cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

726
Views
35
Helpful
15
Replies
Highlighted
Community Manager

Ask the Expert: 3GPP Mobility with Gilles Dufour

Layer 2 Security on Cisco Catalyst PlatformsWith Gilles Dufour

Monday, January 19th, 2015 to Friday, January 30th, 2015

Welcome to the Cisco Support Community Ask the Expert conversation.  This  is an opportunity to learn and ask questions about how to configure and troubleshoot Cisco 3GPP Mobility solutions, specifically the Cisco ASR 5000 with expert Gilles Dufour. 

The Cisco ASR 5000 Series combines massive performance and scale with flexibility, virtualization, and intelligence, so network resources are available exactly when they are needed. The series was developed to address the anticipated increase in performance requirements that the next generation of the mobile Internet will bring. Join expert Gilles Dufour as he answers your questions about configuring and troubleshooting the Cisco ASR 5000 Series.  

Gilles Dufour is a technical leader in the Mobility Business Unit. Before joining the Mobility group, Gilles was part of the data center team in charge of all Cisco load balancers (CSM, CSS, ACE). Gilles has more than 15 years of experience inside Cisco. During his career, Gilles achieved his CCIE in routing and switching (1998) and security (2002) (CCIE 3878).

** Remember to use the rating system to let Gilles know if you've received an adequate response. **

Because of the volume expected during this event, Gilles might not be able to answer every question. Remember that you can continue the conversation in the Wireless - Mobility community, subcommunity, Security and Network Management, shortly after the event. This event lasts through January 30, 2015. Visit this forum often to view responses to your questions and those of other Cisco Support Community members.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Beginner

How do we configure logical

How do we configure logical apn in ASR5K and filter the msisdn to the right logical apn? Thanks.

Beginner

actually i am trying to make

actually i am trying to make an apn for testing some policy enforcement. And i want to make the apn consist of some logical apn. And if i use a particular msisdn number, the apn will redirect my number to a particular logical apn.

15 REPLIES 15
Beginner

How do we configure logical

How do we configure logical apn in ASR5K and filter the msisdn to the right logical apn? Thanks.

Cisco Employee

Could you give more details

I believe you are talking about virtual-apn

 

http://www.cisco.com/c/dam/en/us/td/docs/wireless/asr_5000/12_2/OL-25637_GGSN_Admin1.pdf

 

Virtual APNs are references (or links) to alternative APNs to be used for PDP context processing based on properties of
the context. Use the following example to configure the virtual APNs.
configure
context <dst_ctxt_name>
apn <apn_name>
virtual-apn preference <priority> apn <apn_name> { access-gw-address <IP_addr |
IP_addr/mask> | bearer-access-service <bearer_access_svc_name> | cc-profile
<cc_profile_index> | domain <domain_name> | mcc <mcc_number> mnc <mnc_number> | msisdn-range from <start_range> to <end_range> | rat-type { eutran | gan | geran | hspa | utran | wlan } | roaming-mode { home | visiting | roaming }
end
Notes:
 Up to 1023 references can be configured per APN. Additional information about “virtual” APNs and their
operation can be found in the Command Line Interface Reference

 

So a sample config would look like this :

 

    apn ggsn3drivetest
      pdp-type ipv4 ipv6
      selection-mode subscribed sent-by-ms chosen-by-sgsn
      virtual-apn gcdr apn-name-to-be-included Gn
      virtual-apn preference 100 apn ggsn3drivetest-voice msisdn-range from xxxx0102901 to xxxx0102901
      virtual-apn preference 200 apn ggsn3drivetest-voice cc-profile 1
      virtual-apn preference 900 apn ggsn3drivetest-pub
    exit
    apn ggsn3drivetest-pub
      pdp-type ipv4 ipv6
      bearer-control-mode mixed
      accounting-mode none
      gtpp group pgwtest accounting-context ga 
      apn-ambr rate-limit direction downlink burst-size auto-readjust duration  1 violate-action drop 
      apn-ambr rate-limit direction uplink burst-size auto-readjust duration  1 violate-action drop 
      ims-auth-service activesdby-lte
      aaa group radius-dpi
      dns primary x.x.x.x
      dns secondary x.x.x.x
      timeout idle 11400
      ip access-group ecs in
      ip access-group ecs out
      ip source-violation check drop-limit 0 
      mediation-device context-name gi
      ip context-name gi
      ip address pool name pub
      qos rate-limit direction downlink burst-size auto-readjust exceed-action drop      
      qos rate-limit direction uplink burst-size auto-readjust exceed-action drop      
      credit-control-group ocs-dr-test
      active-charging rulebase bypass

    apn ggsn3drivetest-voice
      pdp-type ipv4 ipv6
      bearer-control-mode mixed
      accounting-mode none
      gtpp group pgwtest accounting-context ga 
      apn-ambr rate-limit direction downlink burst-size auto-readjust duration  1 violate-action drop 
      apn-ambr rate-limit direction uplink burst-size auto-readjust duration  1 violate-action drop 
      ims-auth-service activesdby-lte
      aaa group radius-dpi
      dns primary x.x.x.x
      dns secondary x.x.x.x
      timeout idle 11400
      ip access-group ecs in
      ip access-group ecs out
      ip source-violation check drop-limit 0 
      mediation-device context-name gi
      ip context-name gi
      ip address pool name priv
      qos rate-limit direction downlink burst-size auto-readjust exceed-action drop      
      qos rate-limit direction uplink burst-size auto-readjust exceed-action drop      
      credit-control-group ocs-dr-test
      active-charging rulebase bypass
      fw-and-nat policy TESTNAT44

...

Gilles.

Beginner

actually i am trying to make

actually i am trying to make an apn for testing some policy enforcement. And i want to make the apn consist of some logical apn. And if i use a particular msisdn number, the apn will redirect my number to a particular logical apn.

Beginner

Hello, is there any answer

Hello, is there any answer for my question?
Beginner

Thanks for answering my

Thanks for answering my previous question. anyway, when integrating ASR 5000 to gx and gy interface, i always see so many retransmission in diameter connection between ASR5000 and PCRF (Gx) and OCS (Gy). Why does it happen?
Cisco Employee

Did you capture sniffer trace

Did you capture sniffer trace to check if there is any packet drops on the network ?

Are you using TCP or SCTP ?

Multimode or single mode ?

 

There could be many reasons for retransmit.

 

Thanks.

 

Gilles.

Beginner

For Gx and Gy, i believe that

For Gx and Gy, i believe that TCP is commonly used. I captured it but the the trace is in my hard disk and my hard disk was broken. Anyway, i use multimode cable because the GGSN is connected to the router in the same room. What i mean is that there are so many packets in Gx interface for each PDP context creation/update/deletion for each UE. Is it because of the diameter server couldnt handle the transaction load of GGSN request?
Cisco Employee

diameter for Gx and Gy can be

diameter for Gx and Gy can be very chatty.  So indeed you need a robust server to handle all the traffic.

My question regarding multimode and single mode is regarding the diameter-proxy function.

Forgot to also ask you if you use the diamter-proxy option.

Basically, you could have every sessmgr communicating with the PCRF or have 1 (single mode) diameter-proxy receiving all the requests from the sessmgr and sending them to the server or have 1 diameter proxy per PSC/DPC card (multimode).

Diameter-proxy in multimode is what I would recommend.  It will be easier I believe for the server to handle a few connections than to manage traffic from all sessmgr.

Not sure what configuration you have in place.

Beginner

I wonder why dont we just use

I wonder why dont we just use direct connection for diameter gx n gy instead of having DRA in the middle. Ghiffari
Cisco Employee

You can use direct connection

You can use direct connection if you want. DRA are not mandatory.

However they offer some functionalities which could be useful in big network like load balancing.

 

Gilles.

Beginner

Another question. If ASR5K

Another question. If ASR5K tries to enforce policy by limiting the bandwidth or guarantee QoS, will it mark DSCP to user plane after decapsulating the GTP-U plane? And how is E2E QoS implemented in the system, is it by policing the traffic in IP header or in GTP header? Thanks, Ghiffari
Cisco Employee

policing and marking are done

policing and marking are done separately.

If you need to mark your traffic, you can do it in many different ways.

For example under apn configuration

 

    apn internet
      ip qos-dscp qci 1 be qci 2 be qci 3 be qci 4 be qci 5 be qci 6 be qci 7 be qci 8 be

 

or in a qci-qos map

 

  qci-qos-mapping pgw-qos-mapping
    qci 1 uplink user-datagram dscp-marking 0x2e encaps-header dscp-marking 0x2e downlink user-datagram dscp-marking 0x2e encaps-header dscp-marking 0x2e 
    qci 2 uplink user-datagram dscp-marking 0x22 encaps-header dscp-marking 0x22 downlink user-datagram dscp-marking 0x22 encaps-header dscp-marking 0x22 
    qci 3 uplink user-datagram dscp-marking 0x22 encaps-header dscp-marking 0x22 downlink user-datagram dscp-marking 0x22 encaps-header dscp-marking 0x22 
    qci 4 uplink user-datagram dscp-marking 0x22 encaps-header dscp-marking 0x22 downlink user-datagram dscp-marking 0x22 encaps-header dscp-marking 0x22 
    qci 5 uplink user-datagram dscp-marking 0x2e encaps-header dscp-marking 0x2e downlink user-datagram dscp-marking 0x2e encaps-header dscp-marking 0x2e 
    qci 6 uplink user-datagram dscp-marking 0x00 encaps-header dscp-marking 0x00 downlink user-datagram dscp-marking 0x00 encaps-header dscp-marking 0x00 
    qci 7 uplink user-datagram dscp-marking 0x00 encaps-header dscp-marking 0x00 downlink user-datagram dscp-marking 0x00 encaps-header dscp-marking 0x00 
    qci 9 uplink user-datagram dscp-marking 0x00 encaps-header dscp-marking 0x00 downlink user-datagram dscp-marking 0x00 encaps-header dscp-marking 0x00

 

and you link it to a pgw or sgw service

 

    pgw-service pgw-svc
      associate qci-qos-mapping pgw-qos-mapping
 

The encaps-header cab also be set to copy-inner. In this case you have the same DSCP for GTPU than the packet contains in GTPU. So this is one way to do E2E QOS.

 

Gilles.

 

Beginner

I think DSCP in IP header is

I think DSCP in IP header is same for all GTP packets going to certain interfaces such as Gn, S5, S8, or S1-U. For example, you got high priority for Gn traffic passing through routers with certain bandwidth. But inside the guaranteed QoS in the interface you have such kind of rules such as admission control and traffic control.

 

Anyway, how can i trigger the QoS to be enforced for the packet? i mean what is the configuration?

 

 

Ghiffari

Cisco Employee

The config is what I sent you

The config is what I sent you for pgw.

qci-qos-mapping allows you to set the user dscp (inner header) and encaps header dscp (outer header).

 

Or 

 

 ip qos-dscp qci 1 be qci 2 be qci 3 be qci 4 be qci 5 be qci 6 be qci 7 be qci 8 be

 

Under apn or ggsn-service or sgsn-service.

 

You can also use a dscp template

http://www.cisco.com/c/dam/en/us/td/docs/wireless/asr_5000/14_0/OL-27223_SGSN_Admin.pdf

 

The following configuration procedure is used to configure DSCP value for 3GPP QoS class downlink data
packets:
config
 context <context_name>
 sgsn-global
 dscp-template<template_name>
 data-packet { background | conversationa | interactive {
priority1 | priority2 | priority3 } | streaming } qos-dscp { af11 | af12 |
af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be |
cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef }
 exit

 

 

Gilles.

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards