GigaSMART GTP Whitelisting and GTP Flow Sampling Examples

Refer to the following examples:

■   Example 1: GTP Whitelisting
■   Example 2: GTP Whitelisting with Multiple Maps
■   Example 3: GTP Flow Sampling
■   Example 4: GTP Whitelisting, GTP Flow Sampling, and Load Balancing
■   Example 5: GTP Flow Sampling with Multiple Maps
■   Example 6: APN for GTP Whitlelisting, GTP Flow Sampling
■   Example 7: APN for FTP Whitelisting, APN and QCI for GTP Flow Sampling

Example 1 is a GTP whitelisting configuration example. Traffic from network ports go to the three first level maps (GTP-Control, GTP-User, and Fragments-Not_First) and then to the virtual port (vport1). If there is a match to an IMSI in the whitelist (MyIMSIs), it is forwarded to a port.

Task

Description

UI Steps

1.

Configure a GigaSMART group and associate it with a GigaSMART engine port.
From the left navigation pane, go to System > GigaSMART >GigaSMART Groups.
Click New.
Type an alias in the Alias field and enter an engine port in the Port List field.
Click Save.

2.

Create a virtual port.
From the left navigation pane, go to System > GigaSMART >Virtual Ports.
Click New.
Type an alias in the Alias field and enter an engine port in the Port List field.
From the GigaSMART Groups drop-down list, select the GigaSMART group created in task 1.
Click Save.

3.

Create the GTP whitelist.
From the left navigation pane, go to System > GigaSMART >GTP Whitelist.
Click New.
Type an alias in the Alias field. You can also create mulitiple whitelist aliases per gsgroup during the creation of solution.
From the GigaSMART Groups drop-down list, select the GigaSMART group created in Task 1.
Go to Task 4.

4.

Fetch whitelist files from a specified location to populate the GTP whitelist.
On the GTP Whitelist page, select Bulk Upload.
Select Bulk Entry Operation for IMSI Upload Type
Select Upload from URL from the Bulk Upload Type list.
Enter the URL in the Enter Remote URL field. For example, http://10.1.1.100/tftpboot/myfiles/MyIMSIs_file2.tx
Click Save.

5

Associate the GigaSMART group to the GTP whitelist.
From the left navigation pane, go to System > GigaSMART >GigaSMART Groups.
Select the GigaSMART Group created in Task 1 and click Edit.
Type an alias in the Alias field. You can also associate mulitiple whitelist aliases per gsgroup during the creation of solution.
From the GigaSMART Groups drop-down list, select the GigaSMART group created in task 1.
Under GTP Whitelist, click on the GTP Whitelist Alias field and select the alias from Task 3.
Click Save.

6.

Configure the GigaSMART operation for GTP whitelisting.
From the left navigation pane, go to System > GigaSMART >GigaSMART Operations > GigaSMART Operation.
Click New.
Type an alias in the Alias field. For example, GTP-Whitelist.
Select the GigaSMART group created in task 1.
From the GigaSMART Operations (GSOP) drop-down list, select the following:
    GTP Whitelist and select Enabled.
    Load Balancing.
For Load Balancing, do the following:
    Choose Stateful
    For Type select GTP
Choose Hashing for the metric and select IMSI
Click Save.

7.

Configure three first level maps.

Note:  In the rules, 2123 is GTP-c traffic and 2152 is GTP-u traffic.
Configure the first map as follows:
o Alias: GTP-Control
o Type and subtype: First Level By Rule
o Source: network port or ports
o Destination: virtual port created in Task 2.
o Rule: Pass, Bi Directional, Port Destination 2123
o Map Permissions: Select current user’s group for Owner
o Save the map
Configure the second map as follows:
o Alias: GTP-User
o Type and subtype: First Level By Rule
o Source: Same network port or ports as first map.
o Destination: virtual port created in Task 2.
o Rule: Pass, Bi Directional, Port Destination 2152
o Map Permissions: Select current user’s group for Owner
o Save the map
Configure the third map as follows:
o Alias: Fragments-Not-First
o Type and subtype: First Level By Rule
o Source: Same network port or ports as first map
o Destination: virtual port created in Task 2
o Rule: Pass, IPv4 Fragmentation and select allFragNoFirst
o Map Permissions: Select current user’s group for Owner.
o Save the map

8.

Configure a second level map for GTP whitelisting, the whitelist map. If there is a match to an IMSI in the whitelist (MyIMSIs), it is forwarded to a port.
Configure the second level map as follows:
o Alias: GTP-Whitelist
o Type and subtype: Second Level By Rule
o Source: virtual port created in Task 2
o Destination: select a tool port
o GSOP: GigaSMART Operation created in Task 6
o Map Permissions: Select current user’s group for Owner
Click Save.

Example 2 is a GTP whitelisting configuration example that includes multiple GTP whitelisting maps, which provide a more granular selection of tool ports.

Traffic from network ports go to the three first level maps (GTP-Control, GTP-User, and Fragments-Not-First) and then to the virtual port (vport1). Two whitelist maps are configured. The first map specifies a rule for version 1 traffic. The second map specifies a rule for version 2 traffic.

Task

Description

UI Steps
1.    

Configure a GigaSMART group and associate it with a GigaSMART engine port.
From the left navigation pane, go to System > GigaSMART >GigaSMART Groups > GigaSMART Groups.
Click New.
Type an gsg1 in the Alias field and enter an engine port in the Port List field, for example 10/7/e1.
Click Save.
2.  

Create a virtual port.
From the left navigation pane, go to System > GigaSMART >Virtual Ports.
Click New.
Type vport1 in the Alias field.
From the GigaSMART Groups drop-down list, select the GigaSMART group created in task 1.
Click Save.
3.  

Create the GTP whitelist.
From the left navigation pane, go to System > GigaSMART >GTP Whitelist.
Click New.
Type an MyIMSIs in the Alias field.
From the GigaSMART Groups drop-down list, select the GigaSMART group created in Task 1.
Go to Task 4.
4.  

Fetch whitelist files from a specified location to populate the GTP whitelist.
On the GTP Whitelist page, select Bulk Upload.
Select Bulk Entry Operation for IMSI Upload Type
Select Upload from URL from the Bulk Upload Type list.
Enter the URL in the Enter Remote URL field. For example, http://10.1.1.100/tftpboot/myfiles/MyIMSIs_file2.tx
Click Save.

5.

Associate the GigaSMART group to the GTP whitelist.
From the left navigation pane, go to System > GigaSMART >GigaSMART Groups > GigaSMART Groups.
Select the GigaSMART Group created in Task 1 and click Edit.
From the GigaSMART Groups drop-down list, select the GigaSMART group created in task 1.
Under GTP Whitelist, click on the GTP Whitelist Alias field and select the alias from Task 3.
Click Save.
5.  

Configure the GigaSMART operation for GTP whitelisting.
From the left navigation pane, go to System > GigaSMART >GigaSMART Operations > GigaSMART Operation.
Click New.
Type gtp-whitelist in the Alias field.
Select the GigaSMART group created in task 1.
From the GigaSMART Operations (GSOP) drop-down list, select the following:
o GTP Whitelist and select Enabled.
o Load Balancing.
For Load Balancing, do the following:
o Choose Stateful
o For Type select GTP
o Choose Hashing for the metric and select IMSI
o Click Save.
6.  

Configure three first level maps.

Note:  In the rules, 2123 is GTP-c traffic and 2152 is GTP-u traffic.

Configure the first map.

a. On the left navigation pane, click on from Traffic and select Maps > Maps > Maps.
b. Click New.
c. Configure the map:
■   Alias: GTP-Control
■   Type: First Level, Sub Type: By Rule
■   Source: 8/1/x40, 8/1/x6
■   Destination: vport1
d. Click Add a Rule.
■   Select Pass and Bi Directional
■   Select Port Destination for the rule
■   Set port value to 2123
e. Click Save.
Configure the second map.
a. Click New.
b. Configure the map:
■   Alias: GTP-User
■   Type: First Level, Sub Type: By Rule
■   Source: 8/1/x40, 8/1/x6
■   Destination: vport1
c. Click Add a Rule.
■   Select Pass and Bi Directional
■   Select Port Destination for the rule
■   Set port value to 2152
d. Click Save.
Configure the second map.
a. Click New.
b. Configure the map:
■   Alias: Fragment-Not-First
■   Type: First Level, Sub Type: By Rule
■   Source: 8/1/x40, 8/1/x6
■   Destination: vport1
c. Click Add a Rule.
■   Select Pass
■   Select Port IPv4 Fragmentation for the rule
■   Select allFragNoFirst for Value
d. Click Save.
7.  

Configure one second level map for GTP whitelisting, the first whitelist map. If there is a match to version 1 and if the IMSI is present in the whitelist (MyIMSIs), it is forwarded to the specified port.
a. On the left navigation pane, click on and from Traffic select Maps > Maps > Maps.
b. Click New.
c. Configure the map:
■   Alias: GTP-Whitelist_v1
■   Type: Second Level, Sub Type: Flow Whitelist
■   Source: vport1
■   Destination: 1/2x23
■   Select gtp-whitelist from the GSOP list.
d. Click Add a Rule.
■   Select GTP
■   Set Version to V1
e. Click Save.
8.  

Configure another second level map for GTP whitelisting, the second whitelist map. If there is a match to version 2 and if the IMSI is present in the whitelist (MyIMSIs), it is forwarded to the specified port.
a. On the left navigation pane, click on and from Traffic select Maps > Maps > Maps.
b. Click New.
c. Configure the map:
■   Alias: GTP-Whitelist_v2
■   Type: Second Level, Sub Type: Flow Whitelist
■   Source: vport1
■   Destination: 1/2x24
■   Select gtp-whitelist from the GSOP list.
d. Click Add a Rule.
■   Select GTP
■   Set Version to V2
e. Click Save.

Example 3 is a GTP flow sampling configuration example. Traffic from network ports go to the three first level maps (GTP-Control, GTP-User, and Fragments-Not_First) and then to the virtual port (vport1). The traffic flow is sampled based on the rules in one flow sampling map (GTP-Sample-01). The flow sampling rules specify IMSI, IMEI, and MSISDN numbers, as well as the percentage to sample. Packets are then accepted or rejected. Accepted packets are forwarded to a port. Rejected packets are dropped. Packets that do not match a rule will be passed to subsequent maps.

Task

Description

UI Steps
1.    

Configure a GigaSMART group and associate it with a GigaSMART engine port.
a. From the left navigation pane, go to System > GigaSMART >GigaSMART Groups > GigaSMART Groups.
b. Click New.
c. Type an alias in the Alias field and enter an engine port in the Port List field.
d. Click Save.
2.  

Create a virtual port.
a. From the left navigation pane, go to System > GigaSMART >Virtual Ports.
b. In the Alias field, type an alias for this virtual port.
c. Type an alias in the Alias field and enter an engine port in the Port List field.
d. From the GigaSMART Groups drop-down list, select the GigaSMART group created in task 1.
e. Click Save.
3.  

Configure three first level maps.

Note:  In the rules, 2123 is GTP-c traffic and 2152 is GTP-u traffic.
a. Configure the first map as follows:
■   Alias: GTP-Control
■   Type and subtype: First Level By Rule
■   Source: network port or ports
■   Destination: virtual port created in Task 2.
■   Rule: Pass, Bi Directional, Port Destination 2123
■   Map Permissions: Select current user’s group for Owner
■   Save the map
b. Configure the second map as follows:
■   Alias: GTP-User
■   Type and subtype: First Level By Rule
■   Source: Same network port or ports as first map.
■   Destination: virtual port created in Task 2.
■   Rule: Pass, Bi Directional, Port Destination 2152
■   Map Permissions: Select current user’s group for Owner
■   Save the map
c. Configure the third map as follows:
■   Alias: Fragments-Not-First
■   Type and subtype: First Level By Rule
■   Source: Same network port or ports as first map
■   Destination: virtual port created in Task 2
■   Rule: Pass, IPv4 Fragmentation and select allFragNoFirst
■   Map Permissions: Select current user’s group for Owner
d. Save the map
4.  

Configure the GigaSMART operation for GTP flow sampling.
a. From the left navigation pane, go to System > GigaSMART >GigaSMART Operations (GSOP) > GigaSMART Operations.
b. Click New.
c. Type an alias in the Alias field. For example, GTP-Whitelist.
d. Select the GigaSMART group created in task 1.
e. From the GigaSMART Operations (GSOP) drop-down list, select the following:
■   GTP Whitelist and select Enabled.
■   Load Balancing.
f. For Load Balancing, do the following:
a. Choose Stateful
b. For Type select GTP
c. Choose Hashing for the metric and select IMSI
d. Click Save.
5.  

Configure a second level map for GTP flow sampling, the flow sampling map. The traffic flow is sampled based on the rules in this map.
a. On the left navigation pane, click on and from Traffic select Maps > Maps > Maps.
b. Click New.
c. Configure the map.
■   Type GTP-Sample-01 in the Alias field
■   Select Second Level for Type
■   Select Flow Sample for Subtype.
■   Select the virtual port configured in Task 2 for the Source
■   Select a tool port for the Destination
■   Select the GigaSMART Operation configured in Task for from the GSOP list
d. Use the Add a Rule button to create the following flow sampling rules:
■   Percentage to 50, IMEI 01416800*
■   Percentage to 80, IMSI 46*
■   Percentage to 25, MSISDN 1509*
■   Percentage to 15, IMSI 01400*
■   Percentage to 20, IMSI, 31*, MSISDN 1909*
e. Click Save.

Example 4 combines the GTP whitelisting configuration from Example 1 with the GTP flow sampling configuration from Example 3, and adds GigaSMART load balancing.

In Example 4, traffic from network ports go to the three first level maps (GTP-Control, GTP-User, and Fragments-Not-First) and then to the virtual port (vport1). If there is a match to an IMSI in the whitelist (MyIMSIs), it is forwarded to the port group (PG-Whitelist) for load balancing.

Note:  In Example 4, the tool ports in the port group are on the same node as the GigaSMART group and GigaSMART operation.

If there is not a match to an IMSI in the whitelist, the traffic flow is sampled based on the rules in the flow sampling map (GTP-Sample-01). The flow sampling rules specify IMSI, IMEI, and MSISDN numbers, as well as the percentage to sample. Packets are then accepted or rejected. Accepted packets are forwarded to the port group (PG-Sample) for load balancing. Rejected packets are dropped. Packets that do not match a rule will be passed to subsequent maps.

Task

Description

UI Steps
1.    

Create port groups and specify the tool ports and enable load balancing.
a. From the left navigation pane, go to System > Ports > select Ports > Port Groups > All Port Groups.
b. Click New.
c. Type PG-Whitelist in the Alias field.
d. Select SMART Load Balancing
e. Click in the Ports field and select the tool ports for the port group.
f. Click Save.
g. Repeat steps 2 through 6, to create a port group with the alias PF-Sample.
2.  

Configure a GigaSMART group and associate it with a GigaSMART engine port.
a. From the left navigation pane, go to System > GigaSMART >GigaSMART Groups > GigaSMART Groups.
b. Click New.
c. Type an alias in the Alias field and enter an engine port in the Port List field.
d. Click Save.
3.  

Create a virtual port.
a. From the left navigation pane, go to System > GigaSMART >Virtual Ports.
b. In the Alias field, type an alias for this virtual port.
c. Type an alias in the Alias field and enter an engine port in the Port List field.
d. From the GigaSMART Groups drop-down list, select the GigaSMART group created in task 1.
e. Click Save.
4.  

Configure three first level maps.

Note:  In the rules, 2123 is GTP-c traffic and 2152 is GTP-u traffic.
a. Configure the first map as follows:
■   Alias: GTP-Control
■   Type and subtype: First Level By Rule
■   Source: network port or ports
■   Destination: virtual port created in Task 2.
■   Rule: Pass, Bi Directional, Port Destination 2123
■   Map Permissions: Select current user’s group for Owner
b. Save the map
c. Configure the second map as follows:
■   Alias: GTP-User
■   Type and subtype: First Level By Rule
■   Source: Same network port or ports as first map.
■   Destination: virtual port created in Task 2.
■   Rule: Pass, Bi Directional, Port Destination 2152
■   Map Permissions: Select current user’s group for Owner
■   Save the map
d. Configure the third map as follows:
■   Alias: Fragments-Not-First
■   Type and subtype: First Level By Rule
■   Source: Same network port or ports as first map
■   Destination: virtual port created in Task 2
■   Rule: Pass, IPv4 Fragmentation and select allFragNoFirst
■   Map Permissions: Select current user’s group for Owner
e. Save the map
5.  

Create the GTP whitelist.
a. From the left navigation pane, go to System > GigaSMART >GTP Whitelist.
b. Click New.
c. Type an Alias for the Whitelist in the Alias field. For example, MyIMSIs
6.  

Fetch whitelist files from a specified location to populate the GTP whitelist.
a. On the GTP Whitelist page, select Bulk Upload.
b. Select Bulk Entry Operation for IMSI Upload Type
c. Select Upload from URL from the Bulk Upload Type list.
d. Enter the URL in the Enter Remote URL field. For example, http://10.1.1.100/tftpboot/myfiles/MyIMSIs_file2.tx
e. Click Save.
7.  

(Optional) Add a single IMSI to the GTP whitelist.
a. On the GTP Whitelist page, select Individual Entry Operation.
b. Select Append for Operation Type
c. Enter the IMSI entry in the Individual IMSI Entry field.
d. Click Save.
8.  

Associate the GigaSMART group to the GTP whitelist.
a. From the left navigation pane, go to System > GigaSMART >GigaSMART Groups > GigaSMART Groups.
b. Click New.
c. Type an alias in the Alias field.
d. Under GTP Whitelist, click on the GTP Whitelist Alias field and select the alias from Task 5.
e. Click Save.
9.  

Configure the GigaSMART operation for GTP whitelisting.
a. From the left navigation pane, go to System > GigaSMART >GigaSMART Operations (GSOP)> GigaSMART Operation.
b. Click New.
c. Select the GigaSMART Group created in Task 8 from the GigaSMART Groups list.
d. Type an alias in the Alias field. For example, gtp-whitelist.
e. Select GTP Whitelist from the GigaSMART Operations (GSOP) list.
f. Select Load Balancing from the GigaSMART Operations (GSOP) list.
g. Configure Load Balancing as follows:
■   Select Stateful
■   Set Type to GTP
■   Select Hashing
■   Select IMSI
h. Click Save.
10.  

Configure a second level map for GTP whitelisting, the whitelist map. If there is a match to an IMSI in the whitelist (MyIMSIs), it is forwarded to a load balancing port group.
a. On the left navigation pane, click on and from Traffic select Maps > Maps > Maps.
b. Click New
c. Configure the map.
■   Type an name in the Alias field. For example GTP-Whitelist.
■   Select Second Level for Type
■   Select By Rule for Subtype
■   Select the GigaSMART Operation configured in Task 9 from the GigaSMART Operations (GSOP) list.
■   Select the virtual port configured in Task 3 for Source
■   Select PG-Whitelist for Destination
d. Click Save.
11.  

Configure the GigaSMART operation for GTP flow sampling.
e. From the left navigation pane, go to System > GigaSMART >GigaSMART Operations (GSOP) > GigaSMART Operation.
f. Click New.
g. Select the GigaSMART Group created in Task 8 from the GigaSMART Groups list.
h. Type an alias in the Alias field. For example, gtp-flowsample.
i. Select Flow Sampling from the GigaSMART Operations (GSOP) list.
j. Select Flow Sampling-GTP.
k. Select Load Balancing from the GigaSMART Operations (GSOP) list.
■   Select Stateful
■   Set Type to GTP
■   Select Hashing
■   Select IMSI
l. Click Save.
12.  

Configure a second level map for GTP flow sampling, the flow sampling map. If there is not a match to an IMSI in the whitelist, the traffic flow is sampled based on the rules in this map. Accepted packets are forwarded to a load balancing port group.
a. On the left navigation pane, click on and from Traffic select Maps > Maps > Maps.
b. Click New
c. Configure the map.
■   Type an name in the Alias field. For example GTP-Sample-01.
■   Select Second Level for Type
■   Select Flow Sample for Subtype
■   Select the GigaSMART operation for flow sampling configured in Task 11 from the GSOP list.
■   Select the virtual port configured in Task 3 for Source
■   Select PG-Sample for Destination
d. Create the following flow sample rules:
■   Percentage 50, IMEI 01416800*, IMSI 31*
■   Percentage 80, IMSI 46*
■   Percentage 25, MSISDN 1509*
■   Percentage 15, IMEI 01400*, imsi 31*
■   Percentage 20, IMSI 31*, MSISDN 1909*
e. Click Save.

Example 5 includes multiple GTP flow sampling maps, which provide a more granular selection of tool ports for flow sampling.

In Example 5, traffic from network ports go to the three first level maps (GTP-Control, GTP-User, and Fragments-Not_First) and then to the virtual port (vport1). If there is a match to an IMSI in the whitelist (VoLTE_1MM), it is forwarded to the port-group (PG-Whitelist-1) for load balancing.

Note:  In Example 5, the tool ports in the port group are on the same node as the GigaSMART group and GigaSMART operation.

If there is not a match to an IMSI in the whitelist, the traffic flow is sampled based on the rules in the four flow sampling maps (GTP-Sample-1 to GTP-Sample-4).

The flow sampling rules in each map specify IMSI, IMEI, and MSISDN numbers, as well as the percentage to sample. Packets are then accepted or rejected. Accepted packets are forwarded to the port-group (PG-Sample-1 to PG-Sample-4) for load balancing. Rejected packets are dropped. Packets that do not match a rule will be passed to subsequent maps, in this example, to a shared collector.

Task

Description

UI Steps
1.    

Create port groups, specifying the tool ports and enabling load balancing.
a. From the left navigation pane, go to System > Ports > select Ports > Port Groups > All Port Groups.
b. Click New.
c. Type PG-Sample-1 in the Alias field.
d. Select SMART Load Balancing
e. Click in the Ports field and select the tool ports for the port group.
f. Click Save.
g. Repeat steps 2 through 6, to create a port groups with the aliases
2.  

Configure a GigaSMART group and associate it with a GigaSMART engine port.
a. From the left navigation pane, go to System > GigaSMART >GigaSMART Groups > GigaSMART Groups.
b. Click New.
c. Type an alias in the Alias field and enter an engine port in the Port List field.
d. Click Save.
3.  

Create a virtual port.
a. From the left navigation pane, go to System > GigaSMART >Virtual Ports.
b. Type vport1 in the Alias field.
c. Select the GigaSMART Groups created in Task 2 from the GigaSMART Group list.
d. Click Save.
4.  

Configure three first level maps.

Note:  In the rules, 2123 is GTP-c traffic and 2152 is GTP-u traffic.
a. Configure the first map as follows:
■   Alias: GTP-Control
■   Type and subtype: First Level By Rule
■   Source: network ports (for example, 10/1/x5, 10/3/x1,10/6/q1)
■   Destination: virtual port created in Task 2.
■   Rule: Pass, Bi Directional, Port Destination 2123
■   Save the map
b. Configure the second map as follows:
■   Alias: GTP-User
■   Type and subtype: First Level By Rule
■   Source: Same network ports as first map.
■   Destination: virtual port created in Task 2.
■   Rule: Pass, Bi Directional, Port Destination 2152
■   Save the map
c. Configure the third map as follows:
■   Alias: Fragments-Not-First
■   Type and subtype: First Level By Rule
■   Source: Same network ports as first map
■   Destination: virtual port created in Task 2
■   Rule: Pass, IPv4 Fragmentation and select allFragNoFirst
d. Save the map
5.  

Create the GTP whitelist.
a. From the left navigation pane, go to System > GigaSMART >GTP Whitelist.
b. Click New.
c. Enter VoLTE_1MM in the Alias field.
d. Go to Task 6.
6.  

Fetch whitelist files from a specified location to populate the GTP whitelist.
a. On the GTP Whitelist page, select Bulk Upload.
b. Select Bulk Entry Operation for IMSI Upload Type
c. Select Upload from URL from the Bulk Upload Type list.
d. Enter the URL in the Enter Remote URL field. For example, http://10.1.1.100/tftpboot/myfiles/MyIMSIs_file2.tx
e. Click Save.
7.  

(Optional) Add a single IMSI to the GTP whitelist.
a. On the GTP Whitelist page, select Individual Entry Operation.
b. Select Append for Operation Type
c. Enter the IMSI entry in the Individual IMSI Entry field.
d. Click Save.
8.  

Associate the GigaSMART group to the GTP whitelist.
a. From the left navigation pane, go to System > GigaSMART >GigaSMART Groups > GigaSMART Groups
b. Click New.
c. Type gsg1 in the Alias field.
d. Under GTP Whitelist, click on the GTP Whitelist Alias field and select VolTE_1MM.
e. Click Save.
9.  

Configure the GigaSMART operation for GTP whitelisting.
a. From the left navigation pane, go to System > GigaSMART >GigaSMART Operations (GSOP) > GigaSMART Operation.
b. Click New.
c. Select the GigaSMART Group gsg1 created in Task 8 from the GigaSMART Groups list.
d. Enter gtp-whitelistl in the Alias field.
e. Select GTP Whitelist from the GigaSMART Operations (GSOP) list
f. Select Load Balancing from the GigaSMART Operations (GSOP) list.
g. Configure Load Balancing as follows:
■   Select Stateful
■   Set Type to GTP
■   Select Hashing
■   Select IMSI
h. Click Save.
10.  

Configure a second level map for GTP whitelisting, the whitelist map. If there is a match to an IMSI in the whitelist (VoLTE_1MM), it is forwarded to a load balancing port group.
a. On the left navigation pane, click on and from Traffic select Maps > Maps > Maps.
b. Click New
c. Configure the map.
■   Enter GTP-Whitelist in the Alias field.
■   Select Second Level for Type
■   Select By Rule for Subtype
■   Select gtp-whitelist from the GSOP list.
■   Select the virtual port vport1 configured in Task 3 for Source
■   Select port group PG-Whitelist-2 for Destination
d. Click Save.
11.  

Configure the GigaSMART operation for GTP flow sampling.
a. From the left navigation pane, go to System > GigaSMART >GigaSMART Operations (GSOP) > GigaSMART Operation.
b. Click New.
c. Select the GigaSMART Group created in Task 8 from the GigaSMART Groups list.
d. Enter gtp-flowsample-1 in the Alias field.
e. Select Flow Sampling from the GigaSMART Operations (GSOP) list and then select the Flow Sampling-GTP option.
f. Select Load Balancing from the GigaSMART Operations (GSOP) list.
g. Configure Load Balancing as follows:
■   Select Stateful
■   Set Type to GTP
■   Select Hashing
■   Select IMSI
h. Click Save.
12.  

Configure a second level map for GTP flow sampling, the first flow sampling map. This map has 12 rules.

Traffic flow is sampled based on the rules in this map. Accepted packets are forwarded to a load balancing port group.
a. On the left navigation pane, click on and from Traffic select Maps > Maps > Maps.
b. Click New.
c. Configure the map.
■   Type GTP-Sample-1 in the Alias field
■   Select Second Level for Type
■   Select Flow Sample for Subtype.
■   Select the virtual port vport1 configured in Task 3 for the Source
■   Select a port grroup PG-Sampl-1 for the Destination
■   Select the GigaSMART Operation configured in Task for from the GSOP list
d. Use the Add a Rule button to create the following flow sampling rules:
■   Percentage 75, IMSI 3182609833*, IMEI 35609506*
■   Percentage 10, IMSI 3182609834*, IMEI 3560950*
■   Percentage 20, IMSI 31826098350*, IMEI 356095*
■   Percentage 20, IMSI 31826098351*, IMEI 35609*
■   Percentage 20, IMSI 31826098352*, IMEI 3560*
■   Percentage 20, IMSI 31826098353*, IMEI 356*
■   Percentage 20, IMSI 31826098354*, IMEI 35*
■   Percentage 20, IMSI 31826098355*, IMEI 31*
■   Percentage 20, IMSI 31826098356*, IMEI 356095*
■   Percentage 20, IMSI 31826098356*, IMEI 356095*
■   Percentage 20, IMSI 31826098357*, IMEI 3560*
■   Percentage 20, IMSI 31826098358*, IMEI 35*
■   Percentage 20, IMSI 31826098359*, IMEI 356095*
e. Click Save.
13.  

Configure a second level map for GTP flow sampling, the second flow sampling map. This map has 12 rules.

Traffic flow is sampled based on the rules in this map. Accepted packets are forwarded to a load balancing port group.
a. On the left navigation pane, click on and from Traffic select Maps > Maps > Maps.
b. Click New.
c. Configure the map.
■   Type GTP-Sample-2 in the Alias field
■   Select Second Level for Type
■   Select Flow Sample for Subtype.
■   Select the virtual port vport1 configured in Task 2 for the Source
■   Select a tool port group PG-Sample-2 for the Destination
■   Select flow-sample-1 configured in Task 11 for from the GSOP list
d. Use the Add a Rule button to create the following flow sampling rules:
■   Percentage 30, IMSI 3182609836*, IMEI 35609506*
■   Percentage 5, IMSI 3182609837*, IMEI 356095062*
■   Percentage 50, IMSI 31826098380*, IMEI 356095062*
■   Percentage 50, IMSI 31826098381*, IMEI 35609506*
■   Percentage 50, IMSI 31826098382*, IMEI 3560950*
■   Percentage 50, IMSI 31826098383*, IMEI 356095*
■   Percentage 50, IMSI 31826098384*, IMEI 35*
■   Percentage 50, IMSI 31826098385*, IMEI 356*
■   Percentage 50, IMSI 31826098386*, IMEI 3560*
■   Percentage 50, IMSI 31826098387*, IMEI 35609*
■   Percentage 50, IMSI 31826098388*, IMEI 356095*
■   Percentage 50, IMSI 31826098389*, IMEI 3560950*
e. Click Save.
14.  

Configure a second level map for GTP flow sampling, the third flow sampling map. This map has 5 rules.

Traffic flow is sampled based on the rules in this map. Accepted packets are forwarded to a load balancing port group.
a. On the left navigation pane, click on and from Traffic select Maps > Maps > Maps,
b. Click New.
c. Configure the map.
■   Type GTP-Sample-3 in the Alias field
■   Select Second Level for Type
■   Select Flow Sample for Subtype
■   Select the virtual port vport1 configured in Task 3 for the Source
■   Select a port group PG-Sample-3 port for the Destination
■   Select flow-sample-1 configured in Task 11 for from the GSOP list
d. Use the Add a Rule button to create the following flow sampling rules:
■   Percentage 10, IMSI 31826098390*, IMEI 35609506*
■   Percentage 10, IMSI 31826098391*, IMEI 35609506*
■   Percentage 10, IMSI 31826098392*, IMEI 35609506*
■   Percentage 10, IMSI 31826098393*, IMEI 35609506*
■   Percentage 10, IMSI 31826098394*, IMEI 35609506*
e. Click Save.
15.  

Configure a second level map for GTP flow sampling, the fourth flow sampling map. This map has one rule.

Traffic flow is sampled based on the rules in this map. Accepted packets are forwarded to a load balancing port group.
a. On the left navigation pane, click on and from Traffic select Maps > Maps > Maps.
b. Click New.
c. Configure the map.
■   Type GTP-Sample-4 in the Alias field
■   Select Second Level for Type
■   Select Flow Sample for Subtype
■   Select the virtual port vport1 configured in Task 3 for the Source
■   Select a tool port for the Destination
■   Select flow-sample-1 configured in Task 11 for from the GSOP list
d. Use the Add a Rule button to create the following flow sampling rule:
■   Percentage 10, IMSI 31826098429*, IMEI 35609506*
e. Click Save.
16.  

Configure a collector map for any packets that do not match other rules.
a. On the left navigation pane, click on and from Traffic select Maps > Maps > Maps.
b. Click New.
c. Configure the map.
■   Type GTP-Collector in the Alias field
■   Select Second Level for Type
■   Select Collector for Subtype
■   Select the virtual port vport1 configured in Task 3 for the Source
d. Click Save.

Example 7 specifies APN patterns for GTP whitelisting and GTP flow sampling.

In Example 7, traffic from network ports go to the two first level maps (gtp_to_v1_c and gtp_to_v1_u) and then to the virtual port (v1).

In the whitelist map, if there is a match to the APN pattern and if the IMSI is present in the whitelist (IMSI), packets are forwarded to a tool port.

If there is not a match to an IMSI in the whitelist, the traffic is flow sampled based on the APN pattern in the flow sampling map. Accepted packets are forwarded to the same tool port as specified in the whitelist map.

Any unmatched traffic goes to a shared collector that sends it to a different tool port.

Task

Description

UI Steps
1.    

Configure a network port and two tool ports and enable them.
a. From the left navigation pane, go to System > Ports > Ports > All Ports.
b. Click Quick Port Editor.
c. Configure a network port. Port 22/3/x3 in this example.
d. Configure two tool ports. Port 22/4/x18 and 22/4/x19 in this example.
e. Admin enable the ports by selecting Enable for each port.
f. Click OK.
2.  

Configure a GigaSMART group and associate it with two GigaSMART engine port.
a. From the left navigation pane, go to System > GigaSMART >GigaSMART Groups > GigaSMART Groups.
b. Click New.
c. Type an gsg2 in the Alias field.
d. In the Port List field, select the engine ports, which are 22/2/e1 and 22/2/e2 in this example
e. Click Save.
3.  

Create a virtual port.
a. From the left navigation pane, go to System > GigaSMART >Virtual Ports.
b. Type v1 in the Alias field.
c. Select the GigaSMART Group created in Task 2 from the GigaSMART Group list.
d. Click Save.
4.  

Configure two first level maps, one for control traffic and one for user traffic.
a. Configure the first map as follows:
■   Alias: gtp_to_v1_c
■   Type and subtype: First Level By Rule
■   Source: 22/3/x3
■   Destination: virtual port created in Task 2.
■   Rule 1: Pass, Bi Directional, Port Destination 2123
■   Rule 2: Pass, Bi Directional, Port Destination 2122
b. Save the map
c. Configure the second map as follows:
■   Alias: gtp_to_v1_u
■   Type and subtype: First Level By Rule
■   Source: 22/3/x3.
■   Destination: virtual port created in Task 2.
■   Rule 1: Pass, Bi Directional, Port Destination 2152
■   Rule 1: Pass, Bi Directional, IPv4 Fragmentation, Value: allFragNoFirst.
d. Save the map
5.  

Create the GTP whitelist.
a. From the left navigation pane, go to System > GigaSMART >GTP Whitelist.
b. Click New.
c. Enter gtp-whitelist in the Alias field
d. Go to Task 6.
6.  

Fetch whitelist files from a specified location to populate the GTP whitelist.
a. On the GTP Whitelist page, select Bulk Upload.
b. Select Bulk Entry Operation for IMSI Upload Type
c. Select Upload from URL from the Bulk Upload Type list.
d. Select Append.
e. Enter the URL in the Enter Remote URL field. For example, http://10.1.1.100/tftpboot/myfiles/MyIMSIs_file2.tx
f. Click Save.
7.  

(Optional) Add a single IMSI to the GTP whitelist.
a. On the GTP Whitelist page, select Individual Entry Operation.
b. Select Append for Operation Type
c. Enter the IMSI entry in the Individual IMSI Entry field.
d. Click Save.
8.  

Associate the GigaSMART group to the GTP whitelist.
a. From the left navigation pane, go to System > GigaSMART >GigaSMART Groups > GigaSMART Groups
b. Select GS Group gsg2 created in Task 2 and click Edit
c. Under GTP Whitelist, click on the GTP Whitelist Alias field and select. gtp-whitelist
d. Click Save.
9.  

Configure the GigaSMART operation for GTP whitelisting.
a. From the left navigation pane, go to System > GigaSMART >GigaSMART Operations (GSOP) > GigaSMART Operation.
b. Click New.
c. Select the GigaSMART Group gsg2 created in Task 2 and associated with the GTP whitelist in Step 8.
d. Enter gtp-correlat_gsp_wl in the Alias field.
e. Select GTP Whitelist from the GigaSMART Operations (GSOP) list
f. Select Load Balancing from the GigaSMART Operations (GSOP) list.
g. Configure Load Balancing as follows:
■   Select Stateful
■   Set Type to GTP
■   Select Hashing
■   Select IMSI
h. Click Save.
10.  

Configure a second level map for GTP whitelisting, the whitelist map. If there is a match to the APN pattern and if IMSI is present in the whitelist (IMSI), it is forwarded to a tool port.
a. On the left navigation pane, click on and from Traffic select Maps > Maps > Maps.
b. Click New
c. Configure the map.
■   Enter GTP-Whitelist in the Alias field.
■   Select Second Level for Type
■   Select Flow Whitelist for Subtype
■   Select gtp-correlate_gsg_wl from the GSOP list.
■   Select the virtual port v1 configured in Task 3 for Source
■   Select 22/4/x18 for Destination
■   Rule 1: GTP, APN: mobile.com
d. Click Save.
11.  

Configure the GigaSMART operation for GTP flow sampling.
a. From the left navigation pane, go to System > GigaSMART >GigaSMART Operations (GSOP) > GigaSMART Operation.
b. Click New.
c. Select the GigaSMART Group gsg2 created in Task 2 and associated with the GTP whitelist in Step 8.
d. Enter gtp-correlat_gsp_fs in the Alias field.
e. Select GTP Whitelist from the GigaSMART Operations (GSOP) list
f. Select Load Balancing from the GigaSMART Operations (GSOP) list.
g. Configure Load Balancing as follows:
■   Select Stateful
■   Set Type to GTP
■   Select Hashing
■   Select IMSI
h. Click Save
12.  

Configure a second level map for GTP flow sampling, the flow sampling map. If there is not a match to an IMSI in the whitelist, the traffic flow is sampled based on the APN pattern in this map. Accepted packets are forwarded to the same tool port as specified in the whitlelist map
a. On the left navigation pane, click on and from Traffic select Maps > Maps > Maps.
b. Click New.
c. Configure the map.
■   Type from_vp_fs1 in the Alias field
■   Select Second Level for Type
■   Select Flow Sample for Subtype.
■   Select the virtual port v1 configured in Task 3 for the Source
■   Select a 22/4/x18 for the Destination
■   Select the GigaSMART Operation gtp-correlate_gsg_fs
■   Rule 1: GTP, Percentage: 100, APN: imsi*
d. Click Save.
13.  

Add a shared collector for any unmatched traffic from the virtual port and send it to a different tool port.
a. On the left navigation pane, click on and from Traffic select Maps > Maps > Maps.
b. Click New.
c. Configure the map.
■   Type from_vp_scoll in the Alias field
■   Select Second Level for Type
■   Select Collector for Subtype
■   Select the virtual port v1 configured in Task 3 for the Source
d. Click Save.

Example 6 specified APN patterns for GTP whitelisting and GTP flow sampling. It also specifies QCI for GTP flow sampling.

In Example 7, traffic from network ports go to the two first level maps (gtp_to_v1_c and gtp_to_v1_u) and then to the virtual port (v1).

In the whitelist map, if there is a match to the APN pattern and if the IMSI is present in the whitelist (IMSI), packets are forwarded to a tool port.

If there is not a match to an IMSI in the whitelist, the traffic is flow sampled based on the APN pattern and QCI value in the flow sampling map. Accepted packets are forwarded to the same tool port as specified in the whitelist map. Only 50% of traffic with QCI 5 is sent to the tool port.

Any unmatched traffic goes to a shared collector that sends it to a different tool port.

Task

Description

UI Steps
1.    

Configure a network port and two tool ports and enable them.
a. From the left navigation pane, go to System > Ports > Ports > All Ports.
b. Click Quick Port Editor.
c. Select a port (for example, 22/2/x3) and set Type to Network.
d. Select a port (for example, 22/2/x18) and set Type to Tool
e. Select a second port (for example, 22/2/x19) and set Type to Tool.
f. Select Enable for Admin on the network and two tool ports.
g. Click OK.
2.  

Configure a GigaSMART group and associate it with two GigaSMART engine ports
a. From the left navigation pane, go to System > GigaSMART >GigaSMART Groups > GigaSMART Groups.
b. Click New.
c. Type gsg2 in the Alias field.
d. Click in the Port List field and select two engine ports. For example, 22/2/e1 and 22/2/e2
e. Click Save.
3.  

Create a virtual port.
a. From the left navigation pane, go to System > GigaSMART >Virtual Ports.
b. Type v1 in the Alias field.
c. Click in the GigaSMART Group field and select the GigaSMART Group created in Task 2.
d. Click Save.
4.  

Configure two first level maps, on for control traffic and one for user traffic
a. Configure the first map as follows:
■   Alias: gtp_to_v1_c
■   Type and Subtype: First Level By Rule
■   Enable Control Traffic.
■   Source: 22/2/3/x3 (network port created in Task 1)
■   Destination: v1 (virtual port created in Task 3)
■   Rule 1: Pass, Bi Directional, Port Destination 2123
■   Rule 2: Pass, Bi Directional, Port Destination 2122
b. Save the map
c. Configure the second map as follows:
■   Alias: gtp_to_v1_u
■   Type and subtype: First Level By Rule
■   Source: 22/2/3/x3 (network port created in Task 1)
■   Destination: v1 (virtual port created in Task 3)
■   Rule 1: Pass, Bi Directional, Port Destination 2152
■   Rule 2: Pass, Bi Directional, IPv4Fragmentation allFragNoFirst
d. Save the map
5.  

Associate the GigaSMART group to the active GTP Whitelist
a. From the device view, select GigaSMART > GigaSMART Groups.
b. Select the GigaSMART Group created in Task 1 and click Edit.
c. Locate the GTP Whitelist param, and enter the alias of whitelist in the GTP Whitelist Alias field. For example, IMSI.
d. Save the GigaSMART Group.
6.  

Configure the GigaSMART operation for GTP whitelisting.
a. From the left navigation pane, go to System > GigaSMART >GigaSMART Operations (GSOP) > GigaSMART Operation.
b. Click New.
c. Select the GigaSMART Group gsg1 created in Task 2 from the GigaSMART Groups list.
d. Enter gtp-correlate_gsp_wl in the Alias field.
e. Select GTP Whitelist from the GigaSMART Operations (GSOP) list
f. Select Load Balancing from the GigaSMART Operations (GSOP) list.
g. Configure Load Balancing as follows:
■   Select Stateful
■   Set Type to GTP
■   Select Hashing
■   Select IMSI
h. Click Save.
7.  

Configure a second level map for GTP whitelisting, the whitelist map. If there is a match to the APN pattern and if the IMSI is present in the whitelist

(IMSI), packets are forwarded to a tool port.
a. On the left navigation pane, click on and from Traffic select Maps > Maps > Maps.
b. Click New
c. Configure the map.
■   Alias: GTP-whitelist
■   Type an Subtype: Second Level Flow Whitelist
■   Source: v1 (virtual port created in Task 3)
■   Destination: 22/4/x18
■   GSOP: gtp-corelate_gsg_wl
■   Select gtp-whitelist from the GSOP list.
■   Rule: GTP, APN: mobile.com
d. Click Save.
8.  

Configure the GigaSMART operation for GTP flow sampling.
a. From the left navigation pane, go to System > GigaSMART >GigaSMART Operations (GSOP) > GigaSMART Operation.
b. Click New.
c. Select the GigaSMART Group created in Task 2 from the GigaSMART Groups list.
d. Enter gtp-corelate_gsg_fs in the Alias field.
e. Select Flow Sampling from the GigaSMART Operations (GSOP) list and then select the Flow Sampling-GTP option.
f. Select Load Balancing from the GigaSMART Operations (GSOP) list.
g. Configure Load Balancing as follows:
■   Select Stateful
■   Set Type to GTP
■   Select Hashing
■   Select IMEI
h. Click Save.
9.  

Configure a second level map for GTP flow sampling, the flow sampling map. If there is not a match to an IMSI in the whitelist, the traffic flow is sampled based on the APN pattern in this map. Accepted packets are forwarded to the same tool port as specified in the whitelist map.
a. On the left navigation pane, click on and from Traffic select Maps > Maps > Maps.
b. Click New.
c. Configure the map.
■   Alias: from_vp_fs1
■   Type and Subtype: Second Level Flow Sample
■   Source: vp1
■   Destination: 22/4/x18
■   GSOP: gtp-corelate_gsg_fs
■   Rule 1: GTP, APN: *imsi*, QCI: 5, Percentage: 50
■   Rule: 2: GTP, IMSI: ims*, Percentage 100
d. Click Save.
10.  

Add a shared collector for any unmatched traffic from the virtual port and send it to a different tool port.
a. On the left navigation pane, click on and from Traffic select Maps > Maps > Maps.
b. Click New.
c. Configure the map:
■   Alias: from_vp_scoll
■   Type and Subtype: Regular Collector
■   Source: v1
■   Destination: 22/4/x19
d. Click Save.