This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
ikostov gerrit-no-reply at lists.osmocom.orgReview at https://gerrit.osmocom.org/1535 SGSN: add Auth. policy, NS Statistics and BSSGP state examples Change-Id: I0164f418e453672321eed00bbc454c1e223ea158 --- M OsmoSGSN/chapters/configuration.adoc M OsmoSGSN/chapters/overview.adoc M common/chapters/gb.adoc 3 files changed, 82 insertions(+), 21 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-gsm-manuals refs/changes/35/1535/1 diff --git a/OsmoSGSN/chapters/configuration.adoc b/OsmoSGSN/chapters/configuration.adoc index 8b259ed..2c82639 100644 --- a/OsmoSGSN/chapters/configuration.adoc +++ b/OsmoSGSN/chapters/configuration.adoc @@ -67,6 +67,50 @@ <2> Enable the dynamic GGSN resolving mode <3> Specify the IP address of a DNS server for APN resolution +[[auth-pol]] +=== Authorization Policy + +Authorization determines whether particular subscriber can access +your network or not. + +The following 4 authorization policy options are available: + +`accept-all`: When this option is selected then all IMSIs will +be accepted. Using this policy option can be dangerous. + +`acl-only`: In this case you will allow SGSN to accept only IMSIs, +which are explicitly white-listed by the Access Control List (ACL) and +the rest will be rejected. +2 +`closed`: This option allows you to accept only home network subscribers +either the ones, which are in the ACL or MCC/MNC match. +(i.e. MCC 901, MNC 700, IMSI 901700000003080). + +`remote`: When this authorization option is selected then the GSUP protocol +to remotely access a HLR will be used. Remote subscription data +only will be used. + + +.Example: How to assign or change current authorization policy follows: +---- +OsmoSGSN> enable +OsmoSGSN# configure terminal +OsmoSGSN(config)# sgsn +OsmoSGSN(config-sgsn)# auth-policy acl-only <1> +OsmoSGSN(config-sgsn)# write <2> +Configuration saved to sgsn.cfg +OsmoSGSN(config-sgsn)# exit +OsmoSGSN(config)# exit +OsmoSGSN# disable +OsmoSGSN> +---- +<1> 'acl-olny' is selected as authorization policy +<2> Saves current changes to cofiguration file to make this policy +persistent + +Other authorization policy option can be selected by using +the above given example. Just state which policy option you would like +to use. === Subscriber Configuration diff --git a/OsmoSGSN/chapters/overview.adoc b/OsmoSGSN/chapters/overview.adoc index 566124a..396839f 100644 --- a/OsmoSGSN/chapters/overview.adoc +++ b/OsmoSGSN/chapters/overview.adoc @@ -23,16 +23,16 @@ [graphviz] ---- digraph G { - rankdir=LR; - MS0 [label="MS"] - MS1 [label="MS"] - MS0->BTS [label="Um"] - MS1->BTS [label="Um"] - BTS->BSC [label="Abis"] - BSC->MSC [label="A"] - BTS->PCU [label="pcu_sock"] - PCU->SGSN [label="Gb"] - SGSN->GGSN [label="GTP"] + rankdir=LR; + MS0 [label="MS"]; + MS1 [label="MS"]; + MS0->BTS [label="Um"]; + MS1->BTS [label="Um"]; + BTS->BSC [label="Abis"]; + BSC->MSC [label="A"]; + BTS->PCU [label="pcu_sock"]; + PCU->SGSN [label="Gb"]; + SGSN->GGSN [label="GTP"]; } ---- @@ -58,7 +58,7 @@ ==== GTP Implementation -OsmoSGSN uses the libgtp implementation originating from OpenGGSN. It +OsmoSGSN uses the libgtp implementation originating from OpenGGSN.It supports both GTPv0 and GTPv1. @@ -68,13 +68,8 @@ point. It supports the GPRS ATTACH and GPRS ROUTING AREA UPDATE procedures, as well as GPRS ATTACH and GPRS DETACH. -However, as the SGSN currently does not implement any type of HLR -access, it is not able to authenticate a subscriber or even check if the -subscriber exists at all. As such, all non-roaming subscribes are -allowed to attach to OsmoSGSN. Non-roaming means that the first 5 -digits of the IMSI must match the MCC and MNC of the cell that the -subscriber is registering to. - +Please refer to <<auth-pol>> for more details how the Authorization +policy is handled. ==== LLC Implementation diff --git a/common/chapters/gb.adoc b/common/chapters/gb.adoc index d01fa9b..199ef2c 100644 --- a/common/chapters/gb.adoc +++ b/common/chapters/gb.adoc @@ -67,14 +67,36 @@ Encapsulation NS-UDP-IP Local IP: 127.0.0.1, UDP Port: 23000 Encapsulation NS-FR-GRE-IP Local IP: 0.0.0.0 ---- -FIXME -FIXME: show ns stats +.Example: Inspecting NS statistics +---- +OsmoSGSN> show ns stats +Encapsulation NS-UDP-IP Local IP: 10.9.1.198, UDP Port: 23000 +Encapsulation NS-FR-GRE-IP Local IP: 0.0.0.0 +NSEI 101, NS-VC 101, Remote: BSS, ALIVE UNBLOCKED, UDP 10.9.1.119:23000 + NSVC Peer Statistics: + Packets at NS Level ( In): 1024 (2/s 123/m 911/h 0/d) + Packets at NS Level (Out): 1034 (0/s 151/m 894/h 0/d) + Bytes at NS Level ( In): 296638 (1066/s 22222/m 274244/h 0/d) + Bytes at NS Level (Out): 139788 (0/s 48225/m 91710/h 0/d) + NS-VC Block count : 0 (0/s 0/m 0/h 0/d) + NS-VC gone dead count : 0 (0/s 0/m 0/h 0/d) + NS-VC replaced other count: 0 (0/s 0/m 0/h 0/d) + NS-VC changed NSEI count : 0 (0/s 0/m 0/h 0/d) + NS-VCI was invalid count : 0 (0/s 0/m 0/h 0/d) + NSEI was invalid count : 0 (0/s 0/m 0/h 0/d) + ALIVE ACK missing count : 0 (0/s 0/m 0/h 0/d) + RESET ACK missing count : 0 (0/s 0/m 0/h 0/d) + NSVC Peer Statistics: + ALIVE reponse time : 0 ms +---- .Example: Inspecting BSSGP state ---- +OsmoSGSN> show bssgp +NSEI 101, BVCI 2, RA-ID: 1-2-1-0, CID: 0, STATE: UNBLOCKED +NSEI 101, BVCI 0, RA-ID: 0-0-0-0, CID: 0, STATE: UNBLOCKED ---- -FIXME FIXME: show nse -- To view, visit https://gerrit.osmocom.org/1535 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I0164f418e453672321eed00bbc454c1e223ea158 Gerrit-PatchSet: 1 Gerrit-Project: osmo-gsm-manuals Gerrit-Branch: master Gerrit-Owner: ikostov <ikostov at sysmocom.de>