apps gtp-whitelist

Use the apps gtp-whitelist command to configure GTP forward listing.

Note:  The apps gtp-whitelist commands are not persistent across a node restart, nor do they appear in the output of the running configuration.

The apps gtp-whitelist command has the following syntax:

apps gtp-whitelist alias <GTP whitelist file alias> add

imsi <IMSI number >

|ran <mcc.mnc.eci < eci number> | mcc.mnc.nci <nci number>>

<create | delete>

imsi <IMSI number> |

ran <mcc.mnc.eci < eci number> | mcc.mnc.nci <nci number>> | all

destroyfetch <add | delete> <URL for a GTP whitelist file>

The following table describes the arguments for the apps gtp-whitelist command:

Argument

Description

gtp-whitelist alias <GTP whitelist file alias>

Specifies an alias of the forward list file. Examples of valid names are wlist, imsi-database_2.

add imsi <IMSI number| ran <mcc.mnc.eci < eci number> | mcc.mnc.nci <nci number>>>

Specifies actions for add as follows:

imsi—adds a single IMSI to a forward list.
ran—adds RAN value to add mcc.mnc.eci or mcc.mnc.nci value. The value should be given in the following format:
o NCI value in hexadecimal format and should add 0x as prefix.
o ECI value in decimal format and supports up to 9 digits.

For example:

(config) # apps gtp-whitelist alias wlf1 add imsi 318260109318283

(config) # apps gtp-whitelist alias ran_db add ran 210.32.345678912

apps gtp-whitelist alias ran_db add ran 755.56.0xf12345678

 

create

Creates a new forward list.

For example:

(config) # apps gtp-whitelist alias wlf1 create

To create a whitelist, refer to How to Create a Forward List.

delete <all | imsi <IMSI number> |ran <mcc.mnc.eci < eci number> | mcc.mnc.nci <nci number>>>

Specifies actions for delete as follows:

all—Deletes a forward list. This deletes all the IMSI and RAN entries.
imsi—Deletes a single IMSI entry from a forward list.

When using delete all to delete a forward list, unlike destroy, you do not have to delete the forward list maps, the GigaSMART operation, or disassociate the GigaSMART group from the forward list.

ran—adds RAN value to add mcc.mnc.eci or mcc.mnc.nci value. The value should be given in the following format:
o NCI value in hexadecimal format and should add 0x as prefix.
o ECI value in decimal format and supports up to 9 digits.

Examples:

(config) # apps gtp-whitelist alias wlf1 delete imsi 318260109318283

(config) # apps gtp-whitelist alias wlf1 delete all

destroy

Destroys a forward list.

For example:

(config) # apps gtp-whitelist alias wlf1 destroy

When using destroy to delete a forward list, unlike delete all, you must first delete the forward list maps, the GigaSMART operation, and disassociate the GigaSMART group from the forward list before deleting the forward list. For the procedure to destroy the forward list, refer to How to Delete a Forward List.

fetch <add | delete> <URL for a GTP whitelist file>

Specifies actions for fetch as follows:

add—Downloads a forward list file from a specified URL and path.
delete—Deletes the IMSI and RAN entries, located in the forward list file at the specified URL and path, from the forward list on the node. Use this option to delete up to 50,000 IMSIs.

For both add and delete, forward list files must adhere to the following:

The IMSIs or RAN entries in the forward list files must be distinct entries, with one IMSI or RAN on each line of a file.
In a forward list file, use only the carriage return (newline) to separate IMSI or RAN entries. Do not use any characters, such as commas or colons, to separate IMSI or RAN entries in forward list files.
Each forward list file can contain a maximum of 50,000 entries.
Forward list files must have a filename with a .txt suffix.

To fetch a specified forward list file from a location, use one of the following formats:

http://IPaddress/path/filename.txt
scp://username:password@IPaddress:/path/filename.txt
tftp://IPaddress/path/filename.txt

For GTP forward listing in a cluster, only fetch the forward list to the leader in the cluster. On member nodes, fetch is not available.

Examples:

(config) # apps gtp-whitelist alias wlf1 fetch add http://1.1.1.1/tftp/temp/MyIMSIs1.txt

(config) # apps gtp-whitelist alias wlf2 fetch add scp://user1:mypw@1.1.1.1:/home/temp/IMSI_file1.txt

(config) # apps gtp-whitelist alias wlf3 fetch add tftp://192.168.51.41/temp/IMSI_20K_1.txt

(config) # apps gtp-whitelist alias wlf1 fetch delete http://1.1.1.1/tftp/temp/MyIMSIstoDelete.txt

(config) # apps gtp-whitelist alias wlf2 fetch delete scp://user1:mypw@1.1.1.1:/home/temp/IMSI_delfile.txt

Note:  In a single forward list file, both IMSI and RAN entries are supported. RAN entries should be given in the format as specified in the add option for single entry.

How to Create a Forward List

To create a forward list, use the following CLI command sequence:

Task

Command

Create the forward list.

(config) # apps gtp-whitelist alias wlf1 create

Associate the GigaSMART group to the forward list.

(config) # gsparams gsgroup gsg1 gtp-whitelist add wlf1

Configure the GigaSMART operation.

(config) # gsop alias gtp_wl1 flow-ops gtp-whitelist lb app gtp metric hashing key imsi port-list gsg1

Add single entry to the whitelist.orFetch and download forward list files.

(config) # apps gtp-whitelist alias wlf1 add imsi 318260109318283

(config) # apps gtp-whitelist alias wlf1 add imsi 318573850131409

(config) # apps gtp-whitelist alias wlf1 fetch add http://1.1.1.1/tftp/temp/whitelist1.txt

(config) # apps gtp-whitelist alias wlf1 fetch add http://1.1.1.1/tftp/temp/whitelist2.txt

Create from one to ten second level maps, the forward list maps. When the map configuration is complete, the forward list will take effect.

Note:  If no whitelist add rule is specified in the map, all traffic (all interfaces and all versions) will be passed.

(config) # map alias GTP-Whitelist

(config map alias GTP-Whitelist) # type secondLevel flowWhitelist

(config map alias GTP-Whitelist) # from vp1(

config map alias GTP-Whitelist) # use gsop gtp_wl1

(config map alias GTP-Whitelist) # to 1/2/x2

(config map alias GTP-Whitelist) # whitelist add gtp version 2

(config map alias GTP-Whitelist) # exit

(config) #

How to Delete a Forward List

To destroy the entire forward list, use the following CLI command sequence:

Task

Command

Delete a forward list map.

(config) # no map alias GTP-Whitelist

Delete the GigaSMART operation.

(config) # no gsop alias gtp_wl1

Disassociate the GigaSMART group from the forward list. (You do not need to delete the gsgroup.)

(config) # gsparams gsgroup gsg1 gtp-whitelist delete

Destroy () the entire forward list.

(config) # apps gtp-whitelist alias wlf1 destroy

Related Commands

The following table summarizes other commands related to the apps gtp-whitelist command:

Task

Command

Configures a rule for a forward list map.

# map alias <whitelist map> whitelist add gtp <interface | version>

Displays a particular IMSI associated with the GigaSMART group.

# show gsgroup flow-whitelist alias gsg1 imsi 318260109318283

Displays the GTP forward list entry count.

# show apps gtp-whitelist alias wlf1 count

For forward list maps, displays the total number of IMSI entries (under WL).

# show map brief

For forward list maps, displays the total number of IMSI entries.

# show map alias <whitelist map>

For forward list maps, displays the total number of IMSI entries.

# show map stats alias <whitelist map>