikesa retransmission-timeout	`1000`	`1000`
keepalive	interval `4` timeout `1` num-retry `4`	interval `5` timeout `2` num-retry `4`
Sx	CP	UP
sx-protocol heartbeat interval	`10`	`10`
sx-protocol heartbeat retransmission-timeout	`5`	`5`
sx-protocol heartbeat max-retransmissions	`4`	`4`
sxa max-retransmissions	`4`	`4`
sxa retransmission-timeout-ms	`5000`	`5000`
sxb max-retransmissions	`4`	`4`
sxb retransmission-timeout-ms	`5000`	`5000`
sxab max-retransmissions	`4`	`4`
sxab retransmission-timeout-ms	`5000`	`5000`
sx-protocol association reattempt-timeout	`60`	`60`
SRP	CP	UP
hello-interval	`3`	`3`
dead-interval	`15`	`15`

Recommended Configurations

Following are the recommended configurations and restrictions related to Sx and SRP over IPSec:

The multihop BFD timer between CP and UP must be seven seconds (for Data UPs).
The singlehop BFD must be enabled on all the contexts (CP GW/Billing and UP Gn/Gi).
Inter-chassis multihop BFD must be enabled for CP-CP ICSR and UP-UP ICSR (IMS UP).
The SRP-IPSec ACL must be configured for TCP protocol instead of IP protocol.
The Sx-IPSec ACL must be configured for UDP protocol instead of IP protocol.

Example Configurations in CP

Multihop BFD Configuration VPC-DI

The following is an example of multihop BFD configuration with seven seconds timer.

bfd-protocol
      bfd multihop-peer 209.165.200.226 interval 350 min_rx 350 multiplier 20
      bfd multihop-peer 209.165.200.227 interval 350 min_rx 350 multiplier 20
      bfd multihop-peer 209.165.200.225 interval 350 min_rx 350 multiplier 20
      bfd multihop-peer 209.165.200.230 interval 350 min_rx 350 multiplier 20
      bfd multihop-peer 209.165.200.228 interval 350 min_rx 350 multiplier 20
      bfd multihop-peer 209.165.200.229 interval 350 min_rx 350 multiplier 20
    #exit

Multihop BFD Configuration VPC-SI

The following is an example of multihop BFD configuration with three seconds timer.

bfd-protocol
      bfd multihop-peer 209.165.200.226 interval 150 min_rx 150 multiplier 20
      bfd multihop-peer 209.165.200.227 interval 150 min_rx 150 multiplier 20
      bfd multihop-peer 209.165.200.225 interval 150 min_rx 150 multiplier 20
      bfd multihop-peer 209.165.200.230 interval 150 min_rx 150 multiplier 20
      bfd multihop-peer 209.165.200.228 interval 150 min_rx 150 multiplier 20
      bfd multihop-peer 209.165.200.229 interval 150 min_rx 150 multiplier 20
    #exit

BGP Configuration

The following is an example of BGP configuration with recommended timers.

router bgp 1111
      router-id 209.165.200.225
      maximum-paths ebgp 15
      neighbor 209.165.200.250 remote-as 1000
      neighbor 209.165.200.250 ebgp-multihop
      neighbor 209.165.200.250 update-source 209.165.200.225
      neighbor 1111:2222::101 remote-as 1000
      neighbor 1111:2222::101 ebgp-multihop
      neighbor 1111:2222::101 update-source 1111:2222::1
      bgp graceful-restart restart-time 120
      bgp graceful-restart stalepath-time 300
      timers bgp keepalive-interval 30 holdtime-interval 90 min-peer-holdtime-interval 0 server-sock-open-delay-period 10
      address-family ipv4
        redistribute connected
      #exit
      address-family ipv6
        neighbor 1111:2222::101 activate
        redistribute connected
      #exit
    #exit

Singlehop BFD Configuration

The following is an example of singlehop BFD configuration with three seconds timer.

interface bgp-sw1-2161-10
      ip address 209.165.200.233 209.165.200.255
      ipv6 address 1111:222::9/112 secondary
      bfd interval 999 min_rx 999 multiplier 3
    #exit
    interface bgp-sw1-2161-11
      ip address 209.165.200.234 209.165.200.255
      ipv6 address 1111:222::10/112 secondary
      bfd interval 999 min_rx 999 multiplier 3
    #exit
    interface bgp-sw1-2161-12
      ip address 209.165.200.235 209.165.200.255
      ipv6 address 1111:222::11/112 secondary
      bfd interval 999 min_rx 999 multiplier 3
    #exit
    interface bgp-sw1-2161-3
      ip address 209.165.200.226 209.165.200.255
      ipv6 address 1111:222::2/112 secondary
      bfd interval 999 min_rx 999 multiplier 3
    #exit
    interface bgp-sw1-2161-4
      ip address 209.165.200.227 209.165.200.255
      ipv6 address 1111:222::3/112 secondary
      bfd interval 999 min_rx 999 multiplier 3
    #exit
    interface bgp-sw1-2161-5
      ip address 209.165.200.228 209.165.200.255
      ipv6 address 1111:222::4/112 secondary
      bfd interval 999 min_rx 999 multiplier 3
    #exit
    interface bgp-sw1-2161-6
      ip address 209.165.200.229 209.165.200.255
      ipv6 address 1111:222::5/112 secondary
      bfd interval 999 min_rx 999 multiplier 3
    #exit
    interface bgp-sw1-2161-7
      ip address 209.165.200.230 209.165.200.255
      ipv6 address 1111:222::6/112 secondary
      bfd interval 999 min_rx 999 multiplier 3
    #exit
    interface bgp-sw1-2161-8
      ip address 209.165.200.231 209.165.200.255
      ipv6 address 1111:222::7/112 secondary
      bfd interval 999 min_rx 999 multiplier 3
    #exit
    interface bgp-sw1-2161-9
      ip address 209.165.200.232 209.165.200.255
      ipv6 address 1111:222::8/112 secondary
      bfd interval 999 min_rx 999 multiplier 3
    #exit

Static Route for Multihop BFD Configuration

The following is an example of static route multihop BFD configuration.

ip route static multihop bfd UP-5 209.165.200.240 209.165.200.245
    ip route static multihop bfd UP-6 209.165.200.240 209.165.200.246
    ip route static multihop bfd UP-9 209.165.200.240 209.165.200.247
    ip route static multihop bfd UP-10 209.165.200.240 209.165.200.248
    ip route static multihop bfd UP-7 209.165.200.240 209.165.200.249
    ip route static multihop bfd UP-8 209.165.200.240 209.165.200.250

Static Route for Singlehop BFD Configuration

The following is an example of static route singlehop BFD configuration.

ip route static bfd bgp-sw1-2161-3 209.165.200.230
    ip route static bfd bgp-sw1-2161-4 209.165.200.230
    ip route static bfd bgp-sw1-2161-5 209.165.200.230
    ip route static bfd bgp-sw1-2161-6 209.165.200.230
    ip route static bfd bgp-sw1-2161-7 209.165.200.230
    ip route static bfd bgp-sw1-2161-8 209.165.200.230
    ip route static bfd bgp-sw1-2161-9 209.165.200.230
    ip route static bfd bgp-sw1-2161-10 209.165.200.230
    ip route static bfd bgp-sw1-2161-11 209.165.200.230
    ip route static bfd bgp-sw1-2161-12 209.165.200.230

IPSec ACL Configuration

The following is an example IPSec ACL configuration in CP.

ip access-list UP-1
      permit udp host 209.165.200.225 host 209.165.200.226
    #exit

IPSec Transform Set Configuration

The following is an example of IPSec Transform Set configuration in CP.

ikev2-ikesa transform-set ikesa-UP-1
      encryption aes-cbc-256
      group 14
      hmac sha2-256-128
      lifetime 28800
      prf sha2-256

    ipsec transform-set A-UP-1
      encryption aes-cbc-256
      hmac sha2-256-128
      group 14

IPSec Crypto Map Configuration

The following is an example of IPSec Crypto Map configuration in CP.

crypto map UP-1 ikev2-ipv4
      match address UP-1
      authentication local pre-shared-key encrypted key secretkey
      authentication remote pre-shared-key encrypted key secretkey
      ikev2-ikesa max-retransmission 3
      ikev2-ikesa retransmission-timeout 1000
      ikev2-ikesa transform-set list ikesa-UP-1
      ikev2-ikesa rekey
      keepalive interval 4 timeout 1 num-retry 4
      control-dont-fragment clear-bit
      payload foo-sa0 match ipv4
        ipsec transform-set list A-UP-1
        lifetime 300
        rekey keepalive
      #exit
      peer 192.1.1.1
      ikev2-ikesa policy error-notification
    #exit

Sx Configuration

The following is an example of Sx configuration in CP.

sx-service SX-1
      instance-type controlplane
      sxa max-retransmissions 4
      sxa retransmission-timeout-ms 5000
      sxb max-retransmissions 4
      sxb retransmission-timeout-ms 5000
      sxab max-retransmissions 4
      sxab retransmission-timeout-ms 5000
      n4 max-retransmissions 4
      n4 retransmission-timeout-ms 5000
      sx-protocol heartbeat interval 10
      sx-protocol heartbeat retransmission-timeout 5
      sx-protocol heartbeat max-retransmissions 4
      sx-protocol compression
      sx-protocol supported-features load-control
      sx-protocol supported-features overload-control
    exit
end

Example Router Configurations

Static Routes for Interface

The following is an example configuration of static route for interface.

ip route 209.165.200.224/27 Vlan1111 209.165.200.225
ip route 209.165.200.224/27 Vlan1111 209.165.200.226
ip route 209.165.200.224/27 Vlan1111 209.165.200.227
ip route 209.165.200.224/27 Vlan1111 209.165.200.228
ip route 209.165.200.224/27 Vlan1111 209.165.200.229
ip route 209.165.200.224/27 Vlan1111 209.165.200.230
ip route 209.165.200.224/27 Vlan1111 209.165.200.231
ip route 209.165.200.224/27 Vlan1111 209.165.200.232
ip route 209.165.200.224/27 Vlan1111 209.165.200.233
ip route 209.165.200.224/27 Vlan1111 209.165.200.234

Static Routes for Singlehop BFD

The following is an example configuration of static route for singlehop BFD.

ip route static bfd Vlan1111 209.165.200.225
ip route static bfd Vlan1111 209.165.200.226
ip route static bfd Vlan1111 209.165.200.227
ip route static bfd Vlan1111 209.165.200.228
ip route static bfd Vlan1111 209.165.200.229
ip route static bfd Vlan1111 209.165.200.230
ip route static bfd Vlan1111 209.165.200.231
ip route static bfd Vlan1111 209.165.200.232
ip route static bfd Vlan1111 209.165.200.233
ip route static bfd Vlan1111 209.165.200.234

Interface for Singlehop BFD

The following is an example configuration of interface for singlehop BFD.

interface Vlan1111
  no shutdown
  bandwidth 10000000
  bfd interval 999 min_rx 999 multiplier 3
  no bfd echo
  ip address 209.165.200.224/27
  ipv6 address 1111:222::1/112

BGP Configuration

The following is an example of BGP configuration with recommended timers.

router bgp 1000
  router-id 209.165.200.226
  timers bgp 30 90
  timers bestpath-limit 300
  timers prefix-peer-timeout 30
  timers prefix-peer-wait 90
  graceful-restart
  graceful-restart restart-time 120
  graceful-restart stalepath-time 300

Example Configurations in UP

IPSec ACL Configuration

The following is an example of IPSec ACL configuration in UP.

ip access-list CP-1
      permit udp host 209.165.200.225 host 209.165.200.226
    #exit

IPSec Transform Set Configuration

The following is an example of IPSec Transform Set configuration in UP.

ipsec transform-set A-CP-1
      encryption aes-cbc-256
      hmac sha2-256-128
      group 14
    
    ikev2-ikesa transform-set ikesa-CP-1
      encryption aes-cbc-256
      group 14
      hmac sha2-256-128
      lifetime 28800
      prf sha2-256

IPSec Crypto Map Configuration

The following is an example of IPSec Crypto Map configuration in UP.

crypto map CP-1 ikev2-ipv4
      match address CP-1
      authentication local pre-shared-key encrypted key secretkey
      authentication remote pre-shared-key encrypted key secretkey
      ikev2-ikesa max-retransmission 3
      ikev2-ikesa retransmission-timeout 1000
      ikev2-ikesa transform-set list ikesa-CP-1
      ikev2-ikesa rekey
      keepalive interval 5 timeout 2 num-retry 4
      control-dont-fragment clear-bit
      payload foo-sa0 match ipv4
        ipsec transform-set list A-CP-1
      #exit
      peer 209.165.200.230
      ikev2-ikesa policy error-notification
    #exit

Sx Configuration

The following is an example of Sx configuration in UP.

sx-service SX-1
      instance-type userplane
      sxa max-retransmissions 4
      sxa retransmission-timeout-ms 5000
      sxb max-retransmissions 4
      sxb retransmission-timeout-ms 5000
      sxab max-retransmissions 4
      sxab retransmission-timeout-ms 5000
      n4 max-retransmissions 4
      n4 retransmission-timeout-ms 5000
      sx-protocol heartbeat interval 10
      sx-protocol heartbeat retransmission-timeout 5
      sx-protocol heartbeat max-retransmissions 4
      sx-protocol compression
    exit

Example SRP Configurations

IPSec ACL Configuration

The following is an example of IPSec ACL configuration for SRP.

ip access-list SRP
      permit tcp host 209.165.200.227 host 209.165.200.228
    #exit

SRP Configuration

The following is an example of SRP configuration.

configure
  context srp
    bfd-protocol
      bfd multihop-peer 209.165.200.225 interval 999 min_rx 999 multiplier 3
    #exit
configure
  context srp
    service-redundancy-protocol
      chassis-mode primary
      hello-interval 3
      dead-interval 15
      monitor bfd context srp 209.165.200.226 chassis-to-chassis
      monitor bgp context gi-pgw 209.165.200.245
      monitor bgp context gi-pgw 3333:888::1
      monitor bgp context saegw 209.165.200.245
      monitor bgp context saegw 3333:888::2
      peer-ip-address 209.165.200.227
      bind address 209.165.200.228
    #exit
    ip route static multihop bfd srp 209.165.200.229 209.165.200.245
    ip route 209.165.201.1 209.165.202.129 209.165.200.230 SRP-Physical-2102
    ip route 209.165.201.2 209.165.202.130 209.165.200.231 SRP-Physical-2102
    ip route 209.165.201.3 209.165.202.131 209.165.200.232 SRP-Physical-2102
    ip igmp profile default
    #exit
  #exit
end

Ultra Packet Core CUPS User Plane Administration Guide, Release 21.28

Bias-Free Language

Book Title

Ultra Packet Core CUPS User Plane Administration Guide, Release 21.28

Chapter Title