PDSN 課程講議PDSN 課程講議
課程內容 :1. EV-DO overview2. PDSN/FA & HA overview3. Understanding Simple IP & Mobile IP4. Mobility5. Understanding the service operation of Starent System
SHAQ
2010/3/19
1. EV-DO overview1. EV-DO overview
1xEV-DO IOS Architecture Reference Model1xEV-DO IOS Architecture Reference Model
1. EV-DO overview1. EV-DO overview
EV-DO R0, RA, RB : Air-link is the bottle neck for wireless data transmission.EV-DO R0, RA, RB : Air-link is the bottle neck for wireless data transmission.
1. EV-DO overview1. EV-DO overview
EV-DO Rev 0
(one carrier)
1.25Mhz 2.5Mbps 153.6kbps
EV-DO R 0, R A, R BEV-DO R 0, R A, R B
1. EV-DO overview1. EV-DO overview
2. PDSN/FA & HA overview2. PDSN/FA & HA overview
PCF
2. PDSN/FA & HA overview2. PDSN/FA & HA overview
PDSN
2. PDSN/FA & HA overview2. PDSN/FA & HA overview
AAA server
2. PDSN/FA & HA overview2. PDSN/FA & HA overview
Home Agent
Standalone PDSN/FA and HA Deployments
Interface Description
R-P Interface – PCF <-> PDSN
Pi Interfaces – PDSN/FA <-> HA
PDN Interfaces – HA <-> PDN/internet
AAA Interfaces – PDSN/HA <-> AAA Server
2. PDSN/FA & HA overview2. PDSN/FA & HA overview
Co-Located Deployments
2. PDSN/FA & HA overview2. PDSN/FA & HA overview
PDSN-FA and HA functionality : Logical interfaceR-P interface :
Functionality :
- R-P connection setup
- R-P connection tear-down
- Transport of PPP packets
- Transport of cdma2000 accounting information from PCF to PDSN
- R-P mobility
Types:
- Closed R-P interface : L2TP
- Open R-P interface : GRE (A10/A11)
2. PDSN/FA & HA overview2. PDSN/FA & HA overview
PDSN-FA and HA functionality : Protocols
PPP : Point-to-Point Protocol , MN <-> PDSN
1. LCP
2. Authentication
- PAP
- CHAP
3. NCP (IPCP)
RADIUS : PDSN/FA or HA <-> AAA Server
IP in IP : FA <-> HA
IP : MN <-> PDN(Internet, VPN, CN)
2. PDSN/FA & HA overview2. PDSN/FA & HA overview
3. Understanding Simple IP and Mobile IP
-Access methods for packet data services :
- Local and public network access
- Private network access
-Access application for two access methods :
- Simple IP : Dynamically assigned IP addresses
Mobility in a defined geographical area
- Mobile IP : Static or Dynamically assigned IP addresses
Seamless mobility
- Proxy Mobile IP : PDSN supports MIP for MN which don’t support MIP.
Simple IP
How Simple IP Works
3. Understanding Simple IP and Mobile IP
Simple IP
Simple IP protocol stacks
3. Understanding Simple IP and Mobile IP
Simple IP
Simple IP Call Flow
3. Understanding Simple IP and Mobile IP
PPP :
LCP(3)
Authentication(4,5,6,7; attributes)
IPCP(8, IP assignment)
Mobile IP
- network-layer solution
- maintain ongoing communications while changing links
- Home address
- Care of Address (collocated / FA)
- IP Tunnels
3. Understanding Simple IP and Mobile IP
Key of mobility
Mobile IP
Mobile IP Tunneling Methods :
IP in IP tunnels : Outer IP header / Inner IP header GRE tunnels : any transport protocol can be encapsulated in GRE
Three Tunneling of Mobile IP :
Forward Tunneling : PDN -> MN
3. Understanding Simple IP and Mobile IP
Mobile IP
Reverse Tunneling : MN -> PDN
- Direct Delivery Style : MN -> FA directly
- Encapsulating Delivery Style : MN -> FA encapsulates
(reference MIPv4_4)
3. Understanding Simple IP and Mobile IP
Mobile IP
Triangular Routing :
- advantage : reverse tunneling is not required
- disadvantage : - HA is unaware of all user traffic for billing purposes
- FA would have to be connected to each private network
3. Understanding Simple IP and Mobile IP
Mobile IP
Mobile IP protocol stacks—data plane
3. Understanding Simple IP and Mobile IP
Mobile IP
Mobile IP protocol stacks—control plane
3. Understanding Simple IP and Mobile IP
Mobile IP
How Mobile IP Works
3. Understanding Simple IP and Mobile IP
Mobile IP
How Mobile IP Works
3. Understanding Simple IP and Mobile IP
MIP setup :
MIP Registration Request message(6, 11)
Access Request message(7,8,12)
Access Acept message(9,10,13)
MIP Registration Reply(14 (MN’s home address,16)
PPP
MIP close :
Registration Request with a request lifetime of 0.(17, 18)
Registration Reply (19, 20)
Mobile IP
Proxy Mobile IP
An Overview of Proxy Mobile IP :
- Provides mobility for subscribers with MNs that do not support the Mobile IP protocol stack.
- R-P and PPP sessions get established as they would for a Simple IP session
- Mobile Binding Record (MBR) is created on HA
How Proxy Mobile IP Works :
- Scenario 1: The AAA server specifies an IP address that the PDSN allocates to the MN from one of its locally configured static pools.
- Scenario 2: The HA assigns an IP address to the MN from one of its locally configured dynamic pools.
3. Understanding Simple IP and Mobile IP
3. Understanding Simple IP and Mobile IP
Proxy MIP (8,9,11)
IPCP (8,10,12)
Mobile Packet data service states
MS BSS PCF PDSNTCH A8 A10
MS BSS PCF PDSNTCH A8 A10
MS BSS PCF PDSNTCH A8 A10
NULL :There are not any connections between the MS and Network.
ACTIVE:In this state, Traffic channel exists between MS and PDSN, and both sides may transmit data.
Dormant:No traffic channel exists between MS and PCF. But PPP connection and traffic channel on A10 are maintained.
3. Understanding Simple IP and Mobile IP
4. Mobility
- Micro-mobility : intra-PCF mobility
- R-P mobility : intra-PDSN mobility
- Macro-mobility : inter-PDSN mobility
4. Mobility
-R-P mobility :
- R-P interface is moved from the source PCF to the target PCF
- PPP session remains on the same PDSN-FA
-Macro-mobility :
- PDSN-FA/HA
- a new PPP session must be initiated
- New PDSN-FA issues an Agent Advertisement on that session
- MM’s Home IP address(assigned when Mobile IP service was initiated) is still using => Layer 3 mobility
- The session is anchored at the HA
4. Mobility
Dormant mobility :
- “stale” PPP session
- PANID / CANID
- the PPP session will be restarted / the MIP renegotiation
5. Understanding the service operation of Starent System
5. Understanding the service operation of Starent System
Contexts :
- a logical grouping or mapping of configuration parameters that pertain to
various physical ports, logical IP interfaces, and services.
- The system supports the configuration of multiple contexts.
- Each contexts is configured and operates independently from the others.
- Contexts can also be assigned domain aliases.
- Categorization : Source/Destination/AAA context
- Source context:
- “ingress” context
- subscriber’s point-of-entry in the system
- R-P interfaces
5. Understanding the service operation of Starent System- Categorization :
- Destination context:
- “egress” context
- where a subscriber is provided services - configured with the interfaces facilitating subscriber data traffic to/from the Internet, a VPN, or other PDN
- AAA context : - provides authorization, authentication, and accounting (AAA) functionality for subscriber and/or administrative user sessions - the logical interfaces for communicating with AAA servers - records for locally configured subscribers and/or administrative users
Note : AAA context 可與 source 或 destination context configured 一起 . 一般規則為 AAA server 為 carrier 管控 , 則可與 source context configure 在一起 , 反之則可與 destination source configured 在一起 .
5. Understanding the service operation of Starent System- AAA context
- AAA Realms :
- provides AAA attributes (when access-accept message from RADIUS failed to contain certain attributes) - subscriber-specific templates < subscriber’s RADIUS user profile - A AAA realm is considered part of the AAA context(or configuration) - the AAA context itself is also considered to be a realm - There may be many different AAA realms defined within a single AAA context
Source context/
AAA configuration
nova.com
bigco.com
ingress
RADIUS AAA
access-accept message from RADIUS failed to contain certain attributes
AAA interfaceAAA
realms
5. Understanding the service operation of Starent System
Logical interface :
- assigned to IP addresses and are bound to a specific port
- associated with services through bindings
- takes on the characteristics of the functions enabled by the service
Logical interface category :
- Management interface :
- provides the system’s point of attachment to the management network
- defined in the local context
- R-P interface :
- A10/A11 -> communications path between the PCF and the PDSN
- Pi interface :
- communications path between the PDSN/FA and HA for Mobile IP applications
5. Understanding the service operation of Starent System
Logical interface category :
- PDN interface:
- The interface to the packet data network (PDN)
- AAA interface :
- the connection between the PDSN and/or HA and the network servers that perform AAA functions
- Remote Authentication Dial-In User Service(RADIUS)
- ICC interface : (inter-context communication)
- only required when multiple services are configured in the same context
Xxx context
FA HAICC ICC
5. Understanding the service operation of Starent System
Binding :
- an association between “elements” within the system
- static and dynamic
- static :
- dynamic :
- associates a subscriber to a specific egress context based on the
configuration of their profile or system parameters.
Context
Physical port Logical interface IP address Service
5. Understanding the service operation of Starent System
Services :
- Services are configured within a context and enable certain functionality.
- PDSN services :
- The PDSN service must be bound to a logical interface within the same context.
- logical interface takes on the characteristics of an R-P interface
- a single physical port can facilitate multiple R-P interfaces.
- R-P sessions are identified using the PCF address, the PDSN interface address, and the R-P Session ID.
- FA/HA services :
- configured to support Mobile IP and define FA/HA functionality on the system.
5. Understanding the service operation of Starent System
- FA/HA services combination & individual configuring :
System
PDSN service
Source context
FA/HA service
Dest. context
PDN interface
1.
2.
System
PDSN/FA service
Source context
System
HA service
Source contextPi Pi
5. Understanding the service operation of Starent SystemAAA Servers :
- store profiles / perform authentication / maintain accounting records
- Mobile IP : there can be foreign AAA (FAAA) and home AAA (HAAA) servers
- The AAA servers communicate with the system over the AAA interface.
Subscribers: Three primary types of subscribers/users
- RADIUS-based Subscribers :
- The most common type of subscriber.
- identified by IMSI/ESN/Domain name/User name
- user profile configured on and authenticated by a RADIUS AAA server
Attributes : - parameter settings(protocol settings; IP assignment method, etc.)
- privileges (Simple IP, Mobile IP, etc.)
User profile
Subscribers: Three primary types of subscribers/users
- Local Subscribers :
- testing purposes
- configured and authenticated within a specific context where they are created.
- first created subscriber profiles are set to the system’s default setting.
- configuring profile attributes are made on a subscriber-by-subscriber basis.
- Management Subscribers :
- an authorized user who can monitor, control, and configure the system
- configured as a local subscriber within the local context
- management subscribers may also be authenticated remotely via RADIUS
(if a AAA configuration exists within the local context)
5. Understanding the service operation of Starent System
5. Understanding the service operation of Starent System
Default Subscribers and Realm-based Subscriber Templates :
- Used for RADIUS-based subscribers when needed.
- Default Subscriber :
- per context basis
- the system automatically creates a subscriber named default (When each context is created)
- Realm-based Subscriber Templates : (AAA realms)
- per realm basis
- a context can have numerous domain aliases
- each realm is used for a specific group of subscribers
5. Understanding the service operation of Starent System
RADIUS• Remote Authentication Dial-In User Service
RADIUS Authentication Flow
Point-to-Point Tunneling Protocol (PPTP)
• PPTP was developed by Microsoft and the IETF.• Layer 2 tunnel supports IP, IPX, NetBEUI• Authentication is relied on PPP
– PAP, SPAP, CHAP, MS-CHAP V1, V2, and EAP
PPTP server
Internet
PPTPClient
PPP
GRE
IP, IPXNetBEUI
PPTP Packet
• Generic Routing Encapsulation (GRE)– a mechanism for encapsulating any network lay
er protocol over any other network layer protocol.
• Encryption protocol– Microsoft Point to Point Encryption (MPPE)
IP Header GRE Header IP Header GRE Header PPP IP TCP Data
GRE Payload (encrypted)
Layer 2 Tunneling Protocol (L2TP)
• Based upon the best features of PPTP and L2F. • Layer 2 tunnel supports IP, IPX, NetBEUI.
PC + LACPC + LAC
PC withL2TP Client
PPPPPP
IPIP
IPIP
L2TPL2TP
IPIP
InternetL2TP Tunnel
new IP header
L2TP message header
PPP header
original IP header
payloadpayload message payload payloadpayload
CorporateLAN
LNSLNS
L2TPNetworkServer
L2TP Packet
• Allows tunnels to support more than one connection.
• Encryption is relied on IPsec.
IPHeader
IPSecESP
Header PPPHeader
UDPHeader
L2TPHeader
IPHeader
TCPHeader DATA
Internet Protocol Security (IPSec)• Layer 3 protocol for remote access, intranet,
and extranet VPN– Internet standard for IP layer VPN– Provides flexible encryption and message
authentication/integrity– Includes key management
• Two security protocols– Authentication Header (AH)– Encapsulating Security Payload (ESP)
IPSec Operating Modes
• Transport mode
• Tunnel mode
IPSec - Authentication Header (AH)
• Authentication
• Integrity
• Anti-replay
IPSec - Encapsulating Security Payload (ESP)
• Confidentiality
• Authentication
• Integrity
• Anti-replay
Top Related