Professional Documents
Culture Documents
V900R007
Product Description
Issue 01
Date 2009-03-31
Part Number
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the commercial contract made between
Huawei and the customer. All or partial products, services and features described in this document may not
be within the purchased scope or the usage scope. Unless otherwise agreed by the contract, all
statements, information, and recommendations in this document are provided “AS IS” without warranties,
guarantees or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Contents
5 Reliability............................................................................................................................... 5-1
5.1 Hardware Reliability .....................................................................................................................................5-1
5.2 Software Reliability ......................................................................................................................................5-2
5.3 Networking Reliability..................................................................................................................................5-3
5.4 Operation and Maintenance Reliability.........................................................................................................5-3
Index ...........................................................................................................................................i-1
Figures
Figure 1-3 Signaling plane protocol stack of the Gn/Gp interface .....................................................................1-6
Figure 1-4 User plane protocol stack of the Gn/Gp interface.............................................................................1-7
Figure 4-3 Example of IP over GTP and PPP over GTP ....................................................................................4-6
Tables
Table 1-5 Specifications for 1000M Ethernet SFP electrical interfaces (1000Base-X-SFP) ............................1-17
Table 1-6 Specifications for the 10G Ethernet optical interfaces (10GBase LAN/WAN-XFP) .......................1-18
Table 3-1 Main components in the GGSN9811 subrack.....................................................................................3-5
Table 7-6 Requirements for mechanical stress in the transportation environment .............................................7-5
Table 7-7 Requirements for temperature and humidity in the running environment ..........................................7-6
Table 7-8 Requirements for other climatic factors in the running environment .................................................7-6
Table 7-9 Requirements for mechanical stress in the running environment .......................................................7-7
Purpose
This document mainly describes the features, system architecture, services and functions,
operation and maintenance, reliability, technical specifications, and installation procedure of
the GGSN9811.
Related Versions
The following table lists the product version related to this document.
Intended Audience
This document is intended for:
Network planning engineer
Installation commissioning engineer
Data configuration engineer
Network monitoring engineer
Field maintenance engineer
Update History
Updates between document versions are cumulative. Therefore, the latest document version
contains all the updates made to previous versions.
Updates in Issue 01 (2009-03-31)
Initial field trial release
Organization
1 Overview
This provides an overview of the GGSN9811. The GGSN9811 serves as a gateway in the
general packet radio service/universal mobile telecommunications system (GPRS/UMTS)
packet core network and forwards packets between the mobile network and the packet data
network (PDN).
2 Product Features
This describes the features of the GGSN9811: carrier-class platform, high reliability, security,
large capacity, and customized operation and maintenance (OM) system.
3 System Structure
This describes the physical and logical structures of the GGSN9811.
4 Services and Functions
This describes the abundant services and functions provided by the GGSN9811. These
services and functions can meet various requirements for networking and services.
5 Reliability
This describes the advanced reliability design of the GGSN9811. The advanced reliability
design effectively ensures the normal operation.
6 Operation and Maintenance
This describes the easy operation and maintenance (OM) measures provided by the
GGSN9811. The OM measures include the local maintenance terminal (LMT) that integrates
graphical user interface (GUI) and command line interface (CLI), accessing Huawei M2000
and operation and maintenance center (OMC), and comprehensive online help.
7 Technical Specifications
This lists the technical specifications of the GGSN9811. The technical specifications consist
of performance specifications, entire-system specifications, reliability specifications, safety
standards, electromagnetic compatibility (EMC) specifications, and environment
requirements.
8 Installation
This describes the installation, upgrade, and expansion processes.
Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates a hazard with a high level of risk that, if not avoided,
will result in death or serious injury.
Symbol Description
Indicates a hazard with a medium or low level of risk which, if
not avoided, could result in minor or moderate injury.
General Conventions
Convention Description
Command Conventions
Convention Description
GUI Conventions
Convention Description
Keyboard Operation
Format Description
Key Press the key. For example, press Enter and press Tab.
Mouse Operation
Action Description
1 Overview
data network (PDN). It is located at the junction between the GPRS/UMTS packet core
network and the external PDN.
RAN CN-CS
HLR/Au SMS-GMSC/
C/EIR SMS-IWFMSC
GSM/GPRS BSS
MSC/VLR PSTN
GMSC ISDN
Firewall
NodeB RNC CG Internet
Intranet
SGSN GGSN etc
Core
Other PLMN
network
Firewall BG
DNS WAP AAA
DNS gateway server
CN-PS
AF
NPR
SGSN: serving GPRS support node GGSN: gateway GPRS support node
CG: charging gateway BG: border gateway
DNS: domain name server AAA: authentication, authorization and
accounting
BM-SC: broadcast/multicast service OCS/CCF: online charging system/credit control
center function
PCRF: policy and charging rule
function
As shown in Figure 1-1, the GPRS/UMTS network contains the following network elements
(NEs):
MS: An MS is a user's mobile device. It can launch and receive calls through an air
interface. To perform a data service, the MS sets up a logical link with the CN-PS
domain.
RAN: The RAN provides the functions related to wireless access.
CN-CS domain: The CS domain provides circuit type services. It also connects an MS to
an external CS network such as the public switched telephone network (PSTN).
CN-PS domain: The PS domain provides packet data services. It also connects an MS to
an external packet data network (PDN) such as the Internet.
The CN has evolved smoothly from the GPRS to the UMTS. The evolution of the RAN, however, is
revolutionary because of the fundamental change of air interfaces.
Huawei GPRS/UMTS CN-PS domain, consisting of the SGSN, GGSN, CG, and AAA server,
enables an MS to access an external PDN for packet data services and supplies charging
services.
The functions of the main NEs in Huawei GPRS/UMTS CN-PS domain are as follows:
SGSN
The SGSN is used to provide packet data services. It forwards incoming and outgoing IP
packets of the MSs in the service area. The SGSN performs the following functions:
IP packet routing and forwarding for all mobile users within the service area
Encryption and authentication
Session management
Mobility management
Logical link management
Generation and output of charging data records (CDRs), reflecting the usage of wireless
resources
GGSN
The GGSN is used to provide packet data services. The GGSN routes and encapsulates the
data packets between the GPRS/UMTS network and an external PDN. The GGSN performs
the following functions:
Acting as an interface to an external PDN: The GGSN acts as a gateway for MSs to
access an external PDN. The GGSN exchanges routing information for an external PDN.
The GGSN serves as a router for all IP addresses of users in the GPRS/UMTS network.
GPRS/UMTS session management: The GGSN sets up communication between MSs
and external PDNs.
Data receiving and processing: The GGSN receives data from MSs and routes the data to
an external PDN. The GGSN also receives data from the external PDN, and selects a
path in the GPRS/UMTS network to forward the data according to the destination
address. Then, the GGSN sends the data to the SGSN.
Abundant charging functions: The GGSN provides the functions of normal charging, hot
billing, content-based charging, and online charging.
CG
As a device in the GPRS/UMTS network, the charging gateway (CG) collects, merges, and
pre-processes the CDRs generated by the SGSN or the GGSN. The CG also provides an
interface to the billing center. When a GPRS/UMTS user accesses the Internet, several NEs
generate CDRs. Each NE may generate several CDRs. The CG merges and pre-processes the
CDRs, and then sends them to the billing center. Thus, the work load of the billing center is
reduced. If the CG is applied in the network, the SGSN and the GGSN are not required to
provide interfaces to the billing center.
AAA Server
The AAA server is used for authentication, authorization, and accounting. It complies with the
Remote Authentication Dial In User Service (RADIUS) protocol. The AAA server can also be
deployed in other networks besides the GPRS/UMTS network.
DNS
There are two types of DNS in the GPRS/UMTS network. One type is the DNS located
between the GGSN and an external PDN. It is used to resolve the domain name of the
external PDN, equivalent to a common DNS on the Internet. The other type is the DNS
located on the GPRS/UMTS core network. It is used to:
Perform domain name resolution to obtain the IP address of the GGSN based on the
access point name (APN) sent by the SGSN, thus establishing a communication channel
between the GGSN and an MS when the MS attempts to access the external PDN.
Obtain the IP address of the SGSN from the original routing area code when the routing
area between SGSNs is updated.
Obtain the IP address of the destination SGSN based on the new RNC ID during RNC
relocation.
The DNS can also be deployed in other networks besides the GPRS/UMTS network.
OCS
The OCS provides the CCF function. By enhancing the present OCS, credit control can vary
according to service type. The GGSN9811 can determine whether a user is an online charging
user. The OCS can perform rating, allocate quotas, and finally deduct the fees for online
charging users.
BM-SC
The BM-SC distributes the multimedia broadcast/multicast service (MBMS). Serving as the
transmission ingress of the MBMS services of content providers, the BM-SC can authenticate
the users within a public land mobile network (PLMN), initiate the bearer service, and
schedule and deliver the MBMS service.
PCRF
The PCRF is used for making policies and charging rules. It performs the following functions:
Receiving service information from the application function (AF)
Obtaining subscription information from the subscription profile repository (SPR)
Determining the policy and charging rule applied to a user
Providing the policy and charging enforcement function (PCEF) with the policy and
charging rule information
Gp
Gmb SGSN Gy
BM-SC OCS
Other PLMN
This describes the functions and the protocol stack of the Gi interface.
1.3.3 Ga Interface
This describes the functions and the protocol stack of the Ga interface.
1.3.4 Gy Interface
This describes the functions and the protocol stack of the Gy interface.
1.3.5 Gmb Interface
This describes the functions and the protocol stack of the Gmb interface.
1.3.6 Gx Interface
This describes the functions and the protocol stack of the Gx interface.
GTP-C GTP-C
UDP UDP
IP IP
L2 L2
L1 L1
GTP-U GTP-U
UDP UDP
IP IP
L2 L2
L1 L1
SGSN
Gn/Gp GGSN
/RNC
The GPRS Tunneling Protocol (GTP) contains the GTP control plane (GTP-C) and the GTP
user plane (GTP-U).
In the GTP-C plane, tunnels are created, modified, and deleted through signaling.
In the GTP-U plane, the tunneling mechanism is used to transfer user packets.
In the GTP user plane, the GGSN9811 supports GTPv0 and GTPv1 and allows the switchover
between GTPv0 and GTPv1. In the GTP signaling plane, the GGSN9811 supports only
GTPv0.
1.3.2 Gi Interface
This describes the functions and the protocol stack of the Gi interface.
Gi is the interface between the GGSN and the packet data network (PDN). The GGSN9811
supports two access modes for Internet Protocol (IP) users and Point-to-Point Protocol (PPP)
users.
IP Access
Figure 1-5 shows the protocol stack of the Gi interface for IP users.
IP IP
L2
Packet domain bearer
L1
GGSN
Gi
For IP users, the GGSN9811 provides two modes for mobile stations (MSs) to access the
external PDN, namely, transparent access mode and non-transparent access mode. Figure 1-6
and Figure 1-7 show the protocol stacks for the transparent access mode and the
non-transparent access mode, respectively.
Intranet Intranet
protocol protocol
IP IP IP IP
PPP PPP
Packet domain bearer L2 L2
or L2 or L2
TE MT GGSN Intranet
Gi
DHCP/ DHCP/
PPP/L2 PPP/L2 SM SM GTP-C GTP-C RADIUS RADIUS
UDP UDP
IP IP
PPP Access
Figure 1-8 shows the protocol stack of the Gi interface for PPP users.
e.g.
L2TP
PPP PPP-NCP
supported
UDP
protocol
or PPP
IP
L1
GGSN Gi
For PPP users, the GGSN9811 provides two modes for MSs to access the external PDN,
namely, PPP termination mode and PPP relay mode. Figure 1-9 and Figure 1-10 show the
protocol stacks for the PPP termination mode and the PPP relay mode, respectively.
DHCP/ DHCP/
RADIUS RADIUS
IP IP
Lower Lower
Phy.layer Packet domain bearer
layers layers
e.g.L2TP e.g.L2TP
IP IP
Lower Lower
Phy.layer Packet domain bearer
layers layers
GGSN
TE MT SGSN Gi LNS
(LAC)
1.3.3 Ga Interface
This describes the functions and the protocol stack of the Ga interface.
Ga is the interface between the GPRS support node (GSN) and the charging gateway
functionality (CGF). It runs the GTP' protocol to send charging data records (CDRs) that are
generated by a network element or functional entity to the CGF.
Figure 1-11 shows the protocol stack of the Ga interface.
G-CDRs G-CDRs
GTP' GTP'
UDP/TCP UDP/TCP
IP IP
L2 L2
L1 L1
GGSN Ga CGF
1.3.4 Gy Interface
This describes the functions and the protocol stack of the Gy interface.
Gy is the interface between the GGSN and the online charging system/credit control function
(OCS/CCF). It communicates based on the Diameter protocol and is used for online charging
control. The GGSN interacts with the OCS through the Gy interface to realize credit control
for content-based charging users and non-content-based charging users.
Figure 1-12 shows the protocol stack of the Gy interface.
IP / IPSec IP / IPSec
L2 L2
L1 L1
GGSN Gy OCS/CCF
L2 L2
L1 L1
1.3.6 Gx Interface
This describes the functions and the protocol stack of the Gx interface.
Gx is the interface between the GGSN and the policy charging rules function (PCRF). It
communicates based on the Diameter protocol. As the policy and charging enforcement
function (PCEF), the GGSN interacts with the PCRF through the Gx interface to realize
policy and charging control (PCC) function.
Figure 1-14 shows the protocol stack of the Gx interface.
Gx application Gx application
TLS TLS
TCP TCP
IP/IPSec IP/IPSec
L2 L2
L1 L1
GGSN Gx PCRF
Table 1-2 Quantities and functions of the physical interfaces on the GGSN9811
Quantity
Type Function
(Maximum)
10/100M
Physical interfaces to an external network or
auto-sensing
24 devices in the external network, such as the
Ethernet electrical
SGSN, PDN, AAA server, and CG
interfaces
1000M Ethernet
Physical interfaces to an external network or
GBIC optical
24 devices in the external network, such as the
interfaces
SGSN, PDN, AAA server, and CG
(1000BASE-GBIC)
1000M Ethernet
Physical interfaces to an external network or
GBIC electrical
24 devices in the external network, such as the
interfaces
SGSN, PDN, AAA server, and CG
(1000BASE-GBIC)
Physical interfaces to an external network or
10G Ethernet
1 devices in the external network, such as the
Optical Interfaces
SGSN, PDN, AAA server, and CG
The quantity in GGSN9811 refers to the quantity of a type of interfaces on one LPU.
Item Specification
Connector type RJ45
10/100M auto-sensing
Operating mode
Half duplex and full duplex
Maximum
100 m
transmission distance
Applied cable Enhanced category 5 shielded twisted pair
Standard compliance IEEE802.3z
Frame format Ethernet_II, Ethernet_SAP, and Ethernet_SNAP
Network protocol IP
Table 1-4 Specifications for 1000M Ethernet SFP optical interfaces (1000Base-X-SFP)
Item Specification
Connector
LC/PC
type
Operating
1000M full duplex
mode
Standard
complianc IEEE 802.3z
e
Frame
Ethernet_II, Ethernet_SAP, and Ethernet_SNAP
format
Network
IP
protocol
Maximum 0.5km 10km 40km 40km 80km 100km
transmissi
on
distance
Center 850nm 1310nm 1310nm 1550nm 1550nm 1550nm
wavelengt
h
Minimum –9.5dBm –9.5dBm –4.5dBm –4.0dBm –2.0dBm 0dBm
transmittin
g optical
power
Maximum –2.5dBm –3.0dBm 3.0dBm 1.0dBm 5.0dBm 5.0dBm
transmittin
g optical
power
Receiver –17.0dBm –20.0dBm –22.5dBm –21.0dBm –23.0dBm –30.0dBm
sensitivity
Overload 0dBm –3.0dBm –3.0dBm –3.0dBm –3.0dBm –9.0dBm
optical
power
Fiber type Multi-mod Single-mo Single-mo Single-mo Single-mo Single-mo
e de de de de de
Table 1-5 Specifications for 1000M Ethernet SFP electrical interfaces (1000Base-X-SFP)
Item Specification
Item Specification
Maximum transmission
100 m
distance
Applied cable Enhanced category 5 shielded twisted pair
Standard compliance IEEE802.3z
Frame format Ethernet_II, Ethernet_SAP, and Ethernet_SNAP
Network protocol IP
Table 1-6 Specifications for the 10G Ethernet optical interfaces (10GBase LAN/WAN-XFP)
Item Specification
Connector type LC/PC
Operating mode 10G full duplex
Standard
IEEE 802.3ae
compliance
Frame format Ethernet_II, Ethernet_SAP, and Ethernet_SNAP
Network
IP
protocol
Maximum 0.3 km 10 km 40 km 80 km
transmission
distance
Center 850 nm 1310 nm 1550 nm 1550 nm
wavelength
Minimum -7.3 dBm -6.0 dBm -1.0 dBm 0 dBm
transmitting
optical power
Maximum -1.3 dBm -1.0 dBm 2.0 dBm 4.0 dBm
transmitting
optical power
Receiver -7.5 dBm -11.0 dBm -15.0 dBm -24.0 dBm
sensitivity
Overload -1.0 dBm 0.5 dBm -1.0 dBm -7.0 dBm
optical power
Fiber type Multi-mode Single-mode Single-mode Single-mode
2 Product Features
standards. Developed on the basis of Huawei Versatile Routing Platform (VRP), the software
of the GGSN9811 inherits the integrated routing technology, IP quality of service (QoS),
virtual private network (VPN), and security technology of the VRP and perfects the functions
specific to applications in wireless telecommunication.
By means of the USR hardware platform that boasts high reliability and large data throughput
and the software platform that seamlessly integrates wireless telecommunication technologies
and data communication technologies, the GGSN9811 presents an ideal and flexible solution
for wireless data communication to network operators.
2.3 Security
This describes the security feature of the GGSN9811. The requirements for security is taken
into consideration for the design of the GGSN9811 and multiple measures are adopted to
protect profits of operators and end users.
The same as reliability, security is concerned by operators and end users. The requirements for
security is fully considered for the design of the GGSN and the following measures are taken:
User-Friendly GUI
The GUI helps to provide a user-friendly and convenient OM interface. Operations are
simplified through the graphic network topology view and device panel view. Frequent
operations can be performed by selecting items from the menu.
Message Tracing
The GGSN9811 allows signaling message tracing, data packet tracing, interface message
tracing, user message tracing, and message explanation.
Remote Management
The GGSN9811 supports various remote management functions, including online software
patching, online commissioning, remote maintenance, and dynamic data setting.
3 System Structure
3.1.1 Cabinet
This describes the N68E-22 cabinet. Its dimensions are 2200 mm (H) x 600 mm(W) x 800
mm (D).
The design of the cabinet complies with the International Electrotechnical Commission 297
(IEC297) and Institute of Electrical and Electronics Engineers (IEEE) standards. The modular
structure is used, thus facilitating the capacity expansion and maintenance. In addition, the
electromagnetic compatibility is fully considered in the design of the cabinet and
electromagnetic shielding interfaces are used.
Figure 3-1 shows the N68E-22 cabinet.
Firewall (3 U) Firewall (3 U)
Firewall (3 U) Firewall (3 U)
The GGSN9811 subrack must be available and the SRU, SFU, SPU, and LPU of the
GGSN9811 are inserted in this subrack.
3.1.2 Subrack
This describes the GGSN9811 subrack. The design of the GGSN9811 subrack complies with
the IEC297 standard. Its dimensions are 886.00 mm (H) x 442.00 mm (W) x 669.00 mm (D).
Figure 3-3 shows the subrack and Figure 3-4 shows the components installed in the subrack.
8
3
7
4
6
5
The GGSN9811 uses the integrated subrack design. Table 3-1 lists the main components in
the GGSN9811 subrack.
Component Description
Fan module It is covered with a plastic panel and is used to dissipate heat of the
GGSN9811.
Component Description
Power supply It is covered with a plastic panel. Each subrack must be equipped
module with two power supply modules that work in load-sharing mode.
The GGSN9811 provides only the DC power supply system.
Air intake frame It works with the fan module to dissipate heat of the GGSN9811.
Cable It consists of the internal cable set, fibers, and external cable set.
The internal cable set refers to power cables and signal cables.
3.1.3 Boards
This describes the boards of the GGSN9811. The GGSN9811 consists of four types of boards:
Switching Route Unit (SRU), Switching Fabric Unit (SFU), Service Processing Unit (SPU),
and Line Processing Unit (LPU).
The SRU is the core circuit board of system management. The SFU performs the service data
switching function of the entire system. The SPU performs the service processing function.
The LPU provides physical interfaces through which the GGSN9811 can be connected to
external network elements (NEs) or external networks.
The board slots are vertical. There are 12 board slots, and thus up to 12 boards can be inserted.
The configuration principle of boards is as follows:
Two SRUs must be inserted in slots 9 and 10.
Two SFUs must be inserted in slots 11 and 12.
Based on actual requirements, insert one, two, three or four LPUs. For the cabling
convenience of the cabinet, slots 1, 2, 3 and 4 are reserved for LPUs.
Based on actual requirements, insert two to six SPUs. The two adjacent SPUs are one
pair. The pairs of SPUs can be inserted in slots 3 and 4, slots 5 and 6, and slots 7 and 8.
Figure 3-5 shows a typical layout of boards in the GGSN9811 subrack.
1 2 3 4 9 11 10 5 6 7 8
SFU
LPU LPU SPU SPU SRU SRU SPU SPU SPU SPU
SFU
1 2 3 4 9 12 10 5 6 7 8
SRU
The SRUs control and manage the system in a centralized manner and they work in 1+1
backup mode. Serving as the clock source and the management and maintenance unit of the
system, the SRUs provide the functions of the control plane and the system maintenance plane.
The SRUs are composed of the main processing units (MPUs) and SFU modules. The two
SFU modules on the two SRUs and two SFUs work in load-sharing mode.
SFU
The SFUs support quick data exchange. Working in load-sharing mode, the SFUs can support
640 Gbit/s (160 Gbit/s x 4) switching traffic.
The GGSN9811 is equipped with two SFUs, and two SFU modules are located on the two
SRUs.
SPU
The SPUs perform functions such as service control, user packet forwarding, charging
information collection, quality of service (QoS), and content parse. The SPUs can be
configured to work in 1+1 backup mode or load-sharing mode. The operating mode failover is
controlled by the bam.ini file.
LPU
The LPUs provide physical interfaces through which the GGSN9811 can be connected to NEs
such as the serving GPRS support node (SGSN), authorization, authentication and accounting
(AAA) server, and charging gateway (CG) or connected to external networks such as the
packet data network (PDN). The trunk operating mode of physical interfaces can be
configured to work in either 1+1 backup mode or load-sharing mode.
At present, the GGSN9811 can provide the following types of LPUs:
The LPUs are composed of three modules: LPU module, switching network fabric adaptor
(FAD) module, and physical interface card (PIC) module.
The three modules work together to process and forward service data quickly. In addition,
they maintain and manage link protocols and forwarding information base (FIB) tables.
AM
OM CM
LMT
SM
PS
AM
This module performs functions such as user access control, user authentication and
authorization, address assignment, and Packet Data Protocol (PDP) context management.
In addition, the GGSN9811 enables multiple user access modes.
CM
This module processes charging protocols and manages charging data records (CDRs).
In addition, the CM system works with external charging gateways (CGs) and external
charging systems to charge users.
SM
This module obtains and controls policies of user data flows.
PS
This module distributes and processes signaling packets and data packets of the
GGSN9811; it works with the relevant modules to implement charging and service
control; it performs functions such as system support and routing.
OM
This module performs OM functions such as data configuration management, device
management, performance management, alarm management, and security management.
LMT
This module provides graphical user interfaces (GUIs).
This describes the security function of the GGSN9811. The GGSN9811 supports the
realization of multiple security policies.
4.8 QoS
This describes the quality of service (QoS) function supported by the GGSN9811.
4.9 Charging
This describes the charging function of the GGSN9811. The GGSN9811 can provide
abundant charging functions and enable operators to charge users flexibly.
4.10 DPI
Through the deep packet inspection (DPI) technology, the GGSN8911 can analyze the data of
the application layer protocols and obtain valuable information for service resolution and
control.
4.11 Service Redirection
This describes the service redirection function of the GGSN9811. The GGSN9811 supports
two types of service redirection functions, that is, captive portal and web proxy.
4.12 Service Report
This describes service report function of the GGSN9811. The GGSN interworks with an
external Service Usage Reporter (SUR) to implement the service report function. The GGSN
collects service data records and sends the records to the SUR. The SUR analyzes the records
and generates service reports.
4.13 PCC
The GGSN9811 supports the policy and charging control (PCC) feature and provides a PCC
solution.
4.14 MBMS
This describes the multimedia broadcast/multicast service (MBMS) of the GGSN9811. The
MBMS is defined by the 3rd Generation Partnership Project (3GPP) for unidirectional
point-to-multipoint multimedia services.
4.15 IPv6
The GGSN9811 supports basic IPv6 access function. It supports the IPv6 bearer on the user
plane but not the IPv6 features on the signaling plane.
4.16 Other Services and Functions
This describes the other services and functions of the GGSN9811. The GGSN9811 supports
multiple IP address assignment modes and the Network Time Protocol (NTP) function, and
the Simple Network Management Protocol (SNMP) V1/V2/V3.
4.1 Routing
This describes the routing function of the GGSN9811. The GGSN is a gateway between the
GPRS/UMTS network and the packet data network (PDN). For the devices in the PDN, the
GGSN is a router that can route the IP addresses of all users in the GPRS/UMTS network.
The GGSN9811 supports the following main routing technologies:
Static routing
Default routing
RIPv1/v2
OSPFv2
IS-IS
BGP-4
Routing policy
Route backup
MS downlink route distribution
4.2 APN
This describes the access point name (APN) function of the GGSN9811. The APN is a
network identifier defined by the general packet radio service/universal mobile
telecommunications system (GPRS/UMTS).
The GGSN must be configured with an APN and the related attributes based on the packet
data network (PDN) to be accessed. Thus, mobile stations (MSs) under the APN can be
connected to the PDN. The GPRS/UMTS core network identifies a GGSN with an APN. An
APN identifies an external PDN that is connected through the GGSN, or an associated service.
The external PDNs include the Internet service provider (ISP) network and the intranet. The
services include the Internet access service and the Wireless Application Protocol (WAP)
service.
In addition to the basic functions of the APN, the GGSN9811 provides the virtual APN
function. By means of the virtual APN function, users who visit different PDNs can carry the
same APN. This APN acts as the virtual APN. Based on the different matching types
configured for the virtual APN, the GGSN9811 finds the actual APNs, and then enables the
users to access the proper PDNs. The virtual APN function settles the problem of poor service
flexibility of operators, optimizes network resources, and betters service experience of users.
The GGSN9811 also provides the alias APN function. To map the services of an APN to
another APN, operators can map the user-carried APN to an alias APN but need not modify
the planning and configuration of APNs. Different APNs can correspond to the same system
resources, facilitating distribution and combination of system resources.
Transparent Access
In transparent access mode, operators serve as Internet service providers (ISPs) and provide
universal mobile telecommunications system/general packet radio service (UMTS/GPRS)
users with services such as email application and web browsing.
Figure 4-1 shows an example of the transparent access mode. The operator's IP network can
hold devices such as the world wide web (WWW) server, email server, and domain name
server (DNS). A firewall is set at the connection point with the external network to shield the
network from unauthorized access.
WWW server
Gi
GGSN Firewall/Proxy
Operator's
network
In transparent mode, the IP address assigned to the mobile user is one of the IP addresses of
the operator. The IP address can be a static IP address that is assigned when a mobile user
subscribes to a service and signs a subscription or a dynamic IP address that is assigned by the
GGSN when the Packet Data Protocol (PDP) context is activated.
The dynamic IP address can be an IP address in the internal IP address pool that is assigned to
the access point (AP) through data configuration. It can also be a dynamic IP address assigned
by the authentication, authorization and accounting (AAA) server or the Dynamic Host
Configuration Protocol (DHCP) server.
When the PDP context is activated, the MS may not carry the user identity and the GGSN
may not perform authorization or authentication for the user identity. In transparent mode,
based on the requirements of operators, the GGSN can perform authorization and
authentication for the user identity.
Non-Transparent Access
This mode is used when operators do not serve as ISPs.
Figure 4-2 shows an example of the non-transparent access mode.
AAA
Firewall server Server
Gi
GGSN Intranet
GPRS/UMTS
core network AAA WWW
server server
Internet
Email server DNS
ISP
In non-transparent access mode, the IP address assigned to the mobile user is one of the IP
addresses of the ISP or the intranet. The IP address can be a static IP address that is assigned
when the mobile user subscribes to a service and signs a subscription or a dynamic IP address
that is assigned by the GGSN when the PDP context is activated.
The dynamic IP address can be an IP address in the internal IP address pool of the GGSN. It
can also be a dynamic IP address assigned by the AAA server or the DHCP server.
When the PDP context is activated, the MS must carry the user identity and authentication
information. After receiving the activation request from the MS, the GGSN forwards the
request to the AAA server. The AAA server authenticates and authorizes the user identity.
4.4 GTP
This describes the GPRS Tunneling Protocol (GTP) function of the GGSN9811. GTP tunnels
are used to forward data between the SGSN and the GGSN.
4.4.1 GTP Tunnel
This describes the GPRS Tunneling Protocol (GTP) tunnel function of the GGSN9811. The
GTP tunnel is used to forward data between the SGSN and the GGSN.
4.4.2 GTP Signaling Function
This describes the GPRS Tunneling Protocol (GTP) signaling function of the GGSN9811. The
GTP signaling function consists of tunnel management and path management.
4.4.3 IP over GTP and PPP over GTP
This describes two Packet Data Protocol (PDP) types, namely, IP (IPv4 and IPv6) over GTP
and PPP over GTP, supported by the GGSN9811.
NodeB
L2TP
SGSN GGSN
IP/PPP
RNC
NodeB Intrenet Intranet
LNS
PCU DNS
BTS BSC
In the intranet, PPP over GTP can enable enterprises to use the existing virtual private
network (VPN) gateways in fixed networks. The enterprises need not modify configuration or
networking. Thus, users in fixed networks and mobile networks can be managed in a unified
manner. In addition, for PPP over GTP, L2TP tunnels can be set up or removed in real time.
Only the VPN tunnels that are based on the Generic Routing Encapsulation (GRE) protocol
can be used because IP over GTP is used in the intranet. Thus, the VPN gateways in the
intranet must set up tunnels with all the GGSNs in advance. The configuration is relatively
complex.
AAA
server
Packet network
IP IP IP IP
Physical Physical Physical Physical
layer layer layer layer
MS GGSN LNS Server
protocol stack
IP over GTP and PPP over GTP are two basic functions stipulated in the 3rd Generation
Partnership Project (3GPP). PPP over GTP is supported by some mobile phones and most
mobile phones support only IP over GTP. Intranet users hope to access the intranet through
existing LNS and AAA servers without changing the existing network structure and
configuration. Huawei GGSN9811 provides the PPP regeneration solution to meet these
requirements, as shown in Figure 4-4. The GGSN9811 can negotiate with the LNS and set up
PPP sessions based on user information such as the user name and password in user activation
requests. After setting up PPP sessions, the GGSN9811 PPP encapsulates IP packets for PPP
relay. Then, the start and end points of PPP are the GGSN9811 and the LNS, respectively.
The development of 3G services and application of the High-Speed Packet Access (HSPA)
technologies present higher requirements on the processing capability in the user plane in the
packet-switched (PS) domain of the wideband code division multiple access (WCDMA) core
network. In two-tunnel mode, the GPRS Tunneling Protocol-User plane (GTP-U) tunnel
between the RNC and the GGSN is divided into the tunnel between the RNC and the SGSN
and the tunnel between the SGSN and the GGSN. Therefore, the processing capability in the
user plane on the network elements (NEs) such as the RNC, SGSN, and GGSN must be
improved, thus increasing the capital expenditure (CAPEX) and operation expenditure (OPEX)
of operators.
The 3rd Generation Partnership Project (3GPP) provides the direct-tunnel mode for
establishing a direct GTP-U tunnel between the RNC and the GGSN. This mode decreases the
CAPEX and OPEX of operators, improves the performance in the user plane in the PS
domain of the WCDMA core network, and facilitates future network expansion.
4.6 VPN
This describes the virtual private network (VPN) service provided by the GGSN9811. The
GGSN9811 supports tunneling technologies such as multi-protocol label switch (MPLS),
Generic Routing Encapsulation (GRE), and Layer 2 Tunneling Protocol (L2TP). An operator
can select a suitable security solution to set up a virtual private network (VPN).
A private network based on the public packet-switched network is set up to enable mobile
users to access an intranet. This saves the cost for leasing expensive private lines. The VPN
features security, reliability, and manageability.
On a GPRS/UMTS network, by means of remote user authentication and tunnel data
encryption technologies, a mobile station (MS) can access an intranet securely and reliably
through a private tunnel between the GGSN and the enterprise VPN gateways.
MPLS L3 VPN
The MPLS L3 VPN provides the VPN through the IP backbone network of a service provider.
It uses the Border Gateway Protocol (BGP) to advertise VPN routes on the IP backbone
network to separate the traffic of different VPN members. Then, the MPLS is used to forward
VPN packets on the IP backbone network. The GGSN9811 supports the MPLS L3 VPN and
complies with IETF RFC2547.
L2TP VPN
The L2TP tunnel is a Layer 2 tunneling technology. It uses the IP network to set up an L2TP
tunnel and encapsulates data into Point-to-Point Protocol (PPP) packets for delivery through
the L2TP tunnel. The GGSN9811 provides the L2TP access concentrator (LAC) function. It
can also set up the VPN through the L2TP tunnel to transmit Packet Data Protocol packet data
units (PDP PDUs). The L2TP tunnel complies with RFC2661 regardless of whether the type
of the PDP PDU is PPP or IP.
GRE VPN
The GRE tunnel is based on the Layer 3 tunneling technology, which enables encapsulation of
one network layer protocol over another network layer protocol. The GGSN9811 supports the
GRE tunneling technology. Through GRE, the IP network protocol can be used to transmit
packets of upper layer protocols to realize the VPN function. The GRE tunnel complies with
RFC1702 and RFC1701.
VLAN VPN
The virtual local area network (VLAN) is a new technology to realize virtual working groups
by dividing network segments based on the logical addresses instead of the physical addresses
of the devices in a LAN. The IEEE issued the 802.1Q to standardize VLAN realization in
1999. The GGSN9811 can divide a physical interface into sub-interfaces and specify VLAN
IDs for these sub-interfaces, and thus the VLAN VPN is supported.
4.7 Security
This describes the security function of the GGSN9811. The GGSN9811 supports the
realization of multiple security policies.
4.7.1 Protocol Security Authentication
This describes the protocol security authentication. Security authentication refers to
authenticating received packets or determining whether user access is allowed.
4.7.2 IPSec
This describes IP Security (IPSec). The IPSec protocol suite is a series of protocols defined by
the Internet Engineering Task Force (IETF). It provides IP data packets with high-quality,
interoperable, and cryptology-based security.
4.7.3 Packet Filtering and ACL
This describes the functions of packet filtering and the access control list (ACL).
4.7.4 Gi Interface Redirection
This describes the Gi interface redirection function. The Gi interface redirection function can
prevent packet attacks between the users in one GGSN.
4.7.5 Anti-DDoS Protection
This describes how to prevent the distributed denial of service (DDoS) attack. The DDoS
attack is generated based on the denial of service (DoS) attack. In a DDoS attack, the
controlled network terminals attack a public port simultaneously. The damage is severe.
4.7.6 Anti-spoofing
This describes the anti-spoofing function of the GGSN9811.
4.7.7 SSL
(RIP) v2, Open Shortest Path First (OSPF), Intermediate System to Intermediate System
(IS-IS), and Border Gateway Protocol (BGP).
4.7.2 IPSec
This describes IP Security (IPSec). The IPSec protocol suite is a series of protocols defined by
the Internet Engineering Task Force (IETF). It provides IP data packets with high-quality,
interoperable, and cryptology-based security.
The devices can ensure confidentiality, integrity, authenticity, and anti-replay for data packets
when packets are transmitted on the network through encryption and data source
authentication at the IP layer.
By means of the Authentication Header (AH) and Encapsulating Security Payload (ESP)
security protocols, IPSec can address the security concerns. IPSec can also automatically
negotiate key exchange, and set up and maintain security associations (SAs) through Internet
Key Exchange (IKE) to simplify the use and management of IPSec.
The GGSN9811 supports IPSec on the Gi and Gn interfaces to authenticate or encrypt data
flows to ensure security of data packets.
The GGSN9811 supports the following IPSec functions:
Realizing Message Digest 5 (MD5) and Secure Hash Algorithm-1 (SHA-1)
authentication algorithms
Realizing data encryption standard (DES), 3DES, and advanced encryption standard
(AES) encryption algorithms
Supporting two IPSec modes: transmitting mode and tunneling mode
Realizing the AH and ESP protocols and supporting binding of AH and ESP
Realizing manual configuration of SAs or automatic negotiation of SAs through IKE
Supporting application of the IPSec policy on Generic Routing Encapsulation (GRE)
tunnels to encrypt tunnel packets
Supporting the dead peer detection (DPD) function of IPSec tunnels
Realizing the IPSec VPN by binding virtual routing and forwarding (VRF) with the
interface where the IPSec is enabled
Supporting the IPSec tunnel interface mode
Supporting the IPSec redundancy function when the IPSec tunnel interface mode is
adopted
Supporting license control on enabling or disabling the IPSec function
For example, the traffic classification rules can define the data flow that accesses the
core network element (NE) based on the destination IP address.
Preventing mutual access between MSs
The packet filtering policy can also be enabled on the GGSN to discard the packets
transmitted between MSs. For example, the traffic classification rules can define the data
flow between MSs based on the source IP address and the destination IP address.
4.7.6 Anti-spoofing
This describes the anti-spoofing function of the GGSN9811.
Generally, users communicate through their authorized IP addresses. Those who borrow IP
addresses of other users are mostly to perform illegal acts. The anti-spoofing function can
detect and discard the packets that are transferred through IP addresses of other users, thus
ensuring the security of the core network.
On the GGSN, the application of anti-spoofing is as follows:
If the source IP address of the uplink packet from a mobile user is different from the IP
address assigned to the mobile user, the GGSN regards this packet as a spoofing packet.
If the source IP address and destination IP address of the downlink packet from the
packet data network (PDN) are the same, the GGSN considers this packet as an
abnormal packet.
The GGSN computes the total number of spoofing packets in each PDP context within one
minute. If the total number exceeds the threshold, the GGSN deletes the PDP context, and
then deactivates the user.
4.7.7 SSL
SSL provides three security services:
Identity authentication
Identity authentication means checking whether the peer end is really the one with which
you want to communicate. SSL authenticates the server and the client based on digital
certificates to confirm that they are legitimate users. Both the client and the server have
an identifier, which is numbered with the public key. To verify that a user is legitimate,
SSL implements digital authentication during data exchange in the handshake stage.
Connection privacy
Connection privacy means that data is encrypted before transmission to avoid data theft
by illegitimate users. SSL ensures connection privacy by employing encryption
algorithms. Commonly used encryption algorithms are Data Encryption Standard (DES),
3DES, RC2, and RC4.
Data intactness
Data intactness means that any modification to data during transmission can be detected.
SSL sets up a secure channel between the client and the server so that all SSL-processed
data can reach the destination without being modified. SSL guarantees data intactness by
employing message digest algorithms. Commonly used message digest algorithms are
message digest 5 (MD5) and SHA-1. SHA is short for secure hash algorithm.
The SSL feature can be implemented on the GGSN when the GGSN communicates with the
M2000 or local maintenance terminal (LMT) to enhance security through encryption. Thus,
the man-machine language (MML) channel, binary channel, and File Transfer Protocol (FTP)
file transfer channel between the GGSN and the M2000 or LMT are encrypted.
4.8 QoS
This describes the quality of service (QoS) function supported by the GGSN9811.
The general packet radio service/universal mobile telecommunications system (GPRS/UMTS)
standard defines the QoS in mobile networks as the end-to-end QoS. The end-to-end QoS
depends on the QoS features of every node on the transmission path. Thus, when the traffic
passes through the IP-based GPRS/UMTS core network, the GPRS/UMTS QoS negotiated
during the context activation must be mapped to the differentiated services code point (DSCP)
field or type of service (ToS) field of the IP packet header according to a certain mapping rule.
An IP QoS performs queue scheduling to ensure the end-to-end QoS.
The GGSN9811 supports QoS negotiation and mapping. The QoS requested is carried in
the context activation request message of a mobile station (MS). The GGSN9811
performs the QoS negotiation based on the QoS information and the configurations of
the GGSN9811. The GGSN9811 maps the negotiated QoS parameter into the
differentiated services (DiffServ) priority of the IP network, fills the priority into the ToS
or DSCP field in the header of the packets, and then forwards them to an external packet
data network (PDN). The PDN schedules the IP QoS queue to ensure the QoS of the
packet service.
The GGSN9811 supports the user-based DiffServ. The services at different levels are
provided for users who have different requirements. The allocation/retention priority
(ARP) in activation requests controls the access and bearer priority of users. To meet
DiffServ requirements, the GGSN9811 provides different QoS levels based on user
levels and traffic classes.
The GGSN9811 supports the content awareness function. For rectifying the problem in
which the bearer network cannot detect the service QoS requirement, and the problem of
low usage of wireless air resources, Huawei provides a UMTS content awareness
solution on the GGSN9811 to achieve dynamic QoS policy control. The GGSN9811 can
send the QoS update request to the serving GPRS support node (SGSN) based on the
type of the user data service to achieve dynamic adjustment of the QoS. Thus, the QoS
requirements of multiple user services can be met flexibly and operators can use network
resources appropriately and effectively.
The GGSN9811 supports the alias marking function. The GGSN9811 can process the
traffic based on the operator-defined priority rules. For other network elements (NEs),
the priority levels in the QoS information remain unchanged. This function provides
operators with flexible processing of the QoS service on the GGSN9811.
The GGSN9811 supports the traffic policing function. Traffic policing is a mechanism to
restrict the bandwidth for data traffic so that the data transmission is within the specified
rate. Traffic policing is realized through the committed access rate (CAR) mechanism.
− Bearer-based uplink and downlink traffic policing: When bearer contexts are
activated or updated, the GGSN9811 polices both the uplink and downlink traffic of
the bearer contexts after determining the uplink and downlink bandwidths of the
bearer contexts. Traffic policing can be implemented by configuring the guaranteed
bit rate (GBR) and maximum bit rate (MBR).
− DSCP-based traffic policing: The GGSN9811 restricts the traffic of the packets of a
certain type based on the value of the DSCP field.
The GGSN9811 supports the traffic shaping function. Traffic shaping is a mechanism to
adjust the output traffic rate actively. The packets that do not comply with the
specifications are cached in a buffer or queue. When sufficient tokens are available in the
token bucket, the cached packets are sent regularly at the rate configured for the token
bucket.
The GGSN9811 supports the P2P/VoIP-based bandwidth management function. When
receiving service traffic from the Gn or Gi interface, the GGSN9811 identifies whether
the service is a point-to-point (P2P) or voice over IP (VoIP) service, and matches the
service with a service rule according to the service type, traffic property (traffic direction
and time period), and user property (including the RAT type and roaming attribute). Then,
the GGSN9811 performs service control and bandwidth management according to the
policy of the service rule. By managing the bandwidths of P2P and VoIP services,
operators can guarantee the QoS of subscribed P2P and VoIP services and a fair
bandwidth allocation. In this manner, bandwidths are not consumed significantly by
malicious P2P or VoIP service traffic, thus improving customer experiences.
4.9 Charging
This describes the charging function of the GGSN9811. The GGSN9811 can provide
abundant charging functions and enable operators to charge users flexibly.
4.9.1 RADIUS Accounting
This describes the Remote Authentication Dial In User Service (RADIUS) accounting
function of the GGSN9811.
4.9.2 Offline Charging
This describes the offline charging function of the GGSN9811.
4.9.3 Online Charging
This describes the online charging function of the GGSN9811.
4.9.4 Content-based Charging
This describes the content-based charging (CBC) function of the GGSN9811. CBC enables
operators to charge for the access service and the services based on contents and applications,
thus helping operators gain more profits.
4.9.5 Event-based Charging
This describes the event-based charging function of the GGSN9811. Event-based charging
means that users are charged based on the number of times that they use a specific service.
4.9.6 Envelope Reporting
This describes the envelope reporting function of the GGSN9811. By means of the envelope
reporting function, more detailed charging information can be provided for the online/offline
charging system based on the standard duration reporting.
Ga interface for processing. Then, the G-CDRs and eG-CDRs are sent to the billing system
(BS) for charging processing.
The G-CDRs and eG-CDRs are the data service records generated by the GGSN, which
record charging information about the packet data network (PDN) usage. The GGSN9811
creates and opens CDRs to start charging when Packet Data Protocol (PDP) contexts are
activated for mobile users. It closes the CDRs and stops charging when the PDP contexts are
deactivated. Each activated PDP context has its CDRs.
The GGSN9811 supports CDRs of multiple versions such as R98, R99, R4, R5, R6, and R7.
Charging Characteristic
The offline charging function provided by the GGSN9811 consists of normal charging, hot
billing, prepaid charging, and flat rate charging.
Normal charging
The normal charging is based on the data volume or duration instead of the data service
type.
Hot billing
Hot billing provides all functions of normal charging but can generate CDRs more
quickly than normal charging. You can set the time threshold and volume threshold for
generating CDRs on the GGSN9811 based on user attributes. For hot billing users, the
time threshold can be set to a small value to report CDRs in time. After the CDRs sent by
the GGSN9811 reach the CG, the CDRs containing the hot billing attribute take
precedence over other CDRs in processing by the CG.
Prepaid charging
Before availing themselves of a service, the users must pay for the service in advance.
When the account balance is insufficient for the service, the service is terminated
forcibly. Therefore, operators can quickly recover investments and improve network
resource efficiency.
Flat rate charging
Flat rate charging is also called periodical charging. It means that a user pays based on a
specific period, for example, once a month. The rate for each period, for example, a
month, remains the same. The charging system on the GGSN9811 collects only such
information as data traffic and service duration of the users who pay at a flat rate, and
then sends the data to the BS for storage. The flat rate is determined by a subscription
contract.
Charging Feature
The features of offline charging on the GGSN9811 are as follows:
The GGSN9811 generates normal CDRs on any of the following conditions:
− CDR generation based on duration
If a mobile station (MS) occupies a data connection for a long time, the GGSN9811
generates G-CDRs or eG-CDRs based on the collected charging data at a regular
interval.
− CDR generation based on traffic
The GGSN9811 generates a G-CDR or eG-CDR if the data volume reaches the preset
threshold.
− CDR generation based on number of charging condition changes
The GGSN9811 generates a G-CDR or eG-CDR if the number of times that a charging
condition such as quality of service (QoS), tariff, and routing area identifier (RAI)
changes reaches a threshold. The GGSN9811 generates a G-CDR or eG-CDR when the
radio access technology (RAT), SGSN PLMN ID, or MS time zone changes once.
− CDR generation based on number of SGSN address changes
The GGSN9811 generates a G-CDR or eG-CDR if the number of times that the IP
address of the SGSN changes reaches a threshold.
− CDR generation based on MS deactivation
The GGSN9811 generates a G-CDR or eG-CDR, if a session for packet data services
ends and the MS is deactivated.
The GGSN9811 supports multiple tariffs for different time segments.
You can set multiple tariffs for different time segments, such as holiday/festival,
weekend, and workday. The GGSN9811 can record the service traffic in these time
segments separately.
The GGSN9811 can select a CG.
If multiple CGs are configured with the same priority, the GGSN9811 selects the CG that
is idle to send CDRs when multiple PDP contexts are activated. If multiple CGs are
configured with different priorities, the GGSN9811 selects the CG with a higher priority
to send CDRs.
The GGSN9811 allows customization of the CDR format.
Operators can define the CDR format. The CDR generated by the GGSN9811 can
optionally contain information such as the mobile station international ISDN number
(MSISDN) in addition to mandatory information defined in protocols. Therefore,
operators can choose the optional fields in a CDR to realize customized charging
schemes.
The GGSN9811 can control CDR generation.
Mobile operators can flexibly control whether the GGSN9811 should generate CDRs as
required for the users of the entire GGSN9811, users of an access point name (APN),
home users, roaming user, or users with the flat rate charging characteristic.
The GGSN9811 can cache CDRs.
The GGSN9811 can cache the generated CDRs on the hard disk if the link between the
GGSN9811 and the CG is faulty. These CDRs are sent to the CG if the link is restored so
that CDRs will not be lost.
The GGSN9811 supports the CDR audit function.
Each time a CDR, valid or not, is generated, a record is created in the CDR audit log file.
The record retains reset information about the GGSN9811. The CDR audit record is used
to check whether the CDR is correct to ensure correct charging of the charging system
and to facilitate error detection.
user account. The online charging function can trace the usage (time or volume) of the
resources prepaid by the user and deduct the current usage expense from the account balance
in real time. The service is automatically terminated or the user is informed when the account
balance is exhausted.
The Diameter online charging function on the GGSN9811 is described as follows:
The GGSN9811 supports service blocking or redirection when the balance is insufficient
or the service is not subscribed. If the OCS at the server side finds that the balance is
insufficient for service access, the OCS redirects the user request to the specific page for
recharge. If the OCS at the server side finds that the service is not subscribed, the OCS
redirects the user request to the specific page for subscription. Therefore, two redirection
functions are required, redirection for recharge and redirection for subscription.
Based on the characteristics of the application protocol, the GGSN9811 supports the
redirection function only for the Hypertext Transfer Protocol (HTTP), Wireless
Application Protocol 1.x (WAP1.x), and WAP2.0 browsing services. If the OCS sends
the instruction to the GGSN9811 to redirect the user request to a specific page but the
user is not accessing the browsing service, the GGSN9811 discards the related messages.
The user credit control is realized through the OCS. A secondary OCS must be provided
to perform credit control through the exchange with the GGSN9811 to ensure that
services are not disrupted when the GGSN9811 detects that the connection with the OCS
is abnormal. Therefore, the configuration of primary and secondary OCSs must be
supported.
The GGSN9811 supports primary and secondary OCSs locally. When detecting that the
primary OCS does not respond to a request, the GGSN9811 automatically sends online
charging messages to the secondary OCS. If the OCS supports primary/secondary
switchover, services are not disrupted.
The GGSN9811 can charge the Hypertext Transfer Protocol (HTTP) service of accessing
a uniform resource locator (URL) such as www.isp.com/* by using an access point name
(APN) such as MNET based on the service traffic or duration.
Charging based on FTP service traffic or duration
The GGSN9811 can charge the File Transfer Protocol (FTP) download service by using
an APN such as MNET based on the service traffic or duration. Two FTP transmission
modes, PORT and PASV, are supported.
Charging based on WAP service traffic or duration
The GGSN9811 can charge the Wireless Application Protocol (WAP) service of
accessing a URL such as wap.isp.com/news.wml by using an APN such as WAP based
on the service traffic or duration. The GGSN9811 can also charge the multimedia
messaging service (MMS) and the KJava service by using an APN such as WAP based
on the service traffic.
Charging based on RTSP VOD service traffic or duration
The GGSN9811 can charge the video on demand (VOD) service based on the service
traffic or duration.
Charging based on MMS service traffic or duration
The GGSN9811 can charge for the MMS service based on the service traffic or duration.
Charging based on DNS service traffic or duration
The GGSN9811 can charge the domain name server (DNS) traffic separately, or include
the DNS traffic in the associated services for time- or volume-based charging.
The GGSN9811 can analyze packets of the Trivial File Transfer Protocol (TFTP), Microsoft
Multimedia Server Protocol (MMSP), Simple Mail Transfer Protocol (SMTP), Post Office
Protocol revision 3 (POP3), and Interactive Mail Access Protocol (IMAP), and identify
Point-to-Point (P2P), Voice over IP (VoIP), and instant messaging (IM) services.
The CBC CDRs can be of two formats. One is the format of the G-CDR extension
content-based charging field. The other is the standard eG-CDR format defined in the 3GPP
protocol. You can use either format for the CBC function.
The GGSN can perform event-based charging for the MMS service. That is, a mobile
user is charged based on the number of sent MMS messages.
Event-based charging for the RTSP service
The GGSN can perform event-based charging for the video on demand (VOD) service.
That is, a mobile user is charged based on the number of times of accessing a VOD
service.
Event-based charging for the WAP service
The GGSN can perform event-based charging for the service of accessing a URL such as
wap.isp.com/news.wml by using an APN such as WAP. That is, a mobile user is charged
based on the number of times of accessing a Web page identified by a URL in the MMS
or KJava service.
An event-based charging data record (CDR) contains the numberOfEvents field, indicating
the number of successful events and number of failed event, and the eventTimeStamps field,
indicating the time when an event occurs.
4.10 DPI
Through the deep packet inspection (DPI) technology, the GGSN8911 can analyze the data of
the application layer protocols and obtain valuable information for service resolution and
control.
With more and more services on the mobile network, operators require the gateway GPRS
support node (GGSN) to provide the content awareness function for content charging and
security control. Thus, operators can optimize services and improve network security.
The GGSN9811 supports the DPI function for the following protocols:
Hypertext Transfer Protocol (HTTP)
Wireless Application Protocol 2.0 (WAP2.0)
Wireless Application Protocol 1.X (WAP1.X)
Real-Time Streaming Protocol (RTSP)
Multimedia Messaging Service (MMS)
File Transfer Protocol (FTP)
Domain Name Service (DNS)
Trivial File Transfer Protocol (TFTP)
Microsoft Multimedia Server Protocol (MMSP)
Simple Mail Transfer Protocol (SMTP)
Post Office Protocol revision 3 (POP3)
Interactive Mail Access Protocol (IMAP)
Point-to-Point (P2P)
Voice over IP (VoIP)
Instant Messaging (IM)
The DPI function of the GGSN9811 can help operators to achieve the following functions:
Service resolution
Whether a user surfs the Internet through a browser or watches a movie on line, the
traffic is the basis of charging by operators. The DPI function can provide precise and
detailed information about the data volume and categorize data contents to apply
different tariffs. The result of service resolution can also be used as the reference for
resource allocation by operators. The GGSN9811 can accurately analyze packets of
various protocols and perform different processing accordingly.
Service control
Through deep inspection of data and analysis of service types, operators can provide
different service combinations for different users and filter out forbidden services.
portal based on the portal configuration about the user. Thus, the user can visit multiple
services through the personal portal.
Web proxy
To speed up browsing, the GGSN9811 can redirect the IP address of the page requested
by a user to the IP address of a web proxy cache server. The user requested page can be
cached on the cache server to achieve network acceleration.
4.13 PCC
The GGSN9811 supports the policy and charging control (PCC) feature and provides a PCC
solution.
With the rapid development of IP-based networks, packet networks will become basic
platforms for future services. Therefore, operators impose higher requirements on service
awareness, service control, and charging of the packet networks. The SBLP, FBC, and PCC
features can satisfy the requirements of the operators.
Based on the PCC feature, operators can perform unified and multi-dimension policy
deployment and control in network operation, thus preventing channellized services and
enhancing competitiveness by optimizing network resource usage and improving network
user experience.
The GGSN9811 supports the following PCC functions:
Static PCC control: Where PCRF is not deployed, all policies are implemented by the
Policy and Charging Enforcement Function (PCEF) according to the local static
configuration.
Dynamic PCC control: Where AF may exist after PCRF is deployed, all services
dynamically generate PCC rules for scheduling and charging based on their own QoS
requirements and subscription data.
4.14 MBMS
This describes the multimedia broadcast/multicast service (MBMS) of the GGSN9811. The
MBMS is defined by the 3rd Generation Partnership Project (3GPP) for unidirectional
point-to-multipoint multimedia services.
The MBMS service can be a multimedia service that is broadcast to users in a cell through the
public channel on the air interface or a subscribed service that is multicast to users in a cell.
Thus, the air interface resources can be used efficiently. One of the applications of the MBMS
service is the mobile phone TV service. In addition, the services such as broadcast download
and MTV interaction are supported.
The MBMS service is the unidirectional point-to-multipoint multimedia service that allows
sending data from one source entity to multiple receivers, downloading the same data by
multiple mobile users, and sharing network resources. This service can be widely used in
wireless networks.
Huawei GGSN9811 supports the MBMS service in broadcast mode. The broadcast mode
refers to unidirectional point-to-multipoint multimedia data transmission from a source entity
to users within a broadcast service area.
4.15 IPv6
The GGSN9811 supports basic IPv6 access function. It supports the IPv6 bearer on the user
plane but not the IPv6 features on the signaling plane.
IPv6 is developed on the basis of IPv4. It has new features such as adequate address spaces,
higher security, and better support of mobility and QoS. IPv6 lays a sound foundation for
sustainable development of the IP network.
IPv6 is introduced to the 3GPP in R5 stage. In R5 stage, the IMS is carried by IPv6. The RNC,
SGSN, and GGSN are interconnected by IPv4 or IPv6. User terminals support dual IPv4/IPv6
protocol stacks so that they can access IPv4/IPv6 services.
At present the GGSN9811 supports basic IPv6 access function. It supports the IPv6 bearer on
the user plane but not the IPv6 features on the signaling plane. That is, the GGSN9811 is still
in the IPv4 network and it is connected to the SGSN and the public data network (PDN)
through the IPv4 network. The uplink IPv6 packets of the user are encapsulated in the
IPv4+GTP packets by the SGSN and sent to the GGSN9811. The GGSN9811 decapsulates
the GPRS Tunneling Protocol (GTP) packets and extracts the IPv6 packets. Then, the IPv6
packets are forwarded to the IPv6 gateway through the IPv4 tunnel according to the system
configuration. The IPv6 gateway finally carries out the routing forwarding or protocol
translation (IPv6/IPv4 translation) of the IPv6 packets. For downlink packets, when the
GGSN9811 determines that a user type is IPv6, it decapsulates the packets and extracts the
IPv6 packets. Then, the GGSN9811 carries out GTP encapsulation and delivers the packets to
the SGSN.
This function enables the following services:
IPv6 mobile stations accessing IPv6 services
IPv6 mobile stations accessing IPv4 services
5 Reliability
Over-voltage and over-current protection measures are taken for the board power input
and external interfaces. The measures comply with ITU-T G.703 Recommendation
Annex B and related specifications.
6.1 OM System
This describes the operation and maintenance (OM) system of the GGSN9811. The OM
system of the GGSN9811 is of the client/server architecture.
Figure 6-1 shows the structure of the GGSN9811 OM system.
LAN GGSN/BAM
LAN
MODEM
Remote GGSN LMT M2000 server
access
server
MODEM LAN
GGSN LMT
M2000 client M2000 client
6.1.1 BAM
This describes the back administration module (BAM). The BAM is the server based on the
Transmission Control Protocol/Internet Protocol (TCP/IP). The BAM of the GGSN9811 is
integrated on the Switching Route Unit (SRU).
6.1.2 LMT
This describes the local maintenance terminal (LMT). the LMT serves as the client and is
connected to the back administration module (BAM) based on the Transmission Control
Protocol/Internet Protocol (TCP/IP).
6.1.3 M2000
This describes the M2000. The M2000 is a mobile network management system (NMS) in
Huawei iManager network management solution.
6.1.1 BAM
This describes the back administration module (BAM). The BAM is the server based on the
Transmission Control Protocol/Internet Protocol (TCP/IP). The BAM of the GGSN9811 is
integrated on the Switching Route Unit (SRU).
Receiving connection requests from the client to establish connections, and analyzing
and processing commands from the client
Receiving connection requests from the host through the local bus to establish
connections and realize the communication between the BAM and the host, and
processing data loading requests and alarms from the host
In spite of the loss or error of BAM files, the M2000 can interwork with the GGSN9811 and restore the
BAM.
6.1.2 LMT
This describes the local maintenance terminal (LMT). the LMT serves as the client and is
connected to the back administration module (BAM) based on the Transmission Control
Protocol/Internet Protocol (TCP/IP).
The LMT supports the command line interface (CLI) mode and the graphic user interface
(GUI) mode. The LMT can be used to configure the device, trace messages, manage the
system performance, manage alarms, and manage logs. The LMT provides interfaces to
connect the alarm box to provide audible and visual alarms.
The LMT can be accessed by dialing through the public switched telephone network (PSTN).
Then, the LMT performs the operation and maintenance (OM) function.
6.1.3 M2000
This describes the M2000. The M2000 is a mobile network management system (NMS) in
Huawei iManager network management solution.
The M2000 communicates with the GGSN9811 through the Transmission Control
Protocol/Internet Protocol (TCP/IP). The M2000 is composed of the M2000 server and
multiple M2000 clients.
The local maintenance terminal (LMT) can be integrated into the M2000. Thus, the LMT can
achieve uniform management and browsing of devices in the entire network through the
topology management function provided by the M2000. The LMT and the M2000 are in the
loose coupling relationship. The LMT is dedicated to management only on the GGSN9811,
whereas the M2000 performs the public management such as topology management and fault
management for devices in the entire network.
6.2 OM Function
This describes the operation and maintenance (OM) functions of the GGSN9811. The
GGSN9811 provides the OM functions such as configuration management, message tracing,
performance management, alarm management, and log management.
6.2.1 Configuration Management
This describes the configuration management function of the GGSN9811. The configuration
management function is performed by the command line interface (CLI) commands provided
in the local maintenance terminal (LMT) of the GGSN9811.
6.2.2 Message Tracing
This describes the message tracing function of the GGSN9811. The message tracing function
of the GGSN9811 is performed in the maintenance window of the local maintenance terminal
(LMT).
6.2.3 Performance Management
This describes the performance management function of the GGSN9811. The performance
management function of the GGSN9811 is realized through the centralized performance
management module of the M2000 and the Performance Browser Tool of the local
maintenance terminal (LMT).
6.2.4 Alarm Management
This describes the alarm management function of the GGSN9811. The alarm management
function of the GGSN9811 is realized through the alarm management system of the local
maintenance terminal (LMT) or the centralized fault management system of the M2000.
6.2.5 Log Management
This describes the log management function of the GGSN9811. Logs can be classified into
user operation logs, system operation logs, and security logs based on contents.
7 Technical Specifications
Item Specification
Maximum number of PDP
contexts that are activated at 5000000
the same time
Maximum data throughput 50 Gbit/s
Maximum IPSec throughput 3 Gbit/s
Maximum number of APNs 3000
Maximum number of GRE
4000
tunnels
Maximum number of L2TP
20000
tunnels
Maximum number of IPSec
4000
tunnels
Item Specification
Cabinet N68E-22
Height: 2200 mm
Dimensions Width: 600 mm
Depth: 800 mm
Load-bearing capacity > 600 kg/m²
Power input -48 V DC to -60 V DC
Typical power
2300 W
consumption of subrack
≤ 78 dBA at 23°C (The noise varies with the ambient
Noise (acoustic power)
temperature.)
Item Specification
Annual repair and return rate of boards ≤ 3%
Availability ≥ 99.999%
MTBF 18.35 years
MTTR 1 hour
Annual mean failure time < 5 minutes
Board switchover time < 5 seconds
Board restart time < 5 minutes
System restart time < 6 minutes
Start time from system power-on to
< 10 minutes
service-ready
IEC 61000-4-3
IEC 61000-4-4
IEC 61000-4-5
IEC 61000-4-6
IEC 61000-4-29
Climatic Requirements
Item Specification
Altitude ≤ 3000 m
Air pressure 70 kPa to 106 kPa
Climatic Requirements
Item Specification
NOTE
Impact response spectrum refers to the maximum acceleration response
curve generated by the equipment under specified impact excitation.
Impulse response spectrum II means that the duration of half-sine impulse
response spectrum is 6 ms.
Static payload refers to the capability of the equipment in package to bear
the pressure from the top in normal pile-up method.
Climatic Requirements
Table 7-7 Requirements for temperature and humidity in the running environment
NOTE
The values are measured 1.5 m above the floor and 0.4 m in front of the
equipment, without protective panels in front of or behind the cabinet.
Short term running refers to continuous running for no more than 48 hours
or accumulated running of no more than 15 days in a year.
Table 7-8 Requirements for other climatic factors in the running environment
Item Specification
Altitude ≤ 3000 m
Air pressure 70 kPa to 106 kPa
Temperature change rate ≤ 5°C/h
NOTE
Impact response spectrum refers to the maximum acceleration response
curve generated by the equipment under specified impact excitation.
Impulse response spectrum II means that the duration of half-sine impulse
response spectrum is 6 ms.
Static payload refers to the capability of the equipment in package to bear
the pressure from the top in normal pile-up method.
8 Installation
System Expansion
The GGSN9811 supports the following modes of capacity expansion without interrupting
ongoing services:
Expansion through software
Generally, an operator purchases a system with relatively small capacity at the initial
stage. As the service traffic increases, the system may need expansion. The operator can
expand the system by buying only a license file and loading it to the system. Such
capacity expansion does not interrupt ongoing services.
Expansion through hardware
A GGSN9811 subrack can hold up to six Service Processing Units (SPUs). The SPUs
can work in 1+1 backup mode or load-sharing mode. The SPU is hot swappable.
Capacity expansion does not interrupt ongoing services.
System Upgrade
Switching over the active and standby boards and upgrading them separately can upgrade the
GGSN9811 without interrupting ongoing services or changing data configuration.
Index
A
N
Accessing the PDN, 4-3
alarm management, 6-5 network interface
Ga, 1-10
Gi, 1-7
E Gmb, 1-11
environmental requirements Gx, 1-11
running environment, 7-6 Gy, 1-10
storage environment, 7-4
transportation environment, 7-5 R
reliability
G hardware, 5-1
GTP, 4-5 networking, 5-3
software, 5-2
I routing, 4-2
installation S
system, 8-1
system expansion and upgrade, 8-2 security, 4-9
specification
L EMC, 7-3
entire system, 7-2
LMT, 6-3 performance, 7-1
log management, 6-5 reliability, 7-3