Interface Filtering and APN/DNN Filtering

Interface Filtering

In interface-based filtering, the traffic is filtered based on the interface from where it originates. When a new session is created, the interface information will be extracted and checked against the flow sample or whitelist rules. If there is a match with the flow sample or whitelist rules, the traffic belonging to this session will be forwarded to the corresponding tool ports.

Supported Platforms:

o   GigaVUE-HC3 Gen 2
o   GigaVUE-HC3 Gen 3

Note: You can configure interface-based filtering only through CLI and not through GigaVUE‑FM.

You can configure only the interfaces S1U, S5S8U, N3, and N9 for interface based filtering. It is not recommended to configure other interfaces such as Gn, S5, S1 as they are not applicable for standalone UPN interface-based filtering.

The PFCP packets hit the configured interface rule irrespective of the interfaces from where they are originating.

For interface-based filtering (S1U, S5S8U, N3, and N9), you must configure the node role as Standalone UPN only. The CLI shows the following error, when you configure other node roles.

"% S1U, S5S8U, N3 and N9 interfaces can be configured only if the 3gpp-node-role is stand-alone"

The interface-based filtering supports the filtering of only GTP-U packets.

The following Standalone UPN flow ops report displays the interface information in the session table:

Joy (config) # sh gsgroup flow-ops-report alias gsg-g3 type flow-filtering gtp-imsi-pattern IMSIVALUE000000

==============================================================================================================================================

Tunnel[Ver] Interface IP:Tunnel-ID => IP:Tunnel-ID IMSI WL FS ID LB port Pkts Timestamp

IMEI MSISDN

EBI:LBI[QCI] APN

==============================================================================================================================================

CTRL[1] S1U 10.116.22.6:0xb289ad10 => 10.116.22.76:0x135e0620 IMSIVALUE000000 _ _ 3 45189089276

IMEIVALUE0000000 MSISDNVALUE00000

USER 5 10.116.22.44:0x00338cec => 10.116.22.79:0x535e0625 wap.mnc000.mcc000.+ N A 1 _

CTRL[2] S5/S8-U 10.254.156.136:0x0fb67d86 => 10.254.165.199:0x5dd70620 IMSIVALUE000000 _ _ 17 57994796676

IMEIVALUE0000000 MSISDNVALUE00000

APN (Access Point Name)/DNN (Data Network Name) Filtering

The Access Point Name (APN) is the name of a gateway between a 4G or 5G mobile network and another computer network, mostly the public Internet. A mobile device making a data connection must be configured with an APN.

In APN/DNN filtering, the traffic is filtered based on the APN string matching.

Note: You can configure APN/DNN  filtering only through CLI.

When a new session is created, the APN pattern will be extracted and checked against the flow sample or whitelist rules, if there is a match with the APN pattern, the traffic belonging to this session will be forwarded to corresponding tool ports. In case of 5G traffic, the DNN information will be processed under the APN identifier.

The pattern match can be supported as an independent filtering or can be combined with the other filtering parameters such as the IMSI/IMEI/MSISDN.

The APN/DNN filtering supports the filtering of both the PFCP and GTP-U packets.

The following Standalone UPN flow ops report displays the APN/DNN  information in the session table:

Joy (config) # sh gsgroup flow-ops-report alias gsg-g3 type flow-filtering gtp-imsi-pattern IMSIVALUE000000

==============================================================================================================================================

Tunnel[Ver] Interface IP:Tunnel-ID => IP:Tunnel-ID IMSI WL FS ID LB port Pkts Timestamp

IMEI MSISDN

EBI:LBI[QCI] APN

==============================================================================================================================================

IMSIVALUE000000 _ 0 0

IMEIVALUE0000000 MSISDNVALUE0000

CTRL 10.241.15.8 : 0x21480840 => 10.241.15.36 : 0x158a2740

USER(S5S8U) 10.226.162.249:0x04f82ea1 => 0.0.0.0:0x00000000 ims.mnc000.mcc000.gp+ N A 2

USER(S5S8U) 0.0.0.0:0x00000000 => 10.241.15.41:0x558a2745 ims.mnc000.mcc000.gp+ N A 2

===================================================================================================