PDSN 課程講議

PDSN 課程講議PDSN 課程講議

課程內容 :1. EV-DO overview2. PDSN/FA & HA overview3. Understanding Simple IP & Mobile IP4. Mobility5. Understanding the service operation of Starent System

SHAQ

2010/3/19

1. EV-DO overview1. EV-DO overview

1xEV-DO IOS Architecture Reference Model1xEV-DO IOS Architecture Reference Model


EV-DO R0, RA, RB : Air-link is the bottle neck for wireless data transmission.EV-DO R0, RA, RB : Air-link is the bottle neck for wireless data transmission.


EV-DO Rev 0

(one carrier)

1.25Mhz 2.5Mbps 153.6kbps

EV-DO R 0, R A, R BEV-DO R 0, R A, R B


2. PDSN/FA & HA overview2. PDSN/FA & HA overview

PCF


PDSN


AAA server


Home Agent

Standalone PDSN/FA and HA Deployments

Interface Description

R-P Interface – PCF <-> PDSN

Pi Interfaces – PDSN/FA <-> HA

PDN Interfaces – HA <-> PDN/internet

AAA Interfaces – PDSN/HA <-> AAA Server


Co-Located Deployments


PDSN-FA and HA functionality : Logical interfaceR-P interface :

Functionality :

- R-P connection setup

- R-P connection tear-down

- Transport of PPP packets

- Transport of cdma2000 accounting information from PCF to PDSN

- R-P mobility

Types:

- Closed R-P interface : L2TP

- Open R-P interface : GRE (A10/A11)


PDSN-FA and HA functionality : Protocols

PPP : Point-to-Point Protocol , MN <-> PDSN

1. LCP

2. Authentication

- PAP

- CHAP

3. NCP (IPCP)

RADIUS : PDSN/FA or HA <-> AAA Server

IP in IP : FA <-> HA

IP : MN <-> PDN(Internet, VPN, CN)


3. Understanding Simple IP and Mobile IP

-Access methods for packet data services :

- Local and public network access

- Private network access

-Access application for two access methods :

- Simple IP : Dynamically assigned IP addresses

Mobility in a defined geographical area

- Mobile IP : Static or Dynamically assigned IP addresses

Seamless mobility

- Proxy Mobile IP : PDSN supports MIP for MN which don’t support MIP.

Simple IP

How Simple IP Works


Simple IP

Simple IP protocol stacks


Simple IP

Simple IP Call Flow


PPP :

LCP(3)

Authentication(4,5,6,7; attributes)

IPCP(8, IP assignment)

Mobile IP

- network-layer solution

- maintain ongoing communications while changing links

- Home address

- Care of Address (collocated / FA)

- IP Tunnels


Key of mobility

Mobile IP

Mobile IP Tunneling Methods :

IP in IP tunnels : Outer IP header / Inner IP header GRE tunnels : any transport protocol can be encapsulated in GRE

Three Tunneling of Mobile IP :

Forward Tunneling : PDN -> MN


Mobile IP

Reverse Tunneling : MN -> PDN

- Direct Delivery Style : MN -> FA directly

- Encapsulating Delivery Style : MN -> FA encapsulates

(reference MIPv4_4)


Mobile IP

Triangular Routing :

- advantage : reverse tunneling is not required

- disadvantage : - HA is unaware of all user traffic for billing purposes

- FA would have to be connected to each private network


Mobile IP

Mobile IP protocol stacks—data plane


Mobile IP

Mobile IP protocol stacks—control plane


Mobile IP

How Mobile IP Works


Mobile IP

How Mobile IP Works


MIP setup :

MIP Registration Request message(6, 11)

Access Request message(7,8,12)

Access Acept message(9,10,13)

MIP Registration Reply(14 (MN’s home address,16)

PPP

MIP close :

Registration Request with a request lifetime of 0.(17, 18)

Registration Reply (19, 20)

Mobile IP

Proxy Mobile IP

An Overview of Proxy Mobile IP :

- Provides mobility for subscribers with MNs that do not support the Mobile IP protocol stack.

- R-P and PPP sessions get established as they would for a Simple IP session

- Mobile Binding Record (MBR) is created on HA

How Proxy Mobile IP Works :

- Scenario 1: The AAA server specifies an IP address that the PDSN allocates to the MN from one of its locally configured static pools.

- Scenario 2: The HA assigns an IP address to the MN from one of its locally configured dynamic pools.



Proxy MIP (8,9,11)

IPCP (8,10,12)

Mobile Packet data service states

MS BSS PCF PDSNTCH A8 A10



NULL :There are not any connections between the MS and Network.

ACTIVE:In this state, Traffic channel exists between MS and PDSN, and both sides may transmit data.

Dormant:No traffic channel exists between MS and PCF. But PPP connection and traffic channel on A10 are maintained.


4. Mobility

- Micro-mobility : intra-PCF mobility

- R-P mobility : intra-PDSN mobility

- Macro-mobility : inter-PDSN mobility

4. Mobility

-R-P mobility :

- R-P interface is moved from the source PCF to the target PCF

- PPP session remains on the same PDSN-FA

-Macro-mobility :

- PDSN-FA/HA

- a new PPP session must be initiated

- New PDSN-FA issues an Agent Advertisement on that session

- MM’s Home IP address(assigned when Mobile IP service was initiated) is still using => Layer 3 mobility

- The session is anchored at the HA

4. Mobility

Dormant mobility :

- “stale” PPP session

- PANID / CANID

- the PPP session will be restarted / the MIP renegotiation

5. Understanding the service operation of Starent System


Contexts :

- a logical grouping or mapping of configuration parameters that pertain to

various physical ports, logical IP interfaces, and services.

- The system supports the configuration of multiple contexts.

- Each contexts is configured and operates independently from the others.

- Contexts can also be assigned domain aliases.

- Categorization : Source/Destination/AAA context

- Source context:

- “ingress” context

- subscriber’s point-of-entry in the system

- R-P interfaces

5. Understanding the service operation of Starent System- Categorization :

- Destination context:

- “egress” context

- where a subscriber is provided services - configured with the interfaces facilitating subscriber data traffic to/from the Internet, a VPN, or other PDN

- AAA context : - provides authorization, authentication, and accounting (AAA) functionality for subscriber and/or administrative user sessions - the logical interfaces for communicating with AAA servers - records for locally configured subscribers and/or administrative users

Note : AAA context 可與 source 或 destination context configured 一起 . 一般規則為 AAA server 為 carrier 管控 , 則可與 source context configure 在一起 , 反之則可與 destination source configured 在一起 .

5. Understanding the service operation of Starent System- AAA context

- AAA Realms :

- provides AAA attributes (when access-accept message from RADIUS failed to contain certain attributes) - subscriber-specific templates < subscriber’s RADIUS user profile - A AAA realm is considered part of the AAA context(or configuration) - the AAA context itself is also considered to be a realm - There may be many different AAA realms defined within a single AAA context

Source context/

AAA configuration

nova.com

bigco.com

ingress

RADIUS AAA

access-accept message from RADIUS failed to contain certain attributes

AAA interfaceAAA

realms


Logical interface :

- assigned to IP addresses and are bound to a specific port

- associated with services through bindings

- takes on the characteristics of the functions enabled by the service

Logical interface category :

- Management interface :

- provides the system’s point of attachment to the management network

- defined in the local context

- R-P interface :

- A10/A11 -> communications path between the PCF and the PDSN

- Pi interface :

- communications path between the PDSN/FA and HA for Mobile IP applications


Logical interface category :

- PDN interface:

- The interface to the packet data network (PDN)

- AAA interface :

- the connection between the PDSN and/or HA and the network servers that perform AAA functions

- Remote Authentication Dial-In User Service(RADIUS)

- ICC interface : (inter-context communication)

- only required when multiple services are configured in the same context

Xxx context

FA HAICC ICC


Binding :

- an association between “elements” within the system

- static and dynamic

- static :

- dynamic :

- associates a subscriber to a specific egress context based on the

configuration of their profile or system parameters.

Context

Physical port Logical interface IP address Service


Services :

- Services are configured within a context and enable certain functionality.

- PDSN services :

- The PDSN service must be bound to a logical interface within the same context.

- logical interface takes on the characteristics of an R-P interface

- a single physical port can facilitate multiple R-P interfaces.

- R-P sessions are identified using the PCF address, the PDSN interface address, and the R-P Session ID.

- FA/HA services :

- configured to support Mobile IP and define FA/HA functionality on the system.


- FA/HA services combination & individual configuring :

System

PDSN service

Source context

FA/HA service

Dest. context

PDN interface

1.

2.

System

PDSN/FA service

Source context

System

HA service

Source contextPi Pi

5. Understanding the service operation of Starent SystemAAA Servers :

- store profiles / perform authentication / maintain accounting records

- Mobile IP : there can be foreign AAA (FAAA) and home AAA (HAAA) servers

- The AAA servers communicate with the system over the AAA interface.

Subscribers: Three primary types of subscribers/users

- RADIUS-based Subscribers :

- The most common type of subscriber.

- identified by IMSI/ESN/Domain name/User name

- user profile configured on and authenticated by a RADIUS AAA server

Attributes : - parameter settings(protocol settings; IP assignment method, etc.)

- privileges (Simple IP, Mobile IP, etc.)

User profile

Subscribers: Three primary types of subscribers/users

- Local Subscribers :

- testing purposes

- configured and authenticated within a specific context where they are created.

- first created subscriber profiles are set to the system’s default setting.

- configuring profile attributes are made on a subscriber-by-subscriber basis.

- Management Subscribers :

- an authorized user who can monitor, control, and configure the system

- configured as a local subscriber within the local context

- management subscribers may also be authenticated remotely via RADIUS

(if a AAA configuration exists within the local context)



Default Subscribers and Realm-based Subscriber Templates :

- Used for RADIUS-based subscribers when needed.

- Default Subscriber :

- per context basis

- the system automatically creates a subscriber named default (When each context is created)

- Realm-based Subscriber Templates : (AAA realms)

- per realm basis

- a context can have numerous domain aliases

- each realm is used for a specific group of subscribers

RADIUS• Remote Authentication Dial-In User Service

RADIUS Authentication Flow

Point-to-Point Tunneling Protocol (PPTP)

• PPTP was developed by Microsoft and the IETF.• Layer 2 tunnel supports IP, IPX, NetBEUI• Authentication is relied on PPP

– PAP, SPAP, CHAP, MS-CHAP V1, V2, and EAP

PPTP server

Internet

PPTPClient

PPP

GRE

IP, IPXNetBEUI

PPTP Packet

• Generic Routing Encapsulation (GRE)– a mechanism for encapsulating any network lay

er protocol over any other network layer protocol.

• Encryption protocol– Microsoft Point to Point Encryption (MPPE)

IP Header GRE Header IP Header GRE Header PPP IP TCP Data

GRE Payload (encrypted)

Layer 2 Tunneling Protocol (L2TP)

• Based upon the best features of PPTP and L2F. • Layer 2 tunnel supports IP, IPX, NetBEUI.

PC + LACPC + LAC

PC withL2TP Client

PPPPPP

IPIP

IPIP

L2TPL2TP

IPIP

InternetL2TP Tunnel

new IP header

L2TP message header

PPP header

original IP header

payloadpayload message payload payloadpayload

CorporateLAN

LNSLNS

L2TPNetworkServer

L2TP Packet

• Allows tunnels to support more than one connection.

• Encryption is relied on IPsec.

IPHeader

IPSecESP

Header PPPHeader

UDPHeader

L2TPHeader

IPHeader

TCPHeader DATA

Internet Protocol Security (IPSec)• Layer 3 protocol for remote access, intranet,

and extranet VPN– Internet standard for IP layer VPN– Provides flexible encryption and message

authentication/integrity– Includes key management

• Two security protocols– Authentication Header (AH)– Encapsulating Security Payload (ESP)

IPSec Operating Modes

• Transport mode

• Tunnel mode

IPSec - Authentication Header (AH)

• Authentication

• Integrity

• Anti-replay

IPSec - Encapsulating Security Payload (ESP)

• Confidentiality

• Authentication

• Integrity

• Anti-replay

PDSN 課程講議

Documents

Transcript of PDSN 課程講議