auidt cmds description

8/13/2019 Auidt Cmds Description

1/74

CiscoASR 5x Series

Configuration Audit Guide 5.0

Global Mobility Practice

Americas Headquarters:

Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA

2012 Cisco Systems, Inc. All rights reserved.

The information in this document is the proprietary and confidential property of Cisco Corporation. No part of this document may be disclosed, reproduced or distributed without theexpress written permission of Cisco Corporation. Cisco Corporation reserves the rights to alter the design and specifications at any time without notice, a s part of its continuing programof product development.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found atwww.cisco.com/go/trademarks.Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationshipbetween Cisco and any other company.

2012 Cisco Systems, Inc. and/or its affiliated entities. All rights reserved.
http://www.cisco.com/go/trademarkshttp://www.cisco.com/go/trademarkshttp://www.cisco.com/go/trademarks


2/74

Configuration Audit Guide

PRIVATE AND CONFIDENTIAL Cisco Systems, Inc.Page 2 of 74

Table of Contents

1. INTRODUCTION ..................................................................................................................................................................................................................... 11

2. DATA COLLECTION AND METHODOLOGY ....................................................................................................................................................................... 12

3. PREREQUISITES ................................................................................................................................................................................................................... 164. PLATFORM AUDIT ................................................................................................................................................................................................................ 17

4.1 Card Audit ............................................................................................................................................................................................................................. 18

4.2 Interface Audit ....................................................................................................................................................................................................................... 19

4.3 Threshold Audit ..................................................................................................................................................................................................................... 20

5. SYSTEM AUDIT ..................................................................................................................................................................................................................... 22

5.1 Context Audit ......................................................................................................................................................................................................................... 22

5.2 AAA Interface ........................................................................................................................................................................................................................ 23

5.3 DHCP Interface ..................................................................................................................................................................................................................... 24

5.4 Ga/Gz Interface ..................................................................................................................................................................................................................... 24

5.5 DCCA/DPCA Audit ................................................................................................................................................................................................................ 255.5.1 Gx Interface ........................................................................................................................................................................................................................ 265.5.2 Gy Interface ........................................................................................................................................................................................................................ 26

5.6 GGSN Audit .......................................................................................................................................................................................................................... 275.6.1 Gn Interface ....................................................................................................................................................................................................................... 275.6.2 Gi Interface ......................................................................................................................................................................................................................... 285.6.2.1 APN Audit ...................................................................................................................................................................................................................................................................................................... 29

5.7 SGSN Audit ........................................................................................................................................................................................................................... 305.7.1 Gn Interface ....................................................................................................................................................................................................................... 305.7.2 Gb Interface ....................................................................................................................................................................................................................... 315.7.3 IuPS Interface .................................................................................................................................................................................................................... 315.7.4 DNS Service Audit ............................................................................................................................................................................................................. 33

5.7.5

Gr, Gf and Gs Interface ...................................................................................................................................................................................................... 33

5.7.6 SS7 Routing Domain Audit ................................................................................................................................................................................................ 345.7.7 SCCP Network Audit .......................................................................................................................................................................................................... 355.7.8 GTT Association Audit ....................................................................................................................................................................................................... 365.7.9 Operator Policy Audit ......................................................................................................................................................................................................... 36

5.8 MME Audit ............................................................................................................................................................................................................................. 375.8.1 S1-MME Interface .............................................................................................................................................................................................................. 375.8.2 S6a and S13 Interface ....................................................................................................................................................................................................... 395.8.3 S10/S11 Interface .............................................................................................................................................................................................................. 395.8.4 S3 Interface ........................................................................................................................................................................................................................ 40


3/74



5.8.5 SGs Interface ..................................................................................................................................................................................................................... 405.8.6 LTE Policy .......................................................................................................................................................................................................................... 415.8.7 Operator Policy .................................................................................................................................................................................................................. 41

5.9 SGW Audit............................................................................................................................................................................................................................. 425.9.1 S1-U/S11/S12 Interface ..................................................................................................................................................................................................... 435.9.2 S4-SGSN ........................................................................................................................................................................................................................... 43

5.9.3 S5/S8 Interface .................................................................................................................................................................................................................. 445.10 PGW Audit .......................................................................................................................................................................................................................... 445.10.1 S5/S8 interface ................................................................................................................................................................................................................. 455.10.2 SGi Interface .................................................................................................................................................................................................................... 455.10.2.1 APN Audit ................................................................................................................................................................................................................................................................................................... 46

5.11 PDSN Audit ......................................................................................................................................................................................................................... 475.11.1 RP Interface ..................................................................................................................................................................................................................... 475.11.2 Pi Interface ....................................................................................................................................................................................................................... 495.11.2.1 Subscriber Template Audit ................................................................................................................................................................................................................................................................. 49

5.12 FA Audit .............................................................................................................................................................................................................................. 505.12.1 FA Service ........................................................................................................................................................................................................................ 50

5.13 HA Audit .............................................................................................................................................................................................................................. 51

5.13.1 Pi Interface ....................................................................................................................................................................................................................... 515.13.2 PDN Interface ................................................................................................................................................................................................................... 525.13.2.1 Subscriber Template Audit ................................................................................................................................................................................................................................................................. 53

5.14 HSGW Audit ........................................................................................................................................................................................................................ 535.14.1 RP Interface ..................................................................................................................................................................................................................... 535.14.2 S2a Interface .................................................................................................................................................................................................................... 54

5.15 P-CSCF Audit ...................................................................................................................................................................................................................... 545.15.1 P-CSCF Service Policy Configuration Audit .................................................................................................................................................................... 545.15.2 P-CSCF Access Profile Audit ........................................................................................................................................................................................... 55 5.15.3 PCRF Policy Control Configuration .................................................................................................................................................................................. 56 5.15.4 PROXY-CSCF Audit ........................................................................................................................................................................................................ 575.15.5 P-CSCF Policy and Service Policy Rule Configuration Audit .......................................................................................................................................... 57

5.16

S-CSCF Audit ...................................................................................................................................................................................................................... 58

5.16.1 S-CSCF Peer Server Audit .............................................................................................................................................................................................. 585.16.2 S-CSCF Translation Audit ................................................................................................................................................................................................ 585.16.3 S-CSCF Policy Audit ........................................................................................................................................................................................................ 595.16.4 S-CSCF IFC Audit ............................................................................................................................................................................................................ 595.16.5 AAA Group Audit .............................................................................................................................................................................................................. 605.16.5.1 HSS interworking audit ........................................................................................................................................................................................................................................................................ 605.16.5.2 CDF interworking audit ........................................................................................................................................................................................................................................................................ 60

5.16.6 CSCF Service Audit ......................................................................................................................................................................................................... 615.16.6.1 S-CSCF Service Audit .............................................................................................................................................................................................................................................................................. 61


4/74



5.16.6.2 Serving-CSCF Audit................................................................................................................................................................................................................................................................................. 62

5.16.7 HSS endpoint Audit .......................................................................................................................................................................................................... 625.16.8 CDF Endpoint Audit ......................................................................................................................................................................................................... 63

6. OSS AUDIT ............................................................................................................................................................................................................................. 64

6.1 MUR Audit ............................................................................................................................................................................................................................. 64

6.2 WEM Audit ............................................................................................................................................................................................................................ 65

7. ECS AUDIT ............................................................................................................................................................................................................................. 66

APPENDIX A ENGINEERING LIMITATIONS ............................................................................................................................................................................ 72


5/74



List of Tables

Table 4-1: Platform Audit ............................................................................................................................................................................................................... 18

Table 4-2: Card Audit ..................................................................................................................................................................................................................... 19

Table 4-3: Interface Audit ............................................................................................................................................................................................................... 19Table 5-1: Context Audit ................................................................................................................................................................................................................ 23

Table 5-2: RADIUS Audit .............................................................................................................................................................................................................. 24

Table 5-3: DHCP Audit ................................................................................................................................................................................................................... 24

Table 5-4: Ga/Gz Interface Audit ................................................................................................................................................................................................... 25

Table 5-5: Diameter Audit .............................................................................................................................................................................................................. 26

Table 5-6: Gx Interface Audit ......................................................................................................................................................................................................... 26

Table 5-7: Ga Interface Audit ......................................................................................................................................................................................................... 27

Table 5-8: Gn Interface Audit ........................................................................................................................................................................................................ 28

Table 5-9: Gi Interface Audit .......................................................................................................................................................................................................... 29

Table 5-10: APN Audit ................................................................................................................................................................................................................... 30

Table 5-11: SGTP Service Audit .................................................................................................................................................................................................... 31

Table 5-12: GPRS Service Audit ................................................................................................................................................................................................... 31

Table 5-13: IuPS Interface Audit .................................................................................................................................................................................................... 32

Table 5-14: SGSN Service Audit ................................................................................................................................................................................................... 33

Table 5-15: DNS Service Audit ...................................................................................................................................................................................................... 33

Table 5-16: MAP Service Audit ...................................................................................................................................................................................................... 33

Table 5-17: SS7 Routing Domain Audit ......................................................................................................................................................................................... 35

Table 5-18: SCCP Network Audit .................................................................................................................................................................................................. 36

Table 5-19: GTT Association Audit ................................................................................................................................................................................................ 36

Table 5-20: Operator Policy Audit .................................................................................................................................................................................................. 37

Table 5-21: S1-MME Interface Audit .............................................................................................................................................................................................. 39

Table 5-22: S6a and S13 Interface Audit ....................................................................................................................................................................................... 39


6/74



Table 5-23: S10/S11 Interface Audit .............................................................................................................................................................................................. 40

Table 5-24: S3 Interface Audit ....................................................................................................................................................................................................... 40

Table 5-25: SGs Interface Audit ..................................................................................................................................................................................................... 40

Table 5-26: LTE Policy Audit.......................................................................................................................................................................................................... 41

Table 5-27: Operator Policy Audit .................................................................................................................................................................................................. 41

Table 5-28: SGW Service Audit ..................................................................................................................................................................................................... 43

Table 5-29: S11 Interface Audit ..................................................................................................................................................................................................... 43

Table 5-30: S4 SGSN audit............................................................................................................................................................................................................ 44

Table 5-31: S5/S8 Interface Audit .................................................................................................................................................................................................. 44

Table 5-32: PGW Service Audit ..................................................................................................................................................................................................... 45

Table 5-33: S5/S8 Interface Audit .................................................................................................................................................................................................. 45

Table 5-34: SGi Interface Audit ...................................................................................................................................................................................................... 46

Table 5-35: APN Audit ................................................................................................................................................................................................................... 47

Table 5-36: RP Interface Audit ....................................................................................................................................................................................................... 48

Table 5-37: Pi Interface Audit......................................................................................................................................................................................................... 49

Table 5-38: Subscriber Template Audit ......................................................................................................................................................................................... 50

Table 5-39: FA Service Audit ......................................................................................................................................................................................................... 51

Table 5-40: Pi Interface Audit......................................................................................................................................................................................................... 52

Table 5-41: PDN Interface Audit .................................................................................................................................................................................................... 52

Table 5-42: Subscriber Template Interface Audit .......................................................................................................................................................................... 53

Table 5-43: HSGWRP Interface Audit ....................................................................................................................................................................................... 54

Table 5-44: S2a Interface Audit ..................................................................................................................................................................................................... 54

Table 5-45: P-CSCF Service Policy Audit ...................................................................................................................................................................................... 55

Table 5-46: P-CSCF Access Profile Audit ..................................................................................................................................................................................... 56

Table 5-47: P-CSCF Service Audit ................................................................................................................................................................................................ 56

Table 5-48: Proxy CSCF Audit ....................................................................................................................................................................................................... 57

Table 5-49: Proxy CSCF Audit ....................................................................................................................................................................................................... 58


7/74



Table 5-50: S-CSCF Peer Server Audit ......................................................................................................................................................................................... 58

Table 5-51: S-CSCF Translation Audit .......................................................................................................................................................................................... 59

Table 5-52: S-CSCF Policy Audit ................................................................................................................................................................................................... 59

Table 5-53: S-CSCF IFC Audit....................................................................................................................................................................................................... 60

Table 5-54: HSS Interworking Audit ............................................................................................................................................................................................... 60

Table 5-55: CDF Interworking Audit ............................................................................................................................................................................................... 61

Table 5-56: S-CSCF Service Audit ................................................................................................................................................................................................ 61

Table 5-57: Serving CSCF Audit .................................................................................................................................................................................................... 62

Table 5-58: HSS Endpoint Audit .................................................................................................................................................................................................... 63

Table 5-59 CDF Endpoint Audit ..................................................................................................................................................................................................... 63

Table 6-1: OSS Audit ..................................................................................................................................................................................................................... 64

Table 6-2: MUR Audit ..................................................................................................................................................................................................................... 65

Table 6-3: WEM Audit .................................................................................................................................................................................................................... 65

Table 7-1: ECS Audit Sample Report ............................................................................................................................................................................................ 68


8/74



References

[1] Data Collection Guide

[2] ASR 5X00 Command Line Interface Guide

[3] ASR 5X00 Administration Guide


9/74



Definitions

Acronym MeaningCSCF Call Session Control FunctionCIQ Customer Information Questionnaire

GGSN Gateway GPRS Support NodeHA Home AgentFA Foreign AgentHSGW HRPD Serving GatewayI-CSCF Interrogating-CSCFMME Mobility Management EntityP-CSCF Proxy-CSCFPGW Packet Data Network GatewayS-CSCF Serving-CSCFSAEGW System Architecture Evolution GatewaySGSN Serving Gateway Support NodeSGW Serving Gateway


10/74



Revision History

Version Date Status Author/s Review Changes

1.0 2/27/12 FirstVersion

Daryl Huynh Santosh Panambur

Anwin Kallumpurath1.5 4/27/12 Second

VersionDaryl Huynh Anwin Kallumpurath

2.0 5/22/12 ThirdVersion

Amol Khire Daryl Huynh, AravindBalakrishnan

3.0 7/25/12 FourthVersion

Daryl Huynh

Amol Khire

Bin Guo

Hao Jiang Jiang

Gavish Kumar,Matthew Brandes

4.0 10/31/12 Fifth

Version

Rahul Mahadik

Daryl Huynh

Amol Khire,

Akshay Raj,Aravind Balakrishnan

5.0 1/30/12 SixthVersion

Rahul Mahadik Daryl Huynh,

Jiming Shen,

Bo Keun Kang,

Govindaraj Duraisamy


11/74



1. Introduction

This document focuses on the configuration audit process by explaining what the configuration audit requirements are and what to check for and flag as aconcern. Primarily, the process works by supplying an ASR 5000 support details and check for system constraints and best practice guidelines using this output.

A configuration audit report is used to identify the following points:

General System Auditevaluating a configuration and identifying any missing components or configurations

Best Practice Guidelinesassessing the overall health of the configuration to ensure certain best practices are applied

System Limitationscheck for system limitations based on the inherent software limits

Feature Implementationidentify the features implemented based on the configuration.

Please note that this document will be constantly revised as the technology evolves and additional best practices and guidelines are found.


12/74



2. Data Collection and Methodology

The Show Support Details output on the ASR 5000 is required for the configuration audit. In general, the configuration within the SSD will provideinformation on what features are enabled, how much resources are used (i.e. # of contexts used) and whether best practices are applied based on the CLIsconfigured. In addition to the configuration, CLI show commands from the SSD will need to be evaluated to assist in the audit process as this informationcannot be derived from the configuration alone.

This includes looking at the following CLI commands:

Show version verboseused to identify the version number and build release. This information will help to identify issues with the configurationbased on the release version.

******** show version verbose *******Active Software:

Image Version: 12.0 (39936)Image Description: Production_BuildImage Date: Tue Sep 20 22:18:03 EDT 2011Kernel Version: 2.6.18-staros-v2-pcKernel Machine Type: i686

Show license informationused to identify all the licensed features available on the chassis. This information can be used to identify whether all thefeatures are used, or whether there may be a potential licensing issue.

******** show license information *******Key Information (installed key):Comment PRODUCTION SYSTEM 2 PO:678497,687276CF Device 1 Model: SanDiskSDCFJ-4096

Serial Number: 116922I0207F3815CF Device 2 Model: SanDiskSDCFJ-4096

Serial Number: 111719I0207F3324Issued Thursday November 13 08:15:34 NZDT 2008Issued By Cisco SystemsKey Number 28155

Enabled Features:Feature Applicable Part Numbers---------------------------------------- -----------------------------GGSN: [ 600-00-7544 / 600-00-7545 ]+ DHCP [ 600-00-7520 ]+ RADIUS AAA Server Groups [ none ]

Ipv4 Routing Protocols [ none ]Enhanced Charging Bundle 2: [ 600-00-7574 ]+ DIAMETER Closed-Loop Charging Interfa [ none ]


13/74



+ Enhanced Charging Bundle 1 [ 600-00-7526 ]Session Recovery [ 600-00-7513 / 600-00-7546

600-00-7552 / 600-00-7554600-00-7594 / 600-00-9100600-00-9101 ]

Dynamic Radius extensions (CoA and PoD) [ 600-00-7518 ]Session Limits:

Sessions Session Type-------- -----------------------322000 GGSN322000 ECS

CARD License Counts:[none]

Status:Device 1 Matches card 9 flashDevice 2 Matches card 8 flashLicense Status Good (Redundant)

Show card hardwareused to identify the hardware setup of the node. This information will help us audit and categorize the node hardwareinventory.

******** show card hardware *******Card 2:Card Type : Packet Services CardCard Description : PSCPart Number : 530-02-0030 14Serial Number : PLB51077565Switch Fabric Modes : control plane, switch fabricCard Programmables : up to dateNPU Microcode : running 1.0Slave SCB : on-card 1.6PSR : on-card 0BIOS : on-card-a 7.8.14, on-card-b 7.8.14DT FPGA : running 8.85CPU 0 Type/Memory : Socket 0: Xeon 000 C0, 2000 MHz

: Socket 3: Xeon 000 C0, 2000 MHz: Chipset: E7520 C4, 6300ESB A3, 16384 MB

CPU 1 Type/Memory : IXP2855 A0, 1500 Mhz, 1536 MBCPU 0 CFE/Diags : on-card 2.0.17, running 130.1.2

Show configuration errorsused to check the health of the configuration file. This information will help us identify common configuration errors,which may not be captured by the configuration parser.


14/74



******** show configuration errors *******# Displaying Diameter Configuration errorsTotal 0 error(s) in this section !

# Displaying MAP-service system errors

Error : Sccp network configuration is missing for the map-service map in context gb

Error : Map service map in context gb does not have any hlr configuration.

Error : Sccp network configuration is missing for the map-service gs in context test

Error : Map service gs in context test does not have any hlr configuration.

Total 4 error(s) in this section!

Show active-charging ruledef statistics all chargingIdentifies the commonly hit URLs on the chassis.

******** show active-charging ruledef statistics all charging *******

Ruledef Name Packets-Down Bytes-Down Packets-Up Bytes-Up Hits------------ ------------ ---------- ---------- -------- ----10.10.10.10 0 0 7663 723532 745710.10.10.11 0 0 0 0 010.18.0.0/18 62 2728 5376 443037 503310.20.0.0/18 79 3476 71892 6434902 6770910.20.128.0/18 79 3476 3160 270314 286610.222.0.0/20 0 0 0 0 010.222.136.0/21 0 0 0 0 010.222.24.0/21 0 0 0 0 0129.142.220.79 0 0 0 0 0130.244.196.90 1638368 1269197678 1165789 226055446 2202497

Show active-charging analyzer statistics all chargingIdentifies the analyzers matching packets on the chassis.

******** show active-charging analyzer statistics *******ACS Flow Stats:

Cumulative: 2644539112IPv4: 2644539112 ICMP: 37295257IPv6: 0 ICMPv6: 0TCP: 1624756837 UDP: 981906211HTTP: 798435757 HTTPS: 0


15/74



POP3: 0 IMAP: 0SMTP: 0 FTP: 0RTSP: 136862 SIP: 0RTP: 164165 RTCP: 163042WTP: 156593 MMS: 2416126WSP_CO: 85438 WSP_CL: 262730DNS: 0 P2P: 455532984

ACS - Num Flows Cleared by Idle Timer:Total: 1224361242IPv4: 1224361242 ICMP: 35158025IPv6: 0 ICMPv6: 0TCP: 265243456 UDP: 923429147HTTP: 25647653 HTTPS: 0POP3: 0 IMAP: 0SMTP: 0 FTP: 0RTSP: 3756 SIP: 0RTP: 1669 RTCP: 1025WTP: 0 MMS: 6658WSP_CO: 2824 WSP_CL: 8P2P: 423644234 DNS: 0


16/74



3. Prerequisites

The prerequisite for a configuration audit requires a show support details and any additional CLI commands need to be logged. In addition, this informationmust come at the beginning of the soak period and the end of a monitoring period during the data collection phase as per the Data Collection Guide [1].

An understanding of the ASR5000 configuration and structure is required. The ASR 5000 CLI Guide [2] can be used for reference.


17/74



4. Platform Audit

A platform audit consists of identifying a set of common CLI commands that may be configured on all chassis regardless of the node function based on thesystem license. The platform audit will also identify the types of cards and interfaces configured within the node.

The platform audit should check for the following CLIs as seen in the table and provide a recommended action or appropriate message for flagging:

Platform

Conf igurat ion

CLI command Analysis Recommendation

log filter runtime facility cli leveldebug

CLI debug should be enabled to allow CLI outputs to becaptured in syslogs.

It is recommended to enable CLI level debug.

hidden passwordHidden password is an engineering only command thatshould not be configured on any node configuration.

It is not recommended to configure this CLI as it is anengineering-only command, so it should be removed iffound. Additionally, you can include thenoconfirmoption if you wish to bypass a check for scriptingpurposes.

autoconfirmAutoconfirm disables built in system checks for

configuration change.

It is not recommended to configure this CLI as it willbypass any system checks, so it should be removed if

found.

gtpp single-source

For UMTS/LTE:

GTPP single-source allows the system to perform proxyfunction by reserving a CPU to process GTPP requests.Identify whether this CLI command is configured.

It is recommended to enable this command to enableGTPP proxy processing on the system. Enabling thiscommand requires a reload.

aaa large-configurationAAA large-configuration enables the system to accept alarger number of RADIUS configurations.

It is recommended to enables the system to configureadditional AAA groups. Enabling this command requiresa reload.

banner motdA banner allows the system to prompt users prior toaccessing the node.

It is considered best practice to include a banner for userlogin to notify the user of unauthorized access to thenode.

system hostnameA system hostname allows the node name to beidentified. It is also used to populate billing parameterssuch as within CDR records.

It is recommended to enable system hostnames for allnodes.

timestampsTimestamps allow for all CLI commands to be loggedwith an associated timestamp.

It is recommended to enable timestamps so that userswho are logging the screen will have the propertimestamps associated with the logs.

clock timezone [us-eastern]

By default, clock timezone is set to us-eastern. However,in a normal deployment, the clock timezone varies fromnode to node and should be set based on the nodelocation.

It is recommended to configure the proper timezone forvarious reasons such as billing purposes and usertraceability purposes.


18/74



crash enable urlCrash URL enables the system to send full crash cores toa remote location.

It is recommended to enable sending full crash cores toan external node.

require session recovery

This is a licensed feature.

Session recovery allows for calls to be recovered duringa task crash or card failure to improve user experience.

It is recommended to enable this feature on a system toimprove user experience and accessibility.

require active-charging

This is a licensed feature.

If the license is available, it is recommended to enableactive-charging as enabling it the first time will preventthe scenario where enabling the feature requires asystem reload.

It is recommended to enable this feature on a system toproactively configure ECS services to prevent a scenariowhere a reload is required to enable the feature.

require diameter-proxy multipleProxy multiple enables the system to create a proxy foreach active PSC card on the system for the client-serverpeering for DIAMETER.

It is recommended to configure proxy to multiple insteadof single to prevent the scenario where a single callaffecting the single proxy can cause the facility to crashthus affecting all related calls.

aaa last-resort context

For CDMA:

Configuring AAA last resort contexts provides UEs with a

last attempt to locate an AAA server based on the contextprovided within this configuration.

It is recommended to enable last resort contexts toprovide a fail-safe for configurations missing the properAAA configurations to find the proper AAA server as a

last resort.

aaa default-domain

For CDMA:

Configuring default-domain provides UEs to include adefault domain if the domain field is empty.

It is recommended to configure a default-domain to allowfor subscribers missing a domain to include a defaultdomain for accounting and authentication services.

aaa domain-matching ignore-case

For CDMA:

Configuring ignore-case allows the system to ignorecase-sensitivity when matching against domain names.

It is recommended to configure ignore-case to allow forthe system to ignore case-sensitivity as it is a commonerror that subscribers add in case-type typos whenmaking network changes on their handsets.

Table 4-1: Platform Audit

4.1 Card Audit

A card audit consists of identifying the card arrangement and understanding which cards are enabled within the system. Since a card audit will generally takeup the front slots, it is best to identify which cards are in the system in order to determine if the physical arrangement of the cards are done as per bestpractice for maximum airflow and future expansion considerations.

Show card hardware should also be used to verify the configuration audit as well to ensure that cards are used optimally.


19/74



Card

Conf igurat ion


cardCards should be laid out to allow for best airflow and forfuture expansion.

It is recommended to arrange cards in every other slotfirst, while slot 1 and 16 should be the last two used slots.

cardshutdown

Card shutdown terminates all tasks and processes on a

card and causes the card to go offline even when a newcard is inserted in the slot.

It is recommended to set card to no shutdown so that

new cards that are inserted can be in an operationalstandby state.

portpreferred port

Preferred slot enables the port to prefer a port when thereis a link issue.

It is recommended to disable preferred port as thisscenario may cause links to constantly flap between twoports if there is an issue with the preferred port.

Table 4-2: Card Audit

4.2 Interface Audit

An interface audit consists of identifying the interface arrangements and understanding whether the cards are enabled in an active/active or active/standbyscenario. The card arrangement will also be identified to determine whether cards are placed optimally, especially in the case of XGLC cards where they

must be in odd slots to begin with since it required for active/standby redundancy.

Show card hardware should also be used to verify the configuration audit as well to ensure that cards are used optimally.

Interface

Conf igurat ion


port ethernet

Linecards should be laid according to best practiceguidelines where single full length linecards should be onthe odd port first due to future redundancy expansionconsiderations as full length cards are redundant to itsimmediately even portIE 17 is redundant to 18.

It is recommended to arrange cards in an optimal mannerto consider for future expansions or design requirements.

port ethernet

description

Port descriptions help engineers quickly identify why a

port is configured or used.

It is recommended to enable descriptions for all used

ports on the system.port ethernetpreferred port

Preferred slot enables the port to prefer a port when thereis a link issue.

It is recommended to disable preferred port as thisscenario may cause links to constantly flap between twoports if there is an issue with the preferred port.

Table 4-3: Interface Audit


20/74



4.3 Threshold Audit

By default, the ASR5000 and ASR5500 have built in threshold monitoring. However, they are not enabled by default. Refer to the following for more detailson providing an accurate recommendation of thresholds to the customer: http://www.cisco.com/en/US/docs/wireless/asr_5000/12_2/OL-25552_Thresholding_Config.pdf.

Interface

Conf igurat ion


no threshold monitoring npu-resourceno threshold monitoring cpu-resourceno threshold monitoring systemno threshold monitoring licenseno threshold monitoringsubscriberno threshold monitoring call-setup

The following monitoring thresholds are PLATFORMrelated thresholds.

It is recommended to enable the following PLATFORMthresholds for monitoring purposes.

no threshold monitoring ecs

no threshold monitoring fa-serviceno threshold monitoring ha-serviceno threshold monitoring pdsn-serviceno threshold monitoring pdif-serviceno threshold monitoring asngwno threshold monitoring asnpcno threshold monitoring phsgwno threshold monitoring phspno threshold monitoring firewallno threshold monitoring pdg-

serviceno threshold monitoring hnbgw-serviceno threshold monitoring sgw-serviceno threshold monitoring saegw-serviceno threshold monitoring pgw-service

The following thresholds are SERVICE relatedthresholds.

It is recommended to enable the following SERVICEthresholds as applicable for the node for monitoringpurposes.
http://www.cisco.com/en/US/docs/wireless/asr_5000/12_2/OL-25552_Thresholding_Config.pdfhttp://www.cisco.com/en/US/docs/wireless/asr_5000/12_2/OL-25552_Thresholding_Config.pdfhttp://www.cisco.com/en/US/docs/wireless/asr_5000/12_2/OL-25552_Thresholding_Config.pdfhttp://www.cisco.com/en/US/docs/wireless/asr_5000/12_2/OL-25552_Thresholding_Config.pdfhttp://www.cisco.com/en/US/docs/wireless/asr_5000/12_2/OL-25552_Thresholding_Config.pdf


21/74



no threshold monitoring lma-serviceno threshold monitoring hsgw-serviceno threshold monitoring epdg-service

no threshold monitoring route-serviceno threshold monitoring mme-serviceno threshold monitoring fng-serviceno threshold monitoring diameterno threshold monitoring aaa-acct-archive-queueno threshold monitoring aaa-auth-failureno threshold monitoring aaa-acct-failure


22/74



5. System Audit

A system audit consists of identifying common CLI configurations that must be configured for all chassis in order to configure the respective services.

5.1 Context Audit

A context audit consists of identifying how many contexts are configured and what services are enabled within each context to determine the function of it.Since the OAM on the ASR5000 is also identified as a context environment, the local context should be identified separately from other service levelcontexts. Generally, only the local context is enabled for access protocols such as SSH or FTP, so it is worth noting if a context is enabled with suchservices.

Context

Conf igurat ion


contextip access-list

An IP access list it used to permit or deny packets to acontext. However, an IP access list is not a globalcommand as ACLs configured within a context andunused is simply using up system resources.

It is recommended to use ACLs only within its respectivecontext as ACLs are not globally configured commands.

contextserver ftpd

FTP is considered an insecure access protocol thatshould be avoided as communications between clientand server is sent in plain text, which makes all the CLIcommands including username and password to behighly susceptible to snooping.

It is recommended to disable FTP and use SFTP insteadfor security reasons.

contextserver telnetd

TELNET is considered an insecure access protocol thatshould be avoided as communications between clientand server is sent in plain text, which makes all the CLIcommands including username and password to behighly susceptible to snooping.

It is recommended to use SSH over TELNET.

context

server sshdsubsystem sftp

SSH is a secure data access protocol that can be used to

log into the chassis.

It is recommended to use SSH and SFTP over TELNET

and FTP.

context locallogging syslog

Syslog servers enable the system to send facilitymessages to log activity on the system.

It is recommended to configure syslog servers on thesystem to log all system related events and CLI outputs,for troubleshooting or debugging.

port ethernet 24/1

The SPIO ports are configured as port 24/1, 24/2, 25/1and 25/2. However, unlike the LCs, SPIO ports are side-by-side redundant whereas port 24/1 is redundant to port25/1.

It is recommended to have redundant SPIO ports activebetween 24/1 and 25/1, and 24/2 and 25/2 respectively.


23/74



Table 5-1: Context Audit

5.2 AAA Interface

A RADIUS audit consists of identifying whether RADIUS services are enabled within the context specified and configured correctly as per best practiceguidelines.

RADIUS

Conf igurat ion


contextaaa group

The AAA group identifies the RADIUSauthentication/accounting server on the node. Bydefault, an AAA group default is configured for allcontexts and should be used if the requirement is onlyone RADIUS group needed.

It is recommended to use non-default configuration forAAA group from a design perspective only if there aremore than one AAA server configured on the system.Inherent fallback design for misconfigurations will refer tothe default configuration.

context

aaa groupradius attribute nas-ip-address

The RADIUS NAS IP should be configured within the

same context as the AAA group.

It is recommended to configure the NAS IP address

within the same context as the AAA group.

contextaaa groupno radius accounting archive

For UMTS/LTE:

RADIUS accounting archive enables the system to storeoffline accounting requests and archives them to be sentto the server when the server is available.

It is recommended to disable RADIUS accounting archiveto prevent a scenario where offline accounting requestsspam the server as there is generally no billingconsideration for RADIUS accounting in a UMTS/LTEnetwork.

contextaaa groupradius detect-dead-server

consecutive failures

RADIUS detect-dead-server allows the system to mark asystem as DEAD after multiple timeouts and retries.

It is recommended to enable detect-dead-server toprevent the scenario where a timed out server is beingsent AAA requests. It is recommended to configure thisvalue as 4 or less, but greater then 0.

contextaaa group

radius mediation-deviceaccounting server

RADIUS accounting server identifies which RADIUS

server to send accounting messages to.

It is recommended to configure all RADIUS accountingservers as medication devices.

contextaaa groupradius timeoutradius max-retriesradius accounting timeoutradius accounting max-retries

The following timers are used to control the number ofauthentication and accounting retries before a server isconsidered down. Based on show radius counters all,these values can be modified depending on the numberof timeouts or roundtrip time.

It is recommended to configure the following values:

radius timeout 2radius accounting timeout 2radius max-retries 3radius accounting max-retries 3

This algorithm dictates how many servers you send The number of first-n servers should be equal to or less


24/74



contextaaa groupradius accounting algorithm

first-n

accounting requests to. then the number of accounting servers configured.

Table 5-2: RADIUS Audit

5.3 DHCP Interface

A DHCP audit consists of identifying whether DHCP services are enabled within the context specified. DHCP services are commonly configured primarily forcorporate networks, so a context identified with DHCP services can generally be considered a corporate context.

DHCP

Conf igurat ion


dhcp-servicedhcp ip

DHCP server is supported in proxy or relay mode inR12.0. However, in R14, relay mode is no longer

supported.

It is recommended for a customer to move to proxy-modeas relay mode will not be supported in future releases.

dhcp-servicedhcp deadtimedhcp detect-dead-server

consecutive-failures

DCHP deadtime and detect-dead-server is used todetermine how long a DHCP server is marked as deadupon a timed out request.

It is recommended to configure the following values:

dhcp deadtime 60dhcp detect-dead-server consecutive-failures 3

Table 5-3: DHCP Audit

5.4 Ga/Gz Interface

A GTPP audit consists of identifying whether GTPP groups are enabled within a context for billing. Since it is used primarily for billing, if a single GTPP groupis identified, it should be configured as a default group only since the system fails over to a default group in a failure scenario. In addition, the

threshold/interim values should be identified and determined as part of the KPI analysis to determine whether higher thresholds should be used if there areissues with mediation processing the number of records.

Ga/Gz Interface

Conf igurat ion


gtpp groupThe GTPP group identifies the billing confiugraion on thesystem. By default, a GTPP group default is configured

It is recommended to use non-default configuration forGTPP group from a design perspective only if there are


25/74



for all contexts and should be used if the requirement isonly one GTPP group required.

more than one GTPP server configured on the system.Inherent fallback design for misconfigurations will refer tothe default configuration.

gtpp groupno gtpp dead-server suppress-

cdrs

Configures actions to be taken when a dead server isdetected

It is recommended to disable

gtpp groupgtpp deadtime Specifies the time duration in seconds after which systemwill treat a previously CGF server as active. It is recommended to configure this value as 120 or less,but more then 0 to mark a server properly down.

gtpp groupgtpp detect-dead-server

consecutive-failuresConfigures how to detect a dead CGF

It is recommended to configure this value to be greaterthen 0 if a CGF is implemented. Otherwise, it isrecommended to configure as 0.

gtpp groupgtpp source-port-validation

Specifies whether the Charging agent should respond torequest messages from only configuredCFGs

It is recommended to enable source-port-validation toprevent the scenario where a un-configured CGF cansend responses to the system.

gtpp groupgtpp max-retries

Configures maximum number of times system willattempt to communicate with a CGF before systemfails over to the secondary CGF.

It is recommended to configure this value as 4 or less,but greater then 0.

gtpp groupgtpp suppress-cdrs zero-volume-

and-duration

Suppress CDRS with zero volume and zero duration.It is recommended to supress CDRs with zero volume orduration to reduce the number of CDRs being processed

by mediation without any data.gtpp groupgtpp storage-server mode

streaming

Specifies the use of HDD to store CDRs in case ifCGF fails and then stream the CDRs to the CGF whenCGF is up.

It is recommended to configure GTPP mode to streamingif a CGF is used.

gtpp groupno gtpp egcdr service-data-flow

threshold

Configures the thresholds for closing a service dataflow container within an eGCDR based on volume orinterval.

It is recommended to disable this configuration by defaultas it would prematurely generate closing CDRs and resultin additional CDRs to be processed.

Table 5-4: Ga/Gz Interface Audit

5.5 DCCA/DPCA Audit

A DCCA/DPCA audit consists of identifying the diameter endpoint configurations enabled within a context. Since the endpoint can be configured for multipleservices, you must first identify the endpoint and the associated services before you can determine what a particular DCCA/DPCA service is used for. Inaddition, specific timers should be checked against between the client and server side to make sure the values are in sync during a failure scenario.

Diameter

Conf igurat ion



26/74



diameter endpointwatchdog-timeout

Connection retry-timeout identifies the Tw timer which isthe timeout value in which a watchdog considers the peerto be down.

The watchdog-timeoutcan be configured to 30 or 60seconds to reduce the flapping of the diameterconnection, which causes due to low watchdog timeoutlike 5-10 seconds. Default value is 30 seconds.

diameter endpointconnection retry-timeout

Connection retry-timeout identifies the Tc timer which isthe timeout value in which a retry is sent.

It is recommended to configure the connection retry-timeout to 10 seconds (default 60) to reduce the time in

which the CER/CEA has not been exchanged.

diameter endpointreconnect-timeout

Reconnect-timeout enables the system to resend a CERafter a period when the client receives a DO NOT WANTTO TALK TO YOU message from the server.

It is recommended to configure a 60 second interval sothat a DO NOT WANT TO TALK TO YOU messagefrom the server will not mark the peering relationship tobe down permanently (until reboot) on the system.

diameter endpointresponse-timeout

Response timeout configures how long the client waits fora response before it times out.

It is recommended to configure a 10 second interval toreduce the time in which the CER message is consideredtimeout.

diameter endpointroute-entry

A route entry can be added for a host, peer and realm.It is recommended to add a route-entry for each peer andset it to equal weight by default.

Table 5-5: Diameter Audit

5.5.1 Gx Interface

As part of the DCCA audit, the PCRF audit must be checked to determine whether the endpoint is configured as part of the PCRF service, named ims-auth-service. The IMS auth service is configured within a context and is considered a global parameter. As a result, if a context is configured with the ims-auth-service, it can be loosely identified at least as a Gx type context since it may still have other services enabled in the same context as well.

Gx Interface

Conf igurat ion


ims-auth-servicepolicy-controldiameter request-timeout

Response timeout configures how long the client waits fora response before it times out.

It is recommended to configure a 10 second interval toreduce the time in which the CCR message is consideredtimeout and CCFH condition is triggered.

Table 5-6: Gx Interface Audit

5.5.2 Gy Interface

As part of the DCCA audit, the OCS audit must be checked to determine whether the endpoint is configured as part of the OCS service. Credit control isconfigured as part of the ECS configuration. If an endpoint is identified as a OCS endpoint, the context where the endpoint is configured can be looselyidentified as a Gy type context since it may still have other services enabled in the same context as well.


27/74



Gy Interface

Conf igurat ion


credit-control groupdiameter pending-timeout

Connection retry-timeout identifies the Tc timer, which is

the timeout value in which a CCR is not responded to andtriggers the CCFH condition.

It is recommended to configure a 3 second timeoutinterval to reduce the time in which the CCR message isconsidered a timeout and CCFH condition is triggered.By default, the CCFH condition is to terminate the call.

credit-control group default

The credit-control group identifies the DCCA groupresponsible for the online charging with the OCS. Bydefault, a default group is configured and should be usedif the requirement is only one credit-control group isrequired.

It is recommended to use non-default configuration forcredit-control group from a design perspective only ifthere are more than one credit-control group configuredon the system. Inherent fallback design formisconfigurations will refer to the default configuration.

Table 5-7: Ga Interface Audit

5.6 GGSN Audit

The GGSN audit consists of identifying the GGSN related services configured on the ASR 5000. Best practice guidelines should be checked against theconfiguration to identify any risk areas that may come as a result of avoiding such guidelines.

The GGSN audit covers two primary areas: GGSN service and APN configuration.

5.6.1 Gn Interface

The GGSN service audit identifies where the GGSN service is enabled within a context. The service will be identified to determine whether multiple GGSNservices are configured as required based on customer requirements and also the logical design of the control and user plane. The context where the GGSNservice resides can be identified as the Gn APN where the GTPC requests from the SGSN are coming from the network.

Gn Interface

Conf igurat ionCLI command Analysis Recommendation

ggsn serviceassociate gtpu-service

The GTPU service is responsible for handling the userplane traffic for the GGSN service.

It is recommended that the GTPU service be the same IPaddress as the GTPC bound address to simplify designas the traffic reaches the context in the same manner.However, if there is a design requirement to split up theIPstraceability purposes, LI purposesthisrecommendation can be ignored.


28/74



If the node is used for 3G and 4G services, the IPaddress for GTP-C and GTP-U should match the IPaddress bound to the PGW service.

ggsn-serviceThe GGSN service is responsible for handling 2G/3GPDP requests from the SGSN.

It is recommended to have one GGSN service perchassis, unless it is a design requirement to do so.

ggsn-service

accounting context

The accounting context within the GGSN service direct

which billing context should be used for CDR generation.

It is recommended to configure the accounting context as

part of the GGSN service instead of the APNconfiguration.

ggsn-servicesgsn address

The SGSN address is used to identify the SGSNs used tosend PDP requests to the GGSN within the homenetwork.

It is recommended to configure SGSN addresses insubnet blocks as applicable.

ggsn-servicebind address

The bind address is responsible for handling the controlplane traffic for the GGSN service.

It is recommended that the GTPC address to be thesame IP address as the GTPU address to simplify designas the traffic reaches the context in the same manner.However, if there is a design requirement to split up theIPstraceability purposes, LI purposesthisrecommendation can be ignored.

If the node is used for 3G and 4G services, the IP

address for GTP-C and GTP-U should match the IPaddress bound to the PGW service.

ggsn-serviceecho interval

The echo interval is used to send echo requests to theservicing SGSNs to determine if the SGSN is still alive.

It is recommended to configure the echo interval to 60seconds.

Table 5-8: Gn Interface Audit

5.6.2 Gi Interface

The Gi interface defines the communication between GGSN and external PDN. Gi interface is configured within the PDN context configured and is logicallybound together by the APN configuration. This interface is implicitly referenced based on how the IP pools defined and bound to the APN are configured.

Gi InterfaceConf igurat ion


contextinterfaceip-address IPv4..IPv6

The Gi interface is routed based on the available IP poolswithin the same context. The interface should be ineither IPv4 or IPv6 format depending on the poolsconfigured.

It is recommended to configure the interface based onthe IP type of the pools and to have redundant interfacesideally, two logical interfacesto route IP traffic.

contextip pool private

Private pools are assigned only if the APN are configuredthe pool name.

It is recommended to configure all pools as PRIVATE toavoid the scenario where a PUBLIC pool gets assigned


29/74



to an APN by default.

contextip pool group-name

Group-names can be used to group together commontools.

It is recommended to configure group-name for multiplepools to simplify the configuration. It can also simplify thedesign if IP pool names are passed back from a RADIUSserver.

context

ip pool explicit-route-advertise

Explicit-route-advertise creates a /32 host route when a

subscriber connects to the pool.

It is not recommended to use this feature as a context

has an inherent limit of 2000 routes on their IP table.

Table 5-9: Gi Interface Audit

5.6.2.1 APN Audit

The APN audit identifies where the subscribers will connect to. APNs are generally classified as consumer APNs and corporate APNs. This is usuallydetermined by the naming convention of the APN. Identify the APN type is necessary as service between a corporate and consumer APN is generally verydifferent between service providers. All the related services to a subscriber are configured at the APN level.

APN

Conf igurat ion


contextapnvirtual-apn gcdr apn-name-to-

be-included Gn

Virtual-APN GCDR apn-name-to-be-included Gn appliesthe Gn APN within the GCDR records.

It is recommended to use the Gn APN to identify thesource of the PDP request unless there is a mediationreason why the Gi APN is used APN in the billingrecords.

contextapnaaa group

The AAA group assigned the RADIUSauthentication/accounting server to be used by the APN.

It is recommended that the AAA group be configured inthe same context as the APN.

contextapnip access-group * in

ip access-group * out

The IP access-group for in/out traffic is used to applypermit/deny/redirect rules to subscriber traffic accessingthis APN.

It is recommended to configure ACLs within the samecontext as the APNs as ACLs are not globalconfigurations.

contextapn

ip source-violation ignore

Source-violation enables the APN to check for IPspoofing. This feature will check if the subscriberassigned APN matches the traffic that is being receivedand will drop the call if 10 invalid packets are found bydefault.

It is recommended to ignore this command as donglesare commonly connected to APNs with a concurrentInternet connection, which will cause this rule to be hit bydefault and drop the call, affecting user experience.

contextapnmediation-device

Mediation-device enables the APN to send accountingrequests to a mediation-type RADIUS server.

It is recommended to use mediation-device for RADIUSaccounting servers.


30/74


31/74



sgtp-servicegtpu max-retranmissions

times an echo is sent before the GGSN is considered tobe down and active PDP calls are dropped.

contextsgtp-servicegtpu retransmission-timeout

The GTPU retranmission-timeout determines when theretranmissions will be marked as no response.

It is recommended to enable retranmission-timeout to 5.

Table 5-11: SGTP Service Audit

5.7.2 Gb Interface

The 2G services required for the SGSN covers the network-service-entity level, which establishes the NSVL associations to the BSC, and the gprs-service,which handles the 2G related calls on the SGSN for the ASR5000.

Gb Interface

Conf igurat ion


network-service-entitynsvl instance

The NSVL instance is the association responsible forcommunicating with the BSC.

It is recommended to configure 4 NSVL instances formaximum redundancy.

network-service-entity

nsvc-failure-action send-ns-status clear-nse

The NSVL failure-action clear-nse enables the SGSN to

clear NSEs if the NSVCs to the BSC are down.

It is recommended to enable the NSVC failure action to

send a clear to re-establish the Gb association since bydefault; failures in the association are not re-established.

Table 5-12: GPRS Service Audit

5.7.3 IuPS Interface

The 3G services required for the SGSN covers the iups-service, which covers the association to the RNC, and the sgsn-service, which enables the iups-service to talk to the sgtp-service for call traffic association. Basically, for every iups-service, there should be a sgsn-service. However, as noted previously,it is recommended to have one iups-service and sgsn-service. Based on the distributed architecture and design of the platform, it is not necessary to havemultiple services similar to how legacy SGSN equipment was designed.

IuPS Service

Conf igurat ion


contextiups-service

The SGTP service is responsible for handling the PDPrequests over the IuPS interface towards the RNC

It is recommended to configure only one IuPS service tobe used to identify the SGSN IuPS interface to the RNC.

contextiups-servicegtpu echo-interval

The GTPU echo interval handles the echo messages andhow often messages are sent that serves as the keepalive between the SGSN and RNC

It is recommended to disable the echo-interval for theiups-service.

contextiups-service

The GTPU max-retranmissions determine how manytimes an echo is sent before the RNC is considered to be

It is recommended to enable max-retramissions to 4.


32/74


33/74



Table 5-14: SGSN Service Audit

5.7.4 DNS Service Audit

The DNS audit covers the DNS resolution configuration for the SGSN. Primarily, it is important to have multiple DNS servers configured in the event of afailure. The cache value should also be set only if the cache returned by the DNS server is a higher value.

DNS

Conf igurat ion


.ip name-servers Identify the DNS servers configured for lookup.It is recommended to have two IP name serversconfigured.

dns-clientcache ttl negativecache ttl positive

The cache ttl values determine how long positive ornegative queries are cached before querying the DNSserver.

It is recommended to have the cache ttl value lower thenthe cache returned by the DNS for the configuration totake effect86400 seconds for positive and 60 secondsfor negative.

Table 5-15: DNS Service Audit

5.7.5 Gr, Gf and Gs Interface

The MAP service is responsible for handling the requests to the HLR, EIR and SMSC.

Gr, Gf and Gs Interface

Conf igurat ion


contextmap-serviceauth-vectors number-to-request

This configuration identifies the number of auth vectorsrequired for the authentication.

It is recommended to enable to 3 or more to reduce theamount of signaling to the HLR.

map-servicehlracn-version-retention per-

subscriber

This configuration enables the SGSN to send CANversions based on the subscriber profile.

This CLI is recommended primarily for roamingscenarios. By default, the SGSN sends CAN version 3

SAI to the HLR. It will receive an error message if theHLR does not support that version and will try again withversion 2 SAI. This scenario is most likely to happenduring a roaming scenario, so it is recommended to haveit be sent on a per subscriber basis.

Table 5-16: MAP Service Audit


34/74



5.7.6 SS7 Routing Domain Audit

The SS7 routing domain audit covers how the SS7 routing domains are broken down on the SGSN from a design perspective. As part of the audit process,you would check to see if the links are single-homing or multi-homing, as well as check if additional ASP instances are configured in order to spawn additionallinkmgrs to prevent potential congestion issues on a single linkmgr. Furthermore, checking the SCTP values based on best practice guidelines is highlyrecommended to prevent congestion.

SS7

Conf igurat ion


ss7-routing-domainasp instance

The ASP instance defines the process to handle theSCTP endpoint and messages between the client andserver.

It is recommended to configure 4 ASP instances formaximum redundancy.

ss7-routing-domainpeer-server idpsp instance

The PSP instance defines the peer servers to send theSCTP messages.

It is recommended to configure 4 PSP instances to avoidpotential congestion within the network.

ss7-routing-domainpeer-server id

psp instancepsp-mode

This configuration identifies whether the PSP mode is

server or client based.

It is recommended to configure the PSP mode as server

though this is limited to customer design.

ss7-routing-domainpeer-server idpsp instancetimeout m3ua-periodic-dest-

audit

Sets the M3UA audit timeoutBy default, this value is set at 2 seconds, but it isrecommended to tailor this parameter to the SS7 networkparameters.

ss7-routing-domainpeer-server idpsp instancetimeout sctp-heart-beat

Sets the SCTP heart-beat timerBy default, this value is set at 30 seconds, but it isrecommended to tailor this parameter to the SS7 networkparameters.


psp instancesctp-rto-min

Sets the SCTP min retransmission timeout value.

By default, this value is set at 10ms, but it is

recommended to tailor this parameter to the SS7 networkparameters.

ss7-routing-domainpeer-server idpsp instancesctp-rto-initial

Sets the SCTP initial retransmission timeout value. By default, this value is set at 30 ms, but it isrecommended to tailor this parameter to the SS7 networkparameters.

ss7-routing-domainpeer-server idpsp instance

Sets the SCTP max retransmission timeout value By default, this value is set at 600ms, but it isrecommended to tailor this parameter to the SS7 network


35/74



sctp-rto-max parameters.

ss7-routing-domainpeer-server idpsp instancesctp-sack-period units

Sets the SCTP selection ACK period. By default, this value is set at 2ms, but it is recommendedto tailor this parameter to the SS7 network parameters.

ss7-routing-domain

peer-server idpsp instancesctp-max-init-retx

Sets the SCTP max initiation retransmissions By default, this value is set at 10ms, but it is

recommended to tailor this parameter to the SS7 networkparameters.

ss7-routing-domainpeer-server idpsp instancesctp-max-assoc-retx

Sets the SCTP max association retransmissions. By default, this value is set at 10ms, but it isrecommended to tailor this parameter to the SS7 networkparameters.

ss7-routing-domainpeer-server idpsp instancesctp-max-path-retx

Sets the SCTP max path retransmissions. By default, this value is set at 5ms, but it is recommendedto tailor this parameter to the SS7 network parameters.


psp instancesctp-alpha

Sets the SCTP RTO alpha By default, this value is set at 5ms, but it is recommendedto tailor this parameter to the SS7 network parameters.

ss7-routing-domainpeer-server idpsp instancesctp-be

auidt cmds description

Documents