Security Level:

GGSN9811 V900R007 Product Overview

www.huawei.com

www.huawei.com

HUAWEI TECHNOLOGIES CO., LTD. Huawei Technologies

HUAWEI Confidential

Chapter 1 GGSN Perspective Chapter 2 GGSN Flow Chapter 3 GGSN Features Chapter 4 GGSN Reliability Chapter 5 GGSN Specification

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 2

GGSN Location

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 3

Interfaces on the GGSN

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 4

Protocol Stack of the Gn/Gp Interface

Protocol stack of the Gn/Gp interface in the signaling plane Protocol stack of the Gn/Gp interface in the user plane

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 5

Protocol Stack of the Gi Interface in the Case of IP Access

Protocol stack in transparent access mode

Protocol stack in the signaling plane for the non-transparent access mode

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 6

Protocol Stack of the Gi Interface in the Case of PPP Access

Gi interface protocol stack for the PPP termination mode

Gi interface protocol stack for the PPP relay mode

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 7

Protocol Stack of the Ga Interface

Ga interface protocol stack

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 8

Protocol Stack of the Gy Interface

Gy interface protocol stack

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 9

Protocol Stack of the Gmb Interface

Gmb interface protocol stack

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 10

Protocol Stack of the Gx Interface

Gx interface protocol stack

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 11

Physical Interface Types

Interface Type Maximum Number of Interfaces on an LPU 24 Function

10/100M adaptive Ethernet electrical interface

Physical interfaces to the PDN or or devices such as the

SGSN, AAA server, and CG on the external network

Physical interfaces to the PDN or or devices such as the

MME, SGSN, AAA server, and CG on the external network

1000Base-X-SFP optical interface

1000Base-X-SFP electrical interface 10G Ethernet optical interface

24
2 2

Physical interfaces to the PDN or or devices such as the SGSN, AAA server, and CG on the external network
Physical interfaces to the PDN or or devices such as the SGSN, AAA server, and CG on the external network Physical interfaces to the PDN or or devices such as the SGSN, AAA server, and CG on the external network

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 12

Chapter 1 GGSN Perspective Chapter 2 GGSN Flow Chapter 3 GGSN Features Chapter 4 GGSN Reliability Chapter 5 GGSN Specification

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 13

Flow Looking on 3G System

IP UDP GTP IP PPP TCP/UDP IP Application IP

IP
UDP

TCP/UDP L2TP PPP PPP

Application IP

Internet

OCS Server

(4) (2) (1) (2)

UE GPRS Backbone

AAA Server

(2)

(2) (2)
SGSN GGSN

AAA Server

ISP

(3)

AAA Server

(4) (1): GPRS Attach, MM context creation (2): PDP creation, GTP tunnel establishment, AAA authentication. (3): User visit PDN, web browsing (4): SGSN/GGSN report original CDR/interactive with OCS.
HUAWEI TECHNOLOGIES CO., LTD. CG

(4)

Enterprise Network

Charging Bill
User: XX Number: 133XXXX Date: 2003/X Charge: $XXX ___________________________ Bill for Traffic: XXX Bill for content: XXX ___________________________ Detailed bill: **** **** **** **** **** ***

Billing Center

HUAWEI Confidential

Page 14

Flow Looking on Signaling

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 15

Flow Looking on Boards

Uplink Data flow
GTP tunnel

LPU

SPU

LPU

Downlink Data flow:

LPU

SPU

LPU

GTP tunnel

Uplink Data flow with Gi IPSec/GRE tunnel:

GTP tunnel

LPU

SPU

LPU

IPSec/GRE tunnel

Downlink Data flow with Gi IPSec/GRE tunnel:

IPSec/GRE tunnel

LPU

SPU

LPU

GTP tunnel

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 16

Chapter 1 GGSN Perspective Chapter 2 GGSN Flow Chapter 3 GGSN Features Chapter 4 GGSN Reliability Chapter 5 GGSN Specification

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 17

GGSN Features Overview

Access
GTP IP Access GTP PPP Access PPP Regeneration

Service
Policy based

Charging
Online Charging Offline Charging RADIUS

Routing
Dynamic Routing

OAM
Event Logs Alarms Software

Forwarding
Web Proxy Captive Portal Bandwidth

BGP/RIP/OSPF/IS-IS
Static Routing Eth-trunk Diversity VPN

(LAC)
Diversity Address

Accounting

Management
Performance

Assignment
Alias APN Virtual APN QoS Mapping SPU

Management
Diffserv

Management VLAN/GRE/L2TP/IPSE C/MPLS

Access Control List Trace

Marking
Content

Management
Operator

Awareness
Firewall Anti-spoofing DDOS

Recommendation
MBMS Broadcast Direct Tunnel

(ACL)

Management

Prevention
PCC

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 18

GGSN9811 Charging Features

Online
Volume based charging Time based charging Content based billing Dual Coupon with Tariff switch QoS/SGSN/RAT switch G-CDR enable CTP Charging Failover / Failback Redirection

Offline
Volume based charging Time based charging Content based billing Tariff switch QoS/SGSN/RAT switch CTP Charging Multiple G-CDR formats G-CDR Storage CDR Audit

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 19

GGSN9811 Charging Logic Architecture

Charging Gateway OCS AAA Server

SPU
CDR Processing Radius Client

SRU

DCCA Client

PDP Context Management

CDR Storage

User Profile

Offline Charging

Online Charging

Hard Disk

User Management

Charging Processing and Control

Charging Data Collection

Charging
Data Flow Packets Forwarding and Service Control

GGSN

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 20

GTP Functions
IP over GTP - IP IP over GTP - L2TP PPP over GTP - IP PPP over GTP - L2TP

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 21

Direct Tunnel
Iu R N C RANAP GTP-U S G S N
S G S N GTP-U

Gn GTP-C GTP-U G G S N

Two Tunnel

Iu R N C RANAP

Gn GTP-C G G S N

Direct Tunnel

In the direct tunnel solution, one GTP tunnel between the RNC and the GGSN is used instead of the two user-plane tunnels between the RNC and the SGSN, and the SGSN and the GGSN. The SGSN does not process user-plane data, thus alleviating the data forwarding load on the SGSN.
HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential Page 22

User Access Mode & Address Allocation

AAA Server

Internet/ Intranet

SGSN

GGSN Fire Wall

Auth. No Auth.

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 23

Content Based Billing - Overview

Prepaid System

Mail Server

download Server

GPRS Backbone

Streaming Server

UE

SGSN

GGSN

Destination 10.127.0.2

Servi ce http

Port 80

URL www.sina.co m/music1 file1

Statistics Uplink: 1kbytes Downlink: 1Mbytes Downlink: 10Mbytes

Charging Bill
User: XX Number: 133XXXX Date: 2003/X Charge: $XXX ___________________________ Rent charge:: $XX Bill for Traffic: XXX Bill for content: XXX ___________________________ Detailed bill:

Billing Center

172.19.10.1 02

ftp

1003

**** **** **** **** **** ***

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 24

Deep Packet Inspection for CBB

Layer 7 Application Layer 6 Presentation

Service Processing Layer

Application DPI

URL
HTTP://WAP.MONTERNET.COM/* RTSP://*.VOD.COM/*.3GP WAP/HTTP/MMS/FTP/DNS RTSP/RTP/RTCP

Application Protocol & Service

Layer 5 Session

Layer 4 Transport

IP DPI

IP Address

Layer 3 Network

Port
Protocol
TCP UDP ICMP/GRE/IPSec/...

Layer 2 Data Link

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 25

CDR Audit and GCDR File Transfer

GGSN
SRU

Hard Disk

FTP Server

FTP Client for GCDR File Transfer

GCDR file Download and upload

CDR Auditing

FTP Client
LPU

FTP Server for CDR Auditing

CDR Auditing

SPU

Charging Processing

CDR Auditing Buffer

Charging Gateway

CDR Process

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 26

Service Chain
Tunnel Marking APN based Inbound ACL

APN Level

Tunnel Marking

APN based Outbound ACL

PDP based Diffserv Marking

PDP based Policing

PDP Level

Service Level
IP Service Chain

Up-Link
Down-Link
Tunnel Marking APN based Inbound ACL

APN Level

Tunnel Marking

APN based Outbound ACL

PDP based Policing

PDP Level

PDP based Diffserv Marking

Service Level
IP Service Chain

IP Service Chain Gating DiffServ Remark CAR QoS Update Web Proxy Captive Portal Redirection Policy Based Forwarding Shaping Charging Point

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 27

Firewall
Uplink & Downlink
LPU
Interface-based ACL

Interface Level

SPU

APN-based Inbound ACL

APN Level

PDP Level

Subscriber Profile

Gating

Service Level

Flow Based IP Service

Personal Firewall

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 28

Web Proxy & Captive Portal

Web Proxy
Web Client
TCP Syn 1 TCP Syn TCP Ack TCP Ack HTTP Request 1 HTTP Request HTTP Reply 2 HTTP Reply TCP Syn, Ack HTTP Request HTTP Reply 2 TCP Fin & Ack TCP RST HTTP Request 1 2

Captive Portal
GGSN Proxy Server Web Server Web Client GGSN Portal Server Web Server

TCP Syn & Ack

HTTP Redirection

Match the L3/L4 policy and change the destination IP address of service packets to IP address of Proxy Server. change the source IP address of service packets back to IP address of Web Server.
HUAWEI TECHNOLOGIES CO., LTD.

Drop the HTTP Request message and send the HTTP redirection message (status 302) to Web Client. Terminate the TCP connection
Page 29

HUAWEI Confidential

QoS Update
PDP QoS
QoS2
QoS2 Update Fail

SGSN

GGSN

QoS1 QoS0

QoS2 QoS1
QoS0 QoS0 QoS0

Create PDP context Req (Req QoS) Create PDP context Rsp (Neg QoS0) Update PDP context Req (Req QoS1) Update PDP context Rsp (Accept) Update PDP context Req (Req QoS0) Update PDP context Rsp (Accept) Update PDP context Req (Req QoS2) Update PDP context Rsp (Reject)

PDP Flow1 Flow2

Timer expire

T
QoS0
QoS1 Flow3 QoS1 QoS0

Flow4

QoS2

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 30

Virtual APN & Alias APN (1)

Corporate 1

SGSN
APN = "Corporate" username = "a@corporate1"
Real APN = "Corporate1"

GGSN
PDP Context1
Real APN = "Corporate2"

MS1 MS2 MS3

PDP Context1
APN = "Corporate" username = "a@corporate2"

PDP Context1

PDP Context2
APN = "Corporate" username = "a@corporate3"

PDP Context2 PDP Context3

PDP Context2
Real APN = "Corporate3"

Corporate 2

PDP Context 3

PDP Context3

APN Name

VPN

IP Address Pool

Corporate

Corporate 3
GRE VPN POOL1

Corporate1

Corporate2

IPSec VPN

POOL2

Corporate3

L2TP VPN

POOL3

Local Mapping => IMSI/MSISDN/RAT/Roaming/User name AAA Mapping

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 31

Virtual APN & Alias APN (2)

GGSN
Walled Garden APN1 APN2 APN3 system resource 1 APN4 system resource 2 Streaming Service

PTT

Internet/ISP

Item Mapping Scenario

Virtual APN More APN -> One APN Ex. The operator has some obsolete APN. Several APN want to use same resource in GGSN.

Alias APN One APN -> More APN Ex. If operator want to differentiate the same APN name for several network. Or It also can be used for classify for a "BIG" APN.

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 32

Flexible VPN
Mobile Tunnel Internet Tunnel

Firewall
GTP Tunnel VRF

GRE/IPSec/L2TP /MPLS/VLAN

GPRS Backbone

Corporation Network

UE

SGSN

GGSN

Internet

End-to-End Tunnel (IPSec)

PDP Type = IP/PPP

IP/PPP over GTP SGSN GGSN/LAC

GGSN regenerate PPP session when PDP type = IP

L2TP Internet
AAA server

IP/PPP

Private

LNS network

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 33

Security Functions
Anti-spoofing DDoS Prevention Multiple authentication methods Hierarchical management Gi redirection IPSec
HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential Page 34

GGSN

PCC
PCC refers to policy and charging control. The PCRF NE is introduced. It delivers PCC rules, including policies and charging information, to the GGSN. Huawei PCRF is the RM9000. The following figure shows the position of the PCRF on the network.

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 35

Chapter 1 GGSN Perspective Chapter 2 GGSN Flow Chapter 3 GGSN Features Chapter 4 GGSN Reliability Chapter 5 GGSN Specification

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 36

Carrier-class Reliability
Virtual Routing

Network level GPRS backbone GGSN

Internet/
PDN

IP/Ethernet Trunk

11

10

Equipment Level
SFU

SPU 1:1
SRU SPU SPU SPU SPU

LPU

LPU

SPU

SPU

SRU

SRU 1:1 SFU 3+1

SFU

12

10

Three Level assurance

Module Level
Overload Control

Software assurance

Recourse Monitor

Traffic Control

Self-fault Checking

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 37

Hardware Reliability
Mature USR platform

Hot plugging and hot backup

3+1 Switch plane

Dual 48 V independent-power-supply

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 38

Software Reliability
System Overload Control

CPU Overload Control of the SPU/LPU CPU Overload Control of the SRU
Resource Check Function

Periodical Check Address Resource Check Performed by the SRU and the SPU Address Resource Check with PDP Contexts in the SDB Performed by the SPU
Board lock and system shutdown Hot patch

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 39

Network Redundancy

RNC SDH

SGSN

Lanswitch

Firewall IP Dynamic routing

Internet/servic e

IP backbone GGSN

GGSN

Lanswitch

Firewall

L2 IP redundancy technology

Link redundancy and IP routing redundancy

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 40

Redundancy
SFU 3+1 redundancy SPU 1+1 redundancy Software Primary/Secondary Radius Server Multiple OCS Primary/Secondary CG Multiple DHCP Primary/Secondary FTP server Primary/Secondary L2TP tunnel

Hardware

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 41

Chapter 1 GGSN Perspective Chapter 2 GGSN Flow Chapter 3 GGSN Features Chapter 4 GGSN Reliability Chapter 5 GGSN Specification

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 42

Capacity Specification
Parameter Simultaneously active PDP contexts Packet forwarding capacity Max throughput Max APN Specification 5000000 1,000,000pps 30G bit/s (IPSec 3G bit/s) 3000

Maximum number of GRE tunnels

Maximum number of L2TP tunnels Maximum number of IPSec tunnels

4000
20000 4000

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Page 43

Thank you
www.huawei.com