Cisco Cisco Packet Data Gateway (PDG)
Evolved Packet Data Gateway Overview
▀ Features and Functionality
▄ ePDG Administration Guide, StarOS Release 18
36
DSCP and 802.1P Marking
The ePDG can assign DSCP levels to specific traffic patterns in order to ensure that the data packets can be delivered
according to the precedence with which they are tagged. The DiffServ markings can be applied to the IP header of the
every subscriber data packet transmitted over the SWu and the S2b[GTPv2] interface.
according to the precedence with which they are tagged. The DiffServ markings can be applied to the IP header of the
every subscriber data packet transmitted over the SWu and the S2b[GTPv2] interface.
The specific traffic patterns are classified as per their associated QCI/ARP value on the GTP-tunnel. Data packets
falling under the category of each of the traffic patterns are tagged with a DSCP marking.
falling under the category of each of the traffic patterns are tagged with a DSCP marking.
For uplink traffic, i.e. traffic from ePDG to P-GW through GTP tunnel, DSCP markings can be configured using global
qci-qos mapping configuration association in ePDG service. In this case, only outer IP header is used for routing the
packet over GTP-u’ interface. Hence TOS field of only outer IP header is changed, i.e. subscriber packet is not marked
with DSCP value at ePDG.
qci-qos mapping configuration association in ePDG service. In this case, only outer IP header is used for routing the
packet over GTP-u’ interface. Hence TOS field of only outer IP header is changed, i.e. subscriber packet is not marked
with DSCP value at ePDG.
ePDG service does have configuration for association of the global configured qci-qos mapping and further in global
qci-qos mapping configuration its expected that encaps-header configuration for dscp marking shall be used for setting
the TOS value in the outer IP header.
qci-qos mapping configuration its expected that encaps-header configuration for dscp marking shall be used for setting
the TOS value in the outer IP header.
Following is the global configuration under
qci-qos
mapping:
qci num [ uplink { encaps-header { copy-inner | dscp-marking hex } | 802.1p-value num }]
The 802.1p marking shall be done on the uplink traffic per the qci-qos mapping global configuration corresponding to
the map configured under ePDG service. This is similar configuration as described above for DSCP marking.
the map configured under ePDG service. This is similar configuration as described above for DSCP marking.
The 802.1p marking shall be done in the “user priority” bits of the “TAG” field in the 802.1q tagged frame.
ePDG also supports:
DSCP marking of Data Packets in uplink (UE->ePDG->PGW) using qci-qos mapping configuration which can
be associated to epdg-service
ePDG marking the inner IP packet DSCP value received from PGW to the outer ESP header in SWu interface
DSCP marking of Signaling packets (GTPC, on S2b interface) using CLI in egtp-service configuration
DSCP marking of diameter packets using CLI in Diameter Endpoint configuration
IPSec Cookie Threshold
The ePDG supports IKEv2 Cookie challenge payload, this feature helps protect against opening too many half opened
IPSec sessions.
IPSec sessions.
The IKEv2 Cookie feature when enabled will invoke a cookie challenge payload mechanism which ensures that only
legitimate subscribers are initiating the IKEv2 tunnel request and not a spoofed attack. Note that this configuration is per
ipsecmgr.
legitimate subscribers are initiating the IKEv2 tunnel request and not a spoofed attack. Note that this configuration is per
ipsecmgr.
The Cookie Challenge mechanism is disabled by default, the number of half open connections over which cookie
challenge gets activated is also configurable.
challenge gets activated is also configurable.