SGSN: add Auth. policy, NS Statistics and BSSGP state examples, tweaks

Add semicoli in fig-gprs-pcubts digraph. Remove section from GMM Implementation about non-existence of HLR. The SGSN can access osmo-hlr via GSUP (and will have to do so in the libvlr future). Change-Id: I0164f418e453672321eed00bbc454c1e223ea158
2017-01-06 14:34:45 +01:00 · 2017-01-06 14:34:45 +01:00 · 8e01a9d06f
parent c122abf12d
commit 8e01a9d06f
3 changed files with 72 additions and 21 deletions
--- a/OsmoSGSN/chapters/configuration.adoc
+++ b/OsmoSGSN/chapters/configuration.adoc
@ -67,6 +67,43 @@ OsmoSGSN(config-sgsn)# grx-dns-add 1.2.3.4 <3>
 <2> Enable the dynamic GGSN resolving mode
 <3> Specify the IP address of a DNS server for APN resolution

+[[auth-pol]]
+=== Authorization Policy
+
+Authorization determines whether a particular subscriber can access
+your network or not.
+
+The following 4 authorization policy options are available:
+
+`accept-all`: All IMSIs will be accepted.
+
+`acl-only`: Accept only IMSIs, which are explicitly white-listed
+by the Access Control List (ACL), and the rest will be rejected.
+
+`closed`: Accept only home network subscribers.
+The combination of MCC and MNC fully identifies a subscriber's
+home network, also known as a Home Network Identity (HNI, i.e.
+MCC and MNC found at the start of the IMSI, e.g. MCC 901 and
+MNC 700 with IMSI 901700000003080). The ACL is also heeded.
+
+`remote`: GSUP protocol is used to remotely access a HLR.
+Only remote subscription data will be used.
+
+.Example: Assign or change authorization policy:
+----
+OsmoSGSN> enable
+OsmoSGSN# configure terminal
+OsmoSGSN(config)# sgsn
+OsmoSGSN(config-sgsn)# auth-policy acl-only <1>
+OsmoSGSN(config-sgsn)# write <2>
+Configuration saved to sgsn.cfg
+OsmoSGSN(config-sgsn)# end
+OsmoSGSN# disable
+OsmoSGSN>
+----
+<1> 'acl-only' is selected as authorization policy
+<2> Saves current changes to cofiguration to make this policy
+persistent

 === Subscriber Configuration

--- a/OsmoSGSN/chapters/overview.adoc
+++ b/OsmoSGSN/chapters/overview.adoc
@ -23,16 +23,16 @@ OsmoNITB/OsmoBSC/OsmoBTS, the PCU is co-located within the BTS.
 [graphviz]
 ----
 digraph G {
-	rankdir=LR;
-	MS0 [label="MS"]
-	MS1 [label="MS"]
-	MS0->BTS [label="Um"]
-	MS1->BTS [label="Um"]
-	BTS->BSC [label="Abis"]
-	BSC->MSC [label="A"]
-	BTS->PCU [label="pcu_sock"]
-	PCU->SGSN [label="Gb"]
-	SGSN->GGSN [label="GTP"]
+        rankdir=LR;
+        MS0 [label="MS"];
+        MS1 [label="MS"];
+        MS0->BTS [label="Um"];
+        MS1->BTS [label="Um"];
+        BTS->BSC [label="Abis"];
+        BSC->MSC [label="A"];
+        BTS->PCU [label="pcu_sock"];
+        PCU->SGSN [label="Gb"];
+        SGSN->GGSN [label="GTP"];
 }
 ----

@ -68,14 +68,6 @@ The GPRS Mobility Management implementation is quite simplistic at this
 point. It supports the GPRS ATTACH and GPRS ROUTING AREA UPDATE
 procedures, as well as GPRS ATTACH and GPRS DETACH.

-However, as the SGSN currently does not implement any type of HLR
-access, it is not able to authenticate a subscriber or even check if the
-subscriber exists at all.  As such, all non-roaming subscribes are
-allowed to attach to OsmoSGSN.  Non-roaming means that the first 5
-digits of the IMSI must match the MCC and MNC of the cell that the
-subscriber is registering to.
-
-
 ==== LLC Implementation

 The LLC (Logical Link Control) implementation of OsmoSGSN only supports
--- a/common/chapters/gb.adoc
+++ b/common/chapters/gb.adoc
@ -67,14 +67,36 @@ OsmoSGSN> show ns
 Encapsulation NS-UDP-IP     Local IP: 127.0.0.1, UDP Port: 23000
 Encapsulation NS-FR-GRE-IP  Local IP: 0.0.0.0
 ----
-FIXME

-FIXME: show ns stats
+.Example: Inspecting NS statistics
+----
+OsmoSGSN> show ns stats
+Encapsulation NS-UDP-IP     Local IP: 10.9.1.198, UDP Port: 23000
+Encapsulation NS-FR-GRE-IP  Local IP: 0.0.0.0
+NSEI  101, NS-VC 101, Remote: BSS, ALIVE UNBLOCKED, UDP 10.9.1.119:23000
+ NSVC Peer Statistics:
+  Packets at NS Level  ( In):     1024 (2/s 123/m 911/h 0/d)
+  Packets at NS Level  (Out):     1034 (0/s 151/m 894/h 0/d)
+  Bytes at NS Level    ( In):   296638 (1066/s 22222/m 274244/h 0/d)
+  Bytes at NS Level    (Out):   139788 (0/s 48225/m 91710/h 0/d)
+  NS-VC Block count         :        0 (0/s 0/m 0/h 0/d)
+  NS-VC gone dead count     :        0 (0/s 0/m 0/h 0/d)
+  NS-VC replaced other count:        0 (0/s 0/m 0/h 0/d)
+  NS-VC changed NSEI count  :        0 (0/s 0/m 0/h 0/d)
+  NS-VCI was invalid count  :        0 (0/s 0/m 0/h 0/d)
+  NSEI was invalid count    :        0 (0/s 0/m 0/h 0/d)
+  ALIVE ACK missing count   :        0 (0/s 0/m 0/h 0/d)
+  RESET ACK missing count   :        0 (0/s 0/m 0/h 0/d)
+ NSVC Peer Statistics:
+  ALIVE reponse time        :        0 ms
+----

 .Example: Inspecting BSSGP state
 ----
+OsmoSGSN> show bssgp
+NSEI   101, BVCI     2, RA-ID: 1-2-1-0, CID: 0, STATE: UNBLOCKED
+NSEI   101, BVCI     0, RA-ID: 0-0-0-0, CID: 0, STATE: UNBLOCKED
 ----
-FIXME

 FIXME: show nse