3GPP R6 Information Elements Support Overview

Information elements (IEs) are included in all GTP control message packets. IEs provide information about GTP tunnels, such as creation, modification, deletion, and status. NSM supports IEs consistent with Third-Generation Partnership Project (3GPP) Release 6. If you are running an earlier release, or have contractual agreements with operators running earlier releases of 3GPP, you can reduce network overhead by restricting control messages containing unsupported IEs.

In 3GPP R6, the following new IEs have been added:

Radio Access Technology

The Radio Access Technology (RAT) information element provides ways to stimulate Wideband Code Division Multiple Access (WCDMA) and to perform reporting through billing information systems.

Routing Area Identity and User Location Information

Some countries restrict subscriber access to certain types of network content. To comply with these regulatory demands, network operators need to be able to police subscriber’s requested content before allowing a content download. NSM gives network operators the ability to screen content based on the Routing Area Identity (RAI) and User Location Information (ULI) IEs.

APN Restriction

Multiple concurrent primary packet data protocol (PDP) contexts, and an MS/UE capable of routing between these two access points, can put IP security at risk for corporate users who have both private and a public APN. The APN Restriction IE, added to the GTP create PDP context response message, ensures the mutual exclusivity of a PDP context if requested by a GGSN (or rejected if this condition cannot be met), and thus avoids the security threat.

IMSI Prefix Filtering

A GPRS support node (GSN) identifies a mobile station (MS) by its International Mobile Station Identity (IMSI). An IMSI comprises three elements: the Mobile Country Code (MCC), the Mobile Network Code (MNC), and the Mobile Subscriber Identification Number (MSIN). The MCC and MNC combined constitute the IMSI prefix and identify the mobile subscriber’s home network, or Public Land Mobile Network (PLMN). By setting IMSI prefixes, you can configure the security device to deny GTP traffic coming from nonroaming partners. By default, a security device does not perform IMSI prefix filtering on GTP packets. By setting IMSI prefixes, you can configure the security device to filter create pdp request messages and permit only GTP packets with IMSI prefixes that match the ones you set. For more information on IMSI prefix filtering, see the Concepts & Examples ScreenOS Reference Guide.

IMEI-SV

The International Mobile Equipment Identity-Software Version (IMEI-SV) IE provides ways to adapt content to the terminal type and client application whenever a proxy server for this purpose is not present. This IE is also useful in reports generated from the GGSN, AAA, and/or Wireless Application Protocol gateway (WAP). The GTP-aware security device supports the RAT, RAI, ULI, APN Restriction, and IMEI-SV in GTP attributes to avoid treatment or categorization as unambiguous traffic, which can be harmful to GPRS traffic or GPRS roaming traffic. These attributes are included in the set of useful filter attributes used to block specific GPRS traffic and/or GPRS roaming traffic. When you set an IMEI-SV IE, you must also specify an APN.

Related Documentation