Cisco Cisco Packet Data Gateway (PDG)
Security Gateway Overview
▀ Product Overview
▄ SecGW Administration Guide, StarOS Release 18
16
To make the interface-to-port mapping symmetric across all the VMs, the third NIC is always used as the
management port.
VPC-VSM
Virtualized Packet Core for VSM (VPC-VSM) consists of the set virtualized mobility functions that implement mobility
specific services and applications within the core of the network. VPC-VSM is essentially StarOS running within a
Virtual Machine (VM).
specific services and applications within the core of the network. VPC-VSM is essentially StarOS running within a
Virtual Machine (VM).
VPC-VSM only interacts with supported hypervisors. It has little or no knowledge of physical devices.
Each VPC-VSM VM takes on the roles of an entire StarOS system. The only interfaces exposed outside the VM are
those for external management and service traffic. Each VM is managed independently.
those for external management and service traffic. Each VM is managed independently.
Each VPC-VSM VM performs the following StarOS functions:
Controller tasks
Out-of-band management for CLI and Logging
Local context (management)
NPU simulation via fastpath and slowpath
Non-local context (subscriber traffic)
Crypto processing (IPSec)
For a complete description of VPC-VSM functionality, refer to the VPC-VSM System Administration Guide.
Important:
Up to four instances of VPC-VSM can run on an ASR 9000 VSM. Each VSM CPU supports only
one VPC-VSM instance. VSM resources are allocated to each SecGW VM; no other application VM is supported on
any VSM CPU. vNICs must be passed to the SecGW VMs from RSP.
any VSM CPU. vNICs must be passed to the SecGW VMs from RSP.
SecGW Application
The StarOS-based Security Gateway (SecGW) application is a solution for Remote-Access (RAS) and Site-to-Site
(S2S) mobile network environments. It is implemented via StarOS as a WSG (Wireless Security Gateway) service that
leverages the IPSec features supported by StarOS.
(S2S) mobile network environments. It is implemented via StarOS as a WSG (Wireless Security Gateway) service that
leverages the IPSec features supported by StarOS.
SecGW delivers the S2S IP Encryption capabilities required in UMTS/HSPA and LTE 3GPP LTE/SAE network
architectures.
architectures.
For complete descriptions of supported IPSec features, see the IPSec Reference.
Important:
The SecGW is a licensed StarOS feature. A separate license is required for each VPC-VSM instance
and SecGW. Contact your Cisco account representative for detailed information on specific licensing requirements.
Key Features
The following are key features of the SecGW product:
Functions in a virtualized environment on one or more VSM blades in an ASR9000