Interface Filtering and APN/DNN Filtering

Interface Filtering

In interface-based filtering, the traffic is filtered based on the interface from where it originates. When a new session is created, the interface information will be extracted and checked against the flow sample or whitelist rules. If there is a match with the flow sample or whitelist rules, the traffic belonging to this session will be forwarded to the corresponding tool ports.

Supported Platforms:

o   GigaVUE-HC3 Gen 2
o   GigaVUE-HC3 Gen 3

Note: You can configure interface-based filtering only through CLI and not through FM.

You can configure only the interfaces S1U, S5S8U, N3, and N9 for interface based filtering. It is not recommended to configure other interfaces such as Gn, S5, S1 as they are not applicable for standalone UPN interface-based filtering.

The PFCP packets hit the configured interface rule irrespective of the interfaces from where they are originating.

For interface-based filtering (S1U, S5S8U, N3, and N9), you must configure the node role as Standalone UPN only. The CLI shows the following error, when you configure other node roles.

"% S1U, S5S8U, N3 and N9 interfaces can be configured only if the 3gpp-node-role is stand-alone"

The interface-based filtering supports the filtering of only GTP-U packets.

The following Standalone UPN flow ops report displays the interface information in the session table:

Joy (config) # sh gsgroup flow-ops-report alias gsg-g3 type flow-filtering gtp-imsi-pattern IMSIVALUE000000

==============================================================================================================================================

Tunnel[Ver] Interface IP:Tunnel-ID => IP:Tunnel-ID IMSI WL FS ID LB port Pkts Timestamp

IMEI MSISDN

EBI:LBI[QCI] APN

==============================================================================================================================================

CTRL[1] S1U 10.116.22.6:0xb289ad10 => 10.116.22.76:0x135e0620 IMSIVALUE000000 _ _ 3 45189089276

IMEIVALUE0000000 MSISDNVALUE00000

USER 5 10.116.22.44:0x00338cec => 10.116.22.79:0x535e0625 wap.mnc000.mcc000.+ N A 1 _

CTRL[2] S5/S8-U 10.254.156.136:0x0fb67d86 => 10.254.165.199:0x5dd70620 IMSIVALUE000000 _ _ 17 57994796676

IMEIVALUE0000000 MSISDNVALUE00000

APN (Access Point Name)/DNN (Data Network Name) Filtering

The Access Point Name (APN) is the name of a gateway between a 4G or 5G mobile network and another computer network, mostly the public Internet. A mobile device making a data connection must be configured with an APN.

In APN/DNN filtering, the traffic is filtered based on the APN string matching.

Note: You can configure APN/DNN  filtering only through CLI.

When a new session is created, the APN pattern will be extracted and checked against the flow sample or whitelist rules, if there is a match with the APN pattern, the traffic belonging to this session will be forwarded to corresponding tool ports. In case of 5G traffic, the DNN information will be processed under the APN identifier.

The pattern match can be supported as an independent filtering or can be combined with the other filtering parameters such as the IMSI/IMEI/MSISDN.

The APN/DNN filtering supports the filtering of both the PFCP and GTP-U packets.

The following Standalone UPN flow ops report displays the APN/DNN  information in the session table:

Joy (config) # sh gsgroup flow-ops-report alias gsg-g3 type flow-filtering gtp-imsi-pattern IMSIVALUE000000

==============================================================================================================================================

Tunnel[Ver] Interface IP:Tunnel-ID => IP:Tunnel-ID IMSI WL FS ID LB port Pkts Timestamp

IMEI MSISDN

EBI:LBI[QCI] APN

==============================================================================================================================================

IMSIVALUE000000 _ 0 0

IMEIVALUE0000000 MSISDNVALUE0000

CTRL 10.241.15.8 : 0x21480840 => 10.241.15.36 : 0x158a2740

USER(S5S8U) 10.226.162.249:0x04f82ea1 => 0.0.0.0:0x00000000 ims.mnc000.mcc000.gp+ N A 2

USER(S5S8U) 0.0.0.0:0x00000000 => 10.241.15.41:0x558a2745 ims.mnc000.mcc000.gp+ N A 2

===================================================================================================

 

Custom Interface Selection

When the interface IE is not available in the PFCP packets, you can explicitly provide the IP addresses of the network nodes such as SGW-C and SGW-U for identifying and filtering the traffic based on the interface (S1U, S5S8-U and N3). To configure customer interface selection, refer theConfigure Custom Interface Selection topic.

 

Supported Platforms:

o   UPN in GigaVUE-HC3 Gen 2 GS Card
o   UPN in GigaVUE-HC3 Gen 3 GS Card

 

Note:  This feature can be configured only through the CLI and not through the FM.

A new gsparam is introduced in the CLI, which enables you to choose between the custom interface filtering option and the default 3GPP interface type IE based filtering and populate an IP address profile. As part of the profile configuration, you must enter the range of IP addresses associated with SGW-C and access IP addresses associated with S5S8-U in the CLI.

Configuration of custom interface selection through CLI

  • This feature is supported on gsgroup 3gpp-node-role user mode stand-alone.

  • The custom mode must be enabled in the upn-interface-select gsparams and an IP profile must be attached.

  • The newly added gsparam will take 3GPP Interface filtering as the default option.

  • When upgrading to software release version GigaVUE 6.5.00, the N4/N3 user traffic will not be correlated and will be discarded since the QFI value will not be preserved through persistence records.

  • Multiple IP profiles can be created. But only one IP profile can be associated per gsgroup.

Limitations:

  • The IP profile configuration and upn-interface-select gsparams is not supported through the FM.

  • The Flow-ops report will not display the interface specific counters for Standalone UPN (S1U, S5S8-U, N3, N9).

  • The UPN interface IP list does not support IPv6 addresses. Only IPv4 addresses are supported.

  • Once the IP profile is created in the CLI, you cannot modify the IP address or the IP address range specified in the IP profile. You can only create a new profile with a different IP address or IP address range and then associate the IP profile to the gsgroup.