Cisco Cisco Packet Data Gateway (PDG) Nota Di Rilascio
SGSN Changes in Release 15.0
SGSN Enhancements for March 31, 2014 ▀
Cisco ASR 5x00 Release Change Reference ▄
487
Command Changes
ranap bidirectional-always ext-mbr-ie
This command enables or disables sending of extended bitrates bi-directionally. When this command is enabled, the
specified extended bitrates (MBR or GBR) are included bi-directionally (uplink and downlink directions) in the RAB
Assignment Request even if the negotiated birate indicates that extended birates should be included in one direction.
specified extended bitrates (MBR or GBR) are included bi-directionally (uplink and downlink directions) in the RAB
Assignment Request even if the negotiated birate indicates that extended birates should be included in one direction.
configure
context context_name
iups-service service_name
rnc id rnc_id
ranap bidirectional-always ext-mbr-ie [ext-gbr-ie]
no ranap bidirectional-always
end
Notes:
When this command is configured, if the maximum bitrate for either uplink or downlink directions indicates that
extended bitrates should be included (that is, the maximum bitrate negotiated value exceeds “16”Mbps in either
uplink or downlink direction), then the maximum bitrate extended IE is included in both uplink and downlink
directions. If in one direction (uplink or downlink) the negotiated value does not exceed “16” Mbps then
extended maximum bitrate is sent as “16000001”.
uplink or downlink direction), then the maximum bitrate extended IE is included in both uplink and downlink
directions. If in one direction (uplink or downlink) the negotiated value does not exceed “16” Mbps then
extended maximum bitrate is sent as “16000001”.
The keyword
ext-gbr-ie
is included to enable sending of Extended Guaranteed Bitrates IE.
The
no
form of the command disables sending of both extended MBR and GBR bi-directionally.
CSCum56967 - Security Issue - Encryption on MME/SGSN level
Feature Changes
Failure Action for Random IOV-UI Negotiation Failure
Previous Behavior: The SGSN falls back to unencrypted mode whenever the XID negotiation for Random IOV-UI
beween the MS and the SGSN fails. This is irrespective of any ciphering algorithm configured.
beween the MS and the SGSN fails. This is irrespective of any ciphering algorithm configured.
In order to preserve the connection, the SGSN falls back to default encryption parameters whenever it fails to decipher
an encrypted frame that is sent by the MS.
an encrypted frame that is sent by the MS.
As a result of the above behavior, the MS users could be exposed to passive interception attacks, channel hijacking, or
denial of service attacks.
denial of service attacks.
New Behavior: In accordance with the 3GPP specification, once the encryption has been started, neither the MS nor
the network shall go to an unciphered session. Thus, the SGSN’s default behavior to fallback to default IOV-UI is now
changed to always reject the call.
the network shall go to an unciphered session. Thus, the SGSN’s default behavior to fallback to default IOV-UI is now
changed to always reject the call.
In some situations of XID negotiation failure, the SGSN will respond as outlined in either CSCun09183 or
CSCun13033.
CSCun13033.