eCNS600 V100R002

Feature Description

Draft

A

Date

2013-04-09

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2013. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.

Notice
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.
Address:

Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China

Website:

http://www.huawei.com

Email:

support@huawei.com

Draft A (2013-04-09)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd

i

eCNS600
Feature Description

Contents

Contents
1 Basic Features............................................................................................................................ 1
1.1 Basic Service ............................................................................................................................................. 1
1.1.1 eCNSFD-010200 Mobility Management ........................................................................................... 1
1.1.2 eCNSFD-010300 Security Management ............................................................................................ 3
1.1.3 eCNSFD-010400 Path Management .................................................................................................. 7
1.1.4 eCNSFD-010500 IP Address Allocation from Local Address Pool ..................................................... 8
1.1.5 eCNSFD-010600 Integrated Subscriber Data Management ................................................................ 9
1.1.6 eCNSFD-010700 Session Management ............................................................................................ 11
1.2 User Plane ................................................................................................................................................13
1.2.1 eCNSFD-030100 QoS and Traffic Management ...............................................................................13
1.3 IP Network Management ..........................................................................................................................13
1.3.1 eCNSFD-040100 Routing ................................................................................................................13
1.3.2 eCNSFD-040200 NTP .....................................................................................................................15
1.3.3 eCNSFD-040300 VLAN Supporting ................................................................................................16
1.3.4 eCNSFD-040500 Eth-Trunk.............................................................................................................18
1.3.5 eCNSFD-040600 OSPFv2 ...............................................................................................................19
1.3.6 eCNSFD-040700 VRF .....................................................................................................................21
1.3.7 eCNSFD-040800 Local Routing ......................................................................................................22
1.3.8 eCNSFD-040900 SGi Redirection ....................................................................................................23
1.4 Reliability.................................................................................................................................................25
1.4.1 eCNSFD-050200 Board Redundant Backup .....................................................................................25
1.5 Operation and Maintenance ......................................................................................................................26
1.5.1 eCNSFD-060100 Software Management ..........................................................................................26
1.5.2 eCNSFD-060300 Performance Management ....................................................................................27
1.5.3 eCNSFD-060400 Fault Management ................................................................................................29
1.5.4 eCNSFD-060500 Equipment Management .......................................................................................30
1.5.5 eCNSFD-060600 Configuration Management ..................................................................................32
1.5.6 eCNSFD-060700 Security Management ...........................................................................................33
1.5.7 eCNSFD-060800 Online Documentation ..........................................................................................35
1.5.8 eCNSFD-060900 Tracing Function ..................................................................................................36
1.5.9 eCNSFD-061000 Log Management .................................................................................................40
1.5.10 eCNSFD-061100 Daylight Saving Time .........................................................................................40
1.6 Interface Function.....................................................................................................................................41
Draft A (2013-04-09)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd

ii

eCNS600
Feature Description

Contents

1.6.1 eCNSFD-070100 S1 Interface ..........................................................................................................41
1.6.2 eCNSFD-070200 SGi Interface ........................................................................................................43
1.6.3 eCNSFD-070300 S10 Interface ........................................................................................................44
1.6.4 eCNSFD-070400 S5 Interface ..........................................................................................................46
1.6.5 eCNSFD-070500 S8 Interface ..........................................................................................................47
1.6.6 eCNSFD-070600 Ga Interface .........................................................................................................49
1.6.7 eCNSFD-070700 S6a Interface ........................................................................................................50
1.7 Basic Platform ..........................................................................................................................................52
1.7.1 eCNSFD-080300 Linux Security Hardening.....................................................................................52

2 Optional Features ................................................................................................................... 56
2.1 Security Management ...............................................................................................................................56
2.1.1 eCNSFD-110001 NAS Encryption and Integrity Protection (AES) ...................................................56
2.1.2 eCNSFD-110002 NAS Encryption and Integrity Protection (SNOW3G) ...........................................57
2.1.3 eCNSFD-110003 O&M SSL ............................................................................................................58
2.2 Service Management ................................................................................................................................59
2.2.1 eCNSFD-110004 Static IP Address Allocation ..................................................................................59
2.2.2 eCNSFD-110005 Multiple PDN Connection ....................................................................................60
2.2.3 eCNSFD-110008 SPI-based QoS Profile Control..............................................................................61
2.2.4 eCNSFD-110009 Offline Charging ..................................................................................................62
2.2.5 eCNSFD-110011 UE IP Address assigned by the Radius AAA Server ...............................................66
2.2.6 eCNSFD-110012 E2E Subscriber Tracing ........................................................................................69
2.3 Reliability.................................................................................................................................................71
2.3.1 eCNSFD-110006 eCNS Redundancy ...............................................................................................71
2.4 Networking ..............................................................................................................................................72
2.4.1 eCNSFD-110007 Bidirectional Forwarding Detection (BFD) ...........................................................72
2.4.2 eCNSFD-110010 Routing Behind MS ..............................................................................................74
2.4.3 eCNSFD-110013 UE Fixed IP MultiHoming ....................................................................................76

Draft A (2013-04-09)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd

iii

. Description EMM controls the access of a UE to the E-UTRAN and traces location information about the UE. Summary EMM controls the access of a UE to the evolved universal terrestrial radio access network (E-UTRAN) and traces location information about the UE. The location information includes information about the tracking area (TA) and the eCNS where the UE is located. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.eCNS600 Feature Description 1 Basic Features 1 Basic Features 1.1. Ltd 1 . it enables UEs to move in an enterprise's network. EMM is implemented in the following procedures:  Attach  Detach  Tracking area update (TAU)  Service request  Handover  Paging  Purge Benefits As a basic feature of the eCNS.1 Basic Service 1.1 eCNSFD-010200 Mobility Management Applicable NEs eCNS Availability The EPS mobility management (EMM) was introduced in eCNS600 V100R001.

Service request A service request is used to change the ECM state from ECM-IDLE to ECM-CONNECTED and to establish radio and S1-U bearers during the transfer of uplink and downlink data. it initiates a service request procedure in the following scenarios: − The downlink signaling or data needs to be transmitted from the network side.  TAU In an EPS network. For example. − The uplink signaling or data needs to be transmitted from the UE side. the network initiates a paging procedure. d) The TAU procedure is triggered during a handover procedure. f) The RRC connection has failed. The policy and charging control (PCC) rules that apply to the default EPS bearer can be predefined in the PDN GW and activated by the PDN GW itself in the attach procedure. you can define these TAs as a TA list. Ltd 2 . When the UE is in ECM-IDLE mode. a service request procedure is initiated by a UE. a default EPS bearer. e) The periodic TAU timer has expired. b) The access type of the UE is changed. the basic unit of location management is TA. A UE initiates a TAU procedure in the following scenarios:  a) The UE detects that the current TA identity does not exist in the TA identity (TAI) list on the network where the UE is registered. A TA list can contain one or more TAs. Generally.. This triggers a UE to initiate a service request procedure as the paging response. when a UE frequently moves between several TAs. This prevents the TAU procedure from being generated.   Draft A (2013-04-09) S1 refers to the interface between the eNodeB and the eCNS. When the downlink data or information is transferred in ECM-IDLE mode.  ECM states are classified into ECM-IDLE and ECM-CONNECTED. The eCNS supports S1-based handover. is established. which provides a permanent IP connection. A TA list can be dynamically generated or statically configured. c) The load balancing TAU is required. During the attach procedure. Detach Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. a handover procedure is triggered after the E-UTRAN determines that reselection is required. and. prevents a UE from frequently initiating TA update procedures.eCNS600 Feature Description 1 Basic Features UE states in the E-UTRAN are divided into EMM states and EPS connection management (ECM) states:  EMM states are classified into EMM-DEREGISTERED and EMM-REGISTERED. This registration procedure is called network attach.  Handover When the UE is in the ECM-CONNECTED state. The main EMM procedures are described as follows:  Attach A UE must register on the network before using network services.

. such as GUTI or IMSI. Service description"  3GPP TS 23. the MME notifies the HSS of the removal through a purge procedure.eCNS600 Feature Description 1 Basic Features The detach procedure is used in the following scenarios: − A UE is detached from the EPS service.  Paging function This is the PS domain paging function. "Mobile radio interface Layer 3 specification. the network performs the subsequent signaling flow or data transfer. the network cannot obtain the UE location information. Stage 3"  3GPP TS 36. the EPS bearer contexts of the UE are deactivated locally. "Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS). "General Packet Radio Service (GPRS). After obtaining a response from the subscriber. "Evolved Universal Terrestrial Radio Access Network (E-UTRAN).401.Stage 3"  3GPP TS 25. S1 Application Protocol (S1AP)" 1.413. and the originating party informs the other party of this event.301. "General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access"  3GPP TS 24. After a UE is detached from the network.2 eCNSFD-010300 Security Management The security management feature can: Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1. − A UE is disconnected from the last PDN connection. in a known area. A UE can be detached explicitly or implicitly. the network side performs implicit detach to a UE when it determines that the UE is unreachable. For example. "UTRAN Iu Interface RANAP Signaling"  3GPP TS 24. The network originates paging by using a certain ID of a subscriber. Ltd 3 . Core Network protocols .  Purge After removing the subscription data and MM context of a detached UE. − The network informs a UE that it cannot be connected to the EPS.413.060.008. − Explicit detach: A UE or network side requests the detach. The detach procedure is classified into three types: − Detach procedure initiated by a UE − Detach procedure initiated by an eCNS After the detach procedure is complete. − Implicit detach: A network side detaches a UE without informing the UE. Standards  3GPP TS 23. Enhancement None Dependency This feature does not depend on other features.

eCNS600
Feature Description

1 Basic Features

Identify and authenticate users.

Ensure that only legal users can access the network.

Guarantee confidentiality of user identity, user data, and signaling transfer.

The security management feature consists of the following sub-features:

Authentication

User ID confidentiality

Identity check

1.1.2.1 eCNSFD-010301 Authentication
Applicable NEs
eCNS

Availability
The EPS authentication was introduced in eCNS600 V100R001.

Summary
The authentication feature is used in subscriber identification, authentication, and
synchronization of the encryption key. This feature checks the validity of a subscriber's
service requests to ensure that only legal subscribers can use network services. The
authentication procedure is performed in association with EMM procedures.
The authentication function has two types: authentication of the network by a UE and
authentication of a UE by the network.

Benefits
As a basic feature of the eCNS, it prevents illegal users from accessing the network, and
ensures service operation profits.
Subscribers who require high security can use this function to prevent their access to
unacknowledged networks, and eliminate possible security risks.

Description
The EPS authentication is based on a USIM. An EPS authentication vector is composed of a
quartet, namely, RAND, AUTN, XRES, and KASME.

Random Challenge (RAND)
A RAND is a random value that the network provides to a UE. The length is 16 octets.

Authentication Token (AUTN)
An AUTN is used to provide the information for a UE so that the UE can use the AUTN
to authenticate the network. The length is 17 octets.

Expected Response (XRES)
An XRES is an expected response parameter of UE authentication. It is compared with
the RES or RES+RES_EXT generated by a UE to determine whether the authentication
is successful. The length ranges from 4 to 16 octets.

Draft A (2013-04-09)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd

4

eCNS600
Feature Description

1 Basic Features

Key ASME (KASME)
A KASME is a root encryption key deduced from the CK/IK and the public land mobile
network (PLMN) ID of the ASME (MME). The length is 32 octets.
Access Security Management Entity (ASME): In E-UTRAN access mode, the MME serves as an
ASME.

Figure 1-1 shows the EPS authentication procedure.
Figure 1-1 EPS authentication procedure

1. The eCNS sends the Authentication Request message to the UE to trigger the authentication
procedure. The authentication vectors, such as RAND, AUTN, and Key Set Identifier
(KSIASME) are contained in the message.
2. The UE sends the Authentication response message to the eCNS.

The UE authenticates the network based on the AUTN. If the authentication fails, the UE
returns the Authentication Failure message to the MME, indicating the cause.

If the authentication is successful, the UE calculates the RES based on the RAND and
returns the RES to the MME. The MME compares the XRES in the authentication vector
set with the returned RES. If they are consistent, the authentication succeeds. Otherwise,
the authentication fails. In this case, the MME sends the Authentication Reject message
to the UE.

If the authentication succeeds, the UE calculates and saves the KASME value for later
encryption and integrity protection.

----End
In addition to basic authentication features, the eCNS provides the feature to obtain
authentication sets in advance. The CNS can request authentication sets before all
authentication sets are used up. Therefore, the duration of the procedure for the UE to access
to the eCNS is shortened and user experience is improved.

Enhancement
None

Dependency
This feature does not depend on other features.

Draft A (2013-04-09)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd

5

eCNS600
Feature Description

1 Basic Features

Standards

3GPP TS 33.102, "3G Security; Security architecture"

3GPP TS 33.401, "3GPP System Architecture Evolution (SAE); Security architecture"

1.1.2.2 eCNSFD-010302 User Identity Confidentiality
Applicable NEs
eCNS

Availability
The EPS user identity confidentiality was introduced in eCNS600 V100R001.

Summary
The EPS user identity confidentiality is implemented through GUTI allocation. The GUTI is
used to provide a unique temporary UE identity in the EPS network. This identity does not
reveal the permanent UE identity on the LTE-Uu interface.

Benefits
As a basic feature of the eCNS, user identity confidentiality prevents the IMSIs of UEs from
being stolen, improving network security.

Description
A GUTI consists of the following parts:

GUMMEI: A GUMMEI consists of a mobile country code (MCC), a mobile network
code (MNC), and an eCNS identity.

M-TMSI: A 32-bit M-TMSI uniquely identifies a UE in an eCNS.

The GUTI can be implicitly allocated in the attach or TAU procedure or explicitly allocated in
the GUTI reallocation procedure.

Enhancement
None

Dependency
This feature does not depend on other features.

Standards

3GPP TS 24.301, "Non-Access-Stratum (NAS) protocol for Evolved Packet System
(EPS); Stage 3"

3GPP TS 24.008, "Mobile radio interface Layer 3 specification; Core Network protocols
- Stage 3"

Draft A (2013-04-09)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd

6

eCNS600
Feature Description

1 Basic Features

1.1.2.3 eCNSFD-010304 Identity Check
Applicable NEs
eCNS

Availability
The EPS identity check was introduced in eCNS600 V100R001.

Summary
The network requests different user identities, such as IMSI and IMEI, to check the real
identity of a UE.

Benefits
This is a basic feature of the eCNS.

Description
When a UE attaches to the network using a GUTI, to obtain the real identity of the UE, the
network sends the UE an Identity Request for IMSI, IMEI, or IMEISV. Then the UE returns
an Identity Response to notify the network of its identity.
After obtaining the real identity of the UE, the network checks the user identity with the
HLR/HSS or EIR. For details, see section 1.1.2.1 eCNSFD-010301 Authentication.

Enhancement
None

Dependency
This feature does not depend on other features.

Standards

3GPP TS 24.301, "Non-Access-Stratum (NAS) protocol for Evolved Packet System
(EPS); Stage 3"

3GPP TS 24.008, "Mobile radio interface Layer 3 specification; Core Network protocols
- Stage 3"

1.1.3 eCNSFD-010400 Path Management
Applicable NEs
eCNS

Availability
This feature was introduced in eCNS600 V100R001.

Draft A (2013-04-09)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd

7

The eCNS can send the path management message on all paths in use. Ltd 8 . and clear invalid paths.060.eCNS600 Feature Description 1 Basic Features Summary The system can manage the paths by using path detection messages. The path management feature is used to detect whether the peer GTP Entity is available. "GPRS Tunneling Protocol (GTPv0) across the Gn and Gp interface" 1.1. and peer port.4 eCNSFD-010500 IP Address Allocation from Local Address Pool Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001. Enhancement None Dependency This feature does not depend on other features. Benefits The communication between devices can be ensured. When a path is detected as faulty. If no signaling or data is sent or received on a path for a long period. the eCNS may deactivate all PDP/EPS bearer contexts related to the path so that data packets are no longer along this path.60. namely. peer IP address. the eCNS determines that the path is invalid and clears the path. local port. The path management messages are usually sent and received between the GTP entities. local IP address.. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Summary The eCNS allocates IPv4 addresses to UEs from its local address pool. Description A GTP path is determined by a quaternary. "GPRS Tunneling Protocol (GTPv1) across the Gn and Gp interface"  3GPP TS 09. Standards  3GPP TS 29.

401..5 eCNSFD-010600 Integrated Subscriber Data Management Applicable NEs eCNS Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Note that dynamic IP addresses are carried in access response messages sent by the RADIUS server.eCNS600 Feature Description 1 Basic Features Benefits This feature provides an enhancement to eCNSFD-110004 Static IP Address Allocation and enables the eCNS to automatically create routes to UEs. Static allocation is an optional feature and is under license control. Description A UE must obtain at least one IP address before it is able to access PS services.  IP address allocation from the RADIUS server In this mode. In addition. 3GPP TS 23. the eCNS allocates a dynamic IP address to a UE from the local address pool during the activation of a bearer for the UE. This module matches the IMSI of each UE to an IP address range planned by the enterprise customer. The local address pool contains the IP addresses planned by the enterprise customer. This IE contains protocol information (including an IP address field) the UE must obtain before it is able to access an external PDN. this IE indicates the method the UE expects to use to obtain an IP address. the eCNS allocates IP addresses to UEs from its integrated subscriber data module. This mode is a pure static IP address allocation mode. "General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access" 1. Standards 3GPP TS 23. which requires complex configurations. Ltd 9 . This mode is applicable to enterprise customers or internet service providers (ISPs) who manage the RADIUS server and plan IP addresses for their internal users.1.401 defines three modes of allocating IP addresses to UEs:  IP address allocation from the local address pool In this mode. Enhancement None Dependency This feature does not depend on other features.  Static IP address allocation In this mode. the eCNS allocates dynamic IP addresses obtained from the RADIUS server during UE authentication in the bearer activation procedure. A PDN Address Allocation IE is specified during the setup of a default bearer for the UE.

Benefits This feature meets the requirements of the enterprise customer for higher space utilization.. the eCNS does not interconnect with their service delivery systems. − Cancels a USIM card The eCNS removes the information about a USIM card.  Differentiated service delivery system For end users. − Defines a subscriber The eCNS enables services for a subscriber and allocates a phone number to the subscriber. Description Compared with the HSS. Summary The eCNS implements the subscriber data management function. low power consumption. GSM-HSS. the eCNS has the following unique characteristics in terms of subscriber data management:  Integrated subscriber data management interface The eCNS does not need to provide a standard S6a interface. The eCNS manages subscriber data as follows: − Defines a USIM card The eCNS accepts the input of the information about a USIM card. simple service delivery system. − Deregisters a subscriber The eCNS disables services for a subscriber and removes the information about this subscriber. the eCNS delivers services using MML commands. − Allows the query of static subscriber information The eCNS allows the query of static subscriber information. but not an IMS-HSS. − Manages EPS QoS templates The eCNS allows the enterprise customer to create EPS QoS templates and set default QoS parameters. which is generally provided by the home subscriber server (HSS) in an EPC. Ltd 10 . independent service management. or UMTS-HSS. − Manages APN templates The eCNS allows the enterprise customer to create access point name (APN) templates. and capability to terminate LTE local services. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.eCNS600 Feature Description 1 Basic Features Availability This feature was introduced in eCNS600 V100R001. For enterprise customers. including subscribed services and locking status.  Differentiated subscriber data management The eCNS stores and manages subscriber data and simplifies data templates. The eCNS can substitute for an LTE-HSS.

Benefits As a basic feature of the eCNS. Summary The objective of EPS session management (ESM) is to manage EPS bearers. EPS bearers are created to meet requirements of QoS management and provide control for a bearer granularity. Each PDN connection consists of at least one EPS bearer.6 eCNSFD-010700 Session Management Applicable NEs eCNS Availability The EPS session management (ESM) was introduced in eCNS600 V100R001. Description The ESM procedure can be initiated by the network or requested by a UE. The ESM involves the following procedures:  Default EPS bearer context activation This procedure is used to set up a default EPS bearer context between a UE and the EPC. "Mobile Application Part (MAP) specification" 1. the EPS provides an IP connection. between a UE and the PDN. it enables subscribers to connect to an external PDN and perform data services. Through the E-UTRAN and EPC networks. Ltd 11 . Standards  3GPP TS 23. Enhancement None Dependency This feature does not depend on other features.1..008. known as the PDN connection.eCNS600 Feature Description 1 Basic Features − Manages PDP context templates The eCNS allows the enterprise customer to create PDP context templates.  Dedicated EPS bearer context activation This procedure is used to set up the special QoS and traffic flow template (TFT) bearer contexts between a UE and the EPC. The EPS bearer refers to the logical combination of one or more service data flows (SDFs).  Draft A (2013-04-09) EPS bearer context modification Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.002. "Organization of subscriber data"  3GPP TS 29. It can be part of the attach procedure or an independent procedure.

In this procedure. "UTRAN Iu Interface RANAP Signaling"  3GPP TS 29. Ltd 12 . "General Packet Radio Service (GPRS). "GPRS Tunneling Protocol (GTPv1) across the Gn and Gp interface"  3GPP TS 24. and not by the UE-requested PDN connection. the connection to the PDN is disconnected.413. S1 Application Protocol (S1AP)"  3GPP TS 29. Stage 3"  3GPP TS 36.eCNS600 Feature Description 1 Basic Features This procedure is used to modify the QoS and TFT of the EPS bearer context. related to the PDN are released. "Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS). all the EPS bearer contexts.  EPS bearer context deactivation This procedure is used to deactivate one.  UE-requested EPS bearer resource modification The procedure involves the allocation and release of UE-requested EPS bearer resources. It can also initiate the guaranteed bit rate (GBR) request or change the existing GBR. Standards  3GPP TS 23. or all the EPS bearer contexts to the PDN. Tunneling Protocol for Control plane (GTPv2-C).Stage 3"  3GPP TS 25. If all the EPS bearer contexts to the PDN are deactivated. "Evolved General Packet Radio Service (GPRS). The UE can request or modify a specified QoS.060. NOTE The UE-initiated detach procedure is used to release all bearers. Enhancement None Dependency This feature does not depend on other features. NOTE The last PDN connection can be disconnected only by the detach procedure initiated by the UE or the MME.401.274. Core Network protocols . The allocation part involves allocating EPS bearer resources to new SDFs on request from the UE.301. "Evolved Universal Terrestrial Radio Access Network (E-UTRAN). "General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access"  3GPP TS 24. several.413. Stage 3" Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.060.008. The release part involves releasing the EPS bearer resources related to a specified SDF on request from the UE. "Mobile radio interface Layer 3 specification. including the default bearer context. Service description"  3GPP TS 23..  UE-requested PDN disconnection This procedure is used when the UE requests to be disconnected from the PDN.

Enhancement None Dependency This feature does not depend on other features.1.1 eCNSFD-040101 Static Routes and Default Routes. QCI.3 IP Network Management 1.1 eCNSFD-030100 QoS and Traffic Management For details. Benefits As a basic feature of the eCNS. see section 1.1.. APN-AMBR. and UE-AMBR.eCNS600 Feature Description 1 Basic Features 1. EPS QoS parameters contain uplink/downlink GBR. see section 1.3.1.2 User Plane 1.2. Summary The eCNS supports EPS QoS control at the bearer level.1 eCNSFD-040100 Routing For details. allocation/retention priority (ARP).401. Standards 3GPP TS 23.1 eCNSFD-030101 EPS QoS.2. it guarantees the end-to-end QoS in the EPS network.1 eCNSFD-030101 EPS QoS Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001.3. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.2. Ltd 13 . "General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access" 1. Description EPS QoS parameters are included in the EPS bearer context. 1. uplink/downlink maximum bit rate (MBR).

Specifically. Default routes are special routes and can also be manually configured. If they are assigned different priorities. If these routes are assigned the same priority. the configured static routes are added to a routing table. Together with other routes. and PDNs.. together with routers. they work in route backup mode. Detection Bidirectional forwarding detection (BFD) is used to check the next hop of one or more static routes. Benefits This feature provides multiple route options for the enterprise customer. it searches the routing table for a next-hop router or an interface by the specified destination address and subnet mask. the associated static routes are added back to the routing table. If BFD detects that the next hop is unreachable. which are manually configured by network administrators. Static routes help implement security policies.1 eCNSFD-040101 Static Routes and Default Routes Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001. the associated static routes are removed from the routing table. The eCNS uses static routes to communicate with a network or equipment. Summary The eCNS. implements routing using static routes. default routes ensure that packets are forwarded when no matched entries are found in the routing table.eCNS600 Feature Description 1 Basic Features 1. Only authorized network administrators are allowed to modify the routing table. Description Static routes apply to networks with simple architectures and static network topologies. Default routes are used only when no matched entries are found in the routing table. Before the eCNS sends signaling.1. eNodeBs. Multiple static routes can be configured for the same destination address. The configuration for default routes is simple and robust. user data.3. Default routes can be manually configured by network administrators or generated using dynamic routing protocols such as Open Shortest Path First (OSPF) and Intermediate System to Intermediate System (IS-IS). The eCNS use static routes to communicate with OM networks. Implementation Static routes are added to the routing table after being configured by network administrators. or OM packets. Ltd 14 . they work in load sharing mode. When the next hop becomes reachable. Application Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.

The eCNS periodically obtains the standard time from an NTP server located on a PS network and adjusts the system time based Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.eCNS600 Feature Description 1 Basic Features In a network with a simple structure.. Ltd 15 . Summary The Network Time Protocol (NTP) is used to synchronize the time across the entire network. the route management system can check the BFD session status to determine whether the IPv4 static routes in the public network are reachable. If BFD is enabled.2 eCNSFD-040200 NTP Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001. "Structure and Identification of Management Information for TCP/IP-based Internets" 1. Standards  RFC 791. Enhancement None Dependency Application Limitations When the network is faulty or the network topology is changed. Default routes can meet the requirements for simultaneous communication by a large number of users. The eCNS supports NTPv3 and serves as an NTP client. static routes can be configured to ensure that the network works properly. Correct static route settings provide network security and save bandwidth resources for important applications. Interaction with Other Features Table 1-1 Interaction with other features Related Feature Interaction eCNSFD-110007 Bidirectional Forwarding Detection (BFD) Static routes do not have self-healing capabilities and require intervention from the network administrators when faults occur.3. Default routes are used to reduce the time for selecting routes and the bandwidth for forwarding packets. "Internet Protocol"  RFC 1155. the static routes become unavailable and must be reconfigured by network administrators.

Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.3. "Network Time Protocol" 1. Description The NTP protocol is a TCP/IP protocol that is used to synchronize time on all devices across the network.eCNS600 Feature Description 1 Basic Features on this standard time. Ltd 16 . NTP is based on the UDP protocol. Enhancement None Dependency This feature does not depend on other features. The eCNS implements VLAN functions by setting VLAN IDs on sub-interfaces. RFC 1305 stipulates the complex algorithm used by NTP to guarantee accuracy of time synchronization. To prevent time deviation. the time on the network needs to be synchronized with the external standard time. The eCNS periodically obtains the standard time from an NTP server or OMC server and adjusts the time across the entire network based on this standard time. If VLANs are implemented based on layer 3 networking. Standards RFC 1305. sub-interfaces are configured on Ethernet ports or trunks and defined as the members of VLANs to distinguish users or services. Summary A virtual local area network (VLAN) is a logical network comprising multiple physical network devices.. The eCNS supports connecting to a remote NTP server in client mode. and guarantees the accuracy and consistency of functions such as performance measurement. Benefits The NTP protocol ensures the time consistency of all NEs on a network.3 eCNSFD-040300 VLAN Supporting Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001. Different VLANs communicate with each other through routes. A VLAN forms a broadcast domain.

Interaction with Other Features Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. switches. Ltd 17 . simplify network management. 02 eCNS600 V100R002 Added the function of binding VLANs and sub-interfaces. or firewalls. Traffic can be isolated by adding interfaces to different VLANs.. reduce equipment investments. Dependency Application Limitations This feature is applicable only when the routers. or firewalls that are directly connected to the eCNS are assigned to different VLANs. and improve network security and reliability.  Increases the number of available interfaces If the ports on the eCNS are insufficient for connecting to the routers. switches. This helps control network traffic. The eCNS can also assign the interfaces between PDNs to different VLANs to isolate users. it can assign the interfaces between NEs to different VLANs to implement traffic isolation. eCNSFD-040 300.eCNS600 Feature Description 1 Basic Features Benefits Broadcast traffic and unicast traffic in a VLAN are not forwarded to other VLANs. and firewalls that are directly connected to the eCNS also support VLAN functions. switches. These sub-interfaces must also be assigned to the corresponding VLANs.  Adapts to the peer If the routers. the relevant ports on the eCNS must be divided into sub-interfaces. Description The eCNS provides the following VLAN functions:  Isolates traffic When the eCNS uses a set of switching equipment to construct a LAN. 01 eCNS600 V100R001 First official release. If a sub-interface on the eCNS is configured with a VLAN ID. the layer-2 or layer-3 device that is directly connected to the eCNS must also be configured with the same VLAN ID. these ports can be divided into sub-interfaces and VLAN IDs can be configured on these ports. Enhancement Table 1-2 Release history and enhancement Feature Version Product Version Details eCNSFD-040 300.

Ltd 18 . Summary Eth-trunk supports traffic load sharing between multiple Ethernet interfaces.4 eCNSFD-040500 Eth-Trunk Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001. Therefore. Otherwise. Network congestion occurs when all the traffic is transmitted over a single link. The destination of the traffic remains unchanged. When one physical link connected to the member interface is faulty.  Load sharing support. Description Trunk is a bundling technology. traffic is switched to other available links connected to the member interface. Load sharing can be achieved among member interfaces of the Trunk interface. and ensures load sharing. The trunk link can be regarded as a point-to-point direct link.. Benefits This feature increases the bandwidth. packets cannot be forwarded between VLANs. In this case. 1. The total bandwidth of the Trunk interface is the sum of the bandwidth of each member interface. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.3. or two routers. Multiple Ethernet physical interfaces can be bound into a logical interface that is known as an Eth-trunk interface. or one switch and one router. Physical interfaces that are bound are called member interfaces. which improves network reliability. The trunk interface prevents network congestion by distributing the traffic among different links. The two ends of a trunk link can be two switches. the bandwidth of the trunk interface is multiplied.eCNS600 Feature Description 1 Basic Features Table 1-3 Interaction with other features Related Feature Interaction eCNSFD-040100 Routing Route information must be configured on the eCNS. the reliability of the entire Trunk link is improved. improves the reliability of networking.  Improved reliability. The advantages of the Trunk technology are as follows:  Increased bandwidth.

OSPF has the following characteristics:  Draft A (2013-04-09) Fast convergence: OSPF sends link state update packets within the autonomous system (AS) immediately after detecting changes in the network topology. Ltd 19 . OSPF is more applicable to large complex networks. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.3AD Amendment to carrier sense multiple access with collision detection (CSMA/CD) access method and physical layer specifications-aggregation of multiple link segments 1. OSPF is a link-state-based IGP developed by Internet Engineering Task Force (IETF). Description The eCNS supports OSPFv2. Summary Open Shortest Path First (OSPF) is an Interior Gateway Protocol (IGP) based on link states.3. It supports networks in different scales and allows hundreds of routers deployed in a network.eCNS600 Feature Description 1 Basic Features Dependency Table 1-4 Interaction with other features Feature Interaction eCNSFD-040700 VRF Eth-Trunk supports to be joined in VRF。 eCNSFD-040600 OSPFv2 eCNS and PE device can learn dynamic routes by Eth-Trunk through OSPF route protocol. Standards IEEE 802.5 eCNSFD-040600 OSPFv2 Applicable NEs eCNS Availability This feature is introduced in eCNS600 V100R002. The eCNS uses OSPF Version 2 (OSPFv2) on the SGi interface to exchange routing information with peer equipment and implement network topology sharing. at same time it raised up the reliability of transmission because of the mesh network.. Benefits This feature enables data packet routing over the SGi interface between an EPC and an external data network and allows flexible networking based on the customer requirements.

eCNS600 Feature Description 1 Basic Features  Loop-free routing: OSPF computes the shortest path tree for each route based on link states by using a shortest path first algorithm that can ensure loop-free routing. OSPF uses abstract routing information between areas to reduce the network bandwidth usage. The eCNS uses OSPFv2 only on the SGi interface. Standards  Draft A (2013-04-09) RFC 791. eCNSFD-040500 Eth-Trunk eCNS and PE device can learn dynamic routes by Eth-Trunk through OSPF route protocol. eCNSFD-040700 VRF VRF isolates routes through VRF-route binding and forwards data based on routing tables and virtual private network (VPN) IDs. Interaction with Other Features Table 1-5 Interaction with other features Feature Interaction eCNSFD-110007 Bidirectional Forwarding Detection (BFD) BFD increases the OSPF convergence rate by rapidly detecting link faults between neighboring routers. each router computes its shortest path tree with the router itself being the root and other routers being leafs. border gateway protocols such as BGP-4 need to be used. Based on this database. Ltd 20 . and external type 2. eCNSFD-040100 Routing The routing feature uses routing policies to control issue. these types are intra-area. In descending order of priorities. Each router gathers its link state information and broadcasts it within the entire AS using a flooding algorithm so that the AS can maintain one link state database. inter-area.  Support of packet authentication: OSPF performs interface-based packet authentication to ensure the security of route computing. "Internet Protocol" Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Enhancement None Dependency Application Limitations OSPFv2 is an IGP and can be used only within an AS. For routing between different ASs. external type 1.  Area-based administration: OSPF allows the AS to be divided into routing areas for administration.. and reference of OSPF routing information.  Route hierarchy: OSPF divides routes into four types.  Support of equal-cost routes: OSPF supports multiple equal-cost routes to the same destination address.  Support of packet multicast Routers in the AS use OSPF to process routing tables. reception.

Each VRF has a separate routing table and address space. Ltd 21 . A eCNS can be logically divided into multiple virtual eCNS through VRF. "Structure and Identification of Management Information for TCP/IP-based Internets"  RFC 1131. "OSPF specification"  RFC 1247.eCNS600 Feature Description 1 Basic Features  RFC 1155. APN traffic can be separated to ensure network security. Benefits This feature facilitates connections between the eCNS and intranets because the address spaces of APNs of carriers' private networks can be reused. VPN instances can be created on the eCNS to implement VRF. logical interfaces. and operation and maintenance (OM) data can be separated. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.. which conserves public IP addresses. and the functions of multiple logically separated virtual eCNS can be implemented on one eCNS device. By taking advantage of this feature on the eCNS. Interfaces of different VPN instances can use the same IP address. In addition. Service application: By binding APNs to VRF. and routes to VRF.3. It enables the functions of multiple virtual routing devices to be implemented on a single routing device.6 eCNSFD-040700 VRF Applicable NEs eCNS Availability This feature is introduced in eCNS600 V100R002. eCNS supports VRF. "OSPF Version 2" 1. and the traffic of the signaling plane. Therefore. multiple virtual routing areas are available on one eCNS to realize the separation of addresses and routes among APNs. Each virtual eCNS works independently as a eCNS and has its own routing table and interface for data forwarding. It is also used to logically define a physical device. traffic of different services can be separated. you can bind each APN to a separate VPN to divide the traffic of different APNs. Summary Virtual routing and forwarding (VRF) is a means of implementing the virtual private network (VPN) function. the information in the VPN is secure. Networking application: The problem of insufficient IP addresses can be solved by binding physical interfaces (or Eth-trunk interfaces or sub-interfaces). user plane. the APN resources of a VPN will not be used by other VPNs or subscribers of other VPNs on the network. Description A VPN keeps the transferred data private from other VPNs. Through traffic separation and network division.

.7 eCNSFD-040800 Local Routing Applicable NEs eCNS Availability This feature is introduced in eCNS600 V100R002. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. address resources can be reused. BFD should be activated in VRF in order that eCNS could switch route when old route is fault.3. eCNSFD-040500 Eth-Trunk Eth-Trunk supports to be joined in VRF。 eCNSFD-110010 Routing Behind MS Different UEs which support “Routing Behind MS” can be separated by different VRFs。 Standards RFC 2764. while one OSPF process belongs to only one VRF. Summary This feature enables the eCNS to directly forward packets between UEs connected to this eCNS. Ltd 22 . eCNSFD-110007 Bidirectional Forwarding Detection(BFD) In the network scenario of dual active ports with static routes. eCNSFD-040600 OSPFv2 One VRF support more than OSPF process. Enhancement None Dependency Table 1-6 Interaction with other features Feature Interaction eCNSFD-040900 SGi Redirection VRF does not take effect if SGi redirection is enabled.eCNS600 Feature Description 1 Basic Features Resource application: By binding address pools to VRF. "IP Based Virtual Private Networks" 1.

as shown in Figure 1-2. Ltd 23 . If the eCNS has admitted the target UE.eCNS600 Feature Description 1 Basic Features Benefits This feature does not require additional network equipment on the SGi interface for packet forwarding between UEs and therefore reduces end-to-end forwarding delay. the eCNS directly forwards the packet to the target UE. Description After the eCNS receives an uplink packet from a UE.. Figure 1-2 Local routing Enhancement None Dependency Table 1-7 Interaction with other features Feature Interaction eCNSFD-040900 SGi Redirection Local routing does not take effect if SGi redirection is enabled. Standards None 1.8 eCNSFD-040900 SGi Redirection Applicable NEs eCNS Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. the eCNS checks the target UE.3.

Benefits This feature protects enterprise customers' networks and ensures end users' communication security. Ltd 24 . Instead. a firewall) in the PDN. Uplink packets of UE 1 are sent through physical port a to the firewall. Description Most firewalls do not support bidirectional packet transmissions through an interface. After being filtered by the firewall.. Summary This feature prohibits the eCNS from directly forwarding packets between UEs. packet security cannot be ensured.eCNS600 Feature Description 1 Basic Features Availability This feature is introduced in eCNS600 V100R002. The blue line in this figure represents the direction of redirected packets. uplink packets from UEs are not filtered by the firewall. the packets are sent through physical port b to the eCNS. Instead. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. the packets are directly forwarded by the eCNS. Figure 1-3 Packet forwarding when SGi redirection is enabled If SGi redirection is disabled. In this situation. this feature redirects uplink packets through the SGi interface to a specified device (for example. as shown in Figure 1-4. Therefore. the configurations as shown in Figure 1-3 are required for SGi redirection.

Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.. eCNSFD-040700 VRF VRF does not take effect if SGi redirection is enabled.1 eCNSFD-050200 Board Redundant Backup Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001.4. Standards None 1.eCNS600 Feature Description 1 Basic Features Figure 1-4 Packet forwarding when SGi redirection is disabled Enhancement None Dependency Table 1-8 Interaction with other features Feature Interaction eCNSFD-040800 Local Routing Local routing does not take effect if SGi redirection is enabled. Ltd 25 .4 Reliability 1.

Ltd 26 . Standards None 1.. Description Process redundancy backup provides a backup mechanism for all the processes in the system. such as switchover and reset. Self-healing means after a fault occurs. Enhancement None Dependency This feature does not depend on other features.5. the standby process takes over the service. automatic fault detection. and self-healing function guarantee the system reliability. to rectify the fault without affecting the normal operations of the system. Process redundancy backup. the system can automatically detect the fault by using a certain method without user intervention. A standby process can back up the data periodically or when the backing up process is triggered by an event. If the active process is faulty. That is.eCNS600 Feature Description 1 Basic Features Summary The eCNS performs 1+1 backup for all the processes.1 eCNSFD-060100 Software Management Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001. Benefits As a basic feature of the eCNS. This is the basis for fault isolation and fault recovery. Automatic fault detection means when the system is faulty because of a software abnormality or hardware fault. the system can take some measures. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.5 Operation and Maintenance 1. it guarantees the system reliability. all the processes work in the active/standby mode. The redundancy backup ensures that the system is not impacted by any faulty process.

it can flexibly manage the running software. Description Software management mainly includes software installation. loading. planning. including software installation and loading in addition to patch installation. The eCNS supports software concurrent upgrade. software upgrade. That is. and management. and management of communication networks. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Benefits As a basic feature of the eCNS. Enhancement None Dependency This feature does not depend on other features. it can provide network data for network operating. Patches can correct software faults without service interruption. the time spent in loading the software is greatly reduced. Summary The eCNS can measure network performances to provide the performance measurement data. online patching. design. As a result. all the processes in the eCNS can load the software at the same time. Standards None 1.eCNS600 Feature Description 1 Basic Features Summary Software management is used to achieve software management of the eCNS. operation.. and activation.2 eCNSFD-060300 Performance Management Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001. Benefits As a basic feature of the eCNS. Ltd 27 .5. Performance measurement data is an important basis for measurement.

analyze. The eCNS generates performance alarms when the values of measurement indexes exceed preset thresholds or terraces. query. the terrace alarms of the average CPU usage are as follows: − Critical: > 70% − Major: > 50% − Minor: > 30% − Warning: > 10% If two consecutive values of the average CPU usage are 30% and 20% respectively. namely. Users can filter. and warning. the indexes correspond to different measurement units. reflecting the change rate of the measurement index. the system generates the performance alarm. For example. collect.eCNS600 Feature Description 1 Basic Features Description The eCNS provides various test indexes. the system generates a minor performance alarm and reports the alarm in the Browse Alarm window to notify maintenance personnel. critical. For each measurement index. minor. You can set the direction (greater or smaller than a value) and the value of each alarm severity. The unit of the threshold must be the same as the unit of the index. and the measurement units correspond to different measurement clusters. The performance alarms are categorized into threshold alarms and terrace alarms.. Ltd 28 . The unit of the value is percentage. GTP-U. the system generates a Minor performance alarm and reports the alarm to the Browse Alarm window to notify maintenance personnel. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. The calculation formula of the change rate is as follows: (Measured data of this period-Measured data of last period)/Measured data of last period If the terrace of the measurement index exceeds the preset terrace threshold. the threshold alarms of the average CPU usage are as follows: − Critical: > 90 − Major: > 80 − Minor: > 70 − Warning: > 50 When the value of average CPU usage reaches 75. The system compares the change rate of the measured data to this value. The measurement clusters provided by the eCNS include charging GTP-C. The eCNS reports all the measurement results at a specified period. and print the measurement data by using the OMS. The system compares the measured data with this threshold. To simplify the management of these indexes. In this case. major.  Terrace Alarm A terrace refers to the change degree of two values.  Threshold Alarm A threshold refers to a preset limit. there are four alarm severities. For example. the terrace value is 50%. The eCNS reports all measurement data to the operation and maintenance (OMS). S1 mode EMM and ESM. which means that users do not need to configure measurement tasks.

these alarms are assigned different severities.403. Performance measurements Evolved Packet Core (EPC) network" 1. it provides detailed alarm information to help maintenance personnel easily locate and handle faults.426. Benefits As a basic feature of the eCNS. "Performance data measurements"  3GPP TS 32. Standards  3GPP TS 12. To simplify management. Ltd 29 .. and external environment to ensure that faults can be immediately detected and handled. "Telecommunication management. Performance Management (PM). Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. The eCNS notifies maintenance personnel of faults and events through alarms. Performance measurements .5. Summary The fault management feature is used to monitor system operations.3 eCNSFD-060400 Fault Management Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001. The eCNS alarms are classified into the following severities:  Critical  Major  Minor  Warning You can adjust the alarm severities based on certain requirements.UMTS and combined UMTS/GSM"  3GPP TS 32. Performance Management (PM).04. Description The eCNS generates various types of alarms that cover faults and events related to software functions. hardware parts.eCNS600 Feature Description 1 Basic Features Enhancement None Dependency This feature does not depend on other features. "Telecommunication management.

Figure 1-5 and Figure 1-6 show the front view and rear view of a subrack. Description The equipment management feature helps in monitoring. and alarm type.4 eCNSFD-060500 Equipment Management Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001. Ltd 30 . The alarm tool uses different colors and windows to differentiate the alarms of different severities. controlling.  Status monitoring The eCNS provides MML commands for querying status of devices. and testing the functions of entities such as system hardware and links. Maintenance personnel can shield alarms that they consider as unimportant. and testing. it also provides a graphical query interface.. For boards and ports. it helps maintenance personnel in knowing the operations of the system so that they can flexibly maintain and manage the system. Alarms can be queried by specifying a combination of criteria such as the time range. the system reports the detailed information about the alarm so that maintenance personnel can locate and handle the fault. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Enhancement None Dependency This feature does not depend on other features. control. alarm severity. The results returned help in analysis and location of faults. Benefits As a basic feature of the eCNS. Standards None 1.eCNS600 Feature Description 1 Basic Features When an alarm occurs.5. Summary Equipment management includes operations such as monitoring. so that users can focus on alarms of high severity first.

eCNS600 Feature Description 1 Basic Features Figure 1-5 Front view Figure 1-6 Rear view Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd 31 ..

it helps engineers configure and manage parameters for system operation to make the system work properly. process. Ltd 32 .731 Information Technology .5. The eCNS provides tests such as link self-loop test and path connectivity test. Modification of the file takes effect after the system resets. port.eCNS600 Feature Description 1 Basic Features  Device control Device control includes operations such as switchover. block.Open Systems Interconnection . deleting. and querying of system data. Description The eCNS provides both dynamic and static modes for data configuration:  Dynamic data configuration means directly modifying system data without interrupting the operation of the system. and logical entities (such as signaling point).5 eCNSFD-060600 Configuration Management Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001. modifying. Standards CCITT X. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. reset.. Summary Configuration management includes operations such as adding. Configuration management also provides backup or export configuration data.Systems Management 1. Benefits As a basic feature of the eCNS. and disable.  Static data configuration means editing the data script file (MML.  Device test The device test is an important method for finding and locating problems. link.TXT) offline. The monitored objects are board. Enhancement None Dependency This feature does not depend on other features.

and ensures system security. Standards None 1. A user group is a collection of users who share the same rights.5. right management. the system provides four user groups: Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. It prevents unauthorized operators from performing operations intentionally or unintentionally. password policy. The system administrator can add or delete operator accounts as required.. Description Security management includes account management.  Account Management To maintain the eCNS. account rights are defined in user groups. and guarantees system security. and then users in different user groups can be assigned different rights. the operator must have a valid account. right management. Security management includes account management. account lockout policy. ACL. operation period control. Benefits Only authorized operators can perform authorized operations on legal terminals. password policy. By default. You can manage the rights of each account by assigning the account with the execution rights of a specified command set. Summary The security management provided by the eCNS ensures that only authorized users can perform operations on the system. access control list (ACL). account validity control. account lockout policy. Ltd 33 . For convenient management. operation period control.eCNS600 Feature Description 1 Basic Features Enhancement None Dependency This feature does not depend on other features. account validity control. All accounts are managed by the system administrator.6 eCNSFD-060700 Security Management Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001. and operation log.  Rights Management The eCNS classifies commands to different command sets. and operation log.

After the ACL function is enabled. − Operators: Users in this group can check the data.  Account Validity Control The administrator can change the account validity by modifying the user attributes. If the number of failures to log in using an account exceeds the threshold. The administrator can assign rights to users by assigning users to different user groups. You can check the operation log on the LMT and trace suspicious operations. Enhancement None Dependency This feature does not depend on other features. commands that the user runs. Otherwise. During a specified period. user number. time when the command is run.  Password Policy The complexity and regular modification of passwords guarantee system security. and configure the data.  Operation Period Control You can control the time period for which users log in and operate the OMU. the IP address of the client that the user uses to log in to the OMU must be contained in the ACL. IP address. Ltd 34 . the login fails. the system rejects login requests from this account. − Guests: Users in this group can only check the data. Standards None Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.  Account Lockout Policy You can set a threshold for the number of login failures. − Users: Users in this group can check the data and maintain the system. When a user account is invalid. users cannot log in and operate the OMU. the system locks out the account.. and can assign special rights to a user account. including user name. maintain the system. If the current time is not in the specified time period.  ACL Generally. and result of the command. The eCNS can customize the password policy as follows:  − Specify the validity period of a password − Specify the password length − Specify the characters that can be used in a password Operation Log An operation log records all the operation information about a user. the OMU does not restrict the IP address of the client that a user uses. The account lockout policy can prevent malicious hackers from logging in and misusing the data.eCNS600 Feature Description 1 Basic Features − Administrators: There is only one administrator account in a system. the user cannot log in to the OMU server.

measurement object.5. parameter description.. Ltd 35 . notes.  It provides the detailed description of all operations supported by the system. Description The contents of the online help are as follows:  Interface online help It describes the meanings of the LMT user interfaces and how to use maintenance functions and alarm management functions.eCNS600 Feature Description 1 Basic Features 1. and example of each MML command.  Alarm help It describes each alarm and provides suggestions to handle alarms.  Performance index help It describes the meaning.  It also provides powerful index function.  MML help It describes the function. Benefits As a basic feature of the eCNS. triggering point. Operation help is associated with certain interfaces. it guides an operator to use and maintain the system. An online help provides the following functions:  It is organized based on common tasks performed by users. choose Help > Help Topics to display the online help. so you can obtain help information by typing a key word. In the client window. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Summary Each version of the eCNS has its own online help. so you can obtain relevant information by pressing F1 to activate the help you want to query. and unit of each measurement index.7 eCNSFD-060800 Online Documentation Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001. You can obtain the information about a task through the navigation tree.  MML command online help It is used to explain each MML command and help users correctly use these commands. which contains:  O&M system online help It is used to help users correctly use relevant interfaces and different management functions. and provides alarm descriptions and suggestions for handling alarms.

Interface tracing involves establishment. Enhancement None Dependency This feature does not depend on other features. resolve. and resolution of tracing messages processed by the interfaces of eCNS. Ltd 36 . The tracing functions can be used to store. Description The eCNS provides subscriber signaling and data tracing based on the IMSI or MSISDN.. capture. After a device is configured for data. group tracing. The eCNS supports the following types of message filters:  MM messages of the S1 interface: NAS_MM and GTP_C  SM messages of the S1 interface: NAS_SM and GTP_C  S1-AP message of the S1 interface: S1-AP Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. The tracing feature is used in the daily maintenance of a device.5. This feature can locate where a fault occurs in the service procedure through message tracing. and review a tracing file.  The MML help is automatically triggered after a command is selected or entered. and locate faults. Benefits This feature guarantees flexibility in locating and solving problems for enterprise customers.  The alarm help is automatically triggered when you check the alarm.8 eCNSFD-060900 Tracing Function Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001.eCNS600 Feature Description 1 Basic Features There are several ways to trigger the online help:  Press F1 to invoke the interface online help. the device can validate whether signaling links run normally by setting up tracing. and interface tracing. Standards None 1.  Choose Help > Help theme to display all online helps. Summary Tracing can be classified into subscriber tracing.

The eCNS allows a tracing file to be saved to the hard disk in different formats through both automatic and manual modes. all the signaling and user data can be captured.eCNS600 Feature Description 1 Basic Features The eCNS can create subscriber tracing for a UE that does not attach to the network.. A window containing the detailed information and explanation of the record is displayed. You can double-click a certain message in the Message Browser window to query the detailed information about this message.  CSV file (*.csv): It is used to save the complete code flow. as shown in Figure 1-7. Once the UE initiates the attach procedure. you can select and double-click a record that you want to query. Group tracing means tracing the signaling message and interface message on a certain group. Ltd 37 . The tracing messages can be saved in following format:  Trace message file (*. The OMS provides a message analyzer that can be used to view messages online. Figure 1-7 Message Browser Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. When browsing messages online.txt): It is used to save protocol explanation of messages. The LMT interface displays only part of the code flow. This type of message browsing is intuitive.tmf): It is used to browse messages offline through the Trace Viewer.  Text file (*.txt): It is used to save the messages displayed in the tracing interface. Interface tracing means tracing all the messages on a certain interface.  Protocol text file (*.

type. the upper pane and the lower pane. and content of a message. A window containing the detailed information and explanation of the record is displayed. time. The Trace Viewer can be used to perform the following operations:  View message streams Complete tracing message procedures can be viewed. the row is highlighted in blue and the blue bar in the lower pane indicates the hexadecimal information of the selected row. as shown in Figure 1-9. The tracing files that are saved on local devices can be viewed in the Trace Viewer. Figure 1-8 Trace Viewer  Resolve messages Select and double-click a record that you want to query. If you select a row in the upper part of the window. Ltd 38 . Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. You can adjust the view by moving the bar that separates the two panes.eCNS600 Feature Description 1 Basic Features NOTE The window is divided into two parts.. including the directory. as shown in Figure 1-8.

. Standards None Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. the upper pane and the lower pane. You can adjust the view by moving the bar that separates the two panes.eCNS600 Feature Description 1 Basic Features Figure 1-9 Message Browser NOTE The window is divided into two parts. Ltd 39 . direction. Enhancement None Dependency This feature does not depend on other features. time. the row is highlighted in blue and the blue bar in the lower pane indicates the hexadecimal information of the selected row.  Sort messages Messages can be sorted according to the serial number. and type. If you select a row in the upper part of the window.

It allows log export and upload. for example. OM personnel can manage OM records.9 eCNSFD-061000 Log Management Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001. Using the operation logs. Using the run logs.. and security logs. Enhancement None Dependency This feature does not depend on other features.eCNS600 Feature Description 1 Basic Features 1. OM personnel can learn the running status of the system.  Debug logs: record the running status of system software. debug logs. for example. Summary The eCNS provides and manages run logs. object status migrations and message exceptions. Using the debug logs.5. R&D personnel can locate problems and analyze system efficiency.  Security logs: record the security events that occur on the eCNS. Ltd 40 . operation logs. The security events include user login.5. Benefits This feature meets the requirements of enterprise customers for log management. account management. Description The eCNS supports the following logs:  Run logs: record the running status of system software. record system deployment status and system status changes.10 eCNSFD-061100 Daylight Saving Time Applicable NEs eCNS Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.  Operation logs: record the commands delivered from LMTs. Standards None 1. and account authentication.

1 eCNSFD-070100 S1 Interface Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001.6.eCNS600 Feature Description 1 Basic Features Availability This feature was introduced in eCNS600 V100R001. Summary The S1 interface includes the S1-MME interface and the S1-U interface in LTE/SAE. Ltd 41 . Benefits This feature meets requirements for enterprise customers in different areas.6 Interface Function 1. Summary The eCNS can set information about time zone and Daylight Saving Time (DST) management. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. the start time of DST.. and the end time of DST. Description The eCNS can set information about time zone and DST in the following ways:  By data  By week Enhancement None Dependency This feature does not depend on other features. The S1-MME interface is a standard interface between the eNodeB and the eCNS. Standards None 1. such as time zone where the system is located.

The S1-U interface uses the GPRS Tunneling Protocol version 1 (GTPv1). Figure 1-10 shows the protocol stack of the S1-MME interface.. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 100 Mbit/s.  IP: It contains IPv4 that is defined in RFC 791 and IPv6 that is defined in RFC 1883. or 1000 Mbit/s Ethernet. Figure 1-11 shows the S1-U interface protocol stack. Ltd 42 .  Stream Control Transmission Protocol (SCTP): It is used to guarantee the transmission of signaling messages between the eNodeB and the MME. Benefits This feature enables the S1 interface to transmit user-plane and control-plane data.eCNS600 Feature Description 1 Basic Features The S1-U interface is a user-plane interface between the eNodeB and the eCNS. Description The S1-MME interface is the signaling interface between the eNodeB and the eCNS. Figure 1-10 Protocol stack of the S1-MME interface The protocol layers are described as follows:  S1 Application Protocol (S1-AP): It refers to the application layer protocol between the eNodeB and the MME.  L2/L1: The data link layer/physical layer protocol can be 10 Mbit/s. It is used to transmit uplink and downlink user-plane data flows between the eNodeB and the eCNS.

or between the eCNS and the authentication.6. authorization and accounting (AAA) server. Summary The SGi interface is an interface between eCNS and the packet data network (PDN).. S1 Application Protocol (S1AP)" 1. Ltd 43 . It is used to transmit PS session data.2 eCNSFD-070200 SGi Interface Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001.413.eCNS600 Feature Description 1 Basic Features Figure 1-11 S1-U interface protocol stack Enhancement None Dependency This feature does not depend on other features. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. "Evolved Universal Terrestrial Radio Access Network (E-UTRAN). Standards 3GPP TS 36.

Ltd 44 .eCNS600 Feature Description 1 Basic Features Benefits For. complying with 3GPP specifications. Subscribers Subscribers are unaware of the SGi interface feature. Figure 1-12 SGi interface protocol stack Enhancement None Dependency This feature does not depend on other features.... 1. Benefits Enterprise customers This feature enables the eCNS to interwork with PDN devices of various vendors by using the SGi interface.3 eCNSFD-070300 S10 Interface Applicable NEs eCNS Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.6. Description SGi Interface Protocol Stack Figure 1-12 shows the SGi interface protocol stack.

. Summary The S10 interface is a standard interface between MMEs. Figure 1-13 S10 protocol stack The protocols in the stack are as follows:  GTP-C GTP-C is used to reliably transmit signaling between MMEs. Both can use 10. or 1000 Mbit/s Ethernet.  UDP UDP is used to transmit user data between MMEs. Ltd 45 . and IPv6 is defined in RFC 1883. L2 and L1 L2 is the data link layer. Description Figure 1-13 shows the S10 protocol stack. Benefits The S10 interface of the eCNS complies with 3GPP specifications and therefore can connect MMEs provided by different vendors. Signaling transmitted on the S10 interface includes GTP path management messages and mobility management messages. The version used is GTPv2.  IP  IPv4 is defined in RFC 791. Enhancement None Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. and L1 is the physical layer. UDP is defined in RFC 768.eCNS600 Feature Description 1 Basic Features Availability This feature is introduced in eCNS600 V100R002. 100.

Figure 1-14 S5 protocol stack using GTPv2 Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co..6. respectively. Stage 3" 1. Benefits The S5 interface of the eCNS complies with 3GPP specifications and therefore can connect an S-GW and a P-GW provided by different vendors.274. Ltd 46 .4 eCNSFD-070400 S5 Interface Applicable NEs eCNS Availability This feature is introduced in eCNS600 V100R002. Tunneling Protocol for Control plane (GTPv2-C). Description Protocol Stack Figure 1-14 and Figure 1-15 show the S5 protocol stacks using GTPv2 and GTPv1.eCNS600 Feature Description 1 Basic Features Dependency This feature does not depend on other features. Standards 3GPP TS 29. "Evolved General Packet Radio Service (GPRS). This interface can be used in both the control plane and user plane. Summary The S5 interface is a standard interface between an S-GW and a P-GW in the same network.

. Standards 3GPP TS 23.6. "General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access" 1. Signaling Procedure The S5 signaling procedures are as follows:  Session setup  Bearer setup  Bearer modification  Session release  Bearer release  Bearer update Enhancement None Dependency This feature does not depend on other features.401. Ltd 47 .eCNS600 Feature Description 1 Basic Features Figure 1-15 S5 protocol stack using GTPv1 Application Scenario The S5 interface connects an S-GW and a P-GW in the same network.5 eCNSFD-070500 S8 Interface Applicable NEs eCNS Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.

Summary The S8 interface is a standard interface between an S-GW and a P-GW in different networks. Benefits The S8 interface of the eCNS complies with 3GPP specifications and therefore can connect an S-GW and a P-GW provided by different vendors.. Description Protocol Stack Figure 1-16 and Figure 1-17 show the S8 protocol stacks using GTPv2 and GTPv1. Ltd 48 . respectively.eCNS600 Feature Description 1 Basic Features Availability This feature is introduced in eCNS600 V100R002. This interface can be used in both the control plane and user plane. Figure 1-16 S8 protocol stack using GTPv2 Figure 1-17 S8 protocol stack using GTPv1 Application Scenario Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.

"General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access" 1.6. It uses GTP'. Summary The Ga interface is a standard interface between a P-GW and a charging gateway (CG). Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.6 eCNSFD-070600 Ga Interface Applicable NEs eCNS Availability This feature is introduced in eCNS600 V100R002. Ltd 49 . Standards 3GPP TS 23..401.eCNS600 Feature Description 1 Basic Features The S8 interface connects an S-GW in a visited network and a P-GW in a home network. Description Figure 1-18 shows the Ga protocol stack. Benefits The Ga interface of the eCNS complies with 3GPP specifications and therefore can connect a P-GW and a CG provided by different vendors. Signaling Procedure The S8 signaling procedures are as follows:  Session setup  Bearer setup  Bearer modification  Session release  Bearer release  Bearer update Enhancement None Dependency This feature does not depend on other features.

Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.eCNS600 Feature Description 1 Basic Features Figure 1-18 Ga protocol stack GTP' is a GPRS protocol used for CDR transfer. Standards 3GPP TS 32. Summary The S6a interface is a standard interface between an MME and an HSS.6.7 eCNSFD-070700 S6a Interface Applicable NEs eCNS Availability This feature is introduced in eCNS600 V100R002. Benefits The S6a interface of the eCNS complies with 3GPP specifications and therefore can connect an MME and an HSS provided by different vendors.295. The Ga signaling procedures are as follows:  CDR generation  CDR delivery Enhancement None Dependency This feature does not depend on other features.. Ltd 50 . "Charging Data Record (CDR) transfer" 1.

Standards  3GPP TS 29. "Diameter Base Protocol" Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. or 1000 Mbit/s Ethernet.  SCTP SCTP is used to transmit signaling between an MME and an HSS. Diameter is defined in RFC 3588. Figure 1-19 S6a protocol stack The protocols in the stack are as follows:  Diameter Diameter is used to transmit subscription and authentication data between an MME and an HSS. and L1 is the physical layer..eCNS600 Feature Description 1 Basic Features Description Figure 1-19 shows the S6a protocol stack. 100.  IP IPv4 is defined in RFC 791. and IPv6 is defined in RFC 1883. Ltd 51 . Both can use 10. Enhancement None Dependency This feature does not depend on other features. "Mobility Management Entity (MME) and Serving GPRS Support Node (SGSN) related interfaces based on Diameter protocol"  RFC3588.272.  L2 and L1 L2 is the data link layer.

and kernel parameters  OS logs  Interconnection security data Benefits This feature enhances system robustness and security. Programmed attacks Programmed attacks mainly refer to computer viruses. An OS with vulnerabilities is open to attacks from hackers and viruses. information loss.1 eCNSFD-080300 Linux Security Hardening Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001. and improves user satisfaction. and backdoor programs. Description This feature hardens Linux security and protects against attacks without interruption to ongoing services. script viruses. protects against hackers and viruses. Linux security is hardened using the following means:  Minimized OS  OS passwords. Hackers attack the system by utilizing OS vulnerabilities that are caused by various factors such as OS leaks.eCNS600 Feature Description 1 Basic Features 1. data corruption. worm viruses. file permissions..7. wrecking havoc for the network security. the hackers tamper with important files and data. insecure passwords. leading to issues such as network service interruption. and low efficiency. or configuration defects. including executable file viruses. OS Security Threats and Vulnerability Causes The Linux OS faces the following security threats:  Manipulated attacks  Manipulated attacks are major attacks the OS faces. After seizing the super control rights. Ltd 52 .7 Basic Platform 1. The following factors make the OS vulnerable:  Draft A (2013-04-09) OS leaks Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Summary This feature hardens Linux operating system (OS) security and protects against attacks without interruptions to ongoing services. A secure OS is essential to ensure proper running of NEs and prevent unauthorized operations.

the system may get infected with viruses.. the OS needs to be streamlined for different purposes. directly powering off the Linux OS) may lead to system faults or system breakdown. OS Security Hardening Policies Linux security is hardened using the following policies:  Minimizing the OS The default software package of the Linux OS contains many services and components. For example. read. closing services.  Incorrect operations Incorrect operations (for example. or executed. To protect files and directories against unauthorized access. This user can control all resources. as described in Table 1-9. If the OS is not promptly patched. Table 1-9 OS users and rights User Name Function Rights root User root is the default user. Ltd Default Password 53 . assign file User root has the highest huawei rights. In addition to the default user root. These users can be assigned different permissions. writing.  Insecure accounts or passwords Hackers and viruses can easily crack insecure accounts and passwords using means such as password dictionaries or brutal-force crackers.eCNS600 Feature Description 1 Basic Features OS leaks arise from program design or function defects such as identity authentication defects and service loopholes.  Insecure network services All network services have security risks. it transmits user names and passwords over the network in plaintext. In addition. the Linux OS creates a user named omu. network services such as Samba have security leaks. Therefore. If users open email attachments sent from unknown addresses or visit unknown websites. user group. or executed by unauthorized users. and clearing leaks. The administrator can also create other users for routine operations and maintenance (OM). most of which are optional.  Configuring OS passwords. hackers or viruses may utilize these leaks to attack the system. and others. or executing files. If incorrect permissions are granted to user groups or others. protection. the Linux OS defines three types of users: owner. File permissions are essential to file sharing.  Incorrect file permissions With file permissions. including: − Reducing the system size − Increasing the startup speed − Improving the system security − Retaining existing services and functions after minimization The minimized OS supports system security measures. important files may be unexpectedly read. Telnet does not encrypt or verify sessions. and confidentiality. and can install and Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. written. for example. file permissions. users can operate files such as reading. and kernel parameters Different users are assigned different file permissions to protect important files from being written. closing ports. These services and components affect OS performance and security. create other users.

 User omu has permissions to control the status of OMU processes. Different logs are saved in different paths: − The saving path of a system log can be specified by the destination messages parameter in the /etc/syslog-ng/syslog-ng. Linux OS logs are classified into two types: − Login logs utmp and wtmp are key log files in the Linux OS log system. − Backs up logs. saving paths. and the password is managed by the enterprise customer. The default path is /var/log/messages. the OS uses different log management policies based on log types. for example. logout. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. data exchange. − wtmp is saved in /var/log/wtmp. user root can perform installation and configuration. wtmp records the information about login. alarms. server During system deployment. Ltd 54 . − System logs System logs are configured in the /etc/syslog-ng/syslog-ng. The client supports two types of certificates: − Draft A (2013-04-09) Common Cert: To apply a certificate to all offices. −  Configuring interconnection security data To harden system security. and restart. set the certificate as Common Cert. Controls the access to logs. the OS supports the configuration of the following security data for interconnection between an OMU (or another board) and an OM node (such as an LMT): − Client digital certificate A client digital certificate is used to authenticate a client that communicates with the OMU. omu User omu is created during the installation of the OMU. power-off. this user cannot perform routine OM. Centralized log management can reduce the daily workload of querying logs and to help trace attackers.eCNS600 Feature Description 1 Basic Features permissions to them.conf file. and perform all operations supported by the OS. − Compresses logs and save logs for a long period. This user manages OMU processes and performs routing OM functions by using. If multiple computers use the SuSE Linux OS. use a central log server to save and managing logs. The policies for managing OS logs are as follows: − Creates a centralized log management mechanism. After the deployment. omu Managing OS logs To better manage OS logs and protect their security.conf file. and log formats. − utmp is saved in /var/run/utmp. and logs. uninstall applications. utmp records the information about users who have logged in to the system..

SMM security data To harden system security during deployment and routing OM. Dependency This feature does not depend on other features.eCNS600 Feature Description 1 Basic Features − − Server Cert: To apply a certificate to only one office. Standards None Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. the OS allows the following security configurations for the shelf management module (SMM): − − Prohibiting a user from accessing the SMM from an external network port − Prohibiting user root from accessing the SMM.. set the certificate as Server Cert. the system supports SSL connections and common connections. Ltd 55 . and allowing only user smm to access the SMM Secure transmission mode between a client and the OMU By default. SSL connections are recommended for secure data transmission.

1 Security Management 2.1. If AES is used. 3GPP defines two AES algorithms. the eCNS uses AES to encrypt and protect the integrity of signaling between the UE and the eCNS. Ltd 56 . with the key length of 128 bits.. Description AES is the most widely used encryption and integrity protection standard in the world. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. NAS is a protocol layer between the UE and the EPC. EPS Encryption Algorithm 2 (EEA2) and EPS Integrity Algorithm 2 (EIA2). the UE notifies its supported encryption and integrity protection algorithms to the eCNS. the eCNS determines whether to use AES according to local policies.1 eCNSFD-110001 NAS Encryption and Integrity Protection (AES) Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001. After a UE attaches to the network. Benefits This feature ensures the security and reliability of NAS signaling in addition to user data.eCNS600 Feature Description 2 Optional Features 2 Optional Features 2. used to transmit user data and signaling between them. If the UE supports AES. Summary This feature uses Advanced Encryption Standard (AES) to protect non-access stratum (NAS) signaling and improve system security.

with the key length of 128 bits. the UE notifies its supported encryption and integrity protection algorithms to the eCNS.eCNS600 Feature Description 2 Optional Features Enhancement None Dependency This feature does not depend on other features. After a UE attaches to the network.401. Summary This feature uses SNOW 3G to protect NAS signaling and improve system security. NAS is a protocol layer between the UE and the EPC. Security architecture" 2. "3GPP System Architecture Evolution (SAE). Description SNOW 3G is an EPS security standard.2 eCNSFD-110002 NAS Encryption and Integrity Protection (SNOW3G) Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001. Enhancement None Dependency This feature does not depend on other features. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.. Benefits This feature ensures the security and reliability of NAS signaling in addition to user data. If the UE supports SNOW 3G. Ltd 57 .1. EPS encryption algorithm 1 (EEA1) and EPS integrity algorithm 1 (EIA1). the eCNS determines whether to use SNOW 3G based on the local policy to encrypt and protect the integrity of signaling between the UE and the eCNS. 3GPP defines two SNOW 3G algorithms. Standards 3GPP TS 33. used to transmit user data and signaling between them.

and SSLv3. The ISP therefore becomes more competitive and will be exposed to greater business profits. Description SSL is a security protocol that was first proposed by Netscape to provide secure communication for the application layer based on TCP transmission. "Security architecture"  ETSI Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2. SSL is widely used in services such as Web. therefore ensuring secure transmission for the application layer.1. SSL is applied between the transport layer and the application layer and adopts TCP to carry messages.eCNS600 Feature Description 2 Optional Features Standards  3GPP TS 33. data is transmitted over networks while remaining intact.401. and FTP file transfer channel between the eCNS and the M2000 or LMT can be encrypted to ensure secure transmission. which are numbered with a public key. Summary The eCNS employs Huawei SeCert Transport Layer Security (TLS) development library and supports SSLv3. The Secure Socket Layer (SSL) feature can be implemented when the eCNS communicates with the M2000 or LMT to enhance security through encryption. Currently. and TLSv1. The standardized versions of SSL are TLS1. Document 2: SNOW 3G Specification 2. Web interface.0. TLSv1. To verify that a user is Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. an ISP establishes closer long-term cooperative relationships with them and improves service quality as the ISP makes full use of the existing network resources. FTP.0 and TLS1. available SSL versions are SSLv1. SOAP interface.. SSL authenticates the server and the client based on digital certificates to confirm that they are legitimate users.1.  By providing the SSL value-added service to enterprises and individuals. SSL provides the following security services:  Identity authentication Identity authentication means checking whether the peer end is the actual end with which you want to communicate. among which SSLv3 is the latest version. and Telnet. and the network operation expenditure is reduced.0. In the TCP/IP protocol stack. binary channel. SSLv2. Benefits  The security of accounts and passwords of Internet service providers (ISPs) for operation and maintenance is guaranteed.1 by default.3 eCNSFD-110003 O&M SSL Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001. Both the client and the server have their own identifiers. Ltd 58 . the MML channel. Therefore.

Enhancement None Dependency This feature does not depend on other features. SSL requires digital authentication during data exchange in the handshake stage. This feature is an optional feature and is under license control. Benefits This feature provides a basic function for radio access. 3DES. Ltd 59 . Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. SSL sets up a secure channel between the client and the server so that all SSL-processed data can reach the destination without being modified. The common message abstract algorithms are MD5 and SHA-1.2 Service Management 2. and RC4. Summary The eCNS allocates static IP addresses to UEs based on subscriber data. Standards None 2.  Connection privacy Connection privacy means that data is encrypted before transmission to avoid data cracking by illegitimate users.  Data integrity Data integrity means that any modification to data during transmission can be detected..2.eCNS600 Feature Description 2 Optional Features legitimate. SSL ensures connection privacy by employing encryption algorithms.1 eCNSFD-110004 Static IP Address Allocation Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001. The common encryption algorithms are DES. SSL guarantees data integrity by employing message digest algorithms. RC2.

This module matches the IMSI of each UE to an IP address range planned by the enterprise customer. The local address pool contains the IP addresses planned by the enterprise customer. 3GPP TS 23. which requires complex configurations. Note that dynamic IP addresses are carried in access response messages sent by the RADIUS server.2 eCNSFD-110005 Multiple PDN Connection Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001. "General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access" 2. A PDN Address Allocation IE is specified during the setup of a default bearer for the UE.2. This IE contains protocol information (including an IP address field) the UE must obtain before it is able to access an external PDN. Enhancement None Dependency This feature does not depend on other features. the eCNS allocates a dynamic IP address to a UE from the local address pool during the activation of a bearer for the UE. This mode is a pure static IP address allocation mode. This feature is an optional feature and is under license control.  IP address allocation from the RADIUS server In this mode.  Static IP address allocation In this mode.eCNS600 Feature Description 2 Optional Features Description A UE must obtain at least one IP address before it is able to access PS services. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. this IE indicates the method the UE expects to use to obtain an IP address. Ltd 60 . the eCNS allocates IP addresses to UEs from its integrated subscriber data module.401 defines three modes of allocating IP addresses to UEs:  IP address allocation from the local address pool In this mode. the eCNS allocates dynamic IP addresses obtained from the RADIUS server during UE authentication in the bearer activation procedure..401. This mode is applicable to enterprise customers or internet service providers (ISPs) who manage the RADIUS server and plan IP addresses for their internal users. In addition. Standards 3GPP TS 23.

the UE can use other services without stopping the current service. This feature is an optional feature and is under license control. Therefore. "General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access" 2. Standards 3GPP TS 23.2.eCNS600 Feature Description 2 Optional Features Summary A UE can create several PDN connections to access different networks at the same time. Benefits The multiple PDN feature enables a UE to connect to several networks at the same time. The UE or eCNS can initiate a detach procedure to disconnect the last PDN connection. The UE also needs to support the feature. all bearers related to the disconnected PDN.. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Description The EPS can support simultaneous exchange of IP traffic between a UE and multiple PDNs by using one or several PDN GWs. The UE-initiated PDN connection procedure includes the establishment of a default bearer.401. including the default bearer. are released. The disconnection procedure cannot be used to disconnect the last PDN connection. the EPS must support the UE-initiated PDN connection procedure. Enhancement None Dependency This feature does not depend on other features. the UE can receive multimedia messages when surfing on the Internet or send pictures on the websites through multimedia messages. The usage of multiple PDNs is controlled by network policies and defined in the subscription data. To allow one or several connections to the PDN. For example. In this disconnection procedure. The UE can use the disconnection procedure to disconnect from any PDN. Ltd 61 .3 eCNSFD-110008 SPI-based QoS Profile Control Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001.

the eCNS initiates a dedicated bearer setup procedure. For example. eCNSFD-110 008. The purpose is to trigger the SPI procedure again and to prevent a temporary setup failure from becoming a permanent setup failure.4 eCNSFD-110009 Offline Charging Applicable NEs eCNS Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.eCNS600 Feature Description 2 Optional Features Summary This feature uses the shallow packet inspection (SPI) technique to recognize traffic flows and provide QoS guarantees. and protocol type. Benefits This feature enables the eCNS to perform effective control and refined management. Enhancement Table 2-1 Release history and enhancement Feature Version Product Version Details eCNSFD-110 008. source port number. A quintuple contains the source address.2. In the downlink. destination port number. Dependency This feature does not depend on other features. 01 eCNS600 V100R001 First official release.. provide different QoS guarantees for different services. If the filtering rules for L3 or L4 are configured. the eCNS resolves quintuples in packet headers after GTP decapsulation. Ltd 62 . the eCNS filters the packets based on the quintuples and according to the rules. the eCNS filters the packets based on the quintuples and according to the rules. the eCNS can age the quintuple used for setting up the dedicated bearer. the eCNS resolves quintuples in packet headers. destination address. Standards None 2. 02 eCNS600 V100R002 Added the function of reestablishing dedicated bearers after establishment failures. Description In the uplink. the eCNS applies different QoS profiles to different types of packets. After the filtering. If a dedicated bearer fails to be set up. SPI refers to the inspection of quintuples in IP packet headers at L3 and L4. If the filtering rules for L3 or L4 are configured. and improve user satisfaction.

and helps develop operating policies. The CGs perform original CDR storage. this feature provides reference data for accounting between enterprise customers and for accounting between an enterprise customer and an Internet service provider (ISP). Currently.eCNS600 Feature Description 2 Optional Features Availability This feature is introduced in eCNS600 V100R002. This feature is an optional feature and is under license control. the eCNS does not support content-based offline charging. Description Application Scenario This feature applies to the following scenarios:  Traffic-based charging  Duration-based charging Network Structure The network structure for offline charging is as follows: Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. and standardization. Ltd 63 . Information about end users' data services helps analyze end users' behaviors and habits. Benefits Enterprise Customers This feature enables enterprise customers to perform exact charging based on information about data services used by end users. Summary This feature enables the eCNS to send generated original CDRs to CGs using GTPv2. End Users This feature helps end users reduce consumption based on information about data services they used. consolidation. and then send the processed data to the billing system (BS) for generating final bills. In addition..

eCNS600 Feature Description 2 Optional Features Figure 2-1 Network structure for offline charging The eCNS records information about data services used by end users. the eCNS considers the CG to be faulty. N is set to 3 by default. the eCNS selects the CG with the highest priority. The CGs perform original CDR storage. CG Link Detection If the eCNS does not receive any response after sending original CDRs to a CG. This reduces the performance requirement on a single CG and improves the reliability of original CDR transmission. If the CGs have different priorities. and sends the original CDRs to CGs using GTP'. the eCNS sends again the original CDRs to the CG. the eCNS can send the original CDRs to different CGs.. When a large number of original CDRs are generated. CDR Buffering Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. and then send the processed data to the BS for generating final bills. consolidation. If the eCNS does not receive any response for N consecutive times. Load Sharing Between CGs The eCNS can connect to multiple CGs and configure priorities for these CGs. and standardization. the eCNS sends an Echo message to the CG every one minute. Ltd 64 . If the response times out. generates original CDRs. the eCNS considers the CG to be faulty. If there is no original CDR to send.

the eCNS generates final original CDRs. Packet Switched (PS) domain charging" Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. encapsulates the original CDRs using GTP'. Charging architecture and principles"  3GPP TS 32.240. Enhancement None Dependency Table 2-2 Interaction with other features Feature Interaction eCNSFD-070600 Ga Interface Offline charging depends on Ga interface to CG Standards  3GPP TS 32. the eCNS buffers original CDRs. the eCNS sends the original CDRs to the CG. Charging Data Record (CDR) parameter description"  3GPP TS 32.  Generating intermediate original CDRs The eCNS generates intermediate original CDRs for the end user when the service duration. and then sends the GTP' packets to CGs. Ltd 65 . CDR Generation The eCNS can control whether to generate original CDRs for an APN based on a specified charging characteristic. and records the user's subsequent actions that require charging. or another parameter value reaches their threshold.  Generating final original CDRs After the end user stops the services. "Charging management. number of QoS changes. traffic volume.298. charge rate. The original CDR generation procedure consists of the following three phases:  Generating start original CDRs The eCNS generates start original CDRs when the services are activated. "Charging management.1) format. A CDR contains multiple fields such as user ID. based on which the BS charges end users.251. and service duration. it encodes the original CDRs in Abstract Syntax Notation One (ASN.. The preceding procedure shows that the eCNS may generate multiple original CDRs for a service procedure.eCNS600 Feature Description 2 Optional Features If the communication between the eCNS and CGs are broken. The BS consolidates these CDRs and generate final bills. CDR Transfer After the eCNS generates original CDRs. service time segment. After the link recovers. The original CDRs generated by eCNS only comply with R9 CDR version. "Charging management.

For example. Benefits Enterprise Customers Wireless terminal IP addresses are centralized managed by enterprise customers. Summary eCNS600 cooperates with Radius AAA Server. "Charging management..5 eCNSFD-110011 UE IP Address assigned by the Radius AAA Server Applicable NEs eCNS Availability This feature is introduced in eCNS600 V100R002. Though when wireless terminals roam across core networks. Charging Data Record (CDR) transfer" 2. to implement centralized assignment of wireless terminal IP addresses in whole network.295. as shown in the following figure. Description Application Scenario  Centralized management of UEs for enterprise customers Enterprise customers require the deployment of multiple P-GWs and central management of UE IP addresses. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.2. their IP addressed should be unique and fixed. the IP addresses of terminals in vehicles are required to be centrally assigned and when these terminals roam across core networks. Ltd 66 . in railway industry. their IP addresses can be centrally assigned by Radius AAA Server.eCNS600 Feature Description 2 Optional Features  3GPP TS 32.

Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. as shown in the following figure. Ltd 67 .. P-GW P-GW AAA Server MME HSS AAA Server LTE UE S-GW P-GW eCNS600 Services and Functions The eCNS600 obtains UE IP addresses from the RADIUS AAA server and provides various services and functions. authorization. the enterprise customer can add RADUIS AAA servers to share the load of processing authentication messages sent by P-GWs.eCNS600 Feature Description 2 Optional Features P-GW PGW AAA Server LTE UE  MME HSS S-GW P-GW eCNS600 Capacity expansion of the authentication.  Mapping between APN and AAA server The eCNS600 supports the configuration of active/standby AAA servers for each APN.  UE IP address assignment by RADIUS AAA server The eCNS600 obtains UE IP addresses from the AAA server through RADIUS authentication. and accounting (AAA) server for enterprise customers If the number of UEs in an enterprise network exceeds the threshold of an AAA server's capacity of authentication or assigning UE IP addresses.

Dependency This feature depends on the PCO setting of the UE. the domain name will not be stripped from the user name.  Striping domain name from user name The eCNS600 supports the ability to select whether to include a domain name in the user name of the authentication message sent to the RADIUS AAA server.  Configuring port numbers for communicating with the AAA server The eCNS600 supports optional configuration of the destination ports of the eCNS600 for communicating with the AAA server. if the active AAA server works normally. If yes. The port number for authentication ranges from 1 to 65535 for compatibility with other AAA server ports whose numbers are not the default values. The eCNS600 deactivates context according to POD messages. are sent actively by the RADIUS AAA server to the P-GW. Ltd 68 . By default. The Initial UE Message shall send the EPC the three information elements in the UE Attach process. all the messages are sent to the standby server.061 protocol (for example: IMSI. By default.eCNS600 Feature Description 2 Optional Features  Configuring authentication message resend count and expiration time The eCNS600 supports the configuration of authentication message resend count and expiration time based on network conditions. MCC. If the active server is faulty.  Context deactivation according to RADIUS Packet of Disconnect (POD) messages The eCNS600 retrieves a UE IP address according to a POD message. and MNC) to the AAA server for authentication reference. Then it deactivates subscribers based on their IMSIs and NSAPIs. Enhancement None. In this mode. which are used to deactivate subscribers. the domain name will be stripped from the user name before an authentication message is sent to the AAA server. That is. Standard RFC 2865 Remote Authentication Dial In User Service (RADIUS) Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. POD messages.061 defines the protocols of interfaces between the P-GW and the AAA server. the message sent to the AAA server carries the user name without a domain name..  Active/Standby AAA server The eCNS600 allows the AAA servers to receive RADIUS authentication messages in active/standby mode. the domain name is kept. User Name and Password items in its PCO Setting. The eCNS600 transmits the extended attributes defined in the 3GPP 29. the eCNS600 checks whether the APN is configured to strip a domain name. The UE must support at least the Authentication Type. it will receive all RADIUS authentication messages. It checks the validity of POD messages and receives only PODs containing server IP addresses. Before an authentication message is sent. The eCNS600 only supports active/standby mode connection with AAA Servers. If no.  3GPP extended attributes 3GPP 29. the port number for authentication is 1812 and that for accounting is 1813.

locating network faults.2.. and testing new features.401. adjusting and optimizing networks. Ltd 69 . Summary The end-to-end subscriber trace feature enables multiple MEs to trace signaling messages of a subscriber in a trace task and to send traced messages to a specified device such as an NMS. analyzing subscriber behaviors. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Description Operation and maintenance engineers can use the end-to-end subscriber trace feature to trace subscriber signaling messages and then analyze the traced signaling messages for handling customer complaints.061 Interworking between the Public Land Mobile Network (PLMN) supporting packet based services and Packet Data Networks (PDN) 2. Benefits Enterprise Customers The end-to-end subscriber trace feature can improve fault location efficiency for refined network maintainance.6 eCNSFD-110012 E2E Subscriber Tracing Applicable NEs eCNS Availability This feature is introduced in eCNS600 V100R002. Figure 2-2 shows the end-to-end subscriber trace procedure. General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access 3GPP TS 29.eCNS600 Feature Description 2 Optional Features 3GPP TS 23.

and eNodeB through signaling links. the messages on the S1-MME. 2. trace ME list. including the eNodeB. and deleting trace sessions. Currently. 3. MME traces signaling messages and sends traced signaling messages in file report mode to the EMS through the trace data link. When the eCNS600 servers as the MME. and S10 interfaces can be traced. Then.  Trace ME list It lists the MEs required to trace signaling messages in a trace session. that is. complete messages are reported. The trace command is subscriber-specific and the subscriber is specified by the IMSI or MSISDN.eCNS600 Feature Description 2 Optional Features Figure 2-2 End-to-end subscriber trace NMS Itf-N Itf-N Itf-N Vendor B Vendor A 3 1 EMS 3 2 PGW EMS EMS 1 3 3 3 2 SGW HSS 1 S1 2 2 MME eNB S1 eNB 1. P-GW. the EMS displays the traced messages. MME.  Trace reference ID It uniquely identifies a trace session.  Trace interface list It lists the interfaces on which messages need to be traced. The MME sends trace data to the MEs in this list. checking. Ltd 70 . trace depth. Each ME has a trace interface list. S6a. Alternatively. and trace interface list of each ME.  Trace depth It indicates the content depth of traced messages reported by the MEs. Trace data includes the trace reference ID. The element management system (EMS) sends a trace command to MME through a management link and the instruction includes creating. the EMS sends a trace command to the HSS and the HSS informs the MME of the instruction through a message over the S6a interface. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. MME sends trace control parameters to the S-GW. and P-GW. only the maximum depth is supported. S-GW..

Ltd 71 . Telecommunication management. the eNodeB selects an eCNS for a UE based on the load sharing policy configured on the eNodeB. Standard 3GPP TS 32.3.3 Reliability 2. Benefits This feature implements disaster tolerance and improves the network availability. Therefore. In addition.422. Subscriber and equipment trace: Trace control and configuration management 2. and HSS support the end-to-end subscriber trace function. S-GW.1 eCNSFD-110006 eCNS Redundancy Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001. P-GW. the eNodeB needs to obtain the load sharing weights of the eCNSs through the S1 interfaces so that the eNodeB can select an eCNS for a UE from available eCNSs. Dependency The complete end-to-end subscriber trace function requires that all of the EMS. at least the EMS must support the end-to-end subscriber trace function. This feature is an optional feature and is under license control. the eNodeB needs to know the status of the eCNSs. For the eCNS600 to implement the end-to-end subscriber trace function. eNodeB. If the eNodeB detects that an eCNS is unavailable. These eCNSs connect to all the eNodeBs in this area and work in load sharing mode. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. MME. it adjusts the load sharing policy and assigns new service requests to other eCNSs. Description In eCNS redundancy scenarios.eCNS600 Feature Description 2 Optional Features Enhancement None. Summary eCNS redundancy is a disaster tolerance mechanism where multiple eCNSs serve the same radio coverage area (called the eCNS redundancy area)..

(1 – A)N Maximum data throughput N x 4 Gbit/s Remarks A: system availability of an eCNS N (≤5): number of eCNSs 4 Gbit/s: maximum data throughput of an eCNS Enhancement None Dependency This feature does not depend on other features. eCNS redundancy can be used to increase the maximum data throughput when the forwarding capability of the network becomes a bottleneck.236. "General Packet Radio Service (GPRS) enhancements for Evolved universal Terrestrial Radio Access Network (E-UTRAN) access"  3GPP TS 23.. If one or more tracking areas (TAs) are served by multiple eCNSs. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.401. these TAs form an eCNS redundancy area. eCNS redundancy mainly implements disaster tolerance and improves the network availability. Table 2-3 lists eCNS redundancy specifications.4.1 eCNSFD-110007 Bidirectional Forwarding Detection (BFD) Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R001. In addition. Ltd 72 . This feature is an optional feature and is under license control.eCNS600 Feature Description 2 Optional Features An area served by multiple eCNSs is called an eCNS redundancy area. "Intra-domain connection of Radio Access Network (RAN) nodes to multiple Core Network (CN) nodes" 2. Table 2-3 eCNS redundancy specifications Item Specification Network usability 1 .4 Networking 2. Standards  3GPP TS 23.

but not in demand mode. In asynchronous BFD. the devices periodically send BFD packets to each other. BFD packets are encapsulated in UDP packets. The major characteristics of BFD are as follows:  Implements bidirectional link detection. which does not significantly add to the network load and requires little time to complete. Benefits This feature provides a transmission-media-independent detection mechanism that enables fault detection at the millisecond level. only one BFD session exists on a specified interface such as a physical port.  Dynamically modifies BFD parameters without affecting the status of ongoing sessions. Ltd 73 . the session is considered to be down.. The destination port number is 3784. The source port number is within the range of 49152 and 65535. which refers to detection of IP connectivity between directly connected devices. If one device does not receive any packet from the other device within a specified period.eCNS600 Feature Description 2 Optional Features Summary Bidirectional forwarding detection (BFD) is used to detect communication faults between devices and notify the upper layers of the faults. The eCNS supports BFD in asynchronous mode. Asynchronous BFD is most commonly used. Table 2-4 lists BFD specifications. Table 2-4 BFD specifications Item Specification Shortest detection time (ms) 30 Maximum number of BFD sessions 16 Maximum number of static routes bound to a BFD session 512 Maximum number of default routes bound to a BFD session 6 Enhancement None Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Description The eCNS supports single-hop BFD. virtual circuit. All the BFD packets of a session use the same source port number. For a data protocol. or tunnel.

Standards  Draft-ietf-bfd-v4v6-1hop-04  Draft-ietf-bfd-base-04  Draft-ietf-bfd-multihop-04 2. Ltd 74 . This feature is an optional feature and is under license control. this feature allows the wireless device to obtain a network segment address (not only an IP address) and assign IP addresses to the terminals. End Users Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. With these addresses. the terminals can communicate with the enterprise network. The eCNS can determine whether to use this feature for an APN.eCNS600 Feature Description 2 Optional Features Dependency Table 2-5 Interaction with other features Feature Interaction eCNSFD-040700 VRF In the network scenario of dual active ports with static routes. improves working efficiency.4. Summary This feature applies to mobile VPNs. and reduces operating costs.Unlike Network Address Translation (NAT). This feature allows terminals to access an enterprise network through a wireless device and allows mutual visits between the terminals and the enterprise network.2 eCNSFD-110010 Routing Behind MS Applicable NEs eCNS Availability This feature is introduced in eCNS600 V100R002. Benefits Enterprise Customers This feature provides a new business model for mobile VPNs.. BFD should be activated in VRF in order that eCNS could switch route when old route is fault.

Figure 2-3 shows the network structure for the Routing Behind MS feature. Description Application Scenario This feature is mainly applicable to enterprise customers' mobile VPNs. mobile VPN users need to visit or be visited by an enterprise network. The eCNS also receives downlink data from PDNs. Both mobile VPN users and common home users can access a network through a wireless device.  eCNS The eCNS receives uplink data from the CPE and forwards the data to PDNs.eCNS600 Feature Description 2 Optional Features This feature enables end users to access the enterprise network through a wireless device. These terminals may be mobile phones. and secure manner. the technologies for the two applications are very different. In comparison. Ltd 75 . the Routing Behind MS feature is introduced to address this issue. obtains a network segment address. The router uses NAT for address translation and allows multiple users to access the network at the same time even when the router obtains only one IP address during an EPS bearer activation procedure.. or computers. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. WiFi terminals. However. rapid. In addition. and assigns IP addresses to the connected terminals.  IP terminals IP terminals are connected to the CPE. As NAT cannot meet this requirement. Figure 2-3 Network structure for the Routing Behind MS feature Main Functional Units  CPE The CPE is a wireless device. this feature allows mutual visits between branches and headquarters in a flexible. Common home users visit a network through a wireless router. It originates the setup of a default EPS bearer. selects tunnels in the enterprise network based on the destination IP addresses. and sends the data to target terminals.

3 eCNSFD-110013 UE Fixed IP MultiHoming Applicable NEs eCNS Availability This feature was introduced in eCNS600 V100R002.4. The eCNS dynamically delivers route information containing the UE fixed IP address as the destination IP address over the SGi interface through the Open Shortest Path First (OSPF) protocol. Benefits Enterprise Customers With enterprise networks.eCNS600 Feature Description 2 Optional Features Enhancement None Dependency Table 2-6 Interaction with other features Feature Interaction eCNSFD-040600 OSPFv2 One VRF support more than OSPF process. Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. most traffic is originated by the network side and the IP addresses of the UEs are fixed. EPC is short for evolved packet core. a UE can access multiple interconnected eCNSs at different time points without changing its fixed IP address. Normally. Ltd 76 . Standards None 2. The UE Fixed IP MultiHoming feature enables the UE to change the route with the eCNS accessed by the UE.. In this way. these UEs attach only to a specific eCNS. This improves the UE's capability to perform cross-EPC services. while one OSPF process belongs to only one VRF. Summary This feature applies to mobile virtual private networks (VPNs). This feature is an optional feature and is under license control.

Figure 2-1 Networking for UE Fixed IP MultiHoming eCNS A S1 SGi Router eNodeB A S10 OSPF Area S5 APP Server UE S1 SGi eNodeB B eCNS B Main Functional Units UE: A UE has a fixed IP address and selects an eCNS on an EPC to attach to. and receives uplink data from the UE. the eCNS delivers route information containing the UE fixed IP address as the destination IP address over the SGi interface through the OSPF protocol. The UE has a fixed IP address and retains its fixed IP address after attaching to the eCNSs in different regions. Network redundancy backup: In this scenario. APP Server: An APP Server initiates services to the UE. eCNS: When a UE attaches to the eCNS. the eCNS notifies the router to delete the route over the SGi interface through the OSPF protocol. Enhancement None Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. the router sends the data to the eCNS that recently delivers the route based on learned routes. Ltd 77 . When the router receives downlink data sent by the APP server. When a UE detaches from the eCNS. The following figure shows the networking for UE Fixed IP MultiHoming. Router: A router learns the route information containing the UE fixed IP address as the destination IP address through the OSPF protocol. the enterprise network consists of multiple eCNSs whose coverage regions are overlapped.eCNS600 Feature Description 2 Optional Features Description Application Scenarios Cross-region access: In this scenario.. sends downlink data to the UE. The UE has a fixed IP address and retains its fixed IP address after attaching to another eligible eCNS in the same region. the enterprise network consists of multiple eCNSs that cover different regions without any overlap.

Ltd 78 .eCNS600 Feature Description 2 Optional Features Dependency Table 2-7 Interaction with other features Related Feature Interaction eCNSFD-040600 OSPFv2 This feature depends on the eCNSFD-04600 OSPFv2 feature. Standards None Draft A (2013-04-09) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.. eCNSFD-110010 Routing Behind MS This feature is mutually exclusive to the eCNSFD-110010 Routing Behind MS feature.

Sign up to vote on this title
UsefulNot useful

Master Your Semester with Scribd & The New York Times

Special offer: Get 4 months of Scribd and The New York Times for just $1.87 per week!

Master Your Semester with a Special Offer from Scribd & The New York Times