The document provides an overview of PGW/GGSN configuration on a Juniper router, including configuring routing instances, APNs, CDRs, QoS, and other optional configurations like SACC, PISC, and credit control. It describes configuring connectivity and routing, GTP properties, L2TP, DHCP, RADIUS, PDP context properties, and quality of service. The document also lists additional resources for further study of 3GPP specifications and vendor documentation.

1. PGW/GGSN
PART - 02
Mustafa Golam

2. Table of Contents
Optional Configurations
Route/VRF
APN
CDR
SACC/PISC

3. EPG/PGW Configuration Overview
Connectivity and Routing
 Forwarding Table Filters
 GTP Properties
 L2TP
 DHCP
 RADIUS
PDP Context Properties
EPS Bearer Properties
Quality of Service
Resilience
Optional Configuration
SACC
PISC
Credit Control
 Policy and Charging Control
 Aware Policy-Based Routing
 Static Access Control
Operation and Maintenance
Traffic Redirection
Shared IP Pool

4. MS BTS BSC
RNCNODE-BMS
SGSN GGSN
SGSN GGSN
MSC
SCP/Camel
HLR OSS
Corporate
LAN
Gs
SMS
Um Abis Gb
Ge
Gn
GomGr
Gn
Gn
Gn
Gn
Um Iub Iu
Gi
Gi
Gd
GSM
WCDMA ISP
PCRF
PS Core Network Architecture

5. Connectivity and Routing
EPG can be designed to use traffic separation purpose. Traffic separation
can be achieved by using one of the following solutions or both:
A single routing instance with firewall filters (the master routing instance)
Multiple routing instances (virtual routing instances)

6. Connectivity and Routing:
Configuring Multiple Routing Instances
Main Virtual Instances :
Traffic separation by main networks/interfaces.
Routing Instance Name Objective
Gi-vrf To separate network for Gi interface
Gn-vrf To separate network for Gn interface
Gom-vrf To separate network for O&M interface
Gy_Gx-vrf To separate network for Gy/Gx interface
IUPS-vrf To separate network for 3GDT interface

7. Connectivity and Routing:
Configuring Multiple Routing Instances
Main Virtual Instances : Traffic separation by main networks/interfaces
Gi-vrf {
instance-type vrf;
interface ge-2/0/1.151;
interface ge-3/0/1.251;
route-distinguisher 1:1;
vrf-import reject-all;
vrf-export reject-all;
protocols {
ospf {
export static;
area 0.0.0.7 {
interface ge-2/0/1.151;
interface ge-3/0/1.251
{
metric 10;
}
}
}
}
Gn-vrf {
instance-type vrf;
interface ge-2/0/0.150;
interface ge-3/0/0.250;
route-distinguisher 1:2;
vrf-import reject-all;
vrf-export reject-all;
protocols {
ospf {
export static;
area 0.0.0.6 {
interface ge-2/0/0.150;
interface ge-3/0/0.250;
}
}
}
}

8. Connectivity and Routing:
Configuring Multiple Routing Instances
Main Virtual Instances : Traffic separation by main networks/interfaces
Gom-vrf {
instance-type vrf;
interface ge-2/0/0.155;
interface ge-3/0/0.255;
route-distinguisher 1:3;
vrf-import reject-all;
vrf-export reject-all;
protocols {
ospf {
rib-group ggsn-om-sec;
export [ static direct ];
area 0.0.0.1 {
interface ge-2/0/0.155;
interface ge-3/0/0.255;
}
}
}
Gy-GOM {
instance-type virtual-router;
interface ge-2/0/0.205;
interface ge-3/0/0.206;
routing-options {
static {
route 10.77.98.0/28 next-table inet.0;
}
}
protocols {
ospf {
rib-group Gy_GOM_to_inet0;
export static;
area 0.0.0.6 {
interface ge-2/0/0.205;
interface ge-3/0/0.206;
}

9. Connectivity and Routing:
Configuring Multiple Routing Instances
Main Virtual Instances : Traffic separation by main networks/interfaces
IUPS_VRF {
instance-type virtual-router;
interface ge-2/0/0.310;
interface ge-3/0/0.311;
routing-options {
static {
route 41.77.16.24/29 next-table Gn-vrf.inet.0;
route 41.77.16.16/29 next-table Gn-vrf.inet.0;
}
}
protocols {
ospf {
rib-group IUPS_VRF_to_Gn-vrf;
export from_static;
area 0.0.0.8 {
interface ge-2/0/0.310 {
metric 1;
}
interface ge-3/0/0.311 {
metric 1;

10. GTP Properties
[edit services epg pgw gtp]
keepalive-interval 200; Seconds between sending keepalive messages on idle path
t3-response-time 5; Seconds between control message retries
n3-requests 3; Total number of transmissions allowed for a control message
gn-s5-routing-instance Gn-vrf; Routing instance for GTP traffic
version-list 99; GTP version name
GTP-C tunnels the relevant session and mobility management
messages between the EPG and the SGSN and the MME. It is
responsible for establishment and administration of the GTP - User
plane (GTP-U) tunnels used for transporting the uplink and downlink
encapsulated Transfer (T-PDUs) containing the payload.

11. L2TP Configuration
In order to setup the GGSN and PDN Gateway (PGW) for L2TP, a P-GGSN2
or PB-GGSN3 Services Physical Interface Card (PIC) must be configured to
run L2TP software applications .
[edit services epg pgw apn apn-name]
l2tp {
l2tp-routing-instance routing-instance-name;
hide-avps;
lac-address-range lac-address-range;
lns {
all-primary;
max-retries attempts;
(blacklisting-timeout minutes |
blacklisting-forever);
server address {
(use-default-port | port number);
max-ppp-sessions number;
}
}
message-attributes {
calling-number;
called-number;
}
ppp {
authentication {
message-attributes {
override-user-info;
}
protocol
(none | pap | chap);
user-name {
as-string string;
predefined
(imsi | msisdn | imsi-at-apn | msisdn-at-apn);
}
user-password password;
}
proxy-lcp-timeout milliseconds;
retry-timeout seconds;
max-retry attempts;
mru bytes;
}

12. DHCP Configuration
When the EPG is configured to allocate IPv4 addresses from a configured DHCP
server, it requests IP addresses for each context from DHCP server and dynamically
allocate. But only IPv4 can be assigned by DHCP sever.
[edit services epg pgw apn]
apn01-inband-dhcp {
routing-instance Gi-vrf;
gi-address-range 20.255.20.0/27;
pdp-context {
creation unblocked;
address {
21.12.0.0/15;
}
address-allocation dhcp-client; [declaring
DHCP enabled enabled address allocation]
}
dhcp {
server {
10.0.0.1 {
retry 5;
timeout 4;
}
}
server {
10.0.0.2 {
retry 6;
timeout 4;

13. RADIUS Configuration
RADIUS AAA servers are configured per APN. If the RADIUS server is located in
the external Internet Protocol (IP) network defined for an APN, then it is called an
inband RADIUS server. If the RADIUS server is located outside the external IP
network defined for an APN, then it is called a shared RADIUS server, because a
shared RADIUS server can be associated with several APNs. A shared server can be
used for both accounting and authentication in several APNs.
radius {
accounting {
message-attributes {
apn-identifier;
charging-gateway;
charging-characteristics;
ggsn-address;
gprs-qos;
gprs-qos-extended;
imsi;
user-location-info;
user-plmn-id;
msisdn;
pdp-type;
sgsn-plmn-id;
ggsn-plmn-id;
charging-identifier;
acct-input-octets;
acct-output-octets;
acct-output-packets;
acct-input-packets;
}
shared-server
Outband_RADIUS_Server;
message-for-every-context;
}
}

14. PDP Context Properties Configuration
[edit services epg pgw pdp-context]
limit 300000;
payload-limit 98000;
policing {
maximum-bandwidth-uplink 11000;
maximum-bandwidth-downlink 84000;
}
Signaling {
sgsn-creates-per-second 1000
ggsn-deletes-per-second 1000
}
session-control {
idle-timeout default timeout 10 [*in minutes]
}
PDP context and EPS bearer properties are configured in Global level. These properties
is applied to all APNs. Some of the properties can be configured in APN level.

15. Quality of Service Configuration
The EPG controls the priority for handling different types of GPRS and EPS traffic
by using QoS classes. Under most circumstances, the default mapping works
properly. Modify the mappings only if there is contention for bandwidth among the
various traffic classes or to disable uplink DSCP remapping.
QoS Mappings
Uplink QoS Mappings
Downlink QoS Mappings
DSCP Names
Policing of PDP Context or EPS Bearer Bandwidth
Policing for the GGSN or PGW
Policing for an APN
Service Aware Bandwidth Management
Throughput Limitation Profile for SACC

16. Quality of Service Configuration:
QoS Mappings DL traffic are IP bearer packets arriving at GGSN on Gi interface
[edit services epg pgw apn apn-name]
uplink-dscp-remapping {
background {
low-drop-precedence dscp-name;
medium-drop-precedence dscp-name;
high-drop-precedence dscp-name;
}
conversational-1 {
low-drop-precedence dscp-name;
medium-drop-precedence dscp-name;
high-drop-precedence dscp-name;
}
interactive-1 {
low-drop-precedence dscp-name;
medium-drop-precedence dscp-name;
high-drop-precedence dscp-name;
}
streaming-1 {
low-drop-precedence dscp-name;
medium-drop-precedence dscp-name;
high-drop-precedence dscp-name;
}
[edit services epg pgw apn apn-name]
uplink-dscp-remapping {
background {
low-drop-precedence dscp-name;
medium-drop-precedence dscp-name;
high-drop-precedence dscp-name;
}
conversational-1 {
low-drop-precedence dscp-name;
medium-drop-precedence dscp-name;
high-drop-precedence dscp-name;
}
interactive-1 {
low-drop-precedence dscp-name;
medium-drop-precedence dscp-name;
high-drop-precedence dscp-name;
}
streaming-1 {
low-drop-precedence dscp-name;
medium-drop-precedence dscp-name;
high-drop-precedence dscp-name;
}

17. Quality of Service Configuration:
Policing of PDP Context By configuring the maximum BW for DL and UL traffic,
and thus enforcing boundaries, correct QoS negotiations can be ensured.
[edit services epg pgw apn apn-name pdp-context]
policing {
maximum-bandwidth-downlink value;
maximum-bandwidth-uplink value;
no-policing;
}
[edit services epg pgw rule-space name bandwidth-control] throughput-limitation
profile-name
{ access-control-rule 111 112 113]; }
[edit services epg pgw rule-space name bandwidth-control throughput-limitation
profile-name]
uplink-limitation 64;
downlink-limitation 128;
To configure a throughput limitation profile for SACC.

18. Configuring QoS Class for GTP-C Traffic
By configuring GTP-C QoS class, higher efficiency and reliability of signaling
packets can be ensured.
[edit services epg pgw gtp]
diffserv dscp-name;
By default, af31 is used, which is assured forwarding class 3, low drop precedence,
for all GTP-C traffic.
[edit services epg pgw gtp]
diffserv AF31;
[edit services epg pgw gtp]
allocation-retention-priority
{ high-priority value; medium-priority value; }

19. Further Study
3GPP Documentation
www.juniper.net
kb.juniper.net/
YouTube
www.ericsson.com
www.huawei.com
Google

20. When you’re confused
Q??