Escolar Documentos
Profissional Documentos
Cultura Documentos
V900R007C02
Product Description
Issue
01
Date
2009-05-26
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For any
assistance, please contact our local office or company headquarters.
Website:
http://www.huawei.com
Email:
support@huawei.com
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but the statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Contents
Contents
About This Document.....................................................................................................................1
1 Overview......................................................................................................................................1-1
1.1 Basic Functions...............................................................................................................................................1-2
1.2 Network Structure...........................................................................................................................................1-2
1.3 Network Interfaces..........................................................................................................................................1-5
1.3.1 Gn/Gp Interface......................................................................................................................................1-6
1.3.2 Gi Interface.............................................................................................................................................1-7
1.3.3 Ga Interface..........................................................................................................................................1-10
1.3.4 Gy Interface..........................................................................................................................................1-10
1.3.5 Gmb Interface.......................................................................................................................................1-11
1.3.6 Gx Interface..........................................................................................................................................1-11
1.4 Supported Protocols......................................................................................................................................1-12
1.5 Physical Interfaces.........................................................................................................................................1-16
1.5.1 Interface Types.....................................................................................................................................1-17
1.5.2 Interface Specifications........................................................................................................................1-17
2 Product Features.........................................................................................................................2-1
2.1 Carrier-Class Platform.....................................................................................................................................2-2
2.2 High Reliability...............................................................................................................................................2-2
2.3 Security............................................................................................................................................................2-3
2.4 Large Capacity................................................................................................................................................2-3
2.5 Customized Operation and Maintenance System............................................................................................2-3
3 System Structure.........................................................................................................................3-1
3.1 Physical Structure............................................................................................................................................3-2
3.1.1 Cabinet...................................................................................................................................................3-2
3.1.2 Subrack...................................................................................................................................................3-5
3.1.3 Boards.....................................................................................................................................................3-7
3.2 Software Structure...........................................................................................................................................3-9
Contents
5 Reliability....................................................................................................................................5-1
5.1 Hardware Reliability.......................................................................................................................................5-2
5.2 Software Reliability.........................................................................................................................................5-2
5.3 Networking Reliability....................................................................................................................................5-3
5.4 Operation and Maintenance Reliability...........................................................................................................5-3
Issue 01 (2009-05-26)
Contents
7 Technical Specifications...........................................................................................................7-1
7.1 Performance Specifications.............................................................................................................................7-2
7.2 Entire-system Specifications...........................................................................................................................7-2
7.3 Reliability Specifications................................................................................................................................7-3
7.4 Safety Specifications.......................................................................................................................................7-3
7.5 EMC Specifications.........................................................................................................................................7-3
7.6 Environment Specifications............................................................................................................................7-4
7.6.1 Storage Environment..............................................................................................................................7-4
7.6.2 Transportation Environment..................................................................................................................7-5
7.6.3 Running Environment............................................................................................................................7-6
8 Installation...................................................................................................................................8-1
8.1 System Installation..........................................................................................................................................8-2
8.2 System Expansion and Upgrade......................................................................................................................8-2
Index.................................................................................................................................................i-1
Issue 01 (2009-05-26)
iii
Figures
Figures
Figure 1-1 GPRS/UMTS network structure.........................................................................................................1-2
Figure 1-2 Interfaces of the GGSN9811..............................................................................................................1-5
Figure 1-3 Signaling plane protocol stack of the Gn/Gp interface.......................................................................1-6
Figure 1-4 User plane protocol stack of the Gn/Gp interface..............................................................................1-7
Figure 1-5 Protocol stack of the Gi interface.......................................................................................................1-7
Figure 1-6 Protocol stack of the Gi interface in transparent access mode...........................................................1-8
Figure 1-7 Protocol stack of the Gi interface in non-transparent access mode....................................................1-8
Figure 1-8 Protocol stack of the Gi interface.......................................................................................................1-9
Figure 1-9 Protocol stack of the Gi interface in PPP termination mode..............................................................1-9
Figure 1-10 Protocol stack of the Gi interface in PPP relay mode.....................................................................1-10
Figure 1-11 Protocol stack of the Ga interface...................................................................................................1-10
Figure 1-12 Protocol stack of the Gy interface..................................................................................................1-11
Figure 1-13 Protocol stack of the Gmb interface...............................................................................................1-11
Figure 1-14 Protocol stack of the Gx interface..................................................................................................1-12
Figure 3-1 N68E-22 cabinet.................................................................................................................................3-3
Figure 3-2 Hardware layout of the GGSN9811...................................................................................................3-4
Figure 3-3 GGSN9811 subrack............................................................................................................................3-5
Figure 3-4 Components in the GGSN9811 subrack.............................................................................................3-6
Figure 3-5 Layout of boards in the GGSN9811 subrack......................................................................................3-8
Figure 3-6 Logical structure of the GGSN9811.................................................................................................3-10
Figure 4-1 Example of transparent access to an external IP network..................................................................4-4
Figure 4-2 Example of non-transparent access to an ISP or an intranet..............................................................4-5
Figure 4-3 Example of IP over GTP and PPP over GTP.....................................................................................4-6
Figure 4-4 Example of PPP regeneration.............................................................................................................4-7
Figure 6-1 Structure of the GGSN9811 OM system............................................................................................6-2
Issue 01 (2009-05-26)
Tables
Tables
Table 1-1 Protocols supported by the GGSN9811.............................................................................................1-13
Table 1-2 Quantities and functions of the physical interfaces on the GGSN9811.............................................1-17
Table 1-3 Specifications for 10/100M auto-sensing Ethernet electrical interfaces............................................1-17
Table 1-4 Specifications for 1000M Ethernet SFP optical interfaces (1000Base-X-SFP).................................1-18
Table 1-5 Specifications for 1000M Ethernet SFP electrical interfaces (1000Base-X-SFP).............................1-19
Table 1-6 Specifications for the 10G Ethernet optical interfaces (10GBase LAN/WAN-XFP)........................1-19
Table 3-1 Main components in the GGSN9811 subrack......................................................................................3-6
Table 3-2 Specifications of the four types LPUs..................................................................................................3-9
Table 7-1 GGSN9811 performance specifications...............................................................................................7-2
Table 7-2 Specifications of the entire GGSN9811...............................................................................................7-2
Table 7-3 GGSN9811 reliability specifications...................................................................................................7-3
Table 7-4 Climatic requirements for equipment storage......................................................................................7-4
Table 7-5 Climatic requirements for equipment transportation...........................................................................7-5
Table 7-6 Requirements for mechanical stress in the transportation environment..............................................7-5
Table 7-7 Requirements for temperature and humidity in the running environment...........................................7-6
Table 7-8 Requirements for other climatic factors in the running environment..................................................7-6
Table 7-9 Requirements for mechanical stress in the running environment........................................................7-7
Issue 01 (2009-05-26)
vii
Related Versions
The following table lists the product version related to this document.
Product Name
Version
GGSN9811
V900R007C02
Intended Audience
This document is intended for:
l
Update History
Updates between document versions are cumulative. Therefore, the latest document version
contains all the updates made to previous versions.
Updates in Issue 01 (2009-05-26)
Initial field trial release
Organization
1 Overview
This provides an overview of the GGSN9811 The GGSN9811 serves as a gateway in the general
packet radio service/universal mobile telecommunications system (GPRS/UMTS) packet core
network and forwards packets between the mobile network and the packet data network (PDN).
Issue 01 (2009-05-26)
2 Product Features
This describes the features of the GGSN9811: carrier-class platform, high reliability, security,
large capacity, and customized operation and maintenance (OM) system.
3 System Structure
This describes the physical and logical structures of the GGSN9811.
4 Services and Functions
This describes the abundant services and functions provided by the GGSN9811. These services
and functions can meet various requirements for networking and services.
5 Reliability
This describes the advanced reliability design of the GGSN9811. The advanced reliability design
effectively ensures the normal operation.
6 Operation and Maintenance
This describes the easy operation and maintenance (OM) measures provided by the
GGSN9811. The OM measures include the local maintenance terminal (LMT) that integrates
graphical user interface (GUI) and command line interface (CLI), accessing Huawei M2000 and
operation and maintenance center (OMC), and comprehensive online help.
7 Technical Specifications
This lists the technical specifications of the GGSN9811. The technical specifications consist of
performance specifications, entire-system specifications, reliability specifications, safety
standards, electromagnetic compatibility (EMC) specifications, and environment requirements.
8 Installation
This describes the installation, upgrade, and expansion processes.
Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
Indicates a hazard with a high level of risk, which if not
avoided,will result in death or serious injury.
Indicates a hazard with a medium or low level of risk, which
if not avoided, could result in minor or moderate injury.
Indicates a potentially hazardous situation, which if not
avoided,could result in equipment damage, data loss,
performance degradation, or unexpected results.
Indicates a tip that may help you solve a problem or save
time.
Issue 01 (2009-05-26)
Symbol
Description
Provides additional information to emphasize or supplement
important points of the main text.
General Conventions
The general conventions that may be found in this document are defined as follows.
Convention
Description
Boldface
Italic
Courier New
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention
Description
Boldface
Italic
[]
{ x | y | ... }
[ x | y | ... ]
{ x | y | ... }*
[ x | y | ... ]*
GUI Conventions
The GUI conventions that may be found in this document are defined as follows.
Issue 01 (2009-05-26)
Convention
Description
Boldface
>
Keyboard Operations
The keyboard operations that may be found in this document are defined as follows.
Format
Description
Key
Press the key. For example, press Enter and press Tab.
Key 1+Key 2
Key 1, Key 2
Mouse Operations
The mouse operations that may be found in this document are defined as follows.
Action
Description
Click
Double-click
Drag
Press and hold the primary mouse button and move the
pointer to a certain position.
Issue 01 (2009-05-26)
1 Overview
Overview
Issue 01 (2009-05-26)
1-1
1 Overview
1-2
Issue 01 (2009-05-26)
1 Overview
As shown in Figure 1-1, the GPRS/UMTS network contains the following network elements
(NEs):
l
MS: An MS is a user's mobile device. It can launch and receive calls through an air interface.
To perform a data service, the MS sets up a logical link with the CN-PS domain.
CN-CS domain: The CS domain provides circuit type services. It also connects an MS to
an external CS network such as the public switched telephone network (PSTN).
CN-PS domain: The PS domain provides packet data services. It also connects an MS to
an external packet data network (PDN) such as the Internet.
NOTE
The CN has evolved smoothly from the GPRS to the UMTS. The evolution of the RAN, however, is revolutionary
because of the fundamental change of air interfaces.
Huawei GPRS/UMTS CN-PS domain, consisting of the SGSN, GGSN, CG, and AAA server,
enables an MS to access an external PDN for packet data services and supplies charging services.
The functions of the main NEs in Huawei GPRS/UMTS CN-PS domain are as follows:
SGSN
The SGSN is used to provide packet data services. It forwards incoming and outgoing IP packets
of the MSs in the service area. The SGSN performs the following functions:
l
IP packet routing and forwarding for all mobile users within the service area
Session management
Mobility management
Generation and output of charging data records (CDRs), reflecting the usage of wireless
resources
Issue 01 (2009-05-26)
1-3
1 Overview
GGSN
The GGSN is used to provide packet data services. The GGSN routes and encapsulates the data
packets between the GPRS/UMTS network and an external PDN. The GGSN performs the
following functions:
l
Acting as an interface to an external PDN: The GGSN acts as a gateway for MSs to access
an external PDN. The GGSN exchanges routing information for an external PDN. The
GGSN serves as a router for all IP addresses of users in the GPRS/UMTS network.
GPRS/UMTS session management: The GGSN sets up communication between MSs and
external PDNs.
Data receiving and processing: The GGSN receives data from MSs and routes the data to
an external PDN. The GGSN also receives data from the external PDN, and selects a path
in the GPRS/UMTS network to forward the data according to the destination address. Then,
the GGSN sends the data to the SGSN.
Abundant charging functions: The GGSN provides the functions of normal charging, hot
billing, content-based charging, and online charging.
CG
As a device in the GPRS/UMTS network, the charging gateway (CG) collects, merges, and preprocesses the CDRs generated by the SGSN or the GGSN. The CG also provides an interface
to the billing center. When a GPRS/UMTS user accesses the Internet, several NEs generate
CDRs. Each NE may generate several CDRs. The CG merges and pre-processes the CDRs, and
then sends them to the billing center. Thus, the work load of the billing center is reduced. If the
CG is applied in the network, the SGSN and the GGSN are not required to provide interfaces to
the billing center.
AAA Server
The AAA server is used for authentication, authorization, and accounting. It complies with the
Remote Authentication Dial In User Service (RADIUS) protocol. The AAA server can also be
deployed in other networks besides the GPRS/UMTS network.
DNS
There are two types of DNS in the GPRS/UMTS network. One type is the DNS located between
the GGSN and an external PDN. It is used to resolve the domain name of the external PDN,
equivalent to a common DNS on the Internet. The other type is the DNS located on the GPRS/
UMTS core network. It is used to:
l
Perform domain name resolution to obtain the IP address of the GGSN based on the access
point name (APN) sent by the SGSN, thus establishing a communication channel between
the GGSN and an MS when the MS attempts to access the external PDN.
Obtain the IP address of the SGSN from the original routing area code when the routing
area between SGSNs is updated.
Obtain the IP address of the destination SGSN based on the new RNC ID during RNC
relocation.
The DNS can also be deployed in other networks besides the GPRS/UMTS network.
1-4
Issue 01 (2009-05-26)
1 Overview
OCS
The OCS provides the CCF function. By enhancing the present OCS, credit control can vary
according to service type. The GGSN9811 can determine whether a user is an online charging
user. The OCS can perform rating, allocate quotas, and finally deduct the fees for online charging
users.
BM-SC
The BM-SC distributes the multimedia broadcast/multicast service (MBMS). Serving as the
transmission ingress of the MBMS services of content providers, the BM-SC can authenticate
the users within a public land mobile network (PLMN), initiate the bearer service, and schedule
and deliver the MBMS service.
PCRF
The PCRF is used for making policies and charging rules. It performs the following functions:
l
Providing the policy and charging enforcement function (PCEF) with the policy and
charging rule information
Issue 01 (2009-05-26)
1-5
1 Overview
1-6
Issue 01 (2009-05-26)
1 Overview
The GPRS Tunneling Protocol (GTP) contains the GTP control plane (GTP-C) and the GTP
user plane (GTP-U).
l
In the GTP-C plane, tunnels are created, modified, and deleted through signaling.
In the GTP-U plane, the tunneling mechanism is used to transfer user packets.
In the GTP user plane, the GGSN9811 supports GTPv0 and GTPv1 and allows the switchover
between GTPv0 and GTPv1. In the GTP signaling plane, the GGSN9811 supports only GTPv0.
1.3.2 Gi Interface
This describes the functions and the protocol stack of the Gi interface.
Gi is the interface between the GGSN and the packet data network (PDN). The GGSN9811
supports two access modes for Internet Protocol (IP) users and Point-to-Point Protocol (PPP)
users.
IP Access
Figure 1-5 shows the protocol stack of the Gi interface for IP users.
Figure 1-5 Protocol stack of the Gi interface
Issue 01 (2009-05-26)
1-7
1 Overview
For IP users, the GGSN9811 provides two modes for mobile stations (MSs) to access the external
PDN, namely, transparent access mode and non-transparent access mode. Figure 1-6 and Figure
1-7 show the protocol stacks for the transparent access mode and the non-transparent access
mode, respectively.
Figure 1-6 Protocol stack of the Gi interface in transparent access mode
PPP Access
Figure 1-8 shows the protocol stack of the Gi interface for PPP users.
1-8
Issue 01 (2009-05-26)
1 Overview
For PPP users, the GGSN9811 provides two modes for MSs to access the external PDN, namely,
PPP termination mode and PPP relay mode. Figure 1-9 and Figure 1-10 show the protocol
stacks for the PPP termination mode and the PPP relay mode, respectively.
Figure 1-9 Protocol stack of the Gi interface in PPP termination mode
Issue 01 (2009-05-26)
1-9
1 Overview
1.3.3 Ga Interface
This describes the functions and the protocol stack of the Ga interface.
Ga is the interface between the GPRS support node (GSN) and the charging gateway
functionality (CGF). It runs the GTP' protocol to send charging data records (CDRs) that are
generated by a network element or functional entity to the CGF.
Figure 1-11 shows the protocol stack of the Ga interface.
Figure 1-11 Protocol stack of the Ga interface
1.3.4 Gy Interface
This describes the functions and the protocol stack of the Gy interface.
Gy is the interface between the GGSN and the online charging system/credit control function
(OCS/CCF). It communicates based on the Diameter protocol and is used for online charging
control. The GGSN interacts with the OCS through the Gy interface to realize credit control for
content-based charging users and non-content-based charging users.
Figure 1-12 shows the protocol stack of the Gy interface.
1-10
Issue 01 (2009-05-26)
1 Overview
MBMS session start and stop signaling sent by the BM-SC to the GGSN
1.3.6 Gx Interface
This describes the functions and the protocol stack of the Gx interface.
Gx is the interface between the GGSN and the policy charging rules function (PCRF). It
communicates based on the Diameter protocol. As the policy and charging enforcement function
(PCEF), the GGSN interacts with the PCRF through the Gx interface to realize policy and
charging control (PCC) function.
Issue 01 (2009-05-26)
1-11
1 Overview
1-12
Issue 01 (2009-05-26)
1 Overview
Function
GTP/GTP'
The GPRS
Tunneling Protocol
(GTP) is used to set
up, maintain, or
delete GTP tunnels
between the GGSN
and the SGSN. The
GGSN9811 can
interact with the
external packet data
network (PDN)
through GTP.
The GTP' protocol
is used to send
charging data
records (CDRs) that
are generated by a
network element or
functional entity to
the charging
gateway
functionality
(CGF).
RADIUS
Issue 01 (2009-05-26)
The Remote
Authentication Dial
in User Service
(RADIUS) protocol
is used for
authentication,
authorization, and
accounting between
the GGSN and the
RADIUS server.
Standard or Protocol
1-13
1 Overview
Protocol
Function
PPP
The Point-to-Point
Protocol (PPP) is a
Layer 2 link
protocol, through
which the Layer 2
negotiation through
the Link Control
Protocol (LCP),
Layer 3 negotiation
through IP over PPP
(IPCP), and
authentication
through the
Password
Authentication
Protocol/Challenge
Handshake
Authentication
Protocol (PAP/
CHAP) can be
performed.
L2TP
1-14
The Layer 2
Tunneling Protocol
(L2TP) is used to set
up Layer 2 virtual
private networks
(VPNs) and L2TP
tunnels between the
L2TP network
server (LNS) and
the GGSN that
serves as the L2TP
access concentrator
(LAC).
Standard or Protocol
Issue 01 (2009-05-26)
Protocol
IPSec
Issue 01 (2009-05-26)
Function
The IP Security
(IPSec) protocol is
used to ensure the
security of the data
transmitted
between the GGSN
and the related
devices. It can
ensure the
confidentiality,
integrity,
authenticity, and
anti-replay of data
packets transmitted
on the network.
1 Overview
Standard or Protocol
l
FTP
Diameter
1-15
1 Overview
Protocol
Function
Diameter
Online
Charging
The volume-based
or time-based
online contentbased charging is
realized through
interaction with the
online charging
system (OCS)
through the Gy
interface.
MBMS
PCC
The unidirectional
point-to-multipoint
multimedia services
are provided.
Standard or Protocol
1-16
Issue 01 (2009-05-26)
1 Overview
Quantity
(Maximum)
Function
24
24
24
NOTE
The quantity in GGSN9811 refers to the quantity of a type of interfaces on one LPU.
Specification
Connector type
RJ45
Operating mode
Issue 01 (2009-05-26)
10/100M auto-sensing
Half duplex and full duplex
Maximum
transmission distance
100 m
Applied cable
1-17
1 Overview
Item
Specification
Standard compliance
IEEE802.3z
Frame format
Network protocol
IP
Table 1-4 Specifications for 1000M Ethernet SFP optical interfaces (1000Base-X-SFP)
1-18
Item
Specification
Connector
type
LC/PC
Operating
mode
Standard
complianc
e
IEEE 802.3z
Frame
format
Network
protocol
IP
Maximum
transmissi
on
distance
0.5km
10km
40km
40km
80km
100km
Center
wavelengt
h
850nm
1310nm
1310nm
1550nm
1550nm
1550nm
Minimum
transmittin
g optical
power
9.5dBm
9.5dBm
4.5dBm
4.0dBm
2.0dBm
0dBm
Maximum
transmittin
g optical
power
2.5dBm
3.0dBm
3.0dBm
1.0dBm
5.0dBm
5.0dBm
Receiver
sensitivity
17.0dBm
20.0dBm
22.5dBm
21.0dBm
23.0dBm
30.0dBm
Overload
optical
power
0dBm
3.0dBm
3.0dBm
3.0dBm
3.0dBm
9.0dBm
Issue 01 (2009-05-26)
Item
Specification
Fiber type
Multimode
1 Overview
Singlemode
Singlemode
Singlemode
Singlemode
Singlemode
Table 1-5 Specifications for 1000M Ethernet SFP electrical interfaces (1000Base-X-SFP)
Item
Specification
Connector type
RJ45
Operating mode
Maximum transmission
distance
100 m
Applied cable
Standard compliance
IEEE802.3z
Frame format
Network protocol
IP
Table 1-6 Specifications for the 10G Ethernet optical interfaces (10GBase LAN/WAN-XFP)
Issue 01 (2009-05-26)
Item
Specification
Connector type
LC/PC
Operating mode
Standard
compliance
IEEE 802.3ae
Frame format
Network
protocol
IP
Maximum
transmission
distance
0.3 km
10 km
40 km
80 km
Center
wavelength
850 nm
1310 nm
1550 nm
1550 nm
Minimum
transmitting
optical power
-7.3 dBm
-6.0 dBm
-1.0 dBm
0 dBm
1-19
1 Overview
1-20
Item
Specification
Maximum
transmitting
optical power
-1.3 dBm
-1.0 dBm
2.0 dBm
4.0 dBm
Receiver
sensitivity
-7.5 dBm
-11.0 dBm
-15.0 dBm
-24.0 dBm
Overload
optical power
-1.0 dBm
0.5 dBm
-1.0 dBm
-7.0 dBm
Fiber type
Multi-mode
Single-mode
Single-mode
Single-mode
Issue 01 (2009-05-26)
2 Product Features
Product Features
Issue 01 (2009-05-26)
2-1
2 Product Features
Hardware reliability
The GGSN9811 supports hot plugging and hot backup of key boards, possesses a doublechannel power supply system, and is protected from over-voltage and over-current.
The DMPU subcards can work in load-sharing mode. Therefore, when one DMPU subcard
is faulty, the other DMPU subcard takes over all services, and the system triggers a fault
alarm. If the DMPU subcards are required but unavailable or if the DMPU subcards are
overloaded, the system triggers an alarm.
Software reliability
The GGSN9811 is capable of overload control, traffic control, resource check, , system
software backup, configuration files checkand automatic fault detection. This ensures
reliable running. The unique charging data record (CDR) cache function guarantees a
reliable billing system. The hot patch technology helps to ensure the normal software
running.
Networking reliability
The route backup and router load sharing functions can prevent single point failure on
networks, thus helping to build highly reliable networks. The Eth-trunk function can
prevent failure of a single port from affecting services.
2-2
Issue 01 (2009-05-26)
2 Product Features
2.3 Security
This describes the security feature of the GGSN9811. The requirements for security is taken into
consideration for the design of the GGSN9811 and multiple measures are adopted to protect
profits of operators and end users.
The same as reliability, security is concerned by operators and end users. The requirements for
security is fully considered for the design of the GGSN and the following measures are taken:
l
Packet filtering and access control list (ACL) mechanism to filter packets based on preset
conditions
Gi interface redirection function, which can offer defense against attacks that are based on
protocol packets between mobile users in one GGSN
The SSL feature can be implemented on the GGSN when the GGSN communicates with
the M2000 or local maintenance terminal (LMT) to enhance security through encryption.
Thus, the man-machine language (MML) channel, binary channel, and File Transfer
Protocol (FTP) file transfer channel between the GGSN and the M2000 or LMT are
encrypted
2-3
2 Product Features
User-Friendly GUI
The GUI helps to provide a user-friendly and convenient OM interface. Operations are simplified
through the graphic network topology view and device panel view. Frequent operations can be
performed by selecting items from the menu.
Message Tracing
The GGSN9811 allows signaling message tracing, data packet tracing, interface message
tracing, user message tracing, and message explanation.
Remote Management
The GGSN9811 supports various remote management functions, including online software
patching, online commissioning, remote maintenance, and dynamic data setting.
2-4
Issue 01 (2009-05-26)
3 System Structure
System Structure
Issue 01 (2009-05-26)
3-1
3 System Structure
3.1.1 Cabinet
This describes the N68E-22 cabinet. Its dimensions are 2200 mm (H) x 600 mm(W) x 800 mm
(D).
The design of the cabinet complies with the International Electrotechnical Commission 297
(IEC297) and Institute of Electrical and Electronics Engineers (IEEE) standards. The modular
structure is used, thus facilitating the capacity expansion and maintenance. In addition, the
electromagnetic compatibility is fully considered in the design of the cabinet and electromagnetic
shielding interfaces are used.
Figure 3-1 shows an N68E-22 cabinet.
3-2
Issue 01 (2009-05-26)
3 System Structure
Issue 01 (2009-05-26)
3-3
3 System Structure
3-4
Issue 01 (2009-05-26)
3 System Structure
NOTE
In the cabinet:
The GGSN9811 subrack must be available. The SRU, SFU, SPU, and LPU boards of the
GGSN9811 must be inserted in this subrack.
3.1.2 Subrack
This describes the GGSN9811 subrack. The design of the GGSN9811 subrack complies with
the IEC297 standard. Its dimensions are 886.00 mm (H) x 442.00 mm (W) x 669.00 mm (D).
Figure 3-3 shows the subrack and Figure 3-4 shows the components installed in the subrack.
Figure 3-3 GGSN9811 subrack
Issue 01 (2009-05-26)
3-5
3 System Structure
1. Plastic panel of the fan module 2. Fan module 3. Board cage 4. Air intake frame 5. Power system panel
6. Power supply module
7. Handle
8. Angle
9. Cabling trough
The GGSN9811 uses the integrated subrack design. Table 3-1 lists the main components in the
GGSN9811 subrack.
Table 3-1 Main components in the GGSN9811 subrack
3-6
Component
Description
Fan module
Issue 01 (2009-05-26)
3 System Structure
Component
Description
Power supply
module
Cable
It consists of the internal cable set, fibers, and external cable set. The
internal cable set refers to power cables and signal cables.
3.1.3 Boards
This describes the boards of the GGSN9811. The GGSN9811 consists of four types of boards:
SRU, SFU, SPU, and LPU.
The SRU is the core circuit board of system management. The SFU performs the service data
switching function of the entire system. The SPU performs the service processing function. The
LPU provides physical interfaces through which the GGSN9811 can be connected to external
network elements (NEs) or external networks.
The board slots are vertical. There are 12 board slots, and thus up to 12 boards can be inserted.
The configuration principle of boards is as follows:
l
Based on actual requirements, insert one, two, three or four LPUs. For the cabling
convenience of the cabinet, slots 1, 2, 3 and 4 are reserved for LPUs.
Based on actual requirements, insert two to six SPUs. The two adjacent SPUs are one pair.
The pairs of SPUs can be inserted in slots 3 and 4, slots 5 and 6, and slots 7 and 8.
Issue 01 (2009-05-26)
3-7
3 System Structure
SRU
The SRUs control and manage the system in a centralized manner and they work in 1+1 backup
mode. Serving as the clock source and the management and maintenance unit of the system, the
SRUs provide the functions of the control plane and the system maintenance plane. The SRUs
are composed of the main processing units (MPUs) and SFU modules. The two SFU modules
embedded in the two SRUs form four exchange planes with the two SFUs. The four exchange
planes exchange data in load-sharing mode.
SFU
The SFUs support quick data exchange. Working in load-sharing mode, the SFUs can support
640 Gbit/s (160 Gbit/s x 4) switching traffic.
The GGSN9811 is equipped with two SFUs, and two SFU modules are located on the two SRUs.
SPU
The SPUs perform functions such as service control, user packet forward, charging information
collection, quality of service (QoS), and content parse. The SPUs can be configured to work in
1+1 backup mode or load-sharing mode. The working mode switchover is controlled by the
bam.ini file.
LPU
The LPUs provide physical interfaces through which the GGSN9811 can be connected to NEs
such as the serving GPRS support node (SGSN), authorization, authentication and accounting
(AAA) server, and charging gateway (CG) or connected to external networks such as the packet
3-8
Issue 01 (2009-05-26)
3 System Structure
data network (PDN). The trunk working mode of physical interfaces can be configured to work
in either 1+1 backup mode or load-sharing mode.
At present, the GGSN9811 supports the following types of LPUs:
l
Table 3-2 lists the specifications of the four types of physical interface boards.
Table 3-2 Specifications of the four types LPUs
Type of the LPU
Interface Type
Interface Quantity
Transmission
Rate
10/100M FE
electrical interface
board
FE
24
10/100 Mbit/s
GE
24
10/100/1000 Mbit/s
GE
24
10/100/1000 Mbit/s
GE
10 Gbit/s
The LPUs are composed of three modules: LPU module, switching network fabric adaptor
(FAD) module, and physical interface card (PIC) module.
The three modules work together to process and forward service data quickly. In addition, they
maintain and manage link protocols and forwarding information base (FIB) tables.
Issue 01 (2009-05-26)
3-9
3 System Structure
AM
This module performs functions such as user access control, user authentication and
authorization, address assignment, and Packet Data Protocol (PDP) context management.
In addition, the GGSN9811 enables multiple user access modes.
CM
This module processes charging protocols and manages charging data records (CDRs). In
addition, the CM system works with external charging gateways (CGs) and external
charging systems to charge users.
SM
This module obtains and controls policies of user data flows.
PS
This module distributes and processes signaling packets and data packets of the
GGSN9811; it works with the relevant modules to implement charging and service control;
it performs functions such as system support and routing.
OM
This module performs OM functions such as data configuration management, device
management, performance management, alarm management, and security management.
LMT
This module provides graphical user interfaces (GUIs).
3-10
Issue 01 (2009-05-26)
4-1
4.8 QoS
This describes the quality of service (QoS) function supported by the GGSN9811.
4.9 Charging
This describes the charging function of the GGSN9811. The GGSN9811 can provide abundant
charging functions and enable operators to charge users flexibly.
4.10 DPI
Through the deep packet inspection (DPI) technology, the GGSN8911 can analyze the data of
the application layer protocols and obtain valuable information for service resolution and control.
4.11 Service Redirection
This describes the service redirection function of the GGSN9811. The GGSN9811 supports two
types of service redirection functions, that is, captive portal and web proxy.
4.12 Service Report
This describes service report function of the GGSN9811. The GGSN interworks with an external
Service Usage Reporter (SUR) to implement the service report function. The GGSN collects
service data records and sends the records to the SUR. The SUR analyzes the records and
generates service reports.
4.13 PCC
The GGSN9811 supports the policy and charging control (PCC) feature and provides a PCC
solution.
4.14 MBMS
This describes the multimedia broadcast/multicast service (MBMS) of the GGSN9811. The
MBMS is defined by the 3rd Generation Partnership Project (3GPP) for unidirectional point-tomultipoint multimedia services.
4.15 IPv6
The GGSN9811 supports basic IPv6 access function. It supports the IPv6 bearer on the user
plane but not the IPv6 features on the signaling plane.
4.16 Other Services and Functions
This describes the other services and functions of the GGSN9811. The GGSN9811 supports
multiple IP address assignment modes and the Network Time Protocol (NTP) function, and the
Simple Network Management Protocol (SNMP) V1/V2/V3.
4-2
Issue 01 (2009-05-26)
4.1 Routing
This describes the routing function of the GGSN9811. The GGSN is a gateway between the
GPRS/UMTS network and the packet data network (PDN). For the devices in the PDN, the
GGSN is a router that can route the IP addresses of all users in the GPRS/UMTS network.
The GGSN9811 supports the following main routing technologies:
l
Static routing
Default routing
RIPv1/v2
OSPFv2
IS-IS
BGP-4
Routing policy
Route backup
4.2 APN
This describes the access point name (APN) function of the GGSN9811. The APN is a network
identifier defined by the general packet radio service/universal mobile telecommunications
system (GPRS/UMTS).
The GGSN must be configured with an APN and the related attributes based on the packet data
network (PDN) to be accessed. Thus, mobile stations (MSs) under the APN can be connected
to the PDN. The GPRS/UMTS core network identifies a GGSN with an APN. An APN identifies
an external PDN that is connected through the GGSN, or an associated service. The external
PDNs include the Internet service provider (ISP) network and the intranet. The services include
the Internet access service and the Wireless Application Protocol (WAP) service.
In addition to the basic functions of the APN, the GGSN9811 provides the virtual APN function.
By means of the virtual APN function, users who visit different PDNs can carry the same APN.
This APN acts as the virtual APN. Based on the different matching types configured for the
virtual APN, the GGSN9811 finds the actual APNs, and then enables the users to access the
proper PDNs. The virtual APN function settles the problem of poor service flexibility of
operators, optimizes network resources, and betters service experience of users.
The GGSN9811 also provides the alias APN function. To map the services of an APN to another
APN, operators can map the user-carried APN to an alias APN but need not modify the planning
and configuration of APNs. Different APNs can correspond to the same system resources,
facilitating distribution and combination of system resources.
4-3
MSs can access the external PDN in transparent access mode or non-transparent access mode.
Transparent Access
In transparent access mode, operators serve as Internet service providers (ISPs) and provide
general packet radio service/universal mobile telecommunications system (GPRS/UMTS) users
with services such as email application and web browsing.
Figure 4-1 shows an example of the transparent access mode. The operator's IP network can
hold devices such as the world wide web (WWW) server, email server, and domain name server
(DNS). A firewall is set at the connection point with the external network to shield the network
from unauthorized access.
Figure 4-1 Example of transparent access to an external IP network
In transparent mode, the IP address assigned to the mobile user is one of the IP addresses of the
operator. The IP address can be a static IP address that is assigned when a mobile user subscribes
to a service and signs a subscription or a dynamic IP address that is assigned by the GGSN when
the Packet Data Protocol (PDP) context is activated.
The dynamic IP address can be an IP address in the internal IP address pool that is assigned to
the access point (AP) through data configuration. It can also be a dynamic IP address assigned
by the authentication, authorization and accounting (AAA) server or the Dynamic Host
Configuration Protocol (DHCP) server.
When the PDP context is activated, the MS may not carry the user identity and the GGSN may
not perform authorization or authentication for the user identity. In transparent mode, based on
the requirements of operators, the GGSN can perform authorization and authentication for the
user identity.
Non-Transparent Access
This mode is used when operators do not serve as ISPs.
Figure 4-2 shows an example of the non-transparent access mode.
4-4
Issue 01 (2009-05-26)
In non-transparent access mode, the IP address assigned to the mobile user is one of the IP
addresses of the ISP or the intranet. The IP address can be a static IP address that is assigned
when the mobile user subscribes to a service and signs a subscription or a dynamic IP address
that is assigned by the GGSN when the PDP context is activated.
The dynamic IP address can be an IP address in the internal IP address pool of the GGSN. It can
also be a dynamic IP address assigned by the AAA server or the DHCP server.
When the PDP context is activated, the MS must carry the user identity and authentication
information. After receiving the activation request from the MSS, the GGSN forwards the
request to the AAA server. The AAA server authenticates and authorizes the user identity.
4.4 GTP
This describes the GPRS Tunneling Protocol (GTP) function of the GGSN9811. GTP tunnels
are used to forward data between the SGSN and the GGSN.
4.4.1 GTP Tunnel
This describes the GPRS Tunneling Protocol (GTP) tunnel function of the GGSN9811. The GTP
tunnel is used to forward data between the SGSN and the GGSN.
4.4.2 GTP Signaling Function
This describes the GPRS Tunneling Protocol (GTP) signaling function of the GGSN9811. The
GTP signaling function consists of tunnel management and path management.
4.4.3 IP over GTP and PPP over GTP
This describes two Packet Data Protocol (PDP) types, namely, IP (IPv4 and IPv6) over GTP and
PPP over GTP, supported by the GGSN9811.
Issue 01 (2009-05-26)
4-5
4-6
Issue 01 (2009-05-26)
In the intranet, PPP over GTP can enable enterprises to use the existing virtual private network
(VPN) gateways in fixed networks. The enterprises need not modify configuration or
networking. Thus, users in fixed networks and mobile networks can be managed in a unified
manner. In addition, for PPP over GTP, L2TP tunnels can be set up or removed in real time.
Only the VPN tunnels that are based on the Generic Routing Encapsulation (GRE) protocol can
be used because IP over GTP is used in the intranet. Thus, the VPN gateways in the intranet
must set up tunnels with all the GGSNs in advance. The configuration is relatively complex.
Figure 4-4 Example of PPP regeneration
IP over GTP and PPP over GTP are two basic functions stipulated in the 3rd Generation
Partnership Project (3GPP). PPP over GTP is supported by some mobile phones and most mobile
phones support only IP over GTP. Intranet users hope to access the intranet through existing
LNS and AAA servers without changing the existing network structure and configuration.
Huawei GGSN9811 provides the PPP regeneration solution to meet these requirements, as
shown in Figure 4-4. The GGSN9811 can negotiate with the LNS and set up PPP sessions based
on user information such as the user name and password in user activation requests. After setting
up PPP sessions, the GGSN9811 PPP encapsulates IP packets for PPP relay. Then, the start and
end points of PPP are the GGSN9811 and the LNS, respectively.
4-7
The development of 3G services and application of the High-Speed Packet Access (HSPA)
technologies present higher requirements on the processing capability in the user plane in the
packet-switched (PS) domain of the wideband code division multiple access (WCDMA) core
network. In two-tunnel mode, the GPRS Tunneling Protocol-User plane (GTP-U) tunnel
between the RNC and the GGSN is divided into the tunnel between the RNC and the SGSN and
the tunnel between the SGSN and the GGSN. Therefore, the processing capability in the user
plane on the network elements (NEs) such as the RNC, SGSN, and GGSN must be improved,
thus increasing the capital expenditure (CAPEX) and operation expenditure (OPEX) of
operators.
The 3rd Generation Partnership Project (3GPP) provides the direct-tunnel mode for establishing
a direct GTP-U tunnel between the RNC and the GGSN. This mode decreases the CAPEX and
OPEX of operators, improves the performance in the user plane in the PS domain of the WCDMA
core network, and facilitates future network expansion.
4.6 VPN
This describes the virtual private network (VPN) service provided by the GGSN9811. The
GGSN9811 supports tunneling technologies such as multi-protocol label switch (MPLS),
Generic Routing Encapsulation (GRE), and Layer 2 Tunneling Protocol (L2TP). An operator
can select a suitable security solution to set up a virtual private network (VPN).
A private network based on the public packet-switched network is set up to enable mobile users
to access an intranet. This saves the cost for leasing expensive private lines. The VPN features
security, reliability, and manageability.
On a GPRS/UMTS network, by means of remote user authentication and tunnel data encryption
technologies, a mobile station (MS) can access an intranet securely and reliably through a private
tunnel between the GGSN and the enterprise VPN gateways.
MPLS L3 VPN
The MPLS L3 VPN provides the VPN through the IP backbone network of a service provider.
It uses the Border Gateway Protocol (BGP) to advertise VPN routes on the IP backbone network
to separate the traffic of different VPN members. Then, the MPLS is used to forward VPN
packets on the IP backbone network. The GGSN9811 supports the MPLS L3 VPN and complies
with IETF RFC2547.
L2TP VPN
The L2TP tunnel is a Layer 2 tunneling technology. It uses the IP network to set up an L2TP
tunnel and encapsulates data into Point-to-Point Protocol (PPP) packets for delivery through the
L2TP tunnel. The GGSN9811 provides the L2TP access concentrator (LAC) function. It can
also set up the VPN through the L2TP tunnel to transmit Packet Data Protocol packet data units
(PDP PDUs). The L2TP tunnel complies with RFC2661 regardless of whether the type of the
PDP PDU is PPP or IP.
GRE VPN
The GRE tunnel is based on the Layer 3 tunneling technology, which enables encapsulation of
one network layer protocol over another network layer protocol. The GGSN9811 supports the
GRE tunneling technology. Through GRE, the IP network protocol can be used to transmit
packets of upper layer protocols to realize the VPN function. The GRE tunnel complies with
RFC1702 and RFC1701.
4-8
Issue 01 (2009-05-26)
VLAN VPN
The virtual local area network (VLAN) is a new technology to realize virtual working groups
by dividing network segments based on the logical addresses instead of the physical addresses
of the devices in a LAN. The IEEE issued the 802.1Q to standardize VLAN realization in 1999.
The GGSN9811 can divide a physical interface into sub-interfaces and specify VLAN IDs for
these sub-interfaces, and thus the VLAN VPN is supported.
4.7 Security
This describes the security function of the GGSN9811. The GGSN9811 supports the realization
of multiple security policies.
4.7.1 Protocol Security Authentication
This describes the protocol security authentication. Security authentication refers to
authenticating received packets or determining whether user access is allowed.
4.7.2 IPSec
This describes IP Security (IPSec). The IPSec protocol suite is a series of protocols defined by
the Internet Engineering Task Force (IETF). It provides IP data packets with high-quality,
interoperable, and cryptology-based security.
4.7.3 Packet Filtering and ACL
This describes the functions of packet filtering and the access control list (ACL).
4.7.4 Gi Interface Redirection
This describes the Gi interface redirection function. The Gi interface redirection function can
prevent packet attacks between the users in one GGSN.
4.7.5 Anti-DDoS Protection
This describes how to prevent the distributed denial of service (DDoS) attack. The DDoS attack
is generated based on the denial of service (DoS) attack. In a DDoS attack, the controlled network
terminals attack a public port simultaneously. The damage is severe.
4.7.6 Anti-spoofing
This describes the anti-spoofing function of the GGSN9811.
4.7.7 SSL
In IP access mode, the GGSN9811 authenticates and authorizes mobile stations (MSs) by
interworking with the authentication, authorization, and accounting (AAA) server.
Issue 01 (2009-05-26)
4-9
4.7.2 IPSec
This describes IP Security (IPSec). The IPSec protocol suite is a series of protocols defined by
the Internet Engineering Task Force (IETF). It provides IP data packets with high-quality,
interoperable, and cryptology-based security.
The devices can ensure confidentiality, integrity, authenticity, and anti-replay for data packets
when packets are transmitted on the network through encryption and data source authentication
at the IP layer.
By means of the Authentication Header (AH) and Encapsulating Security Payload (ESP) security
protocols, IPSec can address the security concerns. IPSec can also automatically negotiate key
exchange, and set up and maintain security associations (SAs) through Internet Key Exchange
(IKE) to simplify the use and management of IPSec.
The GGSN9811 supports IPSec on the Gi and Gn interfacesevery interface to authenticate or
encrypt data flows to ensure security of data packets.
The GGSN9811 supports the following IPSec functions:
l
Realizing Message Digest 5 (MD5) and Secure Hash Algorithm-1 (SHA-1) authentication
algorithms
Realizing data encryption standard (DES), 3DES, and advanced encryption standard (AES)
encryption algorithms
Realizing the AH and ESP protocols and supporting binding of AH and ESP
Realizing the IPSec VPN by binding virtual routing and forwarding (VRF) with the
interface where the IPSec is enabled
Supporting the IPSec redundancy function when the IPSec tunnel interface mode is adopted
Preventing the MS from attacking the devices on the GPRS/UMTS core network
The packet filtering policy enabled on the GGSN helps to discard the unqualified packets
sent to the devices in the core network, thereby ensuring the security of the core network.
For example, the traffic classification rules can define the data flow that accesses the core
network element (NE) based on the destination IP address.
4-10
Issue 01 (2009-05-26)
4.7.6 Anti-spoofing
This describes the anti-spoofing function of the GGSN9811.
Generally, users communicate through their authorized IP addresses. Those who borrow IP
addresses of other users are mostly to perform illegal acts. The anti-spoofing function can detect
and discard the packets that are transferred through IP addresses of other users, thus ensuring
the security of the core network.
Application of Anti-spoofing
On the GGSN, the application of anti-spoofing is as follows:
Issue 01 (2009-05-26)
4-11
If the source IP address of the uplink packet from a mobile user is different from the IP
address assigned to the mobile user, the GGSN regards this packet as a spoofing packet.
If the source IP address and destination IP address of the downlink packet from the packet
data network (PDN) are the same, the GGSN considers this packet as an abnormal packet.
Implementation of Anti-spoofing
The anti-spoofing function is implemented in the following manner:
l
If the packet sent by the PDN user arrives at the GGSN along the tunnel, the GGSN must decapsulate the packet,
and then determine whether the packet is an abnormal one.
The GGSN computes the total number of spoofing packets in each PDP context context within
one minute. If the total number exceeds the threshold, the GGSN deletes the PDP context, and
then deactivates the user.
4.7.7 SSL
SSL provides three security services:
l
Identity authentication
Identity authentication means checking whether the peer end is really the one with which
you want to communicate. SSL authenticates the server and the client based on digital
certificates to confirm that they are legitimate users. Both the client and the server have an
identifier, which is numbered with the public key. To verify that a user is legitimate, SSL
implements digital authentication during data exchange in the handshake stage.
Connection privacy
Connection privacy means that data is encrypted before transmission to avoid data theft by
illegitimate users. SSL ensures connection privacy by employing encryption algorithms.
Commonly used encryption algorithms are Data Encryption Standard (DES), 3DES, RC2,
and RC4.
Data intactness
Data intactness means that any modification to data during transmission can be detected.
SSL sets up a secure channel between the client and the server so that all SSL-processed
data can reach the destination without being modified. SSL guarantees data intactness by
employing message digest algorithms. Commonly used message digest algorithms are
message digest 5 (MD5) and SHA-1. SHA is short for secure hash algorithm.
The SSL feature can be implemented on the GGSN when the GGSN communicates with the
M2000 or local maintenance terminal (LMT) to enhance security through encryption. Thus, the
4-12
Issue 01 (2009-05-26)
man-machine language (MML) channel, binary channel, and File Transfer Protocol (FTP) file
transfer channel between the GGSN and the M2000 or LMT are encrypted.
4.8 QoS
This describes the quality of service (QoS) function supported by the GGSN9811.
The general packet radio service/universal mobile telecommunications system (GPRS/UMTS)
standard defines the QoS in mobile networks as the end-to-end QoS. The end-to-end QoS
depends on the QoS features of every node on the transmission path. Thus, when the traffic
passes through the IP-based GPRS/UMTS core network, the GPRS/UMTS QoS negotiated
during the context activation must be mapped to the differentiated services code point (DSCP)
field or type of service (ToS) field of the IP packet header according to a certain mapping rule.
An IP QoS performs queue scheduling to ensure the end-to-end QoS.
l
The GGSN9811 supports QoS negotiation and mapping. The QoS requested is carried in
the context activation request message of a mobile station (MS). The GGSN9811 performs
the QoS negotiation based on the QoS information and the configurations of the
GGSN9811. The GGSN9811 maps the negotiated QoS parameter into the differentiated
services (DiffServ) priority of the IP network, fills the priority into the ToS or DSCP field
in the header of the packets, and then forwards them to an external packet data network
(PDN). The PDN schedules the IP QoS queue to ensure the QoS of the packet service.
The GGSN9811 supports the user-based DiffServ. The services at different levels are
provided for users who have different requirements. The allocation/retention priority (ARP)
in activation requests controls the access and bearer priority of users. To meet DiffServ
requirements, the GGSN9811 provides different QoS levels based on user levels and traffic
classes.
The GGSN9811 supports the content awareness function. For rectifying the problem in
which the bearer network cannot detect the service QoS requirement, and the problem of
low usage of wireless air resources, Huawei provides a UMTS content awareness solution
on the GGSN9811 to achieve dynamic QoS policy control. The GGSN9811 can send the
QoS update request to the serving GPRS support node (SGSN) based on the type of the
user data service to achieve dynamic adjustment of the QoS. Thus, the QoS requirements
of multiple user services can be met flexibly and operators can use network resources
appropriately and effectively.
The GGSN9811 supports the alias marking function. The GGSN9811 can process the traffic
based on the operator-defined priority rules. For other network elements (NEs), the priority
levels in the QoS information remain unchanged. This function provides operators with
flexible processing of the QoS service on the GGSN9811.
The GGSN9811 supports the traffic policing function. Traffic policing is a mechanism to
restrict the bandwidth for data traffic so that the data transmission is within the specified
rate. Traffic policing is realized through the committed access rate (CAR) mechanism.
Issue 01 (2009-05-26)
Bearer-based uplink and downlink traffic policing: When bearer contexts are activated
or updated, the GGSN9811 polices both the uplink and downlink traffic of the bearer
contexts after determining the uplink and downlink bandwidths of the bearer contexts.
Traffic policing can be implemented by configuring the guaranteed bit rate (GBR) and
maximum bit rate (MBR).
DSCP-based traffic policing: The GGSN9811 restricts the traffic of the packets of a
certain type based on the value of the DSCP field.
The GGSN9811 supports the traffic shaping function. Traffic shaping is a mechanism to
adjust the output traffic rate actively. The packets that do not comply with the specifications
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
4-13
are cached in a buffer or queue. When sufficient tokens are available in the token bucket,
the cached packets are sent regularly at the rate configured for the token bucket.
l
4.9 Charging
This describes the charging function of the GGSN9811. The GGSN9811 can provide abundant
charging functions and enable operators to charge users flexibly.
4.9.1 RADIUS Accounting
This describes the Remote Authentication Dial In User Service (RADIUS) accounting function
of the GGSN9811.
4.9.2 Offline Charging
This describes the offline charging function of the GGSN9811.
4.9.3 Online Charging
This describes the online charging function of the GGSN9811.
4.9.4 Content-based Charging
This describes the content-based charging (CBC) function of the GGSN9811. CBC enables
operators to charge for the access service and the services based on contents and applications,
thus helping operators gain more profits.
4.9.5 Event-based Charging
This describes the event-based charging function of the GGSN9811. Event-based charging
means that users are charged based on the number of times that they use a specific service.
4.9.6 Envelope Reporting
This describes the envelope reporting function of the GGSN9811. By means of the envelope
reporting function, more detailed charging information can be provided for the online/offline
charging system based on the standard duration reporting.
4-14
Issue 01 (2009-05-26)
The GGSN allows the RADIUS server to assign IP addresses to users during RADIUS
authentication and deactivates a user after receiving the Packet of Disconnect (PoD) message
from the RADIUS server.
The GGSN9811 allows you to configure a RADIUS server for each access point name (APN).
The RADIUS servers, namely, AAA servers, can operate in active/standby mode or load-sharing
mode.
In addition, the GGSN provides some RADIUS extended functions, such as providing charging
response switch, removing the domain name from a user name, supporting 3GPP extended
attributes, obtaining user attributes and service attributes from the RADIUS server, and
supporting the setting of retransmission times and timeout interval for accounting messages.
Charging Characteristic
The offline charging function provided by the GGSN9811 consists of normal charging, hot
billing, prepaid charging, and flat rate charging.
l
Normal charging
The normal charging is based on the data volume or duration instead of the data service
type.
Hot billing
Hot billing provides all functions of normal charging but can generate CDRs more quickly
than normal charging. You can set the time threshold and volume threshold for generating
CDRs on the GGSN9811 based on user attributes. For hot billing users, the time threshold
can be set to a small value to report CDRs in time. After the CDRs sent by the GGSN9811
reach the CG, the CDRs containing the hot billing attribute take precedence over other
CDRs in processing by the CG.
Prepaid charging
Before availing themselves of a service, the users must pay for the service in advance. When
the account balance is insufficient for the service, the service is terminated forcibly.
Therefore, operators can quickly recover investments and improve network resource
efficiency.
Issue 01 (2009-05-26)
4-15
remains the same. The charging system on the GGSN9811 collects only such information
as data traffic and service duration of the users who pay at a flat rate, and then sends the
data to the BS for storage. The flat rate is determined by a subscription contract.
Charging Feature
The features of offline charging on the GGSN9811 are as follows:
l
4-16
Issue 01 (2009-05-26)
The GGSN9811 can cache the generated CDRs on the hard disk if the link between the
GGSN9811 and the CG is faulty. These CDRs are sent to the CG if the link is restored so
that CDRs will not be lost.
l
The GGSN9811 supports service blocking or redirection when the balance is insufficient
or the service is not subscribed. If the OCS at the server side finds that the balance is
insufficient for service access, the OCS redirects the user request to the specific page for
recharge. If the OCS at the server side finds that the service is not subscribed, the OCS
redirects the user request to the specific page for subscription. Therefore, two redirection
functions are required, redirection for recharge and redirection for subscription.
Based on the characteristics of the application protocol, the GGSN9811 supports the
redirection function only for the Hypertext Transfer Protocol (HTTP), Wireless Application
Protocol 1.x (WAP1.x), and WAP2.0 browsing services. If the OCS sends the instruction
to the GGSN9811 to redirect the user request to a specific page but the user is not accessing
the browsing service, the GGSN9811 discards the related messages.
The user credit control is realized through the OCS. A secondary OCS must be provided
to perform credit control through the exchange with the GGSN9811 to ensure that services
are not disrupted when the GGSN9811 detects that the connection with the OCS is
abnormal. Therefore, the configuration of primary and secondary OCSs must be supported.
The GGSN9811 supports primary and secondary OCSs locally. When detecting that the
primary OCS does not respond to a request, the GGSN9811 automatically sends online
charging messages to the secondary OCS. If the OCS supports primary/secondary
switchover, services are not disrupted.
4-17
benefits from the services and integrate different service schemes, operators develop the
charging model which features more diversified and dynamic granularity. CBC, namely, flowbased charging (FBC) defined in the 3rd Generation Partnership Project (3GPP) protocol is a
critical step to the value-based charging model.
CBC is a unique function of the GGSN9811. With the CBC function, the GGSN9811 can charge
differently based on the different service types of a mobile station (MS), which significantly
enhances competitiveness of operators and meets requirements of diversified development of
mobile internetworks.
The GGSN9811 supports time- or volume-based charging, and identifies services by Layer 3/
Layer 4 and Layer 7 filtering and parsing of data packets to apply different charging policies
and generate CBC charging data records (CDRs).
l
The GGSN9811 can analyze packets of the Trivial File Transfer Protocol (TFTP), Microsoft
Multimedia Server Protocol (MMSP), Simple Mail Transfer Protocol (SMTP), Post Office
Protocol revision 3 (POP3), and Interactive Mail Access Protocol (IMAP), and identify Pointto-Point (P2P), Voice over IP (VoIP), and instant messaging (IM) services.
The CBC CDRs can be of two formats. One is the format of the G-CDR extension content-based
charging field. The other is the standard eG-CDR format defined in the 3GPP protocol. You can
use either format for the CBC function.
Issue 01 (2009-05-26)
Operators employ diversified charging modes with development of abundant 3G services, which
requires that the GGSN should provide event-based charging to help operators realize flexible
and appropriate charging.
The GGSN9811 supports event-based charging for services such as the Hypertext Transfer
Protocol (HTTP), multimedia messaging service (MMS), Real-Time Streaming Protocol
(RTSP), and Wireless Application Protocol (WAP) services. In addition, the GGSN9811
supports both online event-based charging and offline event-based charging.
l
An event-based charging data record (CDR) contains the numberOfEvents field, indicating the
number of successful events and number of failed event, and the eventTimeStamps field,
indicating the time when an event occurs.
When there is traffic for a service in a BTI, the service duration is recorded as the BTI
duration. The traffic and duration are recorded in an envelope.
When there is no traffic for a service in a BTI, the envelope corresponding to the service
is closed and the traffic and duration are no longer recorded. The recorded traffic and
duration are reported as one envelope.
The envelope reporting function supports the following charging modes of calculating duration
based on traffic:
l
Issue 01 (2009-05-26)
4-19
The difference between CTP and modified CTP is that in CTP mode the BTI duration without
traffic is recorded in the envelope, whereas in modified CTP mode the BTI duration without
traffic is not recorded in the envelope. In DTP mode, one envelope is generated for one BTI.
4.10 DPI
Through the deep packet inspection (DPI) technology, the GGSN8911 can analyze the data of
the application layer protocols and obtain valuable information for service resolution and control.
With more and more services on the mobile network, operators require the gateway GPRS
support node (GGSN) to provide the content awareness function for content charging and
security control. Thus, operators can optimize services and improve network security.
The GGSN9811 supports the DPI function for the following protocols:
l
Point-to-Point (P2P)
The DPI function of the GGSN9811 can help operators to achieve the following functions:
l
Service resolution
Whether a user surfs the Internet through a browser or watches a movie on line, the traffic
is the basis of charging by operators. The DPI function can provide precise and detailed
information about the data volume and categorize data contents to apply different tariffs.
The result of service resolution can also be used as the reference for resource allocation by
operators. The GGSN9811 can accurately analyze packets of various protocols and perform
different processing accordingly.
Service control
Through deep inspection of data and analysis of service types, operators can provide
different service combinations for different users and filter out forbidden services.
4-20
Issue 01 (2009-05-26)
Captive portal
Captive portal means that the browsing requests of users are redirected to the portal server
through the Hypertext Transfer Protocol (HTTP) redirection mode. It is mainly used for
consumption prompts, advertisement launch, and personal portals.
Personal portals enables users to manage user information, and the management includes
the service subscription, account management, and fee management.
When a user starts a Hypertext Transfer Protocol (HTTP) request, the GGSN9811 redirects
the user requested uniform resource locator (URL) to the URL of the captive portal based
on the portal configuration about the user. Thus, the user can visit multiple services through
the personal portal.
Web proxy
To speed up browsing, the GGSN9811 can redirect the IP address of the page requested by
a user to the IP address of a web proxy cache server. The user requested page can be cached
on the cache server to achieve network acceleration.
4.13 PCC
The GGSN9811 supports the policy and charging control (PCC) feature and provides a PCC
solution.
With the rapid development of IP-based networks, packet networks will become basic platforms
for future services. Therefore, operators impose higher requirements on service awareness,
service control, and charging of the packet networks. The SBLP, FBC, and PCC features can
satisfy the requirements of the operators.
Based on the PCC feature, operators can perform unified and multi-dimension policy
deployment and control in network operation, thus preventing channellized services and
Issue 01 (2009-05-26)
4-21
enhancing competitiveness by optimizing network resource usage and improving network user
experience.
The GGSN9811 supports the following PCC functions:
l
Static PCC control: Where PCRF is not deployed, all policies are implemented by the Policy
and Charging Enforcement Function (PCEF) according to the local static configuration.
Dynamic PCC control: Where AF may exist after PCRF is deployed, all services
dynamically generate PCC rules for scheduling and charging based on their own QoS
requirements and subscription data.
4.14 MBMS
This describes the multimedia broadcast/multicast service (MBMS) of the GGSN9811. The
MBMS is defined by the 3rd Generation Partnership Project (3GPP) for unidirectional point-tomultipoint multimedia services.
The MBMS service can be a multimedia service that is broadcast to users in a cell through the
public channel on the air interface or a subscribed service that is multicast to users in a cell.
Thus, the air interface resources can be used efficiently. One of the applications of the MBMS
service is the mobile phone TV service. In addition, the services such as broadcast download
and MTV interaction are supported.
The MBMS service is the unidirectional point-to-multipoint multimedia service that allows
sending data from one source entity to multiple receivers, downloading the same data by multiple
mobile users, and sharing network resources. This service can be widely used in wireless
networks.
Huawei GGSN9811 supports the MBMS service in broadcast mode. The broadcast mode refers
to unidirectional point-to-multipoint multimedia data transmission from a source entity to users
within a broadcast service area.
4.15 IPv6
The GGSN9811 supports basic IPv6 access function. It supports the IPv6 bearer on the user
plane but not the IPv6 features on the signaling plane.
IPv6 is developed on the basis of IPv4. It has new features such as adequate address spaces,
higher security, and better support of mobility and QoS. IPv6 lays a sound foundation for
sustainable development of the IP network.
IPv6 is introduced to the 3GPP in R5 stage. In R5 stage, the IMS is carried by IPv6. The RNC,
SGSN, and GGSN are interconnected by IPv4 or IPv6. User terminals support dual IPv4/IPv6
protocol stacks so that they can access IPv4/IPv6 services.
At present the GGSN9811 supports basic IPv6 access function. It supports the IPv6 bearer on
the user plane but not the IPv6 features on the signaling plane. That is, the GGSN9811 is still
in the IPv4 network and it is connected to the SGSN and the public data network (PDN) through
the IPv4 network. The uplink IPv6 packets of the user are encapsulated in the IPv4+GTP packets
by the SGSN and sent to the GGSN9811. The GGSN9811 decapsulates the GPRS Tunneling
Protocol (GTP) packets and extracts the IPv6 packets. Then, the IPv6 packets are forwarded to
the IPv6 gateway through the IPv4 tunnel according to the system configuration. The IPv6
gateway finally carries out the routing forwarding or protocol translation (IPv6/IPv4 translation)
4-22
Issue 01 (2009-05-26)
of the IPv6 packets. For downlink packets, when the GGSN9811 determines that a user type is
IPv6, it decapsulates the packets and extracts the IPv6 packets. Then, the GGSN9811 carries
out GTP encapsulation and delivers the packets to the SGSN.
This function enables the following services:
l
NTP function
As an NTP client, the GGSN9811 can enable network time synchronization with the NTP
server.
SNMPV1/V2/V3 protocol
The SNMP is used to manage nodes in the network community. It aims to ensure the
transmission of management messages between any two network elements (NEs). The
network administrator can search information on any node to modify information, locate
faults, plan the network capacity, and generate reports.
Issue 01 (2009-05-26)
4-23
5 Reliability
Reliability
Issue 01 (2009-05-26)
5-1
5 Reliability
The hardware platform of the GGSN9811 is derived from Huawei Universal Switching
Router (USR). The design of the USR complies with the mature telecommunication
industry standards. The USR hardware is of a compact structure, and the GGSN9811 is a
network switching device for carrier-class operators.
The DMPU subcards can work in load-sharing mode. Therefore, when one DMPU subcard
is faulty, the other DMPU subcard takes over all services, and the system triggers a fault
alarm. If the DMPU subcards are required but unavailable or if the DMPU subcards are
overloaded, the system triggers an alarm.
The power system adopts the double channel -48 V power supply mode. The load sharing
function is realized through two channels of power supply.
Over-voltage and over-current protection measures are taken for the board power input and
external interfaces. The measures comply with ITU-T G.703 Recommendation Annex B
and related specifications.
Traffic control
The GGSN9811 automatically checks whether system load is greater than expected, and
then takes different traffic control measures based on the overload extent. Therefore, the
GGSN9811 does not break down when it is processing a large amount of traffic or when
it is under attack. The GGSN9811 can also be quickly restored to the normal state to ensure
stable operation.
5-2
Issue 01 (2009-05-26)
5 Reliability
When the main software failure, the system get standby software and reboot system.
l
CDR cache
The GGSN9811 can cache charging data records (CDRs). When the communication
between the GGSN9811 and the charging gateway (CG) fails, if the CG does not respond
after the CDRs are sent many times, the GGSN9811 caches the CDRs on the hard disk of
the Switching Route Unit (SRU). After the communication between the GGSN9811 and
the CG recovers, the GGSN9811 sends the cached CDRs to the CG.
Hot patch
The uploaded hot patches take effect after being activated. That is, you need not restart the
GGSN9811. Thus, reliable software running is guaranteed.
Patch rollback
If patch is loaded by mistake or the previous patch is preferred, you can roll back the patches
in the current state to the latest version in which patches are in the running state.
Route backup and route load sharing: Single point failure can be avoided during networking
to provide a highly reliable network.
Eth-trunk: The GGSN9811 can bind multiple physical interfaces to one Eth-trunk interface,
which works as an ordinary physical interface. The bound interfaces can send traffic in
active/standby mode or load-sharing mode. Thus, services are not interrupted if one
interface fails.
Address Resolution Protocol (ARP) probe: Switchover between the active and the standby
interfaces occurs on the Eth-trunk interface or Eth-trunk sub-interface to enhance Layer 2
networking reliability when all of these conditions are met: The active physical interface
is normal but the link fails; the ARP probe function is enabled on the GGSN9811; the
GGSN9811 fails to probe the peer device through the active interface.
The security socket layer (SSL) function is supported. In this case, the data between the
M2000 and the GGSN9811, and the data between the LMT and GGSN9811 is secured.
The automatic rollback function is supported. If the upgrade fails, the version is
automatically rolled back to the previous one. As a result, the service restoration time is
greatly shortened in the case of the remote upgrade fails. Before the automatic rollback
function is supported, if the remote upgrade fails, all services on the remote GGSN9811
are stopped. Then, maintenance engineers must manually restore the services at the remote
office. During the restoration process, all subscribers cannot access the network.
Issue 01 (2009-05-26)
5-3
Issue 01 (2009-05-26)
6-1
6.1 OM System
This describes the operation and maintenance (OM) system of the GGSN9811. The OM system
of the GGSN9811 is of the client/server architecture.
Figure 6-1 shows the structure of the GGSN9811 OM system.
Figure 6-1 Structure of the GGSN9811 OM system
6.1.1 BAM
This describes the back administration module (BAM). The BAM is the server based on the
Transmission Control Protocol/Internet Protocol (TCP/IP). The BAM of the GGSN9811 is
integrated on the Switching Route Unit (SRU).
6.1.2 LMT
This describes the local maintenance terminal (LMT). the LMT serves as the client and is
connected to the back administration module (BAM) based on the Transmission Control
Protocol/Internet Protocol (TCP/IP).
6.1.3 M2000
This describes the M2000. The M2000 is a mobile network management system (NMS) in
Huawei iManager network management solution.
6-2
Issue 01 (2009-05-26)
6.1.1 BAM
This describes the back administration module (BAM). The BAM is the server based on the
Transmission Control Protocol/Internet Protocol (TCP/IP). The BAM of the GGSN9811 is
integrated on the Switching Route Unit (SRU).
l
Receiving connection requests from the client to establish connections, and analyzing and
processing commands from the client
Receiving connection requests from the host through the local bus to establish connections
and realize the communication between the BAM and the host, and processing data loading
requests and alarms from the host
NOTE
In spite of the loss or error of BAM files, the M2000 can interwork with the GGSN9811 and restore the
BAM.
6.1.2 LMT
This describes the local maintenance terminal (LMT). the LMT serves as the client and is
connected to the back administration module (BAM) based on the Transmission Control
Protocol/Internet Protocol (TCP/IP).
The LMT supports the command line interface (CLI) mode and the graphic user interface (GUI)
mode. The LMT can be used to configure the device, trace messages, manage the system
performance, manage alarms, and manage logs. The LMT provides interfaces to connect the
alarm box to provide audible and visual alarms.
The LMT can be accessed by dialing through the public switched telephone network (PSTN).
Then, the LMT performs the operation and maintenance (OM) function.
6.1.3 M2000
This describes the M2000. The M2000 is a mobile network management system (NMS) in
Huawei iManager network management solution.
The M2000 communicates with the GGSN9811 through the Transmission Control Protocol/
Internet Protocol (TCP/IP). The M2000 is composed of the M2000 server and multiple M2000
clients.
The local maintenance terminal (LMT) can be integrated into the M2000. Thus, the LMT can
achieve uniform management and browsing of devices in the entire network through the topology
management function provided by the M2000. The LMT and the M2000 are in the loose coupling
relationship. The LMT is dedicated to management only on the GGSN9811, whereas the M2000
performs the public management such as topology management and fault management for
devices in the entire network.
6.2 OM Function
This describes the operation and maintenance (OM) functions of the GGSN9811. The
GGSN9811 provides the OM functions such as configuration management, message tracing,
performance management, alarm management, and log management.
6.2.1 Configuration Management
Issue 01 (2009-05-26)
6-3
This describes the configuration management function of the GGSN9811. The configuration
management function is performed by the command line interface (CLI) commands provided
in the local maintenance terminal (LMT) of the GGSN9811.
6.2.2 Message Tracing
This describes the message tracing function of the GGSN9811. The message tracing function
of the GGSN9811 is performed in the maintenance window of the local maintenance terminal
(LMT).
6.2.3 Performance Management
This describes the performance management function of the GGSN9811. The performance
management function of the GGSN9811 is realized through the centralized performance
management module of the M2000 and the Performance Browser Tool of the local maintenance
terminal (LMT).
6.2.4 Alarm Management
This describes the alarm management function of the GGSN9811. The alarm management
function of the GGSN9811 is realized through the alarm management system of the local
maintenance terminal (LMT) or the centralized fault management system of the M2000.
6.2.5 Log Management
This describes the log management function of the GGSN9811. Logs can be classified into user
operation logs, system operation logs, and security logs based on contents.
Issue 01 (2009-05-26)
Issue 01 (2009-05-26)
6-5
7 Technical Specifications
Technical Specifications
Issue 01 (2009-05-26)
7-1
7 Technical Specifications
Specification
5000000
50 Gbit/s
3 Gbit/s
3000
4000
20000
4000
Specification
Cabinet
N68E-22
Height: 2200 mm
Dimensions
Width: 600 mm
Depth: 800 mm
7-2
Load-bearing capacity
Power input
-48 V DC to -60 V DC
Typical power
consumption of subrack
Issue 01 (2009-05-26)
7 Technical Specifications
Item
Specification
Specification
3%
Availability
99.999%
MTBF
18.35 years
MTTR
1 hour
< 5 minutes
< 5 seconds
< 5 minutes
< 6 minutes
< 10 minutes
UL60950-1
IEC 60950-1
EN60950-1
GB4943
7-3
7 Technical Specifications
l
EN55022
CISPR22
IEC 61000-4-2
IEC 61000-4-3
IEC 61000-4-4
IEC 61000-4-5
IEC 61000-4-6
IEC 61000-4-29
Climatic Requirements
Table 7-4 Climatic requirements for equipment storage
7-4
Item
Specification
Temperature
-40C to +70C
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
Issue 01 (2009-05-26)
7 Technical Specifications
Item
Specification
1C/min
Relative humidity
10% to 100%
Altitude
3000 m
Air pressure
Climatic Requirements
Table 7-5 Climatic requirements for equipment transportation
Item
Specification
Temperature
-40C to +70C
3C/min
Relative humidity
10% to 100%
Altitude
3000 m
Air pressure
Sub-item
Specification
Sinusoidal
vibration
Offset
7.5 mm
Accelerated
speed
20.0 m/s
40.0 m/s
Frequency
range
2 Hz to 9 Hz
9 Hz to 200 Hz
200 Hz to 500
Hz
Acceleration
spectrum
density (ASD)
10 m/s
3 m/s
1 m/s
Random
oscillation
Issue 01 (2009-05-26)
7-5
7 Technical Specifications
Item
Unsteady state
impact
Sub-item
Specification
Frequency
range
2 Hz to 9 Hz
Impulse
response
spectrum II
300 m/s
Static payload
10 kPa
9 Hz to 200 Hz
200 Hz to 500
Hz
NOTE
l Impact response spectrum refers to the maximum acceleration response curve generated by the
equipment under specified impact excitation. Impulse response spectrum II means that the duration of
half-sine impulse response spectrum is 6 ms.
l Static payload refers to the capability of the equipment in package to bear the pressure from the top in
Climatic Requirements
Table 7-7 Requirements for temperature and humidity in the running environment
Temperature
Relative Humidity
5C to 45C
-5C to +50C
5% to 85%
5% to 95%
NOTE
l The values are measured 1.5 m above the floor and 0.4 m in front of the equipment, without protective
Table 7-8 Requirements for other climatic factors in the running environment
7-6
Item
Specification
Altitude
3000 m
Air pressure
5C/h
Issue 01 (2009-05-26)
7 Technical Specifications
Sub-item
Specification
Sinusoidal vibration
Offset
5.0 mm
Accelerated speed
2.0 m/s
Frequency range
5 Hz to 62 Hz
62 Hz to 200 Hz
Impulse response
spectrum II
50 m/s
Static payload
Unsteady state
impact
NOTE
l Impact response spectrum refers to the maximum acceleration response curve generated by the
equipment under specified impact excitation. Impulse response spectrum II means that the duration of
half-sine impulse response spectrum is 6 ms.
l Static payload refers to the capability of the equipment in package to bear the pressure from the top in
Issue 01 (2009-05-26)
7-7
8 Installation
Installation
Issue 01 (2009-05-26)
8-1
8 Installation
System Expansion
The GGSN9811 supports the following modes of capacity expansion without interrupting
ongoing services:
l
System Upgrade
Switching over the active and standby boards and upgrading them separately can upgrade the
GGSN9811 without interrupting ongoing services or changing data configuration.
8-2
Issue 01 (2009-05-26)
Index
Index
A
security, 4-9
specification
EMC, 7-3
entire system, 7-2
performance, 7-2
reliability, 7-3
E
environmental requirements
running environment, 7-6
storage environment, 7-4
transportation environment, 7-5
G
GTP, 4-5
I
installation
system, 8-2
system expansion and upgrade, 8-2
L
LMT, 6-3
log management, 6-5
N
network interface
Ga, 1-10
Gi, 1-7
Gmb, 1-11
Gx, 1-11
Gy, 1-10
R
reliability
hardware, 5-2
networking, 5-3
software, 5-2
routing, 4-3
Issue 01 (2009-05-26)
i-1