FortiCarrier Introduction

PDP Context

The packet data protocol (PDP) context is a connection between a mobile station and the end address that goes through the SGSN and GGSN. It includes identifying information about the mobile customer used by each server or device to properly forward the call data to the next hop in the carrier network, typically using a GTP tunnel between the SGSN and GGSN.

When a mobile customer has an active voice or data connection open, both the SGSN and GGSN have the PDP context information for that customer and session.

When a mobile phone attempts to communicate with an address on an external packet network, either an IP or X.25 address, the mobile station that phone is connected to opens a PDP context through the SGSN and GGSN to the end address. Before any traffic is sent, the PDP context must first be activated.

The information included in the PDP context includes the customer’s IP address, the IMSI number of the mobile handset, and the tunnel endpoint ID for both the SGSN and GGSN. The ID is a unique number, much like a session ID on a TCP/IP firewall. All this information ensures a uniquely identifiable connection is made.

Since one mobile device may have multiple connections open at one time, such as data connections to different Internet services and voice connections to different locations, there may be more than one PDP context with the same IP address making the extra identifying information required.

The endpoint that the mobile phone is connecting to only knows about the GGSN — the rest of the GPRS connection is masked by the GGSN.

Along the PDP context path, communication is accomplished in using three different protocols.

l The connection between the Mobile Station and SGSN uses the SM protocol. l Between SGSN and GGSN GTP is used. l Between GGSN and the endpoint either IP or X.25 is used.

FortiOS Carrier is concerned with the SGSN to GGSN part of the PDP context — the part that uses GTP.

For more about PDP context, see Tunnel Management Messages.

Creating a PDP context

While FortiOS Carrier is concerned mostly with the SGSN to GGSN part of the PDP Context, knowing the steps involved in creating a PDP context helps understand the role each device, protocol, and message type plays.

Both mobile stations and GGSNs can create PDP contexts.

A Mobile Station creates a PDP context

  1. The Mobile Station (MS) sends a PDP activation request message to the SGSN including the MS PDP address, and APN.
  2. Optionally, security functions may be performed to authenticate the MS.
  3. The SGSN determines the GGSN address by using the APN identifier.
  4. The SGSN creates a downlink GTP tunnel to send IP packets between the GGSN and SGSN.
  5. The GGSN creates an entry in its PDP context table to deliver IP packets between the SGSN and external packet switching network.
  6. The GGSN creates an uplink GTP tunnel to route IP-PDU from SGSN to GGSN.
  7. The GGSN then sends back to the SGSN the result of the PDP context creation and if necessary the MS PDP address.
  8. The SGSN sends an Activate PDP context accept message to the MS by returning negotiated the PDP context information and if necessary the MS PDP address.
  9. Now traffic can pass from the MS to the external network endpoint.

A GGSN creates a PDP context

  1. The network receives an IP packet from an external network.
  2. The GGSN checks if the PDP Context has already been created.
  3. If not, the GGSN sends a PDU notification request to the SGSN in order to initiate a PDP context activation.
  4. The GGSN retrieves the IP address of the appropriate SGSN address by interrogating the HLR from the IMSI identifier of the MS.
  5. The SGSN sends to the MS a request to activate the indicated PDP context.
  6. The PDP context activation procedure follows the one initiated by the MS. See “A Mobile Station creates a PDP context”.
  7. When the PDP context is activated, the IP packet can be sent from the GGSN to the MS.

Terminating a PDP context

A PDP context remains open until it is terminated. To terminate the PDP context an MS sends a Deactivate PDP context message to the SGSN, which then sends a Delete PDP Context message to the GGSN.

When the SGSN receives a PDP context deletion acknowledgment from the GGSN, the SGSN confirms to the MS the PDP context deactivation. The PDP can be terminated by the SGSN or GGSN as well with a slight variation of the order of the messages passed.

When the PDP Context is terminated, the tunnel it was using is deleted as well. If this is not completed in a timely manner, it is possible for someone else to start using the tunnel before it is deleted. This hijacking will result in the original customer being overbilled for the extra usage. Anti-overbilling helps prevent this. See Configuring Anti-overbilling in FortiOS Carrier.

GPRS security

The GPRS network has some built-in security in the form of GPRS authentication. However this is minimal, and is not sufficient for carrier network security needs. A GTP firewall, such as FortiOS Carrier, is required to secure the Gi, Gn, and Gp interfaces.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.