Gx Diameter Support for ISG sessions

This chapter describes the Gx Diameter Support for Intelligent Services Gateway (ISG) sessions. This feature supports the Gx Diameter interface and the Diameter 3GPP Application Gx interface. The component that initiates the Gx communication is through the Intelligent Services Gateway (ISG). Diameter provides a base protocol that can be extended in order to provide authentication, authorization, and accounting (AAA) services to new access technologies.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Restrictions for Gx Diameter Support for ISG Sessions

  • GX Interface is supported only for IPoE Sessions

  • Dynamic policy construction is restricted only for Dynamic Rate Limiting (DRL) and Differentiated Services Code Point (DSCP).

  • ISG policies with the same name and different definitions are not supported.

  • Gx Diameter in combination with radius is not supported.

  • Subscription-ID Grouped AVP is shared only in credit-control messages.

The following base protocol features are not supported in ISG with Diameter:

  • Communication with diameter peers that act as proxy, relay or a redirection agent

  • Diameter peer discovery

  • SCTP as the transport protocol for Diameter messages

  • Internet Protocol Security (IPSec)

Information About Gx Diameter Support for ISG Sessions

Overview of the Diameter Protocol

Diameter is a peer-to-peer protocol that consists of a base protocol and a set of applications that allows it to extend its services to provide authentication, authorization, and accounting (AAA) services to new access technologies. The base protocol provides basic mechanisms for reliable transport, message delivery, and error handling and the base protocol must be used in conjunction with a Diameter application. Each application relies on the services of the base protocol to support a specific type of network access. Each application is defined by an application identifier and associated with commands. Each command is defined with mandatory Attribute Value Pairs (AVPs) and non-mandatory AVPs including vendor-specific AVPs.

Diameter allows peers to exchange a variety of messages. The Diameter client generates Diameter messages to the Diameter server to perform the AAA actions for the user. This protocol also supports server-initiated messages, such as a request to cancel the service to a particular user.

Gx Diameter Interface in ISG

The Gx Interface is located between the Policy and Charging Enforcement function (PCEF) and the Policy and Charging Rules Function (PCRF). Gx reference point is used to provision, modify and remove rules for policy and charging control from the PCRF to the PCEF. The policies downloaded are installed on the ISG session and any monitoring events installed is detected and notified to PCRF.

ISG Supports the download of policy information from radius server and the same is extended to integrate with GX interface for the PCEF functionality.

The following figure shows the network of the Diameter interface in ISG:
Figure 1. Diameter Interface in ISG
Along with the Diameter base protocol, the following Diameter applications are also supported in ISG:

  • Diameter Credit Control Application (DCCA)

  • Gx interface for Policy Control and Charging

The following table lists Internet Assigned Numbers Authority (IANA)-assigned application IDs for Diameter applications:

Diameter Application

Diameter Application ID

Diameter common message

0x00000000

Diameter policy interface(Gx)

0x01000016 (16777238)

Features supported for ISG with Diameter

These base protocol features are supported in ISG with Diameter:

  • Transmission Control Protocol (TCP) as the transport protocol for Diameter messages

  • Transport Layer Security (TLS) support over TCP for secure communication

  • IPv4 transport stack to the back end Diameter server

Diameter Credit Control Application Application

Diameter Credit-Control Application (DCCA) interface implementation is based on the RFC 4006. The Diameter Gx application handles Gx messages and AVPs specific to Gx and DCCA application to provide support for the PCEF functionality. The DCCA messages supported on the Intelligent Services Gateway(ISG) are:

ISG supports these DCCA messages:

  • Credit Control Request (CCR)

  • Credit Control Answer (CCA)

  • Re-Auth-Request (RAR)

  • Re-Auth-Answer (RAA)

Every single CCR must be responded with a separate CCA.

DCCA Session and Services

Each ISG subscriber session is associated with a Diameter IPCAN-session when Gx is enabled. The device implements the state machine for an IPCAN-session as per RFC-4006.

A Diameter session-id uniquely identifies an IPCAN-session.

ISG Diameter Call Flow

The following figure shows a call flow sequence of Gx Diameter:

Supported AVPs for Gx Diameter on ISG

The following table lists the AVPs supported for Gx Diamter on ISG.

AVP

CCR

CCA

RAR

RAA

Description

ID

Name

Type

8

Framed-IP-Address

OctetString

0-1

0

0

0-1

97

Framed-IPv6-Prefix

OctetString

0-1

0

0

0-1

258

Auth-Application-Id

Unsigned32

1

1

1

0

3GPP Gx (16777238)

263

Session-Id

UTF8String

1

1

1

1

264

Origin-Host

DiameterIdentity

1

1

1

1

268

Result-Code

Unsigned32

0

1

0

0-1

279

Failed-AVP

Grouped

0-1

0-n

0

0-1

281

Error-Message

UTF8String

0

0-1

0

0-1

283

Destination-Realm

DiameterIdentity

1

0

1

0

285

Re-Auth-Request-Type

Enumerated

0

0

1

0

293

Destination-Host

DiameterIdentity

0-1

0

1

0

295

Termination-Cause

enumerated

0-1

0

0

0

296

Origin-Realm

DiameterIdentity

1

1

1

1

297

Experimental-Result

  • Experimental-Result-Code

Grouped

0

0-1

0

0-1

298

Unsigned32

0

n

0

n

415

CC-Request-Number

Unsigned32

1

1

0

0

416

CC-Request-Type

Enumerated

1

1

0

0

443

Subscription-Id

  • Subscription-Id-Type

  • Subscription-Id-Data

Grouped

0-1

0

0

0

450

Enumerated

0-1

0

0

0

END_USER_NAI (3), END_USER_PRIVATE (4)

444

UTF8String

0-1

0

0

0

user-name@domain, NAS-Port-ID

1001

Charging-Rule-Install

  • Charging-Rule-Name

  • Charging-Rule-Definition

    • Precedence

    • Flow-Information

      • Packet-Filter-Identifier

      • Flow-Direction

  • QoS-Information

    • Qos-Class-Identifier

    • - Max-Requested-Bandwidth-DL

    • - Max-Requested-Bandwidth-UL

Grouped

0

0-n

0-n

0

1005

OctetString

0

1

1

0

1003

Grouped

0

0-1

0-1

0

1010

Unsigned32

0

1

1

0

1058

Grouped

0

0-2

0-2

0

1060

OctetString

0

1-n

1-n

0

1080

Enumerated

0

1

1

0

1016

Grouped

0

0-1

0-1

0

1028

Enumerated

0

0-1

0-1

0

515

Unsigned32

0

0-1

0-1

0

516

Unsigned32

0

0-1

0-1

0

1002

Charging-Rule-Remove

  • Charging-Rule-Name

  • Charging-Rule-Base-Name

Grouped

0

0-n

0-n

0

1004

UTF8String

0

1

1

0

1005

OctetString

0

1

1

0

1027

IP-CAN-Type

Enumerated

0-1

0

0

0-1

Non-3GPP-EPS (6) for WiFI & FBA (7) for xDSL, FTTx

1018

Charging-Rule-Report

  • PCC-Rule-Status

  • Rule-Failure-Code

Grouped

0-1

0

0

0-1

1019

Enumerated

0-1

0

0

0-1

1031

Enumerated

0-1

0

0

0-1

1045

Session-Release-Cause

Enumerated

0-1

0

0-1

0

266

Vendor-ID

Unsigned32

0

1

0

1

1066

Monitoring-Key

OctetString

0

1

1

0

431

Granted-Service-Unit

Grouped

0

1

1

0

420

CC-Time

Unsigned32

1

1

1

1

421

CC-Total-Octets

Unsigned64

1

1

1

1

412

CC-Input-Octets

Unsigned64

1

1

1

1

414

CC-Output-Octets

Unsigned64

1

1

1

1

446

Used-Service-Unit

Grouped

1

0

0

1

1067

Usage-Monitoring-Information

Grouped

1

1

1

1

1068

Usage-Monitoring-Level

Enumerated

0

1

1

0

1069

Usage-Monitoring-Report

Enumerated

0

1

1

0

1070

Usage-Monitoring-Support

Enumerated

0

1

1

0

1006

Event-Trigger

Enumerated

1

0

1

0

RADIUS Server Configuration

Following AVPs for Cisco IOS XE Release 16.7.1 are enabled through RADIUS server configuration. Use radius-server command for the configuration.

How to Configure Gx Diameter Support on ISG Sessions

Configuring Diameter peer in ISG

Perform this task to configure the Diameter connection on a ISG router.

The selection of Diameter server is mostly based on the AAA method list configuration.


diameter timer watchdog 300
diameter origin realm cisco.com
diameter origin host 10.0.0.1
diameter source interface gigabitethernet 0/0/0
diameter vendor supported 3gpp
diameter vendor app gx
diameter peer PCRF
    address ipv4 10.0.0.2
    transport tcp port port1
    source interface Ethernet0/0

Configuring AAA for Diameter Peer in ISG

Perform this task to configure AAA for diameter server group. Prior to this task, you must set up the Diameter peer in ISG device. 


aaa group server diameter GX_SG
server name PCRF

aaa authorization policy-if policy_meth group GX_SG
aaa authorization subscriber-service default local

Configuring Diameter Interaction for ISG


Note

The method-list used aaa configuration and diameter interation configuration must be the same. The control policy should trigger gx session in both session-start and session-restart. In case of session-start, it is recommended to configure collect identifier source-ip-address before authorization

Peform the following task to configure Diameter interaction for ISG:


policy-map type control GX_TEST
    class type control always event session-start
        5 collect identifier source-ip-address
        10 authorize aaa list policy_meth identifier nas-port
    class type control always event session-restart
        10 authorize aaa list policy_meth identifier nas-port

Verifying the Gx Diameter Support for ISG Sessions

The following sample output is from the show diameter gx session all command. 


Device#show diameter gx session all

Current Gx Sessions
ClientID     Session State     Subscription Data            IPCAN Sess ID
115425         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115425;1488824608
115430         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115430;1488824608
115432         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115432;1488824608
115434         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115434;1488824608
115436         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115436;1488824608
115442         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115442;1488824608
115444         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115444;1488824608
115447         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115447;1488824608
115449         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115449;1488824608
115451         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115451;1488824608
115453         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115453;1488824608
115455         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115455;1488824608
115457         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115457;1488824608
115459         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115459;1488824608
115461         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115461;1488824608
115463         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115463;1488824608
115465         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115465;1488824608
115467         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115467;1488824608
115469         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115469;1488824608
115471         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115471;1488824608
115473         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115473;1488824608
115475         OPEN                nas-port:0.0.0.0:0/3/3        device1;0;115475;1488824608

The following sample output is from the show diameter gx session id command. 


Device# show diameter gx session id device1;0;4120;1488910407

Current Gx Sessions
ClientID     Session State     Subscription Data            IPCAN Sess ID
4120    OPEN                nas-port:0.0.0.0:255/0/8/10        device1;0;4120;1488910407

The following sample output is from the show diameter gx statistics command. 


Device#show diameter gx statistics

CCR Initial messages                             : 295110
CCR Initial messages sent failed                 : 21567
CCR Initial messages timed out                   : 184526
CCR Initial messages retry                       : 165003

CCR Update messages                              : 117667
CCR Update messag sent Failed                    : 0
CCR Update messages timed Out                    : 20828
CCR Update messages retry                        : 20418

CCR Terminate messages                           : 150241
CCR Terminate messages sent failed               : 149331

CCA Initial messages                             : 159270
CCA Initial messages error                       : 0
CCA Initial messages protocol error              : 0
CCA Update messages                              : 109513
CCA Update messages error                        : 2
CCA Update messages protocol error               : 0
CCA Terminate messages                           : 67679
CCA Terminate messages error                     : 0
CCA Terminate messages protocol error            : 0

RAR received messages                            : 0
RAR received messages error                      : 0
RAA sent messages                                : 0
RAA sent messages Error                          : 0

DIAMETER End User Service Denied                 : 0
DIAMETER Credit Control Not Applicable           : 0
DIAMETER Credit Limit Reached                    : 0
DIAMETER Unknown Session Id                      : 0
DIAMETER Authorization Rejected                  : 0
DIAMETER Invalid AVP Value                       : 0
DIAMETER User Unknown                            : 0

Number of sessions currently up                  : 9308
Number of sessions closed                        : 141268
Highest number of sessions ever up at one time   : 159270
Number of sessions failed to come up             : 157407
Number of Unknown request messages               : 0

Examples: Configuring Gx Diameter Support for ISG Sessions

The following example shows the AVP representation of pre-defined policy.


Policy-Install
Charging-Rule-Install
    Charging-Rule-Name = TC_SERVICE1
    Charging-Rule-Name = ISG_L4R_SRV
 
Policy-Remove
Charging-Rule-Remove
    Charging-Rule-Name = TC_SERVICE2
    Charging-Rule-Name = TC_SERVICE1
 
Install and Remove
Charging-Rule-Insall
   Charging-Rule-Name = TC_SERVICE2
Charging-Rule-Remove
   Charging-Rule-Name = ISG_L4R_SRV

The following example shows the ISG-TC service representation of pre-defined policy.


policy-map type service TC_SERVICE1
    class type traffic VLAN_EFv4
        accounting aaa list EF_acct
        police input 300000
        police output 300000
    !
policy-map type service TC_SERVICE2
    class type traffic VLAN_EF
        accounting aaa list EF_acct
        police input 300000
        police output 300000
  !
Policy-map type service ISG_L4R_SRV
    Class type traffic class1
        Redirect to ip 10.10.10.10

The following example shows the AVP representation of static and dynamic policy.



Charging-Rule-Install
    Charging-Rule-Name = TC_SERVICE1
    
   Charging-Rule-Definition
      Charging-Rule-Name = TC_SERVICE2
      Flow-Information
         Flow-Direction = UPLINK
        Packet-Filter-Identifier = CS1_V6
      Qos-Information
         Max-Requested-Bandwidth-UL = 50000

The following example shows ISG-TC service for static and dynamic policy.


policy-map type service TC_SERVICE1
    class type traffic VLAN_EFv4
        police input 300000
        police output 300000
!
policy-map type service TC_SERVICE2
   class type traffic VLAN_CS1_V6
      police input 50000
!
class-type traffic match-any VLAN_CS1_V6
   match access-group input name CS1_V6
!
ipv6 access-list CS1_V6
  permit ipv6 any any dscp cs1

Additional References

Related Documents

Related Topic

Document Title

ISG commands

Cisco IOS Intelligent Services Gateway Command Reference

Technical Assistance

Description

Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/techsupport

Finding Feature Information for Gx Diameter Support for ISG Sessions

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for Gx Diameter Support for ISG Sessions

Feature Name

Releases

Feature Configuration Information

Gx Diameter Support for ISG Sessions

Cisco IOS XE Everest 16.5.1b

Diameter provides a base protocol that can be extended in order to provide authentication, authorization, and accounting (AAA) services to new access technologies. This chapter provides information about Diameter protocol and its support in ISG.

The following command was introduced by this feature: diameter timer watchdog , diameter origin realm , diameter origin host , diameter source interface , diameter vendor supported , diameter peer,show diameter gx session all, show diameter gx session id, show diameter gx statistics