Cisco Cisco Packet Data Gateway (PDG) Documentation Roadmaps
GGSN Support in GPRS/UMTS Wireless Data Services
Features and Functionality - Optional Enhanced Feature Software ▀
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Dynamic RADIUS Extensions (Change of Authorization)
Dynamic RADIUS extension support provide operators with greater control over subscriber PDP contexts by providing
the ability to dynamically redirect data traffic, and or disconnect the PDP context.
the ability to dynamically redirect data traffic, and or disconnect the PDP context.
This functionality is based on the RFC 3576, Dynamic Authorization Extensions to Remote Authentication Dial In User
Service (RADIUS), July 2003 standard.
Service (RADIUS), July 2003 standard.
The system supports the configuration and use of the following dynamic RADIUS extensions:
Change of Authorization: The system supports CoA messages from the AAA server to change data filters
associated with a subscriber session. The CoA request message from the AAA server must contain attributes to
identify NAS and the subscriber session and a data filter ID for the data filter to apply to the subscriber session.
identify NAS and the subscriber session and a data filter ID for the data filter to apply to the subscriber session.
Disconnect Message: The DM message is used to disconnect subscriber sessions in the system from a RADIUS
server. The DM request message should contain necessary attributes to identify the subscriber session.
The above extensions can be used to dynamically re-direct subscriber PDP contexts to an alternate address for
performing functions such as provisioning and/or account set up. This functionality is referred to as Session Redirection,
or Hotlining.
performing functions such as provisioning and/or account set up. This functionality is referred to as Session Redirection,
or Hotlining.
Session redirection provides a means to redirect subscriber traffic to an external server by applying ACL rules to the
traffic of an existing or a new subscriber session. The destination address and optionally the destination port of TCP/IP
or UDP/IP packets from the subscriber are rewritten so the packet is forwarded to the designated redirected address.
traffic of an existing or a new subscriber session. The destination address and optionally the destination port of TCP/IP
or UDP/IP packets from the subscriber are rewritten so the packet is forwarded to the designated redirected address.
Return traffic to the subscriber has the source address and port rewritten to the original values. The redirect ACL may be
applied dynamically by means of the Radius Change of Authorization (CoA) extension.
applied dynamically by means of the Radius Change of Authorization (CoA) extension.
Important:
For more information on dynamic RADIUS extensions support, refer CoA, RADIUS, And Session
Redirection (Hotlining) chapter in System Enhanced Feature Configuration Guide.
GRE Protocol Interface Support
GGSN supports GRE generic tunnel interface support in accordance with RFC-2784, Generic Routing Encapsulation
(GRE).
(GRE).
GRE protocol functionality adds one additional protocol on ASR 5000 to support mobile users to connect to their
enterprise networks through Generic Routing Encapsulation (GRE).
enterprise networks through Generic Routing Encapsulation (GRE).
GRE tunnels can be used by the enterprise customers of a carrier 1) To transport AAA packets corresponding to an APN
over a GRE tunnel to the corporate AAA servers and, 2) To transport the enterprise subscriber packets over the GRE
tunnel to the corporation gateway.
over a GRE tunnel to the corporate AAA servers and, 2) To transport the enterprise subscriber packets over the GRE
tunnel to the corporation gateway.
The corporate servers may have private IP addresses and hence the addresses belonging to different enterprises may be
overlapping. Each enterprise needs to be in a unique virtual routing domain, known as VRF. To differentiate the tunnels
between same set of local and remote ends, GRE Key will be used as a differentiation.
overlapping. Each enterprise needs to be in a unique virtual routing domain, known as VRF. To differentiate the tunnels
between same set of local and remote ends, GRE Key will be used as a differentiation.
GRE Tunneling is a common technique to enable multi-protocol local networks over a single-protocol backbone, to
connect non-contiguous networks and allow virtual private networks across WANs. This mechanism encapsulates data
packets from one protocol inside a different protocol and transports the data packets unchanged across a foreign
connect non-contiguous networks and allow virtual private networks across WANs. This mechanism encapsulates data
packets from one protocol inside a different protocol and transports the data packets unchanged across a foreign