Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Configure IE removal for GTPV1 and GTPv2

 
Summary

You can enable this function to remove IEs of specific types from all messages for GTPv1 and GTPv2. This helps to retain interoperability between Second-Generation Partnership Project (2GPP) and Third-Generation Partnership Project (3GPP) networks.

Requirements

This example uses the following hardware and software components:

  • An SRX Series device.

  • Junos OS Release 20.2R1.

Overview

The number of network elements in a mobile network is expanding with the introduction of multiple releases of 3GPP specifications. Every release introduces newer information elements (IEs) that are not defined in the prior releases. Therefore, mobile networks have diverse set of network elements creating interoperability problems between different releases of the devices. .

Each information element has a unique ID, the IE number. IE numbers range from 1 to 255. You can configure the GTP firewall to remove specific IEs using the user-configured IE number.

In this example, you can remove IEs of specific types from all messages for GTPv1 and GTPv2. It enables the communication between GTP entities whose GTP protocols are of different releases. This configurations helps to remove all instances of specified IEs such as supporting IE, Grouped IE, Embedded IE, or embedded grouped IE.

The IE removal support is already available for GTPv1-C. Starting in Junos OS Release 20.2R1, IE removal function is extending support for both GTPv1-C and GTPv2-C. You can use this functionality to retain interoperability between Second-Generation Partnership Project (2GPP) and Third-Generation Partnership Project (3GPP) networks.

Configuration

Configure IE removal for GTPv1

CLI Quick Configuration

To quickly configure this section of the example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

  1. Configure an ieset for GTPv1. In this example, we have created an ieset named ieset-v1-r7.
  2. Add interested IEs in the ieset-v1-r7.
  3. Bind the ieset to GTP profile as remove-ie. In this example, bind ieset-v1 as remove-ie-v1.

Configure IE removal for GTPv2

CLI Quick Configuration

To quickly configure this section of the example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

  1. Configure an ieset for GTPv2. In this example, we have created an ieset named ieset-v2.
  2. Add interested IEs in the ieset-v2.
  3. Bind the ieset to GTP profile as remove-ie. In this example, bind ieset-v2 as remove-ie-v2.

Results

From configuration mode, confirm your configuration by entering the show security gprs gtp command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

Verification

Verify GTPv1 and GTPv2 IE removal Profile

Purpose

To verify GTPv1 and GTPv2 IE removal profile.

Action

From operational mode, enter the show security gprs gtp ie-set (all | <ieset-name>) command.

user@host> show security gprs gtp ie-set all
user@host> show security gprs gtp ie-set ieset-v1-r7
user@host> show security gprs gtp ie-set ieset-v2

Meaning

The output displays the details of GTPv1 and GTPv2 IE removal profile.