Embed Size (px)
DESCRIPTION
ggsn
Citation preview
Routing
TECHN PRODUCT DESCR
Copyright
© Ericsson AB 2005, 2006 – All Rights Reserved
Disclaimer
Commercial in Confidence
No part of this document may be reproduced in any form without the writtenpermission of the copyright owner.
The contents of this document are subject to revision without notice due tocontinued progress in methodology, design and manufacturing. Ericsson shallhave no liability for any error or damage of any kind resulting from the useof this document.
5/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
Contents
1 Introduction 1
1.1 Scope 1
1.2 Target Groups 1
2 Overview 2
3 IP Connectivity 2
3.1 GGSN Networks 3
3.2 GGSN Interfaces 43.2.1 Gi 43.2.2 Gn and Gp 43.2.3 Operation and Maintenance Interface (Gom) 53.2.4 Ga 6
3.3 Logical Networks 6
3.4 VPN Routing and Forwarding Instances 7
3.5 Master Routing Instance or Virtual Routing Instance? 8
3.6 GGSN IP Addresses 93.6.1 Internal GGSN IP Addresses 93.6.2 IP Addresses for GGSN Services PICs 103.6.3 Overlapping IP Addresses 11
3.7 Network Separation 12
4 Routing Methods 12
4.1 Routing Protocols 134.1.1 OSPF 134.1.2 RIP 164.1.3 BGP 174.1.4 IS-IS 19
4.2 Static Routing 21
5 Internal Routing 21
5.1 Import and Export Policies 21
6 Security 23
Reference List 25
5/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
5/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
1 Introduction
This document describes Internet Protocol (IP) routing functions in the GatewayGPRS Support Node (GGSN) for Global System for Mobile communication(GSM) and Wideband Code Division Multiple Access (WCDMA) Systems.
The main task of the GGSN IP routing functions is to forward IP packetsbetween the Service GPRS Support Node (SGSN) and the Internet or tocorporate networks. The basic activities involved in routing are determining theoptimal routing paths and transporting packets through the networks. A GGSNsupports IP routing over the Gn, Gp, Gom, and Gi networks as well as theinternal IP network. Routing between these respective networks is, however,not possible, since they are separated in the GGSN. All communicationbetween different networks are managed by the General Packet Radio Service(GPRS) application.
The IP routing functions also provide security, loadsharing, redundancy, andIP fragmentation.
1.1 Scope
The document covers the following issues:
• Description of the interfaces in the GGSN
• Description of Gn and Gom routing
• Description of Gi routing
• Description of routing protocols
• Description of GPRS Tunneling Protocol (GTP) packet flow
For information about loadsharing and redundancy, see Resilience. Forinformation about security, see Security.
There are no counters, alarms, or events directly related to routing. Availablecounters, alarms, and events can be found in Performance Monitoring Statisticsand Alarm and Event Descriptions.
1.2 Target Groups
This document is intended as an introduction to routing for network operators,network and service planners, as well as system engineers and administrators.It assumes a basic knowledge of datacom and telecom.
15/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
2 Overview
GPRS Network Overview
The interfaces traversed by an IP packet are shown in Figure 1 on page 2,a simplified picture of GSNs in the GPRS network. Payload is transportedtransparently.
GGSNGPRSBackboneNetwork
Gb/Iu-UNetwork
ISPNetwork (IP)
Internet (IP)
WCDMA RadioNetwork
GSM RadioNetwork Corporate
Networks (IP)
GnGn
Gi
Gp
IP (One Hop, User Traffic) IP
User/ControlPlane L2 BSSGP over Fame Relay
GTP-C over IP
GTP-U over IP
GTP-C over IPRANAP over SS7Control Plane L2
WCDMASystems
GSM
GTP-U over IPUser Plane L2 GTP-U over IP
Other PLMN
GGSN
BSCMS
MS RNC
Control Traffic
Payload Traffic
SGSN(WG)
Figure 1 GSN Packet Forwarding and Signaling Forwarding
3 IP Connectivity
In Figure 2 on page 3, clouds depict logical IP networks. The Gn, Gi, and Gomnetworks are not interconnected in the GGSN, communication between thenetworks is handled by the GPRS application across the internal IP network.
2 5/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
The network separation improves security aspects and network planning formore information, see Section 3.7 on page 12.
Internal IP Network
GnSGSN
(G)
SGSN(W)
GPRS Backbone
Network (IP)
O&MNetwork (IP)
GnVPN
GomVPN
Gom
GGSN
GiVPN
Gi
GiNetwork (IP)
Internet (IP)
CorporateNetwork (IP)
Figure 2 Logical Overview of IP Networks of the GGSN
3.1 GGSN Networks
The following internal and external GGSN networks have IP connectivity:
• Internal network (called Internal IP Network in Figure 2 on page 3)
The Physical Interface Cards (PICs), which are redundantly interconnectedthrough a switch, communicate with each other over this network.
• Virtual Private Network (VPN)
In the context of a GGSN, a VPN is an IP-based network that usestunneling and allows networks with overlapping IP address spaces tocoexist on a shared network topology.
• Gn network
The Gn network connects the GPRS Support Nodes (GSNs) within thesame Public Land Mobile Networks (PLMN) over a GPRS backbonenetwork.
For the Gn network, GGSN-C and GGSN-U PICs has their own set of IPaddresses. These are referred to as the GGSN Gn IP address ranges. Inthe GGSN, the Gn interface have support for Internet Protocol version 4(IPv4) only.
The Gn network can be established separate or in common with the Gomnetwork. If Gn and Gom are established in a common network, the Gnnetwork will also belong to the global routing instance. If Gn is establishedas a separate network, the GGSN Gn IP address ranges could be
35/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
configured as belonging to a VPN routing and forwarding (virtual routing)instance to resemble the Gi configuration towards its APNs.
• Gom network
A conceptual network between the GGSN and one or more Operations andMaintenance (O&M) entities that monitor the software, routing protocols,network connectivity, and hardware.
• Gi networks
The Gi networks are networks such as the Internet and corporate networks.
3.2 GGSN Interfaces
There are a number of interfaces between nodes in a network, as shown inFigure 1 on page 2. The GGSN uses the interfaces in Section 3.2.1 on page 4to Section 3.2.4 on page 6 to communicate with other network nodes, such asSGSNs, DHCP servers, RADIUS servers, and charging gateway servers.
3.2.1 Gi
The GGSN communicates with the IP networks over the Gi interface. TheGGSN can have simultaneous connections to many distinct IP networks. Atconnection time, Mobile Stations (MSs) and SGSNs provide a key called theAPN to the GGSN to select among the connected IP networks, which areknown as APN networks. The Gi interface have support for both IPv4 andInternet Protocol version 6 (IPv6).
3.2.2 Gn and Gp
The Gn interface is used by the GGSN to communicate with the SGSNs andthe mobile stations supported by the SGSNs. The Gp interface is similar to theGn interface regarding the internal IP addressing. The Gp interface connectsthe GGSN to SGSNs and GGSNs located in other PLMNs.
Border Gateway on the Gp Interface
On the Gp interface, the GGSN can simultaneously be used as a BorderGateway (BG) and a GGSN.
The configuration of the GGSN as a BG in a PLMN must be adapted to the InterPLMN backbone or GPRS Roaming Exchange (GRX), based on which of thesetwo the PLMN operator decides to connect to. Several worldwide operators aredeploying the GRX services offered to the GSM and GPRS operators.
The technology used in a GRX network can be either of the following:
• A dedicated physical network
4 5/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
• Virtual connections (Asynchronous Transfer Mode (ATM) or frame relay,or both)
• IP Security (IPsec) based, secure tunneling across existing ISP’s network,with guaranteed Quality of Service (QoS)
• Multi-Protocol Label Switching (MPLS) based traffic-engineered paths
The actual configuration and technology used in a particular GRX can range asdescribed above, thus, it is important for the BG to adapt different scenarios.
GGSN supports all reasonable physical and link layer interfaces. High interfacedensity and flexible mixing of different interface types assures interoperabilityon L1 and L2 level (including both WAN and LAN (FE/GE) interfaces). Trafficengineering methods that can be deployed over the Gp interface are IPsec,MPLS/VPN, QoS with DiffServ and MPLS.
The GGSN can also be used to peer directly to BGs in other (PLMN) through,for example, a virtual leased line or an IPsec tunnel across the Internet.
When using a GGSN as a BG, it must be verified that this is not in conflict withcapacity to handle the GGSN traffic and routing arrangements.
3.2.3 Operation and Maintenance Interface (Gom)
Gom, which connects Operation and Maintenance (O&M) equipment to theGGSN, making it possible for an operator to communicate with the GGSN. Inaddition, it is used to connect the GGSN with billing systems and service nodesresiding within its own PLMN. The Gom interface is an Ericsson product. It isnot defined in the Third Generation Partnership Project (3GPP) standards, butis based on standard Internet Engineering Task Force (IETF) protocols.
O&M can be divided into two parts regarding how the O&M and related trafficflow to and from the GGSN.
Some communication is handled directly by the GGSN-C PIC. This is the casefor GTP’, Lawful Intercept, and Service Aware Charging and Control (SACC)based control traffic (SCAP, SRAP, SURP). For this type of traffic a Gom IPaddress range is used on the GGSN-C PICs.
All other O&M related communication is handled by the Routing Enginge (RE).Examples are communication to and from the control module, proccessingmodule, fault management, software downloads, and FTP transfers of ChargingData Record (CDR) files. In this case the IP address of the loopback interfaceon the RE is used.
Although it is technically possible to assign the Gom IP address and theloopback IP address to different virtual routing instances, the generalrecommendation is to use the master routing instance (inet.0) for all types ofO&M traffic.
55/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
For more details regarding O&M, see Operation and Maintenance Description.
3.2.4 Ga
The Ga interface is used by the GGSN to communicate with one or morecharging gateway servers.
3.3 Logical Networks
The support for VPNs is an enhancement of network separation. It enables,and requires, the separation of traffic into VPNs to improve security, capacity,QoS, and to facilitate operation. Each VPN corresponds to a logical (Gi, Gn,Gp, Gom, or Ga) IP network. Separated VPNs can share the same physicalrouter PICs. An example of the distribution of VPNs over the routers in anGGSN, with two Gi networks (GiA and GiB), is shown in Figure 3 on page 6.
VPNs
GGSN
GomNetwork
GiA VPNGn VPNGiB VPN
Gom VPN
Gom VPN
GiANetwork
GnNetwork
GiBNetwork
GiA VPNGn VPNGiB VPN
GiA VPNGn VPNGiB VPN
GiA VPNGn VPNGiB VPN
U-PIC
C-PIC
Figure 3 Example of the Distribution of VPNs Over the Router PICs
A virtual routing instance is a collection of interfaces, routing tables, and therouting protocol parameters that control the information in the routing tables. Allpackets are routed according to virtual routing instances.
The router functionality in the GGSN has the capability to set up a large numberof independent virtual routing instances. This is crucial to be able to supporttraffic separation and overlapping IP addresses among APN networks.
Two types of routing instances can be used and linked to APN networks:
6 5/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
• The default master routing instance, which requires no configuration
• Virtual routing instances, which can be configured when using VPNs.
Note: Some configuration changes applied at the APN level require blockingof Packet Data Protocol (PDP) context creation or shutdown of theGGSN. Changes to virtual routing instances require shutdown. Formore information, see Delete and Modify APNs.
When to use the master routing instances and when to configure VPNs (andnew virtual routing instances) is discussed in Section 3.5 on page 8.
3.4 VPN Routing and Forwarding Instances
The VPNs used by the GGSN employ virtual routing instances, which workas logically separate routers and allow APNs to use overlapping or duplicateIP address spaces. Each configured GGSN VPN consists of a separaterouting instance, which has its own routing table, routing policies, and a routingprotocol.
Each virtual routing instance has a unique name, a corresponding IP unicastrouting table, and one or more GGSN interfaces attached to it. An interfacein this sense can be a physical port or a logical interface (such as an ATMvirtual circuit, an Ethernet Virtual Local Area Network (VLAN) or a GenericRouting Encapsulation (GRE) tunnel), which is a member of exactly one routinginstance.
Typically, an interface belonging to a virtual routing instance communicatesonly with other interfaces attached to the same virtual routing instance. It ishowever possible to allow routing between different virtual routing instances incertain situations.
Since each virtual routing instance has an independent IP address space, theallocation of IP addresses does not need to be coordinated among clientsconnected to different virtual routing instances. virtual routing instances wouldtypically be used to connect to different private-addressed APNs on the Ginetwork, where each APN has independently allocated the 10/8, 172.16/16,192.168/16 private address spaces, and where communication to the Internetis done only through a Network Address Translation (NAT) gateway or proxy.
Routing protocols for each virtual routing instance are independent of the otherones. Thus, one virtual routing interface can use static routing, while anotheruses Open Shortest Path First (OSPF) and so on. The number of supportedroutes across all virtual routing instances is limited. The limit is configurationdependent, (but is at least several hundred thousand), and is normally not alimiting factor in the GGSN deployment.
For more information on virtual routing instances, see Routing Instances andVPN Configuration.
The GGSN also supports a master routing instance (inet.0).
75/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
3.5 Master Routing Instance or Virtual Routing Instance?
The master routing instance is the default routing instance. When a packet isprocessed, if no VPN is indicated in its address, the packet is routed accordingto the master routing instance. Some services, such as Simple NetworkManagement Protocol (SNMP) and Internet Key Exchange (IKE) for IPsec,require configuration of routing table groups to be associated with other routinginstances than the master routing instance. See Routing Instances and VPNConfiguration. No configuration is required to use the master routing instance.
The master routing instance can be used if each of the following conditionsare met:
• Each APN network connected to the GGSN has a unique address spaceand there is no overlap in the IP addresses assigned to the MSs of differentAPN networks. For more information about allocating address space, seeAPN Configuration.
• GTP’ is not used for delivering charging information to a charging gateway.For more information about GTP’, see Charging Configuration.
• Public IP addresses are not used for the Gn network. For more informationabout allocating Gn network addresses, see GGSN Services PIC ClustersConfiguration.
The use of VPNs is appropriate for the following cases:
• When an APN network uses private IP addresses that might overlap withthe IP address space of another APN network, one or more APN networkVPNs must be configured.
• If the Gn network private IP addresses overlaps with the IP address spaceof another network, a Gn network VPN must be configured.
• If GTP’ is used, a VPN should be configured.
Table 1 on page 8 summarizes which interfaces should use the master routinginstance and which should use a VPN (new virtual routing instance).
Table 1 Interfaces and Routing Instances
Interface When to use masterrouting instance:
When to configure a new virtual routinginstance:
Gi If public IP addressesare used.
If the GGSN supports customers whoseAPN networks are using private IPaddresses. (Configure one or more VPNsto prevent the IP addresses of the APNnetworks from interfering with each other.)
8 5/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
Interface When to use masterrouting instance:
When to configure a new virtual routinginstance:
Gn Not recommended. Strongly recommended under allcircumstances. Configure one or moreVPNs to prevent the IP addresses of otherproviders from interfering with networknodes.
Ga GTP’ is not used. If GTP’ is the method for delivering chargingdata records to a charging gateway server.
Gom Strongly recommended under allcircumstances.
If it is required for operations andmanagement traffic. Always use the masterrouting instance if possible, since someservices (including SNMP) may not beavailable to the new virtual routing instance.
3.6 GGSN IP Addresses
This chapter describes the internal and external IP addressing that is based onnetwork separation and VPNs.
The following IP addresses are not allowed for use in the GGSN:
• 0.0.0.0 - 0.255.255.255 and 127.0.0.0 - 127.255.255.255
• Class A, B, or C network or broadcast IP addresses
• Class D or E IP addresses
Class A, B, C, D, and E address ranges are specified in RFC1166. Below is abrief summary of the ranges allowed:
• Class A: 1.0.0.0 - 126.255.255.255 (mask 255.0.0.0)
• Class B: 128.0.0.0 - 191.255.255.255 (mask 255.255.0.0)
• Class C: 192.0.0.0 - 223.255.255.255 (mask 255.255.255.0)
• Class D: 224.0.0.0 - 247.255.255.255
• Class E: 248.0.0.0 - 255.255.255.255
3.6.1 Internal GGSN IP Addresses
The internal routing service process (irsd) establishes communication betweenthe Routing Engine and the GGSN Services PICs using an internal routinginstance called __juniper_private1__, which is local to the GGSN. This routinginstance is not accessable externally; however, it is visible in output providedby the show route and show interfaces commands.
95/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
3.6.2 IP Addresses for GGSN Services PICs
Ranges of IP addresses that allow the GGSN-C and GGSN-U Services PICs tocommunicate with various network nodes and protocols must be configured .This chapter summarizes the configurable IP address ranges for Gn, Gi andGTP’.
The Gn address range must be composed of public IP addresses because theGGSN Services PICs must have unique addresses to communicate on theGn network. The Gi and GTP’ address ranges can be composed of public orprivate IP addresses. If any of the ranges are composed of private addresses,there is a risk that a duplicate or overlapping IP address is assigned to a GGSNServices PIC. For more information about overlapping IP addresses, seeSection 3.6.3 on page 11.
When specifying these IP address ranges, ensure that they are large enough toaccommodate the number of installed GGSN-C or GGSN-U Services PICs.
Note: If an IP address range is specified that is not large enough toaccommodate the installed GGSN Services PICs, the functioning of theGGSN might be impaired.
At any given time during GGSN operation, GGSN Services PICs can beassigned any number of IP addresses from the Gn, Gi and GTP’ addressranges. For example, a GGSN-C Services PIC can simultaneously be assignedmultiple IP addresses from the Gn address range to communicate with variousnodes on the Gn network, from the Gi address range to communicate withvarious RADIUS or DHCP servers for the APNs the PIC supports, and fromthe GTP address range to support GTP’. A GGSN-U Services PIC cansimultaneously be assigned multiple IP addresses from the Gn address rangeto communicate with various nodes on the Gn network.
Gn Address Range
Whitin the Gn network two IP address ranges must be configured: one for thecluster of all GGSN-C Services PICs and one for the cluster of all GGSN-UServices PICs. These ranges allow the GGSN to communicate on the Gnnetwork.
After these IP address ranges are configured, all GGSN Services PICs aredynamically assigned IP addresses, which act as host addresses, as needed tocommunicate with SGSNs. The PICs use these addresses in all communicationbetween the GGSN and the SGSNs. The SGSNs use these addresses in PDPcontext requests to the GGSN and accept replies from these addresses.
When no longer used by one of the GGSN Services PICs, an IP address fromthese ranges is available for reassignment to another GGSN Services PIC.
For information about configuring these IP address ranges within the Gnnetwork, see GGSN Services PIC Clusters Configuration.
10 5/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
Gi Address Range
If RADIUS and DHCP servers are configured to perform various services foran APN, a Gi address range for that APN must be configured. After this rangeis configured, the GGSN dynamically assigns addresses from the range toGGSN-C Services PICs as needed to communicate with RADIUS and DHCPservers in the APN network VPN. The GGSN assigns the first address in therange to the GGSN-C Services PIC that functions as a node controller, andassigns the subsequent addresses to the GGSN-C Services PICs that functionas session controllers.
When no longer in use, an IP address from the range is available forreassignment to another GGSN-C Services PIC.
For conceptual information about RADIUS and DHCP servers, see RADIUSSupport and Gi Interface Description. For information about configuring the GiIP address range, see APN Configuration.
GTP Prime Address Range
If GTP’ is configured as the GGSN Charging Data Record (G-CDR) deliverymethod, an IP address range from which the GGSN dynamically assignsaddresses to GGSN-C Services PICs must be specified. Each GGSN-CServices PIC can generate G-CDRs, which are delivered to a charging gatewayserver by GTP’. GTP’ requires that each PIC has an IP address.
The GGSN assigns the first address in the range to the node controller, andassigns the subsequent addresses to the session controllers.
When no longer in use, an IP address from the range is available forreassignment to another GGSN-C Services PIC.
For conceptual information about G-CDR delivery methods and GTP’, seeCDR-Based Charging. For information about configuring GTM’ IP addressrange, see GGSN Services PIC Clusters Configuration.
3.6.3 Overlapping IP Addresses
Public or private IP addresses for assignment to mobile stations or GGSNServices PICs can be used. (The exception to this general statement isthe Gn address range, which must be composed of public IP addresses.)If private IP addresses are used, there is a risk that a mobile station orGGSN Services PIC is assigned an IP address that is duplicated in an APNnetwork or the Gn network. If this occurs, conflicts between the duplicated oroverlapping addresses might occur, which can cause service interruptions orother problems.
If private IP addresses are used, it is recommended to create a virtual routinginstance, which will isolate traffic associated with the private IP addressesinto separate routing tables. For conceptual information about these routing
115/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
instances, see Routing; for configuration information, see Routing Instancesand VPN Configuration.
If private IP addresses are used, it is recommended to create a virtual routinginstance, which will isolate traffic associated with the private IP addressesinto separate routing tables.
3.7 Network Separation
The support for VPNs, which is basic, requires network separation.
With network separation, separate VPNs are created for Gn, Gp, Gom and Gi.The routers in each VPN are interconnected using unnumbered point-to-pointlinks between them. OSPF is running on these VPNs, but since they areseparated, there is no route exchange between them. In order to provideGGSN service connectivity to a particular VPN, addresses must be configuredfor the service in that VPN. This will also install routes for the service addresseson the routers for that VPN.
All communication between different networks are managed by the GPRSapplication. Traffic in a network is controlled through the interface of thatnetwork.
As a result of network separation, the O&M traffic is kept separate from thepayload traffic, which is advantageous from a security standpoint, since onlyO&M personnel can access the O&M network. This is desirable, since some ofthe O&M traffic is sensitive, for example, charging and LI. For more information,see Traffic Separation in the GGSN.
Network separation influences the behavior of the OSPF cost and OSPF areaparameters. The OSPF cost parameter is automatically configured to 100 andnot changeable. The OSPF area is configured to 0.0.0.0 by default, except forwhen all the external ATM and Ethernet links for a network have the sameOSPF area. Then the internal OSPF area is automatically configured to thesame as used for the external links.
4 Routing Methods
The GGSN forwards IP packets according to the destination address in the IPheader. Destination IP addresses or subnets are associated with next hop IPaddresses. The next hop to which the IP packet should be forwarded canbe statically configured, or the information can be retrieved from a dynamicrouting protocol.
12 5/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
4.1 Routing Protocols
The following dynamic routing protocols are supported:
• OSPF version 2 (OSPFv2) for IPv4 and OSPF version 3 (OSPFv3) for IPv6
• Routing Information Protocol version 1 (RIPv1) and version 2 (RIPv2)
• Border Gateway Protocol version 4 (BGPv4) for IPv4
• Multiprotocol BGP (MBGP) for IPv6
• Intermediate System to Intermediate System (IS-IS) for IPv4 and IPv6
For more information about the IPv4 and IPv6 routing functions in the GGSN,see Routing Protocols Configuration Guide.
4.1.1 OSPF
The description of OSPF in this chapter is valid for both OSPFv2 and OSPFv3.
OSPF is a link-state routing protocol which interconnects an AutonomousSystem (AS) of routers exchanging information. Consequently, if a routingprotocol other than OSPF is used externally, exportation rules for thepropagation of routes between the internal OSPF and the external protocolmust be specified, see Section 5.1 on page 21. Since OSPF is an InteriorGateway Protocol (IGP), it is used within an AS.
The following types of router networks are available:
• The point-to-point network joins a single pair of routers over, for example,a serial line.
• The broadcast network supports two or more attached routers, and has thecapability to broadcast the same message to all attached routers in thenetwork. One of the routers is designated for the network. An Ethernetcable is an example of a broadcast network. The neighboring routers aredetected dynamically once the hello message is sent out on the network asa broadcast message.
• The non-broadcast network supports more than two routers, but withoutthe capability to broadcast messages. In a non-broadcast network, someinformation about the routers must be preconfigured before the routers canfind each other or newly added routers.
The OSPF protocol specifies either a Non-Broadcast Multi Access (NBMA)mode, which simulates a broadcast network, a point-to-multipoint mode,treating all interfaces as a collection of point-to-point links, or a broadcast mode.In NBMA one of the routers is designated for the network.
A link-state routing protocol uses link states to describe paths to routers. EveryOSPF router in an area in the AS has an identical database, describing the
135/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
topology of the area or AS. By using this database, each router generatesits own open shortest path tree with itself as root, and the routing table iscalculated based on that tree. For an example of a network using OSPF, seeFigure 4 on page 14.
Area x.x.x.x Area 0.0.0.0
29/L
ZE 4
01 1
95 R
2
Autonomous System 2
Figure 4 A Network Using OSPF
All routers must know the complete architecture before they can construct orverify their respective tree. Adjacent routers maintain synchronized routingtables through Link State Advertisement (LSA) messages. Routing informationlearned from an external interface, over BGP, for example, appear as branchesin the OSPF tree structure.
OSPF also supports the configuration of costs (or metrics) to rank the pathsto a known router. The cost is just a value to give the routes different priority.The Shortest Path First (SPF) algorithm is used to calculate the best routes to adestination. Consequently, OSPF does not necessarily function as its nameimplies—open shortest path first. Instead, OSPF routes messages over thepath with the lowest cost—open cheapest path first. If the distance and the costare equal for some routes, the traffic can be equally distributed.
During configuration of the OSPF interface IP address for a point-to-pointconnection to a remote node, the remote IP address of the interface must beused, that is, the IP address of a Plug In Unit (PIU) or port in a remote node.During configuration of the OSPF interface IP address for any other connectionto a remote node, the local IP address of the logical interface must be used,that is the address of a router in a VPN in the GGSN. See Routing Instancesand VPN Configuration for information on how to configure OSPF.
OSPF is supported according to RFC2328.
14 5/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
OSPF Router Definitions
Routers can be used in different connections. Four fields of application aredescribed below: internal router, area border router, backbone router, andAS boundary router.
An internal router is only connected directly to networks belonging to the samearea. These routers run a single copy of the basic routing algorithm.
An area border router attaches to multiple areas. They run multiple copies ofthe basic algorithm, one copy for each attached area. Area border routerscollect topological information of the attached areas and distributes it to thebackbone which further distributes the information to the other areas. Thebackbone is usually configured as area 0.0.0.0.
A backbone router has an interface to the backbone area. This includes allrouters interfacing more than one area (that is, area border routers). However,backbone routers do not have to be area border routers. Routers having alltheir interfaces connected to the backbone area are supported.
An AS boundary router exchanges routing information with routers belongingto other autonomous systems. This is done by advertising external routinginformation throughout the AS. Each router in the AS knows the paths to everyAS boundary router. AS boundary routers can be internal or area borderrouters, and they can be included in the backbone.
A change of routing parameters updates all forwarding tables on the concernedrouters. A forwarding table is updated in a time span from a few seconds toseveral minutes, depending on the routing configuration.
OSPF Messages
The following five types of OSPF messages are sent through an AS:
• Hello, which is used to discover and maintain contact between OSPFneighbors. It can also be used to select the designated router for a networkrunning OSPF in NBMA or broadcast mode.
• Database Description, which is used to form adjacencies, by summarizingthe database content
• Link State Request, which is used to form adjacencies, by downloadingthe database content
• Link State Update, which is used to update the database
• LSA, which is used to acknowledge the link state
LSA messages describe the state of a router or a network. The routerdatabases, used to calculate the routing table, are constructed from LSAmessages.
155/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
The following type of LSA messages are sent:
• A router LSA message can originate from any router. It describes the statesof the interfaces the router has to an area. It is distributed throughout asingle area.
• A network LSA message originates from a designated router in a broadcastor NBMA network. It contains the list of routers connected to the network,and it is distributed through a single area.
• A summary LSA message originates from an area border router, andis distributed through associated areas. Each summary LSA messagedescribes a route to a destination outside the area, but inside the AS (thatis, an inter-area route). Summary LSA messages are further divided intotype 3 summary LSA messages, describing routes to networks, and type 4summary LSA messages, describing routes to AS boundary routers.
• An AS LSA message originates from an AS boundary router, and isdistributed through the AS. Each AS-external LSA describes a route to adestination in another AS. Default routes for the AS can also be describedby AS-external LSAs.
4.1.2 RIP
The usage of RIP as routing protocol should be avoided. It is only suitable formedium-sized systems, and has some significant technical drawbacks.
Since RIP is commonly used by default on UNIX systems, it allows for arelatively simple connection of a GGSN to a typical UNIX network (oftenthrough Ethernet). This can make test configurations easier, but is not suitedfor larger networks. Since RIP is an Interior Gateway Protocol (IGP), it is usedwithin an AS.
A router using RIP distributes its routing table to its neighbors, that is, to therouters sharing the common subnet. The distribution occurs every 30 seconds.For an example of a network using RIP, see Figure 5 on page 17.
16 5/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
27/L
ZE 4
01 1
95 R
2
Autonomous System 1
cost=1 cost=10XXxxx.x.x.xx.x.x.x
XXxx
x.x.x.x
cost=1 cost=1XXxxx.x.x.xx.x.x.x
XXxx
x.x.x.x XXxxx.x.x.xx.x.x.x
XXxx
x.x.x.x
cost=1
XXxxx.x.x.xx.x.x.x
XXxx
x.x.x.x
XXxxx.x.x.xx.x.x.x
XXxx
x.x.x.x
Figure 5 A Network Using RIP
The following information is exchanged between the routers:
• The IP address and subnet mask of the host or network
• The physical network used to reach the first router
• A metric, that is, the distance (or cost) for the interface
• A timer specifying the interval between routing table update messages
The network distance is based on hop count, limited to 15 hops. If a link isdown, the metric is set to 16 indicating infinity. The routers consider this aninefficient route and choose not to use it. Since the metric can never be higherthan 15 when using RIP, it must be carefully considered when importing routesfrom other protocols.
See Routing Instances and VPN Configuration for information on how toconfigure RIP. In addition, the RIP routing exportation rules must be configuredto enable the exportation of RIP sessions into the OSPF database, see Section5.1 on page 21.
RIP is supported according to RFC2453.
4.1.3 BGP
The configuration of BGP in the GGSN distinguishes between Internal BGP(IBGP) and External BGP (EBGP). IBGP is used between BGP speakers withinthe same AS. EBGP is an inter-AS routing protocol that exchanges networkreachability information with other EBGP systems, see Figure 6 on page 18. IfEBGP is used for routing to another external network, it means that the GGSNnetwork (for example, Gn) is seen as an AS by that network.
175/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
OSPF
RIP
Autonomous System 2
Autonomous System 1
MED 10 MED 2
XXxxx.x.x.x
XXxx
x.x.x.x
XXxxx.x.x.x
XXxx
x.x.x.x XXxxx.x.x.x
XXxx
x.x.x.x
XXxxx.x.x.x
XXxx
x.x.x.x
XXxxx.x.x.x
XXxx
x.x.x.x
BGP
Area x.x.x.xArea 0.0.0.0
Figure 6 Two Autonomous Systems Communicating Using BGP
BGP is transported over the Transport Control Protocol (TCP), and port 179is used for the connection. A router using BGP establishes TCP connectionsto its peers and transmits routing information upon detection of a change.BGP does not use any protocol-based mechanism to determine if peers arealive and reachable. Instead, messages, such as keep alive messages, areexchanged between the peers.
MBGP extensions enable BGP to support IPv6. MBGP is an extension to BGPthat enables BGP to carry routing information for multiple network layers andaddress families. MBGP can carry the unicast routes used for multicast routingseparately from the routes used for unicast IP forwarding.
Configuration of an EBGP session requires the remote AS number. In addition,when using EBGP, a Multi-Exit Discriminator (MED) metric can be configured.It is used as priority parameter to discriminate between multiple exit points to aneighboring AS. The MED metric can be distributed to other BGP routers in the
18 5/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
same AS, but never to BGP routers in neighboring autonomous systems. SeeRouting Instances and VPN Configuration for information on how to configurethe BGP protocol.
The BGP routing exportation rules must be configured to enable the exportationof BGP sessions into the OSPF database, see Section 5.1 on page 21.
When running BGP, the GGSN should not be used as a transit router.Consequently, it should not be used as a multi-homed Border Gateway whenrunning EBGP.
BGP is supported according to RFC1771.
4.1.4 IS-IS
The Intermediate System-to-Intermediate System (IS-IS) protocol is an IGP thatuses link-state information to make routing decisions. IS-IS is a link-state IGPthat uses the shortest path first (SPF) algorithm to determine routes. IS-ISevaluates the topology changes and determines whether to perform a full SPFrecalculation or a partial route calculation (PRC). This protocol originally wasdeveloped for routing International Organization for Standardization (ISO)Connectionless Network Protocol (CLNP) packets.
An IS-IS network is a single AS (AS), also called a routing domain, thatconsists of end systems and intermediate systems. End systems are networkentities that send and receive packets. Intermediate systems send and receivepackets and relay (forward) packets. (Intermediate system is the Open SystemInterconnection (OSI) term for a router.) ISO packets are called networkprotocol data units (PDUs).
In IS-IS, a single AS can be divided into smaller groups called areas.Routing between areas is organized hierarchically, allowing a domain to beadministratively divided into smaller areas. This organization is accomplishedby configuring Level 1 and Level 2 intermediate systems. Level 1 systemsroute within an area; when the destination is outside an area, they route towarda Level 2 system. Level 2 intermediate systems route between areas andtoward other ASs.
ISO Network Addresses
IS-IS uses ISO network addresses. Each address identifies a point ofconnection to the network, such as a router interface, and is called a networkservice access point (NSAP).
IS-IS supports multiple NSAP addresses on the loopback (lo0) interface.
An end system can have multiple NSAP addresses, in which case theaddresses differ only by the last byte (called the n-selector). Each NSAPrepresents a service that is available at that node. In addition to having multipleservices, a single node can belong to multiple areas.
195/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
Each network entity also has a special network address called a network entitytitle (NET). Structurally, an NET is identical to an NSAP address but has ann-selector of 00. Most end systems and intermediate systems have one NET.Intermediate systems that participate in multiple areas can have multiple NETs.
The following ISO addresses illustrate the IS-IS address format:
49.0001.00a0.c96b.c490.00
49.0001.2081.9716.9018.00
The first portion of the address is the area number, which is a variable numberfrom 1 through 13 bytes. The first byte of the area number (49) is the authorityand format indicator (AFI). The next bytes are the assigned domain (area)identifier, which can be from 0 through 12 bytes. In the examples above, thearea identifier is 0001.
The next six bytes form the system identifier. The system identifier can be anysix bytes that are unique throughout the entire domain. The system identifiercommonly is the media access control (MAC) address (as in the first example,00a0.c96b.c490) or the IP address expressed in binary-coded decimal (BCD)(as in the second example, 2081.9716.9018, which corresponds to IP address208.197.169.18). The last byte (00) is the n-selector.
Note: The system identifier cannot be 0000.0000.0000. All 0s is an illegalsetting and the adjacency will not form with this setting.
To provide help with IS-IS debugging, the JUNOS software supports dynamicmapping of ISO system identifiers to the hostname. Each system can beconfigured with a hostname, which allows the system identifier-to-hostnamemapping to be carried in a dynamic hostname type length value (TLV) in IS-ISlabel-switch path (LSP) packets. This permits ISs in the routing domain to learnabout the ISO system identifier of a particular IS.
IS-IS Messages
IS-IS uses the following protocol data units (PDUs) to exchange protocolinformation:
• IS-IS hello (IIH) PDUs—Broadcast to discover the identity of neighboringIS-IS systems and to determine whether the neighbors are Level 1 or Level2 intermediate systems.
• Link-state PDUs (LSPs)—Contain information about the state ofadjacencies to neighboring IS-IS systems. LSPs are flooded periodicallythroughout an area.
• Complete sequence number PDUs (CSNPs)—Contain a complete list ofall LSPs in the IS-IS database. CSNPs are sent periodically on all links,and the receiving systems use the information in the CSNP to updateand synchronize their LSP databases. The designated router multicasts
20 5/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
CSNPs on broadcast links in place of sending explicit acknowledgmentsfor each LSP.
• Partial sequence number PDUs (PSNPs)—Multicast by a receiver when itdetects that it is missing an LSP; that is, when its LSP database is out ofdate. The receiver sends a PSNP to the system that transmitted the CSNP,effectively requesting that the missing LSP be transmitted. That router, inturn, forwards the missing LSP to the requesting router.
4.2 Static Routing
A static route is explicitly (manually) entered into the routing table. The nexthop to which the IP packet should be forwarded must be the IP address of adirectly connected node. See Routing Instances and VPN Configuration forinformation on how to configure a static route.
As implied by the name, static routing is suitable for static networkconfigurations, with a stable network topology. Static routing is also useful forimplementing security policies, that is, the routing tables can only be changedby authorized personnel with access to the O&M network.
A default route provides a route to all IP addresses. A static default routeoffers a very simple and robust means of providing IP routing, at the cost ofnot providing any traffic separation or flexibility. A static default route can alsobe used in combination with other routes, making it possible for IP packetswithout a specific entry in the routing table to be sent to a default router insteadof being dropped.
5 Internal Routing
This section describes the import and export policies in the GGSN.
5.1 Import and Export Policies
Route importation policies are used to specify whether routes learned froma certain routing protocol are to be excluded from or included in the localrouting table. Similarly, route exportation policies are used to specify whetherroutes learned from a certain routing protocol are to be restricted or be furtherdistributed to another routing protocol. For information on how to configureroute importation and exportation policies, see Routing Instances and VPNConfiguration.
215/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
See Figure 7 on page 22 for information on how a route is imported to, andexported from, the routing table on a router.
OSPFIntra-area Route
Static Route
Import Filter
Export FilterRoute
Preference
Inter-area RouteAutonomus SystemExternal Route
Intra-area RouteInter-area Route
ProtocolDatabases
Autonomus System External Route
BGP in
Routing Table
RIP in
BGP out
RIP out
Figure 7 Route Importation and Exportation
Routing tables, one for each router in a VPN, contain all the active routes usedto forward IP traffic. A routing table is constructed of routes discovered bythe routing protocols, as well as of static routes. In addition to IP addresses,it includes information regarding the origin of the route, that is, from whichprotocol it was learned, or if it is a static route.
When a route is learned from several sources, only the route from one of thesesources is selected as active and registered in the routing table. The selectionis based on a preference value assigned to the route depending on how it islearned. The route with the lowest route preference value is selected as theactive route, and registered in the routing table. The possible route origins arelisted in Table 2 on page 22, in ascending order based on route preference, thatis, from the most preferred route origin (lowest preference value) to the leastpreferred route origin (highest preference value).
Table 2 Route Preferences
Route Origin Preferred Level
OSPF, nonautonomous systemexternal routes
Most preferred
Static routes ...
22 5/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
RIP routes ...
OSPF, AS external routes ...
BGP routes Least preferred
As illustrated in Figure 7 on page 22, before a route discovered from a dynamicrouting protocol is considered for selection as active route, it is subject to routeimport filtering. If the route import filter permits the route, it is a candidatefor selection; but if the route import filter denies the route, it is discarded.By default, everything is accepted. For OSPF, route import filters are onlysupported for AS external routes.
As illustrated in Figure 7 on page 22, before a route registered in the routingtable is announced to external routers by dynamic routing protocols, it issubject to route export filtering. If the route export filter permits the route, itis announced by the routing protocol, but if the route export filter denies theroute, it is not announced. By default, nothing is exported. For OSPF, denialof inter-area or intra-area routes is not supported, that is, only AS-externalroutes can be filtered.
6 Security
The GGSN supports IPsec in tunnel or transport mode, or GRE tunnels,when communicating with other GSNs. All routers also support IP packetfiltering, which enables filtering of inbound and outbound IP traffic. For furtherinformation about packet filtering and security, see Security.
235/221 02-AXB 250 10/1 Uen E 2006-08-29
Routing
24 5/221 02-AXB 250 10/1 Uen E 2006-08-29
Reference List
Reference List
Ericsson Documents
[1] Alarm and Event DescriptionsOPERATION DIRECTIONS, 20/1543-AXB 250 10/1
[2] APN ConfigurationOPERATION DIRECTIONS, 10/1543-AXB 250 10/1
[3] CDR-Based ChargingTECHN PRODUCT DESCR, 9/221 02-AXB 250 10/1
[4] GGSN Services PIC Clusters ConfigurationOPERATION DIRECTIONS, 3/1543-AXB 250 10/1
[5] Gi Interface DescriptionDESCRIPTION, 1/1551-AXB 250 10/1
[6] Operation and Maintenance DescriptionTECHN PRODUCT DESCR, 13/221 02-AXB 250 10/1
[7] Performance Monitoring StatisticsPARAMETER DESCRIPT., 1/190 84-AXB 250 10/1
[8] RADIUS SupportTECHN PRODUCT DESCR, 11/221 02-AXB 250 10/1
[9] Routing Instances and VPN ConfigurationOPERATION DIRECTIONS, 4/1543-AXB 250 10/1
[10] Routing Protocols Configuration GuideOPERATION DIRECTIONS, 37/1543-AXB 250 10/1
[11] SecurityTECHN PRODUCT DESCR, 8/221 02-AXB 250 10/1
[12] Traffic Separation in the GGSNOPERATION DIRECTIONS, 16/1543-AXB 250 10/1
Standards
[13] A Border Gateway Protocol 4 (BGP-4), RFC1771
[14] Domain names - concepts and facilities, RFC1034
[15] Domain names - implementation and specification, RFC1035
[16] Internet Numbers, RFC1166
255/221 02-AXB 250 10/1 Uen E 2006-08-29
Reference List
[17] OSPF Version 2, RFC2328
[18] RIP Version 2, RFC2453
26 5/221 02-AXB 250 10/1 Uen E 2006-08-29
