Cisco Cisco Packet Data Interworking Function (PDIF) Guía Para Resolver Problemas
Packet Data Interworking Function Overview
Interfaces ▀
Cisco ASR 5000 Series Packet Data Interworking Function Administration Guide ▄
OL-22963-01
Interfaces
The figure below shows how the PDIF/FA acts as a security gateway between the Internet and packet data services. All
components are located in the home network.
components are located in the home network.
Figure 1. PDIF/FA Mobile IP Interfaces
D M H
W iF i
A c c e s s
P o in t
S T 4 0 P D IF
C D M A
IP S e c Tu n n e l
P D S N
H o m e
S u b s c rib e r
S e rv e r
H o m e
A A A
A A A
B S C /P C F
M S C /V L R
IP A c c e s s
N e tw o rk
IP C o re
S IP C o re
P L M N /P S T N
B ro a d b a n d
N e tw o rk
W iF i
1. The IPSec virtual tunnel interface with the MS: The Mode keyword in the IPSec-transform-set configuration
mode defaults to Tunnel. In Tunnel mode, the IP datagram is passed to IPSec, where a new IP header is created
ahead of the AH and/or ESP IPSec headers. The original IP header is left intact.
ahead of the AH and/or ESP IPSec headers. The original IP header is left intact.
2. The Diameter interface: In a mobile IP network, the IMS Sh interface is used for MAC address validation with
the HSS as well as HSS subscriber profile updates. In a Proxy-MIP network using multiple authentication, the
HSS server is used to authenticate the device during Stage 1 authentication using the EAP-AKA authentication
method.
HSS server is used to authenticate the device during Stage 1 authentication using the EAP-AKA authentication
method.
3. The RADIUS authentication and accounting interface: In a mobile IP network, this interface is used for
subscriber authentication using the EAP-AKA authentication method. For subscriber accounting, the PDIF/FA
sends start, stop and interim messages to the accounting server. When used in a Proxy-MIP network using
multiple authentication, RADIUS is used with the AAA servers to authenticate the subscriber using the
GTC/MD5 authentication methods.
sends start, stop and interim messages to the accounting server. When used in a Proxy-MIP network using
multiple authentication, RADIUS is used with the AAA servers to authenticate the subscriber using the
GTC/MD5 authentication methods.