In This Presentation, Following Optional Configuration for PGW/GGSN is clarified and presented.
PISC/SACC Over View
Traffic
Inspection, Analysis
Authorization and QoS
Configuration
Rating Group, Service Set
Header Rule Set , Header Rule
HTTP/WSP Rule
Rating Group Mapping
2. Table of Contents
PISC/SACC Over View
Traffic
Inspection, Analysis
Authorization and QoS
Configuration
Rating Group, Service Set
Header Rule Set , Header Rule
HTTP/WSP Rule
Rating Group Mapping
3. GPRS Charging
GPRS was originally standardised for Internet access with charging based on traffic
volume. APN used to describe the destination to which a connection should be
established. Both offline and online charging options were supported.
CDRs for offline charging
CAMEL phase 3 for online charging
Background
GPRS
WEB
browser
APN 1
Internet
GPRS
WEB
browser
APN 1
Internet
4. GPRSCharging
CDRs are generated by both SGSN and GGSN and there is one set of CDRs per
PDP Context. CAPv3 support introduced in SGSN for Real-time charging of GPRS.
Internet
SCP
APN
CAPv3
Offline
Mediation
Billing
system
S-CDRs G-CDRs
SGSN GGSN
Background
5. Expansionof Services
Many profiles has to be defined in the terminal to charge for the different services.
Services are be identified by using different APNs.
Only one service category is allowed at a time.
GPRS
WEB
browser
APN 1
Internet
APN 3
or
MMS
client
APN 2
WAP
browser
APN 4 Operator
services
MMS
Services
or Streaming
Services
Background
6. CAMELvs. Flow BasedCharging
Only few operators are using CAMEL for GPRS today because:
3GPP introduced IP Flow Based Charging (FBC) based on DIAMETER.
The leading trend is to provide multi-service APN (single APN).
CAMEL support in VPLMN required for charging of roaming subscribers.
SGSN Internet
Prepaid
MMS-C
GGSN
Service Aware
Function
Gi
Diameter (Gy)
V-SGSN
BGW
Background
7. Service AwareCharging & Control
Background
Multi service APNs (Single APN)
Service Aware Charging
Flexible Bearer Charging
Event and Content Charging
Online/Offline
Service Control
Service Authorization
Context sensitive (roaming, access, QoS …)
Redirect, enabling a user to for example be:
Redirected to a top-up or subscription page
Redirected for Advice of Charge
Dynamic and immediate use of activated services
Operator QoS Control
Service Aware Bearer Control
Service Aware Bandwidth Management
8. SACCOverview
Multi MediationCharging System
Prepaid (Postpaid) File & EventOnline
Rx
Packet
Core
Radio
Access
Billing
Statistics
Hot billing
(non real-time
prepaid)
SGSN
Policy
Controller (E// -PC)
Corporate
Intranet
Internet
Operator
Service
Network
GGSN or SASN
Multi Activation
(E// -MA)
Self-care
Server
CAI
LDAP
Application
Server
(IMS, Streaming)
Other
Prepaid or
Policy Server
Vendor-
specific
interfaces
OSS- RC
Gz
(CDRs)
GxGyGy
• Inspects and classifies the IP flows
• Enforcement point for policies
(charging & access control)
• Subscriber access control
(preconfigured & dynamic)
• Handles subscription
and service life cycle
mgmt of the EPC
ABM
ERE
• Real-time charging mediation
towards external charging systems
• Optionally offers rating as well as
account & balance mgr
• Mediation (pre rating)
of CDRs for offline
charging towards external
billing systems
• Handles configuration,
fault and performance
management
• Includes the user prepaid
(and/or postpaid) accounts
• Handles rating,
accumulators, etc.
9. TrafficInspection
Service Class
To simplify the provisioning of Service Filters and tariff plans, the grouping
of services into Service Classes is supported
On a per-user basis, the same volume rate will be applied for all services
that are grouped into a certain Service Class
The Service Class concept also allows for Service Authorization
(sometimes called Service Selection).
Service Identifier
Identifies a specific IP flow destination
Grouped into Service Classes
Enables 3rd party revenue sharing
11. Levelsof TrafficAnalysis
. . .
Deep Packet Inspection
Headers in Layer 4, Layer 7
Shallow Packet Inspection
Layer 3 IP header +
Layer 4 UDP/TCP ports
Heuristic Analysis
Empirical patterns obtained in packets L3-L7
headers + payload + IP flow metrics
12. Service Authorization
• Access Control Lists with allowed Service
Classes down loaded at PDP context
activation
– No external authorisation signalling
necessary while traffic flows
• Blocking of traffic based on the User
Service Class after Packet Inspection and
Service Classification
GGSN/
Service Aware
Support Node
Access Control
Lists (ACLs)
100,200,1000 etc
Access Control Lists
Gi Gi
Policy Server
Gives Us
• Low Latency
• A per subscriber service access
firewall
13. PersonalizedQoS Profile
Bandwidth limit per service class obtained from PCRF/SAPC as part of ACL
SRAP
Service A
No limit
Service B
10 Kbps
Service C
1 Mbps
. . .
. . .
default
No limit
Radio
Access
Packet
Core
Operator
Service
Network
Internet
Corporate
Intranet
SGSN GGSN Gi
PCRF/SAPC
Gx/Gx+
16. TrafficInspection
Analyzers extract protocol parameters to be used later in the classification stage.
Analyzers are created at init time.
Analyzers are “plugged” to each other according to protocol stack.
Packet Analysis
17. TrafficInspectionGGSN
APN-A
Service Set
2
Header Rule Set
SI=Z
L3/L4 Header Rule
4
Protocol inspection
Rule Set
5
L7 Protocol Rule
SI=Y
3
RG=a
Si=Z Si=Y
9
Rule-Space
1
Heuristic Rule Set
Heuristic Rule
SI=Y
6
7
8
Service Classification Tree
18. PISCConfiguration-APN
In APN definition, allowed rule spaces (if received from OCS) and default rule
spaces are defined.
apn {
apn001 {
...
Allow-rule-space [rs_01 rs_02 rs_03];
User category default rule-space default rs_01;
}
}
19. PISCConfiguration–Service Set
A service set defines the default Service Identifier (SIs) to use for traffic over a PDP
context.
The service set may optionally point out a number of Header Rule Sets (max 10)
used for assigning SIs based on packet inspection.
The SI is a number between 1 and 4294967295.
Service-set ss_01 {
service-identification {
default payload xxxx;
}
header-rule-sets {
hrs_01;
hrs_02;
...
hrs_10;
}
}
20. TrafficInspection –Header Rule Set
Each Header Rule Set should be the defined.
A header rule set may contain one or several header rules.
The header rules are evaluated in the order they are configured.
header-rule-set hrs_01 {
rule {
rule_01;
rule_02;
...
rule_0n;
}
}
21. PISCConfiguration– Header Rules
A header rule consists of one or several terms. The terms are evaluated in the order
they are configured.
To configure a term in a header rule, the following actions are mandatory:
Configure the match conditions.
If several conditions are configured in a term,
all conditions must be fulfilled for the term to match.
Configure the unique resulting SI.
The following match conditions can be configured for a term in a header rule.
•MS prefix
•MS address
•MS port
•Network prefix
•Network address
•Network port
•Protocol
22. PISCConfiguration– Header Rules
In case Packet Inspection is needed, the ACTION of the
related term (“then” section) should refer to one
“protocol-rule-set”. Packet Inspection Rule Set protocol
category may be one of the following or others:
DNS
FTP
HTTP WSP and MMS
MSN Messenger
POP3
RTSP
SIP
SMTP
TFTP
23. PISCConfiguration– Header Rules
header-rule rule_01 {
term term1 {
from {
ms-prefix x.x.x.x/x;
network-address y.y.y.y/y;
}
then {
service-id payload zzz;
}
}
term term2 {
...
}
...
term termt {
from {
ms-prefix x.x.x.x/x;
}
then {
protocol-inspection http-wsp-rule-set hwr_01 ;
}
}
24. PISCConfiguration
As an example an HTTP/WSP Rule Set and its related rules is shown here:
http-wsp-rule-set hwr_01 {
rule {
rule_01;
rule_02;
...
rule_0n;
}
}
http-wsp-rule rule_01 {
term term1 {
from {
uri {
starts-with http://airtel.com:;
contains //recharge/;
}
}
then {
payload zzz;
}
}
25. PISCConfiguration
Once the Service Identifier has been set, back to Rule Space configuration, the
mapping between SI and related rating group, which defines how the service is to be
authorized and charged.
rule-space rs_01 {
rating-group {
map {
1 service-id [100 200 1000];
2 service-id [150 250 2200];
...
}
}
}
Service-ID to Rating Group Mapping