Академический Документы
Профессиональный Документы
Культура Документы
PRD IR.33
Non-Binding
Core
Security Classification Category:
Unrestricted – Industry
X
Unrestricted
This document is subject to copyright protection. The GSM MoU Association (“Association”) makes no representation, warranty or
undertaking (express or implied) with respect to and does not accept any responsibility for, and hereby disclaims liability for the
accuracy or completeness or timeliness of the information contained in this document. The information contained in this document
may be subject to change without prior notice. Access to and distribution of this document by the Association is made pursuant to
the Regulations of the Association.
© Copyright of the GSM Association 1999
Document History
Summary
This document aims to provide a standardised view on how GPRS networks can interwork
in order to provide GPRS roaming capabilities when users roam onto foreign networks.
It will make references to current ETSI GSM specifications for GPRS, and also other GSM
Association document where necessary.
This document should be used in conjunction with two other IREG GPRS documents;
PRD IR.34 & IR.35.
Also documents generated by SERG and BARG are referenced in this document.
1. INTRODUCTION.......................................................................................................................................................4
1.1. MS REGISTRATION AND CONTEXT A CTIVATION OVERVIEW ................................................................4
2. ROAMING SCENARIOS .........................................................................................................................................5
2.1. SCENARIO 1 - MS REGISTERED ON VPLMN USING VSGSN AND HGGSN...............................................5
2.2. SCENARIO 2 - MS REGISTERED ON VPLMN USING VSGSN AND VGGSN................................................5
3. ROAMING INTERFACES AND PROTOCOLS ..................................................................................................6
1. Introduction
GPRS roaming shall be achieved using the standardised interfaces detailed in GSM 03.60
[1]. The GPRS architecture is shown below in Figure 1.
SMS-GMSC
SMS-IWMSC SM-SC
E C
Gd
MSC/VLR HLR
D
Gs
A Gc
Gr
Gb Gi
TE MT BSS SGSN GGSN PDN TE
Gn
R Um Gn Gf
Gp
EIR
SGSN GGSN
Other PLMN
Signalling Interface
Signalling and Data Transfer Interface
Once the “PDP context” is activated, then GPRS data transfer can commence. This is
detailed in GSM 03.60 [1]. The mandatory “PDP type” in the roaming environment will be
IP. (i.e. not X.25 or PPP)
2. Roaming Scenarios
2.1. Scenario 1 - MS registered on VPLMN using VSGSN and HGGSN
This scenario applies to: -
• inbound roamers
• outbound roamers
In this scenario, the user will roam on to a VPLMN, and register using a SGSN in the
visited network – the VSGSN. The user shall then activate a context using a GGSN in their
home network - the HGGSN. There will be data and signalling exchanges across the Inter
PLMN Backbone in order to establish the context (Gp Interface required.)
To allow interworking via Gp interface between foreign PLMNs having different GSN
suppliers, it is necessary to agree on compliance to a certain level of GSM specifications.
As a baseline, roaming operators shall conform to GPRS Release 97 level SMG#29 or
higher.
This scenario is shown in Figure 2, and requires: -
• SGSN – HLR interactions via the Gr interface, using Inter network C7/SCCP links
• Inter network DNS exchanges and possible “.gprs root” DNS exchanges. (See Note1)
• Inter PLMN Backbone connectivity and address management
• Border Gateway involvement, which may provide firewall and additional security
functionality.
HGGSN
VSGSN
The Inter GPRS
Backbone External PDN
BG BG
Roaming MS
Figure 2: Scenario 1 - VSGSN and HGGSN using the International Inter PLMN
Backbone
Note 1 – The gprs root refers to a `root DNS server´ which resides inside the GPRS
PLMN or the “root” DNS server may be held outside of the GPRS PLMN and controlled
by an external organisation, such as the GSM Association. This will enable all GPRS
operators to specify their information in one place only, and from there the information is
distributed by DNS.
• outbound roamers
In this scenario, the user will roam on to a VPLMN, and register using a SGSN in the
visited network – the VSGSN. The user shall then activate a context using a GGSN in their
visited network - the VGGSN.
There will be NO data and signalling exchanges across the Inter PLMN Backbone, as
these will use the Intra PLMN Backbone to establish the context..
This scenario is shown in Figure 3, and requires: -
• SGSN – HLR interactions via the Gr interface, using Inter network C7/SCCP links
• Dynamic address allocation for the subscriber
• Transparent i.e. non-authenticated network access-point access (see Note 2)
• NO inter network DNS exchanges.
• NO Inter PLMN Backbone connectivity or address management
• NO Border Gateways involvement or firewall configuration
VGGSN
VSGSN
Visited PLMN’s
GPRS Backbone External PDN
Roaming MS
Figure 3: Scenario 2 - VSGSN and VGGSN using VPLMN Intra GPRS Backbone
Note 2 – Non-transparent network access-point access is possible, but it requires
authentication servers at the visited network access-point and the home-network access
having the same authentication data. i.e. It is the responsibility of the external PDN to not
fail the users connection when Non-transparent access is encountered.
IP address” of the machine to send them to. DNS provides this “look up table” between
logical names and IP addresses. i.e. www.btcellnet.co.uk -> 1.2.3.4
As there are many millions of users out there and also many thousands of domains. DNS
uses a hierarchical system to search and resolve thousands of global DNS entries
systematically. Currently there are 7 generic TLDs, as well as many more country TLDs.
There are 13 “root nameservers” around the world. These nameservers have entries for all
“top level domain servers” e.g. “.com”. The “.com” top level domain server lists all the
known domains that end in “.com” e.g. ibm.com. The ibm.com entry in the root server will
have the ibm.com DNS server(s) (there are usually more than one in case one fails) IP
addresses. The ibm.com DNS server will have all the addresses of the hosts in the
ibm.com domain e.g. www servers and e-mail servers to which the user may wish to send
packets to.
The global DNS system works in this hierarchical way, and nearly all company or ISP DNS
servers “cache” information to save constantly asking the root DNS servers the same
query.
2. If the VPLMN DNS resolves the APN into a GGSN in the VPLMN – the VGGSN
(Roaming Scenario 2 – see Figure 3).
2a
VSGSN
BSS
1
5. The VPLMN DNS returns the result to the VSGSN. The SGSN can either use the
HGGSN IP address to connect the user, or fail the context activation (i.e. no IP address
provided).
RFC 1034 [5] and 1035 [6] detail the messages and exchanges required for DNS Name
Server communications.
Recursive mode
6
VPLMN 5 HSGSN
BG
GRX BG HPLMN
VGGSN
VSGSN
HGGSN HSGSN
The VPLMN DNS interrogates its Root DNS, which relays the request to the HPLMN
DNS and appears as request originator to the HPLMN DNS. The response goes through
the same path. The HPLMN has no way of being sure which PLMN is the original source
of the requests (i.e. the VPLMN address is not included in the request).
Iterative mode
4
VSGSN 7
5
VPLMN HSGSN
BG
6 GRX BG HPLMN
VGGSN
VSGSN
HGGSN HSGSN
The VPLMN DNS interrogates its Root DNS, which provides the address of the HPLMN
DNS. The VPLMN-DNS interrogates directly the HPLMN-DNS. The HPLMN is able to
identify the source of the request. Alternatively, if the VPLMN has no Root DNS, the
VPLMN DNS sends the requests directly to the HPLMN DNS.
The iterative mode is generally the default mode which is configured in the DNS servers.
A GPRS operator shall accept only DNS requests coming from his roaming partners by
applying source IP address checking (for example at the Border Gateway), and reject any
other request. In order to do this, the HPLMN has to be able to determine the Visited
PLMN which has emitted a DNS request.
If recursive interrogation mode is used, the DNS queries will be sent to the HPLMN-DNS
by the GRX-DNS, and the identity of the VPLMN is masked to the HPLMN.
Therefore only iterative interrogation mode should be used between GPRS DNS
servers.
PLMN 2
DNS-Gn
PLMN 2
DNS Root 2
1
BG
HPLMN
DNS Root 1
DNS-Gn PLMN 1
DNS -Gn 4
GRX 2
2
BG
HPLMN
BG
3 BG
PLMN 1
GRX 1
Additionally, the following recommendations will help to improve the overall security in
GPRS roaming environment:
§ A GPRS operator should respond only to iterative queries
§ Only requests of type A (name resolution), MX (for MMS) and NS
should be used. Use of any other request type should be subject to
prior bilateral agreement.
§ Only normal domain name resolution queries should be used, i.e.
reverse resolution should be subject to prior bilateral agreement.
VPLMN DNS
2 3
VSGSN
BSS
1
Network Id Operator Id
This is all detailed in GSM 03.03 [2].
VPLMN HPLMN
DNS DNS
mnc789.mcc888gprs
mnc123.mcc456gprs
VGGSN HGGSN
AP: ibm.co AP: ibm .co
The network operator can force their subscriber to use the Home GGSN by disabling a flag
(VPLMN address allowed) in the HLR on a per APN basis. In this case the roamer will
always use HGGSN access point. (See Figure 7)
VPLMN HPLMN
SGSN
DNS
DNS DNS
mnc789.mcc888gprs
mnc123.mcc456gprs
VGGSN HGGSN
AP: ibm .co AP: ibm .co
Figure 7: Subscriber has APN of ibm.com set with VPLMN allowed flag set to No.
To guarantee the uniqueness of APN network identifiers two solutions are possible: a) using
public Internet domain names, and b) the introduction of internal domain names. Both
solutions can be used in parallel for APN resolution depending on the operator’s
requirements.
DNS
SGSN
DNS DNS
mnc789.mcc888 gprs
mnc123.mcc456gprs
VGGSN HGGSN
AP: ibm .co AP: ibm .co
resolutions. In this case the IP address resolved to could vary dependent on the SGSN that
makes the request (location based) or dependent on the workload of the GGSN.
The GGSN which the service APN has resolved to must provide the service agreed upon
as specified by SERG “GPRS Service Support” document.
The service APN may provide a subscriber with transparent access to the service
requested, thus removing the requirement for authentication, policing or packet filtering
whether a public or private IP address is being used.
No guaranteed quality of service can be associated with a Service APN.
5. IP Address Management
5.1. IP Nodal Address Allocation
IP address management is described in IR.34: “Inter-PLMN Backbone Guidelines” [8].
Each node, which has access to the Inter PLMN Backbone, shall have unique addresses.
These can be registered Public IP Addresses, which are managed and distributed by a
single management entity. GSM 03.60 states:-
“The IP addresses of GSNs and other GPRS backbone nodes of all PLMNs build a
private address space that is not accessible from the public Internet. For the GGSN
and the SGSN, this IP address may also correspond to one or more DNS-type logical
GSN names.”
• Public IP Addresses
• Private IP Address
6. Border Gateways
6.1. Introduction
The Border Gateway’s (BG) main purpose is to preserve the security of the PLMN’s
GPRS network from: -
• Unwanted traffic / signalling from other GPRS PLMNs
• Inter PLMN Backbone traffic from a fraudulent source (IP attacks.)
The Border Gateway may provide: -
• Inter Network Secure Tunnelling and encryption. This may be established on a per-
roaming agreement basis to maintain the security of the data being transferred between
PLMNs.
• Use the “.gprs ” root DNS to locate the IP addresses of the HPLMN’s DNS servers,
for resolution.
The data exchange at roaming agreement establishment may include the Primary and
Secondary DNS IP addresses, or this information may be held by the “.gprs ” root DNS.
This is also detailed in PRD IR.21 [12].
8. References
[1] GSM 03.60 : - "Digital cellular telecommunications system (Phase 2+); GPRS Service
Description; Stage 2 ", ETSI.
[2] GSM 03.03 : - "Digital cellular telecommunications system (Phase 2+); Numbering,
addressing and identification", ETSI.
[3] GSM 09.02 : - "Digital cellular telecommunications system (Phase 2+); Mobile
Application Part (MAP) specification”, ETSI.
[4] GSM 09.60 : - "Digital cellular telecommunications system (Phase 2+); General Packet
Radio Service (GPRS); GPRS Tunnelling Protocol (GTP) across the Gn and Gp
Interface", ETSI.
[5] IETF RFC 1034 "Domain Names – Concepts and Facilities"
[6] IETF RFC 1035 “ Domain Names – Implementation and Specification”
[7] IETF RFC 1918 “Address Allocation for Private Intranets”
[8] PRD IR.34: “Inter-PLMN Backbone Guidelines”
[9] PRD IR.35: “End to End Functional Capability specification for Inter-PLMN GPRS
Roaming”
[10] PRD SE.20 “GPRS and WAP Service Guidelines”
[11] PRD BA.27
[12] PRD IR.21