cisco ggsn presentation-v2

Mobility Solutions

Presenter NameTitle

Cisco GGSN

Architecture and Functionality Overview

Min HuangPacket Core Architecture Group

Proprietary information - Lucent Technologies 2

Contents

• GGSN Architecture and Functionality

• Features and Service Scenarios

• GGSN OAM Overview

• Cisco Roadmaps for GGSN


Part I


New GGSN

Cisco will provide the new GGSN, PDSN, and Media Gateway

Our partnership is non-exclusive

The u01.03 product is not immediately available

– We will First Receive a 7206 GGSN

– In June/July We will Receive the Official 7609 GGSN

– We will receive pre-release hardware before the official release


GGSN Configurations

• Common Software on Two Hardware Platforms

• Cisco 7206 GGSN

– Available Now

– Simplex Configuration

• Higher Availability Possible when Multiple 7200s Are Combined with Two 6500 Load Balancers – a “GGSN Server Farm”

• Cisco 7609 GGSN

– Redundant Configuration

– New Multi-Processor WAN Application Module (MWAM) Hosts GGSN Application

– Available Mid-2003

– Initially Acts as Multiple GGSNs Running in One Chassis


7206 GGSN Physical Architecture Overview

•I/O Adapter•LAN - GE - FE - 10 BaseT•WAN - POS (OC-3, OC-12) - ATM (OC-3) - E1/T1

•Service Adapter•ISA IPSec encryption card•VAM VPN Acceleration Module

•NPE 400•Hosts GGSN•Provides IOS functionality


7206 GGSN Internal Architecture Overview

Note: The above data flow is just a example.

1.6Gpbs PCIdata-bus

Encryption Card

NPE-400

I/O AdapterI/O Adapter

Empty SlotEmpty Slot

Empty Slot

GnGi

Hifn

350-MHz MIPS RISC Processor

Control Path Traffic Path

1.6Gpbs PCIdata-bus


•Supervisor modules: as GTP SLBs between MWAMs•Switching Fabric Modules (optional)•I/O modules

•LAN - GE - FE - 10 BaseT•WAN

- POS (OC-3, OC-12) - ATM (OC-3) - E1/T1

•Application Modules (details later)•MWAM modules: Host GGSNs/PDSN/HA, + IOS•PIX: Firewall Module•VPN Service Module: IPSec hardware acceleration card•CSG: Content Services Gateway *•SSG: Session Selection Gateway **

7609 GGSN Physical Architecture Overview

Note:*, ** -- It is Cisco’s plan to support CSG and SSG on the 7609 but it may not be available in the first release. Currently SSG is supported on 7400 platform.


Overview of 7609 Application Modules - 1

MWAM:

•Hardware for GGSN, PDSN and HA, but can only be one at a time (SSG may be integrated to this card in the future).

• 3 Sibyte 1250 processors = 6 MIPS64 CPUs (only 5 are used)

•5 GGSN images per card

•4 MWAM card per chassis

VPN Services Module:

•Provide Hardware Assisted IPSec tunneling and 3DES encryption

• Support IPSec Gateway not Client function

•Only one card supported in a chassis, multi-card support in the future

•8000 tunnels per card

•1.6 Gbps throughput per card



Firewall Services Module:

•Part of the Cisco PIX Firewall family, runs PIX OS

•Provide Functions as

• Protection from DOS

• Access List Control

• URL Filtering

• NAT/PAT

•Performance

• 5 Gbps throughput

•1 Million Concurrent connections

•More than 100,000 connection setup and teardown/sec

Content Services Gateway:

•Enables the operator to offer and bill for content differentiated value-added services to the end user

•Provides content billing and accounting capability to the end users and content providers

•Can measure time, packets, bytes, URL, transaction type, event, QoS, ToD, file type

•Supports CDR and GTP’ for content billing



Service Selection Gateway:

•Part IOS feature suite

•It is currently supported on 7206 & 7400 platform

•Will be integrated to MWAM in the future for 7609

•Provides Functions such as

• Web Selections: through user based policies, authentication and authorization

•PPP Termination Aggregation: through L2TP Tunneling based on domain name.

•Provides pre-paid using Radius


... ... Line Card

Line Card

Supervisor Card

Supervisor Card

MWAM Card

MWAM CardSibyte

1250

GTP SLB

DFP DFP

Data Bus (up to 256 Gbps withoptional Switching Fabric)

Result Bus (32 Gbps)

GnGi

Macedon

Hifn

Control Path Traffic Path

GTP SLB

Sibyte 1250

7609 GGSN Internal Architecture Overview

Note: The above data flow is just a example.

The chassis supports a 32 Gbps bus backplane and two optional switching fabric modules for up to 256 Gbps switching capacity.

Different Service and I/O cards may have different connectivity to the Switching fabric and/or the bus.7609 support both centralized switching and distributed switching depending on the type of service card and the line cards.


GGSN Server Farm Load Balance Operation

GGSN

GGSN

GGSN

GGSN

SGSN

GTP Server Load Balancing

CreatePDPContextReq(APN)

Gn

HSRP

CreatePDPContextRes

Dynamic Feedback Protocol (reports weights to SLB )

Virtual GGSN Server (farm)

Real GGSN1

Real GGSN 2

Real GGSN 3

Real GGSN 4

Redundancy schemes: Instead of providing hardware level redundancy, Cisco GGSN offers redundancy through higher layer routing protocols as such HSRP, and load balancing between/within the box.


GGSN Function Overview -- Key Feature Highlights• Global APN: can be provided through virtual APN with

Radius server or GTP Director Module (GDM) with DNS server for all PDP context type.

• Overlapping Address: Supported using different local APN and VRF.

• IP services:

– Some IP Services are provided by IOS on the GGSN such as: NAT/PAT and QoS.

– Many will be supported via separate hardware modules. For example, Firewall, IPSec VPN etc.


GGSN Function Overview -- Feature difference between SpringTide GGSN7609 gains:•Secondary PDP context support

•DHCP client

•Full support of Radius accounting attributes defined in 29.061including IMSI.

•Gc Support using GTP-MAP

•QoS including mapping from 4 UMTS QoS classes to Diffserv code points.

•PPP regeneration for non-transparent IP PDP contexts

•Context based Billing via CSG

•COPS support for R5

•Richer Routing/multicast protocol support

7609 losses:•No DHCP relay

•No virtual router implementation

•No per flow downlink policing in R4.0


Virtual APN with Cisco GGSN

MSGGSN

SGSN

User enters username: login@domain

CorporateA

CorporateB

CorporateC

PLMN IP backbone

Extracts username from PCO, the domain (e.g. CorporateA.com) is used to select the destination network.The complete username is used to do authentication.

CreatePDPContext(APN=corporate, PCO= username/passwd)

AAA

Authentic

ation

Notes/Issues:•Virtual APN is global to a local “real” GGSN only, no more than one virtual APN per real GGSN are supported. •Since a Global APN is local to a “real” GGSN, to have a virtual APN span across multiple real GGSN is to

duplicate the virtual and real APN on all the ‘real GGSNs” within the virtual server farm. •Virtual APN only works for non-transparent IP access


Overlapping Address Handling

VRF2

VRF1GTP

management

APN1

APN2

Gn

GTP tunnels

GRE VPN

IPsec VPN

GiCorporate 110.10.10.x

GGSNGGSN

• per VRF routing table• per VRF RADIUS/DHCP definition• per VRF physical/logical interface• per VRF access list

Corporate 2

10.10.10.x

Same Private address

Notes/Issues:•VRF is not the same as the virtual router in SpringTde’s implementation. They can not be independently

managed.


Capacity and Throughput

Cisco 7206 Cisco 7609Capacity

•IP PDP Contexts

180K – IP transparent

90K – IP non-transparent

8K – IP with PPP regeneration

Per MWAM Module:

600K – IP transparent

450K – IP non-transparent

40K – IP with PPP regeneration

•PPP PDP Contexts 8K 40K per MWAM Module

•IPSec Tunnels 2KTunnels per ISA encryption card

8K Tunnels per VPNSM Module

•APN 1500 N/A

Throughput

•64-Byte Packets 92 Mbps N/A

•256-Byte Packets N/A 1.6 Gbps per chassis *

•500-Byte Packets 172 Mbps N/A

* Still being verified by Cisco


Cisco’s Key GGSN Takeaways

• In Commercial Deployment Enabling GPRS Services Since 2 Years for Major Operators Like T-Mobil, CMCC and mm02

• Rich Feature Support

• Combined 2.5G/3G Support

• Successful IOTs with All Major SGSN/RAN suppliers: Nokia, Ericsson, Nortel, Siemens

• Cisco IP Leadership

• IOS Feature Set Leverage

• Diverse and Highly Scalable Platform Portfolio

• Mature Products on Mature Platforms


Key Issues - 7206

• Performance and Capacity Numbers are Provided by Cisco, no performance tests are yet done by Lucent on the new GGSN.

• Low Throughput and PPP PDP Context Capacity

• Simplex Architecture; Not High Availability

– External Load Balancers for High Availability and Throughput – Means Significant Extra Cost

• Not NEBS Compliant

• Performance and Capacity is Service-Dependant

– Additional Dedicated Box for IP Services Probably Required


Key Issues - 7609

• GGSN Version Doesn’t Exist Yet

– New MWAM and Macedon (Internal Code Name) Cards

– Many Unknowns

• Performance and Capacity may Still be Impacted by Process intensive services or application module’s capacity in the case of separate card is required

• Scalability May be an Issue

– Only Nine Slots Available for Supervisor Modules, Switching Fabric, MWAM cards, Application Modules, ...


Part II


GGSN - Enhanced VPN, Security and APN Features with Load Balancing

MS

7206/7609 GGSNSGSN

User enters username: login@domain

Corp A

Corp B

PLMN IP backbone

Virtual APN: GGSN extracts the username and domain name for authentication.

CreatePDPContext(APN=corporate, PCO= username/passwd)

AAA

Auth.

PPP/L2TP Tunnel

GRE Tunnel

IPSec Tunnel

Corp C

GnGi

VRF1APN1

GTP tunnels

GRE VPN

IPsec VPN

• per VRF routing table• per VRF RADIUS server• per VRF physical/logical interface• per VRF access list

GTP MANAGEMENT

GGSN

GGSN

GGSN

GGSN

GTP Server Load Balancing

HSRP

DFP

APN2

APN3

VRF2

VRF3

PPP Regen: GGSN extracts the username and domain name for PPP Regeneration

LNS

CGW

GRX


L2TP VPN: PPP regeneration

GnIntranet/ISP

Gi

DHCP

IP address allocation and configuration options retrieval

GGSN

RADIUS

PLMN IP backbone

IPCP negotiation (IP @, DNS @, etc…)

Authentication (PAP, CHAP, etc.)IP PDP Type

PPP

Authentication and configuration option retrieval

LNSLT2P tunnel

MSSGSN

CreatePDPContext

(APN=corporate, PCO= user/passwd)

PPP

RADIUS

Tunnel info retrieval

• Provides end-to-end PPP for IP PDP type handset (no PPP PDP type)

•Allows end-to-end PPP directly into Intranet or ISP

• Re-use of existing dial infrastructure (LNS)

• Authentication, Authorization, Address allocation managed by Corporate/ISP


L2TP VPN: PPP PDP type

GnIntranet/ISP

Gi

DHCP

IP address allocation and configuration options retrieval

GGSN

RADIUS

PLMN IP backbone

IPCP negotiation (IP @, DNS @, etc…)

Authentication (PAP, CHAP, etc.)

PPP PPP

Authentication and configuration option retrieval

LNSLT2P tunnel

• Allows end-to-end PPP directly into Intranet or ISP

• Re-use of existing dial infrastructure (LNS)

• Authentication, Authorization, Address allocation managed within Corporate/ISP


MPLS VPN

VRF2

VRF1GTP

management

APN1

APN2GTP tunnels

Corporate 1

Corporate 2

GGSNGGSN

MPLS LSP

MPLS LSP

Config vrf forwardingConfig MPLS

Gn Gi


Part III


• OAM&P interfaces supported by Cisco GGSN/PDSN:– Command Line Interface (CLI)

– SNMP agent interface to management systems

– NTP for time synchronization

– TFTP for file transfer

• Management Systems offered by Cisco– CiscoWorks for Mobile Wireless (CW4MW) -- For 7206 only

– Mobile Wireless Center (MWC) --For 7609

GGSN OAM&P Interfaces and Management Systems


Traps

APIs

Statistics

Network Operations Centre (NOC)

Service Provider’s OSSDB

CW4MWAPN

Manager

CiscoWorks2000

DB

MWFM

SNMP/Syslog

Java APIs SNMP Traps

RAN VendorOMC

Mobile Station

BSC, PCF

BTS

Radio Access Network (RAN)

IPNetwork

IPNetwork

Cisco GGSN Cisco HomeAgent

Corba

GGSN OAM&P Current View - CW4MW


Mobile Wireless Center 2.0

RMESNMP/API/CorbaSNMP/API/Corba

FaultManager

FaultManager

CiscoView

XML/HTTPXML/HTTP

PerformanceEngine

PerformanceEngine

HTTP/API/corbaHTTP/API/corba

ProvisioningManager

ProvisioningManager

CiscoWorks

CAR

Mobile Station

BSC, PCF

BTS

Radio Access Network (RAN)

IPIP

Cisco HomeAgent

6500/7600 & Service Blades

GGSN/PDSN

HA

IPSec

GGSN Future OAM&P Architecture -- MWC


Part IV


Release Plan For GGSNCY2002 - 2003

GA = Generally Available FCS = First Customer Ship EFT = Early Field Trials EC = Execute Committed CC = Concept Committed NC = Not Committed

Key Features:2.5G+ 3G.UMTS Support2.5G/3G InterworkingR99 SupportR99 ChargingBackward Compatibility to all R97/98 features

Key Applications:3G/UMTS

Solution Notes:Supported on 7206VXR/NPE-400 platformSoftware Migration only from 2.5G to 3G

Key Features:GGSN 4.0 (2.5G=3G) on MWAM card on Cat 6K/OSRHigh-Density, High Capacity, High Availability GGSN

Key Applications:2.5G and 3G/UMTS High-Density, Enterprise Apps

Solution Notes:Supported both on 6509 and 7609

GGSN R3.0 GAGGSN R4.0 on 7200 EC

EFT – Sep-02FCS – Nov-02GA – Jan-03

GGSN R4.0 on OSR/Cat 6K Conditional EC

EFT – Mar-03FCS – Jun-03GA – Jul-03

GGSN R5.0 NCEFT – 3QCY03FCS – 4QCY03GA – 1QCY04

Key Features:Target Features: IPv6, Mobile IP, SSG Integration, TCP/IP Optimization, APN based Traffic Steering/Policy RoutingNetwork Initiated PDP contexts

Key Applications:ISP, Enterprise, connectivity and Mass Market AppsSolution Notes:3GPP R5/R6 also being investigated

Key Features:R97/98 CompliantL2TP VPN, MPLS VPN and VRF VPN, 802.1q supportEnhanced Security – Anti-spoofingLoad Balancing & High AvailabilityAPN Scalability & ProvisioningPPP Regeneration at GGSN

Key Applications:Enterprise VPN Applications, Remote Access, ISP Connectivity

Solution Notes:Supported on 7206VXR/NPE-400 platformDeployed in CMCC kive networkCertified by T-Mobil

Dec2003

Oct2003

Nov2003

Sep2003

Aug2003

Jul2003

Jun2003

May2003

Apr2003

Mar2003

Feb2003

Jan2003

Dec2002

Nov2002

Oct2002

Sep2002

Aug2002

Jul2002

Jun2002


OAM&P Solution Roadmap

Cisco MWC 1.0Cisco MWC 1.0Cisco MWC 1.0Cisco MWC 1.0

CQ2/3 ’03CQ3 ’02

• Template-based Configuration

• Flow-through provisioning

• Inventory management

• IP-RAN (Flintstone) support

• Template-based Configuration

• Flow-through provisioning

• Inventory management

• IP-RAN (Flintstone) support

Cisco MWC 2.[0,1]Cisco MWC 2.[0,1]• Fault and Performance

Mgmt support

• Mobile Service support

• PKGW Service support

• Customizable Template

• Cluster Mgmt

• MWAM Apps support

• Cell Site Maintenance Router

• Fault and Performance Mgmt support

• Mobile Service support

• PKGW Service support

• Customizable Template

• Cluster Mgmt

• MWAM Apps support

• Cell Site Maintenance Router

Cisco MWC 2.2 Cisco MWC 2.2

• FCAPS Integration

• VPN Mgmt Integration

• CNS Service Integration

• EMS Integration

• OSS/BSS API

• Auditing & Security Enhancement

• Flintstone Support

• FCAPS Integration

• VPN Mgmt Integration

• CNS Service Integration

• EMS Integration

• OSS/BSS API

• Auditing & Security Enhancement

• Flintstone Support

FCSCQ1 ’04

CW4MW 3.0CW4MW 3.0• Alarm collection &

Correlation

• Device Statistics Monitoring

• APN & CSG Configuration

• CW2K LMS and RWAN

• PDSN, GGSN & SSG support

• MWR1900 support

• Alarm collection & Correlation

• Device Statistics Monitoring

• APN & CSG Configuration

• CW2K LMS and RWAN

• PDSN, GGSN & SSG support

• MWR1900 support

CW2000/EMS• 6500/7600 Chassis support • MWAM Card Support• MWR1900 support

CW2000/EMS• 6500/7600 Chassis support • MWAM Card Support• MWR1900 support

CW2000 / EMS / Agent• PNL Integration • API Integration to MWC• MWAM Single Mgmt I/F• MWR1900 support

CW2000 / EMS / Agent• PNL Integration • API Integration to MWC• MWAM Single Mgmt I/F• MWR1900 support

Phase 1.0 Phase 2.0 Phase 3.0

EC’ed Planning

(EFT Dates are used for EC’ed and Planned products)

cisco ggsn presentation-v2

Documents