Ng Gisgi Ifd

7/27/2019 Ng Gisgi Ifd

http://slidepdf.com/reader/full/ng-gisgi-ifd 1/32

Flexi Network Gateway Rel. 2.1

2.0, Operating Documentation,

v2

Gi/SGi Interface Description

DN0933112

Issue 2-6

Nokia Siemens Networks is continually striving to reduce the adverse environmental effects of

its products and services. We would like to encourage you as our customers and users to join

us in working towards a cleaner, safer environment. Please recycle product packaging and

follow the recommendations for power use and proper disposal of our products and their compo-

nents.

If you should have questions regarding our Environmental Policy or any of the environmental

services we offer, please contact us at Nokia Siemens Networks for any additional information.



2

DN0933112 Issue 2-6


Id:0900d80580a20ebc

The information in this document is subject to change without notice and describes only the

product defined in the introduction of this documentation. This documentation is intended for the

use of Nokia Siemens Networks customers only for the purposes of the agreement under whichthe document is submitted, and no part of it may be used, reproduced, modified or transmitted

in any form or means without the prior written permission of Nokia Siemens Networks. The

documentation has been prepared to be used by professional and properly trained personnel,

and the customer assumes full responsibility when using it. Nokia Siemens Networks welcomes

customer comments as part of the process of continuous development and improvement of the

documentation.

The information or statements given in this documentation concerning the suitability, capacity,

or performance of the mentioned hardware or software products are given "as is" and all liability

arising in connection with such hardware or software products shall be defined conclusively and

finally in a separate agreement between Nokia Siemens Networks and the customer. However,

Nokia Siemens Networks has made all reasonable efforts to ensure that the instructions

contained in the document are adequate and free of material errors and omissions. Nokia

Siemens Networks will, if deemed necessary by Nokia Siemens Networks, explain issues which

may not be covered by the document.

Nokia Siemens Networks will correct errors in this documentation as soon as possible. IN NO

EVENT WILL Nokia Siemens Networks BE LIABLE FOR ERRORS IN THIS DOCUMENTA-

TION OR FOR ANY DAMAGES, INCLUDING BUT NOT LIMITED TO SPECIAL, DIRECT, INDI-

RECT, INCIDENTAL OR CONSEQUENTIAL OR ANY LOSSES, SUCH AS BUT NOT LIMITED

TO LOSS OF PROFIT, REVENUE, BUSINESS INTERRUPTION, BUSINESS OPPORTUNITY

OR DATA,THAT MAY ARISE FROM THE USE OF THIS DOCUMENT OR THE INFORMATION

IN IT.

This documentation and the product it describes are considered protected by copyrights and

other intellectual property rights according to the applicable laws.

The wave logo is a trademark of Nokia Siemens Networks Oy. Nokia is a registered trademark

of Nokia Corporation. Siemens is a registered trademark of Siemens AG.

Other product names mentioned in this document may be trademarks of their respectiveowners, and they are mentioned for identification purposes only.

Copyright © Nokia Siemens Networks 2013/8/21. All rights reserved

f Important Notice on Product SafetyThis product may present safety risks due to laser, electricity, heat, and other sources

of danger.

Only trained and qualified personnel may install, operate, maintain or otherwise handle

this product and only after having carefully read the safety information applicable to this

product.

The safety information is provided in the Safety Information section in the “Legal, Safety

and Environmental Information” part of this document or documentation set.

The same text in German:

f Wichtiger Hinweis zur ProduktsicherheitVon diesem Produkt können Gefahren durch Laser, Elektrizität, Hitzeentwicklung oder

andere Gefahrenquellen ausgehen.

Installation, Betrieb, Wartung und sonstige Handhabung des Produktes darf nur durch

geschultes und qualifiziertes Personal unter Beachtung der anwendbaren Sicherheits-

anforderungen erfolgen.

Die Sicherheitsanforderungen finden Sie unter „Sicherheitshinweise“ im Teil „Legal,

Safety and Environmental Information“ dieses Dokuments oder dieses Dokumentations-

satzes.



DN0933112 Issue 2-6

3


Id:0900d80580a20ebc

Table of ContentsThis document has 32 pages.

1 Changes in Gi/SGi interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71.1 Changes between release 2.1 1.3 and release 2.1 2.0 . . . . . . . . . . . . . . 7

1.2 Changes between release 2.1 and release 2.1 1.3 . . . . . . . . . . . . . . . . . 7

1.3 Changes between release 2.0 and release 2.1 . . . . . . . . . . . . . . . . . . . . 7

1.4 Changes between release 10 CD9 and release 2.0 . . . . . . . . . . . . . . . . 7

1.5 Changes between release 10 CD8 and release 10 CD9. . . . . . . . . . . . . 9

2 Introduction to Gi/SGi interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2.1 Scope. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2.2 Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3 Overview of Gi/SGi interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

4 Gi/SGi and packet data network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

4.1 Non-tunneled IP traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

4.2 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

4.3 Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

4.3.1 IPsec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

4.3.2 GRE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

4.3.3 802.1Q tagging (VLANs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

4.3.4 L2TP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

4.4 Dynamic Host Configuration Protocol (DHCP) . . . . . . . . . . . . . . . . . . . 13

4.5 Network address translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

5 Layer 2 Tunneling Protocol (L2TP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

5.1 Detecting L2TP tunnel failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

5.2 Restoring L2TP tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

5.3 L2TP redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

5.4 L2TP tunnel creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

5.5 L2TP session creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

5.6 L2TP tunnel and session deletion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

5.7 Static tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

5.8 Dynamic tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

5.9 L2TP failures in GTP and PMIP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

6 Dynamic Host Configuration Protocol (DHCP) . . . . . . . . . . . . . . . . . . . 25

6.1 Using DHCP for IP address allocation. . . . . . . . . . . . . . . . . . . . . . . . . . 25

6.1.1 DHCPv4 message flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

6.2 Using DHCP for passing DNSv6 server address to UE. . . . . . . . . . . . . 27

6.2.1 DHCPv6 with PMIP-based S5 interface. . . . . . . . . . . . . . . . . . . . . . . . . 27

6.2.2 DHCPv6 with combined S-GW and P-GW . . . . . . . . . . . . . . . . . . . . . . 28

7 Error handling in Gi/SGi interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

8 Appendix Higher priority LNS 1 fails . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

9 Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32



4

DN0933112 Issue 2-6


Id:0900d80580a20ebc

List of FiguresFigure 1 Flexi NG Gi/SGi interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Figure 2 GRE endpoint is located on an interface blade (IB) . . . . . . . . . . . . . . . . 13

Figure 3 GRE endpoint is located on a service blade (AS). . . . . . . . . . . . . . . . . . 14

Figure 4 L2TP connection to PDN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Figure 5 L2TP protocol stack in Flexi NG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Figure 6 L2TP protocol structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Figure 7 L2TP tunneling state machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Figure 8 L2TP message flow, L2TP tunnel and session creation. . . . . . . . . . . . . 20

Figure 9 L2TP message flow, L2TP session creation. . . . . . . . . . . . . . . . . . . . . . 21

Figure 10 L2TP message flow, L2TP tunnel and session deletion . . . . . . . . . . . . . 21

Figure 11 DHCPv4 message flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Figure 12 DCHPv4 message flow, DHCP server rejects DHCP REQUEST. . . . . . 27

Figure 13 DHCPv6 with PMIP-based S5 interface . . . . . . . . . . . . . . . . . . . . . . . . . 28Figure 14 DHCPv6 in combined S-GW and P-GW . . . . . . . . . . . . . . . . . . . . . . . . . 28

Figure 15 Higher priority LNS 1 fails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30



DN0933112 Issue 2-6

5


Id:0900d80580a20ebc

List of TablesTable 1 Supported PPP options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Table 2 Supported attribute-value pairs (AVPs) in L2TP messages from Flexi NG

to LNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Table 3 Supported attribute-value pairs (AVPs) in L2TP messages from LNS to

Flexi NG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Table 4 GTP Cause/PMIP Status IEs triggered by L2TP . . . . . . . . . . . . . . . . . 23

Table 5 Gi/SGi Interface Description glossary . . . . . . . . . . . . . . . . . . . . . . . . . . 32



6

DN0933112 Issue 2-6


Id:0900d80580a20ebc



DN0933112 Issue 2-6

7

Gi/SGi Interface Description Changes in Gi/SGi interface

Id:0900d80580a21130

1 Changes in Gi/SGi interfaceChanges between document issues are cumulative. Therefore, the latest document

issue contains all changes made to previous issues.

1.1 Changes between release 2.1 1.3 and release 2.1 2.0

Chapter Gi/SGi and packet data network: updated GRE tunneling support in the Gi/SGi

interface

Chapter Layer 2 Tunneling Protocol (L2TP):

• support of proxy L2TP authentication is added.

• in section Dynamic tunneling , added a bullet point about counters 3049 are not

updated by dynamic L2TP tunnels.

• in Table Supported attribute-value pairs (AVPs) in L2TP messages from Flexi NG to

LNS, added the following AVPs: Last Sent LCP CONFREQ, Last Received LCPCONFREQ , Proxy Authen Type , Proxy Authen Name, Proxy Authen Challenge ,

Proxy Authen ID, and Proxy Authen Response.

1.2 Changes between release 2.1 and release 2.1 1.3

Chapter Gi/SGi and packet data network: updated SNAT/SNAPT support for tunneling

protocols.

1.3 Changes between release 2.0 and release 2.1

Chapter Gi/SGi and packet data network:• added the following new chapters:

– Dynamic Host Configuration Protocol (DHCP)

– Network address translation

Chapter Layer 2 Tunneling Protocol (L2TP): in Table Supported PPP options, as a doc-

umentation correction, corrected the doubled primary DNS server IP address into

primary and secondary DNS server IP addresses.

Chapter Dynamic Host Configuration Protocol (DHCP):

• in Using DHCP for IP address allocation, removed references to the DHCPDE-

CLINE message

• in DHCPv4 message flow , added new Figure DCHPv4 message flow, DHCP server rejects DHCP REQUEST

1.4 Changes between release 10 CD9 and release 2.0

Chapter Gi/SGi and packet data network:

• in Tunneling , as a documentation correction, corrected Generic Routing Encapsula-

tion (GRE) version to 0

• added a new chapter, IPsec

• updated GRE :

– removed a reference to RFC 2890



8

DN0933112 Issue 2-6


Id:0900d80580a21130

Changes in Gi/SGi interface

– if GRE is used to tunnel RADIUS traffic it must be configured using the GRE

functionality

• added a new chapter, 802.1Q tagging (VLANs)


• clarified that L2TP is used as a tunneling protocol, enabling PPP HDLC frames to

be encapsulated and carried from Flexi NG to a PDN

• clarified the connection between RAN and LAC in Figure L2TP connection to PDN

• removed GTP from Figure L2TP protocol stack in Flexi NG

• Flexi NG supports also CHAP authentication

• IP Control Protocol (IPCP) is always used to allocate the IP address to the terminal.

It can also be used to define DNS servers to the terminal.

• renamed Table Supported attribute-value pairs (AVPs) in L2TP messages to Sup-

ported attribute-value pairs (AVPs) in L2TP messages from Flexi NG to LNS

• added Table Supported attribute-value pairs (AVPs) in L2TP messages from LNS to

Flexi NG

• updated Detecting L2TP tunnel failure:

– renamed the chapter from L2TP tunnel failure

– added the failover-threshold parameter

– added the name of the alarm CONNECTION LOST TO PEER NETWORK

ELEMENT to the situation where the L2TP tunnel has failed

• Restoring L2TP tunnel is a new chapter with some of the content moved from

chapter Detecting L2TP tunnel failure

• updated L2TP tunnel creation:

– moved the information about L2TP session creation to its own chapter and

renamed the chapter from L2TP tunnel and session creation – changed SGSN/MME/HSGW/S-GW to serving node

– as a documentation correction, removed the last L2TP HELLO Control Message

from Flexi NG to LNS and L2TP ZLB zero length byte from LNS to Flexi NG from

the L2TP tunnel creation process

• updated L2TP session creation:

– the information was previously in chapter L2TP tunnel and session creation

– changed SGSN/MME/HSGW/S-GW to serving node

• updated L2TP tunnel and session deletion:

– added a comment that Flexi NG sends a Control Message StopCCN Stop

Control Connection Notification, stop tunnel phase to LNS only if this is the last

PDN connection within L2TP tunnel to be deactivated

– changed SGSN/MME/HSGW/S-GW to serving node

• added new chapters, Static tunneling , Dynamic tunneling , and L2TP failures in GTP

and PMIP

• As a documentation correction, corrected ZLB message name to Zero-Length Body

Message in the following Figures:

– L2TP message flow, L2TP tunnel and session creation

– L2TP message flow, L2TP session creation

– L2TP message flow, L2TP tunnel and session deletion

Chapter Dynamic Host Configuration Protocol (DHCP): this is a new chapter.

Chapter Appendix. Higher priority LNS 1 fails: this is a new chapter.



DN0933112 Issue 2-6

9

Gi/SGi Interface Description Changes in Gi/SGi interface

Id:0900d80580a21130

1.5 Changes between release 10 CD8 and release 10 CD9


• added Call Serial Number AVP to Incoming-Call-Request (ICRQ) in Table Sup-

ported attribute-value pairs (AVPs) in L2TP messages

• in L2TP tunnel failure, clarified the description of what happens if no active L2TP

tunnels are available

• added new chapters, L2TP tunnel and session creation and L2TP tunnel and

session deletion

• in L2TP tunnel and session deletion, updated Figure L2TP message flow, L2TP

tunnel and session deletion: Flexi NG sends Delete PDP Context Response / Delete

Session Response / Proxy Binding Acknowledgement to SGSN/ MME/ S-GW/

HSGW after it has sent L2TP Control Message CDN Disconnect Notification for

L2TP session to LNS



10

DN0933112 Issue 2-6


Id:0900d80580949eeb

Introduction to Gi/SGi interface

2 Introduction to Gi/SGi interfaceThis document provides information on the Gi/SGi interface between Nokia Siemens

Networks Flexi Network Gateway (Flexi NG) and the packet data network (PDN).

The Gi/SGi implementation of Flexi NG is based on 3GPP TS 29.061 Interworking

between the Public Land Mobile Network (PLMN) supporting packet based services and

Packet Data Networks (PDN), v. 8.4-0 .

2.1 Scope

This document contains an overview of the Gi/SGi interface and the interface's role in

the network architecture. This document is valid for GGSN and standalone packet data

network gateway (P-GW) and P-GW in combined P-GW and serving gateway (S-GW)

deployment. Gi/SGi interface does not exist in standalone S-GW mode. Gi/SGi interface

between Flexi NG and RADIUS server is described in Flexi NG RADIUS Interface

Description.

2.2 Audience

This document is aimed at operators and administrators working with the Gi/SGi

network interface of Flexi NG. The reader should be familiar with packet data transfer,

3G networks, and evolved packet system (EPS).

http://ng_radius_ifd.pdf/






DN0933112 Issue 2-6

11

Gi/SGi Interface Description Overview of Gi/SGi interface

Id:0900d80580949eec

3 Overview of Gi/SGi interfaceFlexi NG acts as a gateway for user equipment (UE). The Gi/SGi interface is an interface

between Flexi NG and the packet data network (PDN).

Figure 1 Flexi NG Gi/SGi interface



12

DN0933112 Issue 2-6


Id:0900d8058099e647

Gi/SGi and packet data network

4 Gi/SGi and packet data networkTraffic between Flexi NG and PDN is IP packets. As traffic from Gi/SGi arrives to Flexi

NG, Flexi NG checks the destination address and the routing instance of an IP packet

and assigns a PDN connection. When Flexi NG receives traffic from the access network,

Flexi NG extracts the tunneled protocol data unit (T-PDU) from the tunnel and forwards

it to Gi/SGi. T-PDU means the original packet, for example, an IP datagram, from a UE

or a network node in an external packet data network. A T-PDU is the payload that is

tunneled in the GTP-U tunnel.

4.1 Non-tunneled IP traffic

Flexi NG supports IPv4 and IPv6 protocols.

4.2 RoutingFlexi NG supports open shortest path first (OSPF) v2 and v3 and virtual routing and for-

warding (VRF) instances. For more information on routing, see Flexi NG Product

Description.

4.3 Tunneling

Tunneling features in Flexi NG include:

• IP security (IPsec)

• Generic Routing Encapsulation (GRE), version 0

• Virtual local area network (VLAN, 802.1Q)

• Layer 2 Tunneling Protocol (L2TP), version 2

For more information on tunneling, see Flexi NG Product Description.

4.3.1 IPsec

IP security (IPsec) can be used in the Gi/SGi interface. IPsec provides a transparent,

secure communication mechanism for implementing virtual private networks (VPNs).

In tunnel mode of IPsec, the entire IP packet (including header) is secured. This option

is used for securing IP traffic between two security gateways located in two network ele-

ments. For more information, see Flexi NG Security .

For more information on IPsec configuration, see Flexi NG User Guide.

4.3.2 GRE

GRE tunneling is supported in the Gi/SGi interface. The implementation is based on

RFC 1701 Generic Routing Encapsulation (GRE) and RFC 2784 Generic Routing

Encapsulation (GRE). Virtual routing and forwarding (VRF) of GRE tunneling is the

same as in the session profile configuration.

The operator can check the number of sent, received, and dropped packets or bytes to

the Gi/SGi interface by studying GRE-related statistics and counters. For more informa-

tion on statistics, see Flexi NG Statistics.



DN0933112 Issue 2-6

13

Gi/SGi Interface Description Gi/SGi and packet data network

Id:0900d8058099e647

If GRE is used to tunnel RADIUS traffic it must be configured using the GRE functional-

ity. For instructions, see Configuring GRE for tunneling RADIUS in Flexi NG User Guide.

4.3.3 802.1Q tagging (VLANs)Flexi NG supports tagging traffic on layer 2 in the Gi/SGi interface for additional traffic

differentiation. Virtual local area network (VLAN) tagging allows the operator to intercon-

nect Flexi NG to the virtual LAN infrastructure used on the site, allowing routing of traffic

to the proper virtual LAN.

For more information, see Configuring VLAN interfaces in Flexi NG User Guide.

4.3.4 L2TP

L2TP tunneling can be used in the Gi/SGi interface. The implementation is based on

RFC 2661 Layer Two Tunneling Protocol (L2TP). Virtual routing and forwarding (VRF)

of L2TP tunneling is the same as in the session profile configuration.

The operator can check the number of sent and received L2TP signaling packets, the

number of sent and received encapsulated/decapsulated user plane packets or bytes to

the Gi/SGi interface by studying L2TP-related statistics and counters. For more informa-

tion on statistics, see Flexi NG Statistics.

4.4 Dynamic Host Configuration Protocol (DHCP)

Flexi NG supports interfacing with a DHCPv4 server for address allocation purposes.

Flexi NG acts as a client towards the DHCP server and allocates the received address

to the UE with standard 3GPP methods. For more information, see Dynamic Host Con-

figuration Protocol in Flexi NG User Guide.

4.5 Network address translation

Flexi NG provides source network address translation (SNAT) and source network

address and port translation (SNAPT) by the network filtering functionality.

SNAT/SNAPT can be configured by using network filtering rules. The network filtering

(and SNAT/SNAPT) functionality is available only in the interface blade deployment. In

the case of tunneling protocols (L2TP, GRE, or IPsec), SNAT/SNAPT is supported for

packets before their actual entering the tunneling interface. For example, SNAT/SNAPT

can be applied to a packet before entering the GRE interface on an interface blade.

Figure 2 GRE endpoint is located on an interface blade (IB)

SNAT/SNAPT cannot be applied to a packet that has already been passed to the GRE

interface on a service blade, and now the packet traverses an interface blade as a transit

GRE packet.

http://ng_ug.pdf/

http://ng_ug.pdf/

http://ng_ug.pdf/

http://ng_ug.pdf/

http://ng_ug.pdf/

http://ng_ug.pdf/

http://ng_ug.pdf/

http://ng_ug.pdf/



14

DN0933112 Issue 2-6


Id:0900d8058099e647

Gi/SGi and packet data network

Figure 3 GRE endpoint is located on a service blade (AS)

For more information on the network filtering functionality, see Flexi NG Product

Description and Flexi NG User Guide.



DN0933112 Issue 2-6

15

Gi/SGi Interface Description Layer 2 Tunneling Protocol (L2TP)

Id:0900d805809b91d8

5 Layer 2 Tunneling Protocol (L2TP)In Flexi NG, the Layer 2 Tunneling Protocol (L2TP) is used as a tunneling protocol,

enabling Point-to-Point Protocol (PPP) high-level data link control (HDLC) frames to be

encapsulated and carried from Flexi NG to a packet data network (PDN), for example,

a corporate network. In an L2TP tunnel, an L2TP access concentrator (LAC) and an

L2TP network server (LNS) act as endpoints of the tunnel. The LAC is peer to the LNS,

and vice versa, as shown in the following Figure:

Figure 4 L2TP connection to PDN

The session profile and tunneling profile in Flexi NG configure the LAC side of the

tunnel. The LNS is required as an endpoint of the L2TP tunnel.

For every PDN connection, a separate L2TP session is established within the tunnel.

The L2TP tunnel is always session profile-specific. The L2TP tunnel is created when the

PDN connection activation creates the first L2TP session. The L2TP tunnel is deleted

when the last L2TP session is deactivated.

Note that only one L2TP tunnel between the recovery group using the same tunneling

profile and the same LNS is possible.

The LNS has to be configured in such a way that it does not close the L2TP tunnel if

there are no L2TP sessions. This is done to avoid unnecessary alarms.

The configuration of L2TP tunnels (tunneling profiles) is described in Configuring a tun-

neling profile in Flexi NG User Guide.

The PPP session is established by Flexi NG as a virtual PPP session between Flexi NG

and LNS, as shown in the following Figure.

Figure 5 L2TP protocol stack in Flexi NG

The L2TP uses two types of messages: control messages and data messages. Control

messages are used in the establishment, maintenance and clearing of tunnels and ses-

sions. Data messages are used to encapsulate PPP frames being carried over the

tunnel. Control messages use a reliable control channel within the L2TP to guarantee

delivery.

Sequence numbers in L2TP data messages are not supported in Flexi NG.

http://ng_ug.pdf/

http://ng_ug.pdf/

http://ng_ug.pdf/

http://ng_ug.pdf/



16

DN0933112 Issue 2-6


Id:0900d805809b91d8

Layer 2 Tunneling Protocol (L2TP)

Flexi NG supports both PPP PAP, PPP CHAP, and proxy L2TP authentication. The

CHAP authentication is implemented based on RFC 1994 PPP Challenge Handshake

Authentication Protocol (CHAP). The L2TP proxy authentication is specified in RFC

2661, Layer Two Tunneling Protocol "L2TP" .

• If UE sends PAP parameters, then proxy PAP L2TP authentication is performed.

• If UE sends CHAP parameters, then proxy CHAP L2TP authentication is performed.

• If UE sends both PAP and CHAP parameters, then proxy CHAP L2TP authentica-

tion is performed.

• If UE sends no PAP/CHAP parameters, then proxy L2TP authentication is not per-

formed.

If LNS rejects proxy L2TP authentication, then the related PDN connection activation is

failed.

If LNS does not reply to the proxy L2TP authentication request, Flexi NG sends the LCP

Request to LNS without Authentication Protocol option. LNS may request authentication

(PAP or CHAP) in the LCP Configuration Request it sends to Flexi NG.

• If LNS selects PAP authentication and UE has provided both the PAP username and

the password in the Protocol Configuration Options (PCO) IE, then PAP authentica-

tion is performed using the PAP username and password received in the PCO IE.

• If LNS selects PAP authentication and UE has not provided either the PAP

username or the password in the PCO IE, then PAP authentication is performed

using the MSISDN as the PAP username and 'password' as password.

• If LNS selects CHAP authentication, then CHAP authentication is performed using

'password' as the shared secret and MSISDN as the CHAP name.

If Flexi NG sends to LNS a PAP Authenticate-NAK as a response to PAP Authenticate-

Request or a CHAP Failure message as a response to CHAP Response, then therelated PDN connection activation is failed.

Figure 6 L2TP protocol structure

The Figure above shows the relationship of PPP frames and control messages over the

L2TP control and data channels. The PPP frames are passed over a data channelencapsulated first by an L2TP header and then a packet transport such as UDP. Control

messages are sent over a L2TP control channel which transmits packets inband over

the same packet transport.

Flexi NG supports the following PPP protocols in a virtual PPP session:

• Link Control Protocol (LCP) is the basic negotiation protocol in PPP. Flexi NG does

not send LCP Echo Requests nor does it send LCP Echo Response if it receives

LCP Echo Request from LNS.

• IP Control Protocol (IPCP) is used to configure the IP parameters of the PPP

session. It is always used to allocate the IP address to the terminal. IPCP can also

be used to define DNS servers to the terminal.



DN0933112 Issue 2-6

17


Id:0900d805809b91d8

RADIUS signaling cannot be used to define UE IP address or DNS server address when

the L2TP tunneling is used, because IPCP is used.

IPv6 or static IP from UE are not supported for L2TP. Data packet sequence numbering

is not supported for L2TP.

Protocol AVP

LCP Maximum Receive Unit: (sent value 1500)

Magic number

IPCP IP address: (sent value 0.0.0.0)

Primary DNS server IP address: (sent value 0.0.0.0)

Secondary DNS server IP address: (sent value 0.0.0.0)

Table 1 Supported PPP options

Message AVP

Call-Disconnect-Noti fy (CDN) Result-Error Code

Assigned Session

Hello No AVPs

Incoming-Call-Connected (ICCN) Connect Speed

Framing Type

Last Sent LCP CONFREQ (1)

Last Received LCP CONFREQ (1)

Proxy Authen Type (1)

Proxy Authen Name (1) (2)

Proxy Authen Challenge (1) (2)

Proxy Authen ID (1) (2)

Proxy Authen Response (1) (2)

Incoming-Call-Request (ICRQ) Assigned Session

Calling Number

Called Number

Call Serial Number

Start-Control-Connection-Con-

nected (SCCCN)

Challenge Response

Start-Control-Connection-Request

(SCCRQ)

Protocol Version

Framing Capabilities

Host Name

Table 2 Supported attribute-value pairs (AVPs) in L2TP messages from Flexi NGto LNS



18

DN0933112 Issue 2-6


Id:0900d805809b91d8


5.1 Detecting L2TP tunnel failure

L2TP tunnel failure can be detected based on L2TP Hello messages or when the count

of consecutive failed session activations exceeds the value of the failover-

threshold parameter. Note that the failover-threshold parameter is in the tun-

neling profile.

Flexi NG waits for responses for 2 retransmissions of L2TP Hello messages before it

considers the L2TP tunnel failed.

L2TP Hello messages are sent even if there are PPP messages in the L2TP tunnel.

If the L2TP tunnel has failed, alarm CONNECTION LOST TO PEER NETWORK

ELEMENT is raised.

Assigned Tunnel ID

Challenge

Bearer Capabilities

Vendor Name

Receive Window Size

Stop-Control-Connection-Notifica-

tion (StopCCN)

Assigned Tunnel ID

Result-Error Code

Note (1): These AVPs are included only when proxy L2TP authentication is

performed.

Note (2): These AVPs are hidden. AVP hiding is done according to RFC2661, section 4.3. Random-Vector AVP is added before first hidden AVP

(Proxy Authen Name). If shared secret is missing, which makes AVP hiding

impossible, then none of the AVPs are hidden.

Message AVP

SCCRP Control Message Reply Challenge

Challenge Response

Assigned Tunnel ID

Host Name

Receive Window Size

Random Vector

ICRP Control Message Reply Assigned Session ID

Table 3 Supported attribute-value pairs (AVPs) in L2TP messages from LNS to

Flexi NG

Message AVP

Table 2 Supported attribute-value pairs (AVPs) in L2TP messages from Flexi NG

to LNS (Cont.)



DN0933112 Issue 2-6

19


Id:0900d805809b91d8

5.2 Restoring L2TP tunnel

If the L2TP tunnel has failed, tunnel restoration is not attempted until the failback timer

has expired.

If the L2TP tunnel has failed and tunnel restoration is not yet ongoing, the tunnel resto-

ration is started when the first session activation request is received after the failback

timer has expired.

If the restoration of the L2TP tunnels is ongoing, new sessions are created to the already

active L2TP tunnel. If no active L2TP tunnels are available, either one of the currently

failed tunnels is selected after the failback timer expires in the L2TP tunnel in question.

The selection is done either based on the priority of the L2TP tunnels or by load balanc-

ing.

If both L2TP tunnels have failed and the failback timer has not yet expired, session acti-

vation will fail.

If the tunnel restoration fails, the failback timer is restarted and tunnel restoration isattempted after the failback timer has expired.

The following figure shows how the L2TP tunneling state machine works.

Figure 7 L2TP tunneling state machine

5.3 L2TP redundancyWhen L2TP client process of an active recovery unit of GatewayService recovery group

restarts or GatewayService recovery group switchover is performed:

• Flexi NG deactivates all existing PDN connections which use L2TP tunneling.

• Flexi NG sends Stop-Control-Connection-Notification messages to LNSs with tunnel

ID 0 and closes the old L2TP tunnels.

• Flexi NG no longer handles L2TP Hello messages sent in old L2TP tunnels.

• Flexi NG creates new L2TP tunnels with new local tunnel IDs for new PDN connec-

tions needing L2TP tunneling.



20

DN0933112 Issue 2-6


Id:0900d805809b91d8


5.4 L2TP tunnel creation

The following figure shows the message sequence for creating an L2TP tunnel when the

first PDN connection requiring this L2TP tunnel is activated.

Figure 8 L2TP message flow, L2TP tunnel and session creation

1. Serving node sends a Create PDP Context Request / Create Session Request /

Proxy Binding Update to Flexi NG.

2. Flexi NG sends an L2TP SCCRQ Control Message Request to LNS.

3. LNS sends an L2TP SCCRP Control Message Reply to Flexi NG.

4. Flexi NG sends an L2TP SCCCN Control Message Control Connection Notification

to LNS.

5. LNS sends an L2TP ZLB Zero-Length Body Message to Flexi NG.

L2TP tunnel is established.

6. Flexi NG sends an L2TP ICRQ Control Message Request to LNS.

Establishing an L2TP session starts.

7. LNS sends an L2TP ICRP Control Message Reply to Flexi NG.

8. Flexi NG sends an L2TP ICCN Control Message Control Connection Notification to

LNS.


10. PPP negotiation happens between Flexi NG and LNS.

L2TP session is established.

11.Flexi NG sends a Create PDP Context Response / Create Session Response /Proxy Binding Acknowledgement to serving node.



DN0933112 Issue 2-6

21


Id:0900d805809b91d8

5.5 L2TP session creation

The following figure shows the message sequence for creating an L2TP session. An

L2TP tunnel needs to have been created first.

Figure 9 L2TP message flow, L2TP session creation

1. Flexi NG sends an L2TP ICRQ Control Message Request to LNS.

2. LNS sends an L2TP ICRP Control Message Reply to Flexi NG.

3. Flexi NG sends an L2TP ICCN Control Message Control Connection Notification to

LNS.


5. PPP negotiation happens between Flexi NG and LNS.

L2TP session is established.

5.6 L2TP tunnel and session deletion

The following figure shows the message sequence for deleting a PDN connection.

Figure 10 L2TP message flow, L2TP tunnel and session deletion



22

DN0933112 Issue 2-6


Id:0900d805809b91d8


1. Serving node sends a Delete PDP Context Request / Delete Session Request /

Proxy Binding Update to Flexi NG.

2. Flexi NG sends an L2TP Control Message CDN Disconnect Notification for L2TP

session to LNS.3. Flexi NG sends a Delete PDP Context Response / Delete Session Response / Proxy

Binding Acknowledgement to serving node.


5. Flexi NG sends a Control Message StopCCN Stop Control Connection Notification,

stop tunnel phase to LNS.

This message is sent only if this is the last PDN connection within L2TP tunnel to be

deactivated.


5.7 Static tunneling

It is possible to configure static tunneling where the used L2TP tunnel is the same for all

the PDN connections of the session profile.

Another tunneling profile can be configured to the session profile if both tunneling

profiles define an LNS. The priority of the tunneling profile determines which tunneling

profile is used. If the highest priority LNS has failed, then the LNS of the other tunneling

profile is used for new sessions. If the session profile has two tunneling profiles with the

same priority, sessions are created to the LNS which has less active sessions.

5.8 Dynamic tunneling

RADIUS-based dynamic tunneling is defined in RFC 2868 RADIUS Attributes for Tunnel Protocol Support . It allows the RADIUS authentication server to dynamically select the

tunneling protocol and the tunneling end points without static tunneling configuration in

Flexi NG.

To activate dynamic tunneling in Flexi NG, the Access-Accept message from RADIUS

server to Flexi NG must contain the following attributes:

• Tunnel-Type (the value must be L2TP (3))

• Tunnel-Medium-Type (the value must be IPv4 (1))

• Tunnel-Server-Endpoint

The following functionality is not supported:

• Support for IPv6 or dual stack sessions (dual stack sessions are converted to IPv4)• Other tunneling protocols than L2TP

• Other transport protocols for tunneling than IPv4

• Support for domain names (FQDN) in tunneling attributes. Only IP addresses can

be used.

• RADIUS server cannot allocate the IP address. Only LNS can allocate the UE IP

address.

• Family counters 3049 are not updated by dynamic L2TP tunnels.

The following attributes of RFC 2868 are always ignored:

• Tunnel-Assignment-ID

• Tunnel-Private-Group-ID• Tunnel-Server-Auth-ID



DN0933112 Issue 2-6

23


Id:0900d805809b91d8

• Tunnel-Client-Endpoint

For more information on the attributes, see Flexi NG RADIUS Interface Description.

If no valid dynamic tunnel was defined in the Access-Accept message, the configured

default dynamic tunnel is used. The default values of the attributes missing from the Access-Accept message are taken from the configuration.

The following describes the selection of the tunnel if multiple valid dynamic tunnels are

defined in the Access-Accept message (note that Flexi NG supports only 10 valid

dynamic tunnels in one Access-Accept message):

1. If there are already 2000 active static/dynamic tunnels, then only the currently active

tunnels are candidates for the selected tunnel. If all the tunnels are new, the session

activation fails. If there are less than 2000 active static/dynamic tunnels, then all

valid dynamic tunnels are candidates for the selection.

2. If some of the candidate tunnels are marked as failed, they are not used for selecting

the tunnel period of failback time.

3. If multiple dynamic tunnels are still valid candidates for selection after the previous

step, the Tunnel-Preference attribute is used to select the highest priority tunnel. If

the Tunnel-Preference is missing for the tunnel, then the priority of this tunnel is the

lowest one.

If there remain multiple tunnels with the highest priority after this step, the tunnel

selection continues to the next step.

4. If multiple dynamic tunnels are still valid candidates for selection after the previous

step, only currently active tunnels are considered when a tunnel is selected for the

session. If all the candidate tunnels are new, then all the tunnels in this step are still

valid for selection.

5. If multiple dynamic tunnels are still available for selection after the previous step, any

of the available tunnels can be selected.

5.9 L2TP failures in GTP and PMIP

In GTP, the L2TP failures are indicated in Cause IE in

• Create PDP Context Response message (GTPv1)

• Create Session Response message (GTPv2)

In PMIP, the L2TP failures are indicated in the Status IE in the Proxy Binding Acknowl-

edgement message. 3GPP-specific PMIPv6 error code IE is not set based on L2TP-

related errors.

Description GTP Cause/PMIP

Status value

(decimal)

Cause/Status

The maximum number of

L2TP procedures, sessions, or

tunnels has been exceeded.

GTPv1: 199

GTPv2: 73

PMIP: 130

GTP: No resources available

PMIP: Insufficient resources

Table 4 GTP Cause/PMIP Status IEs triggered by L2TP





24

DN0933112 Issue 2-6


Id:0900d805809b91d8


The authentication failedbetween Flexi NG and LNS.

GTPv1: 209

GTPv2: 92

PMIP: 151

GTP: User authenticationfailed

PMIP: Reason unknown

Generic error condition

covering the errors not listed in

other cause codes.

GTPv1: 204

GTPv2: 72

PMIP: 151

GTP: System failure

PMIP: Reason unknown

Description GTP Cause/PMIP

Status value

(decimal)

Cause/Status

Table 4 GTP Cause/PMIP Status IEs triggered by L2TP (Cont.)



DN0933112 Issue 2-6

25

Gi/SGi Interface Description Dynamic Host Configuration Protocol (DHCP)

Id:0900d80580949ee8

6 Dynamic Host Configuration Protocol

(DHCP)

The Dynamic Host Configuration Protocol (DHCP) is an autoconfiguration protocol usedon IP networks.

Flexi NG supports DHCP for the following two use cases:

• Used for allocating the UE IP address from external DHCP server.

Currently only DHCPv4 is supported.

• Used for passing DNSv6 server address to UE.

Currently only DHCPv6 is supported.

For more information on DHCP, see 3GPP TS 29.061 Interworking between the Public

Land Mobile Network (PLMN) supporting packet based services and Packet Data

Networks (PDN), v. 8.4-0 .

6.1 Using DHCP for IP address allocation

The DHCP in Flexi NG supports DHCPv4 when an external DHCP server is used to

allocate the UE IP address. Flexi NG then works as DHCP relay agent towards DHCP

server. Since the UE does not send the actual DHCP requests, Flexi NG also acts as

proxy DHCP client for the UE.

The DHCP server may assign IP addresses to clients for a finite lease time, allowing

sequential reassignment of addresses to different users. Flexi NG renews the DHCP

lease for the allocated IP addresses, if the PDN connection is still active. However, Flexi

NG ensures that the DHCP lease never expires.

Flexi NG releases the PDN connection under the following conditions:

• The DHCP renewal is rejected by the DHCP server.

• The IP address is changed during the renewal process.

Usually, when the lease is renewed, the IP address remains unchanged. However,

if for any reason (for example, poor configuration of the DHCP server), a different IP

address is allocated during the lease renewal process, then the associated PDN

connection will be released.

The DHCP server may also define DNS and WINS server addresses, which Flexi NG

passes to the UE.

The DHCPv4 server on Flexi NG supports the following messages:

• Incoming messages:

– DHCPOFFER

– DHCPACK

• DHCPNAK

• Outgoing messages:

– DHCPDISCOVER

– DHCPREQUEST

• DHCPRELEASE

For more information on DHCPv4, see 3GPP TS 29.061 and RFC 2131 Dynamic Host

Configuration Protocol .



26

DN0933112 Issue 2-6


Id:0900d80580949ee8

Dynamic Host Configuration Protocol (DHCP)

For instructions on DHCP in Flexi NG, see Configuring DHCP profiles in Flexi NG User

Guide.

6.1.1 DHCPv4 message flowThe following figures illustrate the DHCPv4 message flow.

Figure 11 DHCPv4 message flow

The DHCPv4 message flow is as follows:

1. Flexi NG sends a DHCP DISCOVER message to all the configured DHCP server(s).

2. DHCP server(s) send a DHCP OFFER message to Flexi NG.

3. Flexi NG sends a DHCP REQUEST to the first DHCP server(s) sending the DHCP

OFFER.

4. DHCP server(s) returns the UE IP address to Flexi NG in DHCP ACK message.

5. When half of the IP address’ lease time stored in Flexi NG has expired, Flexi NG

triggers the renewal of the IP address.

6. DHCP server responds to the renewal.

7. When PDN connection is terminated and Flexi NG sends DHCP RELEASE to inform

DHCP server that IP address of the PDN connection has been released.

The following figure illustrates the DHCPv4 message flow where DHCP server rejects

the DHCP REQUEST.

http://ng_ug.pdf/

http://ng_ug.pdf/



DN0933112 Issue 2-6

27

Gi/SGi Interface Description Dynamic Host Configuration Protocol (DHCP)

Id:0900d80580949ee8

Figure 12 DCHPv4 message flow, DHCP server rejects DHCP REQUEST

The DHCPv4 message flow where DHCP server rejects the DHCP REQUEST is as

follows:

1. Flexi NG sends a DHCP DISCOVER message to all the configured DHCP server(s).

2. DHCP server(s) send a DHCP OFFER message to Flexi NG.

3. Flexi NG sends a DHCP REQUEST to the first DHCP server(s) sending the DHCP

OFFER.

4. If DHCP server rejects the DHCP REQUEST, it sends DHCP NAK.

6.2 Using DHCP for passing DNSv6 server address to UE

The DHCP in Flexi NG supports DHCPv6 when Flexi NG is used as an S-GW, P-GW,

or combined S-GW and P-GW. The DHCPv6 server on Flexi NG supports the followingmessages:

• Incoming messages:

– Information-Request

– Relay-Forward

• Outgoing messages:

– Reply

– Relay-Reply

Flexi NG supports the following options:

• Relay message

• Client identifier • Server identifier

• DNS recursive name server

For more information on DHCPv6, see 3GPP TS 29.061 and RFC 3315 Dynamic Host

Configuration Protocol for IPv6 (DHCPv6).

6.2.1 DHCPv6 with PMIP-based S5 interface

The following figure illustrates the DHCPv6 sequence in which the DHCPv6 server on

Flexi NG passes the DNSv6 server address to UE when an external PMIP-based S5

interface is used between S-GW and P-GW.



28

DN0933112 Issue 2-6


Id:0900d80580949ee8

Dynamic Host Configuration Protocol (DHCP)

Figure 13 DHCPv6 with PMIP-based S5 interface

The DHCPv6 sequence with PMIP-based S5 interface is as follows:

1. UE sends an Information-Request message to S-GW.

2.S-GW sends a Relay-Forward message to P-GW.

3. P-GW responds to the Relay-Forward message with a Relay-Reply message.

4. S-GW sends a Reply message to UE.

6.2.2 DHCPv6 with combined S-GW and P-GW

The following figure illustrates the DHCPv6 sequence in which the DHCPv6 server on

Flexi NG passes the DNSv6 server address to UE when internal S5 interface is used in

combined S-GW and P-GW.

Figure 14 DHCPv6 in combined S-GW and P-GW

The DHCPv6 sequence in combined S-GW and P-GW is as follows:

1. UE sends an Information-Request message to combined S-GW and P-GW.

2. S-GW sends a Reply message to UE.



DN0933112 Issue 2-6

29

Gi/SGi Interface Description Error handling in Gi/SGi interface

Id:0900d80580949ee9

7 Error handling in Gi/SGi interfaceFaulty IP packets are dropped, for example, due to the following reasons:

• Incoming faulty packet• Owner of the incoming packet not identified

• Outgoing packet without existing route in defined routing instance

Interface statistics show statistics about faulty IP packets. For more information on sta-

tistics, see Flexi NG Statistics.



30

DN0933112 Issue 2-6


Id:0900d80580949df9

Appendix Higher priority LNS 1 fails

8 Appendix Higher priority LNS 1 fails

Figure 15 Higher priority LNS 1 fails

1. Serving node sends a Create PDP Context Request / Create Session Request

message to Flexi NG. LNS 1 is configured in the RADIUS tunneling parameters to

have the highest priority.

The attempt to create an L2TP tunnel/session fails.

2. Flexi NG sends Create PDP Context Response (Failure) / Create Session

Response (Failure) message to serving node.

3. Serving node sends another Create PDP Context Request / Create SessionRequest message to Flexi NG. LNS 1 is still configured to have the highest priority.



DN0933112 Issue 2-6

31

Gi/SGi Interface Description Appendix Higher priority LNS 1 fails

Id:0900d80580949df9

Since LNS 1 failed, LNS 2 is selected and the L2TP tunnel/session is successfully

created.

4. Flexi NG sends Create PDP Context Response / Create Session Response

message to serving node.

5. Serving node sends another Create PDP Context Request / Create Session

Request message to Flexi NG. LNS 1 is still configured to have the highest priority.

Since LNS 1 failed, LNS 2 is selected and the L2TP tunnel/session is successfully

created.


message to serving node.

7. Serving node sends another Create PDP Context Request / Create Session

Request message to Flexi NG. The failover time has expired and LNS 1 has recov-

ered from the failure.


message to serving nodes.



Gi/SGi Interface DescriptionGlossary

9 Glossary

Term Definition

AVP attribute-value pair

CHAP Challenge Handshake Authentication Protocol

DHCP Dynamic Host Configuration Protocol

DNS domain name server

EPS evolved packet system

FQDN fully qualified domain name

GRE Generic Routing Encapsulation

IP Internet Protocol

IPCP IP Control Protocol

IPsec IP security

L2TP Layer 2 Tunneling Protocol

LAC L2TP access concentrator

LCP Link Control Protocol

LNS L2TP network server

NG network gateway

OSPF open shortest path first

PAP Password Authentication Protocol

PCO IE Protocol Configuration Options Information Element

P-GW packet data network gateway

PDN packet data network

PMIP Proxy Mobile IP

PPP Point-to-Point Protocol

RADIUS remote authentication dial-in user service

S-GW serving gateway

SNAPT source network address and port translationSNAT source network address translation

T-PDU tunneled protocol data unit

UE user equipment

VLAN virtual local area network

Table 5 Gi/SGi Interface Description glossary

Ng Gisgi Ifd

Documents

Transcript of Ng Gisgi Ifd