GigaSMART GTP Whitelisting and GTP Flow Sampling Examples
Refer to the following examples:
Example 1: GTP Whitelisting
Example 1 is a GTP whitelisting configuration example. Traffic from network ports go to the three first level maps (GTP-Control, GTP-User, and Fragments-Not_First) and then to the virtual port (vport1). If there is a match to an IMSI in the whitelist (MyIMSIs), it is forwarded to a port.
Task
|
Description
|
UI Steps
|
1.
|
Configure a GigaSMART group and associate it with a GigaSMART engine port.
|
|
●
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Groups. |
|
●
|
Type an alias in the Alias field and enter an engine port in the Port List field. |
|
2.
|
Create a virtual port.
|
|
●
|
From the left navigation pane, go to System > GigaSMART >Virtual Ports. |
|
●
|
Type an alias in the Alias field and enter an engine port in the Port List field. |
|
●
|
From the GigaSMART Groups drop-down list, select the GigaSMART group created in task 1. |
|
3.
|
Create the GTP whitelist.
|
|
●
|
From the left navigation pane, go to System > GigaSMART >GTP Whitelist. |
|
●
|
Type an alias in the Alias field. You can also create mulitiple whitelist aliases per gsgroup during the creation of solution. |
|
●
|
From the GigaSMART Groups drop-down list, select the GigaSMART group created in Task 1. |
|
4.
|
Fetch whitelist files from a specified location to populate the GTP whitelist.
|
|
●
|
On the GTP Whitelist page, select Bulk Upload. |
|
●
|
Select Bulk Entry Operation for IMSI Upload Type |
|
●
|
Select Upload from URL from the Bulk Upload Type list. |
|
●
|
Enter the URL in the Enter Remote URL field. For example, http://10.1.1.100/tftpboot/myfiles/MyIMSIs_file2.tx |
|
5
|
Associate the GigaSMART group to the GTP whitelist.
|
|
●
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Groups. |
|
●
|
Select the GigaSMART Group created in Task 1 and click Edit. |
|
●
|
Type an alias in the Alias field. You can also associate mulitiple whitelist aliases per gsgroup during the creation of solution. |
|
●
|
From the GigaSMART Groups drop-down list, select the GigaSMART group created in task 1. |
|
●
|
Under GTP Whitelist, click on the GTP Whitelist Alias field and select the alias from Task 3. |
|
6.
|
Configure the GigaSMART operation for GTP whitelisting.
|
|
●
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Operations > GigaSMART Operation. |
|
●
|
Type an alias in the Alias field. For example, GTP-Whitelist. |
|
●
|
Select the GigaSMART group created in task 1. |
|
●
|
From the GigaSMART Operations (GSOP) drop-down list, select the following: |
|
●
|
GTP Whitelist and select Enabled.
|
|
●
|
For Load Balancing, do the following: |
|
●
|
Choose Hashing for the metric and select IMSI |
|
7.
|
Configure three first level maps.
Note: In the rules, 2123 is GTP-c traffic and 2152 is GTP-u traffic.
|
|
●
|
Configure the first map as follows: |
|
o
|
Type and subtype: First Level By Rule |
|
o
|
Source: network port or ports |
|
o
|
Destination: virtual port created in Task 2. |
|
o
|
Rule: Pass, Bi Directional, Port Destination 2123 |
|
o
|
Map Permissions: Select current user’s group for Owner |
|
●
|
Configure the second map as follows: |
|
o
|
Type and subtype: First Level By Rule |
|
o
|
Source: Same network port or ports as first map. |
|
o
|
Destination: virtual port created in Task 2. |
|
o
|
Rule: Pass, Bi Directional, Port Destination 2152 |
|
o
|
Map Permissions: Select current user’s group for Owner |
|
●
|
Configure the third map as follows: |
|
o
|
Alias: Fragments-Not-First |
|
o
|
Type and subtype: First Level By Rule |
|
o
|
Source: Same network port or ports as first map |
|
o
|
Destination: virtual port created in Task 2 |
|
o
|
Rule: Pass, IPv4 Fragmentation and select allFragNoFirst |
|
o
|
Map Permissions: Select current user’s group for Owner. |
|
8.
|
Configure a second level map for GTP whitelisting, the whitelist map. If there is a match to an IMSI in the whitelist (MyIMSIs), it is forwarded to a port.
|
|
●
|
Configure the second level map as follows: |
|
o
|
Type and subtype: Second Level By Rule |
|
o
|
Source: virtual port created in Task 2 |
|
o
|
Destination: select a tool port |
|
o
|
GSOP: GigaSMART Operation created in Task 6 |
|
o
|
Map Permissions: Select current user’s group for Owner |
|
Example 2: GTP Whitelisting with Multiple Maps
Example 2 is a GTP whitelisting configuration example that includes multiple GTP whitelisting maps, which provide a more granular selection of tool ports.
Traffic from network ports go to the three first level maps (GTP-Control, GTP-User, and Fragments-Not-First) and then to the virtual port (vport1). Two whitelist maps are configured. The first map specifies a rule for version 1 traffic. The second map specifies a rule for version 2 traffic.
Task
|
Description
|
UI Steps
|
|
Configure a GigaSMART group and associate it with a GigaSMART engine port.
|
|
●
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Groups > GigaSMART Groups. |
|
●
|
Type an gsg1 in the Alias field and enter an engine port in the Port List field, for example 10/7/e1. |
|
|
Create a virtual port.
|
|
●
|
From the left navigation pane, go to System > GigaSMART >Virtual Ports. |
|
●
|
Type vport1 in the Alias field. |
|
●
|
From the GigaSMART Groups drop-down list, select the GigaSMART group created in task 1. |
|
|
Create the GTP whitelist.
|
|
●
|
From the left navigation pane, go to System > GigaSMART >GTP Whitelist. |
|
●
|
Type an MyIMSIs in the Alias field. |
|
●
|
From the GigaSMART Groups drop-down list, select the GigaSMART group created in Task 1. |
|
|
Fetch whitelist files from a specified location to populate the GTP whitelist.
|
|
●
|
On the GTP Whitelist page, select Bulk Upload. |
|
●
|
Select Bulk Entry Operation for IMSI Upload Type |
|
●
|
Select Upload from URL from the Bulk Upload Type list. |
|
●
|
Enter the URL in the Enter Remote URL field. For example, http://10.1.1.100/tftpboot/myfiles/MyIMSIs_file2.tx |
|
5.
|
Associate the GigaSMART group to the GTP whitelist.
|
|
●
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Groups > GigaSMART Groups. |
|
●
|
Select the GigaSMART Group created in Task 1 and click Edit. |
|
●
|
From the GigaSMART Groups drop-down list, select the GigaSMART group created in task 1. |
|
●
|
Under GTP Whitelist, click on the GTP Whitelist Alias field and select the alias from Task 3. |
|
|
Configure the GigaSMART operation for GTP whitelisting.
|
|
●
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Operations > GigaSMART Operation. |
|
●
|
Type gtp-whitelist in the Alias field. |
|
●
|
Select the GigaSMART group created in task 1. |
|
●
|
From the GigaSMART Operations (GSOP) drop-down list, select the following: |
|
o
|
GTP Whitelist and select Enabled. |
|
●
|
For Load Balancing, do the following: |
|
o
|
Choose Hashing for the metric and select IMSI |
|
|
Configure three first level maps.
Note: In the rules, 2123 is GTP-c traffic and 2152 is GTP-u traffic.
|
Configure the first map.
|
a.
|
On the left navigation pane, click from Traffic and select Maps > Maps > Maps. |
|
■
|
Type: First Level, Sub Type: By Rule |
|
■
|
Source: 8/1/x40, 8/1/x6 |
|
■
|
Select Pass and Bi Directional |
|
■
|
Select Port Destination for the rule |
|
●
|
Configure the second map. |
|
■
|
Type: First Level, Sub Type: By Rule |
|
■
|
Source: 8/1/x40, 8/1/x6 |
|
■
|
Select Pass and Bi Directional
|
|
■
|
Select Port Destination for the rule
|
|
●
|
Configure the second map. |
|
■
|
Alias: Fragment-Not-First |
|
■
|
Type: First Level, Sub Type: By Rule |
|
■
|
Source: 8/1/x40, 8/1/x6 |
|
■
|
Select Port IPv4 Fragmentation for the rule |
|
■
|
Select allFragNoFirst for Value |
|
|
Configure one second level map for GTP whitelisting, the first whitelist map. If there is a match to version 1 and if the IMSI is present in the whitelist (MyIMSIs), it is forwarded to the specified port.
|
|
a.
|
On the left navigation pane, click and from Traffic select Maps > Maps > Maps.
|
|
■
|
Alias: GTP-Whitelist_v1
|
|
■
|
Type: Second Level, Sub Type: Flow Whitelist
|
|
■
|
Select gtp-whitelist from the GSOP list.
|
|
|
Configure another second level map for GTP whitelisting, the second whitelist map. If there is a match to version 2 and if the IMSI is present in the whitelist (MyIMSIs), it is forwarded to the specified port.
|
|
a.
|
On the left navigation pane, click and from Traffic select Maps > Maps > Maps.
|
|
■
|
Alias: GTP-Whitelist_v2
|
|
■
|
Type: Second Level, Sub Type: Flow Whitelist
|
|
■
|
Select gtp-whitelist from the GSOP list.
|
|
Example 3: GTP Flow Sampling
Example 3 is a GTP flow sampling configuration example. Traffic from network ports go to the three first level maps (GTP-Control, GTP-User, and Fragments-Not_First) and then to the virtual port (vport1). The traffic flow is sampled based on the rules in one flow sampling map (GTP-Sample-01). The flow sampling rules specify IMSI, IMEI, and MSISDN numbers, as well as the percentage to sample. Packets are then accepted or rejected. Accepted packets are forwarded to a port. Rejected packets are dropped. Packets that do not match a rule will be passed to subsequent maps.
Task
|
Description
|
UI Steps
|
|
Configure a GigaSMART group and associate it with a GigaSMART engine port.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Groups > GigaSMART Groups. |
|
c.
|
Type an alias in the Alias field and enter an engine port in the Port List field. |
|
|
Create a virtual port.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >Virtual Ports. |
|
b.
|
In the Alias field, type an alias for this virtual port. |
|
c.
|
Type an alias in the Alias field and enter an engine port in the Port List field. |
|
d.
|
From the GigaSMART Groups drop-down list, select the GigaSMART group created in task 1. |
|
|
Configure three first level maps.
Note: In the rules, 2123 is GTP-c traffic and 2152 is GTP-u traffic.
|
|
a.
|
Configure the first map as follows: |
|
■
|
Type and subtype: First Level By Rule |
|
■
|
Source: network port or ports |
|
■
|
Destination: virtual port created in Task 2. |
|
■
|
Rule: Pass, Bi Directional, Port Destination 2123 |
|
■
|
Map Permissions: Select current user’s group for Owner |
|
b.
|
Configure the second map as follows: |
|
■
|
Type and subtype: First Level By Rule |
|
■
|
Source: Same network port or ports as first map. |
|
■
|
Destination: virtual port created in Task 2. |
|
■
|
Rule: Pass, Bi Directional, Port Destination 2152 |
|
■
|
Map Permissions: Select current user’s group for Owner |
|
c.
|
Configure the third map as follows: |
|
■
|
Alias: Fragments-Not-First |
|
■
|
Type and subtype: First Level By Rule |
|
■
|
Source: Same network port or ports as first map |
|
■
|
Destination: virtual port created in Task 2 |
|
■
|
Rule: Pass, IPv4 Fragmentation and select allFragNoFirst |
|
■
|
Map Permissions: Select current user’s group for Owner |
|
|
Configure the GigaSMART operation for GTP flow sampling.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Operations (GSOP) > GigaSMART Operations. |
|
c.
|
Type an alias in the Alias field. For example, GTP-Whitelist. |
|
d.
|
Select the GigaSMART group created in task 1. |
|
e.
|
From the GigaSMART Operations (GSOP) drop-down list, select the following: |
|
■
|
GTP Whitelist and select Enabled. |
|
f.
|
For Load Balancing, do the following: |
|
c.
|
Choose Hashing for the metric and select IMSI |
|
|
Configure a second level map for GTP flow sampling, the flow sampling map. The traffic flow is sampled based on the rules in this map.
|
|
a.
|
On the left navigation pane, click and from Traffic select Maps > Maps > Maps.
|
|
■
|
Type GTP-Sample-01 in the Alias field |
|
■
|
Select Second Level for Type |
|
■
|
Select Flow Sample for Subtype. |
|
■
|
Select the virtual port configured in Task 2 for the Source |
|
■
|
Select a tool port for the Destination |
|
■
|
Select the GigaSMART Operation configured in Task for from the GSOP list |
|
d.
|
Use the Add a Rule button to create the following flow sampling rules: |
|
■
|
Percentage to 50, IMEI 01416800* |
|
■
|
Percentage to 80, IMSI 46* |
|
■
|
Percentage to 25, MSISDN 1509* |
|
■
|
Percentage to 15, IMSI 01400* |
|
■
|
Percentage to 20, IMSI, 31*, MSISDN 1909* |
|
Example 4: GTP Whitelisting, GTP Flow Sampling, and Load Balancing
Example 4 combines the GTP whitelisting configuration from Example 1 with the GTP flow sampling configuration from Example 3, and adds GigaSMART load balancing.
In Example 4, traffic from network ports go to the three first level maps (GTP-Control, GTP-User, and Fragments-Not-First) and then to the virtual port (vport1). If there is a match to an IMSI in the whitelist (MyIMSIs), it is forwarded to the port group (PG-Whitelist) for load balancing.
Note: In Example 4, the tool ports in the port group are on the same node as the GigaSMART group and GigaSMART operation.
If there is not a match to an IMSI in the whitelist, the traffic flow is sampled based on the rules in the flow sampling map (GTP-Sample-01). The flow sampling rules specify IMSI, IMEI, and MSISDN numbers, as well as the percentage to sample. Packets are then accepted or rejected. Accepted packets are forwarded to the port group (PG-Sample) for load balancing. Rejected packets are dropped. Packets that do not match a rule will be passed to subsequent maps.
Task
|
Description
|
UI Steps
|
|
Create port groups and specify the tool ports and enable load balancing.
|
|
a.
|
From the left navigation pane, go to System > Ports > select Ports > Port Groups > All Port Groups. |
|
c.
|
Type PG-Whitelist in the Alias field. |
|
d.
|
Select SMART Load Balancing |
|
e.
|
Click in the Ports field and select the tool ports for the port group. |
|
g.
|
Repeat steps 2 through 6, to create a port group with the alias PF-Sample. |
|
|
Configure a GigaSMART group and associate it with a GigaSMART engine port.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Groups > GigaSMART Groups. |
|
c.
|
Type an alias in the Alias field and enter an engine port in the Port List field. |
|
|
Create a virtual port.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >Virtual Ports. |
|
b.
|
In the Alias field, type an alias for this virtual port. |
|
c.
|
Type an alias in the Alias field and enter an engine port in the Port List field. |
|
d.
|
From the GigaSMART Groups drop-down list, select the GigaSMART group created in task 1. |
|
|
Configure three first level maps.
Note: In the rules, 2123 is GTP-c traffic and 2152 is GTP-u traffic.
|
|
a.
|
Configure the first map as follows: |
|
■
|
Type and subtype: First Level By Rule |
|
■
|
Source: network port or ports |
|
■
|
Destination: virtual port created in Task 2. |
|
■
|
Rule: Pass, Bi Directional, Port Destination 2123 |
|
■
|
Map Permissions: Select current user’s group for Owner |
|
c.
|
Configure the second map as follows: |
|
■
|
Type and subtype: First Level By Rule |
|
■
|
Source: Same network port or ports as first map. |
|
■
|
Destination: virtual port created in Task 2. |
|
■
|
Rule: Pass, Bi Directional, Port Destination 2152 |
|
■
|
Map Permissions: Select current user’s group for Owner |
|
d.
|
Configure the third map as follows: |
|
■
|
Alias: Fragments-Not-First |
|
■
|
Type and subtype: First Level By Rule |
|
■
|
Source: Same network port or ports as first map |
|
■
|
Destination: virtual port created in Task 2 |
|
■
|
Rule: Pass, IPv4 Fragmentation and select allFragNoFirst |
|
■
|
Map Permissions: Select current user’s group for Owner |
|
|
Create the GTP whitelist.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >GTP Whitelist. |
|
c.
|
Type an Alias for the Whitelist in the Alias field. For example, MyIMSIs |
|
|
Fetch whitelist files from a specified location to populate the GTP whitelist.
|
|
a.
|
On the GTP Whitelist page, select Bulk Upload. |
|
b.
|
Select Bulk Entry Operation for IMSI Upload Type |
|
c.
|
Select Upload from URL from the Bulk Upload Type list. |
|
d.
|
Enter the URL in the Enter Remote URL field. For example, http://10.1.1.100/tftpboot/myfiles/MyIMSIs_file2.tx |
|
|
(Optional) Add a single IMSI to the GTP whitelist.
|
|
a.
|
On the GTP Whitelist page, select Individual Entry Operation. |
|
b.
|
Select Append for Operation Type |
|
c.
|
Enter the IMSI entry in the Individual IMSI Entry field. |
|
|
Associate the GigaSMART group to the GTP whitelist.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Groups > GigaSMART Groups. |
|
c.
|
Type an alias in the Alias field. |
|
d.
|
Under GTP Whitelist, click on the GTP Whitelist Alias field and select the alias from Task 5. |
|
|
Configure the GigaSMART operation for GTP whitelisting.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Operations (GSOP)> GigaSMART Operation. |
|
c.
|
Select the GigaSMART Group created in Task 8 from the GigaSMART Groups list. |
|
d.
|
Type an alias in the Alias field. For example, gtp-whitelist. |
|
e.
|
Select GTP Whitelist from the GigaSMART Operations (GSOP) list. |
|
f.
|
Select Load Balancing from the GigaSMART Operations (GSOP) list. |
|
g.
|
Configure Load Balancing as follows: |
|
|
Configure a second level map for GTP whitelisting, the whitelist map. If there is a match to an IMSI in the whitelist (MyIMSIs), it is forwarded to a load balancing port group.
|
|
a.
|
On the left navigation pane, click and from Traffic select Maps > Maps > Maps.
|
|
■
|
Type an name in the Alias field. For example GTP-Whitelist. |
|
■
|
Select Second Level for Type |
|
■
|
Select By Rule for Subtype |
|
■
|
Select the GigaSMART Operation configured in Task 9 from the GigaSMART Operations (GSOP) list. |
|
■
|
Select the virtual port configured in Task 3 for Source |
|
■
|
Select PG-Whitelist for Destination |
|
|
Configure the GigaSMART operation for GTP flow sampling.
|
|
e.
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Operations (GSOP) > GigaSMART Operation. |
|
g.
|
Select the GigaSMART Group created in Task 8 from the GigaSMART Groups list. |
|
h.
|
Type an alias in the Alias field. For example, gtp-flowsample. |
|
i.
|
Select Flow Sampling from the GigaSMART Operations (GSOP) list. |
|
j.
|
Select Flow Sampling-GTP. |
|
k.
|
Select Load Balancing from the GigaSMART Operations (GSOP) list. |
|
|
Configure a second level map for GTP flow sampling, the flow sampling map. If there is not a match to an IMSI in the whitelist, the traffic flow is sampled based on the rules in this map. Accepted packets are forwarded to a load balancing port group.
|
|
a.
|
On the left navigation pane, click and from Traffic select Maps > Maps > Maps.
|
|
■
|
Type an name in the Alias field. For example GTP-Sample-01. |
|
■
|
Select Second Level for Type |
|
■
|
Select Flow Sample for Subtype |
|
■
|
Select the GigaSMART operation for flow sampling configured in Task 11 from the GSOP list. |
|
■
|
Select the virtual port configured in Task 3 for Source |
|
■
|
Select PG-Sample for Destination |
|
d.
|
Create the following flow sample rules: |
|
■
|
Percentage 50, IMEI 01416800*, IMSI 31* |
|
■
|
Percentage 80, IMSI 46* |
|
■
|
Percentage 25, MSISDN 1509* |
|
■
|
Percentage 15, IMEI 01400*, imsi 31* |
|
■
|
Percentage 20, IMSI 31*, MSISDN 1909* |
|
Example 5: GTP Flow Sampling with Multiple Maps
Example 5 includes multiple GTP flow sampling maps, which provide a more granular selection of tool ports for flow sampling.
In Example 5, traffic from network ports go to the three first level maps (GTP-Control, GTP-User, and Fragments-Not_First) and then to the virtual port (vport1). If there is a match to an IMSI in the whitelist (VoLTE_1MM), it is forwarded to the port-group (PG-Whitelist-1) for load balancing.
Note: In Example 5, the tool ports in the port group are on the same node as the GigaSMART group and GigaSMART operation.
If there is not a match to an IMSI in the whitelist, the traffic flow is sampled based on the rules in the four flow sampling maps (GTP-Sample-1 to GTP-Sample-4).
The flow sampling rules in each map specify IMSI, IMEI, and MSISDN numbers, as well as the percentage to sample. Packets are then accepted or rejected. Accepted packets are forwarded to the port-group (PG-Sample-1 to PG-Sample-4) for load balancing. Rejected packets are dropped. Packets that do not match a rule will be passed to subsequent maps, in this example, to a shared collector.
Task
|
Description
|
UI Steps
|
|
Create port groups, specifying the tool ports and enabling load balancing.
|
|
a.
|
From the left navigation pane, go to System > Ports > select Ports > Port Groups > All Port Groups. |
|
c.
|
Type PG-Sample-1 in the Alias field. |
|
d.
|
Select SMART Load Balancing |
|
e.
|
Click in the Ports field and select the tool ports for the port group. |
|
g.
|
Repeat steps 2 through 6, to create a port groups with the aliases |
|
|
Configure a GigaSMART group and associate it with a GigaSMART engine port.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Groups > GigaSMART Groups. |
|
c.
|
Type an alias in the Alias field and enter an engine port in the Port List field. |
|
|
Create a virtual port.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >Virtual Ports. |
|
b.
|
Type vport1 in the Alias field. |
|
c.
|
Select the GigaSMART Groups created in Task 2 from the GigaSMART Group list. |
|
|
Configure three first level maps.
Note: In the rules, 2123 is GTP-c traffic and 2152 is GTP-u traffic.
|
|
a.
|
Configure the first map as follows: |
|
■
|
Type and subtype: First Level By Rule |
|
■
|
Source: network ports (for example, 10/1/x5, 10/3/x1,10/6/q1) |
|
■
|
Destination: virtual port created in Task 2. |
|
■
|
Rule: Pass, Bi Directional, Port Destination 2123 |
|
b.
|
Configure the second map as follows: |
|
■
|
Type and subtype: First Level By Rule |
|
■
|
Source: Same network ports as first map. |
|
■
|
Destination: virtual port created in Task 2. |
|
■
|
Rule: Pass, Bi Directional, Port Destination 2152 |
|
c.
|
Configure the third map as follows: |
|
■
|
Alias: Fragments-Not-First |
|
■
|
Type and subtype: First Level By Rule |
|
■
|
Source: Same network ports as first map |
|
■
|
Destination: virtual port created in Task 2 |
|
■
|
Rule: Pass, IPv4 Fragmentation and select allFragNoFirst |
|
|
Create the GTP whitelist.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >GTP Whitelist. |
|
c.
|
Enter VoLTE_1MM in the Alias field. |
|
|
Fetch whitelist files from a specified location to populate the GTP whitelist.
|
|
a.
|
On the GTP Whitelist page, select Bulk Upload. |
|
b.
|
Select Bulk Entry Operation for IMSI Upload Type |
|
c.
|
Select Upload from URL from the Bulk Upload Type list. |
|
d.
|
Enter the URL in the Enter Remote URL field. For example, http://10.1.1.100/tftpboot/myfiles/MyIMSIs_file2.tx |
|
|
(Optional) Add a single IMSI to the GTP whitelist.
|
|
a.
|
On the GTP Whitelist page, select Individual Entry Operation. |
|
b.
|
Select Append for Operation Type |
|
c.
|
Enter the IMSI entry in the Individual IMSI Entry field. |
|
|
Associate the GigaSMART group to the GTP whitelist.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Groups > GigaSMART Groups |
|
c.
|
Type gsg1 in the Alias field. |
|
d.
|
Under GTP Whitelist, click on the GTP Whitelist Alias field and select VolTE_1MM. |
|
|
Configure the GigaSMART operation for GTP whitelisting.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Operations (GSOP) > GigaSMART Operation. |
|
c.
|
Select the GigaSMART Group gsg1 created in Task 8 from the GigaSMART Groups list. |
|
d.
|
Enter gtp-whitelistl in the Alias field. |
|
e.
|
Select GTP Whitelist from the GigaSMART Operations (GSOP) list |
|
f.
|
Select Load Balancing from the GigaSMART Operations (GSOP) list. |
|
g.
|
Configure Load Balancing as follows: |
|
|
Configure a second level map for GTP whitelisting, the whitelist map. If there is a match to an IMSI in the whitelist (VoLTE_1MM), it is forwarded to a load balancing port group.
|
|
a.
|
On the left navigation pane, click and from Traffic select Maps > Maps > Maps.
|
|
■
|
Enter GTP-Whitelist in the Alias field. |
|
■
|
Select Second Level for Type |
|
■
|
Select By Rule for Subtype |
|
■
|
Select gtp-whitelist from the GSOP list. |
|
■
|
Select the virtual port vport1 configured in Task 3 for Source |
|
■
|
Select port group PG-Whitelist-2 for Destination |
|
|
Configure the GigaSMART operation for GTP flow sampling.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Operations (GSOP) > GigaSMART Operation. |
|
c.
|
Select the GigaSMART Group created in Task 8 from the GigaSMART Groups list. |
|
d.
|
Enter gtp-flowsample-1 in the Alias field. |
|
e.
|
Select Flow Sampling from the GigaSMART Operations (GSOP) list and then select the Flow Sampling-GTP option. |
|
f.
|
Select Load Balancing from the GigaSMART Operations (GSOP) list. |
|
g.
|
Configure Load Balancing as follows: |
|
|
Configure a second level map for GTP flow sampling, the first flow sampling map. This map has 12 rules.
Traffic flow is sampled based on the rules in this map. Accepted packets are forwarded to a load balancing port group.
|
|
a.
|
On the left navigation pane, click and from Traffic select Maps > Maps > Maps.
|
|
■
|
Type GTP-Sample-1 in the Alias field |
|
■
|
Select Second Level for Type |
|
■
|
Select Flow Sample for Subtype. |
|
■
|
Select the virtual port vport1 configured in Task 3 for the Source |
|
■
|
Select a port grroup PG-Sampl-1 for the Destination |
|
■
|
Select the GigaSMART Operation configured in Task for from the GSOP list |
|
d.
|
Use the Add a Rule button to create the following flow sampling rules: |
|
■
|
Percentage 75, IMSI 3182609833*, IMEI 35609506* |
|
■
|
Percentage 10, IMSI 3182609834*, IMEI 3560950* |
|
■
|
Percentage 20, IMSI 31826098350*, IMEI 356095* |
|
■
|
Percentage 20, IMSI 31826098351*, IMEI 35609* |
|
■
|
Percentage 20, IMSI 31826098352*, IMEI 3560* |
|
■
|
Percentage 20, IMSI 31826098353*, IMEI 356* |
|
■
|
Percentage 20, IMSI 31826098354*, IMEI 35* |
|
■
|
Percentage 20, IMSI 31826098355*, IMEI 31* |
|
■
|
Percentage 20, IMSI 31826098356*, IMEI 356095* |
|
■
|
Percentage 20, IMSI 31826098356*, IMEI 356095* |
|
■
|
Percentage 20, IMSI 31826098357*, IMEI 3560* |
|
■
|
Percentage 20, IMSI 31826098358*, IMEI 35* |
|
■
|
Percentage 20, IMSI 31826098359*, IMEI 356095* |
|
|
Configure a second level map for GTP flow sampling, the second flow sampling map. This map has 12 rules.
Traffic flow is sampled based on the rules in this map. Accepted packets are forwarded to a load balancing port group.
|
|
a.
|
On the left navigation pane, click and from Traffic select Maps > Maps > Maps.
|
|
■
|
Type GTP-Sample-2 in the Alias field |
|
■
|
Select Second Level for Type |
|
■
|
Select Flow Sample for Subtype. |
|
■
|
Select the virtual port vport1 configured in Task 2 for the Source |
|
■
|
Select a tool port group PG-Sample-2 for the Destination |
|
■
|
Select flow-sample-1 configured in Task 11 for from the GSOP list |
|
d.
|
Use the Add a Rule button to create the following flow sampling rules: |
|
■
|
Percentage 30, IMSI 3182609836*, IMEI 35609506* |
|
■
|
Percentage 5, IMSI 3182609837*, IMEI 356095062* |
|
■
|
Percentage 50, IMSI 31826098380*, IMEI 356095062* |
|
■
|
Percentage 50, IMSI 31826098381*, IMEI 35609506* |
|
■
|
Percentage 50, IMSI 31826098382*, IMEI 3560950* |
|
■
|
Percentage 50, IMSI 31826098383*, IMEI 356095* |
|
■
|
Percentage 50, IMSI 31826098384*, IMEI 35* |
|
■
|
Percentage 50, IMSI 31826098385*, IMEI 356* |
|
■
|
Percentage 50, IMSI 31826098386*, IMEI 3560* |
|
■
|
Percentage 50, IMSI 31826098387*, IMEI 35609* |
|
■
|
Percentage 50, IMSI 31826098388*, IMEI 356095* |
|
■
|
Percentage 50, IMSI 31826098389*, IMEI 3560950* |
|
|
Configure a second level map for GTP flow sampling, the third flow sampling map. This map has 5 rules.
Traffic flow is sampled based on the rules in this map. Accepted packets are forwarded to a load balancing port group.
|
|
a.
|
On the left navigation pane, click and from Traffic select Maps > Maps > Maps, |
|
■
|
Type GTP-Sample-3 in the Alias field |
|
■
|
Select Second Level for Type |
|
■
|
Select Flow Sample for Subtype |
|
■
|
Select the virtual port vport1 configured in Task 3 for the Source |
|
■
|
Select a port group PG-Sample-3 port for the Destination |
|
■
|
Select flow-sample-1 configured in Task 11 for from the GSOP list |
|
d.
|
Use the Add a Rule button to create the following flow sampling rules: |
|
■
|
Percentage 10, IMSI 31826098390*, IMEI 35609506* |
|
■
|
Percentage 10, IMSI 31826098391*, IMEI 35609506* |
|
■
|
Percentage 10, IMSI 31826098392*, IMEI 35609506* |
|
■
|
Percentage 10, IMSI 31826098393*, IMEI 35609506* |
|
■
|
Percentage 10, IMSI 31826098394*, IMEI 35609506* |
|
|
Configure a second level map for GTP flow sampling, the fourth flow sampling map. This map has one rule.
Traffic flow is sampled based on the rules in this map. Accepted packets are forwarded to a load balancing port group.
|
|
a.
|
On the left navigation pane, click and from Traffic select Maps > Maps > Maps.
|
|
■
|
Type GTP-Sample-4 in the Alias field |
|
■
|
Select Second Level for Type |
|
■
|
Select Flow Sample for Subtype |
|
■
|
Select the virtual port vport1 configured in Task 3 for the Source |
|
■
|
Select a tool port for the Destination |
|
■
|
Select flow-sample-1 configured in Task 11 for from the GSOP list |
|
d.
|
Use the Add a Rule button to create the following flow sampling rule: |
|
■
|
Percentage 10, IMSI 31826098429*, IMEI 35609506* |
|
|
Configure a collector map for any packets that do not match other rules.
|
|
a.
|
On the left navigation pane, click and from Traffic select Maps > Maps > Maps.
|
|
■
|
Type GTP-Collector in the Alias field |
|
■
|
Select Second Level for Type |
|
■
|
Select Collector for Subtype |
|
■
|
Select the virtual port vport1 configured in Task 3 for the Source |
|
Example 6: APN for GTP Whitlelisting, GTP Flow Sampling
Example 7 specifies APN patterns for GTP whitelisting and GTP flow sampling.
In Example 7, traffic from network ports go to the two first level maps (gtp_to_v1_c and gtp_to_v1_u) and then to the virtual port (v1).
In the whitelist map, if there is a match to the APN pattern and if the IMSI is present in the whitelist (IMSI), packets are forwarded to a tool port.
If there is not a match to an IMSI in the whitelist, the traffic is flow sampled based on the APN pattern in the flow sampling map. Accepted packets are forwarded to the same tool port as specified in the whitelist map.
Any unmatched traffic goes to a shared collector that sends it to a different tool port.
Task
|
Description
|
UI Steps
|
|
Configure a network port and two tool ports and enable them.
|
|
a.
|
From the left navigation pane, go to System > Ports > Ports > All Ports. |
|
b.
|
Click Quick Port Editor. |
|
c.
|
Configure a network port. Port 22/3/x3 in this example. |
|
d.
|
Configure two tool ports. Port 22/4/x18 and 22/4/x19 in this example. |
|
e.
|
Admin enable the ports by selecting Enable for each port. |
|
|
Configure a GigaSMART group and associate it with two GigaSMART engine port.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Groups > GigaSMART Groups. |
|
c.
|
Type an gsg2 in the Alias field. |
|
d.
|
In the Port List field, select the engine ports, which are 22/2/e1 and 22/2/e2 in this example |
|
|
Create a virtual port.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >Virtual Ports. |
|
b.
|
Type v1 in the Alias field. |
|
c.
|
Select the GigaSMART Group created in Task 2 from the GigaSMART Group list. |
|
|
Configure two first level maps, one for control traffic and one for user traffic.
|
|
a.
|
Configure the first map as follows: |
|
■
|
Type and subtype: First Level By Rule |
|
■
|
Destination: virtual port created in Task 2. |
|
■
|
Rule 1: Pass, Bi Directional, Port Destination 2123 |
|
■
|
Rule 2: Pass, Bi Directional, Port Destination 2122 |
|
c.
|
Configure the second map as follows: |
|
■
|
Type and subtype: First Level By Rule |
|
■
|
Destination: virtual port created in Task 2. |
|
■
|
Rule 1: Pass, Bi Directional, Port Destination 2152 |
|
■
|
Rule 1: Pass, Bi Directional, IPv4 Fragmentation, Value: allFragNoFirst. |
|
|
Create the GTP whitelist.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >GTP Whitelist. |
|
c.
|
Enter gtp-whitelist in the Alias field |
|
|
Fetch whitelist files from a specified location to populate the GTP whitelist.
|
|
a.
|
On the GTP Whitelist page, select Bulk Upload. |
|
b.
|
Select Bulk Entry Operation for IMSI Upload Type |
|
c.
|
Select Upload from URL from the Bulk Upload Type list. |
|
e.
|
Enter the URL in the Enter Remote URL field. For example, http://10.1.1.100/tftpboot/myfiles/MyIMSIs_file2.tx |
|
|
(Optional) Add a single IMSI to the GTP whitelist.
|
|
a.
|
On the GTP Whitelist page, select Individual Entry Operation. |
|
b.
|
Select Append for Operation Type |
|
c.
|
Enter the IMSI entry in the Individual IMSI Entry field. |
|
|
Associate the GigaSMART group to the GTP whitelist.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Groups > GigaSMART Groups |
|
b.
|
Select GS Group gsg2 created in Task 2 and click Edit |
|
c.
|
Under GTP Whitelist, click on the GTP Whitelist Alias field and select. gtp-whitelist |
|
|
Configure the GigaSMART operation for GTP whitelisting.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Operations (GSOP) > GigaSMART Operation. |
|
c.
|
Select the GigaSMART Group gsg2 created in Task 2 and associated with the GTP whitelist in Step 8. |
|
d.
|
Enter gtp-correlat_gsp_wl in the Alias field. |
|
e.
|
Select GTP Whitelist from the GigaSMART Operations (GSOP) list |
|
f.
|
Select Load Balancing from the GigaSMART Operations (GSOP) list. |
|
g.
|
Configure Load Balancing as follows: |
|
|
Configure a second level map for GTP whitelisting, the whitelist map. If there is a match to the APN pattern and if IMSI is present in the whitelist (IMSI), it is forwarded to a tool port.
|
|
a.
|
On the left navigation pane, click and from Traffic select Maps > Maps > Maps.
|
|
■
|
Enter GTP-Whitelist in the Alias field. |
|
■
|
Select Second Level for Type |
|
■
|
Select Flow Whitelist for Subtype |
|
■
|
Select gtp-correlate_gsg_wl from the GSOP list. |
|
■
|
Select the virtual port v1 configured in Task 3 for Source |
|
■
|
Select 22/4/x18 for Destination |
|
■
|
Rule 1: GTP, APN: mobile.com |
|
|
Configure the GigaSMART operation for GTP flow sampling.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Operations (GSOP) > GigaSMART Operation. |
|
c.
|
Select the GigaSMART Group gsg2 created in Task 2 and associated with the GTP whitelist in Step 8. |
|
d.
|
Enter gtp-correlat_gsp_fs in the Alias field. |
|
e.
|
Select GTP Whitelist from the GigaSMART Operations (GSOP) list |
|
f.
|
Select Load Balancing from the GigaSMART Operations (GSOP) list. |
|
g.
|
Configure Load Balancing as follows: |
|
|
Configure a second level map for GTP flow sampling, the flow sampling map. If there is not a match to an IMSI in the whitelist, the traffic flow is sampled based on the APN pattern in this map. Accepted packets are forwarded to the same tool port as specified in the whitlelist map
|
|
a.
|
On the left navigation pane, click and from Traffic select Maps > Maps > Maps.
|
|
■
|
Type from_vp_fs1 in the Alias field |
|
■
|
Select Second Level for Type |
|
■
|
Select Flow Sample for Subtype. |
|
■
|
Select the virtual port v1 configured in Task 3 for the Source |
|
■
|
Select a 22/4/x18 for the Destination |
|
■
|
Select the GigaSMART Operation gtp-correlate_gsg_fs |
|
■
|
Rule 1: GTP, Percentage: 100, APN: imsi* |
|
|
Add a shared collector for any unmatched traffic from the virtual port and send it to a different tool port.
|
|
a.
|
On the left navigation pane, click and from Traffic select Maps > Maps > Maps.
|
|
■
|
Type from_vp_scoll in the Alias field |
|
■
|
Select Second Level for Type |
|
■
|
Select Collector for Subtype |
|
■
|
Select the virtual port v1 configured in Task 3 for the Source |
|
Example 7: APN for FTP Whitelisting, APN and QCI for GTP Flow Sampling
Example 6 specified APN patterns for GTP whitelisting and GTP flow sampling. It also specifies QCI for GTP flow sampling.
In Example 7, traffic from network ports go to the two first level maps (gtp_to_v1_c and gtp_to_v1_u) and then to the virtual port (v1).
In the whitelist map, if there is a match to the APN pattern and if the IMSI is present in the whitelist (IMSI), packets are forwarded to a tool port.
If there is not a match to an IMSI in the whitelist, the traffic is flow sampled based on the APN pattern and QCI value in the flow sampling map. Accepted packets are forwarded to the same tool port as specified in the whitelist map. Only 50% of traffic with QCI 5 is sent to the tool port.
Any unmatched traffic goes to a shared collector that sends it to a different tool port.
Task
|
Description
|
UI Steps
|
|
Configure a network port and two tool ports and enable them.
|
|
a.
|
From the left navigation pane, go to System > Ports > Ports > All Ports. |
|
b.
|
Click Quick Port Editor. |
|
c.
|
Select a port (for example, 22/2/x3) and set Type to Network. |
|
d.
|
Select a port (for example, 22/2/x18) and set Type to Tool |
|
e.
|
Select a second port (for example, 22/2/x19) and set Type to Tool. |
|
f.
|
Select Enable for Admin on the network and two tool ports. |
|
|
Configure a GigaSMART group and associate it with two GigaSMART engine ports
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Groups > GigaSMART Groups. |
|
c.
|
Type gsg2 in the Alias field. |
|
d.
|
Click in the Port List field and select two engine ports. For example, 22/2/e1 and 22/2/e2 |
|
|
Create a virtual port.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >Virtual Ports. |
|
b.
|
Type v1 in the Alias field. |
|
c.
|
Click in the GigaSMART Group field and select the GigaSMART Group created in Task 2. |
|
|
Configure two first level maps, on for control traffic and one for user traffic
|
|
a.
|
Configure the first map as follows: |
|
■
|
Type and Subtype: First Level By Rule |
|
■
|
Enable Control Traffic. |
|
■
|
Source: 22/2/3/x3 (network port created in Task 1) |
|
■
|
Destination: v1 (virtual port created in Task 3) |
|
■
|
Rule 1: Pass, Bi Directional, Port Destination 2123 |
|
■
|
Rule 2: Pass, Bi Directional, Port Destination 2122 |
|
c.
|
Configure the second map as follows: |
|
■
|
Type and subtype: First Level By Rule |
|
■
|
Source: 22/2/3/x3 (network port created in Task 1) |
|
■
|
Destination: v1 (virtual port created in Task 3) |
|
■
|
Rule 1: Pass, Bi Directional, Port Destination 2152 |
|
■
|
Rule 2: Pass, Bi Directional, IPv4Fragmentation allFragNoFirst |
|
|
Associate the GigaSMART group to the active GTP Whitelist
|
|
a.
|
From the device view, select GigaSMART > GigaSMART Groups. |
|
b.
|
Select the GigaSMART Group created in Task 1 and click Edit. |
|
c.
|
Locate the GTP Whitelist param, and enter the alias of whitelist in the GTP Whitelist Alias field. For example, IMSI. |
|
d.
|
Save the GigaSMART Group. |
|
|
Configure the GigaSMART operation for GTP whitelisting.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Operations (GSOP) > GigaSMART Operation. |
|
c.
|
Select the GigaSMART Group gsg1 created in Task 2 from the GigaSMART Groups list. |
|
d.
|
Enter gtp-correlate_gsp_wl in the Alias field. |
|
e.
|
Select GTP Whitelist from the GigaSMART Operations (GSOP) list |
|
f.
|
Select Load Balancing from the GigaSMART Operations (GSOP) list. |
|
g.
|
Configure Load Balancing as follows: |
|
|
Configure a second level map for GTP whitelisting, the whitelist map. If there is a match to the APN pattern and if the IMSI is present in the whitelist
(IMSI), packets are forwarded to a tool port.
|
|
a.
|
On the left navigation pane, click and from Traffic select Maps > Maps > Maps.
|
|
■
|
Type an Subtype: Second Level Flow Whitelist |
|
■
|
Source: v1 (virtual port created in Task 3) |
|
■
|
GSOP: gtp-corelate_gsg_wl |
|
■
|
Select gtp-whitelist from the GSOP list. |
|
■
|
Rule: GTP, APN: mobile.com |
|
|
Configure the GigaSMART operation for GTP flow sampling.
|
|
a.
|
From the left navigation pane, go to System > GigaSMART >GigaSMART Operations (GSOP) > GigaSMART Operation. |
|
c.
|
Select the GigaSMART Group created in Task 2 from the GigaSMART Groups list. |
|
d.
|
Enter gtp-corelate_gsg_fs in the Alias field. |
|
e.
|
Select Flow Sampling from the GigaSMART Operations (GSOP) list and then select the Flow Sampling-GTP option. |
|
f.
|
Select Load Balancing from the GigaSMART Operations (GSOP) list. |
|
g.
|
Configure Load Balancing as follows: |
|
|
Configure a second level map for GTP flow sampling, the flow sampling map. If there is not a match to an IMSI in the whitelist, the traffic flow is sampled based on the APN pattern in this map. Accepted packets are forwarded to the same tool port as specified in the whitelist map.
|
|
a.
|
On the left navigation pane, click and from Traffic select Maps > Maps > Maps.
|
|
■
|
Type and Subtype: Second Level Flow Sample |
|
■
|
GSOP: gtp-corelate_gsg_fs |
|
■
|
Rule 1: GTP, APN: *imsi*, QCI: 5, Percentage: 50 |
|
■
|
Rule: 2: GTP, IMSI: ims*, Percentage 100 |
|
|
Add a shared collector for any unmatched traffic from the virtual port and send it to a different tool port.
|
|
a.
|
On the left navigation pane, click and from Traffic select Maps > Maps > Maps.
|
|
■
|
Type and Subtype: Regular Collector |
|
|
|