Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Related Documentation

    Steel-Belted Radius Carrier: 3G-to-Wi-Fi Offload Solution Using the SBR MAP Gateway with EAP-SIM or EAP-AKA

    This example explains the SIGTRAN Man Machine Language (MML) configurations to support the 3G-to-Wi-Fi offload solution using the SBR MAP Gateway with EAP-SIM or EAP- AKA.

    Requirements

    This example uses the following hardware and software components:

    • Standalone SBR Carrier server
    • Ulticom Signalware
    • SBR software licenses:
      • SBR-CAR-AAA—Base server license
      • SBR-CAR-SIM—SIM authentication module
      • SBR-HLR-SIG—SBR Carrier HLR Gateway - SIGTRAN stack (includes two SIGTRAN associations)
    • A client with EAP-SIM or EAP-AKA enabled with an HLR
    • 802.1X-capable Wi-Fi infrastructure (applicable to Wi-Fi networks only)

    Overview

    With the increase in the number of smartphones and other mobile devices in the 3G network, the mobile data traffic volume increases. This can result in network congestion. The 3G-to-Wi-Fi offload solution helps to alleviate the network congestion in a 3G network by offloading the mobile data traffic to a Wi-Fi hotspot. The policy to offload the mobile data traffic to a Wi-Fi hotspot can be configured by the end user or the network operator.

    For example, when a smartphone user in a 3G network enters a Wi-Fi hotspot, the user is authenticated by SBR using the IMSI with credentials provided by the HLR. In this example, upon authentication, the user is authorized to access the Wi-Fi hotspot using encryption keys generated by EAP SIM or EAP AKA authentication.

    Topology

    The following topology (Figure 18) shows the components of a typical Wi-Fi infrastructure:

    Figure 18: Wi-Fi Infrastructure Topology

    Wi-Fi Infrastructure Topology

    Note: The configurations described in this document are based on the information gathered prior to deployment.

    You can use the following tables as a template to gather information from the customer prior to deployment:

    Table 210: SIGTRAN IP Address Details

    Component

    IP Address

    Subnet Mask

    Gateway

    SBR Carrier MAP Gateway

    10.20.0.2

    255.255.255.248

    SBR Carrier MAP Gateway

    10.21.0.2

    255.255.255.248

    Table 211: SIGTRAN Connectivity Details

    SIGTRAN Parameters

    Local IP Address

    STP IP Address (active)

    STP IP Address (standby)

    SCTP Port (local)

    SCTP Port (remote)

    Routing Context

    Network Appearance - NA=0

    OPC SSN

    DPC SSN

    Originating PC (dec)

    Destination PC (dec)

    SBR Carrier MAP Gateway

    10.20.0.2

    10.20.0.1

    2051

    2051

    002-040-103

    002-010-000

    7

    6

    SBR Carrier MAP Gateway

    10.21.0.2

    10.21.0.1

    2051

    2051

    002-040-103

    002-011-000

    7

    6

    Table 212: Global Title (GT) Details

    Component

    GT Address

    SBR Carrier MAP Gateway

    11235551212

    STP

    Table 213: Numbering Plan (NP)

    Mode

    NP

    Transmit (SBR >>> STP)

    E.164 (7)

    Receive (STP >>> SBR)

    E.164 (7)

    Configuration

    To configure the communication pathways, you must:

    Install Signalware

    Step-by-Step Procedure

    To install and configure Signalware on a Steel-Belted Radius Carrier server, see the Steel-Belted Radius Carrier Installation Guide.

    Create Links, Link Sets, and Route Sets

    Step-by-Step Procedure

    The following configuration is used to create links, link sets, and route sets:

    1. Define the SBR’s Own Signaling Point Code (OSPC). In this example, NI (Network Indicator) of NATO—National Network 0 is used.
      CREATE-OSPC:PC=002-040-103,NI=NAT0;
    2. Set up the M3UA link sets (LSET1 and LSET2) and use IP Signaling Point to IP Signaling Point configuration (IPSP-IPSP). See Figure 18 for addresses and point codes.
      CREATE-M3UA-LSET:LSET=LSET1,TYPE=IPSP-IPSP,RADDR=10.20.0.1,PC=002-010-000;
      CREATE-M3UA-LSET:LSET=LSET2,TYPE=IPSP-IPSP,RADDR=10.21.0.1.,PC=002-011-000;
    3. After the M3UA link sets are defined, signaling links are created using the link sets defined in Step 2. In this example, the default port 2051 is used.
      CREATE-M3UA-SLK:SLK=QFE20,LSET=LSET1,LADDR=10.20.0.2,RADDR=10.20.0.1,
      MODE=CONNECT,LPORT=2051,RPORT=2051;
      CREATE-M3UA-SLK:SLK=QFE21,LSET=LSET2,LADDR=10.21.0.2,RADDR=10.21.0.1,
      MODE=CONNECT,LPORT=2051,RPORT=2051;
    4. Activate the signaling links using the following command:
      ACTIVATE-M3UA-SLK:SLK=QFE20;
      ACTIVATE-M3UA-SLK:SLK=QFE21;
    5. Define the route set (a route set is simply a collection of routes). You must also specifically allow routes to be used.
      CREATE-RSET:RSET=STP1,PC=002-010-000,RTES=LSET1;
      CREATE-RSET:RSET=STP2,PC=002-011-000,RTES=LSET2;
      ALLOW-RSET:RSET=STP1;
      ALLOW-RSET:RSET=STP2;

    Configure authGateway and GWrelay Applications for HLR Communication

    Step-by-Step Procedure

    The authGateway application manages all communication between SBR Carrier and the HLR. The authGateway application also implements the Mobile Application Port (MAP) protocol and MAP messages that are sent through the Signalware protocol stack and out to the HLR and back. Multiple authGateway instances can be used to process multiple requests for authentication and authorization information simultaneously. The GWrelay application is used to pass authentication requests between SBR Carrier and the authGateway instances in a round-robin method. The GWrelay application establishes an SCTP connection with each authGateway instance through unique source and destination ports.

    Configuration of authGateway and GWrelay applications requires you to complete the activities described in the following sections:

    Configure the authGateway Routing Location Information

    Step-by-Step Procedure

    This section describes how to configure the local routing and the remote routing options.

    • For local routing, identify one or more concerned point codes (CPCs) and the local application gateway.
    • For remote routing, identify one or more point codes of the HLR and the remote application.

    The following actions take place in this configuration example for local and remote routing:

    1. authGateway is assigned a subsystem number (SSN) of 7 on the local host and the concerned point code on the HLR is identified as 002-010-000. The subsystem number (application) on the remote host is identified as 6.
      CREATE-CPC:PC=002-010-000,SSN=7;
      CREATE-REMSSN:PC=002-010-000,SSN=6;
    2. authGateway is assigned a subsystem number (SSN) of 7 on the local host and the concerned point code on the HLR is identified as 002-011-000. The subsystem number (application) on the remote host is identified as 6.
      CREATE-CPC:PC=002-011-000,SSN=7;
      CREATE-REMSSN:PC=002-011-000,SSN=6;
    3. Create one or more Global Title translations for the remote HLR (if GT routing is used).

      The following commands set up the Global Title routing for both directions (outbound and inbound). Outbound GT routing using any IMSI starting with 123 uses PC 002-010-000. Inbound routing uses the GT of 11235551212 routing to the SBR point code.

      CREATE-GT:TT=10,NP=ISDN-TEL,DIG="11235551212",PC=002-040-103,SSN=7,RI=GT;
      CREATE-GT:TT=9,NP=ISDN-TEL,DIG="123",PC=002-010-000,SSN=6,RI=GT;

    Configure the authGateway.conf File

    Step-by-Step Procedure

    The authGateway.conf file specifies remote routing and authorization options for the authGateway application.

    • Remote routing options control how the remote HLR is addressed based on the incoming IMSI.
    • Authorization options control whether or not a subscriber requesting an account is authorized for WLAN access, and which Steel-Belted Radius Carrier profile or native user is used.

    For more information about configuring the authGateway.conf file for remote routing and authorization options, see the Steel-Belted Radius Carrier Installation Guide.

    Configure the authGateway Startup Information

    Step-by-Step Procedure

    The CREATE-PROCESS and START-PROCESS commands start the authGateway process (by calling the authGatway.conf file), using options that you specify. For more information about the syntax and usage of the commands, see the Steel-Belted Radius Carrier Installation Guide.

    Use the following configuration example to create and start three authGateway instances:

    CREATE-PROCESS:NAME="GMT", CE="sbr-blr-vm5", 
    EXEC="/opt/JNPRsbr/radius/authGateway -debug 0xff -trace -name GMT -port 2003 -host sbr-blr-vm5 
    -node SBRLX -prot C7 -conf /opt/JNPRsbr/radius/conf/authGateway.conf -lri 1 
    -lpc 12501 -lssn 252 -rssn 101 -appctx 3";
    debug 0xff -trace -tracefile /opt/signalw/radius/authGateway.out
    
    START-PROCESS:NAME="GMT",CE="sbr-blr-vm5";
    
    CREATE-PROCESS:NAME="GMT1", CE="sbr-blr-vm5", 
    EXEC="/opt/JNPRsbr/radius/authGateway -debug 0xff -trace -name GMT1 -port 2005 -host sbr-blr-vm5 
    -node SBRLX -prot C7 -conf /opt/JNPRsbr/radius/conf/authGateway.conf -lri 1 
    -lpc 12501 -lssn 252 -rssn 101 -appctx 3";
    debug 0xff -trace -tracefile /opt/signalw/radius/authGateway1.out
    
    START-PROCESS:NAME="GMT1",CE="sbr-blr-vm5";
    
    CREATE-PROCESS:NAME="GMT2", CE="sbr-blr-vm5", 
    EXEC="/opt/JNPRsbr/radius/authGateway -debug 0xff -trace -name GMT2 -port 2007 -host sbr-blr-vm5 
    -node SBRLX -prot C7 -conf /opt/JNPRsbr/radius/conf/authGateway.conf -lri 1 
    -lpc 12501 -lssn 252 -rssn 101 -appctx 3";
    debug 0xff -trace -tracefile /opt/signalw/radius/authGateway2.out
    
    START-PROCESS:NAME="GMT2",CE="sbr-blr-vm5";
    

    Configure the GWrelay.conf File

    Step-by-Step Procedure

    The GWrelay application is used to pass authentication requests between SBR Carrier and the authGateway instances in a round-robin method. The GWrelay.conf file is used to define the source and destination ports through which an SCTP connection is established between the GWrelay application and the authGateway instance.

    You can modify the LOCAL_HOST, REMOTE_HOST, and RELAY_SERVER lines in the GWrelay.conf file to define DNS names and port numbers. When you specify a DNS name for a local or remote host, you can enter the host’s IP address in brackets as a backup. We recommend that you make hostname and IP address entries in the /etc/hosts file because it is more reliable than DNS.

    The following example explains how to define source and destination ports for three authGateway instances:

    LOCAL_HOST sbr-blr-vm5:2002
    REMOTE_HOST sbr-blr-vm5:2003 [10.20.0.2]
    
    LOCAL_HOST sbr-blr-vm5:2004
    REMOTE_HOST sbr-blr-vm5:2005 [10.20.0.2]
    
    LOCAL_HOST sbr-blr-vm5:2006
    REMOTE_HOST sbr-blr-vm5:2007 [10.20.0.2]
    
    RELAY_SERVER sbr-blr-vm5:2000

    Note: The specified host-name and port parameters in the REMOTE_HOST line must match the -host and -port options in the MML CREATE-PROCESS statement, respectively.

    For more information, see the Steel-Belted Radius Carrier Installation Guide.

    Start the GWrelay Process

    Step-by-Step Procedure

    You can use the sbrd script to start and stop the GWrelay process. All sbrd commands can be executed only by the root user. To start the GWrelay process, execute ./sbrd start GWrelay. To stop the GWrelay process, execute ./sbrd stop GWrelay. To restart the GWrelay process, execute ./sbrd restart GWrelay.

    Configure the ulcmmg.conf File

    Step-by-Step Procedure

    The ulcmmg.conf file establishes the connection between the GWrelay application and SBR Carrier.

    The ulcmmg.conf file shipped with SBR Carrier can be modified so that hostnames of LOCAL_HOST and REMOTE_HOST are same. If you specify a DNS name for a local or remote host, you can enter the host’s IP address in brackets as a backup. Making an entry in the /etc/hosts file is recommended because it is more reliable than DNS.

    The following is an example of the LOCAL_HOST and REMOTE_HOST values in the ulcmmg.conf file:

    LOCAL_HOST myhost.com:2001
    REMOTE_HOST myhost.com:2000 [10.20.0.2]
    

    For more information, see the Steel-Belted Radius Carrier Installation Guide.

    Modified: 2017-03-07