Mobile Networks Support
Stingray SG can detect GTP-C traffic and extract subscriber parameters for the subscriber's IP and login binding from the GTP session creation requests. GTP-C versions 1 and 2 are supported. GTP support is enabled by parameters in fastdpi.conf:
# bras_enable=1 # # GTP processing mode # Values: # 0 - (default) GTP processing is disabled # 1 - [bind mode] In this mode, BNG/BRAS processes GTP-C packets of the session start and end, # binding the IP-address issued to the subscriber with the login (IMSI or MSISDN is used as the login). # At the end of the session, the login-IP connection is broken. # 2 - [auth mode] authorization of GTP sessions is enabled. In this mode, BNG/BRAS processes GTP-C session start and end packets. # Upon successful start of the GTP session, BRAS sends an L3 authorization request to PCRF, # transmitting the subscriber's IP address, IMSI, MSISDN, IMEI and other parameters. # At the end of the session, the login-IP connection is broken. # SSG does not terminate GTP sessions, all GTP-C packets are dropped. # 3 - [passive bind mode] Similar to mode 1 [mirror bind mode], but GTP-C packets are not dropped. # The SSG should be in a gap on the S11 or S5 interface. # 4 - [passive auth mode] Similar to mode 2 [mirror auth mode], but GTP-C packets are not dropped. # The SSG should be in a gap on the S11 or S5 interface. #bras_gtp_mode=0
Creating a session (bind IP-LOGIN) on responses:
#Response to Create PDP Context Request for GTPv1: Create PDP Context Response #Response to Create Session Request for GTPv2: Create Session Response
Deleting a session (bind IP-LOGIN) on responses:
#Response to Delete PDP Context Request for GTPv1: Delete PDP Context Response #Response to Delete Session Request for GTPv2: Delete Session Response #Response to Delete Bearer Request for GTPv2: Delete Bearer Response
The Stingray SG connection point is set by the parameter:
# Where the SSG is connected (which GTP-C is fed to the SCAT) # Valid values: # 0 - S5 protocol (SGW <-> PGW). This is the default # 1 - S11 protocol (MME <-> SGW) bras_gtp_mountpoint=0
In mirror mode (bras_gtp_mode
1 or 2), SSG drops all incoming GTP-C packets.
In passive mode ( bras_gtp_mode
3 or 4) SSG passes GTP-C traffic through itself.
You should also set the maximum size of active GTP-sessions internal database in fastdpi.conf
# Max number of concurrent GTP-sessions # We recommend setting this parameter 1.5-2 times more than the actual max number of sessions # Default value: 10000 sessions, minimum value: 10000 #bras_gtp_session=10000
After receiving a request to create a GTP-C session, SSG waits for a packet of successful session creation. Only at this moment, upon receiving a successful response and issuing an IP address to the subscriber, connects the login and IP. The response timeout is set by a parameter in fastdpi.conf:
# Max time to wait for a response to a GTP session creation, seconds # Default = 3 seconds #bras_gtp_pending_timeout=3
IMSI or MSISDN can be used as a login, which is set by a parameter in fastdpi.conf:
# What is the subscriber's login for GTP: # 0 - IMSI (by default) # 1 - MSISDN #bras_gtp_login=0
To detect GTP-U, you have to enable tunnel parsing:
# enable the tunnels parsing by dispatchers check_tunnels=1 # enable the detection and parsing of GTP-U detect_gtp_tunnel=1
When you enable parsing of GTP-U tunnels, SSG will work with the real IP-address of the subscriber, and not with the IP-address of the tunnel. That means that it becomes possible to apply filtering, services and policing to the GTP-subscriber.
SSG does not terminate GTP-U tunnels.
The internal database of GTP-sessions can be controlled with a special set of CLI-commands.