Cisco ASR 5000 Series 3G Home NodeB, ASR 5000 Series Administration Manual

Cisco ASR 5000 Series 3G Home NodeB
Gateway Administration Guide

Version 12.1

Last Updated May 31, 2012

Americas Headquarters

Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883

Text Part Number: OL-25069-03

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED
WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED
WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to
part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This
equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio
communications. Operation of this equipment in a res idential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own
expense.

Modifications to this product not authorized by Cisco could void the FCC approval and negate your authority to operate the product.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain
version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL
FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE
PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING ,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR
ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and ot her countries. A listing of Cisco's trademarks can be found at
www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company.

Any I nternet P rotocol (IP) addresses and phone nu mbers used in this doc ument are not inte nded to be ac tual addresses and pho n e numbers. Any examples, command d ispla y
output, network topology diagra ms, a nd other figures included in the docume nt ar e shown for illust rative purposes only. Any use o f ac tual IP ad dresses or phone numbe rs in
illustrative content is unintent ional and coincide ntal.

Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide

© 2012 Cisco Systems, Inc. and/or its affiliated entities. All rights reserved.

Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄

OL-25069-03

iii

CONTENTS

About this Guide ................................................................................................ ix

Conventions Used .................................................................................................................................... x

Contacting Customer Support ................................................................................................................. xii

Additional Information ............................................................................................................................. xiii

HNB Gateway in Wireless Network ................................................................. 15

Product Description ................................................................................................................................ 16

HNB Access Network Elements ......................................................................................................... 17

Home NodeB ................................................................................................................................. 17

Security Gateway (SeGW) ............................................................................................................. 18

HNB Gateway (HNB-GW) .............................................................................................................. 18

HNB Management System (HMS) ................................................................................................. 18

Licenses ............................................................................................................................................. 18

Platform Requirements....................................................................................................................... 19

Network Deployment and Interfaces ...................................................................................................... 20

HNB Gateway in 3G UMTS Network ................................................................................................. 20

Supported Logical Interfaces ............................................................................................................. 20

Features and Functionality - Base Software .......................................................................................... 22

AAA Server Group Support ................................................................................................................ 22

AAL2 Establish and Release Support ................................................................................................ 23

Access Control List Support ............................................................................................................... 23

ANSI T1.276 Compliance ................................................................................................................... 24

ATM VC Management Support .......................................................................................................... 24

Congestion Control and Management Support .................................................................................. 24

Emergency Call Handling ................................................................................................................... 25

GTP-U Tunnels Management Support............................................................................................... 26

HNB-UE Access Control .................................................................................................................... 26

HNB Management Function ............................................................................................................... 26

Multiple MSC Selection without Iu-Flex.............................................................................................. 27

Intra-Domain Multiple CN Support Through Iu-Flex ........................................................................... 27

Iu Signalling Link Management Support ............................................................................................ 28

IuH User-Plane Transport Bearer Handling Support ......................................................................... 28

Network Access Control Functions through SeGW ........................................................................... 28

Authentication and Key Agreement (AKA) ..................................................................................... 29

3GPP AAA Server Support ............................................................................................................ 29

X.509 Certificate-based Authentication Support ............................................................................ 29

Open Access Mode Support .............................................................................................................. 29

QoS Management with DSCP Marking .............................................................................................. 30

RADIUS Support ................................................................................................................................ 31

UE Management Function for Pre-Rel-8 UEs .................................................................................... 31

System Management Features .......................................................................................................... 32

Management System Overview ..................................................................................................... 32

Bulk Statistics Support ................................................................................................................... 33

Threshold Crossing Alerts (TCA) Support ..................................................................................... 34

ANSI T1.276 Compliance .............................................................................................................. 35

Features and Functionality - Optional Enhanced Feature Software ...................................................... 37

▀ Contents

▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide

iv

OL-25069-03

Dynamic RADIUS Extensions (Change of Authorization) .................................................................. 37

IP Security (IPSec) ............................................................................................................................. 38

Session Recovery ............................................................................................................................... 38

Web Element Management System ................................................................................................... 39

How HNB-GW Works ............................................................................................................................. 40

HNB Provisioning and Registration Procedure .................................................................................. 40

UE Registration Procedure ................................................................................................................. 42

UE Registration Procedure of Non-CSG UEs or Non-CSG HNBs ................................................ 42

Iu Connection Procedures .................................................................................................................. 44

Iu Connection Establishment Procedure ........................................................................................ 44

Network Initiated Iu Connection Release Procedure ..................................................................... 46

Paging and Serving RNS Relocation Procedures .............................................................................. 48

Paging Procedure .......................................................................................................................... 48

SRNS Relocation Procedure.......................................................................................................... 48

RANAP Reset Procedures ................................................................................................................. 49

HNB Initiated RANAP Reset Procedure ........................................................................................ 49

CN Initiated RANAP Reset Procedure ........................................................................................... 49

HNB-GW Initiated RANAP Reset Procedure ................................................................................. 49

Supported Standards .............................................................................................................................. 51

3GPP References ............................................................................................................................... 51

IETF References ................................................................................................................................ 52

ITU-T Recommendations ................................................................................................................... 54

Object Management Group (OMG) Standards .................................................................................. 55

Understanding the Service Operation ............................................................ 57

Terminology ............................................................................................................................................ 58

Contexts ............................................................................................................................................. 58

Logical Interfaces ............................................................................................................................... 58

Bindings .............................................................................................................................................. 60

Services and Networks ....................................................................................................................... 60

HNB-GW Service Configuration Procedures ................................................. 63

Information Required to Configure the System as an HNB-GW ............................................................ 64

Required Local Context Configuration Information ............................................................................ 64

Required System-Level Configuration Information ............................................................................ 65

Required Source Context Configuration Information ......................................................................... 67

Required Destination Context Configuration Information ................................................................... 69

RTP Pool Configuration .......................................................................................................................... 71

IPv4 RTP Pool Creation Over IuCS ................................................................................................... 71

IPv4 RTP Pool Creation Over Iuh ...................................................................................................... 72

RTP IP Pool Configuration Verification .............................................................................................. 73

HNB-GW Service Configuration ............................................................................................................. 74

Hashing Algorithm Configuration ........................................................................................................ 75

Iuh Interface Configuration ................................................................................................................. 76

SS7 Routing Domain Configuration ................................................................................................... 76

Peer Server Id Configuration for PS Core Network ............................................................................ 76

Peer Server Id Configuration for CS Core Network ........................................................................... 77

SCCP Network Instance Configuration .............................................................................................. 78

HNB-PS Network Configuration ......................................................................................................... 78

HNB-CS Network Configuration ......................................................................................................... 79

HNB-GW Service Configuration ......................................................................................................... 80

GTP-U Service Configuration ............................................................................................................. 81

x.509 Certificate Configuration ........................................................................................................... 82

Security Gateway and Crypto map Template Configuration .............................................................. 83

Multiple MSC Selection without Iu-Flex Configuration ....................................................................... 84

Contents ▀

Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄

OL-25069-03

v

Open Access Mode Configuration ..................................................................................................... 84

Verifying HNB-GW Configuration ....................................................................................................... 85

IuCS over ATM Configuration ................................................................................................................ 86

Configuring the SONET Card ............................................................................................................. 86

Configuring Linkset Id and ATM Parameters ..................................................................................... 86

Configuring ALCAP Service and AAL2 Node .................................................................................... 87

Configuring the ATM Port ................................................................................................................... 88

Associating ALCAP Service with HNB-CS Network Service ............................................................. 88

Iu-Flex Configuration .............................................................................................................................. 90

Iu-Flex over IuCS Interface Configuration .......................................................................................... 90

Iu-Flex over IuPS Interface Configuration .......................................................................................... 91

Logging Facility Configuration ................................................................................................................ 92

Displaying Logging Facility ................................................................................................................. 92

Congestion Control Configuration .......................................................................................................... 94

Configuring the Congestion Control Threshold .................................................................................. 94

Configuring Service Congestion Policies ........................................................................................... 94

Configuring New Call Policy ............................................................................................................... 95

Alarm and Alert Trap Configuration ........................................................................................................ 96

SNMP-MIB Traps for HNB-GW Service ................................................................................................. 97

Event IDs for HNB-GW Service .............................................................................................................. 98

Monitoring the Service ..................................................................................... 99

Monitoring System Status and Performance ........................................................................................ 100

Monitoring Logging Facility ................................................................................................................... 103

Clearing Statistics and Counters .......................................................................................................... 104

Troubleshooting the Service ......................................................................... 105

Test Commands ................................................................................................................................... 106

Using the GTPU Test Echo Command ............................................................................................ 106

Using the GTPv0 Test Echo Command ........................................................................................... 106

Using the IPsec Tunnel Test Command .......................................................................................... 107

Performance Improvement Commands ............................................................................................... 108

Turning off IPC Message Aggregation To Reduce Latency Towards Core Network ...................... 108

Engineering Rules........................................................................................... 109

DHCP Service Engineering Rules ........................................................................................................ 110

HNB-GW Engineering Rules ................................................................................................................ 111

Interface and Port Engineering Rules .................................................................................................. 112

IuCS Interface Rules ........................................................................................................................ 112

IuPS Interface Rules ........................................................................................................................ 112

Service Engineering Rules ................................................................................................................... 113

CoA, RADIUS DM, and Session Redirection (Hotlining) ............................. 115

RADIUS Change of Authorization and Disconnect Message............................................................... 116

CoA Overview .................................................................................................................................. 116

DM Overview .................................................................................................................................... 116

License Requirements...................................................................................................................... 116

Enabling CoA and DM ...................................................................................................................... 116

Enabling CoA and DM ................................................................................................................. 117

CoA and DM Attributes ................................................................................................................ 117

CoA and DM Error-Cause Attribute ............................................................................................. 118

Viewing CoA and DM Statistics ................................................................................................... 119

Session Redirection (Hotlining) ............................................................................................................ 122

Overview .......................................................................................................................................... 122

License Requirements ................................................................................................................. 122

Operation .......................................................................................................................................... 122

▀ Contents

▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide

vi

OL-25069-03

ACL Rule ...................................................................................................................................... 122

Redirecting Subscriber Sessions ................................................................................................. 122

Session Limits On Redirection ..................................................................................................... 123

Stopping Redirection .................................................................................................................... 123

Handling IP Fragments ................................................................................................................ 123

Recovery ...................................................................................................................................... 123

AAA Accounting ........................................................................................................................... 123

Viewing the Redirected Session Entries for a Subscriber ................................................................ 123

IP Security ........................................................................................................ 129

Overview ............................................................................................................................................... 131

Applicable Products and Relevant Sections .................................................................................... 132

IPSec Terminology ............................................................................................................................... 135

Crypto Access Control List (ACL) ..................................................................................................... 135

Transform Set ................................................................................................................................... 135

ISAKMP Policy ................................................................................................................................. 135

Crypto Map ....................................................................................................................................... 135

Manual Crypto Maps .................................................................................................................... 136

ISAKMP Crypto Maps .................................................................................................................. 136

Dynamic Crypto Maps .................................................................................................................. 136

Implementing IPSec for PDN Access Applications............................................................................... 137

How the IPSec-based PDN Access Configuration Works ................................................................ 137

Configuring IPSec Support for PDN Access .................................................................................... 138

Implementing IPSec for Mobile IP Applications .................................................................................... 140

How the IPSec-based Mobile IP Configuration Works ..................................................................... 140

Configuring IPSec Support for Mobile IP.......................................................................................... 143

Implementing IPSec for L2TP Applications .......................................................................................... 145

How IPSec is Used for Attribute-based L2TP Configurations .......................................................... 145

Configuring Support for L2TP Attribute-based Tunneling with IPSec .............................................. 147

How IPSec is Used for PDSN Compulsory L2TP Configurations .................................................... 148

Configuring Support for L2TP PDSN Compulsory Tunneling with IPSec ........................................ 149

How IPSec is Used for L2TP Configurations on the GGSN ............................................................. 150

Configuring GGSN Support for L2TP Tunneling with IPSec ............................................................ 151

Transform Set Configuration ................................................................................................................. 152

Configuring Transform Set ............................................................................................................... 152

Verifying the Crypto Transform Set Configuration ........................................................................... 152

ISAKMP Policy Configuration ............................................................................................................... 154

Configuring ISAKMP Policy .............................................................................................................. 154

Verifying the ISAKMP Policy Configuration ...................................................................................... 155

ISAKMP Crypto Map Configuration ...................................................................................................... 156

Configuring ISAKMP Crypto Maps ................................................................................................... 156

Verifying the ISAKMP Crypto Map Configuration ............................................................................. 157

Dynamic Crypto Map Configuration ...................................................................................................... 159

Configuring Dynamic Crypto Maps ................................................................................................... 159

Verifying the Dynamic Crypto Map Configuration ............................................................................ 159

Manual Crypto Map Configuration ........................................................................................................ 161

Configuring Manual Crypto Maps ..................................................................................................... 161

Verifying the Manual Crypto Map Configuration .............................................................................. 162

Crypto Map and Interface Association .................................................................................................. 164

Applying Crypto Map to an Interface ................................................................................................ 164

Verifying the Interface Configuration with Crypto Map ..................................................................... 164

FA Services Configuration to Support IPSec ........................................................................................ 166

Modifying FA service to Support IPSec ............................................................................................ 166

Verifying the FA Service Configuration with IPSec .......................................................................... 167

HA Service Configuration to Support IPSec ......................................................................................... 168

Contents ▀

Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄

OL-25069-03

vii

Modifying HA service to Support IPSec ........................................................................................... 168

Verifying the HA Service Configuration with IPSec .......................................................................... 169

RADIUS Attributes for IPSec-based Mobile IP Applications ................................................................ 170

LAC Service Configuration to Support IPSec ....................................................................................... 171

Modifying LAC service to Support IPSec ......................................................................................... 171

Verifying the LAC Service Configuration with IPSec ........................................................................ 172

Subscriber Attributes for L2TP Application IPSec Support .................................................................. 173

PDSN Service Configuration for L2TP Support.................................................................................... 174

Modifying PDSN service to Support Attribute-based L2TP Tunneling ............................................. 174

Modifying PDSN service to Support Compulsory L2TP Tunneling .................................................. 175

Verifying the PDSN Service Configuration for L2TP ........................................................................ 175

Redundant IPSec Tunnel Fail-Over ..................................................................................................... 176

Supported Standards ....................................................................................................................... 176

Redundant IPSec Tunnel Fail-over Configuration ................................................................................ 177

Configuring Crypto Group ................................................................................................................ 177

Modify ISAKMP Crypto Map Configuration to Match Crypto Group ................................................ 178

Verifying the Crypto Group Configuration ........................................................................................ 178

Dead Peer Detection (DPD) Configuration........................................................................................... 180

Configuring Crypto Group ................................................................................................................ 180

Verifying the DPD Configuration ...................................................................................................... 181

APN Template Configuration to Support L2TP .................................................................................... 182

Modifying APN Template to Support L2TP ...................................................................................... 182

Verifying the APN Configuration for L2TP........................................................................................ 183

IPSec for LTE/SAE Networks ............................................................................................................... 184

Encryption Algorithms ...................................................................................................................... 184

HMAC Functions .............................................................................................................................. 184

Diffie-Hellman Groups ...................................................................................................................... 184

Dynamic Node-to-Node IPSec Tunnels ........................................................................................... 185

ACL-based Node-to-Node IPSec Tunnels ....................................................................................... 185

Traffic Selectors ............................................................................................................................... 185

Authentication Methods .................................................................................................................... 186

X.509 Certificate-based Peer Authentication ................................................................................... 186

Certificate Revocation Lists .............................................................................................................. 188

Child SA Rekey Support .................................................................................................................. 188

IKEv2 Keep-Alive Messages (Dead Peer Detection) ....................................................................... 189

E-UTRAN/EPC Logical Network Interfaces Supporting IPSec Tunnels .......................................... 189

IPSec Tunnel Termination ................................................................................................................ 190

Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄

OL-25069-03

ix

About this Guide

This document pertains to the features and functionality that run on and/or that are related to the Cisco® ASR 5000
Chassis.

This preface includes the following sections:

 Conventions Used
 Contacting Customer Support
 Additional Information

About this Guide

▀ Conventions Used

▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide

x

OL-25069-03

Conventions Used

Icon

Notice Type

Description

Information Note

Provides information about important features or instructions.
Caution

Alerts you of potential damage to a program, device, or system.

Warning

Alerts you of potential personal injury or fatality. May also alert you of potential
electrical hazards.

Electrostatic Discharge
(ESD)

Warns you to take proper grounding precautions before handling ESD sensitive
components or devices.

Typeface Conventions

Description

Text represented as a screen
display

This typeface represents text that appears on your terminal screen, for example:
Login:

Text represented as commands

This typeface represents commands that you enter at the CLI, for example:

show ip access-list

This document always gives the full form of a command in lowercase letters. Commands
are not case sensitive.

Text represented as a command

variable

This typeface represents a variable that is part of a command, for example:

show card slot_number
slot_number is a variable representing the desired chassis slot number.

Text represented as menu or sub­menu names

This typeface represents menus and sub-menus that you access within a software
application, for example:
Click the File menu, then click New.

Command Syntax
Conventions

Description

{ keyword or

variable }

Required keywords and variables are surrounded by braces. They must be entered as part of the
command syntax.

[ keyword or

variable ]

Optional keywords or variables that may or may not be used are surrounded by brackets.

The following tables describe the conventions used throughout this documentation.

About this Guide

Conventions Used ▀

Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄

OL-25069-03

xi

Command Syntax
Conventions

Description

|

Some commands support alternative variables. These “options” are documented within braces or

brackets by separating each variable with a vertical bar.
These variables can be used in conjunction with required or optional keywords or variables. For
example:

{ nonce | timestamp }

OR
[ count number_of_packets | size number_of_bytes ]

About this Guide

▀ Contacting Customer Support

▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide

xii

OL-25069-03

Contacting Customer Support

Go to http://www.cisco.com/cisco/web/support/ to submit a service request. A valid Cisco account (username and
password) is required to access this site. Please contact your Cisco account representative for additional information.

About this Guide

Additional Information ▀

Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄

OL-25069-03

xiii

Additional Information

Refer to the following guides for supplemental information about the system:

 Command Line Interface Reference
 Statistics and Counters Reference
 Thresholding Configuration Guide
 SNMP MIB Reference
 Web Element Manager Installation and Administration Guide
 Product-specific and feature-specific administration guides
 Release notes that accompany updates and upgrades to StarOS

Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄

OL-25069-03

15

Chapter 1

HNB Gateway in Wireless Network

The Cisco® provides 3GPP wireless carriers with a flexible solution that functions as a Home NodeB Gateway (HNB­GW) in HNB Access Network to connect UEs with existing UMTS networks.

The Home NodeB Gateway works as a gateway for Home NodeBs (HNBs) to access the core networks. The HNB-GW
concentrates connections from a large amount of HNBs through IuH interface and terminates the connection to existing
Core Networks (CS or PS) using standard Iu (IuCS or IuPS) interface.

This overview provides general information about the HNB Gateway including:

 Product Description
 Network Deployment and Interfaces
 Features and Functionality - Base Software
 Features and Functionality - Optional Enhanced Feature Software
 How HNB-GW Works
 Supported Standards

HNB Gateway in Wireless Network

▀ Product Description

▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide

16

OL-25069-03

Product Description

The Home NodeB Gateway is the HNB network access concentrator used to connect the Home NodeBs (HNBs)/Femto
Access Point (FAP) to access the UMTS network through HNB Access Network. It aggregates Home Node-B or Femto
Access Points to a single network element and then integrates them into the Mobile Operators Voice, Data and
Multimedia networks.

Femtocell is an important technology and service offering that enables new Home and Enterprise service capabilities for
Mobile Operators and Converged Mobile Operators (xDSL/Cable/FFTH plus Wireless). The Femtocell network consists
of a plug-n-play customer premise device generically called a Home NodeB (HNB) with limited range radio access in
home or Enterprise. The HNB will auto-configure itself with the Operators network and the user can start making voice,
data and multimedia calls.

The figure given describes a high level view of UMTS network with Femtocell and HNB-GW.

Figure 1. HNB-GW Deployment in 3G UMTS Network

Once a secure tunnel has been established between the HNB and the SeGW and the HNB has been configured by the
HMS, the Operator has to connect the Femtocell network to their Core Network and services. There are several
interworking approaches to Circuit Switch (CS) and Packet Switch (PS) domains. One approach is to make the
Femtocell network appear as a standard Radio Access Network (RAN) to the Core Network. In addition to the HNB,
SeGW and HMS the RAN approach requires a network element generically called a Femto Gateway (FGW/HNB-GW).
The HNB-GW provides interworking and aggregation of large amount of Femtocell sessions toward standard CN
interfaces (IuPS/IuCS). In this approach services and mobility are completely transparent to CN elements (e.g. MSC,
xGSN).

HNB Gateway in Wireless Network

Product Description ▀

Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄

OL-25069-03

17

The other approach is to connect the Femtocell to an IMS Network to provide CS services to subscribers when on the
Femtocell and deploy a new network element generically called a Convergence Server to provide service continuity and
mobility over standard interfaces at the MSC layer (e.g GSM-MAP, IS-41). These two approaches are clearly different
in how CS based services and mobility are achieved.

In accordance with 3GPP standard, the HNB-GW provides following functions and procedures in UMTS core network:

 HNB Registration/De-registration Function
 UE Registration/De-registration Function for HNB
 IuH User-plane Management Functions
 IuH User-plan Transport Bearer Handling
 Iu Link Management Functions

Important: Some of the features may not be available in this release. Kindly contact your local Cisco

representative for more information on supported features.

HNB Access Network Elements

This section provides the brief description and functionality of various network elements involved in the UMTS Femto
access network. The HNB access network includes the following functional entities:

 Home NodeB
 Security Gateway (SeGW)
 HNB Gateway (HNB-GW)
 HNB Management System (HMS)

Home NodeB

A Home NodeB (HNB) is the a customer premise equipment that offers Uu interface to UE and IuH over IPSec tunnel
to HNB-GW for accessing UMTS Core Network (PS or CS) in Femtocell access network.

It also provides the support to HNB registration and UE registration over IuH with HNB-GW. Apart from these
functions HNB also supports some RNC like functions as given below:

 RAB management functions
 Radio Resource Management functions
 Iu Signalling Link management
 GTP-U Tunnels management
 Buffer Management
 Iu U-plane frame protocol initialization
 Mobility management functions
 Security Functions
 Service and Network Access functions
 Paging co-ordination functions
 UE Registration for HNB

HNB Gateway in Wireless Network

▀ Product Description

▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide

18

OL-25069-03

 IuH user-plane Management functions

Security Gateway (SeGW)

Security Gateway is a logical entity in Cisco HNB-GW.

Basic function of this entity are:

 Authentication of HNB
 Providing access to HMS and HNB-GW

This entity terminates the secure tunnelling for IuH and TR-069 between HNB and HNB-GW and HMS respectively.
In this implementation it is an optional element which is situated on HNB-GW.

HNB Gateway (HNB-GW)

The HNB-GW provides the access to Femto user to UMTS core network. It acts as an access gateway to HNB and
concentrates connections from a large amount of HNBs. The IuH interface is used between HNB and HNB-GW and
HNB-GW connects with the Core Networks (CS or PS) using the generic Iu (IuCS or IuPS) or Gn interface.

It also terminates Gn and other interfaces from UMTS core networks to provide mobile data services to HNB and to
interact with HMS to perform HNB authentication and authorization.

HNB Management System (HMS)

It is a network element management system for HNB access. Management interface between HNB and HMS is based
on TR-069 family of standards.

It performs following functions while managing HNB access network:

 Facilitates HNB-GW discovery for HNB
 Provision of configuration data to the HNB
 Performs location verification of HNB and assigns appropriate serving elements (HMS, Security Gateway and

HNB-GW)

The HNB Management System (HMS) comprises of the following functional entities:

 File Server: used for file upload or download, as instructed by TR-069 manager
 TR-069 Manager: Performs CM, FM and PM functionality to the HNB through Auto-configuration server

(HMS)

Licenses

The HNB-GW is a licensed Cisco product. Separate session and feature licenses may be required. Contact your Cisco
account representative for detailed information on specific licensing requirements. For information on installing and
verifying licenses, refer to the Managing License Keys section of the Software Management Operations chapter in the
System Administration Guide.

HNB Gateway in Wireless Network

Product Description ▀

Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄

OL-25069-03

19

Platform Requirements

The HNB-GW service runs on a Cisco® ASR 5x00 chassis running StarOS Rel. 10 or later. The chassis can be
configured with a variety of components to meet specific network deployment requirements. For additional information,
refer to the Installation Guide for the chassis and/or contact your Cisco account representative.

HNB Gateway in Wireless Network

▀ Network Deployment and Interfaces

▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide

20

OL-25069-03

HNB-GW

IPsec

Gateway

CS Service

PS Service

HNB-GW AP

In-line Services

HPLMN/VPLMN

AAA

TR-069/196

SSL/ORBEM

Direct Tunnel

GGSN

SGSN

Iu-PS/Iu-Flex

Iu-CS/Iu-Flex

MSC

HLR

Optional Services

Optional
Element

Iuh

IPsec IKEv2

RNS

Uu

RADIUS

HNB

EMS

HMS

Network Deployment and Interfaces

This section describes the supported interfaces and deployment scenario of HNB-GW in 3G Femto access network.

The following information is provided in this section:

 HNB Gateway in 3G UMTS Network
 Supported Logical Interfaces

HNB Gateway in 3G UMTS Network

The following figure displays simplified network views of the HNB-GW in an Femto access network accessing UMTS
PS or CS Core Network.

Figure 2. HNB-GW in UMTS Network and Interfaces

Supported Logical Interfaces

This section provides the brief information on supported interfaces on HNB-GW node.

In support of both mobile and network originated subscriber UE contexts, the HNB-GW provides the following network
interface support:

 IuH Interface: This interface is the reference point for the control plane protocol between Home NodeB and

HNB-GW. IuH uses SCTP over IPSec IKEv2 tunnel as the transport layer protocol for guaranteed delivery of
signaling messages between HNB-GW and Home NodeB.

HNB Gateway in Wireless Network

Network Deployment and Interfaces ▀

Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄

OL-25069-03

21

This is the interface used by the HNB-GW to communicate with HNB on the same Femtocell Access Network.
This interface serves as path for establishing and maintaining subscriber UE contexts.

One or more IuH interfaces can be configured per system context.

 IuCS: This interface is the reference point in UMTS which links the HNB-GW, which acts as an RNC (Radio

Network Controller), with a Mobile Switching Centre (3G MSC) in the 3G UMTS Femtocell Access Network.
This interface provides an IuCS over IP or IuCS over ATM (IP over AAL5 over ATM) interface between the
MSC and the RNC (HNB-GW) in the 3G UMTS Femtocell Access Network. RAN Application Part (RANAP)
is the control protocol that sets up the data plane (GTP-U) between these nodes. SIGTRAN (M3UA/SCTP) or
QSAAL (MTP3B/QSAAL) handle IuCS (control) for the HNB-GW.

This is the interface used by the HNB-GW to communicate with 3G MSC on the same Public Land Mobile
Network (PLMN). This interface serves as path for establishing and maintaining the CS access for Femtocell
UE to circuit switched UMTS core networks

One or more IuCS interfaces can be configured per system context.

 IuPS: This interface is the reference point between HNB-GW and SGSN. This interface provides an IuPS over

IP or IuPS over ATM (IP over AAL5 over ATM) interface between the SGSN and the RNC (HNB-GW) in the
3G UMTS Femtocell Access Network. RAN Application Part (RANAP) is the control protocol that sets up the
data plane (GTP-U) between these nodes. SIGTRAN (M3UA/SCTP) or QSAAL (MTP3B/QSAAL) handle
IuPS-C (control) for the HNB-GW.

This is the interface used by the HNB-GW to communicate with SGSN on the same Public Land Mobile
Network (PLMN). This interface serves as path for establishing and maintaining the PS access for Femtocell
UE to packet switched UMTS core networks.

One or more IuPS interfaces can be configured per system context.

 Gi: This interface is the reference point between HNB-GW and IP Offload Gateway. It is used by the HNB-GW

to communicate with Packet Data Networks (PDNs) through IP Offload Gateway in the H-PLMN/V-PLMN.
Examples of PDNs are the Internet or corporate intranets.

One or more Gi interfaces can be configured per system context.

 Gn: This interface is the reference point between HNB-GW and GGSN. It is used by the HNB-GW to

communicate with GGSNs on the same GPRS/UMTS Public Land Mobile Network (PLMN).

One or more Gn interfaces can be configured per system context.

 RADIUS: This interface is the reference point between a Security Gateway (SeGW) and a 3GPP AAA Server or

3GPP AAA proxy (OCS/CGF/AAA/HSS) over RADIUS protocol for AAA procedures for Femto user.

In the roaming case, the 3GPP AAA Proxy can act as a stateful proxy between the SeGW and 3GPP AAA
Server.

The AAA server is responsible for transfer of subscription and authentication data for
authenticating/authorizing user access and UE authentication. The SeGW communicates with the AAA on the
PLMN using RADIUS protocol.

One or more RADIUS interfaces can be configured per system context.

 TR-069: This interface is an application layer protocol which is used for remote configuration of terminal

devices, such as DSL modems, HNBs and STBs. TR-069 provides an auto configuration mechanism between
the HNB and a remote node in the service provider network termed the Auto Configuration Server. The
standard also uses a combination of security measures including IKEv2 (Internet Key Exchange v2) and IPsec
(IP Security) protocols to authenticate the operator and subscriber and then guarantee the privacy of the data
exchanged.

One TR-069 interface can be configured per HNB node.

HNB Gateway in Wireless Network

▀ Features and Functionality - Base Software

▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide

22

OL-25069-03

Features and Functionality - Base Software

This section describes the features and functions supported by default in base software on HNB-GW service and do not
require any additional license to implement the functionality with the HNB-GW service.

Following features and supports are discussed in this section:

 AAA Server Group Support
 AAL2 Establish and Release Support
 Access Control List Support
 ANSI T1.276 Compliance
 ATM VC Management Support
 Congestion Control and Management Support
 Emergency Call Handling
 GTP-U Tunnels Management Support
 HNB-UE Access Control
 HNB Management Function
 Multiple MSC Selection without Iu-Flex
 Intra-Domain Multiple CN Support Through Iu-Flex
 Iu Signalling Link Management Support
 IuH User-Plane Transport Bearer Handling Support
 Network Access Control Functions through SeGW
 Open Access Mode Support
 QoS Management with DSCP Marking
 RADIUS Support
 System Management Features
 UE Management Function for Pre-Rel-8 UEs

AAA Server Group Support

Value-added feature to enable VPN service provisioning for enterprise or MVNO customers. Enables each corporate
customer to maintain its own AAA servers with its own unique configurable parameters and custom dictionaries.

This feature provides support for up to 800 AAA (RADIUS and Diameter) server groups and 800 NAS IP addresses that
can be provisioned within a single context or across the entire chassis. A total of 128 servers can be assigned to an
individual server group. Up to 1,600 accounting, authentication and/or mediation servers are supported per chassis and
may be distributed across a maximum of 1,000 nodes. This feature also enables the AAA servers to be distributed across
multiple nodes within the same context.

HNB Gateway in Wireless Network

Features and Functionality - Base Software ▀

Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄

OL-25069-03

23

Important: In 12.3 and earlier releases, refer to the AAA and GTPP Interface Administration and Reference for

more information on AAA Server Group configuration.

AAL2 Establish and Release Support

Support to establish and release of ATM adaptation layer 2 (AAL2) channel within an ATM virtual connection by the
HNB-GW in complete or partial compliance with the following standards:

 3GPP TS 25.414 V9.0.0 (2009-12): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN Iu interface data transport and transport signalling (Release 9)

 3GPP TS 25.415 V8.0.0 (2008-12): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN Iu interface user plane protocols (Release 8)

 3GPP TS 25.467 V8.0.0. (2008-12): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN architecture for 3G Home NodeB; Stage 2 (Release 8)

 3GPP TS 25.467 V9.1.0 (2009-12): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN architecture for 3G Home Node B (HNB); Stage 2 (Release 9)

 ITU-T Recommendation Q.2630.1: AAL type2 signalling protocol (Capability Set 1)
 ITU-T Recommendation Q.2630.2: AAL type2 signalling protocol (Capability Set 2)
 ITU-T Recommendation I.363.2 B: ISDN ATM Adaptation Layer (AAL) Specification: Type 2 AAL
 ITU-T Recommendation I.366.1: Segmentation and Reassembly Service Specific Convergence Sublayer for

the AAL type 2

The HNB-GW connects to core network elements like MSC and SGSN over IuCS and IuPS interfaces respectively. The
Iu interface towards core network elements could either by IP based or ATM based. To provide ATM based interface
support, Cisco HNB-GW provides AAL2 support on system in order to establish a voice bearer with MSC.

Access Control List Support

Access Control Lists provide a mechanism for controlling (i.e permitting, denying, redirecting, etc.) packets in and out
of the system.

IP access lists, or Access Control Lists (ACLs) as they are commonly referred to, are used to control the flow of packets
into and out of the system. They are configured on a per-context basis and consist of “rules” (ACL rules) or filters that
control the action taken on packets that match the filter criteria

Once configured, an ACL can be applied to any of the following:

 An individual interface
 All traffic facilitated by a context (known as a policy ACL)
 An individual subscriber
 All subscriber sessions facilitated by a specific context

There are two primary components of an ACL:

 Rule: A single ACL consists of one or more ACL rules. As discussed earlier, the rule is a filter configured to

take a specific action on packets matching specific criteria. Up to 128 rules can be configured per ACL.

HNB Gateway in Wireless Network

▀ Features and Functionality - Base Software

▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide

24

OL-25069-03

Each rule specifies the action to take when a packet matches the specifies criteria. This section discusses the
rule actions and criteria supported by the system.

 Rule Order: A single ACL can consist of multiple rules. Each packet is compared against each of the ACL rules,

in the order in which they were entered, until a match is found. Once a match is identified, all subsequent rules
are ignored.

Important: For more information on Access Control List configuration, refer IP Access Control List chapter in

System Administration Guide.

ANSI T1.276 Compliance

ANSI T1.276 specifies security measures for Network Elements (NE). In particular it specifies guidelines for password
strength, storage, and maintenance security measures.

ANSI T1.276 specifies several measures for password security.

These measures include:

 Password strength guidelines
 Password storage guidelines for network elements
 Password maintenance, e.g. periodic forced password changes

These measures are applicable to the systems and the Web Element Manager since both require password
authentication. A subset of these guidelines where applicable to each platform will be implemented. A known subset of
guidelines, such as certificate authentication, are not applicable to either product. Furthermore, the platforms support a
variety of authentication methods such as RADIUS and SSH which are dependent on external elements. ANSI T1.276
compliance in such cases will be the domain of the external element. ANSI T1.276 guidelines will only be implemented
for locally configured operators.

ATM VC Management Support

Support for Asynchronous Transfer Mode (ATM) virtual circuits (VC) management function of AAL2 and AAL5
protocol by the HNB-GW in accordance with the following standards:

 3GPP TR 29.814 V7.1.0 (2007-06): 3rd Generation Partnership Project; Technical Specification Group Core

Networks and Terminals Feasibility Study on Bandwidth Savings at Nb Interface with IP transport (Release 7)

HNBGW supports PVC (permanent virtual circuits) connections with CN nodes for AAL2 and AAL5 type of traffic.
The Common Part Sublayer (CPS) payload which is carried out by the AAL2 protocol over ATM is also configurable
with this feature. It provides the dynamic Common Part Sublayer (CPS) payload configuration for AAL2 protocol
traffic over ATM for negotiation between HNB-GW and MSC during call. Default size for payload is 45 but values may
range from 1 to 64 Bytes. This feature makes the operator to choose the CPS payload size dynamically.

Congestion Control and Management Support

Congestion Control monitors the system for conditions that could potentially degrade performance when the system is
under heavy load. Typically, these conditions are temporary (for example, high CPU or memory utilization) and are
quickly resolved. However, continuous or large numbers of these conditions within a specific time interval may have an

HNB Gateway in Wireless Network

Features and Functionality - Base Software ▀

Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄

OL-25069-03

25

impact the system’s ability to service subscriber sessions. Congestion control helps identify such conditions and invokes
policies for addressing the situation.

Congestion control operation is based on configuring the following:

 Congestion Condition Thresholds: Thresholds dictate the conditions for which congestion control is enabled

and establishes limits for defining the state of the system (congested or clear). These thresholds function in a
way similar to operation thresholds that are configured for the system as described in the Thresholding
Configuration Guide. The primary difference is that when congestion thresholds are reached, a service
congestion policy and an SNMP trap, starCongestion, are generated.

A threshold tolerance dictates the percentage under the configured threshold that must be reached in order for
the condition to be cleared. An SNMP trap, starCongestionClear, is then triggered.

 Port Utilization Thresholds: If you set a port utilization threshold, when the average utilization of all

ports in the system reaches the specified threshold, congestion control is enabled.

 Port-specific Thresholds: If you set port-specific thresholds, when any individual port-specific

threshold is reached, congestion control is enabled system-wide.

 Service Congestion Policies: Congestion policies are configurable for each service. These policies dictate how

services respond when the system detects that a congestion condition threshold has been crossed.

Important: For more information on Congestion Control support, refer Congestion Control chapter in System

Administration Guide.

Emergency Call Handling

The HNB-GW supports the handling of Emergency call in accordance with the following standards:

 3GPP TS 25.467 V9.3.0 (2010-06): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN architecture for 3G Home Node B (HNB); Stage 2 (Release 9)

 3GPP TS 33.102 V9.1.0 (2009-12): 3rd Generation Partnership Project; Technical Specification Group Services

and System Aspects; 3G Security; Security architecture Release 9)

The HNB-GW provides access for all UE/HNB when emergency call initiated. In case of non CSG UEs or non CSG
HNBs, after Emergency call is finished, the context established between the HNB and operator’s core network entities
for UEs who can not get access over the HNB is released to prevent the UE from accessing non-emergency services.

HNB-GW handles the emergency call in following way:

 Authentication: In case of emergency call, HNB sends a UE REGISTRATION REQUEST message with

“Registration cause” as emergency call and excludes the “UE Permanent identity” (i.e IMSI) and HNBGW

does not perform access control for emergency call case.

 Single Iu and Single RAB: In case of emergency call, HNBGW does not allow multiple RABs for UE. This

means that UE must have only one Iu connection, either CS or PS, and have only one RAB on that Iu
connection. HNB-GW implements “Single IU, Single RAB policy” when UE registration comes with
Emergency.

The RUA-CONNECT has an IE called “establishment cause” which can take values as “Normal” or
“Emergency”. If UE-registration was due to emergency then RUA-CONNECT must contain “Emergency”. If
RUA-CONNECT contains “normal” then HNB-GW rejects it.

While rejecting RUA connection or RAB connection the HNB-GW uses following reject cause:

 RUA - Misc: unspecified

HNB Gateway in Wireless Network

▀ Features and Functionality - Base Software

▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide

26

OL-25069-03

 RAB - Misc: unspecified

 If UE-registration is normal then both (normal and emergency) RUA-CONNECT is allowed.

GTP-U Tunnels Management Support

Support to manage the GTP-U tunnels between HNB-GW and GSNs by in accordance with the following standards:

 3GPP TS 25.467 V9.1.0 (2009-12): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN architecture for 3G Home Node B (HNB); Stage 2 (Release 9)

 3GPP TS 25.468 V9.0.0 (2009-12): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN Iuh Interface RANAP User Adaptation (RUA) signalling (Release 9)

 3GPP TS 25.469 V9.0.0 (2009-12): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN Iuh interface Home Node B Application Part (HNBAP) signalling (Release 9)

 3GPP TS 29.060 V9.0.0 (2009-09): 3rd Generation Partnership Project; Technical Specification Group Core

Network and Terminals; General Packet Radio Service (GPRS); GPRS Tunnelling Protocol (GTP) across the
Gn and Gp interface (Release 9)

HNB-GW supports establishment of GTPU tunnels for each RAB over the IuPS interface. HNB-GW terminates the
GTP-U teunnels coming from CN (SGSN) and initiates seperate GTP-U tunnel towards HNB.

HNB-UE Access Control

UE/HNB access control support in 3G UMTS HNB Access Network is provided on HNB-GW through IMSI White list
database and AAA attribute processing. This feature is in accordance with following standards:

 3GPP TS 23.003 V8.9.0 (2010-06): 3rd Generation Partnership Project; Technical Specification Group Core

Network and Terminals; Numbering, addressing and identification (Release 8)

 3GPP TS 25.467 V9.3.0 (2010-06): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN architecture for 3G Home Node B (HNB); Stage 2 (Release 9)

 3GPP TS 25.469 V9.2.0 (2010-06): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN Iuh interface Home Node B (HNB) Application Part (HNBAP) signalling (Release

9)

 IETF RFC-2865, Remote Authentication Dial In User Service (RADIUS), June 2000

The HNB-GW provides UE registration and de-registration procedure for the HNB to convey Rel-8 UE identification
data to the HNB-GW in order to perform access control for the UE in the HNB-GW. The UE Registration also
establishes a UE specific context identifier to be used between HNB and HNB-GW. The procedure triggered when the
UE attempts to access the HNB via an initial NAS message and there is no context in the HNB allocated for that UE.

For pre-Release 8 UEs, which do not support CSG and does not listen for CSG-ID, the HNB-GW ensures that a UE is
authorized to access a particular Femtocell. To perform access control check for pre-Release 8 UE, HNB-GW maintains
a per-HNB Whitelist. This whitelist consists of IMSIs which are allowed to access that particular HNB. The whitelist is
stored in the HMS and is downloaded to HNB-GW when HNB-REGISTRATION procedure happens.

HNB Management Function

Support for HNB registration and de-registration in 3G UMTS HNB Access Network accordance with the following
standards:

HNB Gateway in Wireless Network

Features and Functionality - Base Software ▀

Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄

OL-25069-03

27

 3GPP TS 25.469 V8.1.0 (2009-03): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN Iuh interface Home Node B Application Part (HNBAP) signalling (Release 8)

 IETF RFC 4960, Stream Control Transmission Protocol, December 2007

The HNB-GW provides HNB registration and de-registration procedure to register the HNB with the HNB-GW. This
procedure enables the HNB-GW to provide service and core network connectivity for the HNB. On HNB-GW node this
procedure is the first HNBAP procedure triggered after the SCTP association has become operational between HNB and
HNB-GW.

HNB management function processes the HNB/UE access control procedure through White-List processing on HNB­GW node. Dynamic update of White-List gives the dynamic HNB management ability to HNB-GW.

Multiple MSC Selection without Iu-Flex

Support for multiple MSC selection in a CS core network is provided with this feature support.

HNBGW can connect to multiple MSC and SGSN through Iu-Flex or LAC mapping. This feature implements the
multiple MSC selection using LAC.

For this support the HNB-GW uses HNB's LAC, received during registration procedure in
HNB_REGISTER_REQUEST message, to distribute RANAP-Initial UE message to an MSC. It maps the LAC with
MSC point code and a set of LACs configured for each MSC, connected to the HNB-GW.

In the HNBGW, to select an MSC based on the LAC the following algorithm is used:

 If both Iu-Flex and LACs are configured for a MSC, then Iu-Flex is used to select a MSC.
 If only Iu-Flex is configured then Iu-Flex is used for selecting MSC.
 If only LACs are configured then MSC is selected using LAC from HNB.
 If both Iu-Flex and LACs are not configured in the HNBGW, it selects default MSC.

Intra-Domain Multiple CN Support Through Iu-Flex

Iu-Flex is the routing functionality for intra domain connection of HNB-GW nodes to multiple CN nodes (MSC/SGSN).
It provides a routing mechanism and related functionality on HNB-GW to enable it to route information of different
Core Network (CN) nodes with in the CS or PS domain. It is implemented in accordance with the following standards:

 3GPP TS 23.236 V9.0.0 (2009-12): 3rd Generation Partnership Project; Technical Specification Group Services

and System Aspects; Intra-domain connection of Radio Access Network (RAN) nodes to multiple Core
Network (CN) nodes (Release 9)

 3GPP TS 25.468 V9.2.0 (2010-06): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN Iuh Interface RANAP User Adaptation (RUA) signalling (Release 9)

HNBGW supports Iu-Flex routing mechanism and other applications like many-to-many relation and load-sharing
between CN nodes with HNB-GW and CN node pooling. This mechanism provides following benefits to network
operator:

 Eliminates the single point of failure between an RNC/HNB-GW and a CN Node.
 Ensures geographical redundancy, as a pool can be distributed across sites.
 Minimizes subscriber impact during service, maintenance, or node additions or replacements.
 Increases overall capacity via load sharing across the MSCs/SGSNs in a pool.

HNB Gateway in Wireless Network

▀ Features and Functionality - Base Software

▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide

28

OL-25069-03

 Reduces the need/frequency for inter-CN node RAUs. This substantially reduces signaling load and data transfer

delays.

 Supports load redistribution with the MSC/SGSN offloading procedure.

To incorporate the concept of multiple CN nodes, Iu-Flex introduces the concept of “pool-areas” which is enabled by
the routing mechanism in HNB GW. A pool-area is served by multiple CN nodes (MSCs or SGSNs) in parallel which
share the traffic of this area between each other. Furthermore, pool-areas may overlap. From a RAN perspective a pool­area comprises all LA(s)/RA(s) of one or more RNC/BSC or HNBGW that are served by a certain group of CN nodes in
parallel. One or more of the CN nodes in this group may in addition serve LAs/RAs outside this pool-area or may also
serve other pool-areas. This group of CN nodes is also referred to as MSC pool or SGSN pool respectively.

The Iu-Flex enables a few different application scenarios with certain characteristics. The service provision by multiple
CN nodes within a pool-area enlarges the served area compared to the service area of one CN node. This results in
reduced inter CN node updates, handovers and relocations and it reduces the HLR/HSS update traffic. The configuration
of overlapping pool-areas allows to separate the overall traffic into different UE moving pattern, e.g. pool-areas where
each covers a separate residential area and all the same city centre. Other advantages of multiple CN nodes in a pool­area are the possibility of capacity upgrades by additional CN nodes in the pool-area or the increased service availability
as other CN nodes may provide services in case one CN node in the pool-area fails.

Iu Signalling Link Management Support

Support for Iu signal link management function for HNB-GW in accordance with the following standards:

 3GPP TS 25.412 V8.0.0 (2008-12): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN Iu interface signalling transport (Release 8)

 3GPP TS 25.413 V7.9.0 (2008-06): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN Iu interface RANAP signalling (Release 7)

 3GPP TS 25.414 V9.0.0 (2009-12): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN Iu interface data transport and transport signalling (Release 9)

HNBGW supports RANAP protocol for management of IuPS/IuCS connections. The IU connection on the IuPS/IuCS
interface is realized using an SCCP connection towards SGSN/MSC. The SCCP could be over SIGTRAN or ATM.

IuH User-Plane Transport Bearer Handling Support

Support for transfer of CS as well as PS data over IP on the IuH interface:

 3GPP TS 25.467 V8.0.0. (2008-12): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN architecture for 3G Home NodeB; Stage 2 (Release 8)

HNB-GW supports GTP-U v1 for PS traffic transport and RTP/RTCP for CS traffic transport on IuH interface. HNB­GW terminates the GTPU tunnels and RTP sessions at itself for each tunnel/session between CN and HNB.

Network Access Control Functions through SeGW

These functions enable secure user and device level authentication between the authenticator component of the HNB­GW and a 3GPP HSS/AuC and RADIUS-based AAA interface support.

This section describes following features:

 Authentication and Key Agreement (AKA)

HNB Gateway in Wireless Network

Features and Functionality - Base Software ▀

Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄

OL-25069-03

29

 3GPP AAA Server Support
 X.509 Certificate-based Authentication Support

Authentication and Key Agreement (AKA)

HNB-GW provides Authentication and Key Agreement mechanism for user authentication procedure over the HNB
Access Network. The Authentication and Key Agreement (AKA) mechanism performs authentication and session key
distribution in networks. AKA is a challenge- response based mechanism that uses symmetric cryptography.

The AKA is the procedure that take between the user and network to authenticate themselves towards each other and to
provide other security features such as integrity and confidentiality protection.

In a logical order this follows the following procedure:

1. Authentication: Performs authentication by, identifying the user to the network; and identifying the network to

the user.

2. Key agreement: Performs key agreement by, generating the cipher key; and generating the integrity key.

3. Protection: When the AKA procedure is performed it protects, the integrity of messages; confidentiality of

signalling data; and confidentiality of user data

3GPP AAA Server Support

This interface between the SeGW and AAA Server provides a secure connection carrying authentication, authorization,
and related information. in accordance with the following standards:

 3GPP TS 33.320 V9.1.0 (2010-03): 3rd Generation Partnership Project; Technical Specification Group Services

and System Aspects; Security of Home Node B (HNB) / Home evolved Node B (HeNB) (Release 9)

This reference point is located between 3GPP AAA Server/Proxy and HNB-GW. The functionality of this reference
point is to enable following requirements on SeGW:

 The SeGW shall be authenticated by the HNB using a SeGW certificate.
 The SeGW shall authenticate the HNB based on HNB certificate.
 The SeGW authenticates the hosting party of the HNB in cooperation with the AAA server using EAP-AKA.
 The SeGW shall allow the HNB access to the core network only after successful completion of all required

authentications.

 Any unauthenticated traffic from the HNB shall be filtered out at the SeGW

X.509 Certificate-based Authentication Support

HNB-GW supports X.509 Certificate-based authentication to HNB/UE for a public key infrastructure (PKI) for single
sign-on (SSO) and Privilege Management Infrastructure (PMI). X.509 specifies the standard formats for public key
certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.

Open Access Mode Support

Differentiated Services Code Point (DSCP) marking over IuH interface support in 3G UMTS HNB Access Network is
provided on HNB-GW for traffic quality management in accordance with following standards:

 3GPP TS 25.414 V9.0.0 (2009-12): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN Iu interface data transport and transport signalling (Release 9)

HNB Gateway in Wireless Network

▀ Features and Functionality - Base Software

▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide

30

OL-25069-03

 3GPP TS 25.468 V9.2.0 (2010-06): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN Iuh Interface RANAP User Adaptation (RUA) signalling (Release 9)

 3GPP TS 25.469 V9.2.0 (2010-06): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN Iuh interface Home Node B (HNB) Application Part (HNBAP) signalling (Release

9)

 IETF RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers
 IETF RFC 4594, Configuration Guidelines for DiffServ Service Classes
 IETF RFC 4960, Stream Control Transmission Protocol

In a fixed line-mobile convergence scenario, the user data and signaling traffic from a UE is forwarded by an HNB to
HNB-GW over IuH interface. IP is used as network layer for IuH. RTP/ RTCP or GTP over UDP/IP form transport for
user data. SCTP/IP is used for control signaling over IuH.

These data and control packets traverse public Internet before reaching HNB-GW and vice-a-versa for the downlink
traffic. RTP typically carries jitter-sensitive real-time media data such as voice and video. RTCP carries media
reception/ transmit feedback that is not delay sensitive. GTP carries generic, non-media data. These various traffic
types, each, deserve different QoS handling by the IP nodes they traverse between HNB and HNB-GW. Thus DSCP
codes are assigned in the IP headers of the traffic such that intermediate IP nodes can provide differentiated QoS
treatment to the traffic for an acceptable end-user experience.

HNB-GW supports DSCP marking of the traffic on IuH for downlink traffic towards HNB and for uplink traffic
towards MSC when IP transport is used for IuCS or IuPS.

QoS Management with DSCP Marking

Differentiated Services Code Point (DSCP) marking over IuH interface support in 3G UMTS HNB Access Network is
provided on HNB-GW for traffic quality management in accordance with following standards:

 3GPP TS 25.414 V9.0.0 (2009-12): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN Iu interface data transport and transport signalling (Release 9)

 3GPP TS 25.468 V9.2.0 (2010-06): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN Iuh Interface RANAP User Adaptation (RUA) signalling (Release 9)

 3GPP TS 25.469 V9.2.0 (2010-06): 3rd Generation Partnership Project; Technical Specification Group Radio

Access Network; UTRAN Iuh interface Home Node B (HNB) Application Part (HNBAP) signalling (Release

9)

 IETF RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers
 IETF RFC 4594, Configuration Guidelines for DiffServ Service Classes
 IETF RFC 4960, Stream Control Transmission Protocol

In a fixed line-mobile convergence scenario, the user data and signaling traffic from a UE is forwarded by an HNB to
HNB-GW over IuH interface. IP is used as network layer for IuH. RTP/ RTCP or GTP over UDP/IP form transport for
user data. SCTP/IP is used for control signaling over IuH.

These data and control packets traverse public Internet before reaching HNB-GW and vice-a-versa for the downlink
traffic. RTP typically carries jitter-sensitive real-time media data such as voice and video. RTCP carries media
reception/ transmit feedback that is not delay sensitive. GTP carries generic, non-media data. These various traffic
types, each, deserve different QoS handling by the IP nodes they traverse between HNB and HNB-GW. Thus DSCP
codes are assigned in the IP headers of the traffic such that intermediate IP nodes can provide differentiated QoS
treatment to the traffic for an acceptable end-user experience.