Cisco GGSN

Mobility Solutions
Architecture and Functionality Overview

Min Presenter Name Huang Packet Core Architecture Group Title

Contents
GGSN Architecture and Functionality Features and Service Scenarios GGSN OAM Overview Cisco Roadmaps for GGSN

Proprietary information - Lucent Technologies

Part I

Proprietary information - Lucent Technologies

New GGSN
Cisco will provide the new GGSN, PDSN, and Media Gateway Our partnership is non-exclusive The u01.03 product is not immediately available
We will First Receive a 7206 GGSN In June/July We will Receive the Official 7609 GGSN We will receive pre-release hardware before the official release

Proprietary information - Lucent Technologies

GGSN Configurations
Common Software on Two Hardware Platforms Cisco 7206 GGSN
Available Now Simplex Configuration Higher Availability Possible when Multiple 7200s Are Combined with Two 6500 Load Balancers a GGSN Server Farm

Cisco 7609 GGSN

Redundant Configuration

New Multi-Processor WAN Application Module

(MWAM) Hosts GGSN Application Available Mid-2003 Initially Acts as Multiple GGSNs Running in One Chassis
Proprietary information - Lucent Technologies

7206 GGSN Physical Architecture Overview

I/O Adapter
LAN
- GE - FE - 10 BaseT

WAN
- POS (OC-3, OC-12) - ATM (OC-3) - E1/T1

Service Adapter
ISA IPSec encryption card VAM VPN Acceleration Module

NPE 400
Hosts GGSN Provides IOS functionality
Proprietary information - Lucent Technologies

7206 GGSN Internal Architecture Overview

1.6Gpbs PCI data-bus
Empty Slot

1.6Gpbs PCI data-bus

Empty Slot

Encryption Card Empty Slot Hifn

I/O Adapter Gn NPE-400 350-MHz MIPS RISC Processor

I/O Adapter Gi

Control Path Note: The above data flow is just a example.

Proprietary information - Lucent Technologies

Traffic Path

7609 GGSN Physical Architecture Overview

Supervisor modules: as GTP SLBs between MWAMs Switching Fabric Modules (optional) I/O modules
LAN - GE - FE - 10 BaseT WAN - POS (OC-3, OC-12) - ATM (OC-3) - E1/T1 Application Modules (details later)

MWAM modules: Host GGSNs/PDSN/HA, + IOS

PIX: Firewall Module VPN Service Module: IPSec hardware acceleration card CSG: Content Services Gateway * SSG: Session Selection Gateway **

Note: *, ** -- It is Ciscos plan to support CSG and SSG on the 7609 but it may not be available in the first release. Currently SSG is supported on 7400 platform.
Proprietary information - Lucent Technologies

Overview of 7609 Application Modules - 1

MWAM: Hardware for GGSN, PDSN and HA, but can only be one at a time (SSG may be integrated to this card in the future). 3 Sibyte 1250 processors = 6 MIPS64 CPUs (only 5 are used) 5 GGSN images per card 4 MWAM card per chassis
Proprietary information - Lucent Technologies

VPN Services Module: Provide Hardware Assisted IPSec tunneling and 3DES encryption Support IPSec Gateway not Client function Only one card supported in a chassis, multi-card support in the future 8000 tunnels per card 1.6 Gbps throughput per card
9

Overview of 7609 Application Modules - 2

Firewall Services Module: Part of the Cisco PIX Firewall family, runs PIX OS Provide Functions as
Protection from DOS Access List Control URL Filtering NAT/PAT

Content Services Gateway:

Enables the operator to offer and bill for content differentiated value-added services to the end user Provides content billing and accounting capability to the end users and content providers Can measure time, packets, bytes, URL, transaction type, event, QoS, ToD, file type Supports CDR and GTP for content billing
10

Performance
5 Gbps throughput 1 Million Concurrent connections More than 100,000 connection setup and teardown/sec
Proprietary information - Lucent Technologies

Overview of 7609 Application Modules - 3

Service Selection Gateway:
Part IOS feature suite It is currently supported on 7206 & 7400 platform Will be integrated to MWAM in the future for 7609 Provides Functions such as
Web Selections: through user based policies, authentication and authorization PPP Termination Aggregation: through L2TP Tunneling based on domain name.

Provides pre-paid using Radius

Proprietary information - Lucent Technologies

11

7609 GGSN Internal Architecture Overview

Supervisor Card
GTP SLB

Supervisor Card
GTP SLB

Result Bus (32 Gbps) Data Bus (up to 256 Gbps with optional Switching Fabric)

MWAM Sibyte Card

1250
DFP

... MWAM Sibyte Card

1250
DFP

Macedon
Hifn

Line Card

...

Line Card

Control Path

Traffic Path

Gi

Gn

The chassis supports a 32 Gbps bus backplane and two optional switching fabric modules for up to 256 Gbps switching capacity. Different Service and I/O cards may have different connectivity to the Switching fabric and/or the bus. 7609 support both centralized switching and distributed switching depending on the type of service card and the line cards.
Note: The above data flow is just a example.
Proprietary information - Lucent Technologies

12

GGSN Server Farm Load Balance Operation

Redundancy schemes: Instead of providing hardware level redundancy, Cisco GGSN offers redundancy through higher layer routing protocols as such HSRP, and load balancing between/within the box.
Dynamic Feedback Protocol (reports weights to SLB ) GGSN Real GGSN1 CreatePDPContextReq(APN) GGSN
Real GGSN 2

Gn SGSN

GGSN

Real GGSN 3

Virtual GGSN Server (farm)

HSRP
GTP Server Load Balancing

GGSN

Real GGSN 4

CreatePDPContextRes

Proprietary information - Lucent Technologies

13

GGSN Function Overview -- Key Feature Highlights

Global APN: can be provided through virtual APN with Radius server or GTP Director Module (GDM) with DNS server for all PDP context type. Overlapping Address: Supported using different local APN and VRF. IP services:
Some IP Services are provided by IOS on the GGSN such as: NAT/PAT and QoS. Many will be supported via separate hardware modules. For example, Firewall, IPSec VPN etc.

Proprietary information - Lucent Technologies

14

GGSN Function Overview -- Feature difference between SpringTide GGSN

7609 gains:
Secondary PDP context support DHCP client Full support of Radius accounting attributes defined in 29.061including IMSI. Gc Support using GTP-MAP QoS including mapping from 4 UMTS QoS classes to Diffserv code points. PPP regeneration for nontransparent IP PDP contexts Context based Billing via CSG COPS support for R5 Richer Routing/multicast protocol support
Proprietary information - Lucent Technologies

7609 losses:
No DHCP relay No virtual router implementation No per flow downlink policing in R4.0

15

Virtual APN with Cisco GGSN

AAA CorporateA
CreatePDPContext(APN=corporate, PCO= username/passwd)

MS

PLMN IP backbone
SGSN

GGSN

CorporateB

User enters username: login@domain

Extracts username from PCO, the domain (e.g. CorporateA.com) is used to select the destination network. The complete username is used to do authentication.

CorporateC

Notes/Issues:
Virtual APN is global to a local real GGSN only, no more than one virtual APN per real GGSN are supported. Since a Global APN is local to a real GGSN, to have a virtual APN span across multiple real GGSN is to duplicate the virtual and real APN on all the real GGSNs within the virtual server farm. Virtual APN only works for non-transparent IP access
Proprietary information - Lucent Technologies

16

Overlapping Address Handling

Gn VRF1
VRF2

Gi GRE VPN

Corporate 1 10.10.10.x

APN1
GTP management

Same Private address

GTP tunnels

APN2
GGSN

IPsec VPN
per VRF routing table per VRF RADIUS/DHCP definition per VRF physical/logical interface per VRF access list

Corporate 2 10.10.10.x

Notes/Issues:
VRF is not the same as the virtual router in SpringTdes implementation. They can not be independently managed.

Proprietary information - Lucent Technologies

17

Capacity and Throughput

Cisco 7206
Capacity
IP PDP Contexts 180K IP transparent 90K IP non-transparent 8K IP with PPP regeneration PPP PDP Contexts IPSec Tunnels APN 8K 2KTunnels per ISA encryption card 1500 Per MWAM Module: 600K IP transparent 450K IP non-transparent 40K IP with PPP regeneration 40K per MWAM Module 8K Tunnels per VPNSM Module N/A

Cisco 7609

Throughput
64-Byte Packets 256-Byte Packets 500-Byte Packets 92 Mbps N/A 172 Mbps N/A 1.6 Gbps per chassis * N/A * Still being verified by Cisco
Proprietary information - Lucent Technologies

18

Ciscos Key GGSN Takeaways

In Commercial Deployment Enabling GPRS Services Since 2 Years for Major Operators Like T-Mobil, CMCC and mm02 Rich Feature Support Combined 2.5G/3G Support Successful IOTs with All Major SGSN/RAN suppliers: Nokia, Ericsson, Nortel, Siemens Cisco IP Leadership IOS Feature Set Leverage Diverse and Highly Scalable Platform Portfolio Mature Products on Mature Platforms

Proprietary information - Lucent Technologies

19

Key Issues - 7206

Performance and Capacity Numbers are Provided by Cisco, no performance tests are yet done by Lucent on the new GGSN. Low Throughput and PPP PDP Context Capacity Simplex Architecture; Not High Availability
External Load Balancers for High Availability and Throughput Means Significant Extra Cost

Not NEBS Compliant Performance and Capacity is Service-Dependant

Additional Dedicated Box for IP Services Probably Required

Proprietary information - Lucent Technologies

20

Key Issues - 7609

GGSN Version Doesnt Exist Yet
New MWAM and Macedon (Internal Code Name) Cards Many Unknowns

Performance and Capacity may Still be Impacted by Process intensive services or application modules capacity in the case of separate card is required Scalability May be an Issue
Only Nine Slots Available for Supervisor Modules, Switching Fabric, MWAM cards, Application Modules, ...

Proprietary information - Lucent Technologies

21

Part II

Proprietary information - Lucent Technologies

22

GGSN - Enhanced VPN, Security and APN Features with Load Balancing
Virtual APN: GGSN extracts the username and domain name for authentication.

AAA

PPP Regen: GGSN extracts the username and domain name for PPP Regeneration
LNS

Corp A

CreatePDPContext(APN=corporate, PCO= username/passwd)

MS

PLMN IP backbone
SGSN CGW

GRE VPN

Corp B Corp C
Gi
VRF1 VRF2 VRF3

7206/7609 GGSN
IPsec VPN

User enters username: login@domain

DFP
GGSN GGSN GGSN

GRX
Gn
GTP M A N A G E M E N T

APN1 APN2 APN3

GTP tunnels

HSRP

GGSN per VRF routing table per VRF RADIUS server per VRF physical/logical interface per VRF access list 23

GTP Server Load Balancing

Proprietary information - Lucent Technologies

L2TP VPN: PPP regeneration

Provides end-to-end PPP for IP PDP type handset (no PPP PDP type) Allows end-to-end PPP directly into Intranet or ISP Re-use of existing dial infrastructure (LNS) Authentication, Authorization, Address allocation managed by Corporate/ISP
IPCP negotiation (IP @, DNS @, etc)

DHCP RADIUS

RADIUS

Tunnel info retrieval IP address allocation and configuration options retrieval Authentication and configuration option retrieval

CreatePDPContext (APN=corporate, PCO= user/passwd)

PLMN IP backbone
MS

Gn

GGSN

Gi LT2P tunnel

LNS PPP

Intranet/ISP

SGSN

PPP

IP PDP Type

Authentication (PAP, CHAP, etc.)

24

Proprietary information - Lucent Technologies

L2TP VPN: PPP PDP type

Allows end-to-end PPP directly into Intranet or ISP Re-use of existing dial infrastructure (LNS)
DHCP

Authentication, Authorization, Address allocation managed within Corporate/ISP

RADIUS

IPCP negotiation (IP @, DNS @, etc)

IP address allocation and configuration options retrieval

Authentication and configuration option retrieval

PLMN IP backbone
PPP

Gn

GGSN Gi

LT2P tunnel

LNS PPP

Intranet/ISP

Authentication (PAP, CHAP, etc.)

Proprietary information - Lucent Technologies

25

MPLS VPN
Gn Gi
Corporate 1
APN1

VRF1

MPLS LSP

GTP management
GTP tunnels
APN2

Corporate 2

VRF2

MPLS LSP

GGSN
Config vrf forwarding Config MPLS

Proprietary information - Lucent Technologies

26

Part III

Proprietary information - Lucent Technologies

27

GGSN OAM&P Interfaces and Management Systems

OAM&P interfaces supported by Cisco GGSN/PDSN:
Command Line Interface (CLI) SNMP agent interface to management systems NTP for time synchronization TFTP for file transfer

Management Systems offered by Cisco

CiscoWorks for Mobile Wireless (CW4MW) -- For 7206 only Mobile Wireless Center (MWC) --For 7609

Proprietary information - Lucent Technologies

28

GGSN OAM&P Current View - CW4MW

Network Operations Centre (NOC)
Service Providers OSS Cor a Java APIs DB SNMP Traps

RAN Vendor OMC

APIs Traps

CW4MW
APN Manager MWFM Statistics DB CiscoWorks 2000 SNMP/Syslog
Cisco Home Agent

Cisco GGSN

Mo ile Station

BTS BSC,

PCF

IP Network

Radio Access Network (RAN)

Proprietary information - Lucent Technologies

29

GGSN Future OAM&P Architecture -MWC

CiscoWorks Mobile Wireless Center 2.0

RME

SNMP/API/Corba

XML/HTTP

HTTP/API/corba

Fault Manager

Performance Engine

Provisioning Manager

Cisco View

6500/7600 & Service Blades

HA

PCF Radio Access Network (RAN)

Proprietary information - Lucent Technologies

Mobile Station

BTS BSC,

GGSN /PDSN

Cisco Home Agent

IPSec

IP
CAR

30

Part IV

Proprietary information - Lucent Technologies

31

Release Plan For GGSN CY2002 - 2003

GGSN R4.0 on 7200 GGSN R3.0 GA
EFT Sep-02 FCS Nov-02 GA Jan-03

EC

GGSN R4.0 on OSR/Cat 6K Conditional EC

EFT Mar-03 FCS Jun-03 GA Jul-03

GGSN R5.0
EFT 3QCY03 FCS 4QCY03 GA 1QCY04

NC

Key Features:
R97/98 Compliant L2TP VPN, MPLS VPN and VRF VPN, 802.1q support Enhanced Security Anti-spoofing Load Balancing & High Availability APN Scalability & Provisioning PPP Regeneration at GGSN

Key Features:
2.5G+ 3G.UMTS Support 2.5G/3G Interworking R99 Support R99 Charging Backward Compatibility to all R97/98 features

Key Features:
GGSN 4.0 (2.5G=3G) on MWAM card on Cat 6K/OSR High-Density, High Capacity, High Availability GGSN

Key Features:
Target Features: IPv6, Mobile IP, SSG Integration, TCP/IP Optimization, APN based Traffic Steering/Policy Routing Network Initiated PDP contexts

Key Applications:
2.5G and 3G/UMTS High-Density, Enterprise Apps

Key Applications:
ISP, Enterprise, connectivity and Mass Market Apps

Key Applications: Key Applications:

Enterprise VPN Applications, Remote Access, ISP Connectivity 3G/UMTS

Solution Notes: Solution Notes:

Supported on 7206VXR/NPE-400 platform Software Migration only from 2.5G to 3G Supported both on 6509 and 7609

Solution Notes:
3GPP R5/R6 also being investigated

Solution Notes:
Supported on 7206VXR/NPE-400 platform Deployed in CMCC kive network Certified by T-Mobil

Jun 2002

Jul 2002

Aug 2002

Sep 2002

Oct 2002

Nov 2002

Dec 2002

Jan 2003

Feb 2003

Mar 2003

Apr 2003

May 2003

Jun 2003

Jul 2003

Aug 2003

Sep 2003

Oct 2003

Nov 2003 32

Dec 2003

GA = Generally Available

FCS = First Customer Ship

EFT = Early Field Trials

EC = Execute Committed

CC = Concept Committed

NC = Not Committed

Proprietary information - Lucent Technologies

OAM&P Solution Roadmap

Phase 1.0
Cisco MWC 1.0
Template-based Configuration Flow-through provisioning Inventory management IP-RAN (Flintstone) support

Phase 2.0
Cisco MWC 2.[0,1]
Fault and Performance Mgmt support Mobile Service support PKGW Service support Customizable Template Cluster Mgmt MWAM Apps support Cell Site Maintenance Router

Phase 3.0
Cisco MWC 2.2
FCAPS Integration VPN Mgmt Integration CNS Service Integration EMS Integration OSS/BSS API Auditing & Security Enhancement Flintstone Support

Alarm collection & Correlation Device Statistics Monitoring APN & CSG Configuration CW2K LMS and RWAN PDSN, GGSN & SSG support MWR1900 support

CW4MW 3.0

CW2000/EMS
6500/7600 Chassis support MWAM Card Support MWR1900 support

CW2000 / EMS / Agent

PNL Integration API Integration to MWC MWAM Single Mgmt I/F MWR1900 support

FCS CQ3 02
Proprietary information - Lucent Technologies

ECed CQ2/3 03

Planning CQ1 04
(EFT Dates are used for ECed and Planned products) 33