在GGSN應用「新呼叫策略拒絕」時DNS服務引數的最佳實踐
下載選項
已更新: 2017 年 4 月 21 日
文件 ID:210801
無偏見用語
本產品的文件集力求使用無偏見用語。針對本文件集的目的,無偏見係定義為未根據年齡、身心障礙、性別、種族身分、民族身分、性別傾向、社會經濟地位及交織性表示歧視的用語。由於本產品軟體使用者介面中硬式編碼的語言、根據 RFP 文件使用的語言,或引用第三方產品的語言,因此本文件中可能會出現例外狀況。深入瞭解思科如何使用包容性用語。
關於此翻譯
思科已使用電腦和人工技術翻譯本文件,讓全世界的使用者能夠以自己的語言理解支援內容。請注意,即使是最佳機器翻譯,也不如專業譯者翻譯的內容準確。Cisco Systems, Inc. 對這些翻譯的準確度概不負責,並建議一律查看原始英文文件(提供連結)。
簡介
本檔案介紹在充當閘道通用封包無線服務(GPRS)支援節點(GGSN)的思科聚合服務路由器(ASR)5x00系列上遇到的情況(新呼叫原則拒絕失敗),以及設計網域名稱系統(DNS)網路以避免服務中斷時需要記住的一些預防措施。
作者:Parthasarathy M和Anthony Fajri,思科TAC工程師。
問題:在GGSN應用新呼叫策略拒絕時的DNS服務引數配置
在GGSN軟體升級期間,為了避免服務對使用者的影響,在GGSN上應用新呼叫策略拒絕。預期服務GPRS支援節點(SGSN)應根據新的呼叫策略將流量傳送到下一個可用GGSN。
但是,某些情況下並非如此。newcall policy reject沒有按預期工作,升級過程時會看到服務降級。
解決方案
新呼叫策略拒絕如何工作?
在GGSN上應用新呼叫策略拒絕後;
[local]ASR5K_LAB# newcall policy ggsn-service all reject
GGSN拒絕新的傳入的建立資料包資料協定(PDP)上下文請求(CPC-R),而且CPC-R沒有可用資源,因此SGSN可以選擇下一個可用的GGSN,從而在升級維護視窗時將服務干擾降至最低。
新呼叫策略拒絕的實驗結果:
SGSN配置:
在本例中,newcall policy reject應用於GGSN1。當呼叫到達時,SGSN將CPC請求傳送到GGSN1,GGSN1又拒絕呼叫,然後SGSN將請求傳送到GGSN2。
監控訂戶跟蹤輸出:
===>GPRS Mobility/Session Management Message (2 Bytes) Protocol Discriminator : GMM message Message : Attach Complete INBOUND>>>>> 05:34:35:320 Eventid:88112(0) ===>GPRS Mobility/Session Management Message (34 Bytes) Protocol Discriminator : SM message Message : Activate PDP Context Request Requested NSAPI Requested LLC SAPI Requested Qos Length of Qos: 14 Requested PDP address Length : 2 Access Point Name Length: 10 <<<<OUTBOUND 05:34:35:323 Eventid:116004(3) GTPC Tx PDU, from 192.168.2.2:19002 to 192.168.2.1:2123 (110) TEID: 0x00000000, Message type: GTP_CREATE_PDP_CONTEXT_REQ_MSG (0x10) >>>>>>>>>> to GGSN1 Sequence Number:: 0x00CC (204) GTP HEADER FOLLOWS: Version number: 1 Protocol type: 1 (GTP C/U) Extended header flag: Not present Sequence number flag: Present NPDU number flag: Not present Message Type: 0x10 (GTP_CREATE_PDP_CONTEXT_REQ_MSG) Message Length: 0x0066 (102) Tunnel ID: 0x00000000 Sequence Number: 0x00CC (204) GTP HEADER ENDS. INFORMATION ELEMENTS FOLLOW: IMSI: 123450040000000 Recovery: 0x09 (9) Selection Mode: 0x0 (MS or network provided APN, subscribed verified (Subscribed)) Tunnel ID Data I: 0x8000C002 Tunnel ID Control I: 0x8000C002 NSAPI: 0x05 (5) END USER ADDRESS FOLLOWS: PDP Type Organisation: IETF PDP Type Number: IPv4 Address: Empty END USER ADDRESS ENDS. Access Point Name: sitt1.com GSN Address I: 0xC0A80202 (192.168.2.2) GSN Address II: 0xC0A80203 (192.168.2.3) MSISDN: 128612345678901 QOS Profile: 0x0223421F72967373440DFFFF00 COMMON FLAGS FOLLOW: Prohibit Payload Compression: no MBMS Service Type: Multicast Service RAN Procedures Ready: no MBMS Counting Information: no No QoS negotiation: no NRSN: yes Upgrade QoS Supported: no Dual Address Bearer Flag: no COMMON FLAGS END. Radio Access Technology: GERAN MS Time Zone: -4:00 Daylight Saving Time: +1 hour INFORMATION ELEMENTS END. INBOUND>>>>> 05:34:35:326 Eventid:116003(3) GTPC Rx PDU, from 192.168.2.1:2123 to 192.168.2.2:19002 (14) TEID: 0x8000C002, Message type: GTP_CREATE_PDP_CONTEXT_RES_MSG (0x11) Sequence Number:: 0x00CC (204) GTP HEADER FOLLOWS: Version number: 1 Protocol type: 1 (GTP C/U) Extended header flag: Not present Sequence number flag: Present NPDU number flag: Not present Message Type: 0x11 (GTP_CREATE_PDP_CONTEXT_RES_MSG) Message Length: 0x0006 (6) Tunnel ID: 0x8000C002 Sequence Number: 0x00CC (204) GTP HEADER ENDS. INFORMATION ELEMENTS FOLLOW: Cause: 0xC7 (GTP_NO_RESOURCES_AVAILABLE) INFORMATION ELEMENTS END. <<<<OUTBOUND 05:34:35:327 Eventid:116004(3) GTPC Tx PDU, from 192.168.2.2:19002 to 192.168.2.128:2123 (110) TEID: 0x00000000, Message type: GTP_CREATE_PDP_CONTEXT_REQ_MSG (0x10)>>>>>>>>>> GGSN2 Sequence Number:: 0x00CD (205) GTP HEADER FOLLOWS: Version number: 1 Protocol type: 1 (GTP C/U) Extended header flag: Not present Sequence number flag: Present NPDU number flag: Not present Message Type: 0x10 (GTP_CREATE_PDP_CONTEXT_REQ_MSG) Message Length: 0x0066 (102) Tunnel ID: 0x00000000 Sequence Number: 0x00CD (205) GTP HEADER ENDS. INFORMATION ELEMENTS FOLLOW: IMSI: 123450040000000 Recovery: 0x09 (9) Selection Mode: 0x0 (MS or network provided APN, subscribed verified (Subscribed)) Tunnel ID Data I: 0x8000C002 Tunnel ID Control I: 0x8000C002 NSAPI: 0x05 (5) END USER ADDRESS FOLLOWS: PDP Type Organisation: IETF PDP Type Number: IPv4 Address: Empty END USER ADDRESS ENDS. Access Point Name: sitt1.com GSN Address I: 0xC0A80202 (192.168.2.2) GSN Address II: 0xC0A80203 (192.168.2.3) MSISDN: 128612345678901 QOS Profile: 0x0223421F72967373440DFFFF00 COMMON FLAGS FOLLOW: Prohibit Payload Compression: no MBMS Service Type: Multicast Service RAN Procedures Ready: no MBMS Counting Information: no No QoS negotiation: no NRSN: yes Upgrade QoS Supported: no Dual Address Bearer Flag: no COMMON FLAGS END. Radio Access Technology: GERAN MS Time Zone: -4:00 Daylight Saving Time: +1 hour INFORMATION ELEMENTS END. INBOUND>>>>> 05:34:35:337 Eventid:116003(3) GTPC Rx PDU, from 192.168.2.128:2123 to 192.168.2.2:19002 (72) TEID: 0x8000C002, Message type: GTP_CREATE_PDP_CONTEXT_RES_MSG (0x11) Sequence Number:: 0x00CD (205) GTP HEADER FOLLOWS: Version number: 1 Protocol type: 1 (GTP C/U) Extended header flag: Not present Sequence number flag: Present NPDU number flag: Not present Message Type: 0x11 (GTP_CREATE_PDP_CONTEXT_RES_MSG) Message Length: 0x0040 (64) Tunnel ID: 0x8000C002 Sequence Number: 0x00CD (205) GTP HEADER ENDS. INFORMATION ELEMENTS FOLLOW: Cause: 0x80 (GTP_REQUEST_ACCEPTED) Reorder Required: 0x0 (Not present) Tunnel ID Data I: 0x0FFFFFF8 Tunnel ID Control I: 0x0FFFFFF8 Charging ID: 0x00000007 END USER ADDRESS FOLLOWS: PDP Type Organisation: IETF PDP Type Number: IPv4 IPv4 Address: 12.0.0.6 END USER ADDRESS ENDS. GSN Address I: 0xC0A80280 (192.168.2.128) GSN Address II: 0xC0A80280 (192.168.2.128) QOS Profile: 0x0222421F7296D1FE460D03FE004A4A INFORMATION ELEMENTS END.
SGSN如何選擇GGSN?
在apn-profile配置下,有一個命令apn-resolve-dns-query snaptr。
apn-resolve-dns-query snaptr [ epc-ue |非epc-ue ]
SNAPTR過濾器基於使用者裝置(UE)的EPC能力。 使用此命令為具有EPC訂閱的3G使用者啟用SNAPTR型別DNS查詢,以進行APN解析。此模式中的配置可提升每個APN對此功能的控制。
如果這兩個關鍵字都不包含在配置中,則S-NAPTR查詢適用於所有UE,包括支援EPC的UE和不支援EPC的UE。預設情況下,此功能未啟用。
這表示SGSN會以Name Authority Pointer(NAPTR)格式(sitt1.com.apn.epc.mnc090.mcc262.3gppnetwork.org)傳送DNS查詢以選擇GGSN。
如果NAPTR查詢失敗,則SGSN回退到查詢型別A(sitt1.mnc045.mcc123.gprs)以獲取GGSN IP地址。
實驗結果:
SGSN配置:
apn-profile default
apn-resolve-dns-query snaptr
監控通訊協定追蹤:
*** Verbosity Level ( 2) *** *** Verbosity Level ( 3) *** <<<<OUTBOUND 05:42:24:667 Eventid:5957(3) DNS PDU Tx from : 192.168.2.1 : 49351 to : 192.168.1.254 : 53 bytes : 76 Query ID : 6366 Type : Query Question : NAPTR ? sitt1.com.apn.epc.mnc045.mcc123.3gppnetwork.org. Additional : Name : . Ext-RCODE : 0 Type : OPT UDPsize : 4096 INBOUND>>>>> 05:42:24:750 Eventid:5956(3) DNS PDU Rx from : 192.168.1.254 : 53 to : 192.168.2.1 : 49351 bytes : 76 Query ID : 6366 Type : Response Authoritative Answer : No Response code : ServFail Question : NAPTR ? sitt1.com.apn.epc.mnc045.mcc123.3gppnetwork.org. Additional : Name : . Ext-RCODE : 0 Type : OPT UDPsize : 4096 <<<<OUTBOUND 05:42:24:752 Eventid:5957(3) DNS PDU Tx from : 192.168.2.1 : 51619 to : 192.168.1.254 : 53 bytes : 57 Query ID : 16777 Type : Query Question : A? sitt1.com.MNC045.MCC123.GPRS. Additional : Name : . Ext-RCODE : 0 Type : OPT UDPsize : 4096 INBOUND>>>>> 05:42:24:781 Eventid:5956(3) DNS PDU Rx from : 192.168.1.254 : 53 to : 192.168.2.1 : 51619 bytes : 57 Query ID : 16777 Type : Response Authoritative Answer : No Response code : Success Question : A? sitt1.com.MNC045.MCC123.GPRS. Additional : Name : . Ext-RCODE : 0 Type : OPT UDPsize : 4096
組態範例
如果使用以下服務引數配置DNS:
Flags: A Service: x-3gpp-pgw:x-s5-gtp:x-s8-gtp:x-gn:x-gp
當支援非演化分組核心(EPC)的UE嘗試連線時,根據DNS應答服務型別,SGSN決定回退到A查詢。
例如:
SGSN檢查DNS應答服務型別,如果找不到關鍵字x-3gpp-ggsn:x-gn和x-3gpp-ggsn:x-gp,則SGSN回退到A查詢型別。
Query Name: sitt1.com.apn.epc.mnc045.mcc123.3gppnetwork.org Answer: Order: 10 Preference: 10 Flags: A Service: x-3gpp-pgw:x-s5-gtp:x-s8-gtp:x-gn:x-gp Regular Expression: Replacement: TOPON.S5.GGSN1.NODES.EPC.MNC090.MCC262.3GPPNETWORK.ORG Query Name: sitt1.mnc045.mcc123.gprs Query Type: A TTL: 48993 seconds Answer: IP Address: 192.168.2.1
假設,如果您在DNS中只為A記錄配置一個GGSN IP地址,則SGSN無法重定向到下一個可用GGSN,因此會降低服務。
根據SGSN管理指南:
Gn SGSN支援並幫助為支援Evolved Packet Core(EPC)的UE選擇共置資料包資料網路(PDN)網關(P-GW)/GGSN節點,並對服務引數x-3gpp-pgw:x-gn / x-3gpp-pgw:x-gp的APN完全限定域名(FQDN)執行DNS直接NAPTR(SNAPTR)查詢。服務引數x-3gpp-ggsn:x-gn和x-3gpp-ggsn:x-gp 中的介面也用於選擇獨立GGSN。
因此,在設計DNS記錄時,可以包含服務引數,例如:
Flags: A Service: x-3gpp-pgw:x-s5-gtp:x-s8-gtp:x-gn:x-gp:x-3gpp-ggsn:x-gn:x-gp
之後,DNS開始為不支援EPC的UE返回多個網關(GW)地址。
Query Name: sitt1.com.apn.epc.mnc045.mcc123.3gppnetwork.org
Query Type: NAPTR TTL: 42755 seconds
Answer:
Order: 40 Preference: 40
Flags: A Service: x-3gpp-pgw:x-s5-gtp:x-s8-gtp:x-gn:x-gp:x-3gpp-ggsn:x-gn:x-gp
Regular Expression:
Replacement: TOPON.S5.GGSN03.NODES.EPC.mnc045.mcc123.3GPPNETWORK.ORG
Query Name: sitt1.com.apn.epc.mnc045.mcc123.3gppnetwork.org
Query Type: NAPTR TTL: 42755 seconds
Answer:
Order: 10 Preference: 10
Flags: A Service: x-3gpp-pgw:x-s5-gtp:x-s8-gtp:x-gn:x-gp:x-3gpp-ggsn:x-gn:x-gp
Regular Expression:
Replacement: TOPON.S5.GGSN02.NODES.EPC.mnc045.mcc123.3GPPNETWORK.ORG
Query Name: sitt1.com.apn.epc.mnc045.mcc123.3gppnetwork.org
Query Type: NAPTR TTL: 42755 seconds
Answer:
Order: 20 Preference: 20
Flags: A Service: x-3gpp-pgw:x-s5-gtp:x-s8-gtp:x-gn:x-gp:x-3gpp-ggsn:x-gn:x-gp
Regular Expression:
Replacement: TOPON.S5.GGSN05.NODES.EPC.mnc045.mcc123.3GPPNETWORK.ORG
Query Name: sitt1.com.apn.epc.mnc045.mcc123.3gppnetwork.org
Query Type: NAPTR TTL: 42755 seconds
Answer:
Order: 30 Preference: 30
Flags: A Service: x-3gpp-pgw:x-s5-gtp:x-s8-gtp:x-gn:x-gp:x-3gpp-ggsn:x-gn:x-gp
Regular Expression:
Replacement: TOPON.S5.GGSN04.NODES.EPC.mnc045.mcc123.3GPPNETWORK.ORG
Query Name: TOPON.S5.GGSN04.NODES.EPC.mnc045.mcc123.3GPPNETWORK.ORG
Query Type: NAPTR TTL: 48993 seconds
Answer:
IP Address: 192.168.2.22
Query Name: TOPON.S5.GGSN03.NODES.EPC.mnc045.mcc123.3GPPNETWORK.ORG
Query Type: NAPTR TTL: 48993 seconds
Answer:
IP Address: 192.168.2.18
Query Name: TOPON.S5.GGSN05.NODES.EPC.mnc045.mcc123.3GPPNETWORK.ORG
Query Type: NAPTR TTL: 48993 seconds
Answer:
IP Address: 192.168.2.23
Query Name: TOPON.S5.GGSN02.NODES.EPC.mnc045.mcc123.3GPPNETWORK.ORG
Query Type: NAPTR TTL: 48993 seconds
Answer:
IP Address: 192.168.2.21
總而言之,請確保您的DNS配置如x-3gpp-pgw:x-s5-gtp:x-s8-gtp:x-gn:x-gp:x-3gpp-ggsn:x-gn:x-gp,以避免當您擁有多個GGSN來支援地域冗餘時,出現服務干擾。
意見