Cisco Cisco Packet Data Interworking Function (PDIF) Documentation Roadmaps
PDG/TTG Overview
▀ Features and Functionality
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
standard X.509 for a Public Key Infrastructure (PKI) and Privilege Management Infrastructure (PMI). X.509 specifies,
among other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a
certification path validation algorithm.
among other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a
certification path validation algorithm.
During session establishment, the PDG/TTG can select a digital certificate from multiple certificates based on the APN
(Access Point Name). The selected certificate is associated with the APN that the WLAN UE includes in the IDr
payload of the first IKE_AUTH_REQ message.
(Access Point Name). The selected certificate is associated with the APN that the WLAN UE includes in the IDr
payload of the first IKE_AUTH_REQ message.
When configuring APN-based certificate selection, ensure that the certificate names match the associated APNs exactly.
The PDG/TTG can then examine each APN received in the IDr payload and select the correct certificate.
The PDG/TTG can then examine each APN received in the IDr payload and select the correct certificate.
The PDG/TTG generates an SNMP notification when the certificate is within 30 days of expiration and approximately
once a day until a new certificate is provided. Operators need to generate a new certificate and then configure the new
certificate using the system‘s CLI. The certificate is then used for all new sessions.
once a day until a new certificate is provided. Operators need to generate a new certificate and then configure the new
certificate using the system‘s CLI. The certificate is then used for all new sessions.
Subscriber Traffic Policing for IPSec Access
Traffic policing allows you to manage bandwidth usage on the network and limit bandwidth allowances to subscribers.
Traffic policing enables the configuring and enforcing of bandwidth limitations on individual subscribers of a particular
traffic class in 3GPP service. Bandwidth enforcement is configured and enforced independently in the downlink and
uplink directions.
traffic class in 3GPP service. Bandwidth enforcement is configured and enforced independently in the downlink and
uplink directions.
When configured in the Subscriber Configuration Mode of the system‘s CLI, the PDG/TTG performs traffic policing.
However, if the GGSN changes the QoS via an Update PDP Context Request, the PDG/TTG uses the QoS values from
the GGSN.
However, if the GGSN changes the QoS via an Update PDP Context Request, the PDG/TTG uses the QoS values from
the GGSN.
A Token Bucket Algorithm (a modified trTCM) [RFC2698] is used to implement the traffic policing feature. The
following criteria is used when determining how to mark a packet:
following criteria is used when determining how to mark a packet:
Committed Data Rate (CDR): The guaranteed rate (in bits per second) at which packets can be
transmitted/received for the subscriber during the sampling interval. Note that the committed (or guaranteed)
data rate does not apply to the Interactive and Background traffic classes.
data rate does not apply to the Interactive and Background traffic classes.
Peak Data Rate (PDR): The maximum rate (in bits per second) that subscriber packets can be
transmitted/received for the subscriber during the sampling interval.
Using negotiated QoS data rates, the system calculates the burst size, which is the maximum number of bytes that can
be transmitted/received for the subscriber during the sampling interval for both committed and peak rate conditions. The
committed burst size (CBS) and peak burst size (PBS) for each subscriber depends on the guaranteed bit rate (GBR) and
maximum bit rate (MBR) respectively. This represents the maximum number of tokens that can be placed in the
subscriber‘s ―bucket‖. The burst size is the bucket size used by the Token Bucket Algorithm.
be transmitted/received for the subscriber during the sampling interval for both committed and peak rate conditions. The
committed burst size (CBS) and peak burst size (PBS) for each subscriber depends on the guaranteed bit rate (GBR) and
maximum bit rate (MBR) respectively. This represents the maximum number of tokens that can be placed in the
subscriber‘s ―bucket‖. The burst size is the bucket size used by the Token Bucket Algorithm.
Tokens are removed from the subscriber‘s bucket based on the size of the packets being transmitted/received. Every
time a packet arrives, the system determines how many tokens need to be added (returned) to a subscriber‘s CBS (and
PBS) bucket. This value is derived by computing the product of the time difference between incoming packets and the
CDR (or PDR). The computed value is then added to the tokens remaining in the subscriber‘s CBS (or PBS) bucket.
The total number of tokens can not be greater than the burst-size. If the total number of tokens is greater than the burst-
size, the number is set to equal the burst-size.
time a packet arrives, the system determines how many tokens need to be added (returned) to a subscriber‘s CBS (and
PBS) bucket. This value is derived by computing the product of the time difference between incoming packets and the
CDR (or PDR). The computed value is then added to the tokens remaining in the subscriber‘s CBS (or PBS) bucket.
The total number of tokens can not be greater than the burst-size. If the total number of tokens is greater than the burst-
size, the number is set to equal the burst-size.
After passing through the Token Bucket Algorithm, the packet is internally classified with a color, as follows:
If there are not enough tokens in the PBS bucket to allow a packet to pass, the packet is considered to be in
violation and is marked ―red‖ and the violation counter is incremented by one.