Cisco Cisco Packet Data Gateway (PDG)
P-GW sends AAR whereas ePDG/SaMOG sends DER to authorize the subscriber. ePDG/P-GW/SaMOG has
the capability to select one of the available AAA servers based on priority or round robin method.
ePDG/P-GW/SaMOG sends DER/AAR to the selected AAA server. If the HSS indicates that the subscriber
is currently being served by a different AAA server, it sends the DIAMETER_REDIRECT_INDICATION
Result-Code (3006) over SWm/S6b/STa interfaces requesting ePDG/P-GW/SaMOG to redirect the AAR/DER
request to the already bound AAA server.
the capability to select one of the available AAA servers based on priority or round robin method.
ePDG/P-GW/SaMOG sends DER/AAR to the selected AAA server. If the HSS indicates that the subscriber
is currently being served by a different AAA server, it sends the DIAMETER_REDIRECT_INDICATION
Result-Code (3006) over SWm/S6b/STa interfaces requesting ePDG/P-GW/SaMOG to redirect the AAR/DER
request to the already bound AAA server.
If the redirection of DER/AAR fails for some reason (Diameter TCP connection being down or Diameter
Response-Timeout), the ePDG/P-GW/SaMOG redirects this message to any other available AAA server with
the AAA-Failure-Indication AVP set to 1. AAA server forwards the AAA-Failure-Indication AVP to HSS,
which will reset the initial binding of the PDN with the failed AAA and bind the PDN with the AAA server
that forwarded the AAA-Failure-Indication AVP.
Response-Timeout), the ePDG/P-GW/SaMOG redirects this message to any other available AAA server with
the AAA-Failure-Indication AVP set to 1. AAA server forwards the AAA-Failure-Indication AVP to HSS,
which will reset the initial binding of the PDN with the failed AAA and bind the PDN with the AAA server
that forwarded the AAA-Failure-Indication AVP.
On successful authentication at ePDG/P-GW/SaMOG, the ePDG/P-GW/SaMOG disconnects any other
previously connected PDN for the same subscriber. This is done so that the PDNs are reestablished and are
bound to the new AAA server.
previously connected PDN for the same subscriber. This is done so that the PDNs are reestablished and are
bound to the new AAA server.
In order to support a geo-redundant architecture for VoWiFi service, ePDG/P-GW/SaMOG supports the
AAA-Failure-Indication AVP as described in 3GPP TS 29.273 specification. This AVP value is set to 1 to
indicate that a previously assigned AAA Server is unavailable.
AAA-Failure-Indication AVP as described in 3GPP TS 29.273 specification. This AVP value is set to 1 to
indicate that a previously assigned AAA Server is unavailable.
In support of this feature, a new bulk statistics field is added to the output of show diameter aaa-statistics
command to track the number of times the AAA-Failure-Indication AVP is sent over these authentication
interfaces.
command to track the number of times the AAA-Failure-Indication AVP is sent over these authentication
interfaces.
Limitations and Dependencies
This section identifies the known limitations and dependencies for this feature.
• It is assumed that the Redirect-Host AVP contains a valid known host. If the host is invalid,
ePDG/P-GW/SaMOG will terminate the connecting PDN.
• When the AAA server sends redirection indication, it is expected that the Result-Code is 3006
(DIAMETER_REDIRECT_INDICATION) and it should also send the Redirect-Host-Usage AVP with
its value as 1 (ALL_SESSION) and set the Redirect-Max-Cache-Time AVP to the validity time for the
Redirect-Route to exist. By default, the Redirect-Host-Usage is DON'T-CACHE (0) and in this scenario,
only the redirected message will be forwarded to Redirect-Host. Any further messages belonging to the
same Diameter session will undergo a fresh route-lookup and might contact a different AAA server.
its value as 1 (ALL_SESSION) and set the Redirect-Max-Cache-Time AVP to the validity time for the
Redirect-Route to exist. By default, the Redirect-Host-Usage is DON'T-CACHE (0) and in this scenario,
only the redirected message will be forwarded to Redirect-Host. Any further messages belonging to the
same Diameter session will undergo a fresh route-lookup and might contact a different AAA server.
• AAA-Failure-Indication AVP is included only in these Diameter dictionaries:
◦aaa-custom21 for S6b
◦aaa-custom22 for SWm
◦aaa-custom23 for STa
Performance Indicator Changes
Diameter Authentication Schema
The following new bulk statistic variable is added to this schema to track the number of times
AAA-Failure-Indication AVP is sent to AAA server over Diameter Authentication interfaces.
AAA-Failure-Indication AVP is sent to AAA server over Diameter Authentication interfaces.
Release Change Reference, StarOS Release 19
20
AAA Changes in Release 19
Support for AAA Failure Indication