GTP S11 termination can be enabled on interfaces in the base router and VPRNs. The configuration is linked to an APN policy that lists all supported APNs and the authentication mechanism (for example, LUDB or RADIUS) to be used per APN. The configured APN string should match the value signaled in GTP; however, fallback configuration is supported for any unknown APNs.
*A:FWGW>config>subscr-mgmt>gtp# info
----------------------------------------------
apn-policy apn_demo create
apn demo.mnc001.mcc001.gprs create
radius-auth-policy "gtp_auth"
exit
exit
----------------------------------------------
*A:FWGW>config>service>vprn# info
----------------------------------------------
gtp
s11
interface gtp_endpoint create
apn-policy "apn_demo"
exit
exit
exit
interface "gtp_endpoint" create
description "Tunnel endpoint IP"
address 192.0.2.10/32
loopback
exit
----------------------------------------------
A GTP peer profile defines specific signaling parameters such as TTL values, keepalive timers, retransmit timers, and default values for information elements. By default, an automatically-created profile with the name ‟default_s11” is used. A more specific profile can be configured and mapped to a peer by a per-VRT mapping of IP address or prefix to that profile. To map all peers within the same VRF to the same profile, it is possible to use prefix 0.0.0.0/0.
*A:FWGW>config>subscr-mgmt>gtp# info
----------------------------------------------
peer-profile "s11_peers" create
interface-type s11
keep-alive interval 180 retry-count 10 timeout 20
message-retransmit timeout 3 retry-count 1
mme
qos
ambr down-link 50000 up-link 10000
exit
exit
exit
----------------------------------------------
*A:FWGW>config>service>vprn>gtp>s11# info
----------------------------------------------
peer-profile-map
address 0.0.0.0/0 peer-profile s11_peers
exit
----------------------------------------------
When an S11 session is set up, the accompanying S1-U bearer is terminated in the same VRF, but it is directly linked to a group interface in either the same or a different VRF. A default group interface can be configured per APN, which can be overridden during S11 session authentication. The group interfaces are of type gtp and require an FPE construct to operate. The traffic takes two passes through the forwarding plane. For upstream data, in the first pass, the GTP-U header is stripped; in the second pass, it is inserted into the group interface for regular ESM processing, based on existing IPoE functionality. For downstream data, in the first pass, regular ESM processing is performed and traffic egresses over the group interface; in the second pass, GTP-U encapsulation occurs.
Active GTP sessions support the S1 Release, UE triggered service request, and network-triggered service request procedures as defined in TS 23.401 to support connection idling and paging.
Both IPv4 and IPv6 are supported for GTP termination. GTP is enabled for the primary IPv4 and IPv6 addresses configured on the S11 interface. If both IPv4 and IPv6 address are configured, GTP supports dual-stack operations as follows:
For GTP-C, a stack is chosen based on the stack of the incoming GTP-C message. Any subsequent GTP-C transactions initiated by the FWA gateway uses this stack. Subsequent GTP-C transactions initiated by the MME may change the IP stack.
For GTP-U, a downstream peer is selected based on the information in the S1 eNodeB F-TEID IE. If that peer also contains two addresses, IPv6 is preferred. Upstream traffic can be received on both the IPv4 and IPv6 address simultaneously.