Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring authGateway and GWrelay Applications for HLR Communication

 

The authGateway application manages all communication between SBR Carrier and the HLR. The authGateway application also implements the MAP (Mobile Application Port) protocol and MAP messages that get sent through the Signalware protocol stack and out to the HLR and back. Multiple authGateway instances can be used to process multiple authentication and authorization requests simultaneously. The GWrelay application is used to pass authentication requests between SBR Carrier and the authGateway instances in a round-robin method. The GWrelay application establishes an SCTP connection with each authGateway instance through unique source and destination ports.

Configuration of authGateway and GWrelay applications requires the activities described in the following sections of this chapter:

Configuring the authGateway Routing Location Information

Configuring the authGateway Routing Location Information

This activity assigns the local routing options and the remote routing options using the MML commands listed in Table 38.

Table 38: MML Commands for Configuring authGateway Routing Location

MML Command

Description

CREATE-CPC

Identify the concerned point code (CPC), which is the destination point code and the local application (authGateway).

CREATE-REMSSN

Identify the point code of the HLR and the remote application.

CREATE-GT

Create a global title translation for the remote HLR (if Global Title routing is used).

For more information about the syntax and usage of the MML commands, see Signalware MML Commands.

Example 1—Global Title Routing Using Global Title Identification

Example 1—Global Title Routing Using Global Title Identification

In the following example, these actions take place:

Line 1 (CREATE-GT): Global Title type translation is used so that digits 22201 are sent to PC, SSN=61, 6. RI=GT notifies 61,6 that it needs to find the next routing hop for the request.

CREATE-GT:TT=0,NP=ISDN-MOB,NA=INT,DIG="22201",PC=61,SSN=6,RI=GT;

Example 2—PCSSN Routing Using Point Code Identification

Example 2—PCSSN Routing Using Point Code Identification

In the following example, these actions take place:

Line 1 (CREATE-CPC): authGateway is assigned a subsystem number (SSN) of 7 on the local host and the concerned point code on the HLR is identified as 61.

Line 2 (CREATE-REMSSN): The subsystem number (application) on the remote host is identified as 6.

Line 3 (CREATE-GT): Global Title type translation is used so that digits 22201 are sent to PC, SSN=61, 6. RI=PCSSN indicates that digits 22201 are handled by PC, SSN=61, 6.

CREATE-CPC:PC=61,SSN=7;

CREATE-REMSSN:PC=61,SSN=6;

CREATE-GT:TT=0,NP=ISDN-MOB,NA=INT,DIG="22201",PC=61,SSN=6,RI=PCSSN;

Note

MML commands are saved in MML files, which can be loaded into Signalware. See Loading the MML Configuration Settings.

Configuring the authGateway.conf File

Configuring the authGateway.conf File

The authGateway.conf file configures the following authGateway options:

  • Remote routing options control how the remote HLR is addressed based on the incoming IMSI.

  • Authorization options control whether or not a subscriber requesting an account is authorized for WLAN access, and which Steel-Belted Radius Carrier profile or native user is used.

  • The FetchMSISDNRoutingInfoLCS parameter specifies the type of message that is used to request MSISDN information from an HLR or HSS, and the CamelSupportedPhases parameter specifies which CAMEL phase services are supported in the network.

  • Common configurations of the authGateway process.

  • Process-specific options specify settings related to the authGateway process.

[Routing-Configuration] Section

[Routing-Configuration] Section

Each line in the authGateway.conf file represents a target HLR, where each HLR has its own routing options and authorization options. Indicate each HLR listed in this file with the initial digits of the subscriber password, specified by the odigits option.

Table 39 lists the remote routing options for the authGateway.conf file.

Table 39: authGateway.conf [Routing-Configuration] Section Syntax

Option

Purpose

bs

Bearer Service. See Authorization Options.

msisdn

The msisdn option can be used in place of ndigits and odigits when no translation is required. See Example 2—authGateway.conf file [Routing-Configuration] Section.

ndigits

Replacement digits for numbering plan translation (hybrid IMSI).

odb

Operator-Determined Barring. See Authorization Options.

odigits

Initial digits of IMSI or password for this HLR. For each request, the first digits of the IMSI are compared with odigits. The first line of the configuration file that matches is selected for the current request.

If the routing indicator (rri) is 0 (Global Title), the leading digits are replaced with the new digits (ndigits) to perform the numbering plan translation.

Example of direct replacement:

If the rule is “odigits 12345 ndigits 98765” and the IMSI is 123456789012345, the resulting digits are 987656789012345.

Example of wildcard replacement:

If the rule is “odigits 12345* ndigits 98765” and the IMSI is 123456789012345, the resulting digits are 98765.

rgti

(Global Title only) GTI value. 4 for C7; 2 for A7. (Usually 4.)

rnai

(Global Title only) Nature of Address Indicator.

rnp

(Global Title only) Numbering Plan.

Acceptable values are:

1—ISDN/Telephony

3—DATA

4—TELEX

5—Maritime Mobile

6—Land/Mobile

7—ISDN/Mobile

10—British Telecom special 1

11—British Telecom special 2

14—Private Network

rpc

Remote Point Code. Point Code of HLR or MSC.

rri

Routing indicator - 0 for GT (Global Title), 1 for PC/SSN (Point Code/Subsystem Number).

rssn

Subsystem Number of HLR.

rtt

(Global Title only) Translation Type (usually 0).

ts

Teleservice. See Authorization Options.

Authorization Options

The HLR database includes authorization information that is assigned to each subscriber. Three authorization designations are relevant to Steel-Belted Radius Carrier with the SIM authentication module:

  • BS (Bearer Service)

  • TS (Teleservice)

  • ODB (Operator-Determined Barring)

You can specify subscriber HLR authorization (and barred service) designations in the MAP Gateway authGateway.conf file.

Note

You can disable authorization completely from EAP-SIM (not fetch subscriber profile information from the HLR and not perform a SQL/LDAP query). For instructions about disabling authorization, see “Disabling Authorization from EAP-SIM” in the section on Configuring the gsmmap.gen File for the SIM Authentication Module, in the SBR Carrier Reference Guide.

Each line in the authGateway.conf file corresponds to an HLR in your network. Each line also specifies all potential authorization (and barred service) settings for any subscribers on this HLR.

Steel-Belted Radius Carrier with the SIM authentication module uses the service authorization information that you list for each HLR in authGateway.conf:

  • When a TS or BS designation is assigned to a subscriber entry in the HLR database, Steel-Belted Radius Carrier with the SIM authentication module allows the subscriber the designated class of WLAN service upon authorization request.

  • When an ODB designation is assigned to a subscriber, Steel-Belted Radius Carrier with the SIM authentication module denies the subscriber WLAN service upon authorization request.

  • When you do not specify service designations for a HLR listed in authGateway.conf, then all subscribers on that HLR are authorized for WLAN service.

  • You can specify up to six authorization strings of each type (TS, BS, or ODB) on any given line of authGateway.conf.

You can specify the service designations in authGateway.conf:

bs n1: auth1

ts n2:auth2

odb n3:auth3

Here, ni (i=1,2,3) is a decimal integer that specifies the setting, and authi (i=1,2,3) is the string returned from the MAP Gateway to Steel-Belted Radius Carrier with the SIM authentication module.

For example, you might specify the potential subscriber designations on one HLR with the following text in authGateway.conf:

bs 26:B1A ts 33:TS21 odb 128:bar

Note

If you require any HLR authorization strings to define different classes of service for your subscribers, you must also specify those TS, BS, and ODB authorization strings in certain files associated with the SIM authentication module. For information about how to match these strings to Steel-Belted Radius Carrier variables, see the “simauth.aut [ProfileMap] Section” of Configuring EAP-SIM and EAP-AKA for the SIM Authentication Module in the SBR Carrier Reference Guide.

Example 1—authGateway.conf file [Routing-Configuration] Section

(Lines are wrapped.)

odigits 2310 ndigits 2324 rnai 4 rnp 7 rgti 4 rtt 0 rri 0 rpc 3003 rssn 251 bs 12:gold bs 23:silver ts 91:bronze ts 92:red ts 93:green odb 1:black aqua

odigits 31026 ndigits 32476 rnai 4 rnp 7 rgti 4 rtt 0 rri 1 rpc 3003 rssn 253 bs 23:morning bs 24:afternoon ts 1:night

Example 2—authGateway.conf file [Routing-Configuration] Section

In this global title example, odigits and ndigits are the same and do not require translation. You can use the msisdn option in place of ndigits and odigits when no translation is required.

(Lines are wrapped.)

msisdn 31026 rnai 4 rnp 7 rgti 4 rtt 0 rri 0 rpc 3003 rssn 251 bs 12:gold bs 23:silver ts 91:bronze ts 92:red ts 93:green odb 1:black aqua

[Supported-MAP-Messages] Section

[Supported-MAP-Messages] Section

The [Supported-MAP-Messages] section (Table 40) of the authGateway.conf file specifies the method of fetching MSISDN and which CAMEL phase services are supported in the network.

Table 40: authGateway.conf [Supported-MAP-Messages] Syntax

Parameter

Description

FetchMSISDNRoutingInfoLCS

Specifies the type of message that is used to fetch MSISDN information from an HLR or HSS.

MSISDN information is usually fetched from an HLR through the d interface using the RestoreData message. Setting the FetchMSISDNRoutingInfoLCS parameter to 0 configures the authGateway process to interact with the HLR through the RestoreData message. The default SSN configured when the authGateway process starts is used as the originating SSN in the RestoreData message.

MSISDN information is usually fetched from an HLR or HSS through the SLh or Lh interface using the SendRoutingInfoForLCS message. Setting the FetchMSISDNRoutingInfoLCS parameter to 1 configures the authGateway process to interact with the HLR or HSS through the SendRoutingInfoForLCS message. Because SBR Carrier acts as a GMLC in this case, the GMLC SSN (i.e. 145) is used as the originating SSN.

By default, this parameter is set to 0.

CamelSupportedPhases

Specifies which CAMEL phase services are supported in the network.

  • If set to 0 or commented out, the RestoreData message populates only the mandatory parameter IMSI.

  • If set to 1, the network supports CAMEL phase 1 services.

  • If set to 2, the network supports CAMEL phase 2 services.

  • If set to 3, the network supports CAMEL phase 3 services.

  • If set to 4, the network supports CAMEL phase 4 services.

By default, this parameter is set to 0.

[Common-AGW-Configurations] Section

[Common-AGW-Configurations] Section

The [Common-AGW-Configurations] section (Table 41) of the authGateway.conf file specifies common configurations for the authGateway process.

Table 41: authGateway.conf [Common-AGW-Configurations] Syntax

Option

Description

appctx

Specifies the MAP protocol revision (2 or 3). Only MAPv3 retrieves quintets, so it must be used to support EAP-AKA.

Default value is 2.

connretry

Specifies the number of connection attempts.

Default value is 10.

conntimeout

Specifies the connection timeout in minutes.

Default value is 0 minute.

host

Specifies the local hostname. You must use the hostname associated with the IP address that the authGateway listen on. Also, you must ensure that the entry is coordinated with the radius/GWrelay.conf file (if authGateway is running as multiple instances) and radius/conf/ulcmmg.conf (if authGateway is running as a single instance) files. If a hostname is not specified, 0.0.0.0 is used.

invkretry

Specifies the number of invoke retries.

Default value is 1.

invktimeout

Specifies the duration of invoke timeout in seconds.

Default value is 30 seconds.

lgti

(Global Title only) Specifies the local GTI value, usually 4 for C7 and 2 for A7.

Default value is 4.

lmsisdn

(Global Title only) Specifies the MSISDN value of the local node.

Default value is 0.

lnai

(Global Title only) Specifies the scope of the address value, such as whether it is an international number (includes country code) or a national number (no country code).

  • 1—Subscriber number with no area code (example: 5551234)

  • 2—Unused

  • 3—National significant number with no country code (example: 2015551234)

  • 4—International number with country code (example: 12015551234)

Default value is 4.

lnp

(Global Title only) Specifies the local numbering plan. Acceptable values are:

  • 1—ISDN/Telephony

  • 3—DATA

  • 4—TELEX

  • 5—Maritime Mobile

  • 6—Land/Mobile

  • 7—ISDN/Mobile

  • 10—British Telecom special 1

  • 11—British Telecom special 2

  • 14—Private Network

Default value is 1.

lpc

Specifies the Local Point Code (PC).

Default value is 0.

lri

Specifies the routing indicator used to address messages to the local node.

  • 0—Global Title

  • 1—PC/SSN

Default value is 1.

ltt

(Global Title only) Specifies local translation type.

Default value is 0.

max_requests

Specifies the maximum number of concurrent requests that can be handled by the authGateway process.

Default value is 1000.

monitor

Activates the message activity monitor.

no_rst

Disables automatic restart of the authGateway process.

node

Specifies the node name.

[Process<name>] Section

[Process<name>] Section

The [Process<name>] section (Table 42) of the authGateway.conf file contains the parameters that control authGateway process specific behavior.

Table 42: authGateway.conf [Process<name>] Syntax

Option

Description

debug

Specifies a debug level. Default value is 0.

Note: This parameter is reloaded whenever SBR Carrier receives a SIGHUP (1) signal.

lssn

Specifies the local subsystem number.

Default value is 7.

port

Specifies the port number used by the SCTP association with the client.

prot

Specifies the variant used (C7, A7, or CH7).

trace

Enables debug tracing and displays the trace information about the console. (Consists of a trace of all MAP messages that are formatted and sent down the stack.)

Note: We recommend setting this parameter to 0.

Note: This parameter is reloaded whenever SBR Carrier receives a SIGHUP (1) signal.

tracefile

Captures the trace information to a file. The filename follows the -tracefile switch. Include the directory in the filename.

Note: This parameter is reloaded whenever SBR Carrier receives a SIGHUP (1) signal.

Example

If you are using two authGateway processes—for example, GMT1 and GMT2, then two sections [ProcessGMT1] and [ProcessGMT2] must be added to the authGateway.conf file for the authGateway processes to startup. The following example explains this configuration:

Configuring the authGateway Startup Information

Configuring the authGateway Startup Information

The CREATE-PROCESS and START-PROCESS MML commands start the authGateway (by calling authGatway.conf), using options that you specify.

Table 43 describes the MML commands needed to configure and start authGateway.

Table 43: MML Commands for Configuring the Start of authGateway

MML Command

Description

CREATE-PROCESS

Identify the authGateway configuration file and the authGateway options.

START-PROCESS

Start the process.

For more information about the syntax and usage of the MML commands, see Signalware MML Commands. See Loading the MML Configuration Settings for information about executing the MML commands.

Table 44 lists the mandatory MML options to be used with the CREATE-PROCESS command.

Table 44: authGateway Process Options Used with CREATE-PROCESS

Option

Description

conf

Path and name of the authGateway configuration file. The default file is $RADIUSDIR/conf/authGateway.conf.

name

Name of the authGateway process.

The MML options listed in Table 45 are still supported for backward compatibility.

Note

Starting from SBR Carrier 8.4.0 release, the authGateway.conf file configuration takes precedence over any existing MML CREATE-PROCESS options. While upgrading to SBR Carrier Release 8.4.0 or later, the authGateway.conf file will be imported from older versions of SBR Carrier. If there is no specified configuration present in the imported authGateway.conf file, SBR Carrier uses the existing MML configurations. If no MML configurations are present, the authGateway.conf defaults are used. If any mandatory parameters (port, host, and node) are missing, then error messages are logged.

Table 45: authGateway Process Options Supported for Backward-Compatibility

Option

Description

appctx

MAP protocol revision (2 or 3). Only MAPv3 retrieves quintets, so it must used to support EAP-AKA.

conf

Path and name of the authGateway configuration file. The default file is $RADIUSDIR/conf/authGateway.conf.

debug

Sets a debug level. Use the following:

-debug 0xff

host

Local hostname. Use the hostname associated with the IP address that the authGateway listen on, and ensure that the entry is coordinated with the radius/GWrelay.conf file. If a hostname is not specified, 0.0.0.0 is used.

invkretry

Number of invoke retry.

invktimeout

Duration of invoke timeout in seconds.

lgti

(Global Title only) Local GTI value, usually 4 for C7 and 2 for A7.

lmsisdn

(Global Title only) MSISDN of this local node.

lnai

(GT only) Nature of Address Indicator. Indicates the scope of the address value, such as whether it is an international number (includes country code) or a national number (no country code).

1 Subscriber Number—no area code (example: 5551234

2 unused

3 National Significant Number—no country code (example: 2015551234)

4 International Number—includes country code (example: 12015551234)

lnp

(Global Title only) Local Numbering Plan.

Acceptable values are:

1—ISDN/Telephony

3—DATA

4—TELEX

5—Maritime Mobile

6—Land/Mobile

7—ISDN/Mobile

10—British Telecom special 1

11—British Telecom special 2

14—Private Network

lpc

Local Point Code (PC).

lri

Routing indicator - 0 for GT (Global Title), 1 for PC/SSN.

lssn

Local Subsystem Number (SSN) (required).

ltt

(Global Title only) Local Translation Type. Generally in a live network TT is always 0.

max_requests

The maximum number of simultaneous MAP dialogs.

monitor

Activates Message Activity Monitor.

name

Name of the process.

no rst

Disables automatic restart of process.

node

Node name.

port

Port number used by the SCTP association with the client.

prot

Variant used (C7, A7, or CH7).

rssn

Subsystem number of HLR.

trace

We recommend setting this to 0xff; this enables debug tracing and displays the trace information about the console. (Consists of a trace of all MAP messages that are formatted and sent down the stack.)

Use the tracefile option to capture the trace information to a file.

tracefile

Captures the trace information to a file. The filename follows the -tracefile switch. Include the directory in the filename.

Example—Creating and Starting the authGateway Process

Example—Creating and Starting the authGateway Process

Notice that the SSN=7 in the CREATE-CPC of the previous example (Example 2 in Configuring the authGateway Routing Location Information) becomes the lssn (local subsystem number) in the CREATE-PROCESS command of this example. The SSN=6 in the CREATE-REMSSN command of the previous example (Example 2 in Configuring the authGateway Routing Location Information) becomes the -rssn (remote subsystem number) in this example. We recommend that you specify an absolute (full) path in the EXEC command.

The following configuration example explains how to create and start three authGateway instances:

(Lines are wrapped.)

Note

MML commands are saved in MML files that can be loaded into Signalware. See Loading the MML Configuration Settings.

Configuring the GWrelay.conf File

Configuring the GWrelay.conf File

The GWrelay application is used to pass authentication requests between SBR Carrier and the authGateway instances in a round-robin method. The GWrelay.conf file is used to define the source and destination ports through which an SCTP connection is established between the GWrelay application and authGateway instances.

You can modify the LOCAL_HOST, REMOTE_HOST, and RELAY_SERVER lines in the GWrelay.conf file to define DNS names and port numbers. When you specify a DNS name for a local or remote host, you can enter the host’s IP address in brackets as a backup. We recommend that you make hostname and IP address entries in the /etc/hosts file because it is more reliable than DNS.

Example—Configuring the GWrelay.conf File

Example—Configuring the GWrelay.conf File

The following example explains how to define source and destination ports for three authGateway instances:

Note

The specified host-name and port parameters in the REMOTE_HOST line must match the -host and -port options in the MML CREATE-PROCESS statement, respectively.

Starting the GWrelay Process

Starting the GWrelay Process

You can use the sbrd script to start and stop the GWrelay process. All sbrd commands can be executed only by the root user. To start the GWrelay process, execute ./sbrd start GWrelay. To stop the GWrelay process, execute ./sbrd stop GWrelay. To restart the GWrelay process, execute ./sbrd restart GWrelay.

Note

The GWrelay application gets terminated automatically when all the configured authGateway instances are down. So, you must manually start the GWrelay application when the authGateway instances are restarted.

If you have set the GWRELAYENABLE parameter in the sbrd.conf file to 1 or answered Yes to the question Do you want to enable "GWrelay" Process? [n]: while running the SBR Carrier configuration script, then the GWrelay process will be started, stopped, or restarted when you execute the ./sbrd start, ./sbrd stop, or ./sbrd restart script respectively.

Configuring the ulcmmg.conf File

Configuring the ulcmmg.conf File

The ulcmmg.conf file establishes the connection between the GWrelay application and SBR Carrier.

The ulcmmg.conf file consists of two lines, as shown in the following example. Modify the ulcmmg.conf file shipped with SBR Carrier so that hostnames of LOCAL_HOST and REMOTE_HOST are same. If you specify a DNS name for a local or remote host, you can enter the host’s IP address in brackets as a backup. Making an entry in the /etc/hosts file is recommended because it is more reliable than DNS.

Example

Example

LOCAL_HOST myhost.com:2001

REMOTE_HOST myhost.com:2000 [172.25.97.230]

Note

If an IP address is specified, it must be the address of the server specified as the HostName set when the Create-Process -host option is invoked.

For additional examples, see Sample authGateway Command and File.