Overlapping Ip Address Pool Support – Ggsn - Cisco ASR 5000 Series Administration Manual

Overlapping IP Address Pool Support – GGSN
Overlapping IP Address Pool Support – GGSN
Overlapping IP Address pools allow operators to more flexibly support multiple corporate VPN customers
with the same private IP address space without expensive investments in physically separate routers or virtual
routers.
The system supports two types of overlapping pools:
• Resource pools are designed for dynamic assignment only, and use a VPN tunnel (such as a GRE tunnel)
• Overlap pools can be used for both dynamic and static addressing, and use VLANs and a next hop
To forward downstream traffic to the correct PDP context, the GGSN uses either the GRE tunnel ID or the
VLAN ID to match the packet. When forwarding traffic upstream, the GGSN uses the tunnel and forwarding
information in the IP pool configuration; overlapping pools must be configured in the APN in such instances.
When a PDP context is created, the IP address is assigned from the IP pool. In this case the forwarding rules
are also configured into the GGSN. If the address is assigned statically, when the GGSN confirms the IP
address from the pool configured in the APN, the forwarding rules are also applied.
The GGSN can scale to as many actual overlapping pools as there are VLAN interfaces per context, and there
can be multiple contexts per GGSN. The limit is the number of IP pools. This scalability allows operators
who wish to provide VPN services to customers using the customer's private IP address space, not to be
concerned about escalating hardware costs or complex configurations.
RADIUS VLAN Support – Enhanced Charging Services
VPN customers often use private address space which can easily overlap with other customers. The subscriber
addresses are supported with overlapping pools which can be configured in the same virtual routing context.
RADIUS Server and NAS IP addresses do not need to be in separate contexts, thereby simplifying APN and
RADIUS configuration and network design. This feature allows the following scenarios to be defined in the
same context:
• Overlapping RADIUS NAS-IP addresses for various RADIUS server groups representing different
• Overlapping RADIUS server IP addresses for various RADIUS servers groups.
Every overlapping NAS-IP address is given a unique next-hop address which is then bound to an interface
that is bound to a unique VLAN, thereby allowing the configuration to exist within the same context.
The system forwards RADIUS access requests and accounting messages to the next hop defined for that
NAS-IP; the connected routers forward the messages to the RADIUS server. The next hop address determines
the interface and VLAN to use. Traffic from the server is identified as belonging to a certain NAS-IP by the
port/VLAN combination.
The number of RADIUS NAS-IP addresses that can be configured is limited by the number of loopback
addresses that can be configured.
ASR 5500 System Administration Guide, StarOS Release 21.4
300
to forward and receive the private IP addresses to and from the VPN.
forwarding address to connect to the VPN customer.
APNs.
VLANs