aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorikostov <ikostov@sysmocom.de>2017-01-06 14:34:45 +0100
committerHarald Welte <laforge@gnumonks.org>2017-01-10 23:27:28 +0000
commit8e01a9d06fbabadf1621cb5592b3f6d1026d92d2 (patch)
tree7b3b0957a56d1c49896f253613e52f5480743899
parentc122abf12dcf70fdaa0c4145d14c07ec1e899a75 (diff)
SGSN: add Auth. policy, NS Statistics and BSSGP state examples, tweaks
Add semicoli in fig-gprs-pcubts digraph. Remove section from GMM Implementation about non-existence of HLR. The SGSN can access osmo-hlr via GSUP (and will have to do so in the libvlr future). Change-Id: I0164f418e453672321eed00bbc454c1e223ea158
-rw-r--r--OsmoSGSN/chapters/configuration.adoc37
-rw-r--r--OsmoSGSN/chapters/overview.adoc28
-rw-r--r--common/chapters/gb.adoc28
3 files changed, 72 insertions, 21 deletions
diff --git a/OsmoSGSN/chapters/configuration.adoc b/OsmoSGSN/chapters/configuration.adoc
index 8b259ed..a933d1b 100644
--- a/OsmoSGSN/chapters/configuration.adoc
+++ b/OsmoSGSN/chapters/configuration.adoc
@@ -67,6 +67,43 @@ OsmoSGSN(config-sgsn)# grx-dns-add 1.2.3.4 <3>
<2> Enable the dynamic GGSN resolving mode
<3> Specify the IP address of a DNS server for APN resolution
+[[auth-pol]]
+=== Authorization Policy
+
+Authorization determines whether a particular subscriber can access
+your network or not.
+
+The following 4 authorization policy options are available:
+
+`accept-all`: All IMSIs will be accepted.
+
+`acl-only`: Accept only IMSIs, which are explicitly white-listed
+by the Access Control List (ACL), and the rest will be rejected.
+
+`closed`: Accept only home network subscribers.
+The combination of MCC and MNC fully identifies a subscriber's
+home network, also known as a Home Network Identity (HNI, i.e.
+MCC and MNC found at the start of the IMSI, e.g. MCC 901 and
+MNC 700 with IMSI 901700000003080). The ACL is also heeded.
+
+`remote`: GSUP protocol is used to remotely access a HLR.
+Only remote subscription data will be used.
+
+.Example: Assign or change authorization policy:
+----
+OsmoSGSN> enable
+OsmoSGSN# configure terminal
+OsmoSGSN(config)# sgsn
+OsmoSGSN(config-sgsn)# auth-policy acl-only <1>
+OsmoSGSN(config-sgsn)# write <2>
+Configuration saved to sgsn.cfg
+OsmoSGSN(config-sgsn)# end
+OsmoSGSN# disable
+OsmoSGSN>
+----
+<1> 'acl-only' is selected as authorization policy
+<2> Saves current changes to cofiguration to make this policy
+persistent
=== Subscriber Configuration
diff --git a/OsmoSGSN/chapters/overview.adoc b/OsmoSGSN/chapters/overview.adoc
index 566124a..2ff92fa 100644
--- a/OsmoSGSN/chapters/overview.adoc
+++ b/OsmoSGSN/chapters/overview.adoc
@@ -23,16 +23,16 @@ OsmoNITB/OsmoBSC/OsmoBTS, the PCU is co-located within the BTS.
[graphviz]
----
digraph G {
- rankdir=LR;
- MS0 [label="MS"]
- MS1 [label="MS"]
- MS0->BTS [label="Um"]
- MS1->BTS [label="Um"]
- BTS->BSC [label="Abis"]
- BSC->MSC [label="A"]
- BTS->PCU [label="pcu_sock"]
- PCU->SGSN [label="Gb"]
- SGSN->GGSN [label="GTP"]
+ rankdir=LR;
+ MS0 [label="MS"];
+ MS1 [label="MS"];
+ MS0->BTS [label="Um"];
+ MS1->BTS [label="Um"];
+ BTS->BSC [label="Abis"];
+ BSC->MSC [label="A"];
+ BTS->PCU [label="pcu_sock"];
+ PCU->SGSN [label="Gb"];
+ SGSN->GGSN [label="GTP"];
}
----
@@ -68,14 +68,6 @@ The GPRS Mobility Management implementation is quite simplistic at this
point. It supports the GPRS ATTACH and GPRS ROUTING AREA UPDATE
procedures, as well as GPRS ATTACH and GPRS DETACH.
-However, as the SGSN currently does not implement any type of HLR
-access, it is not able to authenticate a subscriber or even check if the
-subscriber exists at all. As such, all non-roaming subscribes are
-allowed to attach to OsmoSGSN. Non-roaming means that the first 5
-digits of the IMSI must match the MCC and MNC of the cell that the
-subscriber is registering to.
-
-
==== LLC Implementation
The LLC (Logical Link Control) implementation of OsmoSGSN only supports
diff --git a/common/chapters/gb.adoc b/common/chapters/gb.adoc
index d01fa9b..199ef2c 100644
--- a/common/chapters/gb.adoc
+++ b/common/chapters/gb.adoc
@@ -67,14 +67,36 @@ OsmoSGSN> show ns
Encapsulation NS-UDP-IP Local IP: 127.0.0.1, UDP Port: 23000
Encapsulation NS-FR-GRE-IP Local IP: 0.0.0.0
----
-FIXME
-FIXME: show ns stats
+.Example: Inspecting NS statistics
+----
+OsmoSGSN> show ns stats
+Encapsulation NS-UDP-IP Local IP: 10.9.1.198, UDP Port: 23000
+Encapsulation NS-FR-GRE-IP Local IP: 0.0.0.0
+NSEI 101, NS-VC 101, Remote: BSS, ALIVE UNBLOCKED, UDP 10.9.1.119:23000
+ NSVC Peer Statistics:
+ Packets at NS Level ( In): 1024 (2/s 123/m 911/h 0/d)
+ Packets at NS Level (Out): 1034 (0/s 151/m 894/h 0/d)
+ Bytes at NS Level ( In): 296638 (1066/s 22222/m 274244/h 0/d)
+ Bytes at NS Level (Out): 139788 (0/s 48225/m 91710/h 0/d)
+ NS-VC Block count : 0 (0/s 0/m 0/h 0/d)
+ NS-VC gone dead count : 0 (0/s 0/m 0/h 0/d)
+ NS-VC replaced other count: 0 (0/s 0/m 0/h 0/d)
+ NS-VC changed NSEI count : 0 (0/s 0/m 0/h 0/d)
+ NS-VCI was invalid count : 0 (0/s 0/m 0/h 0/d)
+ NSEI was invalid count : 0 (0/s 0/m 0/h 0/d)
+ ALIVE ACK missing count : 0 (0/s 0/m 0/h 0/d)
+ RESET ACK missing count : 0 (0/s 0/m 0/h 0/d)
+ NSVC Peer Statistics:
+ ALIVE reponse time : 0 ms
+----
.Example: Inspecting BSSGP state
----
+OsmoSGSN> show bssgp
+NSEI 101, BVCI 2, RA-ID: 1-2-1-0, CID: 0, STATE: UNBLOCKED
+NSEI 101, BVCI 0, RA-ID: 0-0-0-0, CID: 0, STATE: UNBLOCKED
----
-FIXME
FIXME: show nse