Академический Документы
Профессиональный Документы
Культура Документы
1.2 Terminology
APN GGSN GGSN-C GGSN-U GTP PDP SGSN Access Point Name Gateway GPRS Support Node GGSN Control PIC GGSN User(data) PIC GPRS Tunneling Protocol Packet Data Protocol Serving GPRS Support Node
2.1 Hardware
The Juniper GGSN hardware is based upon the J20 chassis, and GGSN PICs (called GGSN-C and GGSN-U PICs). These are explained below.
2.2 1. J20
The J20 is an M20 chassis with a Force RE(new routing engine) and GGSN PICs. Initially, the J20 will go to market with three different packages. All packages will include
J20 GGSN Configuration November 30, 2001 1
the chassis, redundant REs, SSBs and power supplies, the main difference is in the number of service PICs installed. Typically, the GGSN-C PICs will support up to 150K PDP contexts, and the GGSN-U PIC can support about 50Kpps per PIC. For the service PICs, consider one of the GGSN-C PICs to be the "master"(which doesn't handle any PDP contexts), and an additional GGSN-C as a backup. The GGSN-U PICs will all be operational with these configurations. The customers who order these boxes must also purchase the PICs which will connect to their networks(aka: FE, GE, etc). Pkg 1-Low usage: J20 Chassis Redundant Force REs, SSBs, Power Supplies 3 GGSN-C PICs (allows 150K PDP contexts) 3 GGSN-U PICs (allows 150Kpps) Pkg 2-Med usage: J20 Chassis Redundant Force REs, SSBs, Power Supplies 5 GGSN-C PICs (allows 450K PDP contexts) 5 GGSN-U PICs (allows 250Kpps) Pkg 3-High usage: J20 Chassis Redundant Force REs, SSBs, Power Supplies 5 GGSN-C PICs (allows 450K PDP contexts) 7 GGSN-U PICs (allows 350Kpps)
serve as in-box backups. The GGSN-C master is called the Node Controller, while the GGSN-C slave is called the Session Controller. 2.3.1 Load Balancing and Redundancy The GGSN-C Node Controller is responsible for load balancing GTP tunnels to the GTPC Session Controllers. The Node Controller will receive all primary PDP context messages and distribute them to the least loaded Session Controller. After this, the Session Controller is responsible for all control messages for the mobile station. The Node Controller does not actively handle any mobile stations, the purpose of the master is for loadbalancing. Keepalives are be sent every 100ms-500ms between the Session Controllers to indicate the module is active. These keepalives also contain loading information, which is how the Node Controller keeps track of loading of the Session Controller PICs. There are two types of redundancy with the GGSN-C PICs No spare redundancy(type 0): All Session Controllers are operating at maximum capacity. When the Node Controller or a Session Controller fails, a loss of capacity will occur due to the fact that we will be operating with one less PIC. N+1 Redundancy(type 1): This includes one "spare" GGSN-C PIC which can take on the role of either Node or Session Controller during a failure. Since there is a dedicated spare, there is no loss of capacity. 2.3.2 GGSN-C Node Controller election process. At startup, all GGSN-C PICs startup in supervision mode with an assigned "internal" IP address. In this phase, the GGSN-C receives the following GGSN configuration information: Maximum GGSN-C redundancy level for the node(type 0 or 1) Address range for the external IP addresses for communication towards the SGSN (including master/main IP address for GGSN Address range for the internal IP address Maximum number of active GGSN-C (implicit node capacity) Slave Radius/DHCP proxy IP address Heartbeat and master election parameters. The master election takes place at start up and a Node Controller failure. The election starts with the detection of the M-bit in initialization messages sent between GGSN-C PICs. If this bit is not seen, then there is no master. The least loaded GGSN-C which has the required Node Controller hardware version elects to be the master and sends the load information message with the PM(Proposed Master) bit set. All other active GGSN-C will accept or reject this proposition
J20 GGSN Configuration November 30, 2001 3
If all active GGSN-C accept the PM, then the election is over and the new Node Controller takes over the external IP address and starts up the Node Controller application.
The GGSN-U PIC runs an embedded micro kernel and will receive most of it's direction from the GGSN-C PICs. 2.4.1 Redundancy and Load balancing The GGSN-C Node Controller distributes PDP payloads across the GGSN-U service PICs by the use of "dynamic slicing". Dynamic slicing uses an internal algorithm for breaking large IP address ranges into smaller slices. The Node Controller then directs traffic for these slices into the least loaded GGSN-U PIC. NOTE: The Node Controller learns the loading information as the GGSN-U periodically sends internal broadcast keepalives to the Node Controller containing the number of PDP contexts. Because Node Controller distributes the load, if a GGSN-U PIC goes down, Node Controller can just redistribute those PDP contexts elsewhere. If "minimum number of GGSN-U PICs" is configured, and the number of GGSN-U PICs in the J20 is greater than the configured number, then the extra PICs will be used as in box spares coming online as needed. If an outage does occur, the Node Controller redirects traffic using the following process: 1) Node Controller assigns spare GGSN-U with failed external IP address 2) Node Controller notifies Session Controller to update the GGSN-U spare 3) Session Controller sends PDP context data to the GGSN-U spare 4) Node Controller updates the RE with routing information of the spare GTP-U
These daemons communicate with the service PICs using an internal routing instance called __juniper_private1__. This algorithm is used when assigning IP addresses to the PICs to ensure each IP address is unique within the __juniper_private1__ VPN. The IP address algorithm is below: RE address = 10.0.0.1 GGSN-C or GGSN-U PIC address = 10.0.0.x where:
x = 16 * (1 + FPC-slot) + PIC-slot Example: gc-0/0/0 = 10.0.0.16 gc-0/1/0 = 10.0.0.17
2.6.4 IRSD - Internal Routing Service Daemon Facilitates the communication of the kernel and applications on GGSN PICs with the kernel and applications on the other GGSN PICs and the RE on the same box. IRSD runs from /usr/sbin and logs to the RE on /var/log. IRSD is started automatically with the GGSN code and has no configuration syntax. In addition: IRSD uses the internal VPN for communication All nodes (RE, Service PICs) are members of the internal VPN IRSD is responsible for setup of each node IRSD creates logical interfaces and routes for each node When a node is removed, interfaces and routes are removed from internal VPN 2.6.5 IRSD Server(GGIFD) : Daemon on RE(server) which allows applications running on GGSN PICs to discover changes in hardware state and the application state of peer GGSN pics. IRSD Server is located in /usr/sbin on the RE and logs to /var/log. IRSD server uses the same hardware state detection process employed by IRSD. IRSD server starts as part of IRSD daemon via init and listens to TCP port 6222 on the internal routing instance.
Sends RTSPD resync messages with type of message it is interested in(eg: IFL message or IFF message). 2.7.2 PCD - PIC Control Daemon PCD provides basic UI support to diagnostic users that can be accessed via CLI and JUNOScript. PCD has no configuration and is run from /usr/sbin on the PIC. NOTE: All PCD commands are hidden and used for diagnosing problems on the GGSN PICs. 2.7.3 PWC - PIC Process Watcher PWC functionality was included in controld/pcd earlier, but was separated due to some usage issues. PWC can be used to watch both PCD and GTPCD daemons. If either of the daemons running under PWC do not write to stdout for some period of time, the process will be sent a SIGABRT, then a SIGKILL. The PWC command line has three arguments followed by the daemon(eg: PCD)command line. startup wait - time allowed for daemon startup (in ms) run wait - time allowed between writes to stdout (in ms) kill wait - time allowed to shutdown following a SIGABRT (in ms) A command for PWC may be: command "/usr/sbin/pwc 5000 2000 2000 /usr/sbin/gtpcd -N";
address 172.10.3.1/24; } family mpls; } unit 2 { tunnel { source 172.10.2.1; destination 172.10.2.2; routing-instance { destination vrfgi2; } } family inet { address 172.10.4.1/24; } family mpls; } } ip-0/1/0 { unit 1 { tunnel { source 172.10.1.1; destination 172.10.1.2; routing-instance { destination vrfgi1; } } family inet { address 172.10.5.1/24; } family mpls; } unit 2 { tunnel { source 172.10.2.1; destination 172.10.2.2; routing-instance { destination vrfgi2; } } family inet {
J20 GGSN Configuration November 30, 2001 10
address 172.10.6.1/24; } family mpls; } } fe-0/2/0 { unit 0 { family inet { address 172.7.173.1/24; } family mpls; } } fe-0/2/1 { unit 0 { family inet { address 172.8.174.1/24; } family mpls; } } at-0/3/0 { atm-options { vpi 0 maximum-vcs 100; } unit 41 { point-to-point; vci 0.41; family inet { address 172.10.7.1/24; } family mpls; } unit 42 { point-to-point; vci 0.42; family inet { address 172.10.8.1/24; } family mpls; }
J20 GGSN Configuration November 30, 2001 11
Below is the interface designation for the GGSN Service PICs. The GGSN-C PIC names take the form of gc-x/y/c, and the GGSN-U PICs take the form of gu-x/y/z. The bootstring is necessary today, but this will not be needed at some point in the future.
gc-1/0/0 { ggsn-options { boot-string ggsnc.jbf; } } gc-1/1/0 { ggsn-options { boot-string ggsnc.jbf; } } gu-1/2/0 { ggsn-options { boot-string ggsnu.jbf; } } fxp0 { unit 0 { family inet { address 192.168.14.42/24; } } } lo0 { unit 0 { family inet { address 10.255.14.42/32; address 127.0.0.1/32; } } } } routing-options { static { route 0.0.0.0/0 { discard; retain;
12
no-readvertise; } route 172.17.0.0/16 { next-hop 192.168.14.254; retain; no-readvertise; } route 192.168.0.0/21 { next-hop 192.168.14.254; retain; no-readvertise; } route 10.255.0.0/16 next-hop 192.168.14.254; route 172.7.250.0/24 next-hop 172.7.173.2; route 172.7.251.0/24 next-hop 172.8.174.2; } }
MPLS is required for interfaces which are included in an instance-type vrf. This is the quick method of turning MPLS on for these interfaces, instead of listing each interface individually.
protocols { mpls { interface all; } }
Both of the policies defined below are referenced within the configured routing-instances.
policy-options { policy-statement dummy { then reject; } policy-statement from-static { term 1 { from protocol static; then { metric 20; external { type 1; } accept; }
J20 GGSN Configuration November 30, 2001 13
} } }
The next several configuration blocks are for the VRF instances on the Gi interface. The examples below show overlapping AS space as well as multiple OSPF Area 0.0.0.0 areas. Also note that the vrf-import and vrf-export policies dummy are included. The policy dummy just makes sure that if there was a PE-PE BGP session configured in the global BGP area above, no routes would be announced to or from this particular VRF.
routing-instances { vrfgi1 { instance-type vrf; interface ge-0/0/0.1; route-distinguisher 1:1; vrf-import dummy; vrf-export dummy; routing-options { static { route 172.7.183.0/24 next-hop 172.10.1.2; } } } vrfgi2 { instance-type vrf; interface ge-0/0/0.2; route-distinguisher 1:2; vrf-import dummy; vrf-export dummy; protocols { ospf { export from-static; area 0.0.0.0 { interface ge-0/0/0.2; } } } } vrfgi3 { instance-type vrf; interface gr-0/1/0.1; route-distinguisher 1:3; vrf-import dummy;
J20 GGSN Configuration November 30, 2001 14
vrf-export dummy; protocols { bgp { export from-static; local-as 65001; group g1 { type external; peer-as 65002; neighbor 172.10.3.2; } } } } vrfgi4 { instance-type vrf; interface gr-0/1/0.2; route-distinguisher 1:4; vrf-import dummy; vrf-export dummy; protocols { ospf { export from-static; area 0.0.0.0 { interface gr-0/1/0.2; } } } } vrfgi5 { instance-type vrf; interface ip-0/1/0.1; route-distinguisher 1:5; vrf-import dummy; vrf-export dummy; protocols { bgp { local-as 65001; group g1 { type external; peer-as 65002; neighbor 172.10.5.2 {
J20 GGSN Configuration November 30, 2001 15
export from-static; } } } } } vrfgi6 { instance-type vrf; interface ip-0/1/0.2; route-distinguisher 1:6; vrf-import dummy; vrf-export dummy; protocols { ospf { export from-static; area 0.0.0.0 { interface ip-0/1/0.2; } } } } vrfgi7 { instance-type vrf; interface at-0/3/0.41; route-distinguisher 1:7; vrf-import dummy; vrf-export dummy; protocols { bgp { local-as 65001; group g1 { type external; peer-as 65002; neighbor 172.10.7.2 { export from-static; } } } } } vrfgi8 {
J20 GGSN Configuration November 30, 2001 16
instance-type vrf; interface at-0/3/0.42; route-distinguisher 1:8; vrf-import dummy; vrf-export dummy; protocols { ospf { export from-static; area 0.0.0.0 { interface at-0/3/0.42; } } } } }
Most of the configuration above was mainly regular JUNOS configuration. The services section of the configuration is where the GGSN information is configured. This configuration allows the creation of new PDP contexts with the creation unblocked line. If maintenance were going to occur on the router in a few hours, this may be changed to creation blocked to stop new PDP contexts from being created, while letting existing PDP contexts expire naturally. The configuration also limits the maximum number of PDP contexts for 450,000, while reserving 10% of these for secondary PDP contexts. The gomrouting-instance configuration is mandatory, and will be used for O&M functions in the future, but is not in use at this time. Also, if a PDP context is idle for 30 minutes(denoted by idle-timeout 30) , then the PDP context will be deleted due to the idle-supervision flag being turned on.
services { ggsn { gom-routing-instance inet.0; pdp-context { idle-supervision; idle-timeout 30; node { creation unblocked; limit 450000; secondary-ratio 10; } }
The configuration of the GGSN-C PICs in the system is next. Again, the gom-addressrange is a requirement, but not used, while the gn-address-range is used for the dynamic assignment of addresses for the Gn interface of the GGSN-C PICs. The GGSN-C PICs
J20 GGSN Configuration November 30, 2001 17
are configured without redundancy with arrangement no-spare , so one GGSN-C PIC will be elected the master, and the rest of the PICs will be acting as slaves. If arrangement spare were configured, then at least one GGSN-C PIC would be reserved as a spare assuming we had more than 2 GGSN-U PICs in the router. The configuration minimumpic 2 determines at what level redundancy occurs with respect to the number of PICs in the router. If minimum-pic was set to 5, arrangement spare was configured, and we had 7 total GGSN-C PICs, the breakdown of PICs would be: 1 GTP-C/m, 4 GTP-C/s, and two backup GGSN-C PICs which could function as either GTP-C/m or GTP-C/s.
ggsnc { gn-address-range 172.7.200.1/24; gom-address-range 172.7.200.1/24; redundancy { arrangement no-spare; minimum-pic 2; } }
The configuration options are the same for the GGSN-U PIC as they with the GGSN-C PIC
ggsnu { gn-address-range 172.7.201.1/24; gom-address-range 172.7.201.1/24; redundancy { arrangement no-spare; minimum-pic 2; } }
The GTP protocol block is next. This set of configuration statements define the protocol settings between the SGSN and GGSN. The GTP tunnels are setup with a diffserv class of be and use inet.0 is the routing instance. n3-requests sets the maximum number of attempts to send a request message to 3, and t3-response time sets the maximum wait for a response to a message.
gtp { keepalive-interval 60; t3-response-time 5; n3-requests 3; diffserv be; no-path-management; gn-routing-instance inet.0; version-list [ 97 98 99 ]; }
18
The election and heartbeat values below are required for gtpcd at this moment. In a future release, we will no longer need these two configuration blocks.
election { interval 100; timeout 1000; } heartbeat { interval 200; timeout 800; damping 1000; threshold 200; }
Charging consists of Call Data Records(CDRs) which are compiled from usage information sent from the GGSN-U PICs, to the GGSN-C Session Controller PICs. The Routing Engine will then pull the CDRs from the Session Controller PICs and store the data on the local hard drive to be archived at a remote host in the future. In the configuration below, the user may require the charging function to have a separate node name from the hostname of the router, so the node name should be specified here. The transfer-type is via ftp is where the CDRs are queued on the RE, then the billing gateway will pull the files down. The format is based upon the R99 spec. The characteristics section details GGSN-C PIC behavior. call-detail is a default parameter which just tells the GGSN-C PIC to generate records. The time limit is the amount of time which call detail buffering should occur on the C-PIC before the records are uploaded to the RE.
charging { node genesis; transfer-type ftp-pull; charging-format 99; characteristics { default-characteristics { time-limit 1000; call-detail; change-limit 5; } } }
APN configuration is listed below. All of the APNs listed below are configured for accesstype public . This means the APN is working in transparent mode. The transparent mode of an APN is one where the GGSN is providing basic internet service to the mobile station. If the access-type were configured as restricted, then the APN would be in non-transparent mode and would forward link requests to a private server on an intranet perhaps.
J20 GGSN Configuration November 30, 2001 19
Each of the APNs below are also configured to use a particular VRF(routing-instance) for their forwarding table. The PDP contexts are configured for the APN to accept new PDP context attempts, and the IP address of the mobile station is statically defined by the mobile provider. The gi-address-range statement configures the Gi side IP addresses for the Session Control PICs
apn { apn1.com { access-type public; routing-instance vrfgi1.inet.0; gi-address-range 172.7.1.0/24; pdp-context { creation unblocked; address-allocation static; } addressing { 10.1.0.0/16 allocation-prefix 16; } } apn2.com { access-type public; routing-instance vrfgi2.inet.0; gi-address-range 172.7.2.0/24; pdp-context { creation unblocked; address-allocation static; } addressing { 10.1.0.0/16 allocation-prefix 16; } } apn0.com { access-type public; routing-instance inet.0; gi-address-range 172.7.220.0/24; pdp-context { creation unblocked; address-allocation static; } addressing { 10.1.0.0/16; }
20
} apn3.com { access-type public; routing-instance vrfgi3.inet.0; gi-address-range 172.7.3.0/24; pdp-context { creation unblocked; address-allocation static; } addressing { 10.1.0.0/16 allocation-prefix 16; } } apn4.com { access-type public; routing-instance vrfgi4.inet.0; gi-address-range 172.7.4.0/24; pdp-context { creation unblocked; address-allocation static; } addressing { 10.1.0.0/16 allocation-prefix 16; } } apn5.com { access-type public; routing-instance vrfgi5.inet.0; gi-address-range 172.7.5.0/24; pdp-context { creation unblocked; address-allocation static; } addressing { 10.1.0.0/16 allocation-prefix 16; } } apn6.com { access-type public; routing-instance vrfgi6.inet.0; gi-address-range 172.7.6.0/24;
J20 GGSN Configuration November 30, 2001 21
pdp-context { creation unblocked; address-allocation static; } addressing { 10.1.0.0/16 allocation-prefix 16; } } apn7.com { access-type public; routing-instance vrfgi7.inet.0; gi-address-range 172.7.7.0/24; pdp-context { creation unblocked; address-allocation static; } addressing { 10.1.0.0/16 allocation-prefix 16; } } apn8.com { access-type public; routing-instance vrfgi8.inet.0; gi-address-range 172.7.8.0/24; pdp-context { creation unblocked; address-allocation static; } addressing { 10.1.0.0/16 allocation-prefix 16; } } } }
22
This is the __juniper_private1__ vrf. This is the internal VPN used for internal communication between the RE and GGSN Service PICs. Note: If problems are occurring on the GGSN node, make sure all GGSN PIC routes and the RE route are listed within this VRF.
__juniper_private1__.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.0.0.1/32 10.0.0.32/32 10.0.0.33/32 10.0.0.34/32 10.0.0.48/32 10.0.0.49/32 10.0.0.50/32 *[Local/0] 2d 08:07:34 Local *[Direct/0] 2d 05:37:02 *[Direct/0] 2d 05:36:54 *[Direct/0] 1d 07:57:20 *[Direct/0] 2d 05:36:47 *[Direct/0] 1d 08:38:30 *[Direct/0] 1d 08:38:36 > via gc-1/0/0.0 > via gc-1/1/0.0 > via gu-1/2/0.0 > via gc-2/0/0.0 > via gu-2/1/0.0 > via gu-2/2/0.0
This is the routing-instance which is used for the GTP tunnels to the SGSN. The addresses for the GGSN-C and GGSN-U PICs were allocated dynamically based upon the address range given in the ggsnc and ggsnu blocks.
vrfgn.inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 172.7.63.0/24 172.7.63.1/32 172.7.200.1/32 172.7.200.2/32 172.7.200.3/32 172.7.201.1/32 172.7.201.2/32 *[Direct/0] 2d 05:37:05 *[Local/0] 2d 05:37:06 Local via ge-3/1/0.0 *[Static/1] 07:09:09 *[Static/1] 07:09:09 *[Static/1] 07:09:07 *[Static/1] 07:09:09 *[Static/1] 07:09:09 > via gc-1/0/0.32769 > via gc-1/1/0.32772 > via gc-2/0/0.32774 > via gu-2/2/0.32770
23
> via gu-2/1/0.32771 172.7.201.3/32 172.8.0.0/16 172.10.250.0/24 172.10.250.1/32 *[Static/1] 07:09:09 *[Static/5] 06:03:54 *[Direct/0] 06:03:54 *[Local/0] 07:44:50 > via gu-1/2/0.32773 > to 172.10.250.2 via ge-0/0/0.250 > via ge-0/0/0.250 Local via ge-0/0/0.250
Now the output for the apn1.com VRF. Below are the routes for the PDP contexts(in the 10.10.1.0/24) range with the next-hops pointing to a logical interface on the GGSN-U PICs. Also included are the routes to the PICs serving the Session Control function.
vrfgi1.inet.0: 16 destinations, 16 routes (16 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.10.1.1/32 10.10.1.2/32 10.10.1.3/32 10.10.1.4/32 10.10.1.5/32 10.10.1.6/32 172.7.1.1/32 172.7.1.2/32 172.7.183.0/24 172.7.183.1/32 172.8.0.0/16 172.10.1.0/24 *[Static/1] 07:06:27 *[Static/1] 07:06:18 *[Static/1] 07:06:10 *[Static/1] 07:06:01 *[Static/1] 07:05:54 *[Static/1] 07:05:45 *[Static/1] 07:06:18 *[Static/1] 07:06:27 *[Direct/0] 1d 09:07:33 *[Local/0] 1d 09:07:33 *[Static/5] 06:03:54 *[Direct/0] 06:03:54
> via gu-1/2/0.32776 > via gu-2/1/0.32778 > via gu-2/2/0.32779 > via gu-1/2/0.32776 > via gu-2/1/0.32778 > via gu-2/2/0.32779 > via gc-1/1/0.32777 > via gc-2/0/0.32775 > via fe-0/2/1.0 Local via fe-0/2/1.0 > to 172.10.1.2 via ge-0/0/0.1 > via ge-0/0/0.1
24
*[Local/0] 2d 05:37:06 Local via ge-0/0/0.1 *[Direct/0] 2d 05:37:05 *[Local/0] 2d 05:37:06 *[Static/5] 06:03:54
> via ge-3/0/0.1 Local via ge-3/0/0.1 > to 172.10.1.2 via ge-0/0/0.1
25