Cisco Cisco ASR 5000
ITC includes the class-map, policy-map and policy-group commands. Currently ITC does not include an
external policy server interface.
external policy server interface.
Important
ITC provides per-subscriber/per-flow traffic policing to control bandwidth and session quotas. Flow-based
traffic policing enables the configuring and enforcing bandwidth limitations on individual subscribers, which
can be enforced on a per-flow basis on the downlink and the uplink directions.
traffic policing enables the configuring and enforcing bandwidth limitations on individual subscribers, which
can be enforced on a per-flow basis on the downlink and the uplink directions.
Flow-based traffic policies are used to support various policy functions like Quality of Service (QoS), and
bandwidth, and admission control. It provides the management facility to allocate network resources based
on defined traffic-flow, QoS, and security policies.
bandwidth, and admission control. It provides the management facility to allocate network resources based
on defined traffic-flow, QoS, and security policies.
For more information on ITC, refer to the Intelligent Traffic Control chapter in this guide.
Important
IP Security (IPSec)
Use of Network Domain Security requires that a valid license key be installed. Contact your local Sales or
Support representative for information on how to obtain a license.
Support representative for information on how to obtain a license.
IP Security provides a mechanism for establishing secure tunnels from mobile subscribers to pre-defined
endpoints (i.e. enterprise or home networks) in accordance with the following standards:
endpoints (i.e. enterprise or home networks) in accordance with the following standards:
• RFC 2401, Security Architecture for the Internet Protocol
• RFC 2402, IP Authentication Header (AH)
• RFC 2406, IP Encapsulating Security Payload (ESP)
• RFC 2409, The Internet Key Exchange (IKE)
IP Security (IPSec) is a suite of protocols that interact with one another to provide secure private
communications across IP networks. These protocols allow the system to establish and maintain secure tunnels
with peer security gateways. For IPv4, IKEv1 is used and for IPv6, IKEv2 is supported. IPSec can be
implemented on the system for the following applications:
communications across IP networks. These protocols allow the system to establish and maintain secure tunnels
with peer security gateways. For IPv4, IKEv1 is used and for IPv6, IKEv2 is supported. IPSec can be
implemented on the system for the following applications:
• PDN Access: Subscriber IP traffic is routed over an IPSec tunnel from the system to a secure gateway
on the packet data network (PDN) as determined by access control list (ACL) criteria.
• Mobile IP: Mobile IP control signals and subscriber data is encapsulated in IPSec tunnels that are
established between foreign agents (FAs) and home agents (HAs) over the Pi interfaces.
Once an IPSec tunnel is established between an FA and HA for a particular subscriber, all new Mobile
IP sessions using the same FA and HA are passed over the tunnel regardless of whether or not IPSec is
supported for the new subscriber sessions. Data for existing Mobile IP sessions is unaffected.
IP sessions using the same FA and HA are passed over the tunnel regardless of whether or not IPSec is
supported for the new subscriber sessions. Data for existing Mobile IP sessions is unaffected.
Important
For more information on IPSec support, refer to the IP Security Reference Guide.
Important
HSGW Administration Guide, StarOS Release 19
23
HRPD Serving Gateway Overview
IP Security (IPSec)