Cisco Cisco ASR 5700
Mobility Management Entity Overview
Features and Functionality - Base Software ▀
MME Administration Guide, StarOS Release 18 ▄
41
3GPP TS 33.401 V8.2.1 (2008-12): 3rd Generation Partnership Project; Technical Specification Group Services
and System Aspects; 3GPP System Architecture Evolution (SAE): Security Architecture; (Release 8)
RFC 3588, Diameter Base Protocol, December 2003
The S6a protocol is used to provide AAA functionality for subscriber EPS Bearer contexts through Home Subscriber
Server (HSS).
Server (HSS).
During the initial attachment procedures the MME sends to the USIM on AT via the HSS the random challenge
(RAND) and an authentication token AUTN for network authentication from the selected authentication vector. At
receipt of this message, the USIM verifies that the authentication token can be accepted and if so, produces a response.
The AT and HSS in turn compute the Cipher Key (CK) and Integrity Key (IK) that are bound to Serving Network ID.
During the attachment procedure the MME requests a permanent user identity via the S1-MME NAS signaling interface
to eNodeB and inserts the IMSI, Serving Network ID (MCC, MNC) and Serving Network ID it receives in an
Authentication Data Request to the HSS. The HSS returns the Authentication Response with authentication vectors to
MME. The MME uses the authentication vectors to compute the cipher keys for securing the NAS signaling traffic.
(RAND) and an authentication token AUTN for network authentication from the selected authentication vector. At
receipt of this message, the USIM verifies that the authentication token can be accepted and if so, produces a response.
The AT and HSS in turn compute the Cipher Key (CK) and Integrity Key (IK) that are bound to Serving Network ID.
During the attachment procedure the MME requests a permanent user identity via the S1-MME NAS signaling interface
to eNodeB and inserts the IMSI, Serving Network ID (MCC, MNC) and Serving Network ID it receives in an
Authentication Data Request to the HSS. The HSS returns the Authentication Response with authentication vectors to
MME. The MME uses the authentication vectors to compute the cipher keys for securing the NAS signaling traffic.
At EAP success, the MME also retrieves the subscription profile from the HSS which includes QoS information and
other attributes such as default APN name and S-GW/P-GW fully qualified domain names.
other attributes such as default APN name and S-GW/P-GW fully qualified domain names.
Among the AAA parameters that can be configured are:
Authentication of the subscriber with HSS
Subscriber location update/location cancel
Update subscriber profile from the HSS
Priority to dictate the order in which the servers are used allowing for multiple servers to be configured in a
single context
Routing Algorithm to dictate the method for selecting among configured servers. The specified algorithm
dictates how the system distributes AAA messages across the configured HSS servers for new sessions. Once a
session is established and an HSS server has been selected, all subsequent AAA messages for the session will
be delivered to the same server.
session is established and an HSS server has been selected, all subsequent AAA messages for the session will
be delivered to the same server.
IMSI Manager Scaling
In Release 18.0, with support for the expanded capacities of the VPC-DI and ASR5500 platforms, the IMSIMgr has
become a bottleneck. The IMSIMgr Scaling feature increases the number of IMSI managers that can be made available
on the MME. - from 1 (ASR5000) to a maximum of 4. The number is configurable.
become a bottleneck. The IMSIMgr Scaling feature increases the number of IMSI managers that can be made available
on the MME. - from 1 (ASR5000) to a maximum of 4. The number is configurable.
The IMSIMgr is the de-multiplexing process that selects the SessMgr instance to host a new session based on a demux
algorithm logic to host a new session by handling new calls requests from the MMEMgr, the EGTPC Mgr, and the
(e)SGTPCMgr (New MME handoffs). The new call requests or signaling procedures include Attach, Inter-MME TAU,
PS Handover, and SGs, all of which go through the IMSIMgr. The IMSIMgr process also maintains the mapping of the
UE identifier (e.g., IMSI/GUTI) to the SessMgr instance.
algorithm logic to host a new session by handling new calls requests from the MMEMgr, the EGTPC Mgr, and the
(e)SGTPCMgr (New MME handoffs). The new call requests or signaling procedures include Attach, Inter-MME TAU,
PS Handover, and SGs, all of which go through the IMSIMgr. The IMSIMgr process also maintains the mapping of the
UE identifier (e.g., IMSI/GUTI) to the SessMgr instance.
Important:
IMSIMgr Scaling is only available on the ASR5500 and VPC-DI platforms.
By increasing the number of IMSIMgr instances, the new call handling capacity (primarily for for Attach and SGs
procedures) of the MME is increased as the calls are distributed across multiple instances. The call distribution logic
across IMSIMgrs utilizes a simple hash operation on IMSI/GUTI to select the IMSIMgr instance.
procedures) of the MME is increased as the calls are distributed across multiple instances. The call distribution logic
across IMSIMgrs utilizes a simple hash operation on IMSI/GUTI to select the IMSIMgr instance.
It is the MMEMgr/EGTPC Mgr/SGTPC Mgr that selects an IMSIMgr instance to be contacted for session setup. Each
subscriber session in a SessMgr will maintain the IMSIMgr instance number that ‘hosts’ the mapping for the IMSI. The
subscriber session in a SessMgr will maintain the IMSIMgr instance number that ‘hosts’ the mapping for the IMSI. The