2-GGSN9811 V900R007 Product Description

HUAWEI GGSN9811 Gateway GPRS Support Node
V900R007
Product Description
Issue 01
Date 2009-03-31
Part Number
Huawei Proprietary and Confidential

Copyright © Huawei Technologies Co., Ltd.
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For
any assistance, please contact our local office or company headquarters.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: support@huawei.com
Copyright © Huawei Technologies Co., Ltd.2009. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the commercial contract made between
Huawei and the customer. All or partial products, services and features described in this document may not
be within the purchased scope or the usage scope. Unless otherwise agreed by the contract, all
statements, information, and recommendations in this document are provided “AS IS” without warranties,
guarantees or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Huawei Proprietary and Confidential

Product Description Contents
Contents
About This Document ................................................................................................................ 1

1 Overview ................................................................................................................................ 1-1
1.1 Basic Functions .............................................................................................................................................1-1
1.2 Network Structure .........................................................................................................................................1-2
1.3 Network Interfaces ........................................................................................................................................1-5
1.3.1 Gn/Gp Interface ...................................................................................................................................1-6
1.3.2 Gi Interface ..........................................................................................................................................1-7
1.3.3 Ga Interface........................................................................................................................................1-10
1.3.4 Gy Interface .......................................................................................................................................1-10
1.3.5 Gmb Interface .................................................................................................................................... 1-11
1.3.6 Gx Interface ....................................................................................................................................... 1-11
1.4 Supported Protocols ....................................................................................................................................1-12
1.5 Physical Interfaces ......................................................................................................................................1-15
1.5.1 Interface Types ...................................................................................................................................1-15
1.5.2 Interface Specifications......................................................................................................................1-16
2 Product Features .................................................................................................................... 2-1

2.1 Carrier-Class Platform...................................................................................................................................2-1
2.2 High Reliability.............................................................................................................................................2-2
2.3 Security .........................................................................................................................................................2-2
2.4 Large Capacity ..............................................................................................................................................2-3
2.5 Customized Operation and Maintenance System..........................................................................................2-3
3 System Structure ................................................................................................................... 3-1

3.1 Physical Structure..........................................................................................................................................3-1
3.1.1 Cabinet .................................................................................................................................................3-1
3.1.2 Subrack ................................................................................................................................................3-4
3.1.3 Boards ..................................................................................................................................................3-6
3.2 Logical Structure ...........................................................................................................................................3-8
4 Services and Functions ......................................................................................................... 4-1

4.1 Routing..........................................................................................................................................................4-2
4.2 APN...............................................................................................................................................................4-3
4.3 Accessing the PDN........................................................................................................................................4-3
Issue 01 (2009-03-31) Huawei Proprietary and Confidential i

HUAWEI GGSN9811 Gateway GPRS Support
Node
Contents Product Description
4.4 GTP ...............................................................................................................................................................4-5

4.4.1 GTP Tunnel ..........................................................................................................................................4-6
4.4.2 GTP Signaling Function.......................................................................................................................4-6
4.4.3 IP over GTP and PPP over GTP...........................................................................................................4-6
4.5 Direct Tunnel.................................................................................................................................................4-7
4.6 VPN...............................................................................................................................................................4-8
4.7 Security .........................................................................................................................................................4-9
4.7.1 Protocol Security Authentication .........................................................................................................4-9
4.7.2 IPSec ..................................................................................................................................................4-10
4.7.3 Packet Filtering and ACL...................................................................................................................4-10
4.7.4 Gi Interface Redirection..................................................................................................................... 4-11
4.7.5 Anti-DDoS Protection ........................................................................................................................ 4-11
4.7.6 Anti-spoofing ..................................................................................................................................... 4-11
4.7.7 SSL.....................................................................................................................................................4-12
4.8 QoS..............................................................................................................................................................4-12
4.9 Charging......................................................................................................................................................4-13
4.9.1 RADIUS Accounting .........................................................................................................................4-14
4.9.2 Offline Charging ................................................................................................................................4-14
4.9.3 Online Charging.................................................................................................................................4-16
4.9.4 Content-based Charging.....................................................................................................................4-17
4.9.5 Event-based Charging ........................................................................................................................4-18
4.9.6 Envelope Reporting............................................................................................................................4-19
4.10 DPI ............................................................................................................................................................4-19
4.11 Service Redirection ...................................................................................................................................4-20
4.12 Service Report ...........................................................................................................................................4-21
4.13 PCC ...........................................................................................................................................................4-21
4.14 MBMS.......................................................................................................................................................4-22
4.15 IPv6 ...........................................................................................................................................................4-22
4.16 Other Services and Functions....................................................................................................................4-23
5 Reliability............................................................................................................................... 5-1
5.1 Hardware Reliability .....................................................................................................................................5-1
5.2 Software Reliability ......................................................................................................................................5-2
5.3 Networking Reliability..................................................................................................................................5-3
5.4 Operation and Maintenance Reliability.........................................................................................................5-3
6 Operation and Maintenance ................................................................................................ 6-1

6.1 OM System ...................................................................................................................................................6-1
6.1.1 BAM ....................................................................................................................................................6-2
6.1.2 LMT .....................................................................................................................................................6-3
6.1.3 M2000 ..................................................................................................................................................6-3
6.2 OM Function .................................................................................................................................................6-3
6.2.1 Configuration Management .................................................................................................................6-4
ii Huawei Proprietary and Confidential Issue 01 (2009-03-31)

Product Description Contents
6.2.2 Message Tracing ..................................................................................................................................6-4

6.2.3 Performance Management ...................................................................................................................6-4
6.2.4 Alarm Management..............................................................................................................................6-5
6.2.5 Log Management .................................................................................................................................6-5
7 Technical Specifications....................................................................................................... 7-1

7.1 Performance Specifications...........................................................................................................................7-1
7.2 Entire-system Specifications .........................................................................................................................7-2
7.3 Reliability Specifications ..............................................................................................................................7-3
7.4 Safety Specifications .....................................................................................................................................7-3
7.5 EMC Specifications ......................................................................................................................................7-3
7.6 Environment Specifications ..........................................................................................................................7-4
7.6.1 Storage Environment............................................................................................................................7-4
7.6.2 Transportation Environment ................................................................................................................7-5
7.6.3 Running Environment ..........................................................................................................................7-6
8 Installation ............................................................................................................................. 8-1

8.1 System Installation ........................................................................................................................................8-1
8.2 System Expansion and Upgrade....................................................................................................................8-1
Index ...........................................................................................................................................i-1
Issue 01 (2009-03-31) Huawei Proprietary and Confidential iii

Product Description Figures
Figures
Figure 1-1 GPRS/UMTS network structure .......................................................................................................1-2

Figure 1-2 Interfaces of the GGSN9811.............................................................................................................1-5
Figure 1-3 Signaling plane protocol stack of the Gn/Gp interface .....................................................................1-6
Figure 1-4 User plane protocol stack of the Gn/Gp interface.............................................................................1-7
Figure 1-5 Protocol stack of the Gi interface......................................................................................................1-8
Figure 1-6 Protocol stack of the Gi interface in transparent access mode..........................................................1-8

Figure 1-7 Protocol stack of the Gi interface in non-transparent access mode...................................................1-8
Figure 1-8 Protocol stack of the Gi interface......................................................................................................1-9
Figure 1-9 Protocol stack of the Gi interface in PPP termination mode.............................................................1-9

Figure 1-10 Protocol stack of the Gi interface in PPP relay mode ...................................................................1-10
Figure 1-11 Protocol stack of the Ga interface .................................................................................................1-10
Figure 1-12 Protocol stack of the Gy interface................................................................................................. 1-11

Figure 1-13 Protocol stack of the Gmb interface.............................................................................................. 1-11
Figure 1-14 Protocol stack of the Gx interface.................................................................................................1-12
Figure 3-1 N68E-22 cabinet ...............................................................................................................................3-2

Figure 3-2 Hardware layout of the GGSN9811..................................................................................................3-3
Figure 3-3 GGSN9811 subrack ..........................................................................................................................3-4
Figure 3-4 Components in the GGSN9811 subrack ...........................................................................................3-5

Figure 3-5 Layout of boards in the GGSN9811 subrack ....................................................................................3-7
Figure 3-6 Logical structure of the GGSN9811 .................................................................................................3-9
Figure 4-1 Example of transparent access to an external IP network .................................................................4-4

Figure 4-2 Example of non-transparent access to an ISP or an intranet .............................................................4-5
Figure 4-3 Example of IP over GTP and PPP over GTP ....................................................................................4-6
Figure 4-4 Example of PPP regeneration ...........................................................................................................4-7

Figure 6-1 Structure of the GGSN9811 OM system ..........................................................................................6-2
Issue 01 (2009-03-31) Huawei Proprietary and Confidential v

Product Description Tables
Tables
Table 1-1 Protocols supported by the GGSN9811 ............................................................................................1-12

Table 1-2 Quantities and functions of the physical interfaces on the GGSN9811 ............................................1-16
Table 1-3 Specifications for 10/100M auto-sensing Ethernet electrical interfaces...........................................1-16

Table 1-4 Specifications for 1000M Ethernet SFP optical interfaces (1000Base-X-SFP)................................1-17
Table 1-5 Specifications for 1000M Ethernet SFP electrical interfaces (1000Base-X-SFP) ............................1-17
Table 1-6 Specifications for the 10G Ethernet optical interfaces (10GBase LAN/WAN-XFP) .......................1-18
Table 3-1 Main components in the GGSN9811 subrack.....................................................................................3-5
Table 3-2 Specifications of the three types of LPUs...........................................................................................3-8
Table 7-1 GGSN9811 performance specifications .............................................................................................7-2

Table 7-2 Specifications of the entire GGSN9811..............................................................................................7-2
Table 7-3 GGSN9811 reliability specifications ..................................................................................................7-3
Table 7-4 Climatic requirements for equipment storage.....................................................................................7-4

Table 7-5 Climatic requirements for equipment transportation ..........................................................................7-5
Table 7-6 Requirements for mechanical stress in the transportation environment .............................................7-5
Table 7-7 Requirements for temperature and humidity in the running environment ..........................................7-6
Table 7-8 Requirements for other climatic factors in the running environment .................................................7-6
Table 7-9 Requirements for mechanical stress in the running environment .......................................................7-7
Issue 01 (2009-03-31) Huawei Proprietary and Confidential vii

Product Description About This Document
About This Document
Purpose
This document mainly describes the features, system architecture, services and functions,
operation and maintenance, reliability, technical specifications, and installation procedure of
the GGSN9811.
Related Versions
The following table lists the product version related to this document.
Product Name Version

GGSN9811 V900R007
Intended Audience
This document is intended for:
Network planning engineer
Installation commissioning engineer
Data configuration engineer
Network monitoring engineer
Field maintenance engineer
Update History
Updates between document versions are cumulative. Therefore, the latest document version
contains all the updates made to previous versions.
Updates in Issue 01 (2009-03-31)
Initial field trial release
Issue 01 (2009-03-31) Huawei Proprietary and Confidential 1

About This Document Product Description
Organization
1 Overview
This provides an overview of the GGSN9811. The GGSN9811 serves as a gateway in the
general packet radio service/universal mobile telecommunications system (GPRS/UMTS)
packet core network and forwards packets between the mobile network and the packet data
network (PDN).
2 Product Features
This describes the features of the GGSN9811: carrier-class platform, high reliability, security,
large capacity, and customized operation and maintenance (OM) system.
3 System Structure
This describes the physical and logical structures of the GGSN9811.
4 Services and Functions
This describes the abundant services and functions provided by the GGSN9811. These
services and functions can meet various requirements for networking and services.
5 Reliability
This describes the advanced reliability design of the GGSN9811. The advanced reliability
design effectively ensures the normal operation.
6 Operation and Maintenance
This describes the easy operation and maintenance (OM) measures provided by the
GGSN9811. The OM measures include the local maintenance terminal (LMT) that integrates
graphical user interface (GUI) and command line interface (CLI), accessing Huawei M2000
and operation and maintenance center (OMC), and comprehensive online help.
7 Technical Specifications
This lists the technical specifications of the GGSN9811. The technical specifications consist
of performance specifications, entire-system specifications, reliability specifications, safety
standards, electromagnetic compatibility (EMC) specifications, and environment
requirements.
8 Installation
This describes the installation, upgrade, and expansion processes.
Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates a hazard with a high level of risk that, if not avoided,
will result in death or serious injury.
2 Huawei Proprietary and Confidential Issue 01 (2009-03-31)

Product Description About This Document
Symbol Description
Indicates a hazard with a medium or low level of risk which, if
not avoided, could result in minor or moderate injury.
Indicates a potentially hazardous situation that, if not avoided,

could cause equipment damage, data loss, and performance
degradation, or unexpected results.
Indicates a tip that may help you solve a problem or save time.
Provides additional information to emphasize or supplement
important points of the main text.
General Conventions
Convention Description
Times New Roman Normal paragraphs are in Times New Roman.

Boldface Names of files, directories, folders, and users are in
boldface. For example, log in as user root.
Italic Book titles are in italics.
Courier New Terminal display is in Courier New.
Command Conventions
Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italics.
[] Items (keywords or arguments) in square brackets [ ] are
optional.
{ x | y | ... } Alternative items are grouped in braces and separated by
vertical bars. One is selected.
[ x | y | ... ] Optional alternative items are grouped in square brackets
and separated by vertical bars. One or none is selected.
{ x | y | ... } * Alternative items are grouped in braces and separated by
vertical bars. A minimum of one or a maximum of all can
be selected.
Issue 01 (2009-03-31) Huawei Proprietary and Confidential 3

About This Document Product Description
GUI Conventions
Boldface Buttons, menus, parameters, tabs, windows, and dialog titles

are in boldface. For example, click OK.
> Multi-level menus are in boldface and separated by the ">"
signs. For example, choose File > Create > Folder.
Keyboard Operation
Format Description
Key Press the key. For example, press Enter and press Tab.
Key 1+Key 2 Press the keys concurrently. For example, pressing

Ctrl+Alt+A means the three keys should be pressed
concurrently.
Key 1, Key 2 Press the keys in turn. For example, pressing Alt, A means
the two keys should be pressed in turn.
Mouse Operation
Action Description
Click Select and release the primary mouse button without

moving the pointer.
Double-click Press the primary mouse button twice continuously and
quickly without moving the pointer.
Drag Press and hold the primary mouse button and move the
pointer to a certain position.
4 Huawei Proprietary and Confidential Issue 01 (2009-03-31)

Product Description 1 Overview
1 Overview
About This Chapter

This provides an overview of the GGSN9811. The GGSN9811 serves as a gateway in the
general packet radio service/universal mobile telecommunications system (GPRS/UMTS)
packet core network and forwards packets between the mobile network and the packet data
network (PDN).
1.1 Basic Functions
This describes the basic functions of the GGSN9811.
1.2 Network Structure
This describes the structure of the entire network.
1.3 Network Interfaces
This describes the network interfaces of the GGSN9811. The GGSN9811 provides multiple
interfaces that comply with standard protocols.
1.4 Supported Protocols
This describes the supported protocols of the GGSN9811. The GGSN9811 provides open and
standard protocol interfaces. These interfaces support multiple protocols and can connect the
GGSN9811 to multiple types of devices. Thus, the GGSN9811 possesses strong and flexible
networking capability.
1.5 Physical Interfaces
This describes the physical interfaces of the GGSN9811. The GGSN9811 provides multiple
types of physical interfaces.
1.1 Basic Functions

This describes the basic functions of the GGSN9811.
The GGSN9811 is a gateway GPRS support node developed independently by Huawei
Technologies Co., Ltd. (hereinafter referred to as Huawei). It can be used in either the 2.5G
general packet radio service (GPRS) or the 3G universal mobile telecommunications system
(UMTS). The GGSN9811 is a gateway for a mobile station (MS) to access the external packet
Issue 01 (2009-03-31) Huawei Proprietary and Confidential 1-1

1 Overview Product Description
data network (PDN). It is located at the junction between the GPRS/UMTS packet core
network and the external PDN.
1.2 Network Structure

This describes the structure of the entire network.
The wireless technology has developed from the 2G global system for mobile
communications (GSM) and the 2.5G general packet radio service (GPRS) to the 3G
universal mobile telecommunications system (UMTS). At present, mobile communication is
available widely, transmits wireless data quickly, and provides access to the Internet. Mobile
communication can provide multimedia services, such as voice, data, and video. It enables
you to communicate with other people wherever you are and whenever you want.
Figure 1-1 GPRS/UMTS network structure
RAN CN-CS
HLR/Au SMS-GMSC/
C/EIR SMS-IWFMSC
GSM/GPRS BSS
MSC/VLR PSTN
GMSC ISDN
BTS BSC Billing center

MS UMTS UTRAN SS7
Firewall
NodeB RNC CG Internet
Intranet
SGSN GGSN etc
Core
Other PLMN
network
Firewall BG
DNS WAP AAA
DNS gateway server
CN-PS
AF
BM-SC OCS/CCF PCRF
NPR
MS: mobile station RAN: radio access network

CN-CS: core network-circuit switched CN-PS: core network-packet switched
BSS: base station subsystem UTRAN: UMTS terrestrial radio access network
BTS: base transceiver station BSC: base station controller
NodeB: UMTS base station RNC: radio network controller
1-2 Huawei Proprietary and Confidential Issue 01 (2009-03-31)

SGSN: serving GPRS support node GGSN: gateway GPRS support node
CG: charging gateway BG: border gateway
DNS: domain name server AAA: authentication, authorization and
accounting
BM-SC: broadcast/multicast service OCS/CCF: online charging system/credit control
center function
PCRF: policy and charging rule
function
As shown in Figure 1-1, the GPRS/UMTS network contains the following network elements
(NEs):
MS: An MS is a user's mobile device. It can launch and receive calls through an air
interface. To perform a data service, the MS sets up a logical link with the CN-PS
domain.
RAN: The RAN provides the functions related to wireless access.
CN-CS domain: The CS domain provides circuit type services. It also connects an MS to
an external CS network such as the public switched telephone network (PSTN).
CN-PS domain: The PS domain provides packet data services. It also connects an MS to
an external packet data network (PDN) such as the Internet.
The CN has evolved smoothly from the GPRS to the UMTS. The evolution of the RAN, however, is
revolutionary because of the fundamental change of air interfaces.
Huawei GPRS/UMTS CN-PS domain, consisting of the SGSN, GGSN, CG, and AAA server,
enables an MS to access an external PDN for packet data services and supplies charging
services.
The functions of the main NEs in Huawei GPRS/UMTS CN-PS domain are as follows:
SGSN
The SGSN is used to provide packet data services. It forwards incoming and outgoing IP
packets of the MSs in the service area. The SGSN performs the following functions:
IP packet routing and forwarding for all mobile users within the service area
Encryption and authentication
Session management
Mobility management
Logical link management
Generation and output of charging data records (CDRs), reflecting the usage of wireless
resources
GGSN
The GGSN is used to provide packet data services. The GGSN routes and encapsulates the
data packets between the GPRS/UMTS network and an external PDN. The GGSN performs
the following functions:

Acting as an interface to an external PDN: The GGSN acts as a gateway for MSs to
access an external PDN. The GGSN exchanges routing information for an external PDN.
The GGSN serves as a router for all IP addresses of users in the GPRS/UMTS network.
GPRS/UMTS session management: The GGSN sets up communication between MSs
and external PDNs.
Data receiving and processing: The GGSN receives data from MSs and routes the data to
an external PDN. The GGSN also receives data from the external PDN, and selects a
path in the GPRS/UMTS network to forward the data according to the destination
address. Then, the GGSN sends the data to the SGSN.
Abundant charging functions: The GGSN provides the functions of normal charging, hot
billing, content-based charging, and online charging.
CG
As a device in the GPRS/UMTS network, the charging gateway (CG) collects, merges, and
pre-processes the CDRs generated by the SGSN or the GGSN. The CG also provides an
interface to the billing center. When a GPRS/UMTS user accesses the Internet, several NEs
generate CDRs. Each NE may generate several CDRs. The CG merges and pre-processes the
CDRs, and then sends them to the billing center. Thus, the work load of the billing center is
reduced. If the CG is applied in the network, the SGSN and the GGSN are not required to
provide interfaces to the billing center.
AAA Server
The AAA server is used for authentication, authorization, and accounting. It complies with the
Remote Authentication Dial In User Service (RADIUS) protocol. The AAA server can also be
deployed in other networks besides the GPRS/UMTS network.
DNS
There are two types of DNS in the GPRS/UMTS network. One type is the DNS located
between the GGSN and an external PDN. It is used to resolve the domain name of the
external PDN, equivalent to a common DNS on the Internet. The other type is the DNS
located on the GPRS/UMTS core network. It is used to:
Perform domain name resolution to obtain the IP address of the GGSN based on the
access point name (APN) sent by the SGSN, thus establishing a communication channel
between the GGSN and an MS when the MS attempts to access the external PDN.
Obtain the IP address of the SGSN from the original routing area code when the routing
area between SGSNs is updated.
Obtain the IP address of the destination SGSN based on the new RNC ID during RNC
relocation.
The DNS can also be deployed in other networks besides the GPRS/UMTS network.
OCS
The OCS provides the CCF function. By enhancing the present OCS, credit control can vary
according to service type. The GGSN9811 can determine whether a user is an online charging
user. The OCS can perform rating, allocate quotas, and finally deduct the fees for online
charging users.

BM-SC
The BM-SC distributes the multimedia broadcast/multicast service (MBMS). Serving as the
transmission ingress of the MBMS services of content providers, the BM-SC can authenticate
the users within a public land mobile network (PLMN), initiate the bearer service, and
schedule and deliver the MBMS service.
PCRF
The PCRF is used for making policies and charging rules. It performs the following functions:
Receiving service information from the application function (AF)
Obtaining subscription information from the subscription profile repository (SPR)
Determining the policy and charging rule applied to a user
Providing the policy and charging enforcement function (PCEF) with the policy and
charging rule information
1.3 Network Interfaces

This describes the network interfaces of the GGSN9811. The GGSN9811 provides multiple
interfaces that comply with standard protocols.
Figure 1-2 shows the network interfaces of the GGSN9811.
Gn/Gp interface between the SGSN and the GGSN
Gi interface between the GGSN and the PDN
Ga interface between the GGSN and the CGF
Gy interface between the GGSN and the OCS/CCF
Gmb interface between the GGSN and the BM-SC
Gx interface between the GGSN and the PCRF
Figure 1-2 Interfaces of the GGSN9811
CGF Ga OCS/CCF Gx PCRF

Gy
Gn Gi
SGSN GGSN PDN
Gp
Gmb SGSN Gy
BM-SC OCS
Other PLMN
1.3.1 Gn/Gp Interface

This describes the functions and the protocol stacks of the Gn/Gp interface.
1.3.2 Gi Interface

This describes the functions and the protocol stack of the Gi interface.
1.3.3 Ga Interface
This describes the functions and the protocol stack of the Ga interface.
1.3.4 Gy Interface
This describes the functions and the protocol stack of the Gy interface.
1.3.5 Gmb Interface
This describes the functions and the protocol stack of the Gmb interface.
1.3.6 Gx Interface
This describes the functions and the protocol stack of the Gx interface.
1.3.1 Gn/Gp Interface

This describes the functions and the protocol stacks of the Gn/Gp interface.
In two-tunnel mode, the Gn/Gp interface is the signaling plane interface and user plane
interface between the serving GPRS support node (SGSN) and the GGSN. In direct-tunnel
mode, the Gn/Gp interface is the signaling plane interface between the SGSN and the GGSN,
and the user plane interface between the radio network controller (RNC) and the GGSN.
The Gn interface is between the GPRS support nodes (GSNs) within the same public land
mobile network (PLMN). The Gp interface is between the GSNs in different PLMNs. The Gn
interface and Gp interface have the same protocol hierarchy. See Figure 1-3 and Figure 1-4.
Figure 1-3 Signaling plane protocol stack of the Gn/Gp interface
GTP-C GTP-C
UDP UDP
IP IP
L2 L2
L1 L1
SGSN Gn/Gp GGSN

Figure 1-4 User plane protocol stack of the Gn/Gp interface
GTP-U GTP-U
UDP UDP
IP IP
L2 L2
L1 L1
SGSN
Gn/Gp GGSN
/RNC
The GPRS Tunneling Protocol (GTP) contains the GTP control plane (GTP-C) and the GTP
user plane (GTP-U).
In the GTP-C plane, tunnels are created, modified, and deleted through signaling.
In the GTP-U plane, the tunneling mechanism is used to transfer user packets.
In the GTP user plane, the GGSN9811 supports GTPv0 and GTPv1 and allows the switchover
between GTPv0 and GTPv1. In the GTP signaling plane, the GGSN9811 supports only
GTPv0.
1.3.2 Gi Interface
This describes the functions and the protocol stack of the Gi interface.
Gi is the interface between the GGSN and the packet data network (PDN). The GGSN9811
supports two access modes for Internet Protocol (IP) users and Point-to-Point Protocol (PPP)
users.
IP Access
Figure 1-5 shows the protocol stack of the Gi interface for IP users.

Figure 1-5 Protocol stack of the Gi interface
IP IP
L2
Packet domain bearer
L1
GGSN
Gi
For IP users, the GGSN9811 provides two modes for mobile stations (MSs) to access the
external PDN, namely, transparent access mode and non-transparent access mode. Figure 1-6
and Figure 1-7 show the protocol stacks for the transparent access mode and the
non-transparent access mode, respectively.
Figure 1-6 Protocol stack of the Gi interface in transparent access mode
Intranet Intranet
protocol protocol
IP IP IP IP
PPP PPP
Packet domain bearer L2 L2
or L2 or L2
TE MT GGSN Intranet
Gi
Figure 1-7 Protocol stack of the Gi interface in non-transparent access mode
DHCP/ DHCP/
PPP/L2 PPP/L2 SM SM GTP-C GTP-C RADIUS RADIUS
UDP UDP
IP IP
Phy. Phy. Lower Lower Lower Lower Lower Lower

layer layer layers layers layers layers layers layers
TE MT SGSN GGSN Intranet/

Gi ISP
PPP Access
Figure 1-8 shows the protocol stack of the Gi interface for PPP users.

Figure 1-8 Protocol stack of the Gi interface
e.g.
L2TP
PPP PPP-NCP
supported
UDP
protocol
or PPP
IP
Packet domain bearer L2
L1
GGSN Gi
For PPP users, the GGSN9811 provides two modes for MSs to access the external PDN,
namely, PPP termination mode and PPP relay mode. Figure 1-9 and Figure 1-10 show the
protocol stacks for the PPP termination mode and the PPP relay mode, respectively.
Figure 1-9 Protocol stack of the Gi interface in PPP termination mode
DHCP/ DHCP/
RADIUS RADIUS
PPP PPP UDP UDP
IP IP
Lower Lower
Phy.layer Packet domain bearer
layers layers
TE MT SGSN GGSN Gi Intranet/ISP

Figure 1-10 Protocol stack of the Gi interface in PPP relay mode
e.g.L2TP e.g.L2TP
PPP PPP UDP UDP
IP IP
Lower Lower
Phy.layer Packet domain bearer
layers layers
GGSN
TE MT SGSN Gi LNS
(LAC)
1.3.3 Ga Interface
This describes the functions and the protocol stack of the Ga interface.
Ga is the interface between the GPRS support node (GSN) and the charging gateway
functionality (CGF). It runs the GTP' protocol to send charging data records (CDRs) that are
generated by a network element or functional entity to the CGF.
Figure 1-11 shows the protocol stack of the Ga interface.
Figure 1-11 Protocol stack of the Ga interface
G-CDRs G-CDRs
GTP' GTP'
UDP/TCP UDP/TCP
IP IP
L2 L2
L1 L1
GGSN Ga CGF
1.3.4 Gy Interface
This describes the functions and the protocol stack of the Gy interface.
Gy is the interface between the GGSN and the online charging system/credit control function
(OCS/CCF). It communicates based on the Diameter protocol and is used for online charging
control. The GGSN interacts with the OCS through the Gy interface to realize credit control
for content-based charging users and non-content-based charging users.
Figure 1-12 shows the protocol stack of the Gy interface.

Figure 1-12 Protocol stack of the Gy interface
Diameter credit Diameter credit

control application control application
Diameter base protocol Diameter base protocol
TCP TCP
IP / IPSec IP / IPSec
L2 L2
L1 L1
GGSN Gy OCS/CCF
1.3.5 Gmb Interface

This describes the functions and the protocol stack of the Gmb interface.
Gmb is the interface between the GGSN and the broadcast/multicast service center (BM-SC).
It communicates based on the Diameter protocol and is used to provide the control plane
function of the multimedia broadcast/multicast service (MBMS). Through the Gmb interface,
the GGSN exchanges the following signaling with the BM-SC:
MBMS bearer context setup and release signaling
MBMS session start and stop signaling sent by the BM-SC to the GGSN
Figure 1-13 shows the protocol stack of the Gmb interface.
Figure 1-13 Protocol stack of the Gmb interface
Diameter Base Protocol Diameter Base Protocol

TCP TCP
IP/ IPSec IP/ IPSec
L2 L2
L1 L1
GGSN Gmb BM-SC
1.3.6 Gx Interface
This describes the functions and the protocol stack of the Gx interface.
Gx is the interface between the GGSN and the policy charging rules function (PCRF). It
communicates based on the Diameter protocol. As the policy and charging enforcement
function (PCEF), the GGSN interacts with the PCRF through the Gx interface to realize
policy and charging control (PCC) function.
Figure 1-14 shows the protocol stack of the Gx interface.

Figure 1-14 Protocol stack of the Gx interface
Gx application Gx application
Diameter base protocol Diameter base protocol
TLS TLS
TCP TCP
IP/IPSec IP/IPSec
L2 L2
L1 L1
GGSN Gx PCRF
1.4 Supported Protocols

This describes the supported protocols of the GGSN9811. The GGSN9811 provides open and
standard protocol interfaces. These interfaces support multiple protocols and can connect the
GGSN9811 to multiple types of devices. Thus, the GGSN9811 possesses strong and flexible
networking capability.
Table 1-1 lists the protocols supported by the GGSN9811.
Table 1-1 Protocols supported by the GGSN9811

Protocol Function Standard or Protocol
The GPRS
Tunneling Protocol
(GTP) is used to set GSM 09.60, General Packet Radio Service (GPRS);
up, maintain, or GPRS Tunneling Protocol (GTP) across the Gn and
delete GTP tunnels Gp Interface
between the GGSN
and the SGSN. The GSM 09.61, Interworking between the Public Land
GGSN9811 can Mobile Network (PLMN) supporting GPRS and
interact with the Packet Data Networks (PDN)
external packet 3GPP TS 29.060, General Packet Radio Service
GTP/GTP' data network (GPRS); GPRS Tunneling Protocol (GTP) across the
(PDN) through Gn and Gp interface
GTP. 3GPP TS 32.215, 3G Telecom Management;
The GTP' protocol Charging Management; Charging Data Description
is used to send For The Packet Switched (PS) Domain
charging data 3GPP TS 29.061, Interworking between the Public
records (CDRs) Land Mobile Network (PLMN) supporting Packet
that are generated Based Services and Packet Data Networks (PDN)
by a network
element or
functional entity to


the charging
gateway
functionality
(CGF).
The Remote
Authentication Dial
in User Service IETF RFC 2865, Remote Authentication Dial In
(RADIUS) protocol User Service (RADIUS)
is used for IETF RFC 2866, RADIUS Accounting
RADIUS
authentication, 3GPP TS 29.061, Interworking between the Public
authorization, and Land Mobile Network (PLMN) supporting Packet
accounting between Based Services and Packet Data Networks (PDN)
the GGSN and the
RADIUS server.
The Point-to-Point
Protocol (PPP) is a
Layer 2 link
protocol, through
which the Layer 2
negotiation through IETF RFC 1661, The Point-to-Point Protocol (PPP)
the Link Control
Protocol (LCP), IETF RFC 1332, The PPP Internet Protocol Control
Layer 3 negotiation Protocol (IPCP)
through IP over IETF RFC 1334, PPP Authentication Protocols
PPP PPP (IPCP), and IETF RFC 1994, PPP Challenge Handshake
authentication Authentication Protocol (CHAP)
through the
Password 3GPP TS 29.061, Interworking between the Public
Authentication Land Mobile Network (PLMN) supporting Packet
Protocol/Challenge Based Services and Packet Data Networks (PDN)
Handshake
Authentication
Protocol
(PAP/CHAP) can
be performed.
The Layer 2
Tunneling Protocol
(L2TP) is used to
set up Layer 2
virtual private
networks (VPNs)
and L2TP tunnels IETF RFC 2661, Layer Two Tunneling Protocol
L2TP
between the L2TP "L2TP"
network server
(LNS) and the
GGSN that serves
as the L2TP access
concentrator
(LAC).
IPSec The IP Security IETF RFC 2402, IP Authentication Header


(IPSec) protocol is IETF RFC 2403, The Use of HMAC-MD5-96 within
used to ensure the ESP and AH
security of the data ETF RFC 2404, The Use of HMAC-SHA-1-96
transmitted within ESP and AH
between the GGSN
and the related IETF RFC 2405, The ESP DES-CBC Cipher
devices. It can Algorithm With Explicit IV
ensure the IETF RFC 2406, IP Encapsulating Security Payload
confidentiality, (ESP)
integrity, IETF RFC 2407, The Internet IP Security Domain of
authenticity, and Interpretation for ISAKMP
anti-replay of data
packets transmitted IETF RFC 2408, Internet Security Association and
on the network. Key Management Protocol (ISAKMP)
IETF RFC 2409, The Internet Key Exchange (IKE)
IETF RFC 2410, The NULL Encryption Algorithm
and Its Use with IPSec
IETF RFC 2411, IP Security Document Roadmap
IETF RFC 2412, The OAKLEY Key Determination
Protocol
IETF RFC 2104, HMAC: Keyed-Hashing for
Message Authentication
IETF RFC 1191, Path MTU Discovery
The File Transfer
Protocol (FTP) is
used to transmit IETF RFC 0959, FILE TRANSFER PROTOCOL
FTP
files between the (FTP)
GGSN and other
devices.
The basic Diameter
protocol offers a
secure, reliable,
and easily extended
IETF RFC 3588, Diameter Base Protocol IETF RFC
Diameter frame for
4006, Diameter Credit-Control Application
authentication,
authorization, and
accounting
services.
The volume-based
or time-based
online
content-based 3GPP TS 23.125, Overall High Level Functionality
Diameter and Architecture Impacts of Flow Based Charging
charging is realized
Online
through interaction 3GPP TS 32.299, Charging Management; Diameter
Charging
with the online charging applications
charging system
(OCS) through the
Gy interface.


3GPP TS 23.246, Multimedia Broadcast/Multicast
Service (MBMS); Architecture and Functional
The unidirectional Description
point-to-multipoint 3GPP TS 29.060, General Packet Radio Service
MBMS multimedia (GPRS); GPRS Tunnelling Protocol (GTP) across
services are the Gn and Gp interface
provided. 3GPP TS 29.061, Interworking between the Public
Land Mobile Network (PLMN) supporting Packet
Based Services and Packet Data Networks (PDN)
3GPP TR 23.803 v700 Evolution of policy control
and charging
3GPP TS 23.203 v760 Policy and charging control
architecture
The policy and
3GPP TS 29.212 v740 Policy and Charging Control
charging control
PCC over Gx reference point
function is
provided. 3GPP TS 29.213 v740 Policy and Charging
Control signalling flows and QoS parameter
mapping
3GPP TS 29.214 v740 Policy and Charging
Control over Rx reference point
1.5 Physical Interfaces

This describes the physical interfaces of the GGSN9811. The GGSN9811 provides multiple
types of physical interfaces.
1.5.1 Interface Types
This describes the types of physical interfaces provided by the GGSN9811. The GGSN9811
provides the following physical interfaces: 10/100M auto-sensing Ethernet electrical
interfaces, 1000M Ethernet GBIC optical interfaces (1000BASE-GBIC), 1000M Ethernet
GBIC electrical interfaces (1000BASE-GBIC), and 10G Ethernet Optical Interfaces.
1.5.2 Interface Specifications
This describes the specifications for the interfaces provided by the GGSN9811.
1.5.1 Interface Types

This describes the types of physical interfaces provided by the GGSN9811. The GGSN9811
provides the following physical interfaces: 10/100M auto-sensing Ethernet electrical
interfaces, 1000M Ethernet GBIC optical interfaces (1000BASE-GBIC), 1000M Ethernet
GBIC electrical interfaces (1000BASE-GBIC), and 10G Ethernet Optical Interfaces.
The physical interfaces of the GGSN9811 are provided by the Line Processing Unit (LPU).
Table 1-2 lists the quantities and functions of the interfaces on the LPU.

Table 1-2 Quantities and functions of the physical interfaces on the GGSN9811
Quantity
Type Function
(Maximum)
10/100M
Physical interfaces to an external network or
auto-sensing
24 devices in the external network, such as the
Ethernet electrical
SGSN, PDN, AAA server, and CG
interfaces
1000M Ethernet
GBIC optical
interfaces
(1000BASE-GBIC)
1000M Ethernet
GBIC electrical
interfaces
(1000BASE-GBIC)
10G Ethernet
Optical Interfaces
The quantity in GGSN9811 refers to the quantity of a type of interfaces on one LPU.
1.5.2 Interface Specifications

This describes the specifications for the interfaces provided by the GGSN9811.
Table 1-3, Table 1-4, Table 1-5, and Table 1-6 list the specifications for the interfaces.
Table 1-3 Specifications for 10/100M auto-sensing Ethernet electrical interfaces
Item Specification
Connector type RJ45
10/100M auto-sensing
Operating mode
Half duplex and full duplex
Maximum
100 m
transmission distance
Applied cable Enhanced category 5 shielded twisted pair
Standard compliance IEEE802.3z
Frame format Ethernet_II, Ethernet_SAP, and Ethernet_SNAP
Network protocol IP

Table 1-4 Specifications for 1000M Ethernet SFP optical interfaces (1000Base-X-SFP)
Item Specification
Connector
LC/PC
type
Operating
1000M full duplex
mode
Standard
complianc IEEE 802.3z
e
Frame
Ethernet_II, Ethernet_SAP, and Ethernet_SNAP
format
Network
IP
protocol
Maximum 0.5km 10km 40km 40km 80km 100km
transmissi
on
distance
Center 850nm 1310nm 1310nm 1550nm 1550nm 1550nm
wavelengt
h
Minimum –9.5dBm –9.5dBm –4.5dBm –4.0dBm –2.0dBm 0dBm
transmittin
g optical
power
Maximum –2.5dBm –3.0dBm 3.0dBm 1.0dBm 5.0dBm 5.0dBm
transmittin
g optical
power
Receiver –17.0dBm –20.0dBm –22.5dBm –21.0dBm –23.0dBm –30.0dBm
sensitivity
Overload 0dBm –3.0dBm –3.0dBm –3.0dBm –3.0dBm –9.0dBm
optical
power
Fiber type Multi-mod Single-mo Single-mo Single-mo Single-mo Single-mo
e de de de de de
Table 1-5 Specifications for 1000M Ethernet SFP electrical interfaces (1000Base-X-SFP)
Item Specification
Connector type RJ45

Operating mode 1000M full duplex

Item Specification
Maximum transmission
100 m
distance
Applied cable Enhanced category 5 shielded twisted pair
Standard compliance IEEE802.3z
Network protocol IP
Table 1-6 Specifications for the 10G Ethernet optical interfaces (10GBase LAN/WAN-XFP)
Item Specification
Connector type LC/PC
Operating mode 10G full duplex
Standard
IEEE 802.3ae
compliance
Network
IP
protocol
Maximum 0.3 km 10 km 40 km 80 km
transmission
distance
Center 850 nm 1310 nm 1550 nm 1550 nm
wavelength
Minimum -7.3 dBm -6.0 dBm -1.0 dBm 0 dBm
transmitting
optical power
Maximum -1.3 dBm -1.0 dBm 2.0 dBm 4.0 dBm
transmitting
optical power
Receiver -7.5 dBm -11.0 dBm -15.0 dBm -24.0 dBm
sensitivity
Overload -1.0 dBm 0.5 dBm -1.0 dBm -7.0 dBm
optical power
Fiber type Multi-mode Single-mode Single-mode Single-mode

Product Description 2 Product Features
2 Product Features
About This Chapter

This describes the features of the GGSN9811: carrier-class platform, high reliability, security,
large capacity, and customized operation and maintenance (OM) system.
2.1 Carrier-Class Platform
This describes the carrier-class platform feature of the GGSN9811. The hardware platform
provides high reliability and large data throughput. The software platform seamlessly
integrates wireless telecommunication technologies and data communication technologies.
2.2 High Reliability
This describes the high reliability feature of the GGSN9811. Reliability is crucial for both
operators and end users. Therefore, the GGSN9811 is designed by considering reliability in
terms of hardware, software, and networking to ensure normal running.
2.3 Security
This describes the security feature of the GGSN9811. The requirements for security is taken
into consideration for the design of the GGSN9811 and multiple measures are adopted to
protect profits of operators and end users.
2.4 Large Capacity
This describes the large capacity feature of the GGSN9811. The GGSN9811 with the design
of large capacity can help operators to arrange investment effectively.
2.5 Customized Operation and Maintenance System
This describes the customized operation and maintenance (OM) system feature of the
GGSN9811. The GGSN9811 provides powerful OM functions.
2.1 Carrier-Class Platform

This describes the carrier-class platform feature of the GGSN9811. The hardware platform
provides high reliability and large data throughput. The software platform seamlessly
integrates wireless telecommunication technologies and data communication technologies.
The hardware platform of the GGSN9811 is Huawei Universal Switching Router (USR). The
USR is a carrier-class network switching device which is compliant with the industry

2 Product Features Product Description
standards. Developed on the basis of Huawei Versatile Routing Platform (VRP), the software
of the GGSN9811 inherits the integrated routing technology, IP quality of service (QoS),
virtual private network (VPN), and security technology of the VRP and perfects the functions
specific to applications in wireless telecommunication.
By means of the USR hardware platform that boasts high reliability and large data throughput
and the software platform that seamlessly integrates wireless telecommunication technologies
and data communication technologies, the GGSN9811 presents an ideal and flexible solution
for wireless data communication to network operators.
2.2 High Reliability

This describes the high reliability feature of the GGSN9811. Reliability is crucial for both
operators and end users. Therefore, the GGSN9811 is designed by considering reliability in
terms of hardware, software, and networking to ensure normal running.
Hardware reliability
The GGSN9811 supports hot plugging and hot backup of key boards, possesses a
double-channel power supply system, and is protected from over-voltage and
over-current.
The DMPU subcards can work in load-sharing mode. Therefore, when one DMPU
subcard is faulty, the other DMPU subcard takes over all services, and the system
triggers a fault alarm. If the DMPU subcards are required but unavailable or if the
DMPU subcards are overloaded, the system triggers an alarm.
Software reliability
The GGSN9811 is capable of overload control, traffic control, resource check, , system
software backup, configuration files checkand automatic fault detection. This ensures
reliable running. The unique charging data record (CDR) cache function guarantees a
reliable billing system. The hot patch technology helps to ensure the normal software
running.
Networking reliability
The route backup and router load sharing functions can prevent single point failure on
networks, thus helping to build highly reliable networks. The Eth-trunk function can
prevent failure of a single port from affecting services.
Operation and Maintenance Reliability
SSL: The GGSN9811 ensure data confidentiality between LMT and M2000.
When the GGSN9811 upgrade failed, it can rollback previous version automatically. In
this way, the service restore time can be reduce.
GGSN provides patch rollback function to ensure the reliability of running patch.
2.3 Security
This describes the security feature of the GGSN9811. The requirements for security is taken
into consideration for the design of the GGSN9811 and multiple measures are adopted to
protect profits of operators and end users.
The same as reliability, security is concerned by operators and end users. The requirements for
security is fully considered for the design of the GGSN and the following measures are taken:

Product Description 2 Product Features
Strict verification of operator identity

Point-to-Point Protocol (PPP) security verification by the Password Authentication
Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) modes
Packet filtering and access control list (ACL) mechanism to filter packets based on
preset conditions
Gi interface redirection function, which can offer defense against attacks that are based
on protocol packets between mobile users in one GGSN
IP Security (IPSec) protocol, which provides IP packets with high-quality, interoperable,
and cryptology-based security
The SSL feature can be implemented on the GGSN when the GGSN communicates with
the M2000 or local maintenance terminal (LMT) to enhance security through encryption.
Thus, the man-machine language (MML) channel, binary channel, and File Transfer
Protocol (FTP) file transfer channel between the GGSN and the M2000 or LMT are
encrypted
2.4 Large Capacity

This describes the large capacity feature of the GGSN9811. The GGSN9811 with the design
of large capacity can help operators to arrange investment effectively.
Huawei Universal Switching Router (USR), a fifth-generation core router, is the hardware
platform of the GGSN9811. In Huawei USR, the signaling/control plane is separated from the
data plane. That is, the signaling/control plane consists of multiple high-performance
universal processors. The data plane consists of multiple high-performance and
high-forwarding-capability network processors (NPs).
The fully-configured GGSN9811 can activate 5000000 Packet Data Protocol (PDP) contexts
at the same time. The data throughput can reach 50 Gbit/s.
2.5 Customized Operation and Maintenance System

This describes the customized operation and maintenance (OM) system feature of the
GGSN9811. The GGSN9811 provides powerful OM functions.
Various Management Methods

The OM system of the GGSN9811 allows you to customize a network management system
based on the network structure, management requirements, and investment scale. Based on a
client/server distributed architecture, maintenance is available through the graphic user
interface (GUI) client, centralized network maintenance interfaces, and command line
interface (CLI). The GGSN9811 supports simultaneous multi-user access at local and remote
ends.
User-Friendly GUI
The GUI helps to provide a user-friendly and convenient OM interface. Operations are
simplified through the graphic network topology view and device panel view. Frequent
operations can be performed by selecting items from the menu.

2 Product Features Product Description
Message Tracing
The GGSN9811 allows signaling message tracing, data packet tracing, interface message
tracing, user message tracing, and message explanation.
Customizable Performance Measurement

The GGSN9811 can display performance measurement data in the form of lists and graphics.
It also supports background performance data collection.
Remote Management
The GGSN9811 supports various remote management functions, including online software
patching, online commissioning, remote maintenance, and dynamic data setting.
Real-Time Fault Management

The GGSN9811 can receive and display network device fault reports in real time. It provides
real-time audible or visual alarms through the topology view, alarm panel, and alarm box. The
GGSN9811 provides detailed fault reports, and the fault management system with leveled
filtering functions. This enables you to determine fault causes quickly. After determining fault
causes, you can clear faults by following the instructions provided in the online help.
Comprehensive Online Help

The online help provides help information on the OM system and alarm handling. Thus, you
can be familiar with the operation and maintenance of the GGSN9811 quickly.

Product Description 3 System Structure
3 System Structure
About This Chapter

This describes the physical and logical structures of the GGSN9811.
3.1 Physical Structure
This describes the cabinet, subrack, and boards of the GGSN9811.
3.2 Logical Structure
This describes the logical structure of the GGSN9811. The logical structure of the GGSN9811
consists of the access management (AM), charging management (CM), service management
(SM), platform service (PS), operation and maintenance (OM), and local maintenance
terminal (LMT) modules.
3.1 Physical Structure

This describes the cabinet, subrack, and boards of the GGSN9811.
3.1.1 Cabinet
This describes the N68E-22 cabinet. Its dimensions are 2200 mm (H) x 600 mm(W) x 800
mm (D).
3.1.2 Subrack
This describes the GGSN9811 subrack. The design of the GGSN9811 subrack complies with
the IEC297 standard. Its dimensions are 886.00 mm (H) x 442.00 mm (W) x 669.00 mm (D).
3.1.3 Boards
This describes the boards of the GGSN9811. The GGSN9811 consists of four types of boards:
Switching Route Unit (SRU), Switching Fabric Unit (SFU), Service Processing Unit (SPU),
and Line Processing Unit (LPU).
3.1.1 Cabinet
This describes the N68E-22 cabinet. Its dimensions are 2200 mm (H) x 600 mm(W) x 800
mm (D).

3 System Structure Product Description
The design of the cabinet complies with the International Electrotechnical Commission 297
(IEC297) and Institute of Electrical and Electronics Engineers (IEEE) standards. The modular
structure is used, thus facilitating the capacity expansion and maintenance. In addition, the
electromagnetic compatibility is fully considered in the design of the cabinet and
electromagnetic shielding interfaces are used.
Figure 3-1 shows the N68E-22 cabinet.
Figure 3-1 N68E-22 cabinet
Figure 3-2 shows the layout of the typically configured cabinet.

Figure 3-2 Hardware layout of the GGSN9811
Power distribution box (3 U) Power distribution box (3 U)
LAN Switch cabling frame (1 U) LAN Switch cabling frame (1 U)

Filler panel (2 U)
LAN Switch S6502）(3 U) ）
LAN Switch S3928 (1 U)
High capacity fiber rack (1 U) High capacity fiber rack (1 U)
Filler panel (1 U) Filler panel (1 U)
LAN Switch S6502 (3 U) Filler panel (2 U)

LAN Switch S3928 (1 U)
Firewall (3 U) Firewall (3 U)
Firewall (3 U) Firewall (3 U)

Filler panel (1 U) Filler panel (1 U)
subrack (20 U) subrack (20 U)

1 U = 44.45 mm = 1.75 in.
The GGSN9811 subrack must be available and the SRU, SFU, SPU, and LPU of the
GGSN9811 are inserted in this subrack.
3.1.2 Subrack
This describes the GGSN9811 subrack. The design of the GGSN9811 subrack complies with
the IEC297 standard. Its dimensions are 886.00 mm (H) x 442.00 mm (W) x 669.00 mm (D).
Figure 3-3 shows the subrack and Figure 3-4 shows the components installed in the subrack.
Figure 3-3 GGSN9811 subrack

Figure 3-4 Components in the GGSN9811 subrack
8
3
7
4
6
5
1. Plastic panel of the 2. Fan 3. Board 4. Air intake 5. Power system

fan module module area frame panel
6. Power supply module 7. Handle 8. Angle 9. Cabling
trough
The GGSN9811 uses the integrated subrack design. Table 3-1 lists the main components in
the GGSN9811 subrack.
Table 3-1 Main components in the GGSN9811 subrack
Component Description
Fan module It is covered with a plastic panel and is used to dissipate heat of the
GGSN9811.

Component Description
Power supply It is covered with a plastic panel. Each subrack must be equipped
module with two power supply modules that work in load-sharing mode.
The GGSN9811 provides only the DC power supply system.
Air intake frame It works with the fan module to dissipate heat of the GGSN9811.
Cable It consists of the internal cable set, fibers, and external cable set.
The internal cable set refers to power cables and signal cables.
3.1.3 Boards
This describes the boards of the GGSN9811. The GGSN9811 consists of four types of boards:
Switching Route Unit (SRU), Switching Fabric Unit (SFU), Service Processing Unit (SPU),
and Line Processing Unit (LPU).
The SRU is the core circuit board of system management. The SFU performs the service data
switching function of the entire system. The SPU performs the service processing function.
The LPU provides physical interfaces through which the GGSN9811 can be connected to
external network elements (NEs) or external networks.
The board slots are vertical. There are 12 board slots, and thus up to 12 boards can be inserted.
The configuration principle of boards is as follows:
Two SRUs must be inserted in slots 9 and 10.
Two SFUs must be inserted in slots 11 and 12.
Based on actual requirements, insert one, two, three or four LPUs. For the cabling
convenience of the cabinet, slots 1, 2, 3 and 4 are reserved for LPUs.
Based on actual requirements, insert two to six SPUs. The two adjacent SPUs are one
pair. The pairs of SPUs can be inserted in slots 3 and 4, slots 5 and 6, and slots 7 and 8.
Figure 3-5 shows a typical layout of boards in the GGSN9811 subrack.

Figure 3-5 Layout of boards in the GGSN9811 subrack
1 2 3 4 9 11 10 5 6 7 8
SFU
LPU LPU SPU SPU SRU SRU SPU SPU SPU SPU
SFU
1 2 3 4 9 12 10 5 6 7 8
SRU
The SRUs control and manage the system in a centralized manner and they work in 1+1
backup mode. Serving as the clock source and the management and maintenance unit of the
system, the SRUs provide the functions of the control plane and the system maintenance plane.
The SRUs are composed of the main processing units (MPUs) and SFU modules. The two
SFU modules on the two SRUs and two SFUs work in load-sharing mode.
SFU
The SFUs support quick data exchange. Working in load-sharing mode, the SFUs can support
640 Gbit/s (160 Gbit/s x 4) switching traffic.
The GGSN9811 is equipped with two SFUs, and two SFU modules are located on the two
SRUs.
SPU
The SPUs perform functions such as service control, user packet forwarding, charging
information collection, quality of service (QoS), and content parse. The SPUs can be
configured to work in 1+1 backup mode or load-sharing mode. The operating mode failover is
controlled by the bam.ini file.
LPU
The LPUs provide physical interfaces through which the GGSN9811 can be connected to NEs
such as the serving GPRS support node (SGSN), authorization, authentication and accounting
(AAA) server, and charging gateway (CG) or connected to external networks such as the
packet data network (PDN). The trunk operating mode of physical interfaces can be
configured to work in either 1+1 backup mode or load-sharing mode.
At present, the GGSN9811 can provide the following types of LPUs:

10/100M Fast Ethernet (FE) electrical interface board

1000M Gigabit Ethernet (GE) optical/electrical interface board
10G Ethernet optical interface board
Table 3-2 lists the specifications of the three types of physical interface boards.
Table 3-2 Specifications of the three types of LPUs
Type of the LPU Interface Type Interface Quantity Transmission

Rate
10/100M FE FE 24 10/100 Mbit/s
electrical interface
board
1000M GE GE 24 10/100/1000 Mbit/s
optical/electrical
interface board
10G Ethernet optical GE 1 10 Gbit/s
interface board
The LPUs are composed of three modules: LPU module, switching network fabric adaptor
(FAD) module, and physical interface card (PIC) module.
The three modules work together to process and forward service data quickly. In addition,
they maintain and manage link protocols and forwarding information base (FIB) tables.
3.2 Logical Structure

This describes the logical structure of the GGSN9811. The logical structure of the GGSN9811
consists of the access management (AM), charging management (CM), service management
(SM), platform service (PS), operation and maintenance (OM), and local maintenance
terminal (LMT) modules.
Figure 3-6 shows the logical structure of the GGSN9811.

Figure 3-6 Logical structure of the GGSN9811
AM
OM CM
LMT
SM
PS
AM
This module performs functions such as user access control, user authentication and
authorization, address assignment, and Packet Data Protocol (PDP) context management.
In addition, the GGSN9811 enables multiple user access modes.
CM
This module processes charging protocols and manages charging data records (CDRs).
In addition, the CM system works with external charging gateways (CGs) and external
charging systems to charge users.
SM
This module obtains and controls policies of user data flows.
PS
This module distributes and processes signaling packets and data packets of the
GGSN9811; it works with the relevant modules to implement charging and service
control; it performs functions such as system support and routing.
OM
This module performs OM functions such as data configuration management, device
management, performance management, alarm management, and security management.
LMT
This module provides graphical user interfaces (GUIs).

Product Description 4 Services and Functions
4 Services and Functions
About This Chapter

This describes the abundant services and functions provided by the GGSN9811. These
services and functions can meet various requirements for networking and services.
4.1 Routing
This describes the routing function of the GGSN9811. The GGSN is a gateway between the
GPRS/UMTS network and the packet data network (PDN). For the devices in the PDN, the
GGSN is a router that can route the IP addresses of all users in the GPRS/UMTS network.
4.2 APN
This describes the access point name (APN) function of the GGSN9811. The APN is a
network identifier defined by the general packet radio service/universal mobile
telecommunications system (GPRS/UMTS).
4.3 Accessing the PDN
This describes the service provided by the GGSN9811 for accessing the packet data network
(PDN). The GGSN connects mobile stations (MSs) to the external PDN to provide
Internet/Intranet access services.
4.4 GTP
This describes the GPRS Tunneling Protocol (GTP) function of the GGSN9811. GTP tunnels
are used to forward data between the SGSN and the GGSN.
4.5 Direct Tunnel
This describes the direct tunnel function of the GGSN9811. In direct-tunnel mode, the GTP-U
tunnel is directly established between the RNC and the GGSN, and the SGSN is not involved
in data transmission in the user plane.
4.6 VPN
This describes the virtual private network (VPN) service provided by the GGSN9811. The
GGSN9811 supports tunneling technologies such as multi-protocol label switch (MPLS),
Generic Routing Encapsulation (GRE), and Layer 2 Tunneling Protocol (L2TP). An operator
can select a suitable security solution to set up a virtual private network (VPN).
4.7 Security

4 Services and Functions Product Description
This describes the security function of the GGSN9811. The GGSN9811 supports the
realization of multiple security policies.
4.8 QoS
This describes the quality of service (QoS) function supported by the GGSN9811.
4.9 Charging
This describes the charging function of the GGSN9811. The GGSN9811 can provide
abundant charging functions and enable operators to charge users flexibly.
4.10 DPI
Through the deep packet inspection (DPI) technology, the GGSN8911 can analyze the data of
the application layer protocols and obtain valuable information for service resolution and
control.
4.11 Service Redirection
This describes the service redirection function of the GGSN9811. The GGSN9811 supports
two types of service redirection functions, that is, captive portal and web proxy.
4.12 Service Report
This describes service report function of the GGSN9811. The GGSN interworks with an
external Service Usage Reporter (SUR) to implement the service report function. The GGSN
collects service data records and sends the records to the SUR. The SUR analyzes the records
and generates service reports.
4.13 PCC
The GGSN9811 supports the policy and charging control (PCC) feature and provides a PCC
solution.
4.14 MBMS
This describes the multimedia broadcast/multicast service (MBMS) of the GGSN9811. The
MBMS is defined by the 3rd Generation Partnership Project (3GPP) for unidirectional
point-to-multipoint multimedia services.
4.15 IPv6
The GGSN9811 supports basic IPv6 access function. It supports the IPv6 bearer on the user
plane but not the IPv6 features on the signaling plane.
4.16 Other Services and Functions
This describes the other services and functions of the GGSN9811. The GGSN9811 supports
multiple IP address assignment modes and the Network Time Protocol (NTP) function, and
the Simple Network Management Protocol (SNMP) V1/V2/V3.
4.1 Routing
This describes the routing function of the GGSN9811. The GGSN is a gateway between the
GPRS/UMTS network and the packet data network (PDN). For the devices in the PDN, the
GGSN is a router that can route the IP addresses of all users in the GPRS/UMTS network.
The GGSN9811 supports the following main routing technologies:

Static routing
Default routing
RIPv1/v2
OSPFv2
IS-IS
BGP-4
Routing policy
Route backup
MS downlink route distribution
4.2 APN
This describes the access point name (APN) function of the GGSN9811. The APN is a
network identifier defined by the general packet radio service/universal mobile
telecommunications system (GPRS/UMTS).
The GGSN must be configured with an APN and the related attributes based on the packet
data network (PDN) to be accessed. Thus, mobile stations (MSs) under the APN can be
connected to the PDN. The GPRS/UMTS core network identifies a GGSN with an APN. An
APN identifies an external PDN that is connected through the GGSN, or an associated service.
The external PDNs include the Internet service provider (ISP) network and the intranet. The
services include the Internet access service and the Wireless Application Protocol (WAP)
service.
In addition to the basic functions of the APN, the GGSN9811 provides the virtual APN
function. By means of the virtual APN function, users who visit different PDNs can carry the
same APN. This APN acts as the virtual APN. Based on the different matching types
configured for the virtual APN, the GGSN9811 finds the actual APNs, and then enables the
users to access the proper PDNs. The virtual APN function settles the problem of poor service
flexibility of operators, optimizes network resources, and betters service experience of users.
The GGSN9811 also provides the alias APN function. To map the services of an APN to
another APN, operators can map the user-carried APN to an alias APN but need not modify
the planning and configuration of APNs. Different APNs can correspond to the same system
resources, facilitating distribution and combination of system resources.
4.3 Accessing the PDN

This describes the service provided by the GGSN9811 for accessing the packet data network
(PDN). The GGSN connects mobile stations (MSs) to the external PDN to provide
Internet/Intranet access services.
MSs can access the external PDN in transparent access mode or non-transparent access mode.
Transparent Access
In transparent access mode, operators serve as Internet service providers (ISPs) and provide
universal mobile telecommunications system/general packet radio service (UMTS/GPRS)
users with services such as email application and web browsing.

Figure 4-1 shows an example of the transparent access mode. The operator's IP network can
hold devices such as the world wide web (WWW) server, email server, and domain name
server (DNS). A firewall is set at the connection point with the external network to shield the
network from unauthorized access.
Figure 4-1 Example of transparent access to an external IP network
WWW server
Gi
GGSN Firewall/Proxy
GPRS/UMTS Email server DNS PDN

core network
Operator's
network
In transparent mode, the IP address assigned to the mobile user is one of the IP addresses of
the operator. The IP address can be a static IP address that is assigned when a mobile user
subscribes to a service and signs a subscription or a dynamic IP address that is assigned by the
GGSN when the Packet Data Protocol (PDP) context is activated.
The dynamic IP address can be an IP address in the internal IP address pool that is assigned to
the access point (AP) through data configuration. It can also be a dynamic IP address assigned
by the authentication, authorization and accounting (AAA) server or the Dynamic Host
Configuration Protocol (DHCP) server.
When the PDP context is activated, the MS may not carry the user identity and the GGSN
may not perform authorization or authentication for the user identity. In transparent mode,
based on the requirements of operators, the GGSN can perform authorization and
authentication for the user identity.
Non-Transparent Access
This mode is used when operators do not serve as ISPs.
Figure 4-2 shows an example of the non-transparent access mode.

Figure 4-2 Example of non-transparent access to an ISP or an intranet
AAA
Firewall server Server
Gi
GGSN Intranet
GPRS/UMTS
core network AAA WWW
server server
Internet
Email server DNS
ISP
In non-transparent access mode, the IP address assigned to the mobile user is one of the IP
addresses of the ISP or the intranet. The IP address can be a static IP address that is assigned
when the mobile user subscribes to a service and signs a subscription or a dynamic IP address
that is assigned by the GGSN when the PDP context is activated.
The dynamic IP address can be an IP address in the internal IP address pool of the GGSN. It
can also be a dynamic IP address assigned by the AAA server or the DHCP server.
When the PDP context is activated, the MS must carry the user identity and authentication
information. After receiving the activation request from the MS, the GGSN forwards the
request to the AAA server. The AAA server authenticates and authorizes the user identity.
4.4 GTP
This describes the GPRS Tunneling Protocol (GTP) function of the GGSN9811. GTP tunnels
are used to forward data between the SGSN and the GGSN.
4.4.1 GTP Tunnel
This describes the GPRS Tunneling Protocol (GTP) tunnel function of the GGSN9811. The
GTP tunnel is used to forward data between the SGSN and the GGSN.
4.4.2 GTP Signaling Function
This describes the GPRS Tunneling Protocol (GTP) signaling function of the GGSN9811. The
GTP signaling function consists of tunnel management and path management.
4.4.3 IP over GTP and PPP over GTP
This describes two Packet Data Protocol (PDP) types, namely, IP (IPv4 and IPv6) over GTP
and PPP over GTP, supported by the GGSN9811.

4.4.1 GTP Tunnel

This describes the GPRS Tunneling Protocol (GTP) tunnel function of the GGSN9811. The
GTP tunnel is used to forward data between the SGSN and the GGSN.
The data packets from the packet data network (PDN) are GTP encapsulated on the GGSN,
and then forwarded to the SGSN through the GTP tunnel between the SGSN and the GGSN.
The data packets from the SGSN reach the GGSN through the GTP tunnel. On the GGSN, the
packets are decapsulated, and then forwarded to the PDN.
The GTP tunnel is a bidirectional point-to-point connection. It is defined jointly by the tunnel
endpoint identifiers (TEIDs), User Datagram Protocol (UDP) port numbers, and IP addresses
of the nodes at the two ends.
4.4.2 GTP Signaling Function

This describes the GPRS Tunneling Protocol (GTP) signaling function of the GGSN9811. The
GTP signaling function consists of tunnel management and path management.
By means of the tunnel management function, a GTP tunnel is set up between the GGSN and
the SGSN for data transmission. That is, Packet Data Protocol (PDP) contexts are set up on
related nodes. The setup of PDP contexts consists of activation, deactivation, and update.
By means of the path management function, path management messages can be transmitted
between GSNs (GGSNs and SGSNs) to check whether the peer GSN exists. When detecting
that a path fails, the GGSN deactivates all the PDP contexts related to this path and no longer
transmits data packets through this path. When detecting that signaling or data is not
transmitted through a path for a long period, the GGSN deletes this path.
4.4.3 IP over GTP and PPP over GTP

This describes two Packet Data Protocol (PDP) types, namely, IP (IPv4 and IPv6) over GTP
and PPP over GTP, supported by the GGSN9811.
Figure 4-3 shows an example of IP (IPv4 and IPv6) over GTP and PPP over GTP. The PPP
and IP user data can be terminated on the GGSN9811 or delivered to the L2TP network server
(LNS) through a Layer 2 Tunneling Protocol (L2TP) tunnel.
Figure 4-3 Example of IP over GTP and PPP over GTP
NodeB
L2TP
SGSN GGSN
IP/PPP
RNC
NodeB Intrenet Intranet
LNS
PCU DNS
BTS BSC

In the intranet, PPP over GTP can enable enterprises to use the existing virtual private
network (VPN) gateways in fixed networks. The enterprises need not modify configuration or
networking. Thus, users in fixed networks and mobile networks can be managed in a unified
manner. In addition, for PPP over GTP, L2TP tunnels can be set up or removed in real time.
Only the VPN tunnels that are based on the Generic Routing Encapsulation (GRE) protocol
can be used because IP over GTP is used in the intranet. Thus, the VPN gateways in the
intranet must set up tunnels with all the GGSNs in advance. The configuration is relatively
complex.
Figure 4-4 Example of PPP regeneration
AAA
server
GGSN9811 L2TP tunnel LNS

IP (ip/udp/l2tp/ppp/ip)
Packet network
GGSN add PPP

encapsulation IP IP Application
as LAC server
PPP PPP The yellow part
(private ip address)
L2TP L2TP does not change in
the process
UDP UDP
IP IP IP IP
Physical Physical Physical Physical
layer layer layer layer
MS GGSN LNS Server
protocol stack
IP over GTP and PPP over GTP are two basic functions stipulated in the 3rd Generation
Partnership Project (3GPP). PPP over GTP is supported by some mobile phones and most
mobile phones support only IP over GTP. Intranet users hope to access the intranet through
existing LNS and AAA servers without changing the existing network structure and
configuration. Huawei GGSN9811 provides the PPP regeneration solution to meet these
requirements, as shown in Figure 4-4. The GGSN9811 can negotiate with the LNS and set up
PPP sessions based on user information such as the user name and password in user activation
requests. After setting up PPP sessions, the GGSN9811 PPP encapsulates IP packets for PPP
relay. Then, the start and end points of PPP are the GGSN9811 and the LNS, respectively.
4.5 Direct Tunnel

This describes the direct tunnel function of the GGSN9811. In direct-tunnel mode, the GTP-U
tunnel is directly established between the RNC and the GGSN, and the SGSN is not involved
in data transmission in the user plane.

The development of 3G services and application of the High-Speed Packet Access (HSPA)
technologies present higher requirements on the processing capability in the user plane in the
packet-switched (PS) domain of the wideband code division multiple access (WCDMA) core
network. In two-tunnel mode, the GPRS Tunneling Protocol-User plane (GTP-U) tunnel
between the RNC and the GGSN is divided into the tunnel between the RNC and the SGSN
and the tunnel between the SGSN and the GGSN. Therefore, the processing capability in the
user plane on the network elements (NEs) such as the RNC, SGSN, and GGSN must be
improved, thus increasing the capital expenditure (CAPEX) and operation expenditure (OPEX)
of operators.
The 3rd Generation Partnership Project (3GPP) provides the direct-tunnel mode for
establishing a direct GTP-U tunnel between the RNC and the GGSN. This mode decreases the
CAPEX and OPEX of operators, improves the performance in the user plane in the PS
domain of the WCDMA core network, and facilitates future network expansion.
4.6 VPN
This describes the virtual private network (VPN) service provided by the GGSN9811. The
GGSN9811 supports tunneling technologies such as multi-protocol label switch (MPLS),
Generic Routing Encapsulation (GRE), and Layer 2 Tunneling Protocol (L2TP). An operator
can select a suitable security solution to set up a virtual private network (VPN).
A private network based on the public packet-switched network is set up to enable mobile
users to access an intranet. This saves the cost for leasing expensive private lines. The VPN
features security, reliability, and manageability.
On a GPRS/UMTS network, by means of remote user authentication and tunnel data
encryption technologies, a mobile station (MS) can access an intranet securely and reliably
through a private tunnel between the GGSN and the enterprise VPN gateways.
MPLS L3 VPN
The MPLS L3 VPN provides the VPN through the IP backbone network of a service provider.
It uses the Border Gateway Protocol (BGP) to advertise VPN routes on the IP backbone
network to separate the traffic of different VPN members. Then, the MPLS is used to forward
VPN packets on the IP backbone network. The GGSN9811 supports the MPLS L3 VPN and
complies with IETF RFC2547.
L2TP VPN
The L2TP tunnel is a Layer 2 tunneling technology. It uses the IP network to set up an L2TP
tunnel and encapsulates data into Point-to-Point Protocol (PPP) packets for delivery through
the L2TP tunnel. The GGSN9811 provides the L2TP access concentrator (LAC) function. It
can also set up the VPN through the L2TP tunnel to transmit Packet Data Protocol packet data
units (PDP PDUs). The L2TP tunnel complies with RFC2661 regardless of whether the type
of the PDP PDU is PPP or IP.
GRE VPN
The GRE tunnel is based on the Layer 3 tunneling technology, which enables encapsulation of
one network layer protocol over another network layer protocol. The GGSN9811 supports the
GRE tunneling technology. Through GRE, the IP network protocol can be used to transmit
packets of upper layer protocols to realize the VPN function. The GRE tunnel complies with
RFC1702 and RFC1701.

VLAN VPN
The virtual local area network (VLAN) is a new technology to realize virtual working groups
by dividing network segments based on the logical addresses instead of the physical addresses
of the devices in a LAN. The IEEE issued the 802.1Q to standardize VLAN realization in
1999. The GGSN9811 can divide a physical interface into sub-interfaces and specify VLAN
IDs for these sub-interfaces, and thus the VLAN VPN is supported.
4.7 Security
This describes the security function of the GGSN9811. The GGSN9811 supports the
realization of multiple security policies.
4.7.1 Protocol Security Authentication
This describes the protocol security authentication. Security authentication refers to
authenticating received packets or determining whether user access is allowed.
4.7.2 IPSec
This describes IP Security (IPSec). The IPSec protocol suite is a series of protocols defined by
the Internet Engineering Task Force (IETF). It provides IP data packets with high-quality,
interoperable, and cryptology-based security.
4.7.3 Packet Filtering and ACL
This describes the functions of packet filtering and the access control list (ACL).
4.7.4 Gi Interface Redirection
This describes the Gi interface redirection function. The Gi interface redirection function can
prevent packet attacks between the users in one GGSN.
4.7.5 Anti-DDoS Protection
This describes how to prevent the distributed denial of service (DDoS) attack. The DDoS
attack is generated based on the denial of service (DoS) attack. In a DDoS attack, the
controlled network terminals attack a public port simultaneously. The damage is severe.
4.7.6 Anti-spoofing
This describes the anti-spoofing function of the GGSN9811.
4.7.7 SSL
4.7.1 Protocol Security Authentication

This describes the protocol security authentication. Security authentication refers to
authenticating received packets or determining whether user access is allowed.
The GGSN9811 supports protocol security authentication in the following scenarios:
In IP access mode, the GGSN9811 authenticates and authorizes mobile stations (MSs) by
interworking with the authentication, authorization, and accounting (AAA) server.
The GGSN9811 provides multiple authenticating methods, such as plain text
authentication, Message Digest 5 (MD5), and hashed message authentication code-MD5
(HMAC-MD5), for important routing protocols, such as Routing Information Protocol

(RIP) v2, Open Shortest Path First (OSPF), Intermediate System to Intermediate System
(IS-IS), and Border Gateway Protocol (BGP).
4.7.2 IPSec
This describes IP Security (IPSec). The IPSec protocol suite is a series of protocols defined by
the Internet Engineering Task Force (IETF). It provides IP data packets with high-quality,
interoperable, and cryptology-based security.
The devices can ensure confidentiality, integrity, authenticity, and anti-replay for data packets
when packets are transmitted on the network through encryption and data source
authentication at the IP layer.
By means of the Authentication Header (AH) and Encapsulating Security Payload (ESP)
security protocols, IPSec can address the security concerns. IPSec can also automatically
negotiate key exchange, and set up and maintain security associations (SAs) through Internet
Key Exchange (IKE) to simplify the use and management of IPSec.
The GGSN9811 supports IPSec on the Gi and Gn interfaces to authenticate or encrypt data
flows to ensure security of data packets.
The GGSN9811 supports the following IPSec functions:
Realizing Message Digest 5 (MD5) and Secure Hash Algorithm-1 (SHA-1)
authentication algorithms
Realizing data encryption standard (DES), 3DES, and advanced encryption standard
(AES) encryption algorithms
Supporting two IPSec modes: transmitting mode and tunneling mode
Realizing the AH and ESP protocols and supporting binding of AH and ESP
Realizing manual configuration of SAs or automatic negotiation of SAs through IKE
Supporting application of the IPSec policy on Generic Routing Encapsulation (GRE)
tunnels to encrypt tunnel packets
Supporting the dead peer detection (DPD) function of IPSec tunnels
Realizing the IPSec VPN by binding virtual routing and forwarding (VRF) with the
interface where the IPSec is enabled
Supporting the IPSec tunnel interface mode
Supporting the IPSec redundancy function when the IPSec tunnel interface mode is
adopted
Supporting license control on enabling or disabling the IPSec function
4.7.3 Packet Filtering and ACL

This describes the functions of packet filtering and the access control list (ACL).
By means of packet filtering and ACL, the GGSN9811 can filter incoming packets according
to preset conditions, for example, by comparing whether the source and destination IP
addresses of a packet comply with the rules, and discard unqualified ones. This can effectively
prevent invasion or packet attacks.
On the GGSN, the packet filtering policy is applied to:
Preventing the MS from attacking the devices on the GPRS/UMTS core network
The packet filtering policy enabled on the GGSN helps to discard the unqualified packets
sent to the devices in the core network, thereby ensuring the security of the core network.

For example, the traffic classification rules can define the data flow that accesses the
core network element (NE) based on the destination IP address.
Preventing mutual access between MSs
The packet filtering policy can also be enabled on the GGSN to discard the packets
transmitted between MSs. For example, the traffic classification rules can define the data
flow between MSs based on the source IP address and the destination IP address.
4.7.4 Gi Interface Redirection

This describes the Gi interface redirection function. The Gi interface redirection function can
prevent packet attacks between the users in one GGSN.
Generally, the GGSN searches for routes for the inner IP packets that are obtained by
decapsulation of the packets sent from a mobile station (MS). If the destination IP addresses
of the data packets are destined for other MSs in the same GGSN, the GGSN encapsulates and
forwards the downlink data packets instead of sending them through the Gi interface. This
poses a security concern. That is, packet attacks between the users in one GGSN cannot be
avoided.
The GGSN9811 provides the Gi redirection function to rectify this problem. When forwarding
uplink packets from users, the GGSN9811 is required to redirect packets to the Gi interface
even if the packets are being sent to other users in the same GGSN9811. The packets are
filtered by the firewall that is connected to the Gi interface, and then transmitted back to the
GGSN9811. Then, the GGSN9811 encapsulates and forwards the downlink data packets.
4.7.5 Anti-DDoS Protection

This describes how to prevent the distributed denial of service (DDoS) attack. The DDoS
attack is generated based on the denial of service (DoS) attack. In a DDoS attack, the
controlled network terminals attack a public port simultaneously. The damage is severe.
The TCP-SYN flood is one of the commonly used methods of the DDoS attack.
The setup of a Transmission Control Protocol (TCP) connection requires the three handshakes.
The connection initiator sends the SYN request to the server. After receiving the request, the
server sends the ACK/SYN message to allow setting up the connection. After receiving the
ACK/SYN message from the server, the connection initiator sends the ACK message to the
server, and thus the connection is set up. The TCP-SYN flood attack is to send a large number
of TCP SYN packets through one or multiple computers that masquerade as a user to the
server. Thus, many half-open TCP connections are set up on the server. When the TCP
connection resources on the server are exhausted, the server can no longer provide services.
This is the basic principle of the TCP-SYN flood attack. The GGSN9811 can control the TCP
SYN traffic of users to protect the server from the TCP-SYN flood attack to a certain extent.
4.7.6 Anti-spoofing
This describes the anti-spoofing function of the GGSN9811.
Generally, users communicate through their authorized IP addresses. Those who borrow IP
addresses of other users are mostly to perform illegal acts. The anti-spoofing function can
detect and discard the packets that are transferred through IP addresses of other users, thus
ensuring the security of the core network.
On the GGSN, the application of anti-spoofing is as follows:
If the source IP address of the uplink packet from a mobile user is different from the IP
address assigned to the mobile user, the GGSN regards this packet as a spoofing packet.

If the source IP address and destination IP address of the downlink packet from the
packet data network (PDN) are the same, the GGSN considers this packet as an
abnormal packet.
The GGSN computes the total number of spoofing packets in each PDP context within one
minute. If the total number exceeds the threshold, the GGSN deletes the PDP context, and
then deactivates the user.
4.7.7 SSL
SSL provides three security services:
Identity authentication
Identity authentication means checking whether the peer end is really the one with which
you want to communicate. SSL authenticates the server and the client based on digital
certificates to confirm that they are legitimate users. Both the client and the server have
an identifier, which is numbered with the public key. To verify that a user is legitimate,
SSL implements digital authentication during data exchange in the handshake stage.
Connection privacy
Connection privacy means that data is encrypted before transmission to avoid data theft
by illegitimate users. SSL ensures connection privacy by employing encryption
algorithms. Commonly used encryption algorithms are Data Encryption Standard (DES),
3DES, RC2, and RC4.
Data intactness
Data intactness means that any modification to data during transmission can be detected.
SSL sets up a secure channel between the client and the server so that all SSL-processed
data can reach the destination without being modified. SSL guarantees data intactness by
employing message digest algorithms. Commonly used message digest algorithms are
message digest 5 (MD5) and SHA-1. SHA is short for secure hash algorithm.
The SSL feature can be implemented on the GGSN when the GGSN communicates with the
M2000 or local maintenance terminal (LMT) to enhance security through encryption. Thus,
the man-machine language (MML) channel, binary channel, and File Transfer Protocol (FTP)
file transfer channel between the GGSN and the M2000 or LMT are encrypted.
4.8 QoS
This describes the quality of service (QoS) function supported by the GGSN9811.
The general packet radio service/universal mobile telecommunications system (GPRS/UMTS)
standard defines the QoS in mobile networks as the end-to-end QoS. The end-to-end QoS
depends on the QoS features of every node on the transmission path. Thus, when the traffic
passes through the IP-based GPRS/UMTS core network, the GPRS/UMTS QoS negotiated
during the context activation must be mapped to the differentiated services code point (DSCP)
field or type of service (ToS) field of the IP packet header according to a certain mapping rule.
An IP QoS performs queue scheduling to ensure the end-to-end QoS.
The GGSN9811 supports QoS negotiation and mapping. The QoS requested is carried in
the context activation request message of a mobile station (MS). The GGSN9811
performs the QoS negotiation based on the QoS information and the configurations of
the GGSN9811. The GGSN9811 maps the negotiated QoS parameter into the
differentiated services (DiffServ) priority of the IP network, fills the priority into the ToS
or DSCP field in the header of the packets, and then forwards them to an external packet

data network (PDN). The PDN schedules the IP QoS queue to ensure the QoS of the
packet service.
The GGSN9811 supports the user-based DiffServ. The services at different levels are
provided for users who have different requirements. The allocation/retention priority
(ARP) in activation requests controls the access and bearer priority of users. To meet
DiffServ requirements, the GGSN9811 provides different QoS levels based on user
levels and traffic classes.
The GGSN9811 supports the content awareness function. For rectifying the problem in
which the bearer network cannot detect the service QoS requirement, and the problem of
low usage of wireless air resources, Huawei provides a UMTS content awareness
solution on the GGSN9811 to achieve dynamic QoS policy control. The GGSN9811 can
send the QoS update request to the serving GPRS support node (SGSN) based on the
type of the user data service to achieve dynamic adjustment of the QoS. Thus, the QoS
requirements of multiple user services can be met flexibly and operators can use network
resources appropriately and effectively.
The GGSN9811 supports the alias marking function. The GGSN9811 can process the
traffic based on the operator-defined priority rules. For other network elements (NEs),
the priority levels in the QoS information remain unchanged. This function provides
operators with flexible processing of the QoS service on the GGSN9811.
The GGSN9811 supports the traffic policing function. Traffic policing is a mechanism to
restrict the bandwidth for data traffic so that the data transmission is within the specified
rate. Traffic policing is realized through the committed access rate (CAR) mechanism.
− Bearer-based uplink and downlink traffic policing: When bearer contexts are
activated or updated, the GGSN9811 polices both the uplink and downlink traffic of
the bearer contexts after determining the uplink and downlink bandwidths of the
bearer contexts. Traffic policing can be implemented by configuring the guaranteed
bit rate (GBR) and maximum bit rate (MBR).
− DSCP-based traffic policing: The GGSN9811 restricts the traffic of the packets of a
certain type based on the value of the DSCP field.
The GGSN9811 supports the traffic shaping function. Traffic shaping is a mechanism to
adjust the output traffic rate actively. The packets that do not comply with the
specifications are cached in a buffer or queue. When sufficient tokens are available in the
token bucket, the cached packets are sent regularly at the rate configured for the token
bucket.
The GGSN9811 supports the P2P/VoIP-based bandwidth management function. When
receiving service traffic from the Gn or Gi interface, the GGSN9811 identifies whether
the service is a point-to-point (P2P) or voice over IP (VoIP) service, and matches the
service with a service rule according to the service type, traffic property (traffic direction
and time period), and user property (including the RAT type and roaming attribute). Then,
the GGSN9811 performs service control and bandwidth management according to the
policy of the service rule. By managing the bandwidths of P2P and VoIP services,
operators can guarantee the QoS of subscribed P2P and VoIP services and a fair
bandwidth allocation. In this manner, bandwidths are not consumed significantly by
malicious P2P or VoIP service traffic, thus improving customer experiences.
4.9 Charging
This describes the charging function of the GGSN9811. The GGSN9811 can provide
abundant charging functions and enable operators to charge users flexibly.
4.9.1 RADIUS Accounting

This describes the Remote Authentication Dial In User Service (RADIUS) accounting
function of the GGSN9811.
4.9.2 Offline Charging
This describes the offline charging function of the GGSN9811.
4.9.3 Online Charging
This describes the online charging function of the GGSN9811.
4.9.4 Content-based Charging
This describes the content-based charging (CBC) function of the GGSN9811. CBC enables
operators to charge for the access service and the services based on contents and applications,
thus helping operators gain more profits.
4.9.5 Event-based Charging
This describes the event-based charging function of the GGSN9811. Event-based charging
means that users are charged based on the number of times that they use a specific service.
4.9.6 Envelope Reporting
This describes the envelope reporting function of the GGSN9811. By means of the envelope
reporting function, more detailed charging information can be provided for the online/offline
charging system based on the standard duration reporting.
4.9.1 RADIUS Accounting

This describes the Remote Authentication Dial In User Service (RADIUS) accounting
function of the GGSN9811.
RADIUS accounting refers that the GGSN9811 sends charging data of a mobile station (MS)
to an authentication, authorization and accounting (AAA) server and the AAA server performs
the accounting function. With the RADIUS accounting function, the GGSN9811 can
implement both non-real-time charging and quasi-real-time charging so that mobile operators
and Internet operators can separately charge users.
The GGSN allows the RADIUS server to assign IP addresses to users during RADIUS
authentication and deactivates a user after receiving the Packet of Disconnect (PoD) message
from the RADIUS server.
The GGSN9811 allows you to configure a RADIUS server for each access point name (APN).
The RADIUS servers, namely, AAA servers, can operate in active/standby mode or
load-sharing mode.
In addition, the GGSN provides some RADIUS extended functions, such as providing
charging response switch, removing the domain name from a user name, supporting 3GPP
extended attributes, obtaining user attributes and service attributes from the RADIUS server,
and supporting the setting of retransmission times and timeout interval for accounting
messages.
4.9.2 Offline Charging

This describes the offline charging function of the GGSN9811.
The GGSN9811 generates GGSN charging data records (G-CDRs) and enhanced GGSN
charging data records (eG-CDRs) and sends them to the charging gateway (CG) through the

Ga interface for processing. Then, the G-CDRs and eG-CDRs are sent to the billing system
(BS) for charging processing.
The G-CDRs and eG-CDRs are the data service records generated by the GGSN, which
record charging information about the packet data network (PDN) usage. The GGSN9811
creates and opens CDRs to start charging when Packet Data Protocol (PDP) contexts are
activated for mobile users. It closes the CDRs and stops charging when the PDP contexts are
deactivated. Each activated PDP context has its CDRs.
The GGSN9811 supports CDRs of multiple versions such as R98, R99, R4, R5, R6, and R7.
Charging Characteristic
The offline charging function provided by the GGSN9811 consists of normal charging, hot
billing, prepaid charging, and flat rate charging.
Normal charging
The normal charging is based on the data volume or duration instead of the data service
type.
Hot billing
Hot billing provides all functions of normal charging but can generate CDRs more
quickly than normal charging. You can set the time threshold and volume threshold for
generating CDRs on the GGSN9811 based on user attributes. For hot billing users, the
time threshold can be set to a small value to report CDRs in time. After the CDRs sent by
the GGSN9811 reach the CG, the CDRs containing the hot billing attribute take
precedence over other CDRs in processing by the CG.
Prepaid charging
Before availing themselves of a service, the users must pay for the service in advance.
When the account balance is insufficient for the service, the service is terminated
forcibly. Therefore, operators can quickly recover investments and improve network
resource efficiency.
Flat rate charging
Flat rate charging is also called periodical charging. It means that a user pays based on a
specific period, for example, once a month. The rate for each period, for example, a
month, remains the same. The charging system on the GGSN9811 collects only such
information as data traffic and service duration of the users who pay at a flat rate, and
then sends the data to the BS for storage. The flat rate is determined by a subscription
contract.
Charging Feature
The features of offline charging on the GGSN9811 are as follows:
The GGSN9811 generates normal CDRs on any of the following conditions:
− CDR generation based on duration
If a mobile station (MS) occupies a data connection for a long time, the GGSN9811
generates G-CDRs or eG-CDRs based on the collected charging data at a regular
interval.
− CDR generation based on traffic
The GGSN9811 generates a G-CDR or eG-CDR if the data volume reaches the preset
threshold.
− CDR generation based on number of charging condition changes

The GGSN9811 generates a G-CDR or eG-CDR if the number of times that a charging
condition such as quality of service (QoS), tariff, and routing area identifier (RAI)
changes reaches a threshold. The GGSN9811 generates a G-CDR or eG-CDR when the
radio access technology (RAT), SGSN PLMN ID, or MS time zone changes once.
− CDR generation based on number of SGSN address changes
The GGSN9811 generates a G-CDR or eG-CDR if the number of times that the IP
address of the SGSN changes reaches a threshold.
− CDR generation based on MS deactivation
The GGSN9811 generates a G-CDR or eG-CDR, if a session for packet data services
ends and the MS is deactivated.
The GGSN9811 supports multiple tariffs for different time segments.
You can set multiple tariffs for different time segments, such as holiday/festival,
weekend, and workday. The GGSN9811 can record the service traffic in these time
segments separately.
The GGSN9811 can select a CG.
If multiple CGs are configured with the same priority, the GGSN9811 selects the CG that
is idle to send CDRs when multiple PDP contexts are activated. If multiple CGs are
configured with different priorities, the GGSN9811 selects the CG with a higher priority
to send CDRs.
The GGSN9811 allows customization of the CDR format.
Operators can define the CDR format. The CDR generated by the GGSN9811 can
optionally contain information such as the mobile station international ISDN number
(MSISDN) in addition to mandatory information defined in protocols. Therefore,
operators can choose the optional fields in a CDR to realize customized charging
schemes.
The GGSN9811 can control CDR generation.
Mobile operators can flexibly control whether the GGSN9811 should generate CDRs as
required for the users of the entire GGSN9811, users of an access point name (APN),
home users, roaming user, or users with the flat rate charging characteristic.
The GGSN9811 can cache CDRs.
The GGSN9811 can cache the generated CDRs on the hard disk if the link between the
GGSN9811 and the CG is faulty. These CDRs are sent to the CG if the link is restored so
that CDRs will not be lost.
The GGSN9811 supports the CDR audit function.
Each time a CDR, valid or not, is generated, a record is created in the CDR audit log file.
The record retains reset information about the GGSN9811. The CDR audit record is used
to check whether the CDR is correct to ensure correct charging of the charging system
and to facilitate error detection.
4.9.3 Online Charging

This describes the online charging function of the GGSN9811.
The Diameter Credit Control Application protocol is extended based on the basic Diameter
protocol. This application protocol defines the charging mechanism for online charging users
and realizes session-based charging by controlling the credit limit in real time. Therefore, this
application protocol meets the requirements of the Diameter online charging on the GGSN.
When an online charging user starts a data service, the online charging system (OCS) can
determine whether the service is allowed based on the user information and the balance of the

user account. The online charging function can trace the usage (time or volume) of the
resources prepaid by the user and deduct the current usage expense from the account balance
in real time. The service is automatically terminated or the user is informed when the account
balance is exhausted.
The Diameter online charging function on the GGSN9811 is described as follows:
The GGSN9811 supports service blocking or redirection when the balance is insufficient
or the service is not subscribed. If the OCS at the server side finds that the balance is
insufficient for service access, the OCS redirects the user request to the specific page for
recharge. If the OCS at the server side finds that the service is not subscribed, the OCS
redirects the user request to the specific page for subscription. Therefore, two redirection
functions are required, redirection for recharge and redirection for subscription.
Based on the characteristics of the application protocol, the GGSN9811 supports the
redirection function only for the Hypertext Transfer Protocol (HTTP), Wireless
Application Protocol 1.x (WAP1.x), and WAP2.0 browsing services. If the OCS sends
the instruction to the GGSN9811 to redirect the user request to a specific page but the
user is not accessing the browsing service, the GGSN9811 discards the related messages.
The user credit control is realized through the OCS. A secondary OCS must be provided
to perform credit control through the exchange with the GGSN9811 to ensure that
services are not disrupted when the GGSN9811 detects that the connection with the OCS
is abnormal. Therefore, the configuration of primary and secondary OCSs must be
supported.
The GGSN9811 supports primary and secondary OCSs locally. When detecting that the
primary OCS does not respond to a request, the GGSN9811 automatically sends online
charging messages to the secondary OCS. If the OCS supports primary/secondary
switchover, services are not disrupted.
4.9.4 Content-based Charging

This describes the content-based charging (CBC) function of the GGSN9811. CBC enables
operators to charge for the access service and the services based on contents and applications,
thus helping operators gain more profits.
The 3G technology brings rapid development of wireless data services. The simple charging
mode based on traffic or duration does not keep pace with such momentum. To obtain more
benefits from the services and integrate different service schemes, operators develop the
charging model which features more diversified and dynamic granularity. CBC, namely,
flow-based charging (FBC) defined in the 3rd Generation Partnership Project (3GPP) protocol
is a critical step to the value-based charging model.
CBC is a unique function of the GGSN9811. With the CBC function, the GGSN9811 can
charge differently based on the different service types of a mobile station (MS), which
significantly enhances competitiveness of operators and meets requirements of diversified
development of mobile internetworks.
The GGSN9811 supports time- or volume-based charging, and identifies services by Layer
3/Layer 4 and Layer 7 filtering and parsing of data packets to apply different charging policies
and generate CBC charging data records (CDRs).
Charging based on IP+PORT service traffic or duration
The GGSN9811 can distinguish services based on the IP address and port of the server
that a user is accessing for volume-based or time-based charging.
Charging based on HTTP service traffic or duration

The GGSN9811 can charge the Hypertext Transfer Protocol (HTTP) service of accessing
a uniform resource locator (URL) such as www.isp.com/* by using an access point name
(APN) such as MNET based on the service traffic or duration.
Charging based on FTP service traffic or duration
The GGSN9811 can charge the File Transfer Protocol (FTP) download service by using
an APN such as MNET based on the service traffic or duration. Two FTP transmission
modes, PORT and PASV, are supported.
Charging based on WAP service traffic or duration
The GGSN9811 can charge the Wireless Application Protocol (WAP) service of
accessing a URL such as wap.isp.com/news.wml by using an APN such as WAP based
on the service traffic or duration. The GGSN9811 can also charge the multimedia
messaging service (MMS) and the KJava service by using an APN such as WAP based
on the service traffic.
Charging based on RTSP VOD service traffic or duration
The GGSN9811 can charge the video on demand (VOD) service based on the service
traffic or duration.
Charging based on MMS service traffic or duration
The GGSN9811 can charge for the MMS service based on the service traffic or duration.
Charging based on DNS service traffic or duration
The GGSN9811 can charge the domain name server (DNS) traffic separately, or include
the DNS traffic in the associated services for time- or volume-based charging.
The GGSN9811 can analyze packets of the Trivial File Transfer Protocol (TFTP), Microsoft
Multimedia Server Protocol (MMSP), Simple Mail Transfer Protocol (SMTP), Post Office
Protocol revision 3 (POP3), and Interactive Mail Access Protocol (IMAP), and identify
Point-to-Point (P2P), Voice over IP (VoIP), and instant messaging (IM) services.
The CBC CDRs can be of two formats. One is the format of the G-CDR extension
content-based charging field. The other is the standard eG-CDR format defined in the 3GPP
protocol. You can use either format for the CBC function.
4.9.5 Event-based Charging

This describes the event-based charging function of the GGSN9811. Event-based charging
means that users are charged based on the number of times that they use a specific service.
Operators employ diversified charging modes with development of abundant 3G services,
which requires that the GGSN should provide event-based charging to help operators realize
flexible and appropriate charging.
The GGSN9811 supports event-based charging for services such as the Hypertext Transfer
Protocol (HTTP), multimedia messaging service (MMS), Real-Time Streaming Protocol
(RTSP), and Wireless Application Protocol (WAP) services. In addition, the GGSN9811
supports both online event-based charging and offline event-based charging.
Event-based charging for the HTTP service
The GGSN can perform event-based charging for the service of accessing a uniform
resource locator (URL) such as www.isp.com/* by using an access point name (APN)
such as MNET. That is, a mobile user is charged based on the number of times of
accessing a Web page identified by a URL.
Event-based charging for the MMS service

The GGSN can perform event-based charging for the MMS service. That is, a mobile
user is charged based on the number of sent MMS messages.
Event-based charging for the RTSP service
The GGSN can perform event-based charging for the video on demand (VOD) service.
That is, a mobile user is charged based on the number of times of accessing a VOD
service.
Event-based charging for the WAP service
The GGSN can perform event-based charging for the service of accessing a URL such as
wap.isp.com/news.wml by using an APN such as WAP. That is, a mobile user is charged
based on the number of times of accessing a Web page identified by a URL in the MMS
or KJava service.
An event-based charging data record (CDR) contains the numberOfEvents field, indicating
the number of successful events and number of failed event, and the eventTimeStamps field,
indicating the time when an event occurs.
4.9.6 Envelope Reporting

This describes the envelope reporting function of the GGSN9811. By means of the envelope
reporting function, more detailed charging information can be provided for the online/offline
charging system based on the standard duration reporting.
By means of this function, the detailed charging information including the start time, end time,
and traffic of a service can be identified for operators to control credit and charge the user
appropriately.
In the envelope reporting function, a period of continuous traffic is recorded in one envelope.
The base time interval (BTI) is the basic unit for calculating the service duration.
When there is traffic for a service in a BTI, the service duration is recorded as the BTI
duration. The traffic and duration are recorded in an envelope.
When there is no traffic for a service in a BTI, the envelope corresponding to the service
is closed and the traffic and duration are no longer recorded. The recorded traffic and
duration are reported as one envelope.
The envelope reporting function supports the following charging modes of calculating
duration based on traffic:
Continuous time period (CTP)
Discrete time period (DTP)
Modified continuous time period (modified CTP)
The difference between CTP and modified CTP is that in CTP mode the BTI duration without
traffic is recorded in the envelope, whereas in modified CTP mode the BTI duration without
traffic is not recorded in the envelope. In DTP mode, one envelope is generated for one BTI.
4.10 DPI
Through the deep packet inspection (DPI) technology, the GGSN8911 can analyze the data of
the application layer protocols and obtain valuable information for service resolution and
control.

With more and more services on the mobile network, operators require the gateway GPRS
support node (GGSN) to provide the content awareness function for content charging and
security control. Thus, operators can optimize services and improve network security.
The GGSN9811 supports the DPI function for the following protocols:
Hypertext Transfer Protocol (HTTP)
Wireless Application Protocol 2.0 (WAP2.0)
Wireless Application Protocol 1.X (WAP1.X)
Real-Time Streaming Protocol (RTSP)
Multimedia Messaging Service (MMS)
File Transfer Protocol (FTP)
Domain Name Service (DNS)
Trivial File Transfer Protocol (TFTP)
Microsoft Multimedia Server Protocol (MMSP)
Simple Mail Transfer Protocol (SMTP)
Post Office Protocol revision 3 (POP3)
Interactive Mail Access Protocol (IMAP)
Point-to-Point (P2P)
Voice over IP (VoIP)
Instant Messaging (IM)
The DPI function of the GGSN9811 can help operators to achieve the following functions:
Service resolution
Whether a user surfs the Internet through a browser or watches a movie on line, the
traffic is the basis of charging by operators. The DPI function can provide precise and
detailed information about the data volume and categorize data contents to apply
different tariffs. The result of service resolution can also be used as the reference for
resource allocation by operators. The GGSN9811 can accurately analyze packets of
various protocols and perform different processing accordingly.
Service control
Through deep inspection of data and analysis of service types, operators can provide
different service combinations for different users and filter out forbidden services.
4.11 Service Redirection

This describes the service redirection function of the GGSN9811. The GGSN9811 supports
two types of service redirection functions, that is, captive portal and web proxy.
Captive portal
Captive portal means that the browsing requests of users are redirected to the portal
server through the Hypertext Transfer Protocol (HTTP) redirection mode. It is mainly
used for consumption prompts, advertisement launch, and personal portals.
Personal portals enables users to manage user information, and the management includes
the service subscription, account management, and fee management.
When a user starts a Hypertext Transfer Protocol (HTTP) request, the GGSN9811
redirects the user requested uniform resource locator (URL) to the URL of the captive

portal based on the portal configuration about the user. Thus, the user can visit multiple
services through the personal portal.
Web proxy
To speed up browsing, the GGSN9811 can redirect the IP address of the page requested
by a user to the IP address of a web proxy cache server. The user requested page can be
cached on the cache server to achieve network acceleration.
4.12 Service Report

This describes service report function of the GGSN9811. The GGSN interworks with an
external Service Usage Reporter (SUR) to implement the service report function. The GGSN
collects service data records and sends the records to the SUR. The SUR analyzes the records
and generates service reports.
The service report provides statistics about the traffic transmitted by the GGSN based on the
subscriber, protocol, Web site, and server. Different from the static statistics provided by the
performance measurement function, the service report can provide analysis on subscriber
behavior and statistical analysis on dynamic data about top Web sites and servers.
The service report can provide information, such as detailed service usage, service bandwidth
distribution, hot-spot Web sites, hot-spot applications, and subscriber distribution, about the
packet data network (PDN), thus providing reference for operators to develop value-added
services, and plan and manage networks based on subscriber behavior analysis.
4.13 PCC
The GGSN9811 supports the policy and charging control (PCC) feature and provides a PCC
solution.
With the rapid development of IP-based networks, packet networks will become basic
platforms for future services. Therefore, operators impose higher requirements on service
awareness, service control, and charging of the packet networks. The SBLP, FBC, and PCC
features can satisfy the requirements of the operators.
Based on the PCC feature, operators can perform unified and multi-dimension policy
deployment and control in network operation, thus preventing channellized services and
enhancing competitiveness by optimizing network resource usage and improving network
user experience.
The GGSN9811 supports the following PCC functions:
Static PCC control: Where PCRF is not deployed, all policies are implemented by the
Policy and Charging Enforcement Function (PCEF) according to the local static
configuration.
Dynamic PCC control: Where AF may exist after PCRF is deployed, all services
dynamically generate PCC rules for scheduling and charging based on their own QoS
requirements and subscription data.

4.14 MBMS
This describes the multimedia broadcast/multicast service (MBMS) of the GGSN9811. The
MBMS is defined by the 3rd Generation Partnership Project (3GPP) for unidirectional
point-to-multipoint multimedia services.
The MBMS service can be a multimedia service that is broadcast to users in a cell through the
public channel on the air interface or a subscribed service that is multicast to users in a cell.
Thus, the air interface resources can be used efficiently. One of the applications of the MBMS
service is the mobile phone TV service. In addition, the services such as broadcast download
and MTV interaction are supported.
The MBMS service is the unidirectional point-to-multipoint multimedia service that allows
sending data from one source entity to multiple receivers, downloading the same data by
multiple mobile users, and sharing network resources. This service can be widely used in
wireless networks.
Huawei GGSN9811 supports the MBMS service in broadcast mode. The broadcast mode
refers to unidirectional point-to-multipoint multimedia data transmission from a source entity
to users within a broadcast service area.
4.15 IPv6
The GGSN9811 supports basic IPv6 access function. It supports the IPv6 bearer on the user
plane but not the IPv6 features on the signaling plane.
IPv6 is developed on the basis of IPv4. It has new features such as adequate address spaces,
higher security, and better support of mobility and QoS. IPv6 lays a sound foundation for
sustainable development of the IP network.
IPv6 is introduced to the 3GPP in R5 stage. In R5 stage, the IMS is carried by IPv6. The RNC,
SGSN, and GGSN are interconnected by IPv4 or IPv6. User terminals support dual IPv4/IPv6
protocol stacks so that they can access IPv4/IPv6 services.
At present the GGSN9811 supports basic IPv6 access function. It supports the IPv6 bearer on
the user plane but not the IPv6 features on the signaling plane. That is, the GGSN9811 is still
in the IPv4 network and it is connected to the SGSN and the public data network (PDN)
through the IPv4 network. The uplink IPv6 packets of the user are encapsulated in the
IPv4+GTP packets by the SGSN and sent to the GGSN9811. The GGSN9811 decapsulates
the GPRS Tunneling Protocol (GTP) packets and extracts the IPv6 packets. Then, the IPv6
packets are forwarded to the IPv6 gateway through the IPv4 tunnel according to the system
configuration. The IPv6 gateway finally carries out the routing forwarding or protocol
translation (IPv6/IPv4 translation) of the IPv6 packets. For downlink packets, when the
GGSN9811 determines that a user type is IPv6, it decapsulates the packets and extracts the
IPv6 packets. Then, the GGSN9811 carries out GTP encapsulation and delivers the packets to
the SGSN.
This function enables the following services:
IPv6 mobile stations accessing IPv6 services
IPv6 mobile stations accessing IPv4 services

4.16 Other Services and Functions

This describes the other services and functions of the GGSN9811. The GGSN9811 supports
multiple IP address assignment modes and the Network Time Protocol (NTP) function, and
the Simple Network Management Protocol (SNMP) V1/V2/V3.
The GGSN9811 supports:
Multiple IP address assigning modes
The IP address that is assigned to a mobile station (MS) can be a static IP address or a
dynamic IP address. A dynamic IP address can be assigned from the local address pool of
the GGSN9811, or by the Remote Authentication Dial in User Service (RADIUS) server
or the Dynamic Host Configuration Protocol (DHCP) server on the request of the
GGSN9811. The IP address that is assigned to an MS can be a public IP address or a
private IP address.
NTP function
As an NTP client, the GGSN9811 can enable network time synchronization with the
NTP server.
SNMPV1/V2/V3 protocol
The SNMP is used to manage nodes in the network community. It aims to ensure the
transmission of management messages between any two network elements (NEs). The
network administrator can search information on any node to modify information, locate
faults, plan the network capacity, and generate reports.

Product Description 5 Reliability
5 Reliability
About This Chapter

This describes the advanced reliability design of the GGSN9811. The advanced reliability
design effectively ensures the normal operation.
5.1 Hardware Reliability
This describes the hardware reliability of the GGSN9811.
5.2 Software Reliability
This describes the software reliability of the GGSN9811.
5.3 Networking Reliability
This describes the networking reliability of the GGSN9811.
5.4 Operation and Maintenance Reliability
This describes the operation and maintenance Reliability of the GGSN9811.
5.1 Hardware Reliability

This describes the hardware reliability of the GGSN9811.
The hardware platform of the GGSN9811 is derived from Huawei Universal Switching
Router (USR). The design of the USR complies with the mature telecommunication
industry standards. The USR hardware is of a compact structure, and the GGSN9811 is a
network switching device for carrier-class operators.
The key boards, SRUs and SPUs, support hot plugging and hot backup. If the active
board is abnormal or removed, the standby board automatically takes over services and
becomes the active board. Thus, the service flow is not interrupted.
The DMPU subcards can work in load-sharing mode. Therefore, when one DMPU
subcard is faulty, the other DMPU subcard takes over all services, and the system
triggers a fault alarm. If the DMPU subcards are required but unavailable or if the
DMPU subcards are overloaded, the system triggers an alarm.
The power system adopts the double channel -48 V power supply mode. The load
sharing function is realized through two channels of power supply.

5 Reliability Product Description
Over-voltage and over-current protection measures are taken for the board power input
and external interfaces. The measures comply with ITU-T G.703 Recommendation
Annex B and related specifications.
5.2 Software Reliability

This describes the software reliability of the GGSN9811.
System overload control
If the central processing unit (CPU) is overloaded, through the overload control, the
GGSN9811 can shut down certain functions that are less necessary or adjust the number
of accessed users. Thus, the GGSN9811 is prevented from breaking down due to
overload. The threshold for overload control can be set dynamically.
Traffic control
The GGSN9811 automatically checks whether system load is greater than expected, and
then takes different traffic control measures based on the overload extent. Therefore, the
GGSN9811 does not break down when it is processing a large amount of traffic or when
it is under attack. The GGSN9811 can also be quickly restored to the normal state to
ensure stable operation.
System resource check
The GGSN9811 can compare data in the system database with the current running data,
and restore the data if it is not consistent.
Automatic fault detection and self-healing
If faults such as software abnormality and hardware faults occur, the GGSN9811 can
detect the faults, and then isolate and clear them. The GGSN9811 can take certain
measures, such as automatic switchover to a normal board and automatic reset of the
faulty board, to clear some faults without user intervention.
System software backup
When the main software failure, the system get standby software and reboot system.
Check configure files
To ensure that the configure files is consistent.
CDR cache
The GGSN9811 can cache charging data records (CDRs). When the communication
between the GGSN9811 and the charging gateway (CG) fails, if the CG does not respond
after the CDRs are sent many times, the GGSN9811 caches the CDRs on the hard disk of
the Switching Route Unit (SRU). After the communication between the GGSN9811 and
the CG recovers, the GGSN9811 sends the cached CDRs to the CG.
Board lock and system shutdown
If required, the GGSN9811 can deny new users access and delete original users. The
GGSN9811 can gradually stop the services processed by the boards or system to avoid
abrupt service interruption.
Hot patch
The uploaded hot patches take effect after being activated. That is, you need not restart
the GGSN9811. Thus, reliable software running is guaranteed.
Patch rollback
If patch is loaded by mistake or the previous patch is preferred, you can roll back the
patches in the current state to the latest version in which patches are in the running state.

Product Description 5 Reliability
5.3 Networking Reliability

This describes the networking reliability of the GGSN9811.
Route backup and route load sharing: Single point failure can be avoided during
networking to provide a highly reliable network.
Eth-trunk: The GGSN9811 can bind multiple physical interfaces to one Eth-trunk
interface, which works as an ordinary physical interface. The bound interfaces can send
traffic in active/standby mode or load-sharing mode. Thus, services are not interrupted if
one interface fails.
Address Resolution Protocol (ARP) probe: Switchover between the active and the
standby interfaces occurs on the Eth-trunk interface or Eth-trunk sub-interface to
enhance Layer 2 networking reliability when all of these conditions are met: The active
physical interface is normal but the link fails; the ARP probe function is enabled on the
GGSN9811; the GGSN9811 fails to probe the peer device through the active interface.
5.4 Operation and Maintenance Reliability

This describes the operation and maintenance Reliability of the GGSN9811.
SSL: The GGSN9811 ensure data confidentiality between LMT and M2000.
When the GGSN9811 upgrade failed, it can rollback previous version automatically. In
this way, the service restore time can be reduce.

Product Description 6 Operation and Maintenance
6 Operation and Maintenance
About This Chapter

This describes the easy operation and maintenance (OM) measures provided by the
GGSN9811. The OM measures include the local maintenance terminal (LMT) that integrates
graphical user interface (GUI) and command line interface (CLI), accessing Huawei M2000
and operation and maintenance center (OMC), and comprehensive online help.
6.1 OM System
This describes the operation and maintenance (OM) system of the GGSN9811. The OM
system of the GGSN9811 is of the client/server architecture.
6.2 OM Function
This describes the operation and maintenance (OM) functions of the GGSN9811. The
GGSN9811 provides the OM functions such as configuration management, message tracing,
performance management, alarm management, and log management.
6.1 OM System
This describes the operation and maintenance (OM) system of the GGSN9811. The OM
system of the GGSN9811 is of the client/server architecture.
Figure 6-1 shows the structure of the GGSN9811 OM system.

6 Operation and Maintenance Product Description
Figure 6-1 Structure of the GGSN9811 OM system
LAN GGSN/BAM
LAN
MODEM
Remote GGSN LMT M2000 server
access
server
MODEM LAN
GGSN LMT
M2000 client M2000 client
6.1.1 BAM
This describes the back administration module (BAM). The BAM is the server based on the
Transmission Control Protocol/Internet Protocol (TCP/IP). The BAM of the GGSN9811 is
integrated on the Switching Route Unit (SRU).
6.1.2 LMT
This describes the local maintenance terminal (LMT). the LMT serves as the client and is
connected to the back administration module (BAM) based on the Transmission Control
Protocol/Internet Protocol (TCP/IP).
6.1.3 M2000
This describes the M2000. The M2000 is a mobile network management system (NMS) in
Huawei iManager network management solution.
6.1.1 BAM
This describes the back administration module (BAM). The BAM is the server based on the
Transmission Control Protocol/Internet Protocol (TCP/IP). The BAM of the GGSN9811 is
integrated on the Switching Route Unit (SRU).
Receiving connection requests from the client to establish connections, and analyzing
and processing commands from the client
Receiving connection requests from the host through the local bus to establish
connections and realize the communication between the BAM and the host, and
processing data loading requests and alarms from the host

In spite of the loss or error of BAM files, the M2000 can interwork with the GGSN9811 and restore the
BAM.
6.1.2 LMT
This describes the local maintenance terminal (LMT). the LMT serves as the client and is
connected to the back administration module (BAM) based on the Transmission Control
Protocol/Internet Protocol (TCP/IP).
The LMT supports the command line interface (CLI) mode and the graphic user interface
(GUI) mode. The LMT can be used to configure the device, trace messages, manage the
system performance, manage alarms, and manage logs. The LMT provides interfaces to
connect the alarm box to provide audible and visual alarms.
The LMT can be accessed by dialing through the public switched telephone network (PSTN).
Then, the LMT performs the operation and maintenance (OM) function.
6.1.3 M2000
This describes the M2000. The M2000 is a mobile network management system (NMS) in
Huawei iManager network management solution.
The M2000 communicates with the GGSN9811 through the Transmission Control
Protocol/Internet Protocol (TCP/IP). The M2000 is composed of the M2000 server and
multiple M2000 clients.
The local maintenance terminal (LMT) can be integrated into the M2000. Thus, the LMT can
achieve uniform management and browsing of devices in the entire network through the
topology management function provided by the M2000. The LMT and the M2000 are in the
loose coupling relationship. The LMT is dedicated to management only on the GGSN9811,
whereas the M2000 performs the public management such as topology management and fault
management for devices in the entire network.
6.2 OM Function
This describes the operation and maintenance (OM) functions of the GGSN9811. The
GGSN9811 provides the OM functions such as configuration management, message tracing,
performance management, alarm management, and log management.
6.2.1 Configuration Management
This describes the configuration management function of the GGSN9811. The configuration
management function is performed by the command line interface (CLI) commands provided
in the local maintenance terminal (LMT) of the GGSN9811.
6.2.2 Message Tracing
This describes the message tracing function of the GGSN9811. The message tracing function
of the GGSN9811 is performed in the maintenance window of the local maintenance terminal
(LMT).
6.2.3 Performance Management
This describes the performance management function of the GGSN9811. The performance
management function of the GGSN9811 is realized through the centralized performance

6 Operation and Maintenance Product Description
management module of the M2000 and the Performance Browser Tool of the local
maintenance terminal (LMT).
6.2.4 Alarm Management
This describes the alarm management function of the GGSN9811. The alarm management
function of the GGSN9811 is realized through the alarm management system of the local
maintenance terminal (LMT) or the centralized fault management system of the M2000.
6.2.5 Log Management
This describes the log management function of the GGSN9811. Logs can be classified into
user operation logs, system operation logs, and security logs based on contents.
6.2.1 Configuration Management

This describes the configuration management function of the GGSN9811. The configuration
management function is performed by the command line interface (CLI) commands provided
in the local maintenance terminal (LMT) of the GGSN9811.
By running the CLI commands, you can configure, modify, and query data. The GGSN9811
receives, analyzes, and runs the CLI commands, and then returns the results to the LMT.
6.2.2 Message Tracing

This describes the message tracing function of the GGSN9811. The message tracing function
of the GGSN9811 is performed in the maintenance window of the local maintenance terminal
(LMT).
Through the maintenance window of the LMT, you can trace and view interfaces and users.
You can create interface and user tracing tasks to monitor the signaling of the interfaces and
users of the system in real time. The stored messages including the information about
previous versions can be viewed online or offline. If a fault occurs in the GGSN9811, you can
quickly and accurately locate and clear the fault through the interface signaling tracing
function.
6.2.3 Performance Management

This describes the performance management function of the GGSN9811. The performance
management function of the GGSN9811 is realized through the centralized performance
management module of the M2000 and the Performance Browser Tool of the local
maintenance terminal (LMT).
The GGSN9811 generates performance measurement files and provides File Transfer Protocol
(FTP) services. The M2000 acts as the FTP client to receive the performance measurement
files and then manage the performance of the GGSN9811. The LMT obtains the performance
measurement files and provides them for viewing through the Performance Browser Tool.
The centralized performance management system provides a comprehensive and direct
operation environment. You can manage the performance of devices in the entire network.
You can create, modify, and query performance measurement tasks and manage the results to
learn the running status of the network and devices. The measurement results are for
performance assessment and network optimization.

6.2.4 Alarm Management

This describes the alarm management function of the GGSN9811. The alarm management
function of the GGSN9811 is realized through the alarm management system of the local
maintenance terminal (LMT) or the centralized fault management system of the M2000.
The GGSN9811 sends alarms to the LMT or the M2000 and simultaneously saves them in
alarm logs.
The GGSN9811 collects alarms that are generated during fault occurrence and classifies them
based on type and severity level. Then, the GGSN9811 sends the alarms to the alarm
management system of the LMT or the centralized fault management system of the M2000.
The LMT or M2000 displays the alarms in graphical user interfaces (GUIs) and provides the
location, cause, and troubleshooting suggestions.
6.2.5 Log Management

This describes the log management function of the GGSN9811. Logs can be classified into
user operation logs, system operation logs, and security logs based on contents.
The user operation logs record the information about user operation commands, including the
user name, executed commands, and execution time, to analyze faults. The system operation
logs record certain state information in the system operation to maintain the system and locate
faults. The GGSN9811 also allows querying the user operation logs.

Product Description 7 Technical Specifications
7 Technical Specifications
About This Chapter

This lists the technical specifications of the GGSN9811. The technical specifications consist
of performance specifications, entire-system specifications, reliability specifications, safety
standards, electromagnetic compatibility (EMC) specifications, and environment
requirements.
7.1 Performance Specifications
This describes the performance specifications such as the throughput and the number of
tunnels.
7.2 Entire-system Specifications
This describes the entire-system specifications such as the dimensions and the power
consumption.
7.3 Reliability Specifications
This describes the reliability specifications such as the mean time between failures (MTBF)
and the mean time to recovery (MTTR).
7.4 Safety Specifications
This describes the safety specifications of the GGSN9811.
7.5 EMC Specifications
This describes the electromagnetic compatibility (EMC) specifications of the GGSN9811.
7.6 Environment Specifications
This describes the environmental requirements for the GGSN9811. The environment
specifications consist of the storage, transportation, and running specifications.
7.1 Performance Specifications

This describes the performance specifications such as the throughput and the number of
tunnels.
Table 7-1 lists the performance specifications of the GGSN9811.

7 Technical Specifications Product Description
Table 7-1 GGSN9811 performance specifications
Item Specification
Maximum number of PDP
contexts that are activated at 5000000
the same time
Maximum data throughput 50 Gbit/s
Maximum IPSec throughput 3 Gbit/s
Maximum number of APNs 3000
Maximum number of GRE
4000
tunnels
Maximum number of L2TP
20000
tunnels
Maximum number of IPSec
4000
tunnels
7.2 Entire-system Specifications

This describes the entire-system specifications such as the dimensions and the power
consumption.
Table 7-2 lists the specifications of the entire GGSN9811.
Table 7-2 Specifications of the entire GGSN9811
Item Specification
Cabinet N68E-22
Height: 2200 mm
Dimensions Width: 600 mm
Depth: 800 mm
Load-bearing capacity > 600 kg/m²
Power input -48 V DC to -60 V DC
Typical power
2300 W
consumption of subrack
≤ 78 dBA at 23°C (The noise varies with the ambient
Noise (acoustic power)
temperature.)

7.3 Reliability Specifications

This describes the reliability specifications such as the mean time between failures (MTBF)
and the mean time to recovery (MTTR).
Table 7-3 lists the reliability specifications of the GGSN9811.
Table 7-3 GGSN9811 reliability specifications
Item Specification
Annual repair and return rate of boards ≤ 3%
Availability ≥ 99.999%
MTBF 18.35 years
MTTR 1 hour
Annual mean failure time < 5 minutes
Board switchover time < 5 seconds
Board restart time < 5 minutes
System restart time < 6 minutes
Start time from system power-on to
< 10 minutes
service-ready
7.4 Safety Specifications

This describes the safety specifications of the GGSN9811.
The GGSN9811 meets the safety requirements and complies with the following standards:
UL60950-1
IEC 60950-1
EN60950-1
GB4943
7.5 EMC Specifications

This describes the electromagnetic compatibility (EMC) specifications of the GGSN9811.
The GGSN9811 meets the EMC requirements and complies with the following standards:
EN55022
ETSI EN 300 386
CISPR22
IEC 61000-4-2

IEC 61000-4-3
IEC 61000-4-4
IEC 61000-4-5
IEC 61000-4-6
IEC 61000-4-29
7.6 Environment Specifications

This describes the environmental requirements for the GGSN9811. The environment
specifications consist of the storage, transportation, and running specifications.
The GGSN9811 complies with the following standards:
GB 4798 Environmental conditions existing in the application of electric and electronic
products
ETSI EN 300 019 Environmental conditions and environmental tests for
telecommunications devices
IEC 60721 Classification of environmental conditions
7.6.1 Storage Environment
This describes the requirements for the storage environment of the GGSN9811. The
requirements for the storage environment consist of the climatic requirements and mechanical
stress requirements.
7.6.2 Transportation Environment
This describes the requirements for the transportation environment of the GGSN9811. The
requirements for the transportation environment consist of the climatic requirements and
mechanical stress requirements.
7.6.3 Running Environment
This describes the requirements for the running environment of the GGSN9811. The
requirements for the running environment consist of the climatic requirements and mechanical
7.6.1 Storage Environment

This describes the requirements for the storage environment of the GGSN9811. The
requirements for the storage environment consist of the climatic requirements and mechanical
Climatic Requirements
Table 7-4 Climatic requirements for equipment storage

Item Specification
Temperature -40°C to +70°C

Temperature change rate ≤ 1°C/min
Relative humidity 10% to 100%

Item Specification
Altitude ≤ 3000 m
Air pressure 70 kPa to 106 kPa
7.6.2 Transportation Environment

This describes the requirements for the transportation environment of the GGSN9811. The
requirements for the transportation environment consist of the climatic requirements and
mechanical stress requirements.
Table 7-5 Climatic requirements for equipment transportation
Item Specification
Temperature -40°C to +70°C

Temperature change rate ≤ 3°C/min
Relative humidity 10% to 100%
Altitude ≤ 3000 m
Mechanical Stress Requirements
Table 7-6 Requirements for mechanical stress in the transportation environment
Item Sub-item Specification

Sinusoidal Offset ≤ 7.5 mm - -
vibration
Accelerated
- ≤ 20.0 m/s² ≤ 40.0 m/s²
speed
Frequency 200 Hz to 500
2 Hz to 9 Hz 9 Hz to 200 Hz
range Hz
Random Acceleration
oscillation spectrum 10 m²/s³ 3 m²/s³ 1 m²/s³
density (ASD)
Frequency 200 Hz to 500
2 Hz to 9 Hz 9 Hz to 200 Hz
range Hz
Unsteady state Impulse
impact response ≤ 300 m/s²
spectrum II


Static payload ≤ 10 kPa
NOTE
Impact response spectrum refers to the maximum acceleration response
curve generated by the equipment under specified impact excitation.
Impulse response spectrum II means that the duration of half-sine impulse
response spectrum is 6 ms.
Static payload refers to the capability of the equipment in package to bear
the pressure from the top in normal pile-up method.
7.6.3 Running Environment

This describes the requirements for the running environment of the GGSN9811. The
requirements for the running environment consist of the climatic requirements and mechanical
Table 7-7 Requirements for temperature and humidity in the running environment
Temperature Relative Humidity

Long term running Short term running Long term running Short term running
5°C to 45°C -5°C to +50°C 5% to 85% 5% to 95%
NOTE
The values are measured 1.5 m above the floor and 0.4 m in front of the
equipment, without protective panels in front of or behind the cabinet.
Short term running refers to continuous running for no more than 48 hours
or accumulated running of no more than 15 days in a year.
Table 7-8 Requirements for other climatic factors in the running environment
Item Specification
Altitude ≤ 3000 m
Temperature change rate ≤ 5°C/h

Mechanical Stress Requirements
Table 7-9 Requirements for mechanical stress in the running environment

Sinusoidal vibration Offset ≤ 5.0 mm -
Accelerated speed - ≤ 2.0 m/s²
Frequency range 5 Hz to 62 Hz 62 Hz to 200 Hz
Unsteady state Impulse response
≤ 50 m/s²
impact spectrum II
Static payload 0
NOTE
Impact response spectrum refers to the maximum acceleration response
curve generated by the equipment under specified impact excitation.
Impulse response spectrum II means that the duration of half-sine impulse
response spectrum is 6 ms.
Static payload refers to the capability of the equipment in package to bear
the pressure from the top in normal pile-up method.

Product Description 8 Installation
8 Installation
About This Chapter

This describes the installation, upgrade, and expansion processes.
8.1 System Installation
This describes the software installation for the GGSN9811. Easy software and hardware
installation considerably shortens the time taken for system installation, and the network can
be established and provide services quickly.
8.2 System Expansion and Upgrade
This describes the system expansion and the upgrade of the GGSN9811. The GGSN9811
supports online expansion and stable upgrade.
8.1 System Installation

This describes the software installation for the GGSN9811. Easy software and hardware
installation considerably shortens the time taken for system installation, and the network can
be established and provide services quickly.
The GGSN9811 is assembled in the factory. Before delivery, all the internal cables of the
cabinet are connected and the GGSN9811 is pre-commissioned based on the site conditions.
On site, engineers only need to install the cabinet, insert the boards, and connect the external
cables based on the instructions in the installation manual. For details on the installation, refer
to the Hardware Installation.
The interfaces for the external cables, such as the power cables, transmission cables, and
signal cables, are located on the top of the GGSN9811 cabinet and are marked with
silk-screen labels.
8.2 System Expansion and Upgrade

This describes the system expansion and the upgrade of the GGSN9811. The GGSN9811
supports online expansion and stable upgrade.

8 Installation Product Description
System Expansion
The GGSN9811 supports the following modes of capacity expansion without interrupting
ongoing services:
Expansion through software
Generally, an operator purchases a system with relatively small capacity at the initial
stage. As the service traffic increases, the system may need expansion. The operator can
expand the system by buying only a license file and loading it to the system. Such
capacity expansion does not interrupt ongoing services.
Expansion through hardware
A GGSN9811 subrack can hold up to six Service Processing Units (SPUs). The SPUs
can work in 1+1 backup mode or load-sharing mode. The SPU is hot swappable.
Capacity expansion does not interrupt ongoing services.
System Upgrade
Switching over the active and standby boards and upgrading them separately can upgrade the
GGSN9811 without interrupting ongoing services or changing data configuration.

Product Description Index
Index
A
N
Accessing the PDN, 4-3
alarm management, 6-5 network interface
Ga, 1-10
Gi, 1-7
E Gmb, 1-11
environmental requirements Gx, 1-11
running environment, 7-6 Gy, 1-10
storage environment, 7-4
transportation environment, 7-5 R
reliability
G hardware, 5-1
GTP, 4-5 networking, 5-3
software, 5-2
I routing, 4-2
installation S
system, 8-1
system expansion and upgrade, 8-2 security, 4-9
specification
L EMC, 7-3
entire system, 7-2
LMT, 6-3 performance, 7-1
log management, 6-5 reliability, 7-3
Issue 01 (2009-03-31) Huawei Proprietary and Confidential i-1


2-GGSN9811 V900R007 Product Description

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2-GGSN9811 V900R007 Product Description

Uploaded by

Copyright:

Available Formats

HUAWEI GGSN9811 Gateway GPRS Support Node

Huawei Proprietary and Confidential

Huawei Technologies Co., Ltd.

Copyright © Huawei Technologies Co., Ltd.2009. All rights reserved.

Trademarks and Permissions

Huawei Proprietary and Confidential

About This Document ................................................................................................................ 1

2 Product Features .................................................................................................................... 2-1

3 System Structure ................................................................................................................... 3-1

4 Services and Functions ......................................................................................................... 4-1

Issue 01 (2009-03-31) Huawei Proprietary and Confidential i

4.4 GTP ...............................................................................................................................................................4-5

6 Operation and Maintenance ................................................................................................ 6-1

ii Huawei Proprietary and Confidential Issue 01 (2009-03-31)

6.2.2 Message Tracing ..................................................................................................................................6-4

7 Technical Specifications....................................................................................................... 7-1

8 Installation ............................................................................................................................. 8-1

Issue 01 (2009-03-31) Huawei Proprietary and Confidential iii

Figure 1-1 GPRS/UMTS network structure .......................................................................................................1-2

Figure 1-5 Protocol stack of the Gi interface......................................................................................................1-8

Figure 1-6 Protocol stack of the Gi interface in transparent access mode..........................................................1-8

Figure 1-8 Protocol stack of the Gi interface......................................................................................................1-9

Figure 1-9 Protocol stack of the Gi interface in PPP termination mode.............................................................1-9

Figure 1-11 Protocol stack of the Ga interface .................................................................................................1-10

Figure 1-12 Protocol stack of the Gy interface................................................................................................. 1-11

Figure 1-14 Protocol stack of the Gx interface.................................................................................................1-12

Figure 3-1 N68E-22 cabinet ...............................................................................................................................3-2

Figure 3-3 GGSN9811 subrack ..........................................................................................................................3-4

Figure 3-4 Components in the GGSN9811 subrack ...........................................................................................3-5

Figure 3-6 Logical structure of the GGSN9811 .................................................................................................3-9

Figure 4-1 Example of transparent access to an external IP network .................................................................4-4

Figure 4-4 Example of PPP regeneration ...........................................................................................................4-7

Issue 01 (2009-03-31) Huawei Proprietary and Confidential v

Table 1-1 Protocols supported by the GGSN9811 ............................................................................................1-12

Table 1-3 Specifications for 10/100M auto-sensing Ethernet electrical interfaces...........................................1-16

Table 3-2 Specifications of the three types of LPUs...........................................................................................3-8

Table 7-1 GGSN9811 performance specifications .............................................................................................7-2

Table 7-3 GGSN9811 reliability specifications ..................................................................................................7-3

Table 7-4 Climatic requirements for equipment storage.....................................................................................7-4

Issue 01 (2009-03-31) Huawei Proprietary and Confidential vii

About This Document

Product Name Version

Issue 01 (2009-03-31) Huawei Proprietary and Confidential 1

2 Huawei Proprietary and Confidential Issue 01 (2009-03-31)

Indicates a potentially hazardous situation that, if not avoided,

Times New Roman Normal paragraphs are in Times New Roman.

Boldface The keywords of a command line are in boldface.

Issue 01 (2009-03-31) Huawei Proprietary and Confidential 3

Boldface Buttons, menus, parameters, tabs, windows, and dialog titles

Key 1+Key 2 Press the keys concurrently. For example, pressing

Click Select and release the primary mouse button without

4 Huawei Proprietary and Confidential Issue 01 (2009-03-31)

About This Chapter

1.1 Basic Functions

Issue 01 (2009-03-31) Huawei Proprietary and Confidential 1-1

1.2 Network Structure

Figure 1-1 GPRS/UMTS network structure

BTS BSC Billing center

BM-SC OCS/CCF PCRF

MS: mobile station RAN: radio access network

1-2 Huawei Proprietary and Confidential Issue 01 (2009-03-31)

Issue 01 (2009-03-31) Huawei Proprietary and Confidential 1-3

1-4 Huawei Proprietary and Confidential Issue 01 (2009-03-31)