GPRS Backbone Configuration

8/3/2019 GPRS Backbone Configuration

1/108

Alcatel University - 8AS 90200 1317 VA ZZA Ed.021

Alcatel 1000 GPRS

R2.3/U2 PS-CN

backbone configuration

All rights reserved. Passing on and copying of this

document, use and communication of its contents notpermitted without written authorization from Alcatel

Practical works manual8AS 90200 1317 VA ZZA Ed.02

Edition 2004


2/108


Page intentionaly left blank


3/108


3 Alcatel University - 8AS 90200 1317 VA ZZA Ed.02

1 DNS server : Server handling 2 DNS server : New direct translation zone 3 DNS server : Inverse translation zones

4 DNS

server

:

HostS

declaration 5 DNS server : Secondary zone 6 DNS server : Roaming inter PLMN 7 DNS server : Friendly apn name declaration 8 DHCP server : Address pool 9 APN configuration: IP backbone message analysys

10 APN configuration: GRE tunneling11 APN configuration: NAT & PAT12 APN configuration: APN access via 2 GGSNs13 MNM-net configurationAnnexes

L2TP procedurePC-NT: nslookup


4/108




5/108


5

1 DNS server : Server handlingSession presentation

Objective: to be able to :

w Display the current configuration of the DNS server

w Display the configuration files of the DNS server


6/108


6

1 DNS server : Server handlingCheck DNS server configuration

#linux &

w1- Restart the DNS process daemon

n In a terminal window type :

Type: # /etc/rc.d/init.d/named restart

w2- .Start the LINUX configuration software :

n in a terminal window,

type : # linuxconf&

w3- .Verify that the DNS module is correctly configured :Verify that the dnsconf is on


7/108


7

1 DNS server : Server handlingCheck IP parameters

Resolver configuration

w4- .Go to Network configuration mode

Click on

Host name : ...

IP address : ...

Check :

the IP@ of Name Server

search

domain:

what is the role of search domain fields?..


8/108


8

1 DNS server : Server handlingDisplay the current Name Server configuration

w7- Server configuration

Select tab :

w8- Edit the already created zones

n Select tab :

Select

A window appears : Primaries possibly displaying the created direct translation zones.

w9 Edit the already created inverse IP zones

n Select


9/108


9

1 DNS server : Server handlingDisplay the Name Server files

w10-Display the main DNS configuration files

n Start Linux file manager

Display the file : /etc/named.conf

Where is the directory that homes the zone files? ..

What is the file name of the root zone? ..

Display the directory : /var/named

Display

the

various

files

Display the file : /var/named/named.ca

What is the role of this file?..

Display the file : /var/named/127.0.0

What is the role of the file?..


10/108




11/108


11

2 DNS server : new direct translation zoneSession presentation


w Add new direct translation primary zones.

l Operator group 1 : mnc111.mcc777.gprs





12/108


12

2 DNS server : new direct translation zoneCharacteristics

In-addr

arpa gprs

mcc777

mnc111

mnc222

mnc333 mnc444

DNS-DHCP21

DNS-DHCP1DNS-DHCP1DNS-DHCP2 DNS-DHCP2

Zone name : Operator group 1 : mnc111.mcc777.gprs

Operator group 2 : mnc222.mcc777.gprs

Operator

group

3

:

mnc333.mcc777.gprsOperator group 2 : mnc444.mcc777.gprs

e-mail of the responsible of the zone:

Operator group 1 : [email protected]




Period between two updates of the secondary server :

2 hours

If there is no response to the secondary update request, the retry period will be :

30 minutes

Delete zone of the secondary name server if no update during :

10 days

Negative caching value:

1 hours

Default TTL provided in the DNS response when the TTL is absent in a RR :

5 hours

Mail box for the zone

none

Restriction to access to the zone :

NoneModification of the Primary server:

Must be immediately notified to secondary


13/108


13

2 DNS server : new direct translation zoneCreate a zone

Note: do not end the

zone domain name

with .

w1- Start the LINUX configuration software

n

In a terminal window type : # linuxconf&)

w2- Go to DNS configuration

n Select tab

Select tab

Click on

Select tab

w3- .Add a new zone

n Click on

Fill-in the various field according to the characteristics given at the beginning of thepractical work.

Click on

Quit the parent windows of the Linux configuration.

w4- Complete the DNS tree at the beginning of the practical work, show the location of the Name server ofyour new created zone


14/108


14

2 DNS server : new direct translation zoneChecks

#nslookup {to start nslookup in interactive mode}

>server [IP@ of the name server] {to set the default server}

>set

type=SOA

{to

request

the

SOA

Resource

Record)

> mnc111.mcc777.gprs. {to apply the domain name. Dont forbid the last dot) }

>set deb

>set d2

>mnc111.mcc777.gprs. {to apply the domain name. Dont forbid the last dot)

w5- Verify the generated file

Check the updating of the DNS configuration file : /etc/named.conf

display the new zone file in the directory (/var/named ) and verify the Resource Records. (possibly,correct them)

w6- Test the access to this new zone.

n From a computer connected to the IP backbone, in a terminal window, run nslookup (see annexfor nslookup explanations) and send a Request for SOA Record over this zone.

n

Repeat

the

operation

in

debug

mode


15/108


15

3 DNS server : Inverse translation zonesSession presentation


w Add an inverse translation primary zone


16/108


16

3 DNS server : Inverse translation zonesCharacteristics

n . 1 . 1 0 .

n . 1 . 1 0 .

G G S N 2

R o u t e r

R o u t e r

DS10

A

G G S N 1

n . 1 . 1 .

n . 1 . 1 .

S G S N

9n.168.3.

I O L A N

O M C - G

DNS-DHCP2

DNS-DHCP1

NTP

. 1

. 1

. 2

. 2

. 1

. 1

. 2

. 2

. 3

. 3

. 3

. 3

.

4

.

4

.

4

.

4

. 2 1 0

. 2 1 0

. 2 1 0

. 2 1 0

. 2 1 5

. 2 1 5

n . 1 . 3 0 .

n . 1 . 3 0 .

. 2 5 4

. 2 5 4

. 1

. 1

. 5

. 5

. 2 5 4

. 2 5 4

. 2 5 4

. 2 5 4

. 2 5 4

. 2 5 4

. 2 5 4

. 2 5 4

. 1

. 1

. 2

. 2

. 3

. 3

. n

. n

. 1

. 1

. 2

. 2

. n

. n

DS10

C . 3. 3

DS10n

DS10B

VT: n.1.101.1

VT: n.1.102.2

I P

B a c k b o n e

9n.168.2.

n : operator group number

e-mail of the responsible of the zone


Operator

group

2

:

[email protected] group 3 : [email protected]


Period between two updates of the secondary server :

2 hours

If there is no response to the secondary update request, the retry period will be :

30 minutes

Delete zone of the secondary name server if no update during :

10 days

Negative caching value:

1 hours

Default TTL provided in the DNS response when the TTL is absent in a RR :

5 hours

Mail box for the zone

none

Restriction to access to the zone :

None

Modification of the Primary server

Must be immediately notified to secondary

Subnet range

No range


17/108


17

3 DNS server : Inverse translation zonesZone creation

gprs

mcc777

mnc333mnc333

mnc111mnc222

w1- Complete the DNS tree with the zones to be created


n in a terminal window type : # linuxconf&)


n Select tab

Click on

Select tab

Click on

Select tab

w4- Add a new zone

n Click on

Click on

Fill-in the various fields

Click on

w5- Quit the parent windows of the Linux configuration.


18/108


18

3 DNS server : Inverse translation zonesVerifications


>server

[IP@

of

the

name

server]

{to

set

the

default

server}

>set type=SOA {to request the SOA Resource Record)

>zonename.in-addr.arpa. {to apply the domain name. Dont forbid the last dot) }

>set deb

>set d2

>zonename.in-addr.arpa. {to apply the domain name. Dont forbid the last dot) }

w6- Verify the generated file

Check the updating of the DNS configuration file : /etc/named.conf

display the new zone file in the directory (/var/named ) and verify the Resource Records. (possibly,correct them)

w7- Test the access to this new zone.

n From a computer connected to the IP backbone, in a terminal window, run nslookup (see annexfor nslookup explanations) and send a Request for SOA Record over this zone.


19/108


19

4 DNS server : HostS declarationSession presentation


l Add host domain names in the created zones


20/108


20

4 DNS server : HostS declarationCharacteristics

n . 1 . 1 0 .

n . 1 . 1 0 .

G G S N 2

R o u t e r

R o u t e r

DS10

A

G G S N 1

n . 1 . 1 .

n . 1 . 1 .

S G S N

9n.168.3.

I O L A N

O M C - G

DNS-DHCP2

DNS-DHCP1

NTP

. 1

. 1

. 2

. 2

. 1

. 1

. 2

. 2

. 3

. 3

. 3

. 3

.

4

.

4

.

4

.

4

. 2 1 0

. 2 1 0

. 2 1 0

. 2 1 0

. 2 1 5

. 2 1 5

n . 1 . 3 0 .

n . 1 . 3 0 .

. 2 5 4

. 2 5 4

. 1

. 1

. 5

. 5

. 2 5 4

. 2 5 4

. 2 5 4

. 2 5 4

. 2 5 4

. 2 5 4

. 2 5 4

. 2 5 4

. 1

. 1

. 2

. 2

. 3

. 3

. n

. n

. 1

. 1

. 2

. 2

. n

. n

DS10

C . 3. 3

DS10n

DS10B

VT: n.1.101.1

VT: n.1.102.2

I P

B a c k b o n e

9n.168.2.

n : operator group number

Host domain name TTL Comments

ggsn1 Default IP addresses of the physical interfaces

ggsn2 Default IP addresses of the physical interfaces

ggsn1-v Default IP address of the Virtual template interface in the GGSN1Cisco router

ggsn2-v Default IP address of the Virtual template interface in the GGSN1Cisco router

ggsn12-v Default IP addresses of the Virtual template interface in theGGSN1 and GGSN2

sgsn-r1B Default IP addresses of the SGSN-Router 1 (IP backbone side)

sgsn-r2B Default IP addresses of the SGSN-Router 2 (IP backbone side)

sgsn-r1 Default IP

addresses

of

the

SGSN-Router

1

(LAN

IO

side)

sgsn-r2 Default IP addresses of the SGSN-Router 2 (LAN IO side)

station-n Default IP address of the SGSN-Server (DS10) physicalinterfaces.

n: station number (a, b, c, )

Router-omc Default IP addresses of the OMC-Router physical interfaces

omc-ps Default IP address of the OMC-PS

apn1 Note 1 Reachable through GGSN1 only (use CNAME)

apn2 Note 1 Reachable through GGSN2 only (use CNAME)

apn1 Note

1 Reachable

through

GGSN1

and

GGSN2

(use

CNAME)

Note 1 : for training raison, TTL will get the value 10 secondes


21/108


21

4 DNS server : HostS declarationAdd domain names

Enter the name of the hostin front of the zone name

w1- What should be the TTL value for the RRs concerning the Virtual template IP addresses?

n Response: ..

w2- Start the LINUX configuration software (# linuxconf&)


n Select tab

Click on

Select tab

Click on , a window DNS configurator appears:

Select tab

w4- In the window Edit hosts by domain

Select the zone to be modified

w5- In the window hosts to edit,

Click on

w6- In the window Host or domain specification

Enter the name of the host in front of the zone name and Click


22/108


22

4 DNS server : HostS declarationVerifications


>server [IP@ of the name server] {to set the default server}

>set deb {to set on the debug}

>set d2

>set type=A {to request A Resource Record}

>domain-name.mnc111.mcc777.gprs. {to apply the domain name. Dont

forbid the last dot) }

>set type=NS {to request the NS Resource Record}

>mnc111.mcc777.gprs. {to apply the domain name. Dont forbid

the last dot) }

>ls mnc11.mcc777.gprs . {to display the zone}

w7- In the window Host information

n Fill-in the IP address(es) corresponding to the domain name and the TTL value if different from thedefault

w8- Quit the Linux configuration mode

w9- Verify the concerned file

display the zone file (direct and inverse translation) in the directory : /var/named

w10- Test the DNS translation

n

By means of nslookup, interrogate the DNS (advice: set the debug mode)

n

Check the direct translation as well as reverse translation.

Verify the TTL provided in the response


23/108


24/108


24

Primary zone for PLMN

mnc111.mcc777


mnc333.mcc777

Secondary zone for PLMN

mnc222.mcc777


mnc444.mcc777


mnc222.mcc777


mnc444.mcc777Secondary zone for PLMN

mnc111.mcc777


mnc333.mcc777

5 DNS server : Secondary zoneCharacteristics

In-addr

arpa gprs

mcc777

mnc111

mnc222

mnc333

mnc444

DNS-DHCP1 DNS-DHCP2

w1- Start protocol analyser on the DNS server (primary or secondary)

w2- Start the LINUX configuration software ( # linuxconf& )


n Select tab

Click on

Select tab


Click on

w4- In the window Secondaries

n Click on


25/108


25

5 DNS server : Secondary zoneCreate secondary zone

w5- In the window Secondary specification

n Fill in the necessary fields

n Click on

w6-Quit the Linux configuration mode

w7- Stop and display the trace on the protocol analyser. Explain the procedure.

Note: To replay the dialog between servers, you can restart the secondary server.

w8- Display the the DNS configuration file (/etc/named.conf) as well as secondary zones (directory:/var/named/sec ). From the menu secondary zone of Linuxconf, how can we know if the secondary hasbeen updated ?

w9- Start a capture on your protocol analyser and add a new RR in the Primary zone. Check if the updateof the secondary is immediate? If not, check the set of notification tag. Describe the notification procedure.

w10- With nslookup, submit the secondary zone a domain name translation.


26/108




27/108


27

6- DNS server : Roaming inter PLMNSession presentation


w allow roaming between PLMN


28/108


28

6- DNS server : Roaming inter PLMNCharacteristics

GRX Inter-PLMN network

HPLMNHPLMN

mnc111.mcc777.gprs

FPLMNFPLMN

mncxxx.mccyyy.gprs

FPLMNFPLMN

mnczzz.mccnnn.gprs

FPLMNFPLMN

mnc001.mcc123.gprs

Not connected to GRX

wF o r H P L M N p r i m a r y a n d s l a v e D N S , I n t h i s e x a m p l e ,

n t h e d e f a u l t f o r w a r d e r s a r e t h e t w o G R X D N S .

n T h e t w o F P L M N (

mnc001.mcc123.gprs) E x t e r n a l D N S a r e a l s o f o r w a r d e r s , b u t o n l y f o r t h e

d o m a i n s :

mnc001.mcc123.gprs a n d mnc0001.mcc0123.gprs.


29/108


29

6- DNS server : Roaming inter PLMNForwarder configuration

Only two groups of operators working on DNS-DHCP1 and DNS-DHCP2

w

1-

Start

the

LINUX

configuration

software

(#

linuxconf&)


n

Select tab

Click on

Select tab


w3- Select Forwarder

n Enter the IP addresses of the GRX DNS servers

w4- Select Forward zones

n

Enter the concerned domain name

n

Enter IP addresses of the concerned FPLMN DNS servers

w5- By means of analyzer and nslookup check the correct operation.


30/108




31/108


31

7 DNS server : Friendly apn name declarationSession presentation


w allow MS to use friendly APN-OI


32/108


32

7 DNS server : Friendly apn name declarationCreate friendly zone

In-addr

arpa gprs

mcc777

mnc111

mnc222

wCharacteristics :

n Note : Normally, only one Friendly apn name per PLMN

n for training raison

Operator group 1 : apn1.fr.gprs.

Operator group 2 : apn2.ca.gprs.

Operator group 3 : apn3.uk.gprs.

Operator group 4 : apn1.cn.gprs.

w1- Set correctly this domain name in the DNS tree. Draw the zone to be created.

w2- Perform all the essential operations to get this friendly domain name available.

w3- Carry out tests to check the correct operation


33/108




34/108


34

8- DHCP server : Address poolSession presentation


l Add a new address pool in the DHCP server.


35/108


35

8- DHCP server : Address poolCharacteristics

wNetwork number

Operator group 1 : 11.11.11.0 / 24

Operator group 2 :22.22.0.0/16

Operator group 3 : 33.33.33.0/24

Operator group 4 : 44.44.0.0/16

wPool characteristics

Operator group 1 :100 IP@ available for MS from 11.11.11.1 with the IP@ 11.11.11.50 excluded of the pool

Operator group 2 : 1000 IP@ available for MS from 22.22.0.1 with the IP@ 22.22.0.50 excluded of the pool

Operator group 3 : 100 IP@ available for MS from 33..33.33.1 with the IP@ 11.11.11.50 excluded of thepool

Operator group 4 : 1000 IP@ available for MS from 44.44.0.1 with the IP@ 22.22.0.50 excluded of the pool

wLease time allocated to the client if it does not require any lease time 1 hour

wMaximum lease time allocated to a client which requires a lease time 8 hours

wInformation provided in the response

Netmask DNS IP address Domain

Operator group 1 255.255.255.0 11.11.11.50 isp1.com





36/108


36

8- DHCP server : Address poolAdd pool


n in a terminal window type : # linuxconfig &)

n a window appears hostname: Linuxconf

w2- Go to DHCP configuration

n Select tab

Click on

Select tab

Click on ,

a window DHCP configuration appears

Click on a window One subnet definition appears

w3- Fill-in the various fields according to defined characteristics

n Note: if the pool is composed of several ranges of IP addresses within the same subnet :

enter one range, click on , then select the just created subnet, introduce the nextrange, and so on.

w4-

Quit

all

parent

windows

w5- In the window status of the system, click on


37/108


37

8- DHCP server : Address poolVerification

File : /etc/dhcpd.conf

w6- Check the DHCP configuration file

n Start a file manager

Display the file : /etc/dhcpd.conf


38/108




39/108


39

9 APN configuration: IP backbone message analysysSession presentation


l Create an APN in order to analyse the

protocols

(DNS,

DHCP,

GTP)

on

Gn

interface.

.

w Each operator group create an APN

lTEST-g11 (group1 on GGSN1)

lTEST-g22 (group2 on GGSN2)

l TEST-g31 (group3 on GGSN1)

l TEST-g42 (group4 on GGSN2)


40/108


40

9 APN configuration: IP backbone message analysysOperator group 1 - Characteristics

D N S / D H C P

1

IP backbone GGSN1

SGSN

I n t r a n e t

172.16.11.251

Simulated by loopback

interface in the GGSN

wAPN name

n TEST-g11

w

Gatewayn GGSN1 only

wMS IP@

n Dynamic, provided by DHCP1-server

wDHCP IP@ pool

n Private pool from 172.16.11.2/24 to 172.16.11.100/24

n Additional informations provided by DHCP:

n

Primary DNS: 172.16.11.252

n

Secondary

DNS

:

172.16.11.253

n Domain : Intra-g11.com

n

Lease time : 10 hours

wGi interface

n Not used , the IP@ destination will be created inside the GGSN (loopback interface)

wCalled IP address

n 172.16.11.251 (loopback interface of GGSN1


41/108


41

9 APN configuration: IP backbone message analysysOperator group 1 - APN configuration

Private IP@

172.16.11.2

to

172.16.11.100

G G S N 1

interface Virtual-Template1

description Virtual Interface GTP

ip address loopback 1

.

interface Loopback

description IP@ used for IP pool apn test-g22

router ospf1

network

interface Loopback

description IP@ used as called address by TEST-g11

D H C P 1

D N S

Pool

- network :

- Mask :

- Start @ :

-

End

@

:

IP backbone

Zone :

access-point

access-point-nameTEST-g11

w1- Prepare your work and fill in the diagram on the next page

w2-Configure the Name Servers. Apply a TTL= 1 minute to the APN domain name for training raison only.

w3- Configure IP address pool in DHCP-1

w4- Create the APN configuration in the GGSN1

w5- Display the routing table and save it for future comparison


42/108


42

9 APN configuration: IP backbone message analysysOperator group 1 - Message analysis

a

c

GGSN1

Analyser(DNS/DHCP1

server)

2424

66

10.1.1.101

10.1.1.210

bd

f

g

e

Switch 3Com

w6- To facilitate the capture of frames (GTP, DHCP), disconnect the interface 10.1.10.101 of the GGSN1leading to IP backbone 2. So, all messages will use the interface 10.1.1.101

n

Configure the 3com Switch of the IP backbone 10.1.1.0 to have the mirroring of the port

connected to the GGSN1 (Interface 10.1.1.101) towards the port of the DHCP1-server (seeprocedure further) .

n

Start the analyser on the of the DNS-DHCP1-server with a display filter to see only GTP, DNSand Bootp protocols.

w7- Activate the debug DHCP on the GGSN1

#debug gprs dhcp detail

#terminal monitor

w8- Test the correct operation with a script test simulating only one MS.

Display the activated PDP contexts (shpdp)

Display the routing table (show ip route). What is the new entry.

Analyse the debug messages

Analyses the protocols on various analysers

w9- Test the correct operation with a script test simulating several MS.

n

How many activated PDP contexts. (shpdp)

How many new entries in the routing table (show ip route)

w10- Make a route aggregation in the apn : Test-g11 of the GGSN1





43/108




44/108


44


D N S / D H C P

2

IP backbone GGSN2

SGSN

I n t r a n e t

172.16.22.251



wAPN name

n TEST-g22

w

Gatewayn GGSN2 only

wMS IP@


wDHCP IP@ pool



n

Primary DNS: 172.16.22.252

n

Secondary

DNS

:

172.16.22.253


n


wGi interface


wCalled IP address

n 172.16.22.251 (loopback interface of GGSN1


45/108


45


Private IP@

172.16.11.2

to

172.16.11.100

G G S N 2




.

interface Loopback


router ospf1

network

interface Loopback


D H C P 1

D N S

Pool

- network :

- Mask :

- Start @ :

-

End

@

:

IP backbone

Zone :

access-point



w2-Configure the Name Servers. Apply a TTL= 1 minute to the APN domain name for training raison only.





46/108


46


c

GGSN2

Analyser(DNS/DHCP2

server)

2424

66

10.1.10.10210.1.10.102

10.1.10.21010.1.10.210

bd

f

g

e

Switch 3Com

http://10.1.10.250a


n



n




#terminal monitor







n








47/108


47


D N S / D H C P

1

IP backbone GGSN1

SGSN

I n t r a n e t

172.16.31.251



wAPN name

n TEST-g31

w

Gatewayn GGSN1 only

wMS IP@


wDHCP IP@ pool



n

Primary DNS: 172.16.31.252

n

Secondary

DNS

:

172.16.31.253


n


wGi interface


wCalled IP address

n 172.16.31.251 (loopback interface of GGSN)


48/108


48


Private IP@

172.16.11.2

to

172.16.11.100

G G S N 1




.

interface Loopback


router ospf1

network

interface Loopback


D H C P 1

D N S

Pool

- network :

- Mask :

- Start @ :

-

End

@

:

IP backbone

Zone :

access-point



w2-Configure the Name Servers . Apply a TTL= 1 minute to the APN domain name for training raison only.





49/108


50/108


50


D N S / D H C P

2

IP backbone GGSN2

SGSN

I n t r a n e t

172.16.42.251



wAPN name

n TEST-g42

w

Gatewayn GGSN2 only

wMS IP@


wDHCP IP@ pool



n

Primary DNS: 172.16.42.252

n

Secondary

DNS

:

172.16.42.253


n


wGi interface


wCalled IP address

n 172.16.42.251 (loopback interface of GGSN1)


51/108


51


Private IP@

172.16.11.2

to

172.16.11.100

G G S N 1




.

interface Loopback


router ospf1

network

interface Loopback


D H C P 1

D N S

Pool

- network :

- Mask :

- Start @ :

-

End

@

:

IP backbone

Zone :

access-point



w2-Configure the Name Servers . Apply a TTL= 1 minute to the APN domain name for training raison only.





52/108


52


c

GGSN2

Analyser(DNS/DHCP2

server)

2424

66

10.1.10.10210.1.10.102

10.1.10.21010.1.10.210

bd

f

g

e

Switch 3Com

http://10.1.10.250a


n



n




#terminal monitor







n








53/108


54/108


54

10 APN configuration: GRE tunnelingOperator group 1 : Characteristics

I n t e r n e t

Alcatel 172.17.50.0/24172.17.50.0/24

198.91.23.254 198.91.23.253

Public IP@

Public

IP@

165. 32.15.254

165.32.15.1165.32.15.1

interface

ip address

172.17.50.254

accessaccess-point .-point .

access-point-name alcatel-g11 ip-address-pool .

aggregate ..

dhcp-server ..

dhcp-gateway-address ..

vrf ..

VPN routing

ip route vrf ....

172.17.50.3

Internet routing

ip route ....

interface Tunnel1

ip vrf forwarding ..

ip address ..

tunnel source ..

tunnel destination ..

ip cef ip vrf ......

rdrd ... ...VPNVPN

Tunnel GRE

alcatel-g11172.17.51.1

Tunnel GRE alcatel-g11172.17.51.2

analyser

interface Loopback..

ip address .

router ospf1

network .

255.255.255.0

172.17.50.1

172.17.50.2

DNS

DNS

To GGSN2

GGSN1

Characteristics

w

APN

namen Alcatel-g11 (operator Group 1- GGSN1)

wGateway

n

GGSN1 only

wMS IP@


wDHCP IP@ pool

n

Private pool from 172.17.11.2/24 to 172.17.11.100/24

n Additional Information provided to MS:

n Primary DNS : 172.17.50.1

n

Secondary DNS : 172.17.50.2

n Domain: alcatel.fr

n Lease time : 10 hours

wVPN reference

n

vpn_alcatel-g11 rd 101:1

wGi interface

n

GRE Tunnelling over Internet

wConnection parameters

n See diagram above

wNote : Take care of subnet mask for tunnels because the other groups uses the same physical linkfor their GRE tunnels


55/108


55

10 APN configuration: GRE tunneling Operator group 1 : Creation process

Notes:

w1.Configure the DNS. Apply a TTL= 1 minute to the APN domain name for training raison only.

w2.Configure the DHCP-1

w3.Create the configuration in the GGSN1

w4.Make the connections, configure PCs and other routers.

w5.Start the analyser on the Gi interface and on a PC of Alcatel network

w6.From GGSN, ping a PC of Alcatel network (the ping must use the routing table of the vpn: #ping vrf .)and analyse the trace on various analysers.

w7.Configure the 3com Switch of the IP backbone 10.1.1.0 to have the mirroring of the port connected tothe GGSN1 (Interface 10.1.1.101) towards the port of the DHCP1-server. Disconnect the interface10.1.10.101 of the GGSN1 leading to IP backbone 2. Start the analyser on the of the DHCP1-server with adisplay filter to see only GTP, DNS and Bootp protocol.

w8.Test the correct operation. Analyse the protocols on various analysers


56/108


56


I n t e r n e t

Alcatel 172.17.50.0/24172.17.50.0/24

198.91.23.254 198.91.23.253

Public IP@

Public IP@

165. 32.15.254

165.32.15.2165.32.15.2

interface

ip address

172.17.50.254



aggregate ..

dhcp-server ..

dhcp-gateway-address .. vrf ..

VPN routing

ip route vrf ....

172.17.50.3

Internet routing

ip route ....

interface Tunnel1


ip address ..

tunnel source ..



rdrd ... ...VPNVPN

Tunnel GRE

alcatel-g22172.17.51.9


analyser


ip address .

router ospf1

network .

172.17.50.1

172.17.50.2

DNS

DNS

To

GGSN1

GGSN2

Characteristics

w

APN


wGateway

n

GGSN2 only

wMS IP@


wDHCP IP@ pool

n




n




wVPN reference

n


wGi interface

n



n See diagram above



57/108


57


Notes:










58/108


58

172.17.50.3


I n t e r n e t

Alcatel 172.17.50.0/24172.17.50.0/24

198.91.23.254 198.91.23.253

Public IP@

Public

IP@

165. 32.15.254

Private [email protected]

to172.17.31.100

165.32.15.1165.32.15.1

interface

ip address

172.17.50.254



aggregate ..

dhcp-server ..


VPN routing

ip route vrf ....

Internet routing

ip route ....

interface Tunnel2


ip address ..

tunnel source ..



rdrd ... ...VPNVPN

Tunnel GRE

alcatel-g31172.17.51.5


analyser


ip address .

router ospf1

network .

172.17.50.1

172.17.50.2

DNS

DNS

165.32.15.4165.32.15.4

To GGSN2

GGSN1

Characteristics

w

APN


wGateway

n

GGSN1 only

wMS IP@


wDHCP IP@ pool

n




n




wVPN reference

n


wGi interface

n



n See diagram above



59/108


59


Notes:










60/108


60


I n t e r n e t

Alcatel 172.17.50.0/24172.17.50.0/24

198.91.23.254 198.91.23.253

Public IP@

Public

IP@

165. 32.15.254

165.32.15.2165.32.15.2

interface

ip address

172.17.50.254



aggregate ..

dhcp-server ..


VPN routing

ip route vrf ....

172.17.50.3

Internet routing

ip route ....

interface Tunnel2


ip address ..

tunnel source ..



rdrd ... ...VPNVPN

Tunnel GRE

alcatel-g42172.17.51.13


analyser


ip address .

router ospf1

network .

172.17.50.1

172.17.50.2

DNS

DNS

To GGSN1

GGSN2

Characteristics

w

APN


wGateway

n

GGSN2 only

wMS IP@


wDHCP IP@ pool

n




n




wVPN reference

n


wGi interface

n



n See diagram above



61/108


61


Notes:










62/108




63/108


63

11 APN configuration: NAT & PATSession presentation


l Create an APN leading to Internet and using

NAT

function


lInternet-g11 (group1 on GGSN1)

lInternet-g22 (group2 on GGSN2)

l Internet-g31 (group3 on GGSN1)

l Internet-g42 (group4 on GGSN2)


64/108


64

11 APN configuration: NAT & PATOperator group 1 : Characteristics


access-point-name alcatel

I n t e r n e t

Alcatel (Intranet)


to172.18.11.100

198.91.23.1

Tunnelto Intranet

G G S N 1

interface FastEthernet..

ip address 165.32.15.1 255.255.255.0

ip nat ..

ip nat pool

Internet routingip route




ip nat .

router ospf1

networkaccessaccess-point .-point .

access-point-name Internet-g11

access-listip nat inside

interface Loopback

description giaddr for apn

Public IP@

165. 32.15.254

165.32.15.1165.32.15.1

198.91.23.254 198.91.23.253

To GGSN2

165.32.15.4165.32.15.4Analyzer

Characteristics

w

APN

namen Internet-g11

wGateway

n

GGSN1 only

wMS IP@

n

Dynamic, provided by DHCP1-server

wDHCP IP@ pool

n


n

Additional informations provided by DHCP:

n Primary DNS server : 195.5.5.5

n

Secondary DNS server :196.6.6.6


wGi interface

n

NAT

n

Public IP@ pool 165.32.16.1 to 165.32.16.3

wConnection parameters See diagram above

wInternet IP@ for testing 198.91.23.1


65/108


65

11 APN configuration: NAT & PATOperator group 1 : Process

Notes:



w3.Create the configuration in the GGSN1w4.Make the connections, configure PCs and other routers.

w5.Start the analyser on the Gi interface


w7.Activate the debug ip nat on the GGSN1

w8.Test the correct operation with a script test simulating only one MS.

Display the activated PDP contexts (shpdp)Display the routing table (show ip route). What is the new entry?

Display the NAT translation table (show ip nat translation)


w9.Test the correct operation with a script test simulating several MS.


How many MS can access to Internet (show ip nat translation), perform a debug ip natdetails

w10. Implement the PAT function.

w11.Test the correct operation of PAT with a script test simulating several MS.

Display the NAT translation table (show ip nat translation).


66/108


66




I n t e r n e t

Alcatel (Intranet)


to172.18.22.100

198.91.23.1

Tunnelto Intranet

G G S N 2


ip address 165.32.15.2 255.255.255.0

ip nat ..

ip nat pool





ip nat .

router ospf1




interface Loopback


Public IP@

165. 32.15.254

165.32.15.2165.32.15.2

198.91.23.254 198.91.23.253

To GGSN1

165.32.15.4165.32.15.4Analyzer

Characteristics

w

APN

namen Internet-g22

wGateway

n

GGSN2 only

wMS IP@

n


wDHCP IP@ pool

n


n



n



wGi interface

n

NAT

n

Public IP@ pool 165.32.16.9 to 165.32.16.11




67/108


67


Notes:


















68/108


68




I n t e r n e t

Alcatel (Intranet)

Private IP@

172.18.31.2to

172.18.31.100

198.91.23.1

Tunnelto Intranet

G G S N 1


ip address 165.32.15.1 255.255.255.0

ip nat ..

ip nat pool





ip nat .

router ospf1




interface Loopback


Public IP@

165. 32.15.254

165.32.15.1165.32.15.1

198.91.23.254 198.91.23.253

To GGSN2

165.32.15.4165.32.15.4Analyzer

Characteristics

w

APN

namen Internet-g31

wGateway

n

GGSN1 only

wMS IP@

n


wDHCP IP@ pool

n


n



n



wGi interface

n

NAT

n

Public IP@ pool 165.32.16.5 to 165.32.16.7




69/108


69


Notes:


















70/108


70




I n t e r n e t

Alcatel (Intranet)


to172.18.42.100

198.91.23.1

Tunnelto Intranet

G G S N 2


ip address 165.32.15.2 255.255.255.0

ip nat ..

ip nat pool





ip nat .

router ospf1




interface Loopback


Public IP@

165. 32.15.254

165.32.15.2165.32.15.2

198.91.23.254 198.91.23.253

To GGSN1

165.32.15.4165.32.15.4Analyzer

Characteristics

w

APN

namen Internet-g42

wGateway

n

GGSN2 only

wMS IP@

n


wDHCP IP@ pool

n


n



n



wGi interface

n

NAT

n

Public IP@ pool 165.32.16.13 to 165.32.16.15




71/108


71


Notes:


















72/108


72

12 APN configuration: APN access via 2 GGSNSession presentation


l Create an APN accessible via the two GGSNs


l apn-g1 (group1)

l apn-g2 (group2)

l apn-g3 (group3)

lapn-g4 (group4)


73/108


Page intentionally left blank


74/108


74

12 APN configuration: APN access via 2 GGSN Operator group 1 : Characteristics

D N S / D H C P

2

IP backbone

SGSN I n t r a n e t

172.30.0.1



GGSN1

GGSN2

D N S / D H C P

1

wAPN name

n APN-g1

w

Gatewayn GGSN1 and GGSN2

wMS IP@

n Dynamic, provided by DHCP1 and DHCP2 servers

wDHCP IP@ pool



n

Primary DNS: 172.30.255.252

n

Secondary

DNS

:

172.30.255.253

n Domain : group1.com

n


wGi interface


wCalled IP address

n 172.30.0.1 (loopback interface of GGSN1also used as giaddr)


75/108


75

12 APN configuration: APN access via 2 GGSN Operator group 1 : Configuration

- network :

- Mask :

- Start @ :

-

End

@

:

DHCP-1 DHCP-2

- network :

- Mask :

- Start @ :

- End @ :

- network :

- Mask :

- Start @ :

- End @ :

- network :

- Mask :

- Start @ :

-

End

@

:

G G S N 2

interface Loopback

description IP@ used for IP pool apn apn-g1

router ospf1

network

access-point

access-point-nameAPN-g1

G G S N 1

interface Loopback


router ospf1

network

access-point



76/108


76


D N S / D H C P

2

IP backbone


172.31.0.1



GGSN1

GGSN2

D N S / D H C P

1

wAPN name

n APN-g2

w


wMS IP@


wDHCP IP@ pool



n

Primary DNS: 172.31.255.252

n

Secondary

DNS

:

172.31.255.253


n


wGi interface


wCalled IP address



77/108


77


- network :

- Mask :

- Start @ :

-

End

@

:

DHCP-1 DHCP-2

- network :

- Mask :

- Start @ :

- End @ :

- network :

- Mask :

- Start @ :

- End @ :

- network :

- Mask :

- Start @ :

-

End

@

:

G G S N 2

interface Loopback


router ospf1

network

access-point


G G S N 1

interface Loopback


router ospf1

network

access-point



78/108


78


D N S / D H C P

2

IP backbone


172.32.0.1



GGSN1

GGSN2

D N S / D H C P

1

wAPN name

n APN-g3

w


wMS IP@


wDHCP IP@ pool



n

Primary DNS: 172.32.255.252

n

Secondary

DNS

:

172.32.255.253


n


wGi interface


wCalled IP address



79/108


79


- network :

- Mask :

- Start @ :

-

End

@

:

DHCP-1 DHCP-2

- network :

- Mask :

- Start @ :

- End @ :

- network :

- Mask :

- Start @ :

- End @ :

- network :

- Mask :

- Start @ :

-

End

@

:

G G S N 2

interface Loopback


router ospf1

network

access-point


G G S N 1

interface Loopback


router ospf1

network

access-point



80/108


80


D N S / D H C P

2

IP backbone


172.33.0.1



GGSN1

GGSN2

D N S / D H C P

1

wAPN name

n APN-g4

w


wMS IP@


wDHCP IP@ pool



n

Primary DNS: 172.33.255.252

n

Secondary

DNS

:

172.33.255.253


n


wGi interface


wCalled IP address



81/108


81


- network :

- Mask :

- Start @ :

-

End

@

:

DHCP-1 DHCP-2

- network :

- Mask :

- Start @ :

- End @ :

- network :

- Mask :

- Start @ :

- End @ :

- network :

- Mask :

- Start @ :

-

End

@

:

G G S N 2

interface Loopback


router ospf1

network

access-point


G G S N 1

interface Loopback


router ospf1

network

access-point



82/108


Page intentionally left blank


83/108


83

13 OMC-PS : NNM-NetSession presentation

w Objective: to be able to configure and manage GPRS IPbackbone from NNM-net of OMC-PS

w program:

l 1 Configure auto-discovery

l 2 Perform a first discover

l 3 Extend the discovery

l4 Move symbols through the various submaps

l5 Test device reachability

l6 Display device configuration

l7 Display performances

l 8 Browse the GGSN MIB

l 9 Collect performances


84/108


84

13 MNM-net configurationConfigure auto-discovery

> su

Password: *********

#/opt/OV/bin/ovstop

netmon#/opt/OV/bin/ovstart netmon

> su

Password: *********

#cd /etc/opt/OV/share/conf

#ls

#vi netmon.noDiscover

*.*.*.*

Vi commands :

i : insert under cursor

a

:

insert

after

cursorx : delete a character

dd : delete a line

:wq : write and quit

:q! : quit without save

Note :

The trainer delete all devices of the NNM-net

NNM-NET>

double

click

on

icon

Internet

>

Edit

>

Delete

>From

All

Submap

>

OKWith vi editor, in the file /etc/opt/OV/share/conf/seedfile, delete all lines

With vi editor, in the file /etc/opt/OV/share/conf/netmon.noDiscover, write down a # at the beginning of theline *.*.*.*

_______________________________________________________________________________________

w1- Start NNM-Net

w2- Double click on icon Internet

No auto discovery. Why?

w3- Display netmon.noDiscover

n

Start a Terminal, login as su (default password : install10)

n

# more /etc/opt/OV/share/conf/ntemon.noDiscover

w4- Operator group 2 only - Configure netmon.noDiscover to allow the auto-discover of all devices.

n With vi editor, in the file /etc/opt/OV/share/conf/ntemon.noDiscover, delete the # at the beginningof the line *.*.*.*

w5- Operator group 2 only - Restart OV

n

Stop OV

/opt/OV/bin/ovstop netmon

n

delete

all

devicesin the submap, select all symbols

Edit > Delete > From All Submaps > Ok

n

Start OV

/opt/OV/bin/ovstart netmon


85/108


85

13 MNM-net configurationPerform a first discover

a

b

C

w1- Display the network where OMC-PS is connected to.

n Double click on icon Internet (a)

a

submap

displays

the

network

where

OMC-PS

is

connected

to.Knowing the theory can you imagine what is the meaning of white color for icon?..

Why these icons are white?.

n

Display the legend

Help > Display legend > operational Status Colors (use help on the window to get moreinformation)

Help > Display legend > Administrative Status Colors (use help on the window to get moreinformation)

w2- Perform a zoom on the network

n Double click on the icon representing the network where OMC-PS is connected to. (b)

n Double click on the icon representing the LAN segment where OMC-PS is connected to. (c)

A submap displays the IP devices connected to this LAN.

w3- Modify the label of symbol :

n

Operator group 1 : CiscoWorks Operator group 2 : Mgt_Lan

n

Operator group 3 : SGSN_craft1 Operator group 4 : SGSN_craft2

To modify the name assigned to symbols representing an IP device

Click right on a symbol > Describe/Modify symbol

modify the label

OK

To modify the name assigned to segment1 representing management LAN

Click right on the symbol > Describe/Modify symbol

modify the label (for example : Mgt LAN)

OK


86/108


86

MNM-net configuration Extend the discovery

vi seedfile

vi netmon.noDiscover

a

b

w1- Opertor group 3 only - Extend the discovery

n Start a Terminal, login as su (default password : install10)

n

With

vi

editor,

in

the

file

/etc/opt/OV/share/conf/seedfile

(a)add at least one router of each network to be discovered

w2- Opertor group 3 only - Restart OV

n

Stop OV


n

delete all devices

in the submap, select all symbols


n

Start OV

/opt/OV/bin/ovstart netmon

w3- Check the correct discovery

w4- Opertor group 4 only - Prevent the discovery of the LSN (1.1.1.0, 2.2.2.0, loopbacks, MS IP@ pool)

n

Start a Terminal, login as su (default password : install10)

n

With vi editor, in the file /etc/opt/OV/share/conf/ntemon.noDiscover (b)

add netid of these networks

n Stop OV


n delete all devices

in the submap, select all symbols


n

Start

OV/opt/OV/bin/ovstart netmon

w5- Check the correct operation


87/108


87

MNM-net configurationMove symbols through the various submaps

w1- Each operator group creates a new map

n

Map > Maps > New

the name will be GROUPn

w2- Arrange the location of the various devices and networks

n

Move to Internet submap

n

drag and drop symbols to the correct position

n

Keep this arrangement

View > Automatic Layout > Off For This Submap

w3- In order to have a complete view of all objects of the CN backbone (SGSN stations, OMC-PS, CG, PC-craft, links, ) in only one submap, add objects in the Internet submap.

n

Zoom to various submaps,

Select object(s) (press key to select several objects)

Edit > Copy: From This Submap

n

Go back to the Internet submap

Edit

>

Pastn

Drag and drop objects to the correct location.

n

Draw the connections

Edit > Add Connection

Select a connection class

Select a connection subclass

Click on the source symbol of this link then, click on the destination symbol

A Add Object window appears. Enter Selection Name.

To know the correct name of a link,

go to submap where the symbol has been copied,

select the link then click right > Describe/Modify object

select the Selection name

go back to the add object window and past the selection name (middle button)

a Warning message indicate that selection name already exist. Click OK


88/108


88

MNM-net configurationTest device reachability

w1- Test reachability from OMC-PS

n select a router

Fault

>

Pingn select a station of SGSN server

Fault > Ping

w2- Test IP/TCP/SNMP

n

select a device

Fault > Test IP / TCP / SNMP

w3- Test network connectivity of a device

n

select a device

Fault > Network Connectivity: Poll Node

Does this device manage :

SNMP? ..; version ?

HTTP? .

w4- Trace the route between devices

n Fault > Locate Route : via SNMP

enter the IP@ of the source device managing SNMP (e.g. OMC-PS IP@) in From Nameor IP Address

enter the IP@ of the remote device (e.g. station of sgsn server) in To Name or IPAddress


89/108


89

MNM-net configurationDisplay device configuration

w1- Display information about system

n Select a router

n

Configuration

>

System

InformationWhen was the last reboot ?

w2- Display information about network

n

Select a router

n

Configuration > Network configuration

Display Addresses

Display Routing Table

Display ARP Cache

Display Services


90/108


90

MNM-net configuration Display performances

w1- Perform Statistics on the interfaces and on their traffic

n Select an SNMP device (router, DNS/DHCP, )

Performance

>

Network

Activity

>

Interface

StatisticsPerformance > Network Activity > Interface Traffic


91/108


91

MNM-net configurationBrowse the GGSN MIB

w1- Display interfaces by means of SNMP browser

n Select a router

n

Misc

>

SNMP

MIB

Browsern Select : mgmt > mib-2 > interfaces > ifTable > ifEntry > ifDescr

Click on Describe, what is the Object ID in the MIB? ..

Close

Click on Start Query

What are the index for physical interfaces

Interface | Description

|

|

|

|

|

w2- Display ARP table by means of SNMP browser

n Select a router

n

Misc > SNMP MIB Browser

n

Select : iso. org. dod. Internet. mgmt. mib-2. Ip. pNetToMediaTable. ipNetToMediaEntryipNetToMediaPhysAddess


w3- Display APN configuration of a GGSN

n Select a GGSN

n Misc > SNMP MIB Browser

n Select : iso. org. dod. Internet. Privat. Entreprises. Cisco. ciscoMgmt. ciscoGprsAccPtMib.

ciscoGprsAccPtMBObjects.

ciscoGprsAccPtConfig.

cgprsAccPtTable.

cgprsAccPtEntry.cgprsAccPtName


perform a Start Query of the other MIB object ID of the APN


92/108


92

MNM-net configurationCollect performances : Select MIB counters

See next page

a

b

C

d

e

The GGSN is a generic IP device (standard router functions), implementing GPRS functions.As a consequence, GGSN supports both MIB's of a generic IP device and GPRS MIB's. CISCO-GTP-MIB,CISCO-GGSN-MIB, CISCO-GGSN-QOS-MIB, CISCO-GPRS-ACC-PT-MIB and CISCO-GPRS-

CHARGING-MIB

are

specific

GPRS

MIBs.

w1- Select MIB co

Documents

GPRS Backbone Configuration