Sunteți pe pagina 1din 108

Alcatel 1000 GPRS R2.

3/U2 PS-CN backbone configuration

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel

Practical works manual 8AS 90200 1317 VA ZZA Ed.02 Edition 2004
Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 1

Page intentionaly left blank

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 2

1 2 3 4 5 6 7 8 9 10 11 12 13

DNS server : Server handling DNS server : New direct translation zone DNS server : Inverse translation zones DNS server : HostS declaration DNS server : Secondary zone DNS server : Roaming inter PLMN DNS server : Friendly apn name declaration DHCP server : Address pool APN configuration: IP backbone message analysys APN configuration: GRE tunneling APN configuration: NAT & PAT APN configuration: APN access via 2 GGSNs MNM-net configuration

Annexes L2TP procedure PC-NT: nslookup

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 3

Page intentionaly left blank

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 4

1 DNS server : Server handling Session presentation

Objective: to be able to :
w w

Display the current configuration of the DNS server Display the configuration files of the DNS server

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 5

1 DNS server : Server handling Check DNS server configuration


#linux &

w1- Restart the DNS process daemon In a terminal window type : Type: # /etc/rc.d/init.d/named restart

w2- .Start the LINUX configuration software : in a terminal window,


type : # linuxconf&

w3- .Verify that the DNS module is correctly configured : Verify that the dnsconf is on

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 6

n n

1 DNS server : Server handling Check IP parameters

Resolver configuration
w4- .Go to Network configuration mode Click on <Host name and IP network device>
Host name : ... IP address : ...

Check :
the IP@ of Name Server search domain:

what is the role of search domain fields? ..

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 7

1 DNS server : Server handling Display the current Name Server configuration

w7- Server configuration Select tab : <Server tasks> w8- Edit the already created zones Select tab : <config> Select <domains>
A window appears : Primaries possibly displaying the created direct translation zones.

w9 Edit the already created inverse IP zones Select <IP reverse mappings>

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 8

n n

1 DNS server : Server handling Display the Name Server files

w10-Display the main DNS configuration files Start Linux file manager Display the file : /etc/named.conf
Where is the directory that homes the zone files? .. What is the file name of the root zone? ..

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 9

Display the directory : /var/named Display the various files Display the file : /var/named/named.ca
What is the role of this file?..

Display the file : /var/named/127.0.0


What is the role of the file?..

Page intentionaly left blank

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 10

2 DNS server : new direct translation zone

Session presentation

Objective: to be able to :
w

Add new direct translation primary zones. Operator group 1 : mnc111.mcc777.gprs Operator group 2 : mnc222.mcc777.gprs Operator group 3 : mnc333.mcc777.gprs Operator group 4 : mnc444.mcc777.gprs

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 11

l l l l

11

2 DNS server : new direct translation zone

Characteristics

arpa In-addr <subnet1> <subnet2>

gprs

DNS-DHCP21

mcc777

mnc111

mnc222

mnc333

mnc444

DNS-DHCP1

DNS-DHCP2

DNS-DHCP1

DNS-DHCP2

12

Zone name :

Operator group 1 : mnc111.mcc777.gprs Operator group 2 : mnc222.mcc777.gprs Operator group 3 : mnc333.mcc777.gprs Operator group 2 : mnc444.mcc777.gprs

e-mail of the responsible of the zone: Operator group 1 : admin@mnc111.mcc777.gprs Operator group 2 : admin@mnc222.mcc777.gprs Operator group 3 : admin@mnc333.mcc777.gprs Operator group 4 : admin@mnc444.mcc777.gprs Period between two updates of the secondary server : 2 hours If there is no response to the secondary update request, the retry period will be : 30 minutes Delete zone of the secondary name server if no update during : 10 days Negative caching value: 1 hours Default TTL provided in the DNS response when the TTL is absent in a RR : 5 hours Mail box for the zone none Restriction to access to the zone : None Modification of the Primary server: Must be immediately notified to secondary
Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 12

2 DNS server : new direct translation zone

Create a zone
Note: do not end the zone domain name with .

13

w1- Start the LINUX configuration software In a terminal window type : # linuxconf&)

w2- Go to DNS configuration Select tab <Config> Select tab <Server tasks>
Click on <Domain name server (DNS)> Select tab <Config>

w3- .Add a new zone Click on <domains> Fill-in the various field according to the characteristics given at the beginning of the practical work. Click on <Accept> Quit the parent windows of the Linux configuration. w4- Complete the DNS tree at the beginning of the practical work, show the location of the Name server of your new created zone

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 13

n n n

2 DNS server : new direct translation zone

Checks
#nslookup {to start nslookup in interactive mode} {to set the default server}

>server [IP@ of the name server] >set type=SOA

{to request the SOA Resource Record)

> mnc111.mcc777.gprs. {to apply the domain name. Dont forbid the last dot) }

>set deb >set d2 >mnc111.mcc777.gprs. {to apply the domain name. Dont forbid the last dot)

14

w5- Verify the generated file Check the updating of the DNS configuration file : /etc/named.conf

display the new zone file in the directory (/var/named ) and verify the Resource Records. (possibly, correct them) w6- Test the access to this new zone. From a computer connected to the IP backbone, in a terminal window, run nslookup (see annex for nslookup explanations) and send a Request for SOA Record over this zone.

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 14

Repeat the operation in debug mode

3 DNS server : Inverse translation zones Session presentation

Objective: to be able to :
w

Add an inverse translation primary zone

15

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 15

3 DNS server : Inverse translation zones Characteristics


G-CMO 012. 012. 512. 512.
DNS-DHCP2 VT: n.1.101.1 VT: n.1.102.2

n : operator group number


9n.168.3.

NTP

e-mail of the responsible of the zone Operator group 1 : admin@mnc111.mcc777.gprs Operator group 2 : admin@mnc222.mcc777.gprs Operator group 3 : admin@mnc333.mcc777.gprs Operator group 4 : admin@mnc444.mcc777.gprs Period between two updates of the secondary server : 2 hours If there is no response to the secondary update request, the retry period will be : 30 minutes Delete zone of the secondary name server if no update during : 10 days Negative caching value: 1 hours Default TTL provided in the DNS response when the TTL is absent in a RR : 5 hours Mail box for the zone none Restriction to access to the zone : None Modification of the Primary server Must be immediately notified to secondary Subnet range No range

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 16

2NSGG

4. 4

4. .

.01.1.n

2. 2.

452.

NAL OI

1.

DS10 A

3. 3.

2. 2.

retuoR

452. 452.

1. 1.

2. 2.

DS10 B

1NSGG

012. 012.

3. 3.

enobkcaB PI

.1.1.n

1. 1.

1. 1.

452.

452. 452.

2. 2.

3. 3.

DS10 C

452. 452.

9n.168.2.

.03.1.n .03.1.n 5. 5.

1. 1.
DNS-DHCP1

retuoR

3. 3.

n.

DS10 n

NSGS

n. n.

16

3 DNS server : Inverse translation zones


Zone creation

gprs

mcc777

mnc111

mnc222

mnc333

mnc333

17

w1- Complete the DNS tree with the zones to be created w2- Start the LINUX configuration software in a terminal window type : # linuxconf&)

w3- Go to DNS configuration Select tab <Config> Click on <Networking> Select tab <Server tasks>
Click on <Domain name server (DNS)> Select tab <Config>

w4- Add a new zone Click on <IP reverse mapping> Click on <Add> Fill-in the various fields Click on <Accept> w5- Quit the parent windows of the Linux ZZA Ed.02 Alcatel University - 8AS 90200 1317 VA configuration.
17

n n n

3 DNS server : Inverse translation zones Verifications

#nslookup

{to start nslookup in interactive mode}

>server [IP@ of the name server] >set type=SOA

{to set the default server}

{to request the SOA Resource Record)

>zonename.in-addr.arpa. {to apply the domain name. Dont forbid the last dot) }

>set deb >set d2 >zonename.in-addr.arpa. {to apply the domain name. Dont forbid the last dot) }

18

w6- Verify the generated file Check the updating of the DNS configuration file : /etc/named.conf

display the new zone file in the directory (/var/named ) and verify the Resource Records. (possibly, correct them) w7- Test the access to this new zone. From a computer connected to the IP backbone, in a terminal window, run nslookup (see annex for nslookup explanations) and send a Request for SOA Record over this zone.

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 18

4 DNS server : HostS declaration Session presentation

Objective: to be able to : Add host domain names in the created zones

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 19

19

4 DNS server : HostS declaration Characteristics


G-CMO
Comments IP addresses of the physical interfaces IP addresses of the physical interfaces IP address of the Virtual template interface in the GGSN1 IP address of the Virtual template interface in the GGSN1 Cisco router IP addresses of the Virtual template interface in the and GGSN2 IP addresses of the SGSN-Router 1 (IP backbone side) IP addresses of the SGSN-Router 2 (IP backbone side) IP addresses of the SGSN-Router 1 (LAN IO side) IP addresses of the SGSN-Router 2 (LAN IO side) IP address of the SGSN-Server (DS10) physical

n : operator group number


9n.168.3.

NTP

VT: n.1.102.2

Host domain name ggsn1 ggsn2 ggsn1-v Cisco router ggsn2-v ggsn12-v GGSN1 sgsn-r1B sgsn-r2B sgsn-r1

TTL Default Default Default Default Default Default Default Default

sgsn-r2 Default station-n Default interfaces. n: station number (a, b, c, ) Router-omc Default omc-ps apn1 apn2 apn1 Default Note 1 Note 1 Note 1

IP addresses of the OMC-Router physical interfaces IP address of the OMC-PS Reachable through GGSN1 only (use CNAME) Reachable through GGSN2 only (use CNAME) Reachable through GGSN1 and GGSN2 (use CNAME)

Note 1 : for training raison, TTL will get the value 10 secondes
Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 20

2NSGG

4. 4

4. .

.01.1.n

2. 2.

452.

NAL OI

1.

DS10 A

3. 3.

2. 2.

retuoR

452. 452.

1. 1.

2. 2.

DS10 B

VT: n.1.101.1

1NSGG

012. 012.

3. 3.

enobkcaB PI

.1.1.n

1. 1.

1. 1.

452.

452. 452.

2. 2.

3. 3.

DS10 C

452. 452.

9n.168.2.

012. 012.

.03.1.n .03.1.n

5. 5.

1. 1.
DNS-DHCP1

retuoR

3. 3.

n.

DS10 n

512. 512.
DNS-DHCP2

NSGS

n. n.

20

4 DNS server : HostS declaration Add domain names

Enter the name of the host in front of the zone name

21

w1- What should be the TTL value for the RRs concerning the Virtual template IP addresses? Response: ..

w2- Start the LINUX configuration software (# linuxconf&) w3- Go to DNS configuration Select tab <Config> Click on <Networking> Select tab <Server tasks>
Click on <Domain name server (DNS)>, a window DNS configurator appears: Select tab <Add/edit>

w4- In the window Edit hosts by domain Select the zone to be modified w5- In the window hosts to edit, Click on <Add> w6- In the window Host or domain specification Enter the name of the host in front Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 of the zone name and Click <Accept> 21

n n

4 DNS server : HostS declaration Verifications

#nslookup

{to start nslookup in interactive mode} {to set the default server}

>server [IP@ of the name server] >set deb >set d2 >set type=A {to set on the debug}

{to request A Resource Record}

>domain-name.mnc111.mcc777.gprs. {to apply the domain name. Dont forbid the last dot) } >set type=NS {to request the NS Resource Record} {to apply the domain name. Dont forbid the last dot) } >ls mnc11.mcc777.gprs. {to display the zone}

>mnc111.mcc777.gprs.

22

w7- In the window Host information Fill-in the IP address(es) corresponding to the domain name and the TTL value if different from the default

w8- Quit the Linux configuration mode w9- Verify the concerned file display the zone file (direct and inverse translation) in the directory : /var/named

w10- Test the DNS translation By means of nslookup, interrogate the DNS (advice: set the debug mode) Check the direct translation as well as reverse translation.

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 22

n n n

Verify the TTL provided in the response

5 DNS server : Secondary zone Session presentation

Objective: to be able to : Create secondary zones in a second Name Server for all created zones

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 23

23

5 DNS server : Secondary zone Characteristics

arpa In-addr <subnet1> <subnet2> mnc111 <subnet4> <subnet3>

gprs

mcc777 mnc222

Primary zone for PLMN mnc111.mcc777 Primary zone for PLMN mnc333.mcc777 Secondary zone for PLMN mnc222.mcc777 Secondary zone for PLMN mnc444.mcc777

mnc333 mnc444

Primary zone for PLMN mnc222.mcc777 Primary zone for PLMN mnc444.mcc777 Secondary zone for PLMN mnc111.mcc777 Secondary zone for PLMN mnc333.mcc777

DNS-DHCP1
w1- Start protocol analyser on the DNS server (primary or secondary) w2- Start the LINUX configuration software ( # linuxconf& ) w3- Go to DNS configuration Select tab <Config> Click on <Networking> Select tab <Server tasks>

DNS-DHCP2

24

w4- In the window Secondaries Click on <Add>

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 24

n n

Click on <Domain name server (DNS)>, a window DNS configurator appears: Click on <secondary>

5 DNS server : Secondary zone Create secondary zone

25

w5- In the window Secondary specification Fill in the necessary fields Click on <Accept>

w6-Quit the Linux configuration mode w7- Stop and display the trace on the protocol analyser. Explain the procedure.

Note: To replay the dialog between servers, you can restart the secondary server. w8- Display the the DNS configuration file (/etc/named.conf) as well as secondary zones (directory: /var/named/sec ). From the menu secondary zone of Linuxconf, how can we know if the secondary has been updated ?

w9- Start a capture on your protocol analyser and add a new RR in the Primary zone. Check if the update of the secondary is immediate? If not, check the set of notification tag. Describe the notification procedure.

w10- With nslookup, submit the secondary zone a domain name translation.

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 25

n n

Page intentionaly left blank

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 26

6- DNS server : Roaming inter PLMN

Session presentation

Objective: to be able to :
w

allow roaming between PLMN

27

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 27

6- DNS server : Roaming inter PLMN

Characteristics

FPLMN mncxxx.mccyyy.gprs

FPLMN mnczzz.mccnnn.gprs

GRX Inter-PLMN network

HPLMN mnc111.mcc777.gprs FPLMN mnc001.mcc123.gprs Not connected to GRX

28

. dna :sniamod eht rof ylno tub ,sredrawrof osla era SND lanretxE (NMLPF owt ehT n .SND XRG owt eht era sredrawrof tluafed eht n ,elpmaxe siht nI ,SND evals dna yramirp NMLPH roF

mnc001.mcc123.gprs)

mnc001.mcc123.gprs

mnc0001.mcc0123.gprs

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 28

6- DNS server : Roaming inter PLMN

Forwarder configuration

29

Only two groups of operators working on DNS-DHCP1 and DNS-DHCP2 w1- Start the LINUX configuration software (# linuxconf&)

w2- Go to DNS configuration Select tab <Config> Click on <Networking> Select tab <Server tasks>
Click on <Domain name server (DNS)>, a window DNS configurator appears:

w3- Select Forwarder Enter the IP addresses of the GRX DNS servers

w4- Select Forward zones Enter the concerned domain name Enter IP addresses of the concerned FPLMN DNS servers

w5- By means of analyzer and nslookup check the correct operation.

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 29

n n n n

Page intentionaly left blank

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 30

7 DNS server : Friendly apn name declaration

Session presentation

Objective: to be able to :
w

allow MS to use friendly APN-OI

31

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 31

7 DNS server : Friendly apn name declaration Create friendly zone

arpa In-addr <subnet1>

gprs

<subnet2>

mcc777

mnc111 mnc222

32

wCharacteristics : Note : Normally, only one Friendly apn name per PLMN for training raison Operator group 1 : apn1.fr.gprs. Operator group 2 : apn2.ca.gprs. Operator group 3 : apn3.uk.gprs. Operator group 4 : apn1.cn.gprs.

w1- Set correctly this domain name in the DNS tree. Draw the zone to be created. w2- Perform all the essential operations to get this friendly domain name available. w3- Carry out tests to check the correct operation

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 32

n n

Page intentionaly left blank

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 33

8- DHCP server : Address pool

Session presentation

Objective: to be able to : Add a new address pool in the DHCP server.

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 34

34

8- DHCP server : Address pool Characteristics

35

wNetwork number Operator group 1 : 11.11.11.0 / 24 Operator group 2 :22.22.0.0/16 Operator group 3 : 33.33.33.0/24 Operator group 4 : 44.44.0.0/16 wPool characteristics Operator group 1 :100 IP@ available for MS from 11.11.11.1 with the IP@ 11.11.11.50 excluded of the pool Operator group 2 : 1000 IP@ available for MS from 22.22.0.1 with the IP@ 22.22.0.50 excluded of the pool Operator group 3 : 100 IP@ available for MS from 33..33.33.1 with the IP@ 11.11.11.50 excluded of the pool Operator group 4 : 1000 IP@ available for MS from 44.44.0.1 with the IP@ 22.22.0.50 excluded of the pool wLease time allocated to the client if it does not require any lease time wMaximum lease time allocated to a client which requires a lease time wInformation provided in the response Netmask Operator group 1 Operator group 2 Operator group 3 Operator group 4 255.255.255.0 255.255.0.0 255.255.255.0 255.255.0.0 DNS IP address 11.11.11.50 22.22.22.50 33.33.33.50 44.44.44.50 1 hour 8 hours

Domain isp1.com isp2.com isp3.com isp4.com

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 35

8- DHCP server : Address pool Add pool

36

w1- Start the LINUX configuration software in a terminal window type : # linuxconfig &) a window appears hostname: Linuxconf

w2- Go to DHCP configuration Select tab <Config> Click on <Networking>


Select tab <Boot services> Click on <DHCP/BOOTP server>, a window DHCP configuration appears Click on <Addnet> a window One subnet definition appears

w3- Fill-in the various fields according to defined characteristics Note: if the pool is composed of several ranges of IP addresses within the same subnet : enter one range, click on <accept>, then select the just created subnet, introduce the next range, and so on. w4- Quit all parent windows w5- In the window status of the system, click on <Do it>
Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 36

n n n n

8- DHCP server : Address pool Verification

File : /etc/dhcpd.conf

37

w6- Check the DHCP configuration file Start a file manager Display the file : /etc/dhcpd.conf

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 37

Page intentionaly left blank

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 38

9 APN configuration: IP backbone message analysys

Session presentation

Objective: to be able to : Create an APN in order to analyse the protocols (DNS, DHCP, GTP) on Gn interface. .

Each operator group create an APN TEST-g11 (group1 on GGSN1) TEST-g22 (group2 on GGSN2) TEST-g31 (group3 on GGSN1) TEST-g42 (group4 on GGSN2)

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 39

l l l l l

39

9 APN configuration: IP backbone message analysys Operator group 1 - Characteristics

SGSN IP backbone
tenartnI

GGSN1

172.16.11.251

wAPN name TEST-g11 wGateway GGSN1 only wMS IP@

Dynamic, provided by DHCP1-server

wDHCP IP@ pool Private pool from 172.16.11.2/24 to 172.16.11.100/24 Additional informations provided by DHCP: Primary DNS: 172.16.11.252 Secondary DNS : 172.16.11.253 Domain : Intra-g11.com

Lease time : 10 hours wGi interface Not used , the IP@ destination will be created inside the GGSN (loopback interface) wCalled IP address 172.16.11.251 (loopback interface of GGSN1

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 40

1 PCHD/SND
n n n n n n n n n n n

Simulated by loopback interface in the GGSN

40

9 APN configuration: IP backbone message analysys Operator group 1 - APN configuration


Pool - network : - Mask : - Start @ : - End @ :
Zone :

IP backbone

Private IP@ 172.16.11.2 to 172.16.11.100

access-point access-point-name TEST-g11


interface Virtual-Template1 description Virtual Interface GTP ip address loopback 1 .

interface Loopback description IP@ used for IP pool apn test-g22

interface Loopback
description IP@ used as called address by TEST-g11

router ospf1

network 41

w1- Prepare your work and fill in the diagram on the next page w2-Configure the Name Servers. Apply a TTL= 1 minute to the APN domain name for training raison only. w3- Configure IP address pool in DHCP-1 w4- Create the APN configuration in the GGSN1 w5- Display the routing table and save it for future comparison

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 41

1NSGG

SN D

1PCHD

9 APN configuration: IP backbone message analysys Operator group 1 - Message analysis


GGSN1
a

10.1.1.101

24
Switch 3Com
f

6
10.1.1.210 Analyser (DNS/DHCP1 server)
42

w6- To facilitate the capture of frames (GTP, DHCP), disconnect the interface 10.1.10.101 of the GGSN1 leading to IP backbone 2. So, all messages will use the interface 10.1.1.101 Configure the 3com Switch of the IP backbone 10.1.1.0 to have the mirroring of the port connected to the GGSN1 (Interface 10.1.1.101) towards the port of the DHCP1-server (see procedure further) . Start the analyser on the of the DNS-DHCP1-server with a display filter to see only GTP, DNS and Bootp protocols. w7- Activate the debug DHCP on the GGSN1 #debug gprs dhcp detail #terminal monitor w8- Test the correct operation with a script test simulating only one MS. Display the activated PDP contexts (shpdp) Display the routing table (show ip route). What is the new entry. Analyse the debug messages Analyses the protocols on various analysers w9- Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp) How many new entries in the routing table (show ip route) w10- Make a route aggregation in the apn : Test-g11 of the GGSN1 w11- Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp)
Alcatel University - 8AS 90200 1317 VA in the routing table (show ip route) How many new entries ZZA Ed.02 42

n n n

Page intentionaly left blank

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 43

9 APN configuration: IP backbone message analysys Operator group 2 - Characteristics

SGSN IP backbone
tenartnI

GGSN2

172.16.22.251

wAPN name TEST-g22 wGateway GGSN2 only wMS IP@

Dynamic, provided by DHCP2-server

wDHCP IP@ pool Private pool from 172.16.22.2/24 to 172.16.22.100/24 Additional informations provided by DHCP: Primary DNS: 172.16.22.252 Secondary DNS : 172.16.22.253 Domain : Intra-g22.com

Lease time : 10 hours wGi interface Not used , the IP@ destination will be created inside the GGSN (loopback interface) wCalled IP address 172.16.22.251 (loopback interface of GGSN1

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 44

2 PCHD/SND
n n n n n n n n n n n

Simulated by loopback interface in the GGSN

44

9 APN configuration: IP backbone message analysys Operator group 2 - APN configuration


Pool - network : - Mask : - Start @ : - End @ :
Zone :

IP backbone

Private IP@ 172.16.11.2 to 172.16.11.100

access-point access-point-name TEST-g22


interface Virtual-Template1 description Virtual Interface GTP ip address loopback 1 .

interface Loopback description IP@ used for IP pool apn test-g22

interface Loopback
description IP@ used as called address by TEST-g22

router ospf1

network 45

w1- Prepare your work and fill in the diagram on the next page w2-Configure the Name Servers. Apply a TTL= 1 minute to the APN domain name for training raison only. w3- Configure IP address pool in DHCP-2 w4- Create the APN configuration in the GGSN2 w5- Display the routing table and save it for future comparison

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 45

2NSGG

SN D

1PCHD

9 APN configuration: IP backbone message analysys Operator group 2 - Message analysis


GGSN2
a

http://10.1.10.250

10.1.10.102

24
Switch 3Com
f

6
10.1.10.210 Analyser (DNS/DHCP2 server)
46

w6- To facilitate the capture of frames (GTP, DHCP), disconnect the interface 10.1.1.102 of the GGSN1 leading to IP backbone 1. So, all messages will use the interface 10.1.10.102 Configure the 3com Switch of the IP backbone 10.1.10.0 to have the mirroring of the port connected to the GGSN2 (Interface 10.1.10.102) towards the port of the DHCP21-server (see procedure further) . Start the analyser on the of the DNS-DHCP2-server with a display filter to see only GTP, DNS and Bootp protocols. w7- Activate the debug DHCP on the GGSN1 #debug gprs dhcp detail #terminal monitor w8- Test the correct operation with a script test simulating only one MS. Display the activated PDP contexts (shpdp) Display the routing table (show ip route). What is the new entry. Analyse the debug messages Analyses the protocols on various analysers w9- Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp) How many new entries in the routing table (show ip route) w10- Make a route aggregation in the apn : Test-g22 of the GGSN2 w11- Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp)
Alcatel University - 8AS 90200 1317 VA in the routing table (show ip route) How many new entries ZZA Ed.02 46

n n n

9 APN configuration: IP backbone message analysys Operator group 3 - Characteristics

SGSN IP backbone
tenartnI

GGSN1

172.16.31.251

wAPN name TEST-g31 wGateway GGSN1 only wMS IP@

Dynamic, provided by DHCP1-server

wDHCP IP@ pool Private pool from 172.16.31.2/24 to 172.16.31.100/24 Additional informations provided by DHCP: Primary DNS: 172.16.31.252 Secondary DNS : 172.16.31.253 Domain : Intra-g31.com

Lease time : 10 hours wGi interface Not used , the IP@ destination will be created inside the GGSN (loopback interface) wCalled IP address 172.16.31.251 (loopback interface of GGSN)

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 47

1 PCHD/SND
n n n n n n n n n n n

Simulated by loopback interface in the GGSN

47

9 APN configuration: IP backbone message analysys Operator group 3 - APN configuration


Pool - network : - Mask : - Start @ : - End @ :
Zone :

IP backbone

Private IP@ 172.16.11.2 to 172.16.11.100

access-point access-point-name TEST-g31


interface Virtual-Template1 description Virtual Interface GTP ip address loopback 1 .

interface Loopback description IP@ used for IP pool apn test-g31

interface Loopback
description IP@ used as called address by TEST-g31

router ospf1

network 48

w1- Prepare your work and fill in the diagram on the next page w2-Configure the Name Servers . Apply a TTL= 1 minute to the APN domain name for training raison only. w3- Configure IP address pool in DHCP-1 w4- Create the APN configuration in the GGSN1 w5- Display the routing table and save it for future comparison

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 48

1NSGG

SN D

1PCHD

9 APN configuration: IP backbone message analysys Operator group 3 - Message analysis


GGSN1
a

10.1.1.101

24
Switch 3Com
f

6
10.1.1.210 Analyser (DNS/DHCP1 server)
49

w6- To facilitate the capture of frames (GTP, DHCP), disconnect the interface 10.1.10.101 of the GGSN1 leading to IP backbone 2. So, all messages will use the interface 10.1.1.101 Configure the 3com Switch of the IP backbone 10.1.1.0 to have the mirroring of the port connected to the GGSN1 (Interface 10.1.1.101) towards the port of the DHCP1-server (see procedure further) . Start the analyser on the of the DNS-DHCP1-server with a display filter to see only GTP, DNS and Bootp protocols. w7- Activate the debug DHCP on the GGSN1 #debug gprs dhcp detail #terminal monitor w8- Test the correct operation with a script test simulating only one MS. Display the activated PDP contexts (shpdp) Display the routing table (show ip route). What is the new entry. Analyse the debug messages Analyses the protocols on various analysers w9- Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp) How many new entries in the routing table (show ip route) w10- Make a route aggregation in the apn : Test-g31 of the GGSN1 w11- Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp)
Alcatel University - 8AS 90200 1317 VA in the routing table (show ip route) How many new entries ZZA Ed.02 49

n n n

9 APN configuration: IP backbone message analysys Operator group 4 - Characteristics

SGSN IP backbone
tenartnI

GGSN2

172.16.42.251

wAPN name TEST-g42 wGateway GGSN2 only wMS IP@

Dynamic, provided by DHCP2-server

wDHCP IP@ pool Private pool from 172.16.42.2/24 to 172.16.42.100/24 Additional informations provided by DHCP: Primary DNS: 172.16.42.252 Secondary DNS : 172.16.42.253 Domain : Intra-g42.com

Lease time : 10 hours wGi interface Not used , the IP@ destination will be created inside the GGSN (loopback interface) wCalled IP address 172.16.42.251 (loopback interface of GGSN1)

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 50

2 PCHD/SND
n n n n n n n n n n n

Simulated by loopback interface in the GGSN

50

9 APN configuration: IP backbone message analysys Operator group 4 - APN configuration


Pool - network : - Mask : - Start @ : - End @ :
Zone :

IP backbone

Private IP@ 172.16.11.2 to 172.16.11.100

access-point access-point-name TEST-g42


interface Virtual-Template1 description Virtual Interface GTP ip address loopback 1 .

interface Loopback description IP@ used for IP pool apn test-g42

interface Loopback
description IP@ used as called address by TEST-g42

router ospf1

network 51

w1- Prepare your work and fill in the diagram on the next page w2-Configure the Name Servers . Apply a TTL= 1 minute to the APN domain name for training raison only. w3- Configure IP address pool in DHCP-2 w4- Create the APN configuration in the GGSN2 w5- Display the routing table and save it for future comparison

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 51

1NSGG

SN D

1PCHD

9 APN configuration: IP backbone message analysys Operator group 4 - Message analysis


GGSN2
a

http://10.1.10.250

10.1.10.102

24
Switch 3Com
f

6
10.1.10.210 Analyser (DNS/DHCP2 server)
52

w6- To facilitate the capture of frames (GTP, DHCP), disconnect the interface 10.1.1.102 of the GGSN1 leading to IP backbone 1. So, all messages will use the interface 10.1.10.102 Configure the 3com Switch of the IP backbone 10.1.10.0 to have the mirroring of the port connected to the GGSN2 (Interface 10.1.10.102) towards the port of the DHCP21-server (see procedure further) . Start the analyser on the of the DNS-DHCP2-server with a display filter to see only GTP, DNS and Bootp protocols. w7- Activate the debug DHCP on the GGSN1 #debug gprs dhcp detail #terminal monitor w8- Test the correct operation with a script test simulating only one MS. Display the activated PDP contexts (shpdp) Display the routing table (show ip route). What is the new entry. Analyse the debug messages Analyses the protocols on various analysers w9- Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp) How many new entries in the routing table (show ip route) w10- Make a route aggregation in the apn : Test-g42 of the GGSN2 w11- Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp)
Alcatel University - 8AS 90200 1317 VA in the routing table (show ip route) How many new entries ZZA Ed.02 52

n n n

10 APN configuration: GRE tunneling

Session presentation

Objective: to be able to : Create an APN using VPN concept

Each operator group create an APN Alcatel-g11 (group1 on GGSN1) Alcatel -g22 (group2 on GGSN2) Alcatel -g31 (group3 on GGSN1) Alcatel -g42 (group4 on GGSN2)

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 53

l l l l l

53

10 APN configuration: GRE tunneling Operator group 1 : Characteristics


access-point . access-point access-point-name alcatel-g11 ip-address-pool . aggregate .. dhcp-server .. dhcp-gateway-address .. vrf .. interface Tunnel1 ip vrf forwarding .. ip address .. tunnel source .. tunnel destination .. Tunnel GRE alcatel-g11
172.17.51.1 165.32.15.1
analyser interface ip address

GGSN1
interface Loopback.. ip address . router ospf1 network . 255.255.255.0

VPN

ip cef

ip vrf ... rd ...

VPN routing ip route vrf .. Internet routing ip route ..

Public IP@ 165. 32.15.254

To GGSN2

DNS

172.17.50.3 172.17.50.1 172.17.50.254

Characteristics wAPN name Alcatel-g11 (operator Group 1- GGSN1) wGateway GGSN1 only wMS IP@

wDHCP IP@ pool Private pool from 172.17.11.2/24 to 172.17.11.100/24 Additional Information provided to MS: Primary DNS : 172.17.50.1 Secondary DNS : 172.17.50.2 Domain: alcatel.fr

Lease time : 10 hours wVPN reference vpn_alcatel-g11 rd 101:1 wGi interface GRE Tunnelling over Internet wConnection parameters See diagram above wNote : Take care of subnet mask for tunnels because the other groups uses the same physical link for Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 their GRE tunnels 54

tenretnI
n n n n n n n n n n n n

Alcatel
198.91.23.254 198.91.23.253 Tunnel GRE alcatel-g11
172.17.51.2

172.17.50.0/24
172.17.50.2
DNS

Public IP@

54

Dynamic, provided by DHCP1-server

10 APN configuration: GRE tunneling Operator group 1 : Creation process


Notes:

55

w1.Configure the DNS. Apply a TTL= 1 minute to the APN domain name for training raison only. w2.Configure the DHCP-1 w3.Create the configuration in the GGSN1 w4.Make the connections, configure PCs and other routers. w5.Start the analyser on the Gi interface and on a PC of Alcatel network w6.From GGSN, ping a PC of Alcatel network (the ping must use the routing table of the vpn: #ping vrf .) and analyse the trace on various analysers. w7.Configure the 3com Switch of the IP backbone 10.1.1.0 to have the mirroring of the port connected to the GGSN1 (Interface 10.1.1.101) towards the port of the DHCP1-server. Disconnect the interface 10.1.10.101 of the GGSN1 leading to IP backbone 2. Start the analyser on the of the DHCP1-server with a display filter to see only GTP, DNS and Bootp protocol. w8.Test the correct operation. Analyse the protocols on various analysers

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 55

10 APN configuration: GRE tunneling Operator group 2 : Characteristics


access-point . access-point access-point-name alcatel-g22 ip-address-pool . aggregate .. dhcp-server .. dhcp-gateway-address .. vrf .. interface Tunnel1 ip vrf forwarding .. ip address .. tunnel source .. tunnel destination .. Tunnel GRE alcatel-g22
172.17.51.9
165.32.15.2 analyser Public IP@ interface ip address

GGSN2
interface Loopback.. ip address . router ospf1 network .

VPN

ip cef

ip vrf ... rd ...

VPN routing ip route vrf .. Internet routing ip route ..

To GGSN1 172.17.50.3

DNS

165. 32.15.254

172.17.50.1 172.17.50.254

Characteristics wAPN name Alcatel-g22 (operator Group 2- GGSN2) wGateway GGSN2 only wMS IP@

wDHCP IP@ pool Private pool from 172.17.22.2/24 to 172.17.22.100/24 Additional Information provided to MS: Primary DNS : 172.17.50.1 Secondary DNS : 172.17.50.2 Domain: alcatel.fr

Lease time : 10 hours wVPN reference vpn_alcatel-g22 rd 102:1 wGi interface GRE Tunnelling over Internet wConnection parameters See diagram above wNote : Take care of subnet mask for tunnels because the other groups uses the same physical link for Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 their GRE tunnels 56

tenretnI
n n n n n n n n n n n n

Alcatel
198.91.23.254 198.91.23.253 Tunnel GRE alcatel-g22
172.17.51.10

172.17.50.0/24
172.17.50.2
DNS

Public IP@

56

Dynamic, provided by DHCP2-server

10 APN configuration: GRE tunneling Operator group 1 : Creation process


Notes:

57

w1.Configure the DNS. Apply a TTL= 1 minute to the APN domain name for training raison only. w2.Configure the DHCP-1 w3.Create the configuration in the GGSN1 w4.Make the connections, configure PCs and other routers. w5.Start the analyser on the Gi interface and on a PC of Alcatel network w6.From GGSN, ping a PC of Alcatel network (the ping must use the routing table of the vpn: #ping vrf .) and analyse the trace on various analysers. w7.Configure the 3com Switch of the IP backbone 10.1.10.0 to have the mirroring of the port connected to the GGSN1 (Interface 10.1.10.102) towards the port of the DHCP2-server. Disconnect the interface 10.1.1.102 of the GGSN2 leading to IP backbone 1. Start the analyser on the of the DHCP2-server with a display filter to see only GTP, DNS and Bootp protocol. w8.Test the correct operation. Analyse the protocols on various analysers

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 57

10 APN configuration: GRE tunneling Operator group 3 : Characteristics


access-point . access-point access-point-name alcatel-g31 ip-address-pool . aggregate .. dhcp-server .. dhcp-gateway-address .. vrf .. interface Tunnel2 ip vrf forwarding .. ip address .. tunnel source .. tunnel destination .. Tunnel GRE alcatel-g31
172.17.51.5
interface ip address

GGSN1
interface Loopback.. ip address . router ospf1 network .

Private IP@
172.17.31.2

to
172.17.31.100

VPN

ip cef

ip vrf ... rd ...

VPN routing ip route vrf .. Internet routing ip route ..

165.32.15.4
analyser

165.32.15.1 Public IP@ 165. 32.15.254 To GGSN2 172.17.50.3 172.17.50.1 172.17.50.254


DNS

Characteristics wAPN name Alcatel-g31 (operator Group 3- GGSN1) wGateway GGSN1 only wMS IP@

wDHCP IP@ pool Private pool from 172.17.31.2/24 to 172.17.311.100/24 Additional Information provided to MS: Primary DNS : 172.17.50.1 Secondary DNS : 172.17.50.2 Domain: alcatel.fr

Lease time : 10 hours wVPN reference vpn_alcatel-g31 rd 103:1 wGi interface GRE Tunnelling over Internet wConnection parameters See diagram above wNote : Take care of subnet mask for tunnels because the other groups uses the same physical link for Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 their GRE tunnels 58

tenretnI
198.91.23.254

Alcatel Public IP@


172.17.51.6

172.17.50.0/24
172.17.50.2
DNS

198.91.23.253 Tunnel GRE alcatel-g31

58

n n n n n n n n n n n n

Dynamic, provided by DHCP1-server

10 APN configuration: GRE tunneling Operator group 3 : Creation process


Notes:

59

w1.Configure the DNS. Apply a TTL= 1 minute to the APN domain name for training raison only. w2.Configure the DHCP-1 w3.Create the configuration in the GGSN1 w4.Make the connections, configure PCs and other routers. w5.Start the analyser on the Gi interface and on a PC of Alcatel network w6.From GGSN, ping a PC of Alcatel network (the ping must use the routing table of the vpn: #ping vrf .) and analyse the trace on various analysers. w7.Configure the 3com Switch of the IP backbone 10.1.1.0 to have the mirroring of the port connected to the GGSN1 (Interface 10.1.1.101) towards the port of the DHCP1-server. Disconnect the interface 10.1.10.101 of the GGSN1 leading to IP backbone 2. Start the analyser on the of the DHCP1-server with a display filter to see only GTP, DNS and Bootp protocol. w8.Test the correct operation. Analyse the protocols on various analysers

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 59

10 APN configuration: GRE tunneling Operator group 4 : Characteristics


access-point . access-point access-point-name alcatel-g42 ip-address-pool . aggregate .. dhcp-server .. dhcp-gateway-address .. vrf .. interface Tunnel2 ip vrf forwarding .. ip address .. tunnel source .. tunnel destination .. Tunnel GRE alcatel-g42
172.17.51.13 165.32.15.2
analyser interface ip address

GGSN2
interface Loopback.. ip address . router ospf1 network .

VPN

ip cef

ip vrf ... rd ...

VPN routing ip route vrf .. Internet routing ip route ..

Public IP@ 165. 32.15.254

To GGSN1 172.17.50.3

DNS

172.17.50.1 172.17.50.254

Characteristics wAPN name Alcatel-g42 (operator Group 4- GGSN2) wGateway GGSN2 only wMS IP@

wDHCP IP@ pool Private pool from 172.17.42.2/24 to 172.17.42.100/24 Additional Information provided to MS: Primary DNS : 172.17.50.1 Secondary DNS : 172.17.50.2 Domain: alcatel.fr

Lease time : 10 hours wVPN reference vpn_alcatel-g42 rd 104:1 wGi interface GRE Tunnelling over Internet wConnection parameters See diagram above wNote : Take care of subnet mask for tunnels because the other groups uses the same physical link for Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 their GRE tunnels 60

tenretnI
198.91.23.254 198.91.23.253

Alcatel Public IP@


172.17.51.14

172.17.50.0/24
172.17.50.2
DNS

Tunnel GRE alcatel-g42

60

n n n n n n n n n n n n

Dynamic, provided by DHCP2-server

10 APN configuration: GRE tunneling Operator group 4 : Creation process


Notes:

61

w1.Configure the DNS. Apply a TTL= 1 minute to the APN domain name for training raison only. w2.Configure the DHCP-1 w3.Create the configuration in the GGSN1 w4.Make the connections, configure PCs and other routers. w5.Start the analyser on the Gi interface and on a PC of Alcatel network w6.From GGSN, ping a PC of Alcatel network (the ping must use the routing table of the vpn: #ping vrf .) and analyse the trace on various analysers. w7.Configure the 3com Switch of the IP backbone 10.1.10.0 to have the mirroring of the port connected to the GGSN1 (Interface 10.1.10.102) towards the port of the DHCP2-server. Disconnect the interface 10.1.1.102 of the GGSN2 leading to IP backbone 1. Start the analyser on the of the DHCP2-server with a display filter to see only GTP, DNS and Bootp protocol. w8.Test the correct operation. Analyse the protocols on various analysers

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 61

Page intentionaly left blank

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 62

11 APN configuration: NAT & PAT

Session presentation

Objective: to be able to : Create an APN leading to Internet and using NAT function

Each operator group create an APN Internet-g11 (group1 on GGSN1) Internet-g22 (group2 on GGSN2) Internet-g31 (group3 on GGSN1) Internet-g42 (group4 on GGSN2)

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 63

l l l l l

63

11 APN configuration: NAT & PAT Operator group 1 : Characteristics


access-point . access-point access-point-name alcatel

Private IP@
172.18.11.2 to 172.18.11.100

access-point . access-point access-point-name Internet-g11

ip nat inside
interface FastEthernet.. ip address 165.32.15.1 255.255.255.0 ip nat ..

165.32.15.1

165.32.15.4
Analyzer Public IP@ 165. 32.15.254

To GGSN2

198.91.23.254 Tunnel

to

Intranet

Characteristics wAPN name Internet-g11 wGateway GGSN1 only wMS IP@ Dynamic, provided by DHCP1-server wDHCP IP@ pool

Private pool from 172.18.11.2/24 to 172.18.11.100/24 Additional informations provided by DHCP: Primary DNS server : 195.5.5.5 Secondary DNS server :196.6.6.6

Lease time : 10 hours wGi interface NAT Public IP@ pool 165.32.16.1 to 165.32.16.3 wConnection parameters See diagram above wInternet IP@ for testing 198.91.23.1

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 64

1 NSGG

interface Loopback description giaddr for apn router ospf1 network interface Virtual-Template1 description Virtual Interface GTP ip address loopback 1 ip nat .

access-list ip nat pool Internet routing


ip route

198.91.23.1

198.91.23.253

tenretnI
n n n n n n n n n n

Alcatel (Intranet)
64

11 APN configuration: NAT & PAT Operator group 1 : Process


Notes:

65

w1.Configure the DNS. Apply a TTL= 1 minute to the APN domain name for training raison only. w2.Configure the DHCP-1 w3.Create the configuration in the GGSN1 w4.Make the connections, configure PCs and other routers. w5.Start the analyser on the Gi interface w6.Configure the 3com Switch of the IP backbone 10.1.1.0 to have the mirroring of the port connected to the GGSN1 (Interface 10.1.1.101) towards the port of the DHCP1-server. Disconnect the interface 10.1.10.101 of the GGSN1 leading to IP backbone 2. Start the analyser on the of the DHCP1-server with a display filter to see only GTP, DNS and Bootp protocol. w7.Activate the debug ip nat on the GGSN1 w8.Test the correct operation with a script test simulating only one MS. Display the activated PDP contexts (shpdp) Display the routing table (show ip route). What is the new entry? Display the NAT translation table (show ip nat translation) Analyses the protocols on various analysers w9.Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp) How many MS can access to Internet (show ip nat translation), perform a debug ip nat details w10. Implement the PAT function. w11.Test the correct operation of PAT with a script test simulating several MS. Display the NAT translation table (show ip nat translation). Alcatel University - 8AS 90200 1317 VA ZZA Ed.02
65

11 APN configuration: NAT & PAT Operator group 2 : Characteristics


access-point . access-point access-point-name alcatel

Private IP@
172.18.22.2 to 172.18.22.100

access-point . access-point access-point-name Internet-g21

ip nat inside
interface FastEthernet.. ip address 165.32.15.2 255.255.255.0 ip nat ..

165.32.15.2

165.32.15.4
Analyzer Public IP@ 165. 32.15.254

To GGSN1

198.91.23.254 Tunnel

to

Intranet

Characteristics wAPN name Internet-g22 wGateway GGSN2 only wMS IP@ Dynamic, provided by DHCP2-server wDHCP IP@ pool

Private pool from 172.18.22.2/24 to 172.18.22.100/24 Additional informations provided by DHCP: Primary DNS server : 195.5.5.5 Secondary DNS server :196.6.6.6

Lease time : 10 hours wGi interface NAT Public IP@ pool 165.32.16.9 to 165.32.16.11 wConnection parameters See diagram above wInternet IP@ for testing 198.91.23.1

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 66

2 NSGG

interface Loopback description giaddr for apn router ospf1 network interface Virtual-Template1 description Virtual Interface GTP ip address loopback 1 ip nat .

access-list ip nat pool Internet routing


ip route

198.91.23.1

198.91.23.253

tenretnI
n n n n n n n n n n

Alcatel (Intranet)
66

11 APN configuration: NAT & PAT Operator group 2 : Process


Notes:

67

w1.Configure the DNS. Apply a TTL= 1 minute to the APN domain name for training raison only. w2.Configure the DHCP-2 w3.Create the configuration in the GGSN2 w4.Make the connections, configure PCs and other routers. w5.Start the analyser on the Gi interface w6.Configure the 3com Switch of the IP backbone 10.1.10.0 to have the mirroring of the port connected to the GGSN2 (Interface 10.1.10.102) towards the port of the DHCP2-server. Disconnect the interface 10.1.1.102 of the GGSN2 leading to IP backbone 1. Start the analyser on the of the DHCP2-server with a display filter to see only GTP, DNS and Bootp protocol. w7.Activate the debug ip nat on the GGSN2 w8.Test the correct operation with a script test simulating only one MS. Display the activated PDP contexts (shpdp) Display the routing table (show ip route). What is the new entry? Display the NAT translation table (show ip nat translation) Analyses the protocols on various analysers w9.Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp) How many MS can access to Internet (show ip nat translation), perform a debug ip nat details w10. Implement the PAT function. w11.Test the correct operation of PAT with a script test simulating several MS. Display the NAT translation table (show ip nat translation). Alcatel University - 8AS 90200 1317 VA ZZA Ed.02
67

11 APN configuration: NAT & PAT Operator group 3 : Characteristics


access-point . access-point access-point-name alcatel

Private IP@
172.18.31.2 to 172.18.31.100

access-point . access-point access-point-name Internet-g31

ip nat inside
interface FastEthernet.. ip address 165.32.15.1 255.255.255.0 ip nat ..

165.32.15.1

165.32.15.4
Analyzer Public IP@ 165. 32.15.254

To GGSN2

198.91.23.254 Tunnel

to

Intranet

Characteristics wAPN name Internet-g31 wGateway GGSN1 only wMS IP@ Dynamic, provided by DHCP1-server wDHCP IP@ pool

Private pool from 172.18.31.2/24 to 172.18.31.100/24 Additional informations provided by DHCP: Primary DNS server : 195.5.5.5 Secondary DNS server :196.6.6.6

Lease time : 10 hours wGi interface NAT Public IP@ pool 165.32.16.5 to 165.32.16.7 wConnection parameters See diagram above wInternet IP@ for testing 198.91.23.1

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 68

1 NSGG

interface Loopback description giaddr for apn router ospf1 network interface Virtual-Template1 description Virtual Interface GTP ip address loopback 1 ip nat .

access-list ip nat pool Internet routing


ip route

198.91.23.1

198.91.23.253

tenretnI
n n n n n n n n n n

Alcatel (Intranet)
68

11 APN configuration: NAT & PAT Operator group 3 : Process


Notes:

69

w1.Configure the DNS. Apply a TTL= 1 minute to the APN domain name for training raison only. w2.Configure the DHCP-1 w3.Create the configuration in the GGSN1 w4.Make the connections, configure PCs and other routers. w5.Start the analyser on the Gi interface w6.Configure the 3com Switch of the IP backbone 10.1.1.0 to have the mirroring of the port connected to the GGSN1 (Interface 10.1.1.101) towards the port of the DHCP1-server. Disconnect the interface 10.1.10.101 of the GGSN1 leading to IP backbone 2. Start the analyser on the of the DHCP1-server with a display filter to see only GTP, DNS and Bootp protocol. w7.Activate the debug ip nat on the GGSN1 w8.Test the correct operation with a script test simulating only one MS. Display the activated PDP contexts (shpdp) Display the routing table (show ip route). What is the new entry? Display the NAT translation table (show ip nat translation) Analyses the protocols on various analysers w9.Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp) How many MS can access to Internet (show ip nat translation), perform a debug ip nat details w10. Implement the PAT function. w11.Test the correct operation of PAT with a script test simulating several MS. Display the NAT translation table (show ip nat translation). Alcatel University - 8AS 90200 1317 VA ZZA Ed.02
69

11 APN configuration: NAT & PAT Operator group 4 : Characteristics


access-point . access-point access-point-name alcatel

Private IP@
172.18.42.2 to 172.18.42.100

access-point . access-point access-point-name Internet-g42

ip nat inside
interface FastEthernet.. ip address 165.32.15.2 255.255.255.0 ip nat ..

165.32.15.2

165.32.15.4
Analyzer Public IP@ 165. 32.15.254

To GGSN1

198.91.23.254 Tunnel

to

Intranet

Characteristics wAPN name Internet-g42 wGateway GGSN2 only wMS IP@ Dynamic, provided by DHCP2-server wDHCP IP@ pool

Private pool from 172.18.42.2/24 to 172.18.42.100/24 Additional informations provided by DHCP: Primary DNS server : 195.5.5.5 Secondary DNS server :196.6.6.6

Lease time : 10 hours wGi interface NAT Public IP@ pool 165.32.16.13 to 165.32.16.15 wConnection parameters See diagram above wInternet IP@ for testing 198.91.23.1

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 70

2 NSGG

interface Loopback description giaddr for apn router ospf1 network interface Virtual-Template1 description Virtual Interface GTP ip address loopback 1 ip nat .

access-list ip nat pool Internet routing


ip route

198.91.23.1

198.91.23.253

tenretnI
n n n n n n n n n n

Alcatel (Intranet)
70

11 APN configuration: NAT & PAT Operator group 4 : Process


Notes:

71

w1.Configure the DNS. Apply a TTL= 1 minute to the APN domain name for training raison only. w2.Configure the DHCP-2 w3.Create the configuration in the GGSN2 w4.Make the connections, configure PCs and other routers. w5.Start the analyser on the Gi interface w6.Configure the 3com Switch of the IP backbone 10.1.10.0 to have the mirroring of the port connected to the GGSN2 (Interface 10.1.10.102) towards the port of the DHCP2-server. Disconnect the interface 10.1.1.102 of the GGSN2 leading to IP backbone 1. Start the analyser on the of the DHCP2-server with a display filter to see only GTP, DNS and Bootp protocol. w7.Activate the debug ip nat on the GGSN2 w8.Test the correct operation with a script test simulating only one MS. Display the activated PDP contexts (shpdp) Display the routing table (show ip route). What is the new entry? Display the NAT translation table (show ip nat translation) Analyses the protocols on various analysers w9.Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp) How many MS can access to Internet (show ip nat translation), perform a debug ip nat details w10. Implement the PAT function. w11.Test the correct operation of PAT with a script test simulating several MS. Display the NAT translation table (show ip nat translation). Alcatel University - 8AS 90200 1317 VA ZZA Ed.02
71

12 APN configuration: APN access via 2 GGSN

Session presentation

Objective: to be able to : Create an APN accessible via the two GGSNs

Each operator group create an APN apn-g1 (group1) apn-g2 (group2) apn-g3 (group3) apn-g4 (group4)

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 72

l l l l l

72

Page intentionally left blank

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 73

12 APN configuration: APN access via 2 GGSN Operator group 1 : Characteristics

GGSN1 IP backbone GGSN2


tenartnI

SGSN

wAPN name APN-g1 wGateway GGSN1 and GGSN2 wMS IP@

Dynamic, provided by DHCP1 and DHCP2 servers

wDHCP IP@ pool Private pool from 172.30.0.2/16 to 172.30.255.250/16 Additional informations provided by DHCP: Primary DNS: 172.30.255.252 Secondary DNS : 172.30.255.253 Domain : group1.com

Lease time : 10 hours wGi interface Not used , the IP@ destination will be created inside the GGSN (loopback interface) wCalled IP address 172.30.0.1 (loopback interface of GGSN1also used as giaddr)

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 74

2 PCHD/SND

1 PCHD/SND

172.30.0.1

Simulated by loopback interface in the GGSN


74

n n n n n n n n n n n

12 APN configuration: APN access via 2 GGSN Operator group 1 : Configuration


DHCP-1 - network : - Mask : - Start @ : - End @ : - network : - Mask : - Start @ : - End @ : - network : - Mask : - Start @ : - End @ : - network : - Mask : - Start @ : - End @ : DHCP-2

interface Loopback description IP@ used for IP pool apn apn-g1

interface Loopback description IP@ used for IP pool apn apn-g1

router ospf1

router ospf1

network access-point access-point-name APN-g1

network access-point access-point-name APN-g1

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 75

2NSGG
75

1NSGG

12 APN configuration: APN access via 2 GGSN Operator group 2 : Characteristics

GGSN1 IP backbone GGSN2


tenartnI

SGSN

wAPN name APN-g2 wGateway GGSN1 and GGSN2 wMS IP@

Dynamic, provided by DHCP1 and DHCP2 servers

wDHCP IP@ pool Private pool from 172.31.0.2/16 to 172.31.255.250/16 Additional informations provided by DHCP: Primary DNS: 172.31.255.252 Secondary DNS : 172.31.255.253 Domain : group2.com

Lease time : 10 hours wGi interface Not used , the IP@ destination will be created inside the GGSN (loopback interface) wCalled IP address 172.31.0.1 (loopback interface of GGSN1also used as giaddr)

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 76

2 PCHD/SND

1 PCHD/SND

172.31.0.1

Simulated by loopback interface in the GGSN


76

n n n n n n n n n n n

12 APN configuration: APN access via 2 GGSN Operator group 2 : Configuration


DHCP-1 - network : - Mask : - Start @ : - End @ : - network : - Mask : - Start @ : - End @ : - network : - Mask : - Start @ : - End @ : - network : - Mask : - Start @ : - End @ : DHCP-2

interface Loopback description IP@ used for IP pool apn apn-g1

interface Loopback description IP@ used for IP pool apn apn-g1

router ospf1

router ospf1

network access-point access-point-name APN-g1

network access-point access-point-name APN-g1

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 77

2NSGG
77

1NSGG

12 APN configuration: APN access via 2 GGSN Operator group 3 : Characteristics

GGSN1 IP backbone GGSN2


tenartnI

SGSN

wAPN name APN-g3 wGateway GGSN1 and GGSN2 wMS IP@

Dynamic, provided by DHCP1 and DHCP2 servers

wDHCP IP@ pool Private pool from 172.32.0.2/16 to 172.32.255.250/16 Additional informations provided by DHCP: Primary DNS: 172.32.255.252 Secondary DNS : 172.32.255.253 Domain : group3.com

Lease time : 10 hours wGi interface Not used , the IP@ destination will be created inside the GGSN (loopback interface) wCalled IP address 172.32.0.1 (loopback interface of GGSN1also used as giaddr)

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 78

2 PCHD/SND

1 PCHD/SND

172.32.0.1

Simulated by loopback interface in the GGSN


78

n n n n n n n n n n n

12 APN configuration: APN access via 2 GGSN Operator group 3 : Configuration


DHCP-1 - network : - Mask : - Start @ : - End @ : - network : - Mask : - Start @ : - End @ : - network : - Mask : - Start @ : - End @ : - network : - Mask : - Start @ : - End @ : DHCP-2

interface Loopback description IP@ used for IP pool apn apn-g1

interface Loopback description IP@ used for IP pool apn apn-g1

router ospf1

router ospf1

network access-point access-point-name APN-g1

network access-point access-point-name APN-g1

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 79

2NSGG
79

1NSGG

12 APN configuration: APN access via 2 GGSN Operator group 4 : Characteristics

GGSN1 IP backbone GGSN2


tenartnI

SGSN

wAPN name APN-g4 wGateway GGSN1 and GGSN2 wMS IP@

Dynamic, provided by DHCP1 and DHCP2 servers

wDHCP IP@ pool Private pool from 172.33.0.2/16 to 172.33.255.250/16 Additional informations provided by DHCP: Primary DNS: 172.33.255.252 Secondary DNS : 172.33.255.253 Domain : group4.com

Lease time : 10 hours wGi interface Not used , the IP@ destination will be created inside the GGSN (loopback interface) wCalled IP address 172.33.0.1 (loopback interface of GGSN1also used as giaddr)

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 80

2 PCHD/SND

1 PCHD/SND

172.33.0.1

Simulated by loopback interface in the GGSN


80

n n n n n n n n n n n

12 APN configuration: APN access via 2 GGSN Operator group 4 : Configuration


DHCP-1 - network : - Mask : - Start @ : - End @ : - network : - Mask : - Start @ : - End @ : - network : - Mask : - Start @ : - End @ : - network : - Mask : - Start @ : - End @ : DHCP-2

interface Loopback description IP@ used for IP pool apn apn-g1

interface Loopback description IP@ used for IP pool apn apn-g1

router ospf1

router ospf1

network access-point access-point-name APN-g1

network access-point access-point-name APN-g1

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 81

2NSGG
81

1NSGG

Page intentionally left blank

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 82

13 OMC-PS : NNM-Net Session presentation


w

Objective: to be able to configure and manage GPRS IP backbone from NNM-net of OMC-PS program: 1 2 3 4 5 6 7 8 9 Configure auto-discovery Perform a first discover Extend the discovery Move symbols through the various submaps Test device reachability Display device configuration Display performances Browse the GGSN MIB Collect performances
83

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 83

l l l l l l l l l

13 MNM-net configuration Configure auto-discovery

> su Password: ********* #/opt/OV/bin/ovstop netmon #/opt/OV/bin/ovstart netmon

> su Password: ********* #cd /etc/opt/OV/share/conf #ls #vi netmon.noDiscover *.*.*.*


Vi commands : <esc>i : insert under cursor <esc>a : insert after cursor <esc>x : delete a character <esc>dd : delete a line <esc>:wq : write and quit <esc>:q! : quit without save

84

Note : The trainer delete all devices of the NNM-net NNM-NET> double click on icon Internet > Edit > Delete >From All Submap > OK With vi editor, in the file /etc/opt/OV/share/conf/seedfile, delete all lines With vi editor, in the file /etc/opt/OV/share/conf/netmon.noDiscover, write down a # at the beginning of the line *.*.*.* ______________________________________________________________________________________ _ w1- Start NNM-Net w2- Double click on icon Internet
No auto discovery. Why?

w3- Display netmon.noDiscover Start a Terminal, login as su (default password : install10) # more /etc/opt/OV/share/conf/ntemon.noDiscover w4- Operator group 2 only - Configure netmon.noDiscover to allow the auto-discover of all devices. With vi editor, in the file /etc/opt/OV/share/conf/ntemon.noDiscover, delete the # at the beginning of the line *.*.*.* w5- Operator group 2 only - Restart OV Stop OV /opt/OV/bin/ovstop netmon delete all devices in the submap, select all symbols
Alcatel tart OV - 8AS 90200 1317 VA ZZA Ed.02 SUniversity 84

n n n n n n

Edit > Delete > From All Submaps > Ok

/opt/OV/bin/ovstart netmon

13 MNM-net configuration Perform a first discover

a C

85

w1- Display the network where OMC-PS is connected to. Double click on icon Internet (a) a submap displays the network where OMC-PS is connected to.

Display the legend Help > Display legend > operational Status Colors (use help on the window to get more information) Help > Display legend > Administrative Status Colors (use help on the window to get more information) w2- Perform a zoom on the network Double click on the icon representing the network where OMC-PS is connected to. (b) Double click on the icon representing the LAN segment where OMC-PS is connected to. (c) A submap displays the IP devices connected to this LAN. w3- Modify the label of symbol : Operator group 1 : CiscoWorks Operator group 2 : Mgt_Lan Operator group 3 : SGSN_craft1 Operator group 4 : SGSN_craft2 To modify the name assigned to symbols representing an IP device

To modify the name assigned to segment1 representing management LAN


Click right on the symbol > Describe/Modify symbol modify the label (for example : Mgt LAN) OK

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 85

n n n n n n

Knowing the theory can you imagine what is the meaning of white color for icon? .. Why these icons are white?.

Click right on a symbol > Describe/Modify symbol modify the label OK

MNM-net configuration Extend the discovery

vi netmon.noDiscover

vi seedfile
a

86

w1- Opertor group 3 only - Extend the discovery Start a Terminal, login as su (default password : install10) With vi editor, in the file /etc/opt/OV/share/conf/seedfile (a) add at least one router of each network to be discovered w2- Opertor group 3 only - Restart OV Stop OV /opt/OV/bin/ovstop netmon delete all devices in the submap, select all symbols Start OV /opt/OV/bin/ovstart netmon w3- Check the correct discovery w4- Opertor group 4 only - Prevent the discovery of the LSN (1.1.1.0, 2.2.2.0, loopbacks, MS IP@ pool) Start a Terminal, login as su (default password : install10) With vi editor, in the file /etc/opt/OV/share/conf/ntemon.noDiscover (b) add netid of these networks Stop OV /opt/OV/bin/ovstop netmon delete all devices in the submap, select all symbols

Alcatel the correct operation w5- Check University - 8AS 90200 1317 VA ZZA Ed.02 86

n n n n n n n n n n

Edit > Delete > From All Submaps > Ok

Edit > Delete > From All Submaps > Ok

Start OV /opt/OV/bin/ovstart netmon

MNM-net configuration Move symbols through the various submaps

87

w1- Each operator group creates a new map Map > Maps > New the name will be GROUPn w2- Arrange the location of the various devices and networks Move to Internet submap drag and drop symbols to the correct position Keep this arrangement View > Automatic Layout > Off For This Submap w3- In order to have a complete view of all objects of the CN backbone (SGSN stations, OMC-PS, CG, PCcraft, links, ) in only one submap, add objects in the Internet submap. Zoom to various submaps, Select object(s) (press <Ctl> key to select several objects)

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 87

n n n n n n n n

Edit > Copy: From This Submap

Go back to the Internet submap


Edit > Past

Drag and drop objects to the correct location. Draw the connections Edit > Add Connection
Select a connection class Select a connection subclass Click on the source symbol of this link then, click on the destination symbol A Add Object window appears. Enter Selection Name. To know the correct name of a link, go to submap where the symbol has been copied, select the link then click right > Describe/Modify object select the Selection name go back to the add object window and past the selection name (middle button) a Warning message indicate that selection name already exist. Click OK

MNM-net configuration Test device reachability

88

w1- Test reachability from OMC-PS select a router Fault > Ping select a station of SGSN server Fault > Ping w2- Test IP/TCP/SNMP select a device Fault > Test IP / TCP / SNMP w3- Test network connectivity of a device select a device Fault > Network Connectivity: Poll Node

w4- Trace the route between devices Fault > Locate Route : via SNMP enter the IP@ of the source device managing SNMP (e.g. OMC-PS IP@) in From Name or IP Address enter the IP@ of the remote device (e.g. station of sgsn server) in To Name or IP Address

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 88

n n n n n

Does this device manage : SNMP? ..; version ? HTTP? .

MNM-net configuration Display device configuration

89

w1- Display information about system Select a router Configuration > System Information When was the last reboot ? w2- Display information about network Select a router Configuration > Network configuration Display Addresses Display Routing Table Display ARP Cache Display Services

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 89

n n n n

MNM-net configuration Display performances

90

w1- Perform Statistics on the interfaces and on their traffic Select an SNMP device (router, DNS/DHCP, ) Performance > Network Activity > Interface Statistics Performance > Network Activity > Interface Traffic

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 90

MNM-net configuration Browse the GGSN MIB

91

w1- Display interfaces by means of SNMP browser Select a router Misc > SNMP MIB Browser Select : mgmt > mib-2 > interfaces > ifTable > ifEntry > ifDescr Click on Describe, what is the Object ID in the MIB? ..

w2- Display ARP table by means of SNMP browser Select a router Misc > SNMP MIB Browser Select : iso. org. dod. Internet. mgmt. mib-2. Ip. pNetToMediaTable. ipNetToMediaEntry ipNetToMediaPhysAddess Click on Start Query w3- Display APN configuration of a GGSN Select a GGSN Misc > SNMP MIB Browser Select : iso. org. dod. Internet. Privat. Entreprises. Cisco. ciscoMgmt. ciscoGprsAccPtMib. ciscoGprsAccPtMBObjects. ciscoGprsAccPtConfig. cgprsAccPtTable. cgprsAccPtEntry. cgprsAccPtName Click on Start Query perform a Start Query of the other MIB object ID of the APN Alcatel University - 8AS 90200 1317 VA ZZA Ed.02

n n n n n n n n n

Close

Click on Start Query


What are the index for physical interfaces Interface | Description | | | | |

91

MNM-net configuration Collect performances : Select MIB counters

e See next page 92

The GGSN is a generic IP device (standard router functions), implementing GPRS functions. As a consequence, GGSN supports both MIB's of a generic IP device and GPRS MIB's. CISCO-GTP-MIB, CISCO-GGSN-MIB, CISCO-GGSN-QOS-MIB, CISCO-GPRS-ACC-PT-MIB and CISCO-GPRSCHARGING-MIB are specific GPRS MIBs. w1- Select MIB counters. From NNM view Options (a) ->Data Collection & thresholds: SNMP (b) (a window Data Collection & thresholds appears) Edit->Add->MIB objects (c) (a window Data Collection & thresholds : MIB object selection appears)

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 92

Navigate in the MIB to select the desired MIB object ID of the requested counter: (d)
.iso.org.dod. internet. private. enterprises. cisco. ciscoMgmt. ciscoGprsAccPtMib. ciscoGprsAccPtMBObjects. ciscoGprsAccPtStatistics. cgprsAccPtStatisticsTable. cgprsAccPtMsActivatedPdps Click on Describe . What is the function of this counter? . Click on Apply (e) (a window Add cgprsCollection for appears ) see next page

MNM-net configuration Collect performances : Configure collection


From previous page

f g h i

93

w1- Configure the collection. from the window Add cgprsCollection for
Source : enter the VT ip@ of GGSN then Add . Repeat for the second GGSN (f) Collection Mode : Store, No Thresholds (g) Polling Interval : 15m (h) Instances: All (means all APNs) ( i ) OK ( j )

w2- Repeat these operations (select MIB counters and Configure the collection) for the counter : (d- j) .iso.org.dod. internet. private. enterprises. cisco. ciscoMgmt. ciscoGprsAccPtMib. ciscoGprsAccPtMBObjects. ciscoGprsAccPtStatistics. cgprsAccPtStatisticsTable. cgprsAccPtSuccMsActivatedPdps
What is the function of this counter?

w3- Save and start the collection. From window Data Collection & thresholds : SNMP ) File > Save (k)

wGenerate a GPRS nominal traffic during over one day (attach, activate, PDU traffic, detach...)

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 93

MNM-net configuration Collect performances : Display results


b d a c e

94

w1- Deactivate the collection of observations . From the window Data Collection & thresholds Select MIB objects (a) (use <ctrl> key to select several objects) Actions (b) -> Suspend Collection (c)

w2- Display these observations from SNMP Data Collector. From the window Data Collection & thresholds Select a MIB object Actions -> Show Data (d)
The counter values are displayed.

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 94

n n

Select an instance (e)


The existence of a particular value for a MIB object in the agent database is called an instance. Some MIB objects have only a single instance for a given agent system (for example, system description). Other MIB objects have multiple instances for a given agent system (for example, interface status for each interface on the Click on Graph (f)

system or statistic counter for each APN,...).

Annex 1 : L2TP procedure

Authentication Protocol : .. .. GGSN Name :


TENRETNI

LNS
Name :

Username :

GPRS
IP@ :

L2TP
Domain :..

Session ID :. Tunnel ID :.. Tunnel ID :..

Session ID :

RADIUS server

95

wObjectives Verify the correct operation of a L2TP procedure

wCharacteristics : Given the following analysis trace of the Gi interface where L2TP has been implemented

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 95

n n

Annex 1 -L2TP procedure

Layer 2 Tunneling Protocol Packet Type: Control Message Tunnel Id=0 Session Id=0 1... .... .... .... = Type: Control Message (1) .1.. .... .... .... = Length Bit: Length field is present .... 1... .... .... = Sequence Bit: Ns and Nr fields are present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 128, Tunnel ID: 0, Session ID: 0, Ns: 0, Nr: 0 AVP Type Control Message Mandatory:True, Hidden:False, Length:8 Control Message Type: (1) Start_Control_Request AVP Type Protocol Version Mandatory:True, Hidden:False, Length:8 Version: 1 Revision: 0 AVP Type Framing Capabilities Mandatory:True, Hidden:False, Length:10 ASYNC FRAMING: False SYNC FRAMING: False AVP Type Bearer Capabilities Mandatory:True, Hidden:False, Length:10 Analog Access: False Digital Access: False AVP Type Firmware Revision Mandatory:False, Hidden:False, Length:8 Firmware Revision: 4400 0x1130 AVP Type Host Name Mandatory:True, Hidden:False, Length:9 Host Name: nas AVP Type Vendor Name Mandatory:False, Hidden:False, Length:25 Vendor Name: Cisco Systems, Inc. AVP Type Assigned Tunnel ID Mandatory:True, Hidden:False, Length:8 Tunnel ID: 15708 AVP Type Receive Window Size Mandatory:True, Hidden:False, Length:8 Receive Window Size: 10000 AVP Type Challenge Mandatory:True, Hidden:False, Length:22 CHAP Challenge: ==========================================================================

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 96

Annex 1 -L2TP procedure

Layer 2 Tunneling Protocol Packet Type: Control Message Tunnel Id=15708 Session Id=0 1... .... .... .... = Type: Control Message (1) .1.. .... .... .... = Length Bit: Length field is present .... 1... .... .... = Sequence Bit: Ns and Nr fields are present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 150, Tunnel ID: 15708, Session ID: 0, Ns: 0, Nr: 1 AVP Type Control Message Mandatory:True, Hidden:False, Length:8 Control Message Type: (2) Start_Control_Reply AVP Type Protocol Version Mandatory:True, Hidden:False, Length:8 Version: 1 Revision: 0 AVP Type Framing Capabilities Mandatory:True, Hidden:False, Length:10 ASYNC FRAMING: False SYNC FRAMING: False AVP Type Bearer Capabilities Mandatory:True, Hidden:False, Length:10 Analog Access: False Digital Access: False AVP Type Firmware Revision Mandatory:False, Hidden:False, Length:8 Firmware Revision: 4384 0x1120 AVP Type Host Name Mandatory:True, Hidden:False, Length:9 Host Name: hgw AVP Type Vendor Name Mandatory:False, Hidden:False, Length:25 Vendor Name: Cisco Systems, Inc. AVP Type Assigned Tunnel ID Mandatory:True, Hidden:False, Length:8 Tunnel ID: 11868 AVP Type Receive Window Size Mandatory:True, Hidden:False, Length:8 Receive Window Size: 3000 AVP Type Challenge Mandatory:True, Hidden:False, Length:22 CHAP Challenge: AVP Type Challenge Response Mandatory:True, Hidden:False, Length:22 CHAP Challenge Response: ==========================================================================

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 97

Annex 1 -L2TP procedure

Layer 2 Tunneling Protocol Packet Type: Control Message Tunnel Id=11868 Session Id=0 1... .... .... .... = Type: Control Message (1) .1.. .... .... .... = Length Bit: Length field is present .... 1... .... .... = Sequence Bit: Ns and Nr fields are present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 42, Tunnel ID: 11868, Session ID: 0, Ns: 1, Nr: 1 AVP Type Control Message Mandatory:True, Hidden:False, Length:8 Control Message Type: (3) Start_Control_Connected AVP Type Challenge Response Mandatory:True, Hidden:False, Length:22 CHAP Challenge Response: ========================================================================== Layer 2 Tunneling Protocol Packet Type: Control Message Tunnel Id=11868 Session Id=0 1... .... .... .... = Type: Control Message (1) .1.. .... .... .... = Length Bit: Length field is present .... 1... .... .... = Sequence Bit: Ns and Nr fields are present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 70, Tunnel ID: 11868, Session ID: 0, Ns: 2, Nr: 1 AVP Type Control Message Mandatory:True, Hidden:False, Length:8 Control Message Type: (10) Incoming_Call_Request AVP Type Assigned Session Mandatory:True, Hidden:False, Length:8 Assigned Session: 15 AVP Type Call Serial Number Mandatory:True, Hidden:False, Length:10 Call Serial Number: 4022 AVP Type Bearer Type Mandatory:True, Hidden:False, Length:10 Bearer Type: AVP Type Unknown Mandatory:False, Hidden:False, Length:22 ========================================================================== Layer 2 Tunneling Protocol Packet Type: Control Message Tunnel Id=15708 Session Id=0 1... .... .... .... = Type: Control Message (1) .1.. .... .... .... = Length Bit: Length field is present .... 1... .... .... = Sequence Bit: Ns and Nr fields are present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 12, Tunnel ID: 15708, Session ID: 0, Ns: 1, Nr: 2 Zero Length8AS 90200 1317 VA ZZA Ed.02 Bit message Alcatel University 98

Annex 1 -L2TP procedure

========================================================================== Layer 2 Tunneling Protocol Packet Type: Control Message Tunnel Id=15708 Session Id=15 1... .... .... .... = Type: Control Message (1) .1.. .... .... .... = Length Bit: Length field is present .... 1... .... .... = Sequence Bit: Ns and Nr fields are present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 28, Tunnel ID: 15708, Session ID: 15, Ns: 1, Nr: 3 AVP Type Control Message Mandatory:True, Hidden:False, Length:8 Control Message Type: (11) Incoming_Call_Reply AVP Type Assigned Session Mandatory:True, Hidden:False, Length:8 Assigned Session: 29 ========================================================================== Layer 2 Tunneling Protocol Packet Type: Control Message Tunnel Id=11868 Session Id=29 1... .... .... .... = Type: Control Message (1) .1.. .... .... .... = Length Bit: Length field is present .... 1... .... .... = Sequence Bit: Ns and Nr fields are present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 110, Tunnel ID: 11868, Session ID: 29, Ns: 3, Nr: 2 AVP Type Control Message Mandatory:True, Hidden:False, Length:8 Control Message Type: (12) Incoming_Call_Connected AVP Type Connect Speed Mandatory:True, Hidden:False, Length:10 Connect Speed: AVP Type Framing Type Mandatory:True, Hidden:False, Length:10 Framing Type: AVP Type Last Send LCP CONFREQ Mandatory:False, Hidden:False, Length:16 Last Sent LCP Conf REQ: AVP Type Last Received LCP CONFREQ Mandatory:False, Hidden:False, Length:16 Last Received LCP Conf REQ: AVP Type Proxy Authen ID Mandatory:False, Hidden:False, Length:8 Paorx Authen ID: AVP Type Proxy Authen Name Mandatory:False, Hidden:False, Length:13 Proxy Authen Name: AVP Type Proxy Authen Response Mandatory:False, Hidden:False, Length:9 Proxy Authen Response: AVP Type Proxy Authen Type Mandatory:False, Hidden:False, Length:8 Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 Proxy Authen Type: PPP PAP 99

Annex 1 -L2TP procedure

========================================================================== Layer 2 Tunneling Protocol Packet Type: Control Message Tunnel Id=15708 Session Id=0 1... .... .... .... = Type: Control Message (1) .1.. .... .... .... = Length Bit: Length field is present .... 1... .... .... = Sequence Bit: Ns and Nr fields are present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 12, Tunnel ID: 15708, Session ID: 0, Ns: 2, Nr: 4 Zero Length Bit message ========================================================================== Radius Protocol Code: Access Request (1) Packet identifier: 0x16 (22) Length: 77 Authenticator Attribute value pairs t:NAS IP Address(4) l:6, Value:10.20.1.103 t:NAS Port(5) l:6, Value:6 t:NAS Port Type(61) l:6, Value:Virtual t:User Name(1) l:9, Value:"ms1@ppp" t:User Password(2) l:18, Value:"B\026}\144Geu\127i" t:Service Type(6) l:6, Value:Framed t:Framed Protocol(7) l:6, Value:PPP ========================================================================== Radius Protocol Code: Access Accept (2) Packet identifier: 0x16 (22) Length: 86 Authenticator Attribute value pairs t:Service Type(6) l:6, Value:Framed t:Framed IP Address(8) l:6, Value:10.0.0.15 t:Class(25) l:54, Value:"SBR-CL DN="MS1@PPP" AT="0" IP="10.0.0.15" SI="2429"\000" ========================================================================== Layer 2 Tunneling Protocol Packet Type: Data Message Tunnel Id=15708 Session Id=15 0... .... .... .... = Type: Data Message (0) .1.. .... .... .... = Length Bit: Length field is present .... 0... .... .... = Seq Bit: Ns and Nr fields are not present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 17, Tunnel ID: 15708, Session ID: 15 (Point-to-Point Protocol) Address: ff, Control: 03 Protocol: Password Authentication Protocol (0xc023) Data (5 bytes) 0 0201 0005 00 ..... ========================================================================== Alcatel University - 8AS 90200 1317 VA ZZA Ed.02
100

Annex 1 -L2TP procedure

Layer 2 Tunneling Protocol Packet Type: Data Message Tunnel Id=11868 Session Id=29 0... .... .... .... = Type: Data Message (0) .1.. .... .... .... = Length Bit: Length field is present .... 0... .... .... = Seq. Bit: Ns and Nr fields are not present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 22, Tunnel ID: 11868, Session ID: 29 (Point-to-Point Protocol) Address: ff, Control: 03 Protocol: IP Control Protocol (0x8021) Code: Configuration Request (0x01) Identifier: 0x00, Length: 10 Options: (6 bytes) IP address: 0.0.0.0 ========================================================================== Layer 2 Tunneling Protocol Packet Type: Data Message Tunnel Id=15708 Session Id=15 0... .... .... .... = Type: Data Message (0) .1.. .... .... .... = Length Bit: Length field is present .... 0... .... .... = Seq. Bit: Ns and Nr fields are not present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 22, Tunnel ID: 15708, Session ID: 15 (Point-to-Point Protocol) Address: ff, Control: 03 Protocol: IP Control Protocol (0x8021) Code: Configuration Nak (0x03) Identifier: 0x00, Length: 10 Options: (6 bytes) IP address: 10.0.0.15 ========================================================================== Layer 2 Tunneling Protocol Packet Type: Data Message Tunnel Id=11868 Session Id=29 0... .... .... .... = Type: Data Message (0) .1.. .... .... .... = Length Bit: Length field is present .... 0... .... .... = Sequence Bit: Ns and Nr fields are not present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 22, Tunnel ID: 11868, Session ID: 29 (Point-to-Point Protocol) Address: ff, Control: 03 Protocol: IP Control Protocol (0x8021) Code: Configuration Request (0x01) Identifier: 0x00, Length: 10 Options: (6 bytes) IP address: 10.0.0.15 ==========================================================================
Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 101

Annex 1 -L2TP procedure

Layer 2 Tunneling Protocol Packet Type: Data Message Tunnel Id=15708 Session Id=15 0... .... .... .... = Type: Data Message (0) .1.. .... .... .... = Length Bit: Length field is present .... 0... .... .... = Seq. Bit: Ns and Nr fields are not present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 22, Tunnel ID: 15708, Session ID: 15 (Point-to-Point Protocol) Address: ff, Control: 03 Protocol: IP Control Protocol (0x8021) Code: Configuration Ack (0x02) Identifier: 0x00, Length: 10 Options: (6 bytes) IP address: 10.0.0.15

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 102

Annex 1 -L2TP procedure

GGSN Tunnel ID: Ns: , Nr: Session ID Message:

LNS

Tunnel ID: Ns: , Nr:

Session ID Message:

Tunnel ID: Ns: , Nr:

Session ID Message:

Tunnel ID: Ns: , Nr:

Session ID Message:

RADIUS Server

Tunnel ID: Ns: , Nr: Tunnel ID: Ns: , Nr:

Session ID Message: Session ID Message:

Tunnel ID: Ns: , Nr:

Session ID Message:

Tunnel ID: Ns: , Nr:

Session ID Message:

Tunnel ID: Ns: , Nr:

Session ID Message:

Tunnel ID: Ns: , Nr:

Session ID Message:

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 103

Page intentionally left blank

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 104

PC-NT: nslookup

SYNOPSIS nslookup [-option ...] [computer-to-find | - [server]] DESCRIPTION This diagnostic tool displays information from Domain Name System (DNS) name servers. Before using this tool, you should be familiar with how DNS works. Nslookup is available only if the TCP/IP protocol has been installed.

MODES Nslookup has two modes: interactive and non-interactive. If you only need to look up a single piece of data, use non-interactive mode. For the first argument, type the name or IP address of the computer to be looked up. For the second argument, type the name or IP address of a DNS name server. If you omit the second argument, the default DNS name server will be used. If you need to look up more than one piece of data, you can use interactive mode. Type a hyphen (-) for the first argument and the name or IP address of a DNS name server for the second argument. Or, omit both arguments (the default DNS name server will be used).

ls [option] dnsdomain [> file_name] | [>> file name] Lists information for a DNS domain. The default output contains computer names and their IP addresses. (When output is directed to a file, hash marks are printed for every 50 records received from the server.) ls [option] dnsdomain [> filename] | [>> filename] -t querytype Lists all records of the specified type. (For a description of querytype, see the set querytype topic.) -a Lists aliases of computers in the DNS domain. (It is a synonym for -t CNAME.) -d Lists all records for the DNS domain. (It is a synonym for -t ANY.) -h Lists CPU and operating system information for the DNS domain. (It is a synonym for -t HINFO.) -s Lists well-known services of computers in the DNS domain. (It is a synonym for -t WKS.) dnsdomain: DNS domain for which you want information. filename : Specifies a filename in which to save the output. (You can use the > and >> characters to redirect the output in the 8AS manner.) Alcatel University -usual 90200 1317 VA ZZA Ed.02 105

q q

-option ... Specifies one or more nslookup commands as a command-line option. For a list of commands, see Nslookup Commands. Each option consists of a hyphen (-) followed immediately by the command name and, in some cases, an equal sign (=) and then a value. For example, to change the default query type to host (computer) information and the initial timeout to 10 seconds, you would type: nslookup -querytype=hinfo -timeout=10 The command line length must be less than 256 characters. PARAMETERS help Displays a brief summary of nslookup commands. The ? is a synonym for the help command. help | ? computer-to-find Look up information for computer-to-find using the current default server or using server if specified. If computerto-find is an IP address and the query type is A or PTR, the name of the computer is returned. If computer-to-find is a name and does not have a trailing period, the default DNS domain name is appended to the name. (This behavior depends on the state of the set options: domains, srchlist, defname, and search.) To look up a computer not in the current DNS domain, append a period to the name. If you type a hyphen (-) instead of computer-to-find, the command prompt changes to nslookup interactive mode. server Use this server as the DNS name server. If you omit server, the default DNS name server is used.

PC-NT: nslookup

lserver dnsdomain Changes the default server to the specified DNS domain. Lserver uses the initial server to look up the information about the specified DNS domain. (This is in contrast to the server command, which uses the current default server.) Dnsdomain New DNS domain for the default server. Server dnsdomain Changes the default server to the specified DNS domain. Server uses the current default server to look up the information about the specified DNS domain. (This is in contrast to the lserver command, which uses the initial server.) dnsdomain New DNS domain for the default server. root Changes the default server to the server for the root of the DNS domain name space. Currently, the computer ns.nic.ddn.mil is used. (This command is a synonym for lserver ns.nic.ddn.mil.) The name of the root server can be changed with the set root command. set all Prints the current values of the configuration settings. Also prints information about the default server and computer (host). set [no]deb[ug] Turn debugging mode on or off. With debugging on, more information is printed about the packet sent to the server and the resulting answer. Default = nodebug. set [no]d2 Turn exhaustive debugging mode on or off. Essentially all fields of every packet are printed Default = nod2. set [no]def[name] If set, append the default DNS domain name to a single-component lookup request. (A single component is a component that contains no periods.) Default = defname. set do[main] =name Change the default DNS domain to the name specified. The default DNS domain name is appended to a lookup request depending on the state of the defname and search options. The DNS domain search list contains the parents of the default DNS domain if it has at least two components in its name. For example, if the default DNS domain is mfg.widgets.com, the search list is mfg.widgets.com and widgets.com. Use the set srchlist command to specify a different list. Use the set all command to display the list. Default = value from hostname. Name : New name for the default DNS domain. set q[uerytype] =value Changes the type of information query. More information about types can be found in Request For Comment (RFC) 1035. (The set type command is a synonym for set querytype.) Default = A. value A : computers IP address. ANY : All types of data. CNAME : Canonical name for an alias. GID : Group identifier of a group name. HINFO : Computers CPU and operating system type. MB : Mailbox domain name. MG : Mail group member. MINFO : Mailbox or mail list information. MR : Mail rename domain name. MX : Mail exchanger. Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 NS : DNS name server for the named zone. 106

PC-NT: nslookup

PTR : Computer name if the query is an IP address, otherwise the pointer to other information. SOA : DNS domains start-of-authority record TXT : :Text information. UID : User ID. UINFO : User information. WKS : Well-known service description. set [no]rec[urse] If set, tells the DNS name server to query other servers if it does not have the information. Default = recurse. set ret[ry] =number Sets the number of retries. When a reply to a request is not received within a certain amount of time (changed with set timeout), the timeout period is doubled and the request is resent. The retry value controls how many times a request is resent before giving up. Default = 4. Number : New value for the number of retries. set ro[ot]=computer Changes the name of the root server. This affects the root command. Default = ns.nic.ddn.mil. Computer : New name for the root server. set [no]sea[rch] If set and the lookup request contains at least one period but does not end with a trailing period, append the DNS domain names in the DNS domain search list to the request until an answer is received. set [no]sea[rch] Default = search. Set srchl[ist] name1/name2/... Changes the default DNS domain name and search list. A maximum of 6 names separated by slashes (/) can be specified. This command overrides the default DNS domain name and search list of the set domain command. Use the set all command to display the list. Default = value based on hostname. name1/name2/...: New names for the default DNS domain and search list. For example : set srchlist=mfg.widgets.com/mrp2.widgets.com/widgets.com : sets the DNS domain to mfg.widgets.com and the search list to the three names. set ti[meout]=number Changes the initial number of seconds to wait for a reply to a request. When a reply to a request is not received within this time period, the timeout is doubled and the request is resent. (The number of retries is controlled with the set retry option.) Default = 5. Number : New value for the number of seconds to wait for a reply. view filename Sorts and lists the output of previous ls command(s). filename : Name of the file containing output from the previous ls command(s). exit Exits nslookup.

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 107

PC-NT: nslookup

Nslookup Notes Interactive Commands 1 2 3 4 5 Diagnostics If the lookup request fails, an error message prints. Possible errors are: Timed out The server did not respond to a request after a certain amount of time (changed with set timeout=value) and a certain number of retries (changed with set retry=value). No response from server No DNS name server is running on the server computer. No records The DNS name server does not have resource records of the current query type for the computer, although the computer name is valid. The query type is specified with the set querytype command. Non-existent domain The computer or DNS domain name does not exist. Connection refused or Network is unreachable The connection to the DNS name server or finger server could not be made. This error commonly occurs with ls and finger requests. Server failure The DNS name server found an internal inconsistency in its database and could not return a valid answer. Refused The DNS name server refused to service the request. Format error The DNS name server found that the request packet was not in the proper format. It may indicate an error in nslookup. To interrupt interactive commands at any time, type CTRL+C. To exit, type exit. The command line length must be less than 256 characters. To treat a built-in command as a computer name, precede it with the escape character (\). An unrecognized command is interpreted as a computer name.

Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 108