[PATCH] osmo-gsm-manuals[master]: SGSN: add Auth. policy, NS Statistics and BSSGP state examples

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

ikostov gerrit-no-reply at lists.osmocom.org
Fri Jan 6 13:40:47 UTC 2017


Review at  https://gerrit.osmocom.org/1535

SGSN: add Auth. policy, NS Statistics and BSSGP state examples

Change-Id: I0164f418e453672321eed00bbc454c1e223ea158
---
M OsmoSGSN/chapters/configuration.adoc
M OsmoSGSN/chapters/overview.adoc
M common/chapters/gb.adoc
3 files changed, 82 insertions(+), 21 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/osmo-gsm-manuals refs/changes/35/1535/1

diff --git a/OsmoSGSN/chapters/configuration.adoc b/OsmoSGSN/chapters/configuration.adoc
index 8b259ed..2c82639 100644
--- a/OsmoSGSN/chapters/configuration.adoc
+++ b/OsmoSGSN/chapters/configuration.adoc
@@ -67,6 +67,50 @@
 <2> Enable the dynamic GGSN resolving mode
 <3> Specify the IP address of a DNS server for APN resolution
 
+[[auth-pol]]
+=== Authorization Policy
+
+Authorization determines whether particular subscriber can access
+your network or not.
+
+The following 4 authorization policy options are available:
+
+`accept-all`: When this option is selected then all IMSIs will
+be accepted. Using this policy option can be dangerous.
+
+`acl-only`: In this case you will allow SGSN to accept only IMSIs,
+which are explicitly white-listed by the Access Control List (ACL) and
+the rest will be rejected.
+2
+`closed`: This option allows you to accept only home network subscribers
+either the ones, which are in the ACL or MCC/MNC match.
+(i.e. MCC 901, MNC 700, IMSI 901700000003080).
+
+`remote`: When this authorization option is selected then the GSUP protocol
+to remotely access a HLR will be used. Remote subscription data
+only will be used.
+
+
+.Example: How to assign or change current authorization policy follows:
+----
+OsmoSGSN> enable
+OsmoSGSN# configure terminal
+OsmoSGSN(config)# sgsn
+OsmoSGSN(config-sgsn)# auth-policy acl-only <1>
+OsmoSGSN(config-sgsn)# write <2>
+Configuration saved to sgsn.cfg
+OsmoSGSN(config-sgsn)# exit
+OsmoSGSN(config)# exit
+OsmoSGSN# disable
+OsmoSGSN>
+----
+<1> 'acl-olny' is selected as authorization policy
+<2> Saves current changes to cofiguration file to make this policy
+persistent
+
+Other authorization policy option can be selected by using
+the above given example. Just state which policy option you would like
+to use.
 
 === Subscriber Configuration
 
diff --git a/OsmoSGSN/chapters/overview.adoc b/OsmoSGSN/chapters/overview.adoc
index 566124a..396839f 100644
--- a/OsmoSGSN/chapters/overview.adoc
+++ b/OsmoSGSN/chapters/overview.adoc
@@ -23,16 +23,16 @@
 [graphviz]
 ----
 digraph G {
-	rankdir=LR;
-	MS0 [label="MS"]
-	MS1 [label="MS"]
-	MS0->BTS [label="Um"]
-	MS1->BTS [label="Um"]
-	BTS->BSC [label="Abis"]
-	BSC->MSC [label="A"]
-	BTS->PCU [label="pcu_sock"]
-	PCU->SGSN [label="Gb"]
-	SGSN->GGSN [label="GTP"]
+        rankdir=LR;
+        MS0 [label="MS"];
+        MS1 [label="MS"];
+        MS0->BTS [label="Um"];
+        MS1->BTS [label="Um"];
+        BTS->BSC [label="Abis"];
+        BSC->MSC [label="A"];
+        BTS->PCU [label="pcu_sock"];
+        PCU->SGSN [label="Gb"];
+        SGSN->GGSN [label="GTP"];
 }
 ----
 
@@ -58,7 +58,7 @@
 
 ==== GTP Implementation
 
-OsmoSGSN uses the libgtp implementation originating from OpenGGSN. It
+OsmoSGSN uses the libgtp implementation originating from OpenGGSN.It
 supports both GTPv0 and GTPv1.
 
 
@@ -68,13 +68,8 @@
 point. It supports the GPRS ATTACH and GPRS ROUTING AREA UPDATE
 procedures, as well as GPRS ATTACH and GPRS DETACH.
 
-However, as the SGSN currently does not implement any type of HLR
-access, it is not able to authenticate a subscriber or even check if the
-subscriber exists at all.  As such, all non-roaming subscribes are
-allowed to attach to OsmoSGSN.  Non-roaming means that the first 5
-digits of the IMSI must match the MCC and MNC of the cell that the
-subscriber is registering to.
-
+Please refer to <<auth-pol>> for more details how the Authorization
+policy is handled.
 
 ==== LLC Implementation
 
diff --git a/common/chapters/gb.adoc b/common/chapters/gb.adoc
index d01fa9b..199ef2c 100644
--- a/common/chapters/gb.adoc
+++ b/common/chapters/gb.adoc
@@ -67,14 +67,36 @@
 Encapsulation NS-UDP-IP     Local IP: 127.0.0.1, UDP Port: 23000
 Encapsulation NS-FR-GRE-IP  Local IP: 0.0.0.0
 ----
-FIXME
 
-FIXME: show ns stats
+.Example: Inspecting NS statistics
+----
+OsmoSGSN> show ns stats
+Encapsulation NS-UDP-IP     Local IP: 10.9.1.198, UDP Port: 23000
+Encapsulation NS-FR-GRE-IP  Local IP: 0.0.0.0
+NSEI  101, NS-VC 101, Remote: BSS, ALIVE UNBLOCKED, UDP 10.9.1.119:23000
+ NSVC Peer Statistics:
+  Packets at NS Level  ( In):     1024 (2/s 123/m 911/h 0/d)
+  Packets at NS Level  (Out):     1034 (0/s 151/m 894/h 0/d)
+  Bytes at NS Level    ( In):   296638 (1066/s 22222/m 274244/h 0/d)
+  Bytes at NS Level    (Out):   139788 (0/s 48225/m 91710/h 0/d)
+  NS-VC Block count         :        0 (0/s 0/m 0/h 0/d)
+  NS-VC gone dead count     :        0 (0/s 0/m 0/h 0/d)
+  NS-VC replaced other count:        0 (0/s 0/m 0/h 0/d)
+  NS-VC changed NSEI count  :        0 (0/s 0/m 0/h 0/d)
+  NS-VCI was invalid count  :        0 (0/s 0/m 0/h 0/d)
+  NSEI was invalid count    :        0 (0/s 0/m 0/h 0/d)
+  ALIVE ACK missing count   :        0 (0/s 0/m 0/h 0/d)
+  RESET ACK missing count   :        0 (0/s 0/m 0/h 0/d)
+ NSVC Peer Statistics:
+  ALIVE reponse time        :        0 ms
+----
 
 .Example: Inspecting BSSGP state
 ----
+OsmoSGSN> show bssgp
+NSEI   101, BVCI     2, RA-ID: 1-2-1-0, CID: 0, STATE: UNBLOCKED
+NSEI   101, BVCI     0, RA-ID: 0-0-0-0, CID: 0, STATE: UNBLOCKED
 ----
-FIXME
 
 FIXME: show nse
 

-- 
To view, visit https://gerrit.osmocom.org/1535
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I0164f418e453672321eed00bbc454c1e223ea158
Gerrit-PatchSet: 1
Gerrit-Project: osmo-gsm-manuals
Gerrit-Branch: master
Gerrit-Owner: ikostov <ikostov at sysmocom.de>



More information about the gerrit-log mailing list