Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

GTP Support for Central Point Architecture

The GTP Application Layer Gateway (ALG) maintains tunnel state and permits tunnel update requests only for existing tunnels. When user equipment (UE) moves to a new location and attaches to another SGSN, the original tunnel must be updated with the new SGSN information. Because some GPRS tunneling protocol, control plane (GTP-C) messages are bidirectional and may originate from either the SGSN or GGSN, correct session distribution is not always guaranteed. If the first packet arrives from an unknown direction, the GTP ALG stops session creation and drops the first and pending packets.

To prevent GTP-C packet drops, a new flow session is created and GTP-C traffic is allowed even before the GGSN or SGSN direction is determined. The correct Service Processing Unit (SPU) is later identified using the GGSN IP address. If necessary, the session is migrated to the designated SPU.

Tunnel-Based Session Distribution

The GTP‑C tunnel functionality has been enhanced to support tunnel‑based session distribution, speeding up the tunnel setup process and enabling more efficient load balancing of sessions across the SPUs. This ensures GTP-C messages reach the control tunnel and complete stateful inspection.

When enabled, GTP-C tunnels and sessions are distributed using the SGSN TEID. The following command is mandatory:

Central Point Architecture Enhancements

The central point architecture has been enhanced with the following capabilities:

  • Prevent GTP-C packet drop issues during the SGSN handover.

  • Support the GTP-C message rate-limiting to protect the GGSN from flooding of GTP-C messages.

  • Distribute GTP-C and GTP-U traffic handled by a GGSN and SGSN pair on all SPUs by switching to tunnel-based session distribution in which the GTP-C and GTP-U traffic of different tunnels is spread across different SPUs. Use the enable-gtpu-distribution command to enable GTP-C or GTP-U session distribution.

GTP Tunnel Management

GTP is used to establish a GTP tunnel for individual user endpoints and between an SGSN and a GGSN. A GTP tunnel is a channel between GSNs through which two hosts exchange data. The SGSN receives packets from the user endpoints (UEs) and encapsulates them within a GTP header before forwarding them to the GGSN through the GTP tunnel. When the GGSN receives the packets, it decapsulates them and forwards them to the external host.

Tunnel Object: The client endpoints contain information for downstream GSN (SGSN), the server endpoints hold information for upstream GSN (GGSN). Each tunnel endpoint reserves two fields—one for the IPv4 address and one for the IPv6 address. The tunnel endpoint saves the addresses learned in the tunnel creation or update messages.

Redirect Entry: Redirect entries (also called redirect tunnels) are installed to help finding the anchor SPU. Redirect endpoints are created by means of the creation of normal GTP tunnels. A redirect entry is mapped to one tunnel endpoint and it copies IP address(es) the TEID value, and the anchor SPU ID from the tunnel. With IPv6 tunnel support, redirect entry is expanded like tunnel object.

GSN

The GGSN or PGW converts the incoming data traffic coming from the mobile users through the SGSN and forwards it to the relevant network, and vice versa. The GGSN and the SGSN together form the GSN.

GSN Object: The GTP ALG maintains a GSN table. Each GSN node in a GSN table will record one GSN IP address, (IPv4 or IPv6), GSN restart counter, and GSN-based rate-limiting counter, and so on. If a GSN node has both an IPv4 and an IPv6 address, the GTP ALG generates two separate GSN entries—one for the IPv4 address and one for the IPv6 address. These two entries within the same GSN node count the rate-limit signaling messages independently and age out separately.

GSN Reboot: If a GSN reboots, the restart counter changes and the related tunnels gets deleted. For example, if a GSN node is enabled with two IP addresses on tunnels. then the GSN restart is detected by only one IP address (IPv4 or IPv6). The tunnels with both IP addresses are removed, and vice versa.

Path Object Management

A path object contains two GSN addresses, and it supports both IPv4 and IPv6 addresses. A path object records the information between the GSN addresses such as message counter, the last time, and so on. For a GSN that has both an IPv4 address and an IPv6 address, the two addresses have their separated paths. Each path performs its own rate-limitation, and ages out separately.