Product Description (V900R007C02 01)

HUAWEI GGSN9811 Gateway GPRS Support Node
V900R007C02
Product Description
Issue
01
Date
2009-05-26
Huawei Proprietary and Confidential

Copyright Huawei Technologies Co., Ltd.
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For any
assistance, please contact our local office or company headquarters.
Huawei Technologies Co., Ltd.

Address:
Huawei Industrial Base

Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website:
http://www.huawei.com
Email:
support@huawei.com
Copyright Huawei Technologies Co., Ltd. 2009. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions

and other Huawei trademarks are the property of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but the statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.


Product Description
Contents
Contents
About This Document.....................................................................................................................1
1 Overview......................................................................................................................................1-1
1.1 Basic Functions...............................................................................................................................................1-2
1.2 Network Structure...........................................................................................................................................1-2
1.3 Network Interfaces..........................................................................................................................................1-5
1.3.1 Gn/Gp Interface......................................................................................................................................1-6
1.3.2 Gi Interface.............................................................................................................................................1-7
1.3.3 Ga Interface..........................................................................................................................................1-10
1.3.4 Gy Interface..........................................................................................................................................1-10
1.3.5 Gmb Interface.......................................................................................................................................1-11
1.3.6 Gx Interface..........................................................................................................................................1-11
1.4 Supported Protocols......................................................................................................................................1-12
1.5 Physical Interfaces.........................................................................................................................................1-16
1.5.1 Interface Types.....................................................................................................................................1-17
1.5.2 Interface Specifications........................................................................................................................1-17
2 Product Features.........................................................................................................................2-1
2.1 Carrier-Class Platform.....................................................................................................................................2-2
2.2 High Reliability...............................................................................................................................................2-2
2.3 Security............................................................................................................................................................2-3
2.4 Large Capacity................................................................................................................................................2-3
2.5 Customized Operation and Maintenance System............................................................................................2-3
3 System Structure.........................................................................................................................3-1
3.1 Physical Structure............................................................................................................................................3-2
3.1.1 Cabinet...................................................................................................................................................3-2
3.1.2 Subrack...................................................................................................................................................3-5
3.1.3 Boards.....................................................................................................................................................3-7
3.2 Software Structure...........................................................................................................................................3-9
4 Services and Functions..............................................................................................................4-1

4.1 Routing............................................................................................................................................................4-3
4.2 APN.................................................................................................................................................................4-3
4.3 Accessing the PDN..........................................................................................................................................4-3
4.4 GTP.................................................................................................................................................................4-5
Issue 01 (2009-05-26)

Contents

Product Description
4.4.1 GTP Tunnel............................................................................................................................................4-6
4.4.2 GTP Signaling Function.........................................................................................................................4-6
4.4.3 IP over GTP and PPP over GTP.............................................................................................................4-6
4.5 Direct Tunnel...................................................................................................................................................4-7

4.6 VPN.................................................................................................................................................................4-8
4.7 Security............................................................................................................................................................4-9
4.7.1 Protocol Security Authentication...........................................................................................................4-9
4.7.2 IPSec.....................................................................................................................................................4-10
4.7.3 Packet Filtering and ACL.....................................................................................................................4-10
4.7.4 Gi Interface Redirection.......................................................................................................................4-11
4.7.5 Anti-DDoS Protection..........................................................................................................................4-11
4.7.6 Anti-spoofing.......................................................................................................................................4-11
4.7.7 SSL.......................................................................................................................................................4-12
4.8 QoS................................................................................................................................................................4-13
4.9 Charging........................................................................................................................................................4-14
4.9.1 RADIUS Accounting...........................................................................................................................4-14
4.9.2 Offline Charging..................................................................................................................................4-15
4.9.3 Online Charging...................................................................................................................................4-17
4.9.4 Content-based Charging.......................................................................................................................4-17
4.9.5 Event-based Charging..........................................................................................................................4-18
4.9.6 Envelope Reporting..............................................................................................................................4-19
4.10 DPI..............................................................................................................................................................4-20
4.11 Service Redirection.....................................................................................................................................4-21
4.12 Service Report.............................................................................................................................................4-21
4.13 PCC.............................................................................................................................................................4-21
4.14 MBMS.........................................................................................................................................................4-22
4.15 IPv6.............................................................................................................................................................4-22
4.16 Other Services and Functions......................................................................................................................4-23
5 Reliability....................................................................................................................................5-1
5.1 Hardware Reliability.......................................................................................................................................5-2
5.2 Software Reliability.........................................................................................................................................5-2
5.3 Networking Reliability....................................................................................................................................5-3
5.4 Operation and Maintenance Reliability...........................................................................................................5-3
6 Operation and Maintenance.................................................................................................... 6-1

6.1 OM System......................................................................................................................................................6-2
6.1.1 BAM.......................................................................................................................................................6-3
6.1.2 LMT.......................................................................................................................................................6-3
6.1.3 M2000....................................................................................................................................................6-3
6.2 OM Function...................................................................................................................................................6-3
6.2.1 Configuration Management....................................................................................................................6-4
6.2.2 Message Tracing....................................................................................................................................6-4
6.2.3 Performance Management......................................................................................................................6-4
ii

Issue 01 (2009-05-26)

Product Description
Contents
6.2.4 Alarm Management................................................................................................................................6-5

6.2.5 Log Management....................................................................................................................................6-5
7 Technical Specifications...........................................................................................................7-1
7.1 Performance Specifications.............................................................................................................................7-2
7.2 Entire-system Specifications...........................................................................................................................7-2
7.3 Reliability Specifications................................................................................................................................7-3
7.4 Safety Specifications.......................................................................................................................................7-3
7.5 EMC Specifications.........................................................................................................................................7-3
7.6 Environment Specifications............................................................................................................................7-4
7.6.1 Storage Environment..............................................................................................................................7-4
7.6.2 Transportation Environment..................................................................................................................7-5
7.6.3 Running Environment............................................................................................................................7-6
8 Installation...................................................................................................................................8-1
8.1 System Installation..........................................................................................................................................8-2
8.2 System Expansion and Upgrade......................................................................................................................8-2
Index.................................................................................................................................................i-1
Issue 01 (2009-05-26)

iii

Product Description
Figures
Figures
Figure 1-1 GPRS/UMTS network structure.........................................................................................................1-2
Figure 1-2 Interfaces of the GGSN9811..............................................................................................................1-5
Figure 1-3 Signaling plane protocol stack of the Gn/Gp interface.......................................................................1-6
Figure 1-4 User plane protocol stack of the Gn/Gp interface..............................................................................1-7
Figure 1-5 Protocol stack of the Gi interface.......................................................................................................1-7
Figure 1-6 Protocol stack of the Gi interface in transparent access mode...........................................................1-8
Figure 1-7 Protocol stack of the Gi interface in non-transparent access mode....................................................1-8
Figure 1-8 Protocol stack of the Gi interface.......................................................................................................1-9
Figure 1-9 Protocol stack of the Gi interface in PPP termination mode..............................................................1-9
Figure 1-10 Protocol stack of the Gi interface in PPP relay mode.....................................................................1-10
Figure 1-11 Protocol stack of the Ga interface...................................................................................................1-10
Figure 1-12 Protocol stack of the Gy interface..................................................................................................1-11
Figure 1-13 Protocol stack of the Gmb interface...............................................................................................1-11
Figure 1-14 Protocol stack of the Gx interface..................................................................................................1-12
Figure 3-1 N68E-22 cabinet.................................................................................................................................3-3
Figure 3-2 Hardware layout of the GGSN9811...................................................................................................3-4
Figure 3-3 GGSN9811 subrack............................................................................................................................3-5
Figure 3-4 Components in the GGSN9811 subrack.............................................................................................3-6
Figure 3-5 Layout of boards in the GGSN9811 subrack......................................................................................3-8
Figure 3-6 Logical structure of the GGSN9811.................................................................................................3-10
Figure 4-1 Example of transparent access to an external IP network..................................................................4-4
Figure 4-2 Example of non-transparent access to an ISP or an intranet..............................................................4-5
Figure 4-3 Example of IP over GTP and PPP over GTP.....................................................................................4-6
Figure 4-4 Example of PPP regeneration.............................................................................................................4-7
Figure 6-1 Structure of the GGSN9811 OM system............................................................................................6-2
Issue 01 (2009-05-26)


Product Description
Tables
Tables
Table 1-1 Protocols supported by the GGSN9811.............................................................................................1-13
Table 1-2 Quantities and functions of the physical interfaces on the GGSN9811.............................................1-17
Table 1-3 Specifications for 10/100M auto-sensing Ethernet electrical interfaces............................................1-17
Table 1-4 Specifications for 1000M Ethernet SFP optical interfaces (1000Base-X-SFP).................................1-18
Table 1-5 Specifications for 1000M Ethernet SFP electrical interfaces (1000Base-X-SFP).............................1-19
Table 1-6 Specifications for the 10G Ethernet optical interfaces (10GBase LAN/WAN-XFP)........................1-19
Table 3-1 Main components in the GGSN9811 subrack......................................................................................3-6
Table 3-2 Specifications of the four types LPUs..................................................................................................3-9
Table 7-1 GGSN9811 performance specifications...............................................................................................7-2
Table 7-2 Specifications of the entire GGSN9811...............................................................................................7-2
Table 7-3 GGSN9811 reliability specifications...................................................................................................7-3
Table 7-4 Climatic requirements for equipment storage......................................................................................7-4
Table 7-5 Climatic requirements for equipment transportation...........................................................................7-5
Table 7-6 Requirements for mechanical stress in the transportation environment..............................................7-5
Table 7-7 Requirements for temperature and humidity in the running environment...........................................7-6
Table 7-8 Requirements for other climatic factors in the running environment..................................................7-6
Table 7-9 Requirements for mechanical stress in the running environment........................................................7-7
Issue 01 (2009-05-26)

vii

Product Description
About This Document
About This Document

Purpose
This document mainly describes the features, system architecture, services and functions,
operation and maintenance, reliability, technical specifications, and installation procedure of the
GGSN9811.
Related Versions
The following table lists the product version related to this document.
Product Name
Version
GGSN9811
V900R007C02
Intended Audience
This document is intended for:
l
Network planning engineer
Installation commissioning engineer
Data configuration engineer
Network monitoring engineer
Field maintenance engineer
Update History
Updates between document versions are cumulative. Therefore, the latest document version
contains all the updates made to previous versions.
Updates in Issue 01 (2009-05-26)
Initial field trial release
Organization
1 Overview
This provides an overview of the GGSN9811 The GGSN9811 serves as a gateway in the general
packet radio service/universal mobile telecommunications system (GPRS/UMTS) packet core
network and forwards packets between the mobile network and the packet data network (PDN).
Issue 01 (2009-05-26)


Product Description
About This Document
2 Product Features
This describes the features of the GGSN9811: carrier-class platform, high reliability, security,
large capacity, and customized operation and maintenance (OM) system.
3 System Structure
This describes the physical and logical structures of the GGSN9811.
4 Services and Functions
This describes the abundant services and functions provided by the GGSN9811. These services
and functions can meet various requirements for networking and services.
5 Reliability
This describes the advanced reliability design of the GGSN9811. The advanced reliability design
effectively ensures the normal operation.
6 Operation and Maintenance
This describes the easy operation and maintenance (OM) measures provided by the
GGSN9811. The OM measures include the local maintenance terminal (LMT) that integrates
graphical user interface (GUI) and command line interface (CLI), accessing Huawei M2000 and
operation and maintenance center (OMC), and comprehensive online help.
7 Technical Specifications
This lists the technical specifications of the GGSN9811. The technical specifications consist of
performance specifications, entire-system specifications, reliability specifications, safety
standards, electromagnetic compatibility (EMC) specifications, and environment requirements.
8 Installation
This describes the installation, upgrade, and expansion processes.
Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
Indicates a hazard with a high level of risk, which if not
avoided,will result in death or serious injury.
Indicates a hazard with a medium or low level of risk, which
if not avoided, could result in minor or moderate injury.
Indicates a potentially hazardous situation, which if not
avoided,could result in equipment damage, data loss,
performance degradation, or unexpected results.
Indicates a tip that may help you solve a problem or save
time.

Issue 01 (2009-05-26)

Product Description
Symbol
About This Document
Description
Provides additional information to emphasize or supplement
important points of the main text.
General Conventions
The general conventions that may be found in this document are defined as follows.
Convention
Description
Times New Roman
Normal paragraphs are in Times New Roman.
Boldface
Names of files, directories, folders, and users are in

boldface. For example, log in as user root.
Italic
Book titles are in italics.
Courier New
Examples of information displayed on the screen are in

Courier New.
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention
Description
Boldface
The keywords of a command line are in boldface.
Italic
Command arguments are in italics.
[]
Items (keywords or arguments) in brackets [ ] are optional.
{ x | y | ... }
Optional items are grouped in braces and separated by

vertical bars. One item is selected.
[ x | y | ... ]
Optional items are grouped in brackets and separated by

vertical bars. One item is selected or no item is selected.
{ x | y | ... }*
Optional items are grouped in braces and separated by

vertical bars. A minimum of one item or a maximum of all
items can be selected.
[ x | y | ... ]*
Optional items are grouped in brackets and separated by

vertical bars. Several items or no item can be selected.
GUI Conventions
The GUI conventions that may be found in this document are defined as follows.
Issue 01 (2009-05-26)


Product Description
About This Document
Convention
Description
Boldface
Buttons, menus, parameters, tabs, window, and dialog titles

are in boldface. For example, click OK.
>
Multi-level menus are in boldface and separated by the ">"

signs. For example, choose File > Create > Folder .
Keyboard Operations
The keyboard operations that may be found in this document are defined as follows.
Format
Description
Key
Press the key. For example, press Enter and press Tab.
Key 1+Key 2
Press the keys concurrently. For example, pressing Ctrl+Alt

+A means the three keys should be pressed concurrently.
Key 1, Key 2
Press the keys in turn. For example, pressing Alt, A means

the two keys should be pressed in turn.
Mouse Operations
The mouse operations that may be found in this document are defined as follows.
Action
Description
Click
Select and release the primary mouse button without moving

the pointer.
Double-click
Press the primary mouse button twice continuously and

quickly without moving the pointer.
Drag
Press and hold the primary mouse button and move the
pointer to a certain position.

Issue 01 (2009-05-26)

Product Description
1 Overview
Overview
About This Chapter

This provides an overview of the GGSN9811 The GGSN9811 serves as a gateway in the general
packet radio service/universal mobile telecommunications system (GPRS/UMTS) packet core
network and forwards packets between the mobile network and the packet data network (PDN).
1.1 Basic Functions
This describes the basic functions of the GGSN9811.
1.2 Network Structure
This describes the structure of the entire network.
1.3 Network Interfaces
This describes the network interfaces of the GGSN9811. The GGSN9811 provides multiple
interfaces that comply with standard protocols.
1.4 Supported Protocols
This describes the supported protocols of the GGSN9811. The GGSN9811 provides open and
standard protocol interfaces. These interfaces support multiple protocols and can connect the
GGSN9811 to multiple types of devices. Thus, the GGSN9811 possesses strong and flexible
networking capability.
1.5 Physical Interfaces
This describes the physical interfaces of the GGSN9811. The GGSN9811 provides multiple
types of physical interfaces.
Issue 01 (2009-05-26)

1-1

Product Description
1 Overview
1.1 Basic Functions

This describes the basic functions of the GGSN9811.
The GGSN9811 is a gateway GPRS support node independently developed by Huawei. It can
be used in either the 2.5G GPRS or the 3G UMTS systems. The GGSN9811 is a gateway for a
mobile station (MS) to access the external packet data network (PDN). It is located at the junction
between the GPRS/UMTS packet core network and the external PDN.
1.2 Network Structure

This describes the structure of the entire network.
The wireless technology has developed from the 2G global system for mobile communications
(GSM) and the 2.5G general packet radio service (GPRS) to the 3G universal mobile
telecommunications system (UMTS). At present, mobile communication is available widely,
transmits wireless data quickly, and provides access to the Internet. Mobile communication can
provide multimedia services, such as voice, data, and video. It enables you to communicate with
other people wherever you are and whenever you want.
Figure 1-1 GPRS/UMTS network structure
MS: mobile station
1-2
RAN: radio access network

Issue 01 (2009-05-26)

Product Description
1 Overview
CN-CS: core network-circuit switched
CN-PS: core network-packet switched
BSS: base station subsystem
UTRAN: UMTS terrestrial radio access network
BTS: base transceiver station
BSC: base station controller
NodeB: UMTS base station
RNC: radio network controller
SGSN: serving GPRS support node
GGSN: gateway GPRS support node
CG: charging gateway
BG: border gateway
DNS: domain name server
AAA: authentication, authorization and accounting
BM-SC: broadcast/multicast service center
OCS/CCF: online charging system/credit control function
PCRF: policy and charging rule function
As shown in Figure 1-1, the GPRS/UMTS network contains the following network elements
(NEs):
l
MS: An MS is a user's mobile device. It can launch and receive calls through an air interface.
To perform a data service, the MS sets up a logical link with the CN-PS domain.
RAN: The RAN provides the functions related to wireless access.
CN-CS domain: The CS domain provides circuit type services. It also connects an MS to
an external CS network such as the public switched telephone network (PSTN).
CN-PS domain: The PS domain provides packet data services. It also connects an MS to
an external packet data network (PDN) such as the Internet.
NOTE
The CN has evolved smoothly from the GPRS to the UMTS. The evolution of the RAN, however, is revolutionary
because of the fundamental change of air interfaces.
Huawei GPRS/UMTS CN-PS domain, consisting of the SGSN, GGSN, CG, and AAA server,
enables an MS to access an external PDN for packet data services and supplies charging services.
The functions of the main NEs in Huawei GPRS/UMTS CN-PS domain are as follows:
SGSN
The SGSN is used to provide packet data services. It forwards incoming and outgoing IP packets
of the MSs in the service area. The SGSN performs the following functions:
l
IP packet routing and forwarding for all mobile users within the service area
Encryption and authentication
Session management
Mobility management
Logical link management
Generation and output of charging data records (CDRs), reflecting the usage of wireless
resources
Issue 01 (2009-05-26)

1-3

Product Description
1 Overview
GGSN
The GGSN is used to provide packet data services. The GGSN routes and encapsulates the data
packets between the GPRS/UMTS network and an external PDN. The GGSN performs the
following functions:
l
Acting as an interface to an external PDN: The GGSN acts as a gateway for MSs to access
an external PDN. The GGSN exchanges routing information for an external PDN. The
GGSN serves as a router for all IP addresses of users in the GPRS/UMTS network.
GPRS/UMTS session management: The GGSN sets up communication between MSs and
external PDNs.
Data receiving and processing: The GGSN receives data from MSs and routes the data to
an external PDN. The GGSN also receives data from the external PDN, and selects a path
in the GPRS/UMTS network to forward the data according to the destination address. Then,
the GGSN sends the data to the SGSN.
Abundant charging functions: The GGSN provides the functions of normal charging, hot
billing, content-based charging, and online charging.
CG
As a device in the GPRS/UMTS network, the charging gateway (CG) collects, merges, and preprocesses the CDRs generated by the SGSN or the GGSN. The CG also provides an interface
to the billing center. When a GPRS/UMTS user accesses the Internet, several NEs generate
CDRs. Each NE may generate several CDRs. The CG merges and pre-processes the CDRs, and
then sends them to the billing center. Thus, the work load of the billing center is reduced. If the
CG is applied in the network, the SGSN and the GGSN are not required to provide interfaces to
the billing center.
AAA Server
The AAA server is used for authentication, authorization, and accounting. It complies with the
Remote Authentication Dial In User Service (RADIUS) protocol. The AAA server can also be
deployed in other networks besides the GPRS/UMTS network.
DNS
There are two types of DNS in the GPRS/UMTS network. One type is the DNS located between
the GGSN and an external PDN. It is used to resolve the domain name of the external PDN,
equivalent to a common DNS on the Internet. The other type is the DNS located on the GPRS/
UMTS core network. It is used to:
l
Perform domain name resolution to obtain the IP address of the GGSN based on the access
point name (APN) sent by the SGSN, thus establishing a communication channel between
the GGSN and an MS when the MS attempts to access the external PDN.
Obtain the IP address of the SGSN from the original routing area code when the routing
area between SGSNs is updated.
Obtain the IP address of the destination SGSN based on the new RNC ID during RNC
relocation.
The DNS can also be deployed in other networks besides the GPRS/UMTS network.
1-4

Issue 01 (2009-05-26)

Product Description
1 Overview
OCS
The OCS provides the CCF function. By enhancing the present OCS, credit control can vary
according to service type. The GGSN9811 can determine whether a user is an online charging
user. The OCS can perform rating, allocate quotas, and finally deduct the fees for online charging
users.
BM-SC
The BM-SC distributes the multimedia broadcast/multicast service (MBMS). Serving as the
transmission ingress of the MBMS services of content providers, the BM-SC can authenticate
the users within a public land mobile network (PLMN), initiate the bearer service, and schedule
and deliver the MBMS service.
PCRF
The PCRF is used for making policies and charging rules. It performs the following functions:
l
Receiving service information from the application function (AF)
Obtaining subscription information from the subscription profile repository (SPR)
Determining the policy and charging rule applied to a user
Providing the policy and charging enforcement function (PCEF) with the policy and
charging rule information
1.3 Network Interfaces

This describes the network interfaces of the GGSN9811. The GGSN9811 provides multiple
interfaces that comply with standard protocols.
Figure 1-2 shows the network interfaces of the GGSN9811.
l
Gn/Gp interface between the SGSN and the GGSN
Gi interface between the GGSN and the PDN
Ga interface between the GGSN and the CGF
Gy interface between the GGSN and the OCS/CCF
Gmb interface between the GGSN and the BM-SC
Gx interface between the GGSN and the PCRF
Figure 1-2 Interfaces of the GGSN9811
Issue 01 (2009-05-26)

1-5

Product Description
1 Overview
1.3.1 Gn/Gp Interface

This describes the functions and the protocol stacks of the Gn/Gp interface.
1.3.2 Gi Interface
This describes the functions and the protocol stack of the Gi interface.
1.3.3 Ga Interface
This describes the functions and the protocol stack of the Ga interface.
1.3.4 Gy Interface
This describes the functions and the protocol stack of the Gy interface.
1.3.5 Gmb Interface
This describes the functions and the protocol stack of the Gmb interface.
1.3.6 Gx Interface
This describes the functions and the protocol stack of the Gx interface.
1.3.1 Gn/Gp Interface

This describes the functions and the protocol stacks of the Gn/Gp interface.
In two-tunnel mode, the Gn/Gp interface is the signaling plane interface and user plane interface
between the serving GPRS support node (SGSN) and the GGSN. In direct-tunnel mode, the Gn/
Gp interface is the signaling plane interface between the SGSN and the GGSN, and the user
plane interface between the radio network controller (RNC) and the GGSN.
The Gn interface is between the GPRS support nodes (GSNs) within the same public land mobile
network (PLMN). The Gp interface is between the GSNs in different PLMNs. The Gn interface
and Gp interface have the same protocol hierarchy. See Figure 1-3 and Figure 1-4.
Figure 1-3 Signaling plane protocol stack of the Gn/Gp interface
1-6

Issue 01 (2009-05-26)

Product Description
1 Overview
Figure 1-4 User plane protocol stack of the Gn/Gp interface
The GPRS Tunneling Protocol (GTP) contains the GTP control plane (GTP-C) and the GTP
user plane (GTP-U).
l
In the GTP-C plane, tunnels are created, modified, and deleted through signaling.
In the GTP-U plane, the tunneling mechanism is used to transfer user packets.
In the GTP user plane, the GGSN9811 supports GTPv0 and GTPv1 and allows the switchover
between GTPv0 and GTPv1. In the GTP signaling plane, the GGSN9811 supports only GTPv0.
1.3.2 Gi Interface
This describes the functions and the protocol stack of the Gi interface.
Gi is the interface between the GGSN and the packet data network (PDN). The GGSN9811
supports two access modes for Internet Protocol (IP) users and Point-to-Point Protocol (PPP)
users.
IP Access
Figure 1-5 shows the protocol stack of the Gi interface for IP users.
Figure 1-5 Protocol stack of the Gi interface
Issue 01 (2009-05-26)

1-7
1 Overview

Product Description
For IP users, the GGSN9811 provides two modes for mobile stations (MSs) to access the external
PDN, namely, transparent access mode and non-transparent access mode. Figure 1-6 and Figure
1-7 show the protocol stacks for the transparent access mode and the non-transparent access
mode, respectively.
Figure 1-6 Protocol stack of the Gi interface in transparent access mode
Figure 1-7 Protocol stack of the Gi interface in non-transparent access mode
PPP Access
Figure 1-8 shows the protocol stack of the Gi interface for PPP users.
1-8

Issue 01 (2009-05-26)

Product Description
1 Overview
Figure 1-8 Protocol stack of the Gi interface
For PPP users, the GGSN9811 provides two modes for MSs to access the external PDN, namely,
PPP termination mode and PPP relay mode. Figure 1-9 and Figure 1-10 show the protocol
stacks for the PPP termination mode and the PPP relay mode, respectively.
Figure 1-9 Protocol stack of the Gi interface in PPP termination mode
Issue 01 (2009-05-26)

1-9

Product Description
1 Overview
Figure 1-10 Protocol stack of the Gi interface in PPP relay mode
1.3.3 Ga Interface
This describes the functions and the protocol stack of the Ga interface.
Ga is the interface between the GPRS support node (GSN) and the charging gateway
functionality (CGF). It runs the GTP' protocol to send charging data records (CDRs) that are
generated by a network element or functional entity to the CGF.
Figure 1-11 shows the protocol stack of the Ga interface.
Figure 1-11 Protocol stack of the Ga interface
1.3.4 Gy Interface
This describes the functions and the protocol stack of the Gy interface.
Gy is the interface between the GGSN and the online charging system/credit control function
(OCS/CCF). It communicates based on the Diameter protocol and is used for online charging
control. The GGSN interacts with the OCS through the Gy interface to realize credit control for
content-based charging users and non-content-based charging users.
Figure 1-12 shows the protocol stack of the Gy interface.
1-10

Issue 01 (2009-05-26)

Product Description
1 Overview
Figure 1-12 Protocol stack of the Gy interface
1.3.5 Gmb Interface

This describes the functions and the protocol stack of the Gmb interface.
Gmb is the interface between the GGSN and the broadcast/multicast service center (BM-SC).
It communicates based on the Diameter protocol and is used to provide the control plane function
of the multimedia broadcast/multicast service (MBMS). Through the Gmb interface, the GGSN
exchanges the following signaling with the BM-SC:
l
MBMS bearer context setup and release signaling
MBMS session start and stop signaling sent by the BM-SC to the GGSN
Figure 1-13 shows the protocol stack of the Gmb interface.

Figure 1-13 Protocol stack of the Gmb interface
1.3.6 Gx Interface
This describes the functions and the protocol stack of the Gx interface.
Gx is the interface between the GGSN and the policy charging rules function (PCRF). It
communicates based on the Diameter protocol. As the policy and charging enforcement function
(PCEF), the GGSN interacts with the PCRF through the Gx interface to realize policy and
charging control (PCC) function.
Issue 01 (2009-05-26)

1-11

Product Description
1 Overview
Figure 1-14 shows the protocol stack of the Gx interface.

Figure 1-14 Protocol stack of the Gx interface
1.4 Supported Protocols

This describes the supported protocols of the GGSN9811. The GGSN9811 provides open and
standard protocol interfaces. These interfaces support multiple protocols and can connect the
GGSN9811 to multiple types of devices. Thus, the GGSN9811 possesses strong and flexible
networking capability.
Table 1-1 lists the protocols supported by the GGSN9811.
1-12

Issue 01 (2009-05-26)

Product Description
1 Overview
Table 1-1 Protocols supported by the GGSN9811

Protocol
Function
GTP/GTP'
The GPRS
Tunneling Protocol
(GTP) is used to set
up, maintain, or
delete GTP tunnels
between the GGSN
and the SGSN. The
GGSN9811 can
interact with the
external packet data
network (PDN)
through GTP.
The GTP' protocol
is used to send
charging data
records (CDRs) that
are generated by a
network element or
functional entity to
the charging
gateway
functionality
(CGF).
RADIUS
Issue 01 (2009-05-26)
The Remote
Authentication Dial
in User Service
(RADIUS) protocol
is used for
authentication,
authorization, and
accounting between
the GGSN and the
RADIUS server.
Standard or Protocol
GSM 09.60, General Packet Radio Service

(GPRS); GPRS Tunneling Protocol (GTP) across
the Gn and Gp Interface
GSM 09.61, Interworking between the Public Land

Mobile Network (PLMN) supporting GPRS and
Packet Data Networks (PDN)
3GPP TS 29.060, General Packet Radio Service

(GPRS); GPRS Tunneling Protocol (GTP) across
the Gn and Gp interface
3GPP TS 32.215, 3G Telecom Management;

Charging Management; Charging Data Description
For The Packet Switched (PS) Domain
3GPP TS 29.061, Interworking between the Public

Land Mobile Network (PLMN) supporting Packet
Based Services and Packet Data Networks (PDN)
IETF RFC 2865, Remote Authentication Dial In

User Service (RADIUS)
IETF RFC 2866, RADIUS Accounting


1-13

Product Description
1 Overview
Protocol
Function
PPP
The Point-to-Point
Protocol (PPP) is a
Layer 2 link
protocol, through
which the Layer 2
negotiation through
the Link Control
Protocol (LCP),
Layer 3 negotiation
through IP over PPP
(IPCP), and
authentication
through the
Password
Authentication
Protocol/Challenge
Handshake
Authentication
Protocol (PAP/
CHAP) can be
performed.
L2TP
1-14
The Layer 2
Tunneling Protocol
(L2TP) is used to set
up Layer 2 virtual
private networks
(VPNs) and L2TP
tunnels between the
L2TP network
server (LNS) and
the GGSN that
serves as the L2TP
access concentrator
(LAC).
IETF RFC 1661, The Point-to-Point Protocol (PPP)
IETF RFC 1332, The PPP Internet Protocol Control

Protocol (IPCP)
IETF RFC 1334, PPP Authentication Protocols
IETF RFC 1994, PPP Challenge Handshake

Authentication Protocol (CHAP)

IETF RFC 2661, Layer Two Tunneling Protocol

"L2TP"

Issue 01 (2009-05-26)

Product Description
Protocol
IPSec
Issue 01 (2009-05-26)
Function
The IP Security
(IPSec) protocol is
used to ensure the
security of the data
transmitted
between the GGSN
and the related
devices. It can
ensure the
confidentiality,
integrity,
authenticity, and
anti-replay of data
packets transmitted
on the network.
1 Overview
l
IETF RFC 2402, IP Authentication Header
IETF RFC 2403, The Use of HMAC-MD5-96

within ESP and AH
ETF RFC 2404, The Use of HMAC-SHA-1-96

within ESP and AH
IETF RFC 2405, The ESP DES-CBC Cipher

Algorithm With Explicit IV
IETF RFC 2406, IP Encapsulating Security

Payload (ESP)
IETF RFC 2407, The Internet IP Security Domain

of Interpretation for ISAKMP
IETF RFC 2408, Internet Security Association and

Key Management Protocol (ISAKMP)
IETF RFC 2409, The Internet Key Exchange (IKE)
IETF RFC 2410, The NULL Encryption Algorithm

and Its Use with IPSec
IETF RFC 2411, IP Security Document Roadmap
IETF RFC 2412, The OAKLEY Key

Determination Protocol
IETF RFC 2104, HMAC: Keyed-Hashing for

Message Authentication
IETF RFC 1191, Path MTU Discovery
FTP
The File Transfer

Protocol (FTP) is
used to transmit
files between the
GGSN and other
devices.
Diameter
The basic Diameter

protocol offers a
secure, reliable, and
easily extended
IETF RFC 3588, Diameter Base Protocol IETF RFC
frame for
4006, Diameter Credit-Control Application
authentication,
authorization, and
accounting
services.
IETF RFC 0959, FILE TRANSFER PROTOCOL

(FTP)

1-15

Product Description
1 Overview
Protocol
Function
Diameter
Online
Charging
The volume-based
or time-based
online contentbased charging is
realized through
interaction with the
online charging
system (OCS)
through the Gy
interface.
MBMS
PCC
The unidirectional
point-to-multipoint
multimedia services
are provided.
The policy and

charging control
function is
provided.
3GPP TS 23.125, Overall High Level Functionality

and Architecture Impacts of Flow Based Charging
3GPP TS 32.299, Charging Management; Diameter

charging applications
3GPP TS 23.246, Multimedia Broadcast/Multicast

Service (MBMS); Architecture and Functional
Description
3GPP TS 29.060, General Packet Radio Service

(GPRS); GPRS Tunnelling Protocol (GTP) across
the Gn and Gp interface

3GPP TR 23.803 v700 Evolution of policy control

and charging
3GPP TS 23.203 v760 Policy and charging control

architecture
3GPP TS 29.212 v740 Policy and Charging Control

over Gx reference point

signalling flows and QoS parameter mapping

over Rx reference point
1.5 Physical Interfaces

This describes the physical interfaces of the GGSN9811. The GGSN9811 provides multiple
types of physical interfaces.
1.5.1 Interface Types
This describes the types of physical interfaces provided by the GGSN9811. The GGSN9811
provides the following physical interfaces: 10/100M auto-sensing Ethernet electrical interfaces,
1000M Ethernet SFP optical interfaces (1000Base-X-SFP), 1000M Ethernet SFP electrical
interfaces (1000Base-X-SFP), and 10G Ethernet Optical Interfaces.
1.5.2 Interface Specifications
This describes the specifications for the interfaces provided by the GGSN9811.
1-16

Issue 01 (2009-05-26)

Product Description
1 Overview
1.5.1 Interface Types

This describes the types of physical interfaces provided by the GGSN9811. The GGSN9811
provides the following physical interfaces: 10/100M auto-sensing Ethernet electrical interfaces,
1000M Ethernet SFP optical interfaces (1000Base-X-SFP), 1000M Ethernet SFP electrical
interfaces (1000Base-X-SFP), and 10G Ethernet Optical Interfaces.
The physical interfaces of the GGSN9811 are provided by the Line Processing Unit (LPU).
Table 1-2 lists the quantities and functions of the interfaces on the LPU.
Table 1-2 Quantities and functions of the physical interfaces on the GGSN9811
Type
Quantity
(Maximum)
Function
10/100M autosensing Ethernet

electrical interfaces
24
Physical interfaces to an external network or

devices in the external network, such as the
SGSN, PDN, AAA server, and CG
1000M Ethernet SFP

optical interfaces
(1000Base-X-SFP)
24

1000M Ethernet SFP

electrical interfaces
(1000Base-X-SFP)
24

10G Ethernet Optical

2
Interfaces
NOTE
The quantity in GGSN9811 refers to the quantity of a type of interfaces on one LPU.
1.5.2 Interface Specifications

This describes the specifications for the interfaces provided by the GGSN9811.
Table 1-3, Table 1-4, Table 1-5, and Table 1-6 list the specifications for the interfaces.
Table 1-3 Specifications for 10/100M auto-sensing Ethernet electrical interfaces
Item
Specification
Connector type
RJ45
Operating mode
Issue 01 (2009-05-26)
10/100M auto-sensing
Half duplex and full duplex
Maximum
transmission distance
100 m
Applied cable
Enhanced category 5 shielded twisted pair

1-17

Product Description
1 Overview
Item
Specification
Standard compliance
IEEE802.3z
Frame format
Ethernet_II, Ethernet_SAP, and Ethernet_SNAP
Network protocol
IP
Table 1-4 Specifications for 1000M Ethernet SFP optical interfaces (1000Base-X-SFP)
1-18
Item
Specification
Connector
type
LC/PC
Operating
mode
1000M full duplex
Standard
complianc
e
IEEE 802.3z
Frame
format
Network
protocol
IP
Maximum
transmissi
on
distance
0.5km
10km
40km
40km
80km
100km
Center
wavelengt
h
850nm
1310nm
1310nm
1550nm
1550nm
1550nm
Minimum
transmittin
g optical
power
9.5dBm
9.5dBm
4.5dBm
4.0dBm
2.0dBm
0dBm
Maximum
transmittin
g optical
power
2.5dBm
3.0dBm
3.0dBm
1.0dBm
5.0dBm
5.0dBm
Receiver
sensitivity
17.0dBm
20.0dBm
22.5dBm
21.0dBm
23.0dBm
30.0dBm
Overload
optical
power
0dBm
3.0dBm
3.0dBm
3.0dBm
3.0dBm
9.0dBm

Issue 01 (2009-05-26)

Product Description
Item
Specification
Fiber type
Multimode
1 Overview
Singlemode
Singlemode
Singlemode
Singlemode
Singlemode
Table 1-5 Specifications for 1000M Ethernet SFP electrical interfaces (1000Base-X-SFP)
Item
Specification
Connector type
RJ45
Operating mode
1000M full duplex
Maximum transmission
distance
100 m
Applied cable
category 5 shielded twisted pair
Standard compliance
IEEE802.3z
Frame format
Network protocol
IP
Table 1-6 Specifications for the 10G Ethernet optical interfaces (10GBase LAN/WAN-XFP)
Issue 01 (2009-05-26)
Item
Specification
Connector type
LC/PC
Operating mode
10G full duplex
Standard
compliance
IEEE 802.3ae
Frame format
Network
protocol
IP
Maximum
transmission
distance
0.3 km
10 km
40 km
80 km
Center
wavelength
850 nm
1310 nm
1550 nm
1550 nm
Minimum
transmitting
optical power
-7.3 dBm
-6.0 dBm
-1.0 dBm
0 dBm

1-19

Product Description
1 Overview
1-20
Item
Specification
Maximum
transmitting
optical power
-1.3 dBm
-1.0 dBm
2.0 dBm
4.0 dBm
Receiver
sensitivity
-7.5 dBm
-11.0 dBm
-15.0 dBm
-24.0 dBm
Overload
optical power
-1.0 dBm
0.5 dBm
-1.0 dBm
-7.0 dBm
Fiber type
Multi-mode
Single-mode
Single-mode
Single-mode

Issue 01 (2009-05-26)

Product Description
2 Product Features
Product Features
About This Chapter

This describes the features of the GGSN9811: carrier-class platform, high reliability, security,
large capacity, and customized operation and maintenance (OM) system.
2.1 Carrier-Class Platform
This describes the carrier-class platform feature of the GGSN9811 The hardware platform
provides high reliability and large data throughput. The software platform seamlessly integrates
wireless telecommunication technologies and data communication technologies.
2.2 High Reliability
This describes the high reliability feature of the GGSN9811. Reliability is crucial for both
operators and end users. Therefore, the GGSN9811 is designed by considering reliability in
terms of hardware, software, and networking to ensure normal running.
2.3 Security
This describes the security feature of the GGSN9811. The requirements for security is taken into
consideration for the design of the GGSN9811 and multiple measures are adopted to protect
profits of operators and end users.
2.4 Large Capacity
This describes the large capacity feature of the GGSN9811. The GGSN9811 with the design of
large capacity can help operators to arrange investment effectively.
2.5 Customized Operation and Maintenance System
This describes the customized operation and maintenance (OM) system feature of the
GGSN9811. The GGSN9811 provides powerful OM functions.
Issue 01 (2009-05-26)

2-1

Product Description
2 Product Features
2.1 Carrier-Class Platform

This describes the carrier-class platform feature of the GGSN9811 The hardware platform
provides high reliability and large data throughput. The software platform seamlessly integrates
wireless telecommunication technologies and data communication technologies.
The hardware platform of the GGSN9811 is Huawei Universal Switching Router (USR). The
USR is a carrier-class network switching device which is compliant with the industry standards.
Developed on the basis of Huawei Versatile Routing Platform (VRP), the software of the
GGSN9811 inherits the integrated routing technology, IP quality of service (QoS), virtual private
network (VPN), and security technology of the VRP and perfects the functions specific to
applications in wireless telecommunication.
By means of the USR hardware platform that boasts high reliability and large data throughput
and the software platform that seamlessly integrates wireless telecommunication technologies
and data communication technologies, the GGSN9811 presents an ideal and flexible solution
for wireless data communication to network operators.
2.2 High Reliability

This describes the high reliability feature of the GGSN9811. Reliability is crucial for both
operators and end users. Therefore, the GGSN9811 is designed by considering reliability in
terms of hardware, software, and networking to ensure normal running.
l
Hardware reliability
The GGSN9811 supports hot plugging and hot backup of key boards, possesses a doublechannel power supply system, and is protected from over-voltage and over-current.
The DMPU subcards can work in load-sharing mode. Therefore, when one DMPU subcard
is faulty, the other DMPU subcard takes over all services, and the system triggers a fault
alarm. If the DMPU subcards are required but unavailable or if the DMPU subcards are
overloaded, the system triggers an alarm.
Software reliability
The GGSN9811 is capable of overload control, traffic control, resource check, , system
software backup, configuration files checkand automatic fault detection. This ensures
reliable running. The unique charging data record (CDR) cache function guarantees a
reliable billing system. The hot patch technology helps to ensure the normal software
running.
Networking reliability
The route backup and router load sharing functions can prevent single point failure on
networks, thus helping to build highly reliable networks. The Eth-trunk function can
prevent failure of a single port from affecting services.
Operation and Maintenance Reliability

SSL: The GGSN9811 ensure data confidentiality between LMT and M2000.
When the GGSN9811 upgrade failed, it can rollback previous version automatically. In
this way, the service restore time can be reduce.
GGSN provides patch rollback function to ensure the reliability of running patch.
2-2

Issue 01 (2009-05-26)

Product Description
2 Product Features
2.3 Security
This describes the security feature of the GGSN9811. The requirements for security is taken into
consideration for the design of the GGSN9811 and multiple measures are adopted to protect
profits of operators and end users.
The same as reliability, security is concerned by operators and end users. The requirements for
security is fully considered for the design of the GGSN and the following measures are taken:
l
Strict verification of operator identity
Point-to-Point Protocol (PPP) security verification by the Password Authentication

Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) modes
Packet filtering and access control list (ACL) mechanism to filter packets based on preset
conditions
Gi interface redirection function, which can offer defense against attacks that are based on
protocol packets between mobile users in one GGSN
IP Security (IPSec) protocol, which provides IP packets with high-quality, interoperable,

and cryptology-based security
The SSL feature can be implemented on the GGSN when the GGSN communicates with
the M2000 or local maintenance terminal (LMT) to enhance security through encryption.
Thus, the man-machine language (MML) channel, binary channel, and File Transfer
Protocol (FTP) file transfer channel between the GGSN and the M2000 or LMT are
encrypted
2.4 Large Capacity

This describes the large capacity feature of the GGSN9811. The GGSN9811 with the design of
large capacity can help operators to arrange investment effectively.
Huawei Universal Switching Router (USR), a fifth-generation core router, is the hardware
platform of the GGSN9811. In Huawei USR, the signaling/control plane is separated from the
data plane. That is, the signaling/control plane consists of multiple high-performance universal
processors. The data plane consists of multiple high-performance and high-forwardingcapability network processors (NPs).
The fully-configured GGSN9811 can activate 5000000 Packet Data Protocol (PDP) contexts at
the same time. The data throughput can reach 50Gbit/s.
2.5 Customized Operation and Maintenance System

This describes the customized operation and maintenance (OM) system feature of the
GGSN9811. The GGSN9811 provides powerful OM functions.
Various Management Methods

The OM system of the GGSN9811 allows you to customize a network management system based
on the network structure, management requirements, and investment scale. Based on a client/
server distributed architecture, maintenance is available through the graphic user interface (GUI)
client, centralized network maintenance interfaces, and command line interface (CLI). The
GGSN9811 supports simultaneous multi-user access at local and remote ends.
Issue 01 (2009-05-26)

2-3

Product Description
2 Product Features
User-Friendly GUI
The GUI helps to provide a user-friendly and convenient OM interface. Operations are simplified
through the graphic network topology view and device panel view. Frequent operations can be
performed by selecting items from the menu.
Message Tracing
The GGSN9811 allows signaling message tracing, data packet tracing, interface message
tracing, user message tracing, and message explanation.
Customizable Performance Measurement

The GGSN9811 can display performance measurement data in the form of lists and graphics. It
also supports background performance data collection.
Remote Management
The GGSN9811 supports various remote management functions, including online software
patching, online commissioning, remote maintenance, and dynamic data setting.
Real-Time Fault Management

The GGSN9811 can receive and display network device fault reports in real time. It provides
real-time audible or visual alarms through the topology view, alarm panel, and alarm box. The
GGSN9811 provides detailed fault reports, and the fault management system with leveled
filtering functions. This enables you to determine fault causes quickly. After determining fault
causes, you can clear faults by following the instructions provided in the online help.
Comprehensive Online Help

The online help provides help information on the OM system and alarm handling. Thus, you
can be familiar with the operation and maintenance of the GGSN9811 quickly.
2-4

Issue 01 (2009-05-26)

Product Description
3 System Structure
System Structure
About This Chapter

This describes the physical and logical structures of the GGSN9811.
3.1 Physical Structure
This describes the cabinet, subrack, and boards of the GGSN9811.
3.2 Software Structure
This describes the logical structure of the GGSN9811. The logical structure of the GGSN9811
consists of the access management (AM), charging management (CM), service management
(SM), platform service (PS), operation and maintenance (OM), and local maintenance terminal
(LMT) modules.
Issue 01 (2009-05-26)

3-1

Product Description
3 System Structure
3.1 Physical Structure

This describes the cabinet, subrack, and boards of the GGSN9811.
3.1.1 Cabinet
This describes the N68E-22 cabinet. Its dimensions are 2200 mm (H) x 600 mm(W) x 800 mm
(D).
3.1.2 Subrack
This describes the GGSN9811 subrack. The design of the GGSN9811 subrack complies with
the IEC297 standard. Its dimensions are 886.00 mm (H) x 442.00 mm (W) x 669.00 mm (D).
3.1.3 Boards
This describes the boards of the GGSN9811. The GGSN9811 consists of four types of boards:
SRU, SFU, SPU, and LPU.
3.1.1 Cabinet
This describes the N68E-22 cabinet. Its dimensions are 2200 mm (H) x 600 mm(W) x 800 mm
(D).
The design of the cabinet complies with the International Electrotechnical Commission 297
(IEC297) and Institute of Electrical and Electronics Engineers (IEEE) standards. The modular
structure is used, thus facilitating the capacity expansion and maintenance. In addition, the
electromagnetic compatibility is fully considered in the design of the cabinet and electromagnetic
shielding interfaces are used.
Figure 3-1 shows an N68E-22 cabinet.
3-2

Issue 01 (2009-05-26)

Product Description
3 System Structure
Figure 3-1 N68E-22 cabinet
Figure 3-2 shows the typically configured cabinet.
Issue 01 (2009-05-26)

3-3
3 System Structure

Product Description
Figure 3-2 Hardware layout of the GGSN9811
3-4

Issue 01 (2009-05-26)

Product Description
3 System Structure
NOTE
1 U = 44.45 mm = 1.75 in.
In the cabinet:
The GGSN9811 subrack must be available. The SRU, SFU, SPU, and LPU boards of the
GGSN9811 must be inserted in this subrack.
3.1.2 Subrack
This describes the GGSN9811 subrack. The design of the GGSN9811 subrack complies with
the IEC297 standard. Its dimensions are 886.00 mm (H) x 442.00 mm (W) x 669.00 mm (D).
Figure 3-3 shows the subrack and Figure 3-4 shows the components installed in the subrack.
Figure 3-3 GGSN9811 subrack
Issue 01 (2009-05-26)

3-5

Product Description
3 System Structure
Figure 3-4 Components in the GGSN9811 subrack
1. Plastic panel of the fan module 2. Fan module 3. Board cage 4. Air intake frame 5. Power system panel
6. Power supply module
7. Handle
8. Angle
9. Cabling trough
The GGSN9811 uses the integrated subrack design. Table 3-1 lists the main components in the
GGSN9811 subrack.
Table 3-1 Main components in the GGSN9811 subrack
3-6
Component
Description
Fan module
It is covered with a plastic panel and is used to dissipate heat of the

GGSN9811.

Issue 01 (2009-05-26)

Product Description
3 System Structure
Component
Description
Power supply
module
It is covered with a plastic panel. Each subrack must be equipped with

two power supply modules that work in load-sharing mode.
The GGSN9811 provides only the DC power supply system.
Air intake frame
It coordinates with the fan module to dissipate heat of the

GGSN9811.
Cable
It consists of the internal cable set, fibers, and external cable set. The
internal cable set refers to power cables and signal cables.
3.1.3 Boards
This describes the boards of the GGSN9811. The GGSN9811 consists of four types of boards:
SRU, SFU, SPU, and LPU.
The SRU is the core circuit board of system management. The SFU performs the service data
switching function of the entire system. The SPU performs the service processing function. The
LPU provides physical interfaces through which the GGSN9811 can be connected to external
network elements (NEs) or external networks.
The board slots are vertical. There are 12 board slots, and thus up to 12 boards can be inserted.
The configuration principle of boards is as follows:
l
Two SRUs must be inserted in slots 9 and 10.
Two SFUs must be inserted in slots 11 and 12.
Based on actual requirements, insert one, two, three or four LPUs. For the cabling
convenience of the cabinet, slots 1, 2, 3 and 4 are reserved for LPUs.
Based on actual requirements, insert two to six SPUs. The two adjacent SPUs are one pair.
The pairs of SPUs can be inserted in slots 3 and 4, slots 5 and 6, and slots 7 and 8.
Figure 3-5 shows a typical layout of boards in the GGSN9811 subrack.
Issue 01 (2009-05-26)

3-7

Product Description
3 System Structure
Figure 3-5 Layout of boards in the GGSN9811 subrack
SRU: Switching Route

Unit
SFU: Switching Fabric

Unit
SPU: Service Processing

Unit
LPU: Line Processing Unit
SRU
The SRUs control and manage the system in a centralized manner and they work in 1+1 backup
mode. Serving as the clock source and the management and maintenance unit of the system, the
SRUs provide the functions of the control plane and the system maintenance plane. The SRUs
are composed of the main processing units (MPUs) and SFU modules. The two SFU modules
embedded in the two SRUs form four exchange planes with the two SFUs. The four exchange
planes exchange data in load-sharing mode.
SFU
The SFUs support quick data exchange. Working in load-sharing mode, the SFUs can support
640 Gbit/s (160 Gbit/s x 4) switching traffic.
The GGSN9811 is equipped with two SFUs, and two SFU modules are located on the two SRUs.
SPU
The SPUs perform functions such as service control, user packet forward, charging information
collection, quality of service (QoS), and content parse. The SPUs can be configured to work in
1+1 backup mode or load-sharing mode. The working mode switchover is controlled by the
bam.ini file.
LPU
The LPUs provide physical interfaces through which the GGSN9811 can be connected to NEs
such as the serving GPRS support node (SGSN), authorization, authentication and accounting
(AAA) server, and charging gateway (CG) or connected to external networks such as the packet
3-8

Issue 01 (2009-05-26)

Product Description
3 System Structure
data network (PDN). The trunk working mode of physical interfaces can be configured to work
in either 1+1 backup mode or load-sharing mode.
At present, the GGSN9811 supports the following types of LPUs:
l
10/100M Fast Ethernet (FE) electrical interface board
1000M Ethernet SFP optical interface board
1000M Ethernet SFP electrical interface board
10G Ethernet optical interface board
Table 3-2 lists the specifications of the four types of physical interface boards.
Table 3-2 Specifications of the four types LPUs
Type of the LPU
Interface Type
Interface Quantity
Transmission
Rate
10/100M FE
electrical interface
board
FE
24
10/100 Mbit/s
1000M Ethernet SFP

optical interface
board
GE
24
10/100/1000 Mbit/s
1000M Ethernet SFP

electrical interface
board
GE
24
10/100/1000 Mbit/s
10G Ethernet optical

interface board
GE
10 Gbit/s
The LPUs are composed of three modules: LPU module, switching network fabric adaptor
(FAD) module, and physical interface card (PIC) module.
The three modules work together to process and forward service data quickly. In addition, they
maintain and manage link protocols and forwarding information base (FIB) tables.
3.2 Software Structure

This describes the logical structure of the GGSN9811. The logical structure of the GGSN9811
consists of the access management (AM), charging management (CM), service management
(SM), platform service (PS), operation and maintenance (OM), and local maintenance terminal
(LMT) modules.
Figure 3-6 shows the logical structure of the GGSN9811.
Issue 01 (2009-05-26)

3-9

Product Description
3 System Structure
Figure 3-6 Logical structure of the GGSN9811
AM
This module performs functions such as user access control, user authentication and
authorization, address assignment, and Packet Data Protocol (PDP) context management.
In addition, the GGSN9811 enables multiple user access modes.
CM
This module processes charging protocols and manages charging data records (CDRs). In
addition, the CM system works with external charging gateways (CGs) and external
charging systems to charge users.
SM
This module obtains and controls policies of user data flows.
PS
This module distributes and processes signaling packets and data packets of the
GGSN9811; it works with the relevant modules to implement charging and service control;
it performs functions such as system support and routing.
OM
This module performs OM functions such as data configuration management, device
management, performance management, alarm management, and security management.
LMT
This module provides graphical user interfaces (GUIs).
3-10

Issue 01 (2009-05-26)

Product Description
Services and Functions
About This Chapter

This describes the abundant services and functions provided by the GGSN9811. These services
and functions can meet various requirements for networking and services.
4.1 Routing
This describes the routing function of the GGSN9811. The GGSN is a gateway between the
GPRS/UMTS network and the packet data network (PDN). For the devices in the PDN, the
GGSN is a router that can route the IP addresses of all users in the GPRS/UMTS network.
4.2 APN
This describes the access point name (APN) function of the GGSN9811. The APN is a network
identifier defined by the general packet radio service/universal mobile telecommunications
system (GPRS/UMTS).
4.3 Accessing the PDN
This describes the service provided by the GGSN9811 for accessing the packet data network
(PDN). The GGSN connects mobile stations (MSs) to the external PDN to provide Internet/
Intranet access services.
4.4 GTP
This describes the GPRS Tunneling Protocol (GTP) function of the GGSN9811. GTP tunnels
are used to forward data between the SGSN and the GGSN.
4.5 Direct Tunnel
This describes the direct tunnel function of the GGSN9811. In direct-tunnel mode, the GTP-U
tunnel is directly established between the RNC and the GGSN, and the SGSN is not involved
in data transmission in the user plane.
4.6 VPN
This describes the virtual private network (VPN) service provided by the GGSN9811. The
GGSN9811 supports tunneling technologies such as multi-protocol label switch (MPLS),
Generic Routing Encapsulation (GRE), and Layer 2 Tunneling Protocol (L2TP). An operator
can select a suitable security solution to set up a virtual private network (VPN).
4.7 Security
This describes the security function of the GGSN9811. The GGSN9811 supports the realization
of multiple security policies.
Issue 01 (2009-05-26)

4-1

Product Description
4.8 QoS
This describes the quality of service (QoS) function supported by the GGSN9811.
4.9 Charging
This describes the charging function of the GGSN9811. The GGSN9811 can provide abundant
charging functions and enable operators to charge users flexibly.
4.10 DPI
Through the deep packet inspection (DPI) technology, the GGSN8911 can analyze the data of
the application layer protocols and obtain valuable information for service resolution and control.
4.11 Service Redirection
This describes the service redirection function of the GGSN9811. The GGSN9811 supports two
types of service redirection functions, that is, captive portal and web proxy.
4.12 Service Report
This describes service report function of the GGSN9811. The GGSN interworks with an external
Service Usage Reporter (SUR) to implement the service report function. The GGSN collects
service data records and sends the records to the SUR. The SUR analyzes the records and
generates service reports.
4.13 PCC
The GGSN9811 supports the policy and charging control (PCC) feature and provides a PCC
solution.
4.14 MBMS
This describes the multimedia broadcast/multicast service (MBMS) of the GGSN9811. The
MBMS is defined by the 3rd Generation Partnership Project (3GPP) for unidirectional point-tomultipoint multimedia services.
4.15 IPv6
The GGSN9811 supports basic IPv6 access function. It supports the IPv6 bearer on the user
plane but not the IPv6 features on the signaling plane.
4.16 Other Services and Functions
This describes the other services and functions of the GGSN9811. The GGSN9811 supports
multiple IP address assignment modes and the Network Time Protocol (NTP) function, and the
Simple Network Management Protocol (SNMP) V1/V2/V3.
4-2

Issue 01 (2009-05-26)

Product Description
4.1 Routing
This describes the routing function of the GGSN9811. The GGSN is a gateway between the
GPRS/UMTS network and the packet data network (PDN). For the devices in the PDN, the
GGSN is a router that can route the IP addresses of all users in the GPRS/UMTS network.
The GGSN9811 supports the following main routing technologies:
l
Static routing
Default routing
RIPv1/v2
OSPFv2
IS-IS
BGP-4
Routing policy
Route backup
MS downlink route distribution
4.2 APN
This describes the access point name (APN) function of the GGSN9811. The APN is a network
identifier defined by the general packet radio service/universal mobile telecommunications
system (GPRS/UMTS).
The GGSN must be configured with an APN and the related attributes based on the packet data
network (PDN) to be accessed. Thus, mobile stations (MSs) under the APN can be connected
to the PDN. The GPRS/UMTS core network identifies a GGSN with an APN. An APN identifies
an external PDN that is connected through the GGSN, or an associated service. The external
PDNs include the Internet service provider (ISP) network and the intranet. The services include
the Internet access service and the Wireless Application Protocol (WAP) service.
In addition to the basic functions of the APN, the GGSN9811 provides the virtual APN function.
By means of the virtual APN function, users who visit different PDNs can carry the same APN.
This APN acts as the virtual APN. Based on the different matching types configured for the
virtual APN, the GGSN9811 finds the actual APNs, and then enables the users to access the
proper PDNs. The virtual APN function settles the problem of poor service flexibility of
operators, optimizes network resources, and betters service experience of users.
The GGSN9811 also provides the alias APN function. To map the services of an APN to another
APN, operators can map the user-carried APN to an alias APN but need not modify the planning
and configuration of APNs. Different APNs can correspond to the same system resources,
facilitating distribution and combination of system resources.
4.3 Accessing the PDN

This describes the service provided by the GGSN9811 for accessing the packet data network
(PDN). The GGSN connects mobile stations (MSs) to the external PDN to provide Internet/
Intranet access services.
Issue 01 (2009-05-26)

4-3

Product Description
MSs can access the external PDN in transparent access mode or non-transparent access mode.
Transparent Access
In transparent access mode, operators serve as Internet service providers (ISPs) and provide
general packet radio service/universal mobile telecommunications system (GPRS/UMTS) users
with services such as email application and web browsing.
Figure 4-1 shows an example of the transparent access mode. The operator's IP network can
hold devices such as the world wide web (WWW) server, email server, and domain name server
(DNS). A firewall is set at the connection point with the external network to shield the network
from unauthorized access.
Figure 4-1 Example of transparent access to an external IP network
In transparent mode, the IP address assigned to the mobile user is one of the IP addresses of the
operator. The IP address can be a static IP address that is assigned when a mobile user subscribes
to a service and signs a subscription or a dynamic IP address that is assigned by the GGSN when
the Packet Data Protocol (PDP) context is activated.
The dynamic IP address can be an IP address in the internal IP address pool that is assigned to
the access point (AP) through data configuration. It can also be a dynamic IP address assigned
by the authentication, authorization and accounting (AAA) server or the Dynamic Host
Configuration Protocol (DHCP) server.
When the PDP context is activated, the MS may not carry the user identity and the GGSN may
not perform authorization or authentication for the user identity. In transparent mode, based on
the requirements of operators, the GGSN can perform authorization and authentication for the
user identity.
Non-Transparent Access
This mode is used when operators do not serve as ISPs.
Figure 4-2 shows an example of the non-transparent access mode.
4-4

Issue 01 (2009-05-26)

Product Description
Figure 4-2 Example of non-transparent access to an ISP or an intranet
In non-transparent access mode, the IP address assigned to the mobile user is one of the IP
addresses of the ISP or the intranet. The IP address can be a static IP address that is assigned
when the mobile user subscribes to a service and signs a subscription or a dynamic IP address
that is assigned by the GGSN when the PDP context is activated.
The dynamic IP address can be an IP address in the internal IP address pool of the GGSN. It can
also be a dynamic IP address assigned by the AAA server or the DHCP server.
When the PDP context is activated, the MS must carry the user identity and authentication
information. After receiving the activation request from the MSS, the GGSN forwards the
request to the AAA server. The AAA server authenticates and authorizes the user identity.
4.4 GTP
This describes the GPRS Tunneling Protocol (GTP) function of the GGSN9811. GTP tunnels
are used to forward data between the SGSN and the GGSN.
4.4.1 GTP Tunnel
This describes the GPRS Tunneling Protocol (GTP) tunnel function of the GGSN9811. The GTP
tunnel is used to forward data between the SGSN and the GGSN.
4.4.2 GTP Signaling Function
This describes the GPRS Tunneling Protocol (GTP) signaling function of the GGSN9811. The
GTP signaling function consists of tunnel management and path management.
4.4.3 IP over GTP and PPP over GTP
This describes two Packet Data Protocol (PDP) types, namely, IP (IPv4 and IPv6) over GTP and
PPP over GTP, supported by the GGSN9811.
Issue 01 (2009-05-26)

4-5

Product Description
4.4.1 GTP Tunnel

This describes the GPRS Tunneling Protocol (GTP) tunnel function of the GGSN9811. The GTP
tunnel is used to forward data between the SGSN and the GGSN.
The data packets from the packet data network (PDN) are GTP encapsulated on the GGSN, and
then forwarded to the SGSN through the GTP tunnel between the SGSN and the GGSN. The
data packets from the SGSN reach the GGSN through the GTP tunnel. On the GGSN, the packets
are decapsulated, and then forwarded to the PDN.
The GTP tunnel is a bidirectional point-to-point connection. It is defined jointly by the tunnel
endpoint identifiers (TEIDs), User Datagram Protocol (UDP) port numbers, and IP addresses of
the nodes at the two ends.
4.4.2 GTP Signaling Function

This describes the GPRS Tunneling Protocol (GTP) signaling function of the GGSN9811. The
GTP signaling function consists of tunnel management and path management.
By means of the tunnel management function, a GTP tunnel is set up between the GGSN and
the SGSN for data transmission. That is, Packet Data Protocol (PDP) contexts are set up on
related nodes. The setup of PDP contexts consists of activation, deactivation, and update.
By means of the path management function, path management messages can be transmitted
between GSNs (GGSNs and SGSNs) to check whether the peer GSN exists. When detecting
that a path fails, the GGSN deactivates all the PDP contexts related to this path and no longer
transmits data packets through this path. When detecting that signaling or data is not transmitted
through a path for a long period, the GGSN deletes this path.
4.4.3 IP over GTP and PPP over GTP

This describes two Packet Data Protocol (PDP) types, namely, IP (IPv4 and IPv6) over GTP and
PPP over GTP, supported by the GGSN9811.
Figure 4-3 shows an example of IP (IPv4 and IPv6) over GTP and PPP over GTP. The PPP and
IP user data can be terminated on the GGSN9811 or delivered to the L2TP network server (LNS)
through a Layer 2 Tunneling Protocol (L2TP) tunnel.
Figure 4-3 Example of IP over GTP and PPP over GTP
4-6

Issue 01 (2009-05-26)

Product Description
In the intranet, PPP over GTP can enable enterprises to use the existing virtual private network
(VPN) gateways in fixed networks. The enterprises need not modify configuration or
networking. Thus, users in fixed networks and mobile networks can be managed in a unified
manner. In addition, for PPP over GTP, L2TP tunnels can be set up or removed in real time.
Only the VPN tunnels that are based on the Generic Routing Encapsulation (GRE) protocol can
be used because IP over GTP is used in the intranet. Thus, the VPN gateways in the intranet
must set up tunnels with all the GGSNs in advance. The configuration is relatively complex.
Figure 4-4 Example of PPP regeneration
IP over GTP and PPP over GTP are two basic functions stipulated in the 3rd Generation
Partnership Project (3GPP). PPP over GTP is supported by some mobile phones and most mobile
phones support only IP over GTP. Intranet users hope to access the intranet through existing
LNS and AAA servers without changing the existing network structure and configuration.
Huawei GGSN9811 provides the PPP regeneration solution to meet these requirements, as
shown in Figure 4-4. The GGSN9811 can negotiate with the LNS and set up PPP sessions based
on user information such as the user name and password in user activation requests. After setting
up PPP sessions, the GGSN9811 PPP encapsulates IP packets for PPP relay. Then, the start and
end points of PPP are the GGSN9811 and the LNS, respectively.
4.5 Direct Tunnel

This describes the direct tunnel function of the GGSN9811. In direct-tunnel mode, the GTP-U
tunnel is directly established between the RNC and the GGSN, and the SGSN is not involved
in data transmission in the user plane.
Issue 01 (2009-05-26)

4-7

Product Description
The development of 3G services and application of the High-Speed Packet Access (HSPA)
technologies present higher requirements on the processing capability in the user plane in the
packet-switched (PS) domain of the wideband code division multiple access (WCDMA) core
network. In two-tunnel mode, the GPRS Tunneling Protocol-User plane (GTP-U) tunnel
between the RNC and the GGSN is divided into the tunnel between the RNC and the SGSN and
the tunnel between the SGSN and the GGSN. Therefore, the processing capability in the user
plane on the network elements (NEs) such as the RNC, SGSN, and GGSN must be improved,
thus increasing the capital expenditure (CAPEX) and operation expenditure (OPEX) of
operators.
The 3rd Generation Partnership Project (3GPP) provides the direct-tunnel mode for establishing
a direct GTP-U tunnel between the RNC and the GGSN. This mode decreases the CAPEX and
OPEX of operators, improves the performance in the user plane in the PS domain of the WCDMA
core network, and facilitates future network expansion.
4.6 VPN
This describes the virtual private network (VPN) service provided by the GGSN9811. The
GGSN9811 supports tunneling technologies such as multi-protocol label switch (MPLS),
Generic Routing Encapsulation (GRE), and Layer 2 Tunneling Protocol (L2TP). An operator
can select a suitable security solution to set up a virtual private network (VPN).
A private network based on the public packet-switched network is set up to enable mobile users
to access an intranet. This saves the cost for leasing expensive private lines. The VPN features
security, reliability, and manageability.
On a GPRS/UMTS network, by means of remote user authentication and tunnel data encryption
technologies, a mobile station (MS) can access an intranet securely and reliably through a private
tunnel between the GGSN and the enterprise VPN gateways.
MPLS L3 VPN
The MPLS L3 VPN provides the VPN through the IP backbone network of a service provider.
It uses the Border Gateway Protocol (BGP) to advertise VPN routes on the IP backbone network
to separate the traffic of different VPN members. Then, the MPLS is used to forward VPN
packets on the IP backbone network. The GGSN9811 supports the MPLS L3 VPN and complies
with IETF RFC2547.
L2TP VPN
The L2TP tunnel is a Layer 2 tunneling technology. It uses the IP network to set up an L2TP
tunnel and encapsulates data into Point-to-Point Protocol (PPP) packets for delivery through the
L2TP tunnel. The GGSN9811 provides the L2TP access concentrator (LAC) function. It can
also set up the VPN through the L2TP tunnel to transmit Packet Data Protocol packet data units
(PDP PDUs). The L2TP tunnel complies with RFC2661 regardless of whether the type of the
PDP PDU is PPP or IP.
GRE VPN
The GRE tunnel is based on the Layer 3 tunneling technology, which enables encapsulation of
one network layer protocol over another network layer protocol. The GGSN9811 supports the
GRE tunneling technology. Through GRE, the IP network protocol can be used to transmit
packets of upper layer protocols to realize the VPN function. The GRE tunnel complies with
RFC1702 and RFC1701.
4-8

Issue 01 (2009-05-26)

Product Description
VLAN VPN
The virtual local area network (VLAN) is a new technology to realize virtual working groups
by dividing network segments based on the logical addresses instead of the physical addresses
of the devices in a LAN. The IEEE issued the 802.1Q to standardize VLAN realization in 1999.
The GGSN9811 can divide a physical interface into sub-interfaces and specify VLAN IDs for
these sub-interfaces, and thus the VLAN VPN is supported.
4.7 Security
This describes the security function of the GGSN9811. The GGSN9811 supports the realization
of multiple security policies.
4.7.1 Protocol Security Authentication
This describes the protocol security authentication. Security authentication refers to
authenticating received packets or determining whether user access is allowed.
4.7.2 IPSec
This describes IP Security (IPSec). The IPSec protocol suite is a series of protocols defined by
the Internet Engineering Task Force (IETF). It provides IP data packets with high-quality,
interoperable, and cryptology-based security.
4.7.3 Packet Filtering and ACL
This describes the functions of packet filtering and the access control list (ACL).
4.7.4 Gi Interface Redirection
This describes the Gi interface redirection function. The Gi interface redirection function can
prevent packet attacks between the users in one GGSN.
4.7.5 Anti-DDoS Protection
This describes how to prevent the distributed denial of service (DDoS) attack. The DDoS attack
is generated based on the denial of service (DoS) attack. In a DDoS attack, the controlled network
terminals attack a public port simultaneously. The damage is severe.
4.7.6 Anti-spoofing
This describes the anti-spoofing function of the GGSN9811.
4.7.7 SSL
4.7.1 Protocol Security Authentication

This describes the protocol security authentication. Security authentication refers to
authenticating received packets or determining whether user access is allowed.
The GGSN9811 supports protocol security authentication in the following scenarios:
l
In IP access mode, the GGSN9811 authenticates and authorizes mobile stations (MSs) by
interworking with the authentication, authorization, and accounting (AAA) server.
The GGSN9811 provides multiple authenticating methods, such as plain text

authentication, Message Digest 5 (MD5), and hashed message authentication code-MD5
(HMAC-MD5), for important routing protocols, such as Routing Information Protocol
(RIP) v2, Open Shortest Path First (OSPF), Intermediate System to Intermediate System
(IS-IS), and Border Gateway Protocol (BGP).
Issue 01 (2009-05-26)

4-9

Product Description
4.7.2 IPSec
This describes IP Security (IPSec). The IPSec protocol suite is a series of protocols defined by
the Internet Engineering Task Force (IETF). It provides IP data packets with high-quality,
interoperable, and cryptology-based security.
The devices can ensure confidentiality, integrity, authenticity, and anti-replay for data packets
when packets are transmitted on the network through encryption and data source authentication
at the IP layer.
By means of the Authentication Header (AH) and Encapsulating Security Payload (ESP) security
protocols, IPSec can address the security concerns. IPSec can also automatically negotiate key
exchange, and set up and maintain security associations (SAs) through Internet Key Exchange
(IKE) to simplify the use and management of IPSec.
The GGSN9811 supports IPSec on the Gi and Gn interfacesevery interface to authenticate or
encrypt data flows to ensure security of data packets.
The GGSN9811 supports the following IPSec functions:
l
Realizing Message Digest 5 (MD5) and Secure Hash Algorithm-1 (SHA-1) authentication
algorithms
Realizing data encryption standard (DES), 3DES, and advanced encryption standard (AES)
encryption algorithms
Supporting two IPSec modes: transmitting mode and tunneling mode
Realizing the AH and ESP protocols and supporting binding of AH and ESP
Realizing manual configuration of SAs or automatic negotiation of SAs through IKE
Supporting application of the IPSec policy on Generic Routing Encapsulation (GRE)

tunnels to encrypt tunnel packets
Supporting the dead peer detection (DPD) function of IPSec tunnels
Realizing the IPSec VPN by binding virtual routing and forwarding (VRF) with the
interface where the IPSec is enabled
Supporting the IPSec tunnel interface mode
Supporting the IPSec redundancy function when the IPSec tunnel interface mode is adopted
Supporting license control on enabling or disabling the IPSec function
4.7.3 Packet Filtering and ACL

This describes the functions of packet filtering and the access control list (ACL).
By means of packet filtering and ACL, the GGSN9811 can filter incoming packets according
to preset conditions, for example, by comparing whether the source and destination IP addresses
of a packet comply with the rules, and discard unqualified ones. This can effectively prevent
invasion or packet attacks.
On the GGSN, the packet filtering policy is applied to:
l
Preventing the MS from attacking the devices on the GPRS/UMTS core network
The packet filtering policy enabled on the GGSN helps to discard the unqualified packets
sent to the devices in the core network, thereby ensuring the security of the core network.
For example, the traffic classification rules can define the data flow that accesses the core
network element (NE) based on the destination IP address.
4-10

Issue 01 (2009-05-26)

Product Description
l
Preventing mutual access between MSs

The packet filtering policy can also be enabled on the GGSN to discard the packets
transmitted between MSs. For example, the traffic classification rules can define the data
flow between MSs based on the source IP address and the destination IP address.
4.7.4 Gi Interface Redirection

This describes the Gi interface redirection function. The Gi interface redirection function can
prevent packet attacks between the users in one GGSN.
Generally, the GGSN searches for routes for the inner IP packets that are obtained by
decapsulation of the packets sent from a mobile station (MS). If the destination IP addresses of
the data packets are destined for other MS in the same GGSN, the GGSN encapsulates and
forwards the downlink data packets instead of sending them through the Gi interface. This poses
a security concern. That is, packet attacks between the users in one GGSN cannot be avoided.
The GGSN9811 provides the Gi redirection function to rectify this problem. When forwarding
uplink packets from users, the GGSN9811 is required to redirect packets to the Gi interface even
if the packets are being sent to other users in the same GGSN9811. The packets are filtered by
the firewall that is connected to the Gi interface, and then transmitted back to the GGSN9811.
Then, the GGSN9811 encapsulates and forwards the downlink data packets.
4.7.5 Anti-DDoS Protection

This describes how to prevent the distributed denial of service (DDoS) attack. The DDoS attack
is generated based on the denial of service (DoS) attack. In a DDoS attack, the controlled network
terminals attack a public port simultaneously. The damage is severe.
The TCP-SYN flood is one of the commonly used methods of the DDoS attack.
The setup of a Transmission Control Protocol (TCP) connection requires the three handshakes.
The connection initiator sends the SYN request to the server. After receiving the request, the
server sends the ACK/SYN message to allow setting up the connection. After receiving the
ACK/SYN message from the server, the connection initiator sends the ACK message to the
server, and thus the connection is set up. The TCP-SYN flood attack is to send a large number
of TCP SYN packets through one or multiple computers that masquerade as a user to the server.
Thus, many half-open TCP connections are set up on the server. When the TCP connection
resources on the server are exhausted, the server can no longer provide services. This is the basic
principle of the TCP-SYN flood attack. The GGSN9811 can control the TCP SYN traffic of
users to protect the server from the TCP-SYN flood attack to a certain extent.
4.7.6 Anti-spoofing
This describes the anti-spoofing function of the GGSN9811.
Generally, users communicate through their authorized IP addresses. Those who borrow IP
addresses of other users are mostly to perform illegal acts. The anti-spoofing function can detect
and discard the packets that are transferred through IP addresses of other users, thus ensuring
the security of the core network.
Application of Anti-spoofing
On the GGSN, the application of anti-spoofing is as follows:
Issue 01 (2009-05-26)

4-11

Product Description

l
If the source IP address of the uplink packet from a mobile user is different from the IP
address assigned to the mobile user, the GGSN regards this packet as a spoofing packet.
If the source IP address and destination IP address of the downlink packet from the packet
data network (PDN) are the same, the GGSN considers this packet as an abnormal packet.
Implementation of Anti-spoofing
The anti-spoofing function is implemented in the following manner:
l
For uplink packets

The GGSN records the IP address assigned to the mobile user in the Packet Data Protocol
(PDP) context. After the mobile user initiates communication and the packet arrives at the
GGSN along the GPRS Tunneling Protocol (GTP) tunnel, the GGSN decapsulates the
packet and compares the source IP address in the packet with the locally recorded IP
address. If they are inconsistent, the GGSN considers this packet as a spoofing packet and
discards it.
For downlink packets

After the PDN user initiates communication and the packet arrives at the GGSN, the
GGSN compares the source IP address with the destination IP address. If they are consistent,
the GGSN considers this packet as an abnormal packet and discards it.
NOTE
If the packet sent by the PDN user arrives at the GGSN along the tunnel, the GGSN must decapsulate the packet,
and then determine whether the packet is an abnormal one.
The GGSN computes the total number of spoofing packets in each PDP context context within
one minute. If the total number exceeds the threshold, the GGSN deletes the PDP context, and
then deactivates the user.
4.7.7 SSL
SSL provides three security services:
l
Identity authentication
Identity authentication means checking whether the peer end is really the one with which
you want to communicate. SSL authenticates the server and the client based on digital
certificates to confirm that they are legitimate users. Both the client and the server have an
identifier, which is numbered with the public key. To verify that a user is legitimate, SSL
implements digital authentication during data exchange in the handshake stage.
Connection privacy
Connection privacy means that data is encrypted before transmission to avoid data theft by
illegitimate users. SSL ensures connection privacy by employing encryption algorithms.
Commonly used encryption algorithms are Data Encryption Standard (DES), 3DES, RC2,
and RC4.
Data intactness
Data intactness means that any modification to data during transmission can be detected.
SSL sets up a secure channel between the client and the server so that all SSL-processed
data can reach the destination without being modified. SSL guarantees data intactness by
employing message digest algorithms. Commonly used message digest algorithms are
message digest 5 (MD5) and SHA-1. SHA is short for secure hash algorithm.
The SSL feature can be implemented on the GGSN when the GGSN communicates with the
M2000 or local maintenance terminal (LMT) to enhance security through encryption. Thus, the
4-12

Issue 01 (2009-05-26)

Product Description
man-machine language (MML) channel, binary channel, and File Transfer Protocol (FTP) file
transfer channel between the GGSN and the M2000 or LMT are encrypted.
4.8 QoS
This describes the quality of service (QoS) function supported by the GGSN9811.
The general packet radio service/universal mobile telecommunications system (GPRS/UMTS)
standard defines the QoS in mobile networks as the end-to-end QoS. The end-to-end QoS
depends on the QoS features of every node on the transmission path. Thus, when the traffic
passes through the IP-based GPRS/UMTS core network, the GPRS/UMTS QoS negotiated
during the context activation must be mapped to the differentiated services code point (DSCP)
field or type of service (ToS) field of the IP packet header according to a certain mapping rule.
An IP QoS performs queue scheduling to ensure the end-to-end QoS.
l
The GGSN9811 supports QoS negotiation and mapping. The QoS requested is carried in
the context activation request message of a mobile station (MS). The GGSN9811 performs
the QoS negotiation based on the QoS information and the configurations of the
GGSN9811. The GGSN9811 maps the negotiated QoS parameter into the differentiated
services (DiffServ) priority of the IP network, fills the priority into the ToS or DSCP field
in the header of the packets, and then forwards them to an external packet data network
(PDN). The PDN schedules the IP QoS queue to ensure the QoS of the packet service.
The GGSN9811 supports the user-based DiffServ. The services at different levels are
provided for users who have different requirements. The allocation/retention priority (ARP)
in activation requests controls the access and bearer priority of users. To meet DiffServ
requirements, the GGSN9811 provides different QoS levels based on user levels and traffic
classes.
The GGSN9811 supports the content awareness function. For rectifying the problem in
which the bearer network cannot detect the service QoS requirement, and the problem of
low usage of wireless air resources, Huawei provides a UMTS content awareness solution
on the GGSN9811 to achieve dynamic QoS policy control. The GGSN9811 can send the
QoS update request to the serving GPRS support node (SGSN) based on the type of the
user data service to achieve dynamic adjustment of the QoS. Thus, the QoS requirements
of multiple user services can be met flexibly and operators can use network resources
appropriately and effectively.
The GGSN9811 supports the alias marking function. The GGSN9811 can process the traffic
based on the operator-defined priority rules. For other network elements (NEs), the priority
levels in the QoS information remain unchanged. This function provides operators with
flexible processing of the QoS service on the GGSN9811.
The GGSN9811 supports the traffic policing function. Traffic policing is a mechanism to
restrict the bandwidth for data traffic so that the data transmission is within the specified
rate. Traffic policing is realized through the committed access rate (CAR) mechanism.
Issue 01 (2009-05-26)
Bearer-based uplink and downlink traffic policing: When bearer contexts are activated
or updated, the GGSN9811 polices both the uplink and downlink traffic of the bearer
contexts after determining the uplink and downlink bandwidths of the bearer contexts.
Traffic policing can be implemented by configuring the guaranteed bit rate (GBR) and
maximum bit rate (MBR).
DSCP-based traffic policing: The GGSN9811 restricts the traffic of the packets of a
certain type based on the value of the DSCP field.
The GGSN9811 supports the traffic shaping function. Traffic shaping is a mechanism to
adjust the output traffic rate actively. The packets that do not comply with the specifications
4-13

Product Description
are cached in a buffer or queue. When sufficient tokens are available in the token bucket,
the cached packets are sent regularly at the rate configured for the token bucket.
l
The GGSN9811 supports the P2P/VoIP-based bandwidth management function. When

receiving service traffic from the Gn or Gi interface, the GGSN9811 identifies whether the
service is a point-to-point (P2P) or voice over IP (VoIP) service, and matches the service
with a service rule according to the service type, traffic property (traffic direction and time
period), and user property (including the RAT type and roaming attribute). Then, the
GGSN9811 performs service control and bandwidth management according to the policy
of the service rule. By managing the bandwidths of P2P and VoIP services, operators can
guarantee the QoS of subscribed P2P and VoIP services and a fair bandwidth allocation.
In this manner, bandwidths are not consumed significantly by malicious P2P or VoIP
service traffic, thus improving customer experiences.
4.9 Charging
This describes the charging function of the GGSN9811. The GGSN9811 can provide abundant
charging functions and enable operators to charge users flexibly.
4.9.1 RADIUS Accounting
This describes the Remote Authentication Dial In User Service (RADIUS) accounting function
of the GGSN9811.
4.9.2 Offline Charging
This describes the offline charging function of the GGSN9811.
4.9.3 Online Charging
This describes the online charging function of the GGSN9811.
4.9.4 Content-based Charging
This describes the content-based charging (CBC) function of the GGSN9811. CBC enables
operators to charge for the access service and the services based on contents and applications,
thus helping operators gain more profits.
4.9.5 Event-based Charging
This describes the event-based charging function of the GGSN9811. Event-based charging
means that users are charged based on the number of times that they use a specific service.
4.9.6 Envelope Reporting
This describes the envelope reporting function of the GGSN9811. By means of the envelope
reporting function, more detailed charging information can be provided for the online/offline
charging system based on the standard duration reporting.
4.9.1 RADIUS Accounting

This describes the Remote Authentication Dial In User Service (RADIUS) accounting function
of the GGSN9811.
RADIUS accounting refers that the GGSN9811 sends charging data of a mobile station (MS)
to an authentication, authorization and accounting (AAA) server and the AAA server performs
the accounting function. With the RADIUS accounting function, the GGSN9811 can implement
both non-real-time charging and quasi-real-time charging so that mobile operators and Internet
operators can separately charge users.
4-14

Issue 01 (2009-05-26)

Product Description
The GGSN allows the RADIUS server to assign IP addresses to users during RADIUS
authentication and deactivates a user after receiving the Packet of Disconnect (PoD) message
from the RADIUS server.
The GGSN9811 allows you to configure a RADIUS server for each access point name (APN).
The RADIUS servers, namely, AAA servers, can operate in active/standby mode or load-sharing
mode.
In addition, the GGSN provides some RADIUS extended functions, such as providing charging
response switch, removing the domain name from a user name, supporting 3GPP extended
attributes, obtaining user attributes and service attributes from the RADIUS server, and
supporting the setting of retransmission times and timeout interval for accounting messages.
4.9.2 Offline Charging

This describes the offline charging function of the GGSN9811.
The GGSN9811 generates GGSN charging data records (G-CDRs) and enhanced GGSN
charging data records (eG-CDRs) and sends them to the charging gateway (CG) through the Ga
interface for processing. Then, the G-CDRs and eG-CDRs are sent to the billing system (BS)
for charging processing.
The G-CDRs and eG-CDRs are the data service records generated by the GGSN, which record
charging information about the packet data network (PDN) usage. The GGSN9811 creates and
opens CDRs to start charging when Packet Data Protocol (PDP) contexts are activated for mobile
users. It closes the CDRs and stops charging when the PDP contexts are deactivated. Each
activated PDP context has its CDRs.
The GGSN9811 supports CDRs of multiple versions such as R98, R99, R4, R5, R6, and R7.
Charging Characteristic
The offline charging function provided by the GGSN9811 consists of normal charging, hot
billing, prepaid charging, and flat rate charging.
l
Normal charging
The normal charging is based on the data volume or duration instead of the data service
type.
Hot billing
Hot billing provides all functions of normal charging but can generate CDRs more quickly
than normal charging. You can set the time threshold and volume threshold for generating
CDRs on the GGSN9811 based on user attributes. For hot billing users, the time threshold
can be set to a small value to report CDRs in time. After the CDRs sent by the GGSN9811
reach the CG, the CDRs containing the hot billing attribute take precedence over other
CDRs in processing by the CG.
Prepaid charging
Before availing themselves of a service, the users must pay for the service in advance. When
the account balance is insufficient for the service, the service is terminated forcibly.
Therefore, operators can quickly recover investments and improve network resource
efficiency.
Flat rate charging

Flat rate charging is also called periodical charging. It means that a user pays based on a
specific period, for example, once a month. The rate for each period, for example, a month,
Issue 01 (2009-05-26)

4-15

Product Description
remains the same. The charging system on the GGSN9811 collects only such information
as data traffic and service duration of the users who pay at a flat rate, and then sends the
data to the BS for storage. The flat rate is determined by a subscription contract.
Charging Feature
The features of offline charging on the GGSN9811 are as follows:
l
The GGSN9811 generates normal CDRs on any of the following conditions:
CDR generation based on duration

If a mobile station (MS) occupies a data connection for a long time, the GGSN9811
generates G-CDRs or eG-CDRs based on the collected charging data at a regular
interval.
CDR generation based on traffic

The GGSN9811 generates a G-CDR or eG-CDR if the data volume reaches the preset
threshold.
CDR generation based on number of charging condition changes

The GGSN9811 generates a G-CDR or eG-CDR if the number of times that a charging
condition such as quality of service (QoS), tariff, and routing area identifier (RAI)
changes reaches a threshold. The GGSN9811 generates a G-CDR or eG-CDR when the
radio access technology (RAT), SGSN PLMN ID, or MS time zone changes once.
CDR generation based on number of SGSN address changes

The GGSN9811 generates a G-CDR or eG-CDR if the number of times that the IP
address of the SGSN changes reaches a threshold.
CDR generation based on MS deactivation

The GGSN9811 generates a G-CDR or eG-CDR, if a session for packet data services
ends and the MS is deactivated.
The GGSN9811 supports multiple tariffs for different time segments.

You can set multiple tariffs for different time segments, such as holiday/festival, weekend,
and workday. The GGSN9811 can record the service traffic in these time segments
separately.
The GGSN9811 can select a CG.

If multiple CGs are configured with the same priority, the GGSN9811 selects the CG that
is idle to send CDRs when multiple PDP contexts are activated. If multiple CGs are
configured with different priorities, the GGSN9811 selects the CG with a higher priority
to send CDRs.
The GGSN9811 allows customization of the CDR format.

Operators can define the CDR format. The CDR generated by the GGSN9811 can
optionally contain information such as the mobile station international ISDN number
(MSISDN) in addition to mandatory information defined in protocols. Therefore, operators
can choose the optional fields in a CDR to realize customized charging schemes.
The GGSN9811 can control CDR generation.

Mobile operators can flexibly control whether the GGSN9811 should generate CDRs as
required for the users of the entire GGSN9811, users of an access point name (APN), home
users, roaming user, or users with the flat rate charging characteristic.
4-16
The GGSN9811 can cache CDRs.

Issue 01 (2009-05-26)

Product Description
The GGSN9811 can cache the generated CDRs on the hard disk if the link between the
GGSN9811 and the CG is faulty. These CDRs are sent to the CG if the link is restored so
that CDRs will not be lost.
l
The GGSN9811 supports the CDR audit function.

Each time a CDR, valid or not, is generated, a record is created in the CDR audit log file.
The record retains reset information about the GGSN9811. The CDR audit record is used
to check whether the CDR is correct to ensure correct charging of the charging system and
to facilitate error detection.
4.9.3 Online Charging

This describes the online charging function of the GGSN9811.
The Diameter Credit Control Application protocol is extended based on the basic Diameter
protocol. This application protocol defines the charging mechanism for online charging users
and realizes session-based charging by controlling the credit limit in real time. Therefore, this
application protocol meets the requirements of the Diameter online charging on the GGSN.
When an online charging user starts a data service, the online charging system (OCS) can
determine whether the service is allowed based on the user information and the balance of the
user account. The online charging function can trace the usage (time or volume) of the resources
prepaid by the user and deduct the current usage expense from the account balance in real time.
The service is automatically terminated or the user is informed when the account balance is
exhausted.
The Diameter online charging function on the GGSN9811 is described as follows:
l
The GGSN9811 supports service blocking or redirection when the balance is insufficient
or the service is not subscribed. If the OCS at the server side finds that the balance is
insufficient for service access, the OCS redirects the user request to the specific page for
recharge. If the OCS at the server side finds that the service is not subscribed, the OCS
redirects the user request to the specific page for subscription. Therefore, two redirection
functions are required, redirection for recharge and redirection for subscription.
Based on the characteristics of the application protocol, the GGSN9811 supports the
redirection function only for the Hypertext Transfer Protocol (HTTP), Wireless Application
Protocol 1.x (WAP1.x), and WAP2.0 browsing services. If the OCS sends the instruction
to the GGSN9811 to redirect the user request to a specific page but the user is not accessing
the browsing service, the GGSN9811 discards the related messages.
The user credit control is realized through the OCS. A secondary OCS must be provided
to perform credit control through the exchange with the GGSN9811 to ensure that services
are not disrupted when the GGSN9811 detects that the connection with the OCS is
abnormal. Therefore, the configuration of primary and secondary OCSs must be supported.
The GGSN9811 supports primary and secondary OCSs locally. When detecting that the
primary OCS does not respond to a request, the GGSN9811 automatically sends online
charging messages to the secondary OCS. If the OCS supports primary/secondary
switchover, services are not disrupted.
4.9.4 Content-based Charging

This describes the content-based charging (CBC) function of the GGSN9811. CBC enables
operators to charge for the access service and the services based on contents and applications,
thus helping operators gain more profits.
The 3G technology brings rapid development of wireless data services. The simple charging
mode based on traffic or duration does not keep pace with such momentum. To obtain more
Issue 01 (2009-05-26)

4-17

Product Description
benefits from the services and integrate different service schemes, operators develop the
charging model which features more diversified and dynamic granularity. CBC, namely, flowbased charging (FBC) defined in the 3rd Generation Partnership Project (3GPP) protocol is a
critical step to the value-based charging model.
CBC is a unique function of the GGSN9811. With the CBC function, the GGSN9811 can charge
differently based on the different service types of a mobile station (MS), which significantly
enhances competitiveness of operators and meets requirements of diversified development of
mobile internetworks.
The GGSN9811 supports time- or volume-based charging, and identifies services by Layer 3/
Layer 4 and Layer 7 filtering and parsing of data packets to apply different charging policies
and generate CBC charging data records (CDRs).
l
Charging based on IP+PORT service traffic or duration

The GGSN9811 can distinguish services based on the IP address and port of the server that
a user is accessing for volume-based or time-based charging.
Charging based on HTTP service traffic or duration

The GGSN9811 can charge the Hypertext Transfer Protocol (HTTP) service of accessing
a uniform resource locator (URL) such as www.isp.com/* by using an access point name
(APN) such as MNET based on the service traffic or duration.
Charging based on FTP service traffic or duration

The GGSN9811 can charge the File Transfer Protocol (FTP) download service by using
an APN such as MNET based on the service traffic or duration. Two FTP transmission
modes, PORT and PASV, are supported.
Charging based on WAP service traffic or duration

The GGSN9811 can charge the Wireless Application Protocol (WAP) service of accessing
a URL such as wap.isp.com/news.wml by using an APN such as WAP based on the service
traffic or duration. The GGSN9811 can also charge the multimedia messaging service
(MMS) and the KJava service by using an APN such as WAP based on the service traffic.
Charging based on RTSP VOD service traffic or duration

The GGSN9811 can charge the video on demand (VOD) service based on the service traffic
or duration.
Charging based on MMS service traffic or duration

The GGSN9811 can charge for the MMS service based on the service traffic or duration.
Charging based on DNS service traffic or duration

The GGSN9811 can charge the domain name server (DNS) traffic separately, or include
the DNS traffic in the associated services for time- or volume-based charging.
The GGSN9811 can analyze packets of the Trivial File Transfer Protocol (TFTP), Microsoft
Multimedia Server Protocol (MMSP), Simple Mail Transfer Protocol (SMTP), Post Office
Protocol revision 3 (POP3), and Interactive Mail Access Protocol (IMAP), and identify Pointto-Point (P2P), Voice over IP (VoIP), and instant messaging (IM) services.
The CBC CDRs can be of two formats. One is the format of the G-CDR extension content-based
charging field. The other is the standard eG-CDR format defined in the 3GPP protocol. You can
use either format for the CBC function.
4.9.5 Event-based Charging

This describes the event-based charging function of the GGSN9811. Event-based charging
means that users are charged based on the number of times that they use a specific service.
4-18

Issue 01 (2009-05-26)

Product Description
Operators employ diversified charging modes with development of abundant 3G services, which
requires that the GGSN should provide event-based charging to help operators realize flexible
and appropriate charging.
The GGSN9811 supports event-based charging for services such as the Hypertext Transfer
Protocol (HTTP), multimedia messaging service (MMS), Real-Time Streaming Protocol
(RTSP), and Wireless Application Protocol (WAP) services. In addition, the GGSN9811
supports both online event-based charging and offline event-based charging.
l
Event-based charging for the HTTP service

The GGSN can perform event-based charging for the service of accessing a uniform
resource locator (URL) such as www.isp.com/* by using an access point name (APN) such
as MNET. That is, a mobile user is charged based on the number of times of accessing a
Web page identified by a URL.
Event-based charging for the MMS service

The GGSN can perform event-based charging for the MMS service. That is, a mobile user
is charged based on the number of sent MMS messages.
Event-based charging for the RTSP service

The GGSN can perform event-based charging for the video on demand (VOD) service.
That is, a mobile user is charged based on the number of times of accessing a VOD service.
Event-based charging for the WAP service

The GGSN can perform event-based charging for the service of accessing a URL such as
wap.isp.com/news.wml by using an APN such as WAP. That is, a mobile user is charged
based on the number of times of accessing a Web page identified by a URL in the MMS
or KJava service.
An event-based charging data record (CDR) contains the numberOfEvents field, indicating the
number of successful events and number of failed event, and the eventTimeStamps field,
indicating the time when an event occurs.
4.9.6 Envelope Reporting

This describes the envelope reporting function of the GGSN9811. By means of the envelope
reporting function, more detailed charging information can be provided for the online/offline
charging system based on the standard duration reporting.
By means of this function, the detailed charging information including the start time, end time,
and traffic of a service can be identified for operators to control credit and charge the user
appropriately.
In the envelope reporting function, a period of continuous traffic is recorded in one envelope.
The base time interval (BTI) is the basic unit for calculating the service duration.
l
When there is traffic for a service in a BTI, the service duration is recorded as the BTI
duration. The traffic and duration are recorded in an envelope.
When there is no traffic for a service in a BTI, the envelope corresponding to the service
is closed and the traffic and duration are no longer recorded. The recorded traffic and
duration are reported as one envelope.
The envelope reporting function supports the following charging modes of calculating duration
based on traffic:
l
Issue 01 (2009-05-26)
Continuous time period (CTP)

4-19

Product Description

l
Discrete time period (DTP)
Modified continuous time period (modified CTP)
The difference between CTP and modified CTP is that in CTP mode the BTI duration without
traffic is recorded in the envelope, whereas in modified CTP mode the BTI duration without
traffic is not recorded in the envelope. In DTP mode, one envelope is generated for one BTI.
4.10 DPI
Through the deep packet inspection (DPI) technology, the GGSN8911 can analyze the data of
the application layer protocols and obtain valuable information for service resolution and control.
With more and more services on the mobile network, operators require the gateway GPRS
support node (GGSN) to provide the content awareness function for content charging and
security control. Thus, operators can optimize services and improve network security.
The GGSN9811 supports the DPI function for the following protocols:
l
Hypertext Transfer Protocol (HTTP)
Wireless Application Protocol 1.X (WAP1.X)
Real-Time Streaming Protocol (RTSP)
Multimedia Messaging Service (MMS)
File Transfer Protocol (FTP)
Domain Name Service (DNS)
Trivial File Transfer Protocol (TFTP)
Microsoft Multimedia Server Protocol (MMSP)
Simple Mail Transfer Protocol (SMTP)
Post Office Protocol revision 3 (POP3)
Interactive Mail Access Protocol (IMAP)
Point-to-Point (P2P)
Voice over IP (VoIP)
Instant Messaging (IM)
The DPI function of the GGSN9811 can help operators to achieve the following functions:
l
Service resolution
Whether a user surfs the Internet through a browser or watches a movie on line, the traffic
is the basis of charging by operators. The DPI function can provide precise and detailed
information about the data volume and categorize data contents to apply different tariffs.
The result of service resolution can also be used as the reference for resource allocation by
operators. The GGSN9811 can accurately analyze packets of various protocols and perform
different processing accordingly.
Service control
Through deep inspection of data and analysis of service types, operators can provide
different service combinations for different users and filter out forbidden services.
4-20

Issue 01 (2009-05-26)

Product Description
4.11 Service Redirection

This describes the service redirection function of the GGSN9811. The GGSN9811 supports two
types of service redirection functions, that is, captive portal and web proxy.
l
Captive portal
Captive portal means that the browsing requests of users are redirected to the portal server
through the Hypertext Transfer Protocol (HTTP) redirection mode. It is mainly used for
consumption prompts, advertisement launch, and personal portals.
Personal portals enables users to manage user information, and the management includes
the service subscription, account management, and fee management.
When a user starts a Hypertext Transfer Protocol (HTTP) request, the GGSN9811 redirects
the user requested uniform resource locator (URL) to the URL of the captive portal based
on the portal configuration about the user. Thus, the user can visit multiple services through
the personal portal.
Web proxy
To speed up browsing, the GGSN9811 can redirect the IP address of the page requested by
a user to the IP address of a web proxy cache server. The user requested page can be cached
on the cache server to achieve network acceleration.
4.12 Service Report

This describes service report function of the GGSN9811. The GGSN interworks with an external
Service Usage Reporter (SUR) to implement the service report function. The GGSN collects
service data records and sends the records to the SUR. The SUR analyzes the records and
generates service reports.
The service report provides statistics about the traffic transmitted by the GGSN based on the
subscriber, protocol, Web site, and server. Different from the static statistics provided by the
performance measurement function, the service report can provide analysis on subscriber
behavior and statistical analysis on dynamic data about top Web sites and servers.
The service report can provide information, such as detailed service usage, service bandwidth
distribution, hot-spot Web sites, hot-spot applications, and subscriber distribution, about the
packet data network (PDN), thus providing reference for operators to develop value-added
services, and plan and manage networks based on subscriber behavior analysis.
4.13 PCC
The GGSN9811 supports the policy and charging control (PCC) feature and provides a PCC
solution.
With the rapid development of IP-based networks, packet networks will become basic platforms
for future services. Therefore, operators impose higher requirements on service awareness,
service control, and charging of the packet networks. The SBLP, FBC, and PCC features can
satisfy the requirements of the operators.
Based on the PCC feature, operators can perform unified and multi-dimension policy
deployment and control in network operation, thus preventing channellized services and
Issue 01 (2009-05-26)

4-21

Product Description
enhancing competitiveness by optimizing network resource usage and improving network user
experience.
The GGSN9811 supports the following PCC functions:
l
Static PCC control: Where PCRF is not deployed, all policies are implemented by the Policy
and Charging Enforcement Function (PCEF) according to the local static configuration.
Dynamic PCC control: Where AF may exist after PCRF is deployed, all services
dynamically generate PCC rules for scheduling and charging based on their own QoS
requirements and subscription data.
4.14 MBMS
This describes the multimedia broadcast/multicast service (MBMS) of the GGSN9811. The
MBMS is defined by the 3rd Generation Partnership Project (3GPP) for unidirectional point-tomultipoint multimedia services.
The MBMS service can be a multimedia service that is broadcast to users in a cell through the
public channel on the air interface or a subscribed service that is multicast to users in a cell.
Thus, the air interface resources can be used efficiently. One of the applications of the MBMS
service is the mobile phone TV service. In addition, the services such as broadcast download
and MTV interaction are supported.
The MBMS service is the unidirectional point-to-multipoint multimedia service that allows
sending data from one source entity to multiple receivers, downloading the same data by multiple
mobile users, and sharing network resources. This service can be widely used in wireless
networks.
Huawei GGSN9811 supports the MBMS service in broadcast mode. The broadcast mode refers
to unidirectional point-to-multipoint multimedia data transmission from a source entity to users
within a broadcast service area.
4.15 IPv6
The GGSN9811 supports basic IPv6 access function. It supports the IPv6 bearer on the user
plane but not the IPv6 features on the signaling plane.
IPv6 is developed on the basis of IPv4. It has new features such as adequate address spaces,
higher security, and better support of mobility and QoS. IPv6 lays a sound foundation for
sustainable development of the IP network.
IPv6 is introduced to the 3GPP in R5 stage. In R5 stage, the IMS is carried by IPv6. The RNC,
SGSN, and GGSN are interconnected by IPv4 or IPv6. User terminals support dual IPv4/IPv6
protocol stacks so that they can access IPv4/IPv6 services.
At present the GGSN9811 supports basic IPv6 access function. It supports the IPv6 bearer on
the user plane but not the IPv6 features on the signaling plane. That is, the GGSN9811 is still
in the IPv4 network and it is connected to the SGSN and the public data network (PDN) through
the IPv4 network. The uplink IPv6 packets of the user are encapsulated in the IPv4+GTP packets
by the SGSN and sent to the GGSN9811. The GGSN9811 decapsulates the GPRS Tunneling
Protocol (GTP) packets and extracts the IPv6 packets. Then, the IPv6 packets are forwarded to
the IPv6 gateway through the IPv4 tunnel according to the system configuration. The IPv6
gateway finally carries out the routing forwarding or protocol translation (IPv6/IPv4 translation)
4-22

Issue 01 (2009-05-26)

Product Description
of the IPv6 packets. For downlink packets, when the GGSN9811 determines that a user type is
IPv6, it decapsulates the packets and extracts the IPv6 packets. Then, the GGSN9811 carries
out GTP encapsulation and delivers the packets to the SGSN.
This function enables the following services:
l
IPv6 mobile stations accessing IPv6 services
IPv6 mobile stations accessing IPv4 services
4.16 Other Services and Functions

This describes the other services and functions of the GGSN9811. The GGSN9811 supports
multiple IP address assignment modes and the Network Time Protocol (NTP) function, and the
Simple Network Management Protocol (SNMP) V1/V2/V3.
The GGSN9811 supports:
l
Multiple IP address assigning modes

The IP address that is assigned to a mobile station (MS) can be a static IP address or a
dynamic IP address. A dynamic IP address can be assigned from the local address pool of
the GGSN9811, or by the Remote Authentication Dial in User Service (RADIUS) server
or the Dynamic Host Configuration Protocol (DHCP) server on the request of the
GGSN9811. The IP address that is assigned to an MS can be a public IP address or a private
IP address.
NTP function
As an NTP client, the GGSN9811 can enable network time synchronization with the NTP
server.
SNMPV1/V2/V3 protocol
The SNMP is used to manage nodes in the network community. It aims to ensure the
transmission of management messages between any two network elements (NEs). The
network administrator can search information on any node to modify information, locate
faults, plan the network capacity, and generate reports.
Issue 01 (2009-05-26)

4-23

Product Description
5 Reliability
Reliability
About This Chapter

This describes the advanced reliability design of the GGSN9811. The advanced reliability design
effectively ensures the normal operation.
5.1 Hardware Reliability
This describes the hardware reliability of the GGSN9811.
5.2 Software Reliability
This describes the software reliability of the GGSN9811.
5.3 Networking Reliability
This describes the networking reliability of the GGSN9811.
5.4 Operation and Maintenance Reliability
This describes the operation and maintenance Reliability of the GGSN9811.
Issue 01 (2009-05-26)

5-1

Product Description
5 Reliability
5.1 Hardware Reliability

This describes the hardware reliability of the GGSN9811.
l
The hardware platform of the GGSN9811 is derived from Huawei Universal Switching
Router (USR). The design of the USR complies with the mature telecommunication
industry standards. The USR hardware is of a compact structure, and the GGSN9811 is a
network switching device for carrier-class operators.
The key boards,

SRU
s and SPUs, support hot plugging and hot backup. If the active board is abnormal or
removed, the standby board automatically takes over services and becomes the active board.
Thus, the service flow is not interrupted.
The DMPU subcards can work in load-sharing mode. Therefore, when one DMPU subcard
is faulty, the other DMPU subcard takes over all services, and the system triggers a fault
alarm. If the DMPU subcards are required but unavailable or if the DMPU subcards are
overloaded, the system triggers an alarm.
The power system adopts the double channel -48 V power supply mode. The load sharing
function is realized through two channels of power supply.
Over-voltage and over-current protection measures are taken for the board power input and
external interfaces. The measures comply with ITU-T G.703 Recommendation Annex B
and related specifications.
5.2 Software Reliability

This describes the software reliability of the GGSN9811.
l
System overload control

If the central processing unit (CPU) is overloaded, through the overload control, the
GGSN9811 can shut down certain functions that are less necessary or adjust the number
of accessed users. Thus, the GGSN9811 is prevented from breaking down due to overload.
The threshold for overload control can be set dynamically.
Traffic control
The GGSN9811 automatically checks whether system load is greater than expected, and
then takes different traffic control measures based on the overload extent. Therefore, the
GGSN9811 does not break down when it is processing a large amount of traffic or when
it is under attack. The GGSN9811 can also be quickly restored to the normal state to ensure
stable operation.
System resource check

The GGSN9811 can compare data in the system database with the current running data,
and restore the data if it is not consistent.
Automatic fault detection and self-healing

If faults such as software abnormality and hardware faults occur, the GGSN9811 can detect
the faults, and then isolate and clear them. The GGSN9811 can take certain measures, such
as automatic switchover to a normal board and automatic reset of the faulty board, to clear
some faults without user intervention.
5-2
System software backup

Issue 01 (2009-05-26)

Product Description
5 Reliability
When the main software failure, the system get standby software and reboot system.
l
Check configure files

To ensure that the configure files is consistent.
CDR cache
The GGSN9811 can cache charging data records (CDRs). When the communication
between the GGSN9811 and the charging gateway (CG) fails, if the CG does not respond
after the CDRs are sent many times, the GGSN9811 caches the CDRs on the hard disk of
the Switching Route Unit (SRU). After the communication between the GGSN9811 and
the CG recovers, the GGSN9811 sends the cached CDRs to the CG.
Board lock and system shutdown

If required, the GGSN9811 can deny new users access and delete original users. The
GGSN9811 can gradually stop the services processed by the boards or system to avoid
abrupt service interruption.
Hot patch
The uploaded hot patches take effect after being activated. That is, you need not restart the
GGSN9811. Thus, reliable software running is guaranteed.
Patch rollback
If patch is loaded by mistake or the previous patch is preferred, you can roll back the patches
in the current state to the latest version in which patches are in the running state.
5.3 Networking Reliability

This describes the networking reliability of the GGSN9811.
l
Route backup and route load sharing: Single point failure can be avoided during networking
to provide a highly reliable network.
Eth-trunk: The GGSN9811 can bind multiple physical interfaces to one Eth-trunk interface,
which works as an ordinary physical interface. The bound interfaces can send traffic in
active/standby mode or load-sharing mode. Thus, services are not interrupted if one
interface fails.
Address Resolution Protocol (ARP) probe: Switchover between the active and the standby
interfaces occurs on the Eth-trunk interface or Eth-trunk sub-interface to enhance Layer 2
networking reliability when all of these conditions are met: The active physical interface
is normal but the link fails; the ARP probe function is enabled on the GGSN9811; the
GGSN9811 fails to probe the peer device through the active interface.
5.4 Operation and Maintenance Reliability

This describes the operation and maintenance Reliability of the GGSN9811.
l
The security socket layer (SSL) function is supported. In this case, the data between the
M2000 and the GGSN9811, and the data between the LMT and GGSN9811 is secured.
The automatic rollback function is supported. If the upgrade fails, the version is
automatically rolled back to the previous one. As a result, the service restoration time is
greatly shortened in the case of the remote upgrade fails. Before the automatic rollback
function is supported, if the remote upgrade fails, all services on the remote GGSN9811
are stopped. Then, maintenance engineers must manually restore the services at the remote
office. During the restoration process, all subscribers cannot access the network.
Issue 01 (2009-05-26)

5-3

Product Description
Operation and Maintenance
About This Chapter

This describes the easy operation and maintenance (OM) measures provided by the
GGSN9811. The OM measures include the local maintenance terminal (LMT) that integrates
graphical user interface (GUI) and command line interface (CLI), accessing Huawei M2000 and
operation and maintenance center (OMC), and comprehensive online help.
6.1 OM System
This describes the operation and maintenance (OM) system of the GGSN9811. The OM system
of the GGSN9811 is of the client/server architecture.
6.2 OM Function
This describes the operation and maintenance (OM) functions of the GGSN9811. The
GGSN9811 provides the OM functions such as configuration management, message tracing,
performance management, alarm management, and log management.
Issue 01 (2009-05-26)

6-1

Product Description
6.1 OM System
This describes the operation and maintenance (OM) system of the GGSN9811. The OM system
of the GGSN9811 is of the client/server architecture.
Figure 6-1 shows the structure of the GGSN9811 OM system.
Figure 6-1 Structure of the GGSN9811 OM system
6.1.1 BAM
This describes the back administration module (BAM). The BAM is the server based on the
Transmission Control Protocol/Internet Protocol (TCP/IP). The BAM of the GGSN9811 is
integrated on the Switching Route Unit (SRU).
6.1.2 LMT
This describes the local maintenance terminal (LMT). the LMT serves as the client and is
connected to the back administration module (BAM) based on the Transmission Control
Protocol/Internet Protocol (TCP/IP).
6.1.3 M2000
This describes the M2000. The M2000 is a mobile network management system (NMS) in
Huawei iManager network management solution.
6-2

Issue 01 (2009-05-26)

Product Description
6.1.1 BAM
This describes the back administration module (BAM). The BAM is the server based on the
Transmission Control Protocol/Internet Protocol (TCP/IP). The BAM of the GGSN9811 is
integrated on the Switching Route Unit (SRU).
l
Receiving connection requests from the client to establish connections, and analyzing and
processing commands from the client
Receiving connection requests from the host through the local bus to establish connections
and realize the communication between the BAM and the host, and processing data loading
requests and alarms from the host
NOTE
In spite of the loss or error of BAM files, the M2000 can interwork with the GGSN9811 and restore the
BAM.
6.1.2 LMT
This describes the local maintenance terminal (LMT). the LMT serves as the client and is
connected to the back administration module (BAM) based on the Transmission Control
Protocol/Internet Protocol (TCP/IP).
The LMT supports the command line interface (CLI) mode and the graphic user interface (GUI)
mode. The LMT can be used to configure the device, trace messages, manage the system
performance, manage alarms, and manage logs. The LMT provides interfaces to connect the
alarm box to provide audible and visual alarms.
The LMT can be accessed by dialing through the public switched telephone network (PSTN).
Then, the LMT performs the operation and maintenance (OM) function.
6.1.3 M2000
This describes the M2000. The M2000 is a mobile network management system (NMS) in
Huawei iManager network management solution.
The M2000 communicates with the GGSN9811 through the Transmission Control Protocol/
Internet Protocol (TCP/IP). The M2000 is composed of the M2000 server and multiple M2000
clients.
The local maintenance terminal (LMT) can be integrated into the M2000. Thus, the LMT can
achieve uniform management and browsing of devices in the entire network through the topology
management function provided by the M2000. The LMT and the M2000 are in the loose coupling
relationship. The LMT is dedicated to management only on the GGSN9811, whereas the M2000
performs the public management such as topology management and fault management for
devices in the entire network.
6.2 OM Function
This describes the operation and maintenance (OM) functions of the GGSN9811. The
GGSN9811 provides the OM functions such as configuration management, message tracing,
performance management, alarm management, and log management.
6.2.1 Configuration Management
Issue 01 (2009-05-26)

6-3

Product Description
This describes the configuration management function of the GGSN9811. The configuration
management function is performed by the command line interface (CLI) commands provided
in the local maintenance terminal (LMT) of the GGSN9811.
6.2.2 Message Tracing
This describes the message tracing function of the GGSN9811. The message tracing function
of the GGSN9811 is performed in the maintenance window of the local maintenance terminal
(LMT).
6.2.3 Performance Management
This describes the performance management function of the GGSN9811. The performance
management function of the GGSN9811 is realized through the centralized performance
management module of the M2000 and the Performance Browser Tool of the local maintenance
terminal (LMT).
6.2.4 Alarm Management
This describes the alarm management function of the GGSN9811. The alarm management
function of the GGSN9811 is realized through the alarm management system of the local
maintenance terminal (LMT) or the centralized fault management system of the M2000.
6.2.5 Log Management
This describes the log management function of the GGSN9811. Logs can be classified into user
operation logs, system operation logs, and security logs based on contents.
6.2.1 Configuration Management

This describes the configuration management function of the GGSN9811. The configuration
management function is performed by the command line interface (CLI) commands provided
in the local maintenance terminal (LMT) of the GGSN9811.
By running the CLI commands, you can configure, modify, and query data. The GGSN9811
receives, analyzes, and runs the CLI commands, and then returns the results to the LMT.
6.2.2 Message Tracing

This describes the message tracing function of the GGSN9811. The message tracing function
of the GGSN9811 is performed in the maintenance window of the local maintenance terminal
(LMT).
Through the maintenance window of the LMT, you can trace and view interfaces and users.
You can create interface and user tracing tasks to monitor the signaling of the interfaces and
users of the system in real time. The stored messages including the information about previous
versions can be viewed online or offline. If a fault occurs in the GGSN9811, you can quickly
and accurately locate and clear the fault through the interface signaling tracing function.
6.2.3 Performance Management

This describes the performance management function of the GGSN9811. The performance
management function of the GGSN9811 is realized through the centralized performance
management module of the M2000 and the Performance Browser Tool of the local maintenance
terminal (LMT).
The GGSN9811 generates performance measurement files and provides File Transfer Protocol
(FTP) services. The M2000 acts as the FTP client to receive the performance measurement files
and then manage the performance of the GGSN9811. The LMT obtains the performance
measurement files and provides them for viewing through the Performance Browser Tool.
6-4

Issue 01 (2009-05-26)

Product Description
The centralized performance management system provides a comprehensive and direct

operation environment. You can manage the performance of devices in the entire network. You
can create, modify, and query performance measurement tasks and manage the results to learn
the running status of the network and devices. The measurement results are for performance
assessment and network optimization.
6.2.4 Alarm Management

This describes the alarm management function of the GGSN9811. The alarm management
function of the GGSN9811 is realized through the alarm management system of the local
maintenance terminal (LMT) or the centralized fault management system of the M2000.
The GGSN9811 sends alarms to the LMT or the M2000 and simultaneously saves them in alarm
logs.
The GGSN9811 collects alarms that are generated during fault occurrence and classifies them
based on type and severity level. Then, the GGSN9811 sends the alarms to the alarm management
system of the LMT or the centralized fault management system of the M2000. The LMT or
M2000 displays the alarms in graphical user interfaces (GUIs) and provides the location, cause,
and troubleshooting suggestions.
6.2.5 Log Management

This describes the log management function of the GGSN9811. Logs can be classified into user
operation logs, system operation logs, and security logs based on contents.
The user operation logs record the information about user operation commands, including the
user name, executed commands, and execution time, to analyze faults. The system operation
logs record certain state information in the system operation to maintain the system and locate
faults. The GGSN9811 also allows querying the user operation logs.
Issue 01 (2009-05-26)

6-5

Product Description
Technical Specifications
About This Chapter

This lists the technical specifications of the GGSN9811. The technical specifications consist of
performance specifications, entire-system specifications, reliability specifications, safety
standards, electromagnetic compatibility (EMC) specifications, and environment requirements.
7.1 Performance Specifications
This describes the performance specifications such as the throughput and the number of tunnels.
7.2 Entire-system Specifications
This describes the entire-system specifications such as the dimensions and the power
consumption.
7.3 Reliability Specifications
This describes the reliability specifications such as the mean time between failures (MTBF) and
the mean time to recovery (MTTR).
7.4 Safety Specifications
This describes the safety specifications of the GGSN9811.
7.5 EMC Specifications
This describes the electromagnetic compatibility (EMC) specifications of the GGSN9811.
7.6 Environment Specifications
This describes the environmental requirements for the GGSN9811. The environment
specifications consist of the storage, transportation, and running specifications.
Issue 01 (2009-05-26)

7-1

Product Description
7.1 Performance Specifications

This describes the performance specifications such as the throughput and the number of tunnels.
Table 7-1 lists the performance specifications of the GGSN9811.
Table 7-1 GGSN9811 performance specifications
Item
Specification
Maximum number of PDP

contexts that are activated at
the same time
5000000
Maximum data throughput
50 Gbit/s
Maximum IPSec throughput
3 Gbit/s
Maximum number of APNs
3000
Maximum number of GRE

tunnels
4000
Maximum number of L2TP

tunnels
20000
Maximum number of IPSec

tunnels
4000
7.2 Entire-system Specifications

This describes the entire-system specifications such as the dimensions and the power
consumption.
Table 7-2 lists the specifications of the entire GGSN9811.
Table 7-2 Specifications of the entire GGSN9811
Item
Specification
Cabinet
N68E-22
Height: 2200 mm
Dimensions
Width: 600 mm
Depth: 800 mm
7-2
Load-bearing capacity
> 600 kg/m
Power input
-48 V DC to -60 V DC
Typical power
consumption of subrack
2300 W (full configuration)

Issue 01 (2009-05-26)

Product Description
Item
Specification
Noise (acoustic power)
78 dBA at 23C (The noise varies with the ambient

temperature.)
7.3 Reliability Specifications

This describes the reliability specifications such as the mean time between failures (MTBF) and
the mean time to recovery (MTTR).
Table 7-3 lists the reliability specifications of the GGSN9811.
Table 7-3 GGSN9811 reliability specifications
Item
Specification
Annual repair and return rate of boards
3%
Availability
99.999%
MTBF
18.35 years
MTTR
1 hour
Annual mean failure time
< 5 minutes
Board switchover time
< 5 seconds
Board restart time
< 5 minutes
System restart time
< 6 minutes
Start time from system power-on to

service-ready
< 10 minutes
7.4 Safety Specifications

This describes the safety specifications of the GGSN9811.
The GGSN9811 meets the safety requirements and complies with the following standards:
l
UL60950-1
IEC 60950-1
EN60950-1
GB4943
7.5 EMC Specifications

This describes the electromagnetic compatibility (EMC) specifications of the GGSN9811.
The GGSN9811 meets the EMC requirements and complies with the following standards:
Issue 01 (2009-05-26)

7-3

Product Description
l
EN55022
ETSI EN 300 386
CISPR22
IEC 61000-4-2
IEC 61000-4-3
IEC 61000-4-4
IEC 61000-4-5
IEC 61000-4-6
IEC 61000-4-29
7.6 Environment Specifications

This describes the environmental requirements for the GGSN9811. The environment
specifications consist of the storage, transportation, and running specifications.
The GGSN9811 complies with the following standards:
l
GB 4798 Environmental conditions existing in the application of electric and electronic

products
ETSI EN 300 019 Environmental conditions and environmental tests for

telecommunications devices
IEC 60721 Classification of environmental conditions
7.6.1 Storage Environment

This describes the requirements for the storage environment of the GGSN9811. The
requirements for the storage environment consist of the climatic requirements.
7.6.2 Transportation Environment
This describes the requirements for the transportation environment of the GGSN9811. The
requirements for the transportation environment consist of the climatic requirements and
mechanical stress requirements.
7.6.3 Running Environment
This describes the requirements for the running environment of the GGSN9811. The
requirements for the running environment consist of the climatic requirements and mechanical
stress requirements.
7.6.1 Storage Environment

This describes the requirements for the storage environment of the GGSN9811. The
requirements for the storage environment consist of the climatic requirements.
Climatic Requirements
Table 7-4 Climatic requirements for equipment storage
7-4
Item
Specification
Temperature
-40C to +70C
Issue 01 (2009-05-26)

Product Description
Item
Specification
Temperature change rate
1C/min
Relative humidity
10% to 100%
Altitude
3000 m
Air pressure
70 kPa to 106 kPa
7.6.2 Transportation Environment

This describes the requirements for the transportation environment of the GGSN9811. The
requirements for the transportation environment consist of the climatic requirements and
mechanical stress requirements.
Table 7-5 Climatic requirements for equipment transportation
Item
Specification
Temperature
-40C to +70C
3C/min
Relative humidity
10% to 100%
Altitude
3000 m
Air pressure
70 kPa to 106 kPa
Mechanical Stress Requirements

Table 7-6 Requirements for mechanical stress in the transportation environment
Item
Sub-item
Specification
Sinusoidal
vibration
Offset
7.5 mm
Accelerated
speed
20.0 m/s
40.0 m/s
Frequency
range
2 Hz to 9 Hz
9 Hz to 200 Hz
200 Hz to 500
Hz
Acceleration
spectrum
density (ASD)
10 m/s
3 m/s
1 m/s
Random
oscillation
Issue 01 (2009-05-26)

7-5

Product Description
Item
Unsteady state
impact
Sub-item
Specification
Frequency
range
2 Hz to 9 Hz
Impulse
response
spectrum II
300 m/s
Static payload
10 kPa
9 Hz to 200 Hz
200 Hz to 500
Hz
NOTE
l Impact response spectrum refers to the maximum acceleration response curve generated by the
equipment under specified impact excitation. Impulse response spectrum II means that the duration of
half-sine impulse response spectrum is 6 ms.
l Static payload refers to the capability of the equipment in package to bear the pressure from the top in
normal pile-up method.
7.6.3 Running Environment

This describes the requirements for the running environment of the GGSN9811. The
requirements for the running environment consist of the climatic requirements and mechanical
stress requirements.
Table 7-7 Requirements for temperature and humidity in the running environment
Temperature
Relative Humidity
Long term running
Short term running
Long term running
Short term running
5C to 45C
-5C to +50C
5% to 85%
5% to 95%
NOTE
l The values are measured 1.5 m above the floor and 0.4 m in front of the equipment, without protective
panels in front of or behind the cabinet.

l Short term running refers to continuous running for no more than 48 hours or accumulated running of
no more than 15 days in a year.
Table 7-8 Requirements for other climatic factors in the running environment
7-6
Item
Specification
Altitude
3000 m
Air pressure
70 kPa to 106 kPa
5C/h

Issue 01 (2009-05-26)

Product Description
Mechanical Stress Requirements

Table 7-9 Requirements for mechanical stress in the running environment
Item
Sub-item
Specification
Sinusoidal vibration
Offset
5.0 mm
Accelerated speed
2.0 m/s
Frequency range
5 Hz to 62 Hz
62 Hz to 200 Hz
Impulse response
spectrum II
50 m/s
Static payload
Unsteady state
impact
NOTE
l Impact response spectrum refers to the maximum acceleration response curve generated by the
equipment under specified impact excitation. Impulse response spectrum II means that the duration of
half-sine impulse response spectrum is 6 ms.
l Static payload refers to the capability of the equipment in package to bear the pressure from the top in
normal pile-up method.
Issue 01 (2009-05-26)

7-7

Product Description
8 Installation
Installation
About This Chapter

This describes the installation, upgrade, and expansion processes.
8.1 System Installation
This describes the software installation for the GGSN9811. Easy software and hardware
installation considerably shortens the time taken for system installation, and the network can be
established and provide services quickly.
8.2 System Expansion and Upgrade
This describes the system expansion and the upgrade of the GGSN9811. The GGSN9811
supports online expansion and stable upgrade.
Issue 01 (2009-05-26)

8-1

Product Description
8 Installation
8.1 System Installation

This describes the software installation for the GGSN9811. Easy software and hardware
installation considerably shortens the time taken for system installation, and the network can be
established and provide services quickly.
The GGSN9811 is assembled in the factory. Before delivery, all the internal cables of the cabinet
are connected and the GGSN9811 is pre-commissioned based on the site conditions. On site,
engineers only need to install the cabinet, insert the boards, and connect the external cables based
on the instructions in the installation manual. For details on the installation, refer to the Hardware
Installation.
The interfaces for the external cables, such as the power cables, transmission cables, and signal
cables, are located on the top of the GGSN9811 cabinet and are marked with silk-screen labels.
8.2 System Expansion and Upgrade

This describes the system expansion and the upgrade of the GGSN9811. The GGSN9811
supports online expansion and stable upgrade.
System Expansion
The GGSN9811 supports the following modes of capacity expansion without interrupting
ongoing services:
l
Expansion through software

Generally, an operator purchases a system with relatively small capacity at the initial stage.
As the service traffic increases, the system may need expansion. The operator can expand
the system by buying only a license file and loading it to the system. Such capacity
expansion does not interrupt ongoing services.
Expansion through hardware

A GGSN9811 subrack can hold up to six Service Processing Units (SPUs). The SPUs can
work in 1+1 backup mode or load-sharing mode. The SPU is hot swappable. Capacity
expansion does not interrupt ongoing services.
System Upgrade
Switching over the active and standby boards and upgrading them separately can upgrade the
GGSN9811 without interrupting ongoing services or changing data configuration.
8-2

Issue 01 (2009-05-26)

Product Description
Index
Index
A
Accessing the PDN, 4-3

alarm management, 6-5
security, 4-9
specification
EMC, 7-3
entire system, 7-2
performance, 7-2
reliability, 7-3
E
environmental requirements
running environment, 7-6
storage environment, 7-4
transportation environment, 7-5
G
GTP, 4-5
I
installation
system, 8-2
system expansion and upgrade, 8-2
L
LMT, 6-3
log management, 6-5
N
network interface
Ga, 1-10
Gi, 1-7
Gmb, 1-11
Gx, 1-11
Gy, 1-10
R
reliability
hardware, 5-2
networking, 5-3
software, 5-2
routing, 4-3
Issue 01 (2009-05-26)

i-1

Product Description (V900R007C02 01)

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Product Description (V900R007C02 01)

Hochgeladen von

Copyright:

Verfügbare Formate

HUAWEI GGSN9811 Gateway GPRS Support Node

Huawei Proprietary and Confidential

Huawei Technologies Co., Ltd.

Huawei Industrial Base

Copyright Huawei Technologies Co., Ltd. 2009. All rights reserved.

Trademarks and Permissions

Huawei Proprietary and Confidential

HUAWEI GGSN9811 Gateway GPRS Support Node

4 Services and Functions..............................................................................................................4-1

Huawei Proprietary and Confidential

HUAWEI GGSN9811 Gateway GPRS Support Node

4.5 Direct Tunnel...................................................................................................................................................4-7

6 Operation and Maintenance.................................................................................................... 6-1

Huawei Proprietary and Confidential

HUAWEI GGSN9811 Gateway GPRS Support Node

6.2.4 Alarm Management................................................................................................................................6-5

Huawei Proprietary and Confidential

HUAWEI GGSN9811 Gateway GPRS Support Node

Huawei Proprietary and Confidential

HUAWEI GGSN9811 Gateway GPRS Support Node

Huawei Proprietary and Confidential

HUAWEI GGSN9811 Gateway GPRS Support Node

About This Document

About This Document

Network planning engineer

Installation commissioning engineer

Data configuration engineer

Network monitoring engineer

Field maintenance engineer

Huawei Proprietary and Confidential

HUAWEI GGSN9811 Gateway GPRS Support Node

About This Document

Huawei Proprietary and Confidential

HUAWEI GGSN9811 Gateway GPRS Support Node

About This Document

Times New Roman

Normal paragraphs are in Times New Roman.

Names of files, directories, folders, and users are in

Book titles are in italics.

Examples of information displayed on the screen are in

The keywords of a command line are in boldface.

Command arguments are in italics.

Items (keywords or arguments) in brackets [ ] are optional.

Optional items are grouped in braces and separated by

Optional items are grouped in brackets and separated by

Optional items are grouped in braces and separated by

Optional items are grouped in brackets and separated by

Huawei Proprietary and Confidential

HUAWEI GGSN9811 Gateway GPRS Support Node

About This Document

Buttons, menus, parameters, tabs, window, and dialog titles

Multi-level menus are in boldface and separated by the ">"

Press the keys concurrently. For example, pressing Ctrl+Alt

Press the keys in turn. For example, pressing Alt, A means

Select and release the primary mouse button without moving

Press the primary mouse button twice continuously and

Huawei Proprietary and Confidential

HUAWEI GGSN9811 Gateway GPRS Support Node

About This Chapter

Huawei Proprietary and Confidential

HUAWEI GGSN9811 Gateway GPRS Support Node

1.1 Basic Functions

1.2 Network Structure