Security Level:

GGSN9811 Product Description

www.huawei.com

www.huawei.com

HUAWEI TECHNOLOGIES CO., LTD. Huawei Technologies

HUAWEI Confidential

Chapter 1 GGSN9811 Overview Chapter 2 GGSN9811 Data Flows Chapter 3 GGSN9811 Characteristics

Chapter 4 GGSN9811 Reliability

Chapter 5 GGSN9811 Specifications

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 2

Position of the GGSN9811 in the Network

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 3

Interfaces on the GGSN9811

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 4

Protocol Stack of the Gn/Gp Interface

Signaling-plane protocol stack of the Gn/Gp interface Data-plane protocol stack of the Gn/Gp interface

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 5

Protocol Stack of the Gi Interface in the Case of IP Access

Protocol stack in transparent access mode

Signaling-plane protocol stack in non-transparent access mode

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 6

Protocol Stack of the Gi Interface in the Case of PPP Access

Gi interface protocol stack in PPP termination mode

Gi interface protocol stack in PPP relay mode

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 7

Protocol Stack of the Ga Interface

Ga interface protocol stack

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 8

Protocol Stack of the Gy Interface

Gy interface protocol stack

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 9

Protocol Stack of the Gmb Interface

Gmb interface protocol stack

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 10

Protocol Stack of the Gx Interface

Gx interface protocol stack

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 11

Physical Interface Types

Interface Type 10/100M adaptive Ethernet electrical interface Maximum Number of Interfaces on an LPU 24 Function
Physical interfaces to the PDN or

devices such as the SGSN, AAA server, and CG on the external network
Physical interfaces to the PDN or

devices such as the MME, SGSN, AAA server, and CG on the external network 1000Base-X-SFP optical interface 1000Base-X-SFP electrical interface 10G Ethernet optical interface 24 Physical interfaces to the PDN or devices such as the SGSN, AAA server, and CG on the external network Physical interfaces to the PDN or devices such as the SGSN, AAA server, and CG on the external network Physical interfaces to the PDN or devices such as the SGSN, AAA server, and CG on the external network

24

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 12

Chapter 1 GGSN9811 Overview Chapter 2 GGSN9811 Data Flows Chapter 3 GGSN9811 Characteristics

Chapter 4 GGSN9811 Reliability

Chapter 5 GGSN9811 Specifications

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 13

Data Flows in the 3G System

IP UDP GTP IP PPP TCP/UDP IP Application IP IP UDP TCP/UDP L2TP PPP PPP Application IP

Internet OCS server

(4) (2) (1) (2)

UE GPRS backbone

AAA server

(2) (2) (2)

AAA server

ISP

(3)

SGSN

GGSN

AAA server

(4)
(1) The MS attaches to the GPRS network and the MM context is set up. (2) The PDP context is set up, the GTP tunnel is set up, and AAA authentication is performed.

(4)

Enterprise network Charging bill

User: XX Number: 133XXXX Date: 2003/X Charge: $XXX ___________________________ Bill for Traffic: XXX Bill for content: XXX ___________________________ Detailed bill: **** **** **** **** **** ***

(3) The user accesses the PDN and browses Web pages.
(4) The SGSN/GGSN reports CDRs and interworks with the OCS server.

CG

Billing center

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 14

Signaling Data Flows

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 15

Board Data Flows

Uplink data flows:
GTP tunnel

LPU

SPU

LPU

Downlink data flows:

LPU

SPU

LPU

GTP tunnel

Uplink data flows over the Gi interface of the IPSec/GRE tunnel:

GTP tunnel

LPU

SPU

LPU

IPSec/GRE tunnel

Downlink data flows over the Gi interface of the IPSec/GRE tunnel:

IPSec/GRE tunnel

LPU

SPU

LPU

GTP tunnel

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 16

Chapter 1 GGSN9811 Overview Chapter 2 GGSN9811 Data Flows Chapter 3 GGSN9811 Characteristics Chapter 4 GGSN9811 Reliability

Chapter 5 GGSN9811 Specifications

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 17

GGSN9811 Characteristics
Access
GTP IP access GTP PPP access PPP regeneration

Service
Forward

Charging

Routing

Operation and maintenance

Event log Alarm Software

Online charging Dynamic routing

(LAC) Differentiated address assignment Alias APN Virtual APN QoS mapping SPU rerecommendation MBMS broadcast Direct tunnel

based policies Offline Web proxy charging Captive portal RADIUS Bandwidth accounting management DiffServ flag Content identification Firewall Anti-spoofing Anti-DDoS PCC

protocols BGP/RIP/OSPF/IS-IS Static routing Eth-trunk Multiple types of VPNs VLAN/GRE/L2TP/IPSE C/MPLS ACL

management Performance management Tracing management Operation management

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 18

GGSN9811 Charging Characteristics

Online charging
Volume-based charging Time-based charging Content-based charging

Offline charging
Volume-based charging Time-based charging Content-based charging

Dual coupon with tariff switch

QoS/SGSN/RAT change Support for G-CDR generation CTP-based charging Failover/failback Redirection

Tariff switch
QoS/SGSN/RAT change CTP-based charging Support for multiple G-CDR formats G-CDR storage CDR auditing

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 19

GGSN9811 Logical Charging Architecture

Charging Gateway OCS AAA Server

SPU
CDR Processing Radius Client

SRU

DCCA Client

PDP Context Management

CDR Storage

User Profile

Offline Charging

Online Charging

Hard Disk

User Management

Charging Processing and Control

Charging Data Collection

Charging
Data flow Packets Forwarding and Service Control

GGSN

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 20

GTP
IP over GTP - IP IP over GTP - L2TP PPP over GTP - IP

PPP over GTP - L2TP

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 21

Direct Tunnel
Iu R N C RANAP GTP-U S G S N Gn GTP-C GTP-U G G S N
Signalingplane message User-plane message

Two tunnel

R N C

S G RANAP S N GTP-U

Iu

Gn GTP-C G G S N
Signalingplane message User-plane message

Direct tunnel

In the direct tunnel solution, one GTP tunnel between the RNC and the GGSN is used instead of the two user-plane tunnels between the RNC and the SGSN, and the SGSN and the GGSN. The SGSN does not process user-plane data, alleviating the data forwarding load on the SGSN.
HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 22

User Access Modes and Address Assignment

AAA server

Internet/ Intranet SGSN GGSN Firewall

Auth. No Auth.

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 23

Overview of Content-Based Charging

Prepaid system

Mail server

Download server

GPRS backbone

Streaming server

UE

SGSN

GGSN

Charging bill
Destination address 10.127.0.2 Service Port HTTP 80 URL www.sina.co m/music1 Statistics Uplink: 1 KB Downlink: 1 MB Downlink: 10 MB Billing center
User: XX Number: 133XXXX Date: 2003/X Charge: $XXX ___________________________ Rent charge: $XX Bill for Traffic: $XXX Bill for content: $XXX ___________________________ Detailed bill: **** **** **** **** **** ***

172.19.10.102

FTP

1003 file1

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 24

DPI for Data Packets

Layer 7 Application Layer 6 Presentation

URL
Application DPI

HTTP://WAP.MONTERNET.COM/* RTSP://*.VOD.COM/*.3GP

Service processing layer

Application protocol & service

Layer 5 Session

WAP/HTTP/MMS/FTP/DNS RTSP/RTP/RTCP

Layer 4 Transport

IP DPI

IP address Port Protocol

TCP UDP ICMP/GRE/IPSec/

Layer 3 Network

Layer 2 Data link

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 25

CDR Auditing and G-CDR File Transfer

GGSN
SRU

Hard disk

FTP server

FTP client for G-CDR file transfer

G-CDR file download and upload

CDR auditing

FTP client LPU

FTP server for CDR auditing

CDR auditing

SPU

Charging processing

CDR auditing buffer

Charging gateway

CDR processing

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 26

Service Chain
Tunnel Marking APN based Inbound ACL

APN Level

Tunnel Marking

APN based Outbound ACL

PDP based Diffserv Marking

PDP based Policing

PDP Level

Service Level
IP Service Chain

Uplink Downlink
Tunnel Marking APN based Inbound ACL

APN Level

Tunnel Marking

APN based Outbound ACL

PDP based Policing

PDP Level

PDP based Diffserv Marking

Service Level
IP Service Chain

IP Service Chain Gating DiffServ Remark CAR QoS Update Web Proxy Captive Portal Redirection Policy Based Forwarding Shaping Charging Point

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 27

Firewall
Uplink & downlink
LPU
Interface-based ACL

Interface level

SPU

APN-based inbound ACL

APN level PDP level

Subscriber profile

Gating

Service level

Flow based IP service

Personal firewall

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 28

Web Proxy and Captive Portal

Web proxy
Web client
TCP SYN 1 TCP SYN TCP ACK TCP ACK HTTP request 1 HTTP request HTTP reply 2 HTTP reply TCP SYN, ACK HTTP request HTTP reply 2 TCP FIN & ACK TCP RST HTTP request 1 2

Captive portal
GGSN Proxy server
Web server

Web client

GGSN

Portal server

Web server

TCP SYN & ACK

HTTP redirection

If the packet matches a Layer 3/Layer 4 rule, the GGSN changes the data packets destination address to the proxy servers IP address. The GGSN changes the data packet's source address to the Web server's IP address
HUAWEI TECHNOLOGIES CO., LTD.

The GGSN discards the HTTP request message and sends an HTTP redirection message with the status code 302 to the Web client. The GGSN terminates the TCP connection.

HUAWEI Confidential

Page 29

QoS Update
PDP QoS
QoS2 QoS2 update fail

SGSN

GGSN

QoS1
QoS0 QoS0 PDP

QoS2 QoS1
QoS0 QoS0

Create PDP context Req (Req QoS) Create PDP context Rsp (Neg QoS0) Update PDP context Req (Req QoS1) Update PDP context Rsp (Accept) Update PDP context Req (Req QoS0) Update PDP context Rsp (Accept) Update PDP context Req (Req QoS2) Update PDP context Rsp (Reject)

T
QoS0 QoS1 Flow3 QoS1 QoS0

Flow1
Flow2

Timer expires

Flow4

QoS2

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 30

Virtual APN & Alias APN (1)

Corporate 1

SGSN
APN = "Corporate" username = "a@corporate1"

GGSN
Actual APN = "Corporate1"

MS1 MS2

PDP Context1
APN = "Corporate" username = "a@corporate2"

PDP Context1

PDP Context1
Actual APN = "Corporate2"

PDP Context2
APN = "Corporate" username = "a@corporate3"

PDP Context2 PDP Context3

PDP Context2
Actual APN = "Corporate3"

Corporate 2

MS3

PDP Context 3

PDP Context3

APN Name Corporate Corporate1 Corporate2 Corporate3

VPN

IP Address Pool Corporate 3

GRE VPN

POOL1

IPSec VPN POOL2 L2TP VPN POOL3

Local QoS mapping: IMSI/MSISDN/RAT/roaming/user name QoS mapping by the AAA server

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 31

Virtual APN & Alias APN (2)

GGSN
Walled garden APN1 APN2 APN3 system resource 1 APN4 system resource 2 Streaming service

PTT

Internet/ISP

Item
Mapping Usage scenario

Virtual APN
Multiple APNs -> One APN The carrier has some unused APNs. Several APNs need to use the same resources on the GGSN.

Alias APN
One APN -> Multiple APNs The carrier needs to use one APN to distinguish several different networks or to classify one "big" APN.

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 32

Flexible VPNs
Mobile tunnel VRF Internet tunnel

Firewall
GTP tunnel GRE/IPSec/L2TP /MPLS/VLAN

UE

SGSN

GPRS backbone

Corporation network GGSN

Internet

End-to-end tunnel (IPSec)

PDP Type = IP/PPP

IP/PPP over GTP

The GGSN regenerates the PPP session when the PDP type is IP. L2TP

IP/PPP

AAA server

Internet SGSN GGSN/LAC

LNS

Private network

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 33

Security Functions

Anti-spoofing
Anti-DDoS
GGSN

Multiple authentication modes Hierarchical management Gi redirection IPSec

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 34

PCC
PCC refers to policy and charging control. The PCRF is introduced. It delivers PCC rules, including policies and charging information, to the GGSN. Huawei PCRF is the UPCC. The following figure shows the position of the PCRF in the network.

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 35

Chapter 1 GGSN9811 Overview Chapter 2 GGSN9811 Data Flows

Chapter 3 GGSN9811 Characteristics

Chapter 4 GGSN9811 Reliability Chapter 5 GGSN9811 Specifications

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 36

Transmission Reliability
Virtual Routing Network level GGSN

GPRS backbone

Internet/ PDN

IP/Ethernet Trunk

11

10

Equipment Level
LPU LPU SPU SPU SRU

SFU

SPU 1:1
SRU SPU SPU SPU SPU

SRU 1:1 SFU 3+1

SFU

12

10

Three-level assurance
Module Level Overload Control

Software assurance

Recourse Monitor

Traffic Control

Self-fault Checking

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 37

Hardware Reliability
Mature USR platform Hot swappability and hot backup

3+1 SFU switching plane

Two 48 V independent power supplies

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 38

Software Reliability
System overload control

CPU overload control of the SPU/LPU CPU overload control of the SRU

Resource check
Periodical check Address resource check performed by the SRU and the SPU Address resource check with PDP contexts in the SDB performed by the SPU
Board lock and system shutdown Hot patch

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 39

Network Redundancy
RNC SDH SGSN

LAN switch Firewall IP dynamic routing

Internet/servic e

IP backbone GGSN

GGSN

LAN switch Firewall

Layer 2 IP redundancy technology

Link redundancy and route redundancy

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 40

Redundancy Backup
Hardware SFU: 3+1 backup SPU: 1+1 backup Software Active and standby RADIUS servers Multiple OCS servers Primary and secondary CGs Multiple DHCP servers Active and standby FTP servers Primary and secondary L2TP tunnels

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 41

Chapter 1 GGSN9811 Overview Chapter 2 GGSN9811 Data Flows Chapter 3 GGSN9811 Characteristics Chapter 4 GGSN9811 Reliability

Chapter 5 GGSN9811 Specifications

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 42

Capacity Specifications
Parameter
Maximum number of PDP contexts that are activated at the same time Maximum data throughput

PGP-8 Specification
5000000 50 Gbit/s

PGP-8B Specification
10000000 100 Gbit/s

Maximum IPSec throughput

Maximum number of APNs Maximum number of GRE tunnels Maximum number of L2TP tunnels Maximum number of IPSec tunnels

3 Gbit/s
3000 4000 20000 4000

6 Gbit/s
3000 4000 40000 4000

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 43

Thank You
www.huawei.com