Cisco Cisco Packet Data Gateway (PDG) Guida Alla Risoluzione Dei Problemi
Packet Data Interworking Function Overview
▀ Features and Functionality - Licensed Enhanced Feature Support
▄ Cisco ASR 5000 Series Packet Data Interworking Function Administration Guide
OL-22963-01
ACCESS_REQUEST message to complete CHAP authentication. There is an internal mechanism to inform each peer if
one method is not supported and to renegotiate to use the other supported method.
one method is not supported and to renegotiate to use the other supported method.
In general, session attributes during first-phase authentication are overwritten by those from second-phase
authentication, unless specified separately. Exceptions to this include
authentication, unless specified separately. Exceptions to this include
and
,
when the lower values are taken.
Termination
During session setup, if there are any configuration mismatches or the PDIF cannot get the required information, the
session setup process is terminated and appropriate log messages are generated.
session setup process is terminated and appropriate log messages are generated.
If
is not enabled on the PDIF, and the MS still sends a
MULTIPLE_AUTH_SUPPORTED Notify payload marked with the critical bit set, the PDIF returns
UNSUPPORTED_PAYLOAD. Otherwise, the PDIF ignores it and processes the IKE packet as if the payload was
never received. This is non-standard MS behavior.
UNSUPPORTED_PAYLOAD. Otherwise, the PDIF ignores it and processes the IKE packet as if the payload was
never received. This is non-standard MS behavior.
I
MPORTANT
:
The multiple authentication process in a proxy mobile IP network is described in Proxy-MIP in the
System Enhanced Features Guide.
Session Recovery
The session recovery feature provides reconstruction of subscriber session information in the event of a hardware or
software fault within the system, providing seamless failover andpreventing a fully connected user session from being
dropped.
software fault within the system, providing seamless failover andpreventing a fully connected user session from being
dropped.
In addition to maintaining call state information, information is retained in order to:
Recover IPSec manager policies, all template maps, and all subscriber maps.
Use the policies (including templates) to recover CHILD SA tunnels, flow IDs, andstatistics.
Recover or reconfigure NPU flow IDs and data path handles.
Recover and restore the IKEv2 stack state for all tunnels.
Supply the IKEv2 stack with needed data statistics to determine rekey and DPD states.
Recover Diameter session information.
Recovery requires a complex interaction between IPSec and session subsystems. The IPSec subsystem also interacts
with a Datapath that includes daughter cards, daughter card managers, and the NPU. The session recovery feature is
disabled by default on the system, even when the feature use key is present.
with a Datapath that includes daughter cards, daughter card managers, and the NPU. The session recovery feature is
disabled by default on the system, even when the feature use key is present.
The IPSec controller does not send an IPSec manager death notification to any subsystem. This allows the daughter card
to continue to receive and decrypt IPSec tunnel data. It also allows both the session manager and daughter card to
continue carrying subscriber traffic using NPU flows and IPSec SAs to transmit the data.
to continue to receive and decrypt IPSec tunnel data. It also allows both the session manager and daughter card to
continue carrying subscriber traffic using NPU flows and IPSec SAs to transmit the data.