GTP is a stateful protocol. Consequently, some message types can only be sent in specific states. For example, PDP context update messages are not allowed for PDP contexts that do not exist or have been closed.
AA performs stateful GTP protocol validation and allows only packets that are allowed for any state or a specific deployment.
Table: Invalid message types in GTP FW roaming deployments lists the message types that are invalid in GTP FW roaming deployments. When AA FW GTP-C inspection is enabled, the packets with the message types listed in Table: Invalid message types in GTP FW roaming deployments are dropped and the associated event logs include a ‟wrong interface” indication.
GTP version | GTP-U port | GTP-C port |
---|---|---|
GTPv1 |
no invalid message types |
GTPU PDU GTPV1_END_MARKER GTPV1_MSG_ERR_IND GTPV1-ALL-MBMS message-types GTPV1-ALL-Location management message-types |
GTPv2 |
not applicable |
GTP_PKT_ERROR_INDICATION GTP_PKT_DNLK_DATA_FAIL_INDICATION GTP_PKT_STOP_PAGING_INDICATION GTP_PKT_CRE_INDR_TNL_REQ GTP_PKT_CRE_INDR_TNL_RSP GTP_PKT_DEL_INDR_TNL_REQ GTP_PKT_DEL_INDR_TNL_RSP GTP_PKT_RELEASE_BEARERS_REQ GTP_PKT_RELEASE_BEARERS_RSP GTP_PKT_DNLK_DATA GTP_PKT_DNLK_DATA_ACK GTP_PKT_MOD_ACCESS_BEARERS_REQ GTP_PKT_MOD_ACCESS_BEARERS_RSP GTP_PKT_REMOTE_UE_RPRT_NOTF GTP_PKT_REMOTE_UE_RPRT_ACK |
AA does not perform GTP-C inspection by default. To enable GTP-C inspection, use the following command:
*A:Dut-C>config>app-assure>group>
+---gtpc-inspection