In This Presentation, Following Optional Configuration for PGW/GGSN is clarified and presented. PISC/SACC Over View Traffic Inspection, Analysis Authorization and QoS Configuration Rating Group, Service Set Header Rule Set , Header Rule HTTP/WSP Rule Rating Group Mapping

1. PGW/ GGSN - PICS
PART - 03
Mustafa Golam

2. Table of Contents
PISC/SACC Over View
Traffic
Inspection, Analysis
Authorization and QoS
Configuration
Rating Group, Service Set
 Header Rule Set , Header Rule
 HTTP/WSP Rule
Rating Group Mapping

3. GPRS Charging
GPRS was originally standardised for Internet access with charging based on traffic
volume. APN used to describe the destination to which a connection should be
established. Both offline and online charging options were supported.
 CDRs for offline charging
 CAMEL phase 3 for online charging
Background
GPRS
WEB
browser
APN 1
Internet
GPRS
WEB
browser
APN 1
Internet

4. GPRSCharging
CDRs are generated by both SGSN and GGSN and there is one set of CDRs per
PDP Context. CAPv3 support introduced in SGSN for Real-time charging of GPRS.
Internet
SCP
APN
CAPv3
Offline
Mediation
Billing
system
S-CDRs G-CDRs
SGSN GGSN
Background

5. Expansionof Services
 Many profiles has to be defined in the terminal to charge for the different services.
 Services are be identified by using different APNs.
 Only one service category is allowed at a time.
GPRS
WEB
browser
APN 1
Internet
APN 3
or
MMS
client
APN 2
WAP
browser
APN 4 Operator
services
MMS
Services
or Streaming
Services
Background

6. CAMELvs. Flow BasedCharging
Only few operators are using CAMEL for GPRS today because:
 3GPP introduced IP Flow Based Charging (FBC) based on DIAMETER.
 The leading trend is to provide multi-service APN (single APN).
 CAMEL support in VPLMN required for charging of roaming subscribers.
SGSN Internet
Prepaid
MMS-C
GGSN
Service Aware
Function
Gi
Diameter (Gy)
V-SGSN
BGW
Background

7. Service AwareCharging & Control
Background
 Multi service APNs (Single APN)
 Service Aware Charging
 Flexible Bearer Charging
 Event and Content Charging
 Online/Offline
 Service Control
 Service Authorization
 Context sensitive (roaming, access, QoS …)
 Redirect, enabling a user to for example be:
 Redirected to a top-up or subscription page
 Redirected for Advice of Charge
 Dynamic and immediate use of activated services
 Operator QoS Control
 Service Aware Bearer Control
 Service Aware Bandwidth Management

8. SACCOverview
Multi MediationCharging System
Prepaid (Postpaid) File & EventOnline
Rx
Packet
Core
Radio
Access
Billing
Statistics
Hot billing
(non real-time
prepaid)
SGSN
Policy
Controller (E// -PC)
Corporate
Intranet
Internet
Operator
Service
Network
GGSN or SASN
Multi Activation
(E// -MA)
Self-care
Server
CAI
LDAP
Application
Server
(IMS, Streaming)
Other
Prepaid or
Policy Server
Vendor-
specific
interfaces
OSS- RC
Gz
(CDRs)
GxGyGy
• Inspects and classifies the IP flows
• Enforcement point for policies
(charging & access control)
• Subscriber access control
(preconfigured & dynamic)
• Handles subscription
and service life cycle
mgmt of the EPC
ABM
ERE
• Real-time charging mediation
towards external charging systems
• Optionally offers rating as well as
account & balance mgr
• Mediation (pre rating)
of CDRs for offline
charging towards external
billing systems
• Handles configuration,
fault and performance
management
• Includes the user prepaid
(and/or postpaid) accounts
• Handles rating,
accumulators, etc.

9. TrafficInspection
Service Class
 To simplify the provisioning of Service Filters and tariff plans, the grouping
of services into Service Classes is supported
 On a per-user basis, the same volume rate will be applied for all services
that are grouped into a certain Service Class
 The Service Class concept also allows for Service Authorization
(sometimes called Service Selection).
Service Identifier
 Identifies a specific IP flow destination
 Grouped into Service Classes
 Enables 3rd party revenue sharing

10. TrafficInspection
GGSN/ SASN / SACC
Analysis
Engine
Classification
Engine
Classification Rules
WSP.URL startsWith http://x & ...
RTSP.URI contains ericsson & ...
. . .
undifferentiated
incoming packets
analysis
parameters
obtained
service
differentiated
sessions
Heuristic
Patterns
...01101011...
Protocol
Analyzers
Control
Engines
Control
Engines
Output
traffic

11. Levelsof TrafficAnalysis
. . .
Deep Packet Inspection
Headers in Layer 4, Layer 7
Shallow Packet Inspection
Layer 3 IP header +
Layer 4 UDP/TCP ports
Heuristic Analysis
Empirical patterns obtained in packets L3-L7
headers + payload + IP flow metrics

12. Service Authorization
• Access Control Lists with allowed Service
Classes down loaded at PDP context
activation
– No external authorisation signalling
necessary while traffic flows
• Blocking of traffic based on the User
Service Class after Packet Inspection and
Service Classification
GGSN/
Service Aware
Support Node
Access Control
Lists (ACLs)
100,200,1000 etc
Access Control Lists
Gi Gi
Policy Server
Gives Us
• Low Latency
• A per subscriber service access
firewall

13. PersonalizedQoS Profile
Bandwidth limit per service class obtained from PCRF/SAPC as part of ACL
SRAP
Service A
No limit
Service B
10 Kbps
Service C
1 Mbps
. . .
. . .
default
No limit
Radio
Access
Packet
Core
Operator
Service
Network
Internet
Corporate
Intranet
SGSN GGSN Gi
PCRF/SAPC
Gx/Gx+

14. TrafficInspection - Flow

15. TrafficInspectionGGSN
GGSN-U
NDPI
Packet UL or DL
Classify(pdpID, packet, …)
Inspect packet
Classify packet
Virtual Session/SI
NDPI_MSG_SYNCH (... packet,
SI, Volume)
Packet Inspection

16. TrafficInspection
Analyzers extract protocol parameters to be used later in the classification stage.
Analyzers are created at init time.
Analyzers are “plugged” to each other according to protocol stack.
Packet Analysis

17. TrafficInspectionGGSN
APN-A
Service Set
2
Header Rule Set
SI=Z
L3/L4 Header Rule
4
Protocol inspection
Rule Set
5
L7 Protocol Rule
SI=Y
3
RG=a
Si=Z Si=Y
9
Rule-Space
1
Heuristic Rule Set
Heuristic Rule
SI=Y
6
7
8
Service Classification Tree

18. PISCConfiguration-APN
In APN definition, allowed rule spaces (if received from OCS) and default rule
spaces are defined.
apn {
apn001 {
...
Allow-rule-space [rs_01 rs_02 rs_03];
User category default rule-space default rs_01;
}
}

19. PISCConfiguration–Service Set
A service set defines the default Service Identifier (SIs) to use for traffic over a PDP
context.
The service set may optionally point out a number of Header Rule Sets (max 10)
used for assigning SIs based on packet inspection.
The SI is a number between 1 and 4294967295.
Service-set ss_01 {
service-identification {
default payload xxxx;
}
header-rule-sets {
hrs_01;
hrs_02;
...
hrs_10;
}
}

20. TrafficInspection –Header Rule Set
Each Header Rule Set should be the defined.
A header rule set may contain one or several header rules.
The header rules are evaluated in the order they are configured.
header-rule-set hrs_01 {
rule {
rule_01;
rule_02;
...
rule_0n;
}
}

21. PISCConfiguration– Header Rules
A header rule consists of one or several terms. The terms are evaluated in the order
they are configured.
To configure a term in a header rule, the following actions are mandatory:
 Configure the match conditions.
 If several conditions are configured in a term,
all conditions must be fulfilled for the term to match.
 Configure the unique resulting SI.
The following match conditions can be configured for a term in a header rule.
•MS prefix
•MS address
•MS port
•Network prefix
•Network address
•Network port
•Protocol

22. PISCConfiguration– Header Rules
In case Packet Inspection is needed, the ACTION of the
related term (“then” section) should refer to one
“protocol-rule-set”. Packet Inspection Rule Set protocol
category may be one of the following or others:
DNS
FTP
HTTP WSP and MMS
MSN Messenger
POP3
RTSP
SIP
SMTP
TFTP

23. PISCConfiguration– Header Rules
header-rule rule_01 {
term term1 {
from {
ms-prefix x.x.x.x/x;
network-address y.y.y.y/y;
}
then {
service-id payload zzz;
}
}
term term2 {
...
}
...
term termt {
from {
ms-prefix x.x.x.x/x;
}
then {
protocol-inspection http-wsp-rule-set hwr_01 ;
}
}

24. PISCConfiguration
As an example an HTTP/WSP Rule Set and its related rules is shown here:
http-wsp-rule-set hwr_01 {
rule {
rule_01;
rule_02;
...
rule_0n;
}
}
http-wsp-rule rule_01 {
term term1 {
from {
uri {
starts-with http://airtel.com:;
contains //recharge/;
}
}
then {
payload zzz;
}
}

25. PISCConfiguration
Once the Service Identifier has been set, back to Rule Space configuration, the
mapping between SI and related rating group, which defines how the service is to be
authorized and charged.
rule-space rs_01 {
rating-group {
map {
1 service-id [100 200 1000];
2 service-id [150 250 2200];
...
}
}
}
Service-ID to Rating Group Mapping

26. FurtherStudy
3GPP Documentation
kb.juniper.net/
https://www.youtube.com/watch?v=YQRSa0JgmWQ
https://www.youtube.com/watch?v=R-6sgxD4KQo
https://www.youtube.com/watch?v=Riicg93L9eQ
https://www.youtube.com/watch?v=drdI6ylciW4
Google

27. When you’re confused
Q??