Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

32 SPD - eRAN12.1 - LTE FDD Network Design Technical Training-20170315-A-1.0

Download as ppt, pdf, or txt
Download as ppt, pdf, or txt
You are on page 1of 112

2017/03/15 Security Level: Confidential

LTE FDD Network Design


Technical Training (eRAN
12.1)

www.huawei.com

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential


 E-UTRAN network design services are in engineering
preparations and delivery stages. The network planning
provided by the Service Marketing Network Design
Department, the network development plan provided by
the customer, and radio network planning provided by
the Network Planning Department serve as inputs of
concept design and detailed design. E-UTRAN network
design results provide instructions on follow-up network
deployment and project implementation.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 2


目录

1 Introduction to the LTE Network Design Service

2 Resource Allocation, OM Design, and Naming and Numbering Design

3 Time Synchronization and Clock Source Design

4 Reliability , IP Interworking and Transmission Security Design

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 3


1. Learn the network design architecture.
2. Learn the network design contents and deliverables.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 4


Position of Network Design in the Network Life Span

Network Planning Network Design Network Network Operation


Network
Provision and Optimization

Daily Maintenance &


Network Planning HLD & LLD Network Provision Network Optimization

Network Design Scenarios

Network Deployment Network Expansion Equipment


Replacement Network Evolution
 Deploy a new network. The in-service  Swap the equipment
  Launch new functions
network needs to be of other vendors. and new services.
expanded due to the
traffic growth.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 5


E-UTRAN Network Design Process

Information High Level Low Level Project Overview


Planning Phase
Collection Design Design

Outputs Outputs

Customer
requirements Hardware resource allocation
Project
Information BOQ Naming rules

Contract O&M design Network


Design
Target network
diagram Interface IP interworking

Target traffic model Network feasibility and


interface security
Target network
dimensioning System clock

Inputs

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 6


LTE E-UTRAN Network Design Service Framework

Resource Allocation Board and slot planning


Design

IP Interworking Design Port planning, IP address/route planning, VLAN, QoS design

O&M Design Channel design, DHCP, backup, OM security policies

eNodeB Script
Clock Synchronization
Clock source recommendation policy design, clock source design
Design

Transmission Interface
Route backup, SCTP multi-homing, OMCH backup
Reliability Design

Transmission Security
PSK/PKI/digital certificate, CMPV2, IPSEC, 802.1X
Design

Naming and Numbering


Site/cell naming, S1/X2 link numbering
Design

Other Related Design LTE-EPC joint-design, U2000 design, transport networking overview

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 7


E-UTRAN O&M Design
O&M network design O&M channel planning

 Maintenance IP address
 O&M network planning planning and service IP address
isolation
 OMCH DHCP/DSCP design

Time synchronization design O&M security design

 eNodeB OM time source design  O&M security design


 Time source design of the TDD LTE  O&M access security design
service (GPS, 1588)

Objective: Improve network security and ensure network maintenance stable and
low cost.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 8


System Reliability and Transmission Security Design

Redundancy Design Transmission Fault Detection Security Design

IPSEC design (key/digital


IP route backup design IPPATH connection detection certificate)

OMCH backup design 802.1X security design


IPPM/BFD
NTP security authentication
SCTP multi-homing

IPSEC dual-channel IEEE802.3ah/IEEE802.1ag Clock security design


design

Objective: Providing a secure and reliable network.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 9


System Resource Design and Naming/Numbering Design

System Resource Design Naming /Numbering Design Other Design

Board and slot design eNodeB naming design LTE-EPC design

Transport networking
Cell naming design
design

Link numbering design

Objective: Providing standard eNodeB naming rules and recommending board deployment rules.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 10


E-UTRAN System Clock Source Design
E-UTRAN System
Clock Types
GPS

1588V2
(G8265.1/16.1)
eNodeB

SYNETH eNodeB
Clock
Clock source Source
combination eNodeB

eNodeB
Local Crystal
Oscillator

System Clock Source Design



Selecting clock source types (backup and clock source priority settings)

Time working mode (handover mode)

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 11


Network Design Deliverables (See the Latest
Template)

You can obtain network design deliverables from http://support.huawei.com by choosing Support
> Knowledge Base > Wireless Network > FDD > LTE FDD RAN > LTE FDD_eNodeB > eRAN .
http://support.huawei.com/carrier/docview!docview?nid=KB1000184464&path=PBI1-
7851894/PBI1-21433538/PBI1-7854329/PBI1-21465979/PBI1-6149576
Remarks: Network design deliverables have not achieved GA, and therefore they are unavailable
http://support.huawei.com. They will be uploaded to http://support.huawei.com in future.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 12


目录

1 Introduction to the LTE Network Design Service

2 Resource Allocation, OM Design, and Naming and Numbering Design

3 Time Synchronization and Clock Source Design

4 Reliability , IP Interworking and Transmission Security Design

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 13


Board configurations
Slot design
OM design
Naming and numbering design

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 14


References

LTE eRAN12.1 Network Design Guide


BBU3900 Hardware Description(V100R012C00)

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 15


Slot Configurations in the eNodeB
Typical configuration of the BBU3900
Board Type Slot:Board Type Slot:Board Type Slot:Board Type

0:LBBP /UBBPd_L /USCUb 4:LBBP /UBBPd_L /USCUb


18:UPEU/ UEIU
1:LBBP /UBBPd_L /USCUb 5:LBBP /UBBPd_L /USCUb
16:FAN
2:LBBP /UBBPd_L 6:LMPT/ UMPT
19: UPEU
3:LBBP /UBBPd_L 7:LMPT /UMPT

Typical configuration of the BBU3910


Board Type Slot:Board Type Slot:Board Type Slot:Board Type

0:UBBP_L /USCUb 4:UBBP_L /USCUb


18:UPEU/ UEIU
1:UBBP_L /USCUb 5: UBBP_L /USCUb
16:FAN
2: UBBPd_L 6:UMPT
19: UPEU
3: UBBPd_L 7:UMPT

LTE main processing and transmission unit (LMPT)


LTE baseband process unit (LBBP)
Universal baseband processing unit (UBBP)
Universal power and environment interface unit (UPEU)
Universal environment interface unit (UEIU)
Universal satellite card and clock unit (USCU)
Universal main processing and transmission unit (UMPT)

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 16


BBU3900 Board Configuration Rules
Board Slot Configuration Sequence
Board Type Mandatory Maximum
Name (Priorities Lower from Left to Right)

UMPTb
LTE(FDD)
UMPTe
main control Yes 2 Slot7 Slot6 - - - -
board UMPTa2/U
MPTa6
LMPT
USCUb22 No 1 Slot5 Slot1 - - - -
Satellite
USCUb14
card board No 1 Slot5 Slot4 Slot1 Slot0 - -
USCUb11
LBBPd
LTE(FDD) LBBPc Slot
baseband Yes 6 Slot3 Slot0 Slot1 Slot2 Slot5
UBBPd 4
board

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 17


BBU3910 Board Configuration Rules

Board Mandator Slot Configuration Sequence (Priorities


Board Type Maximum
Name y Lower from Left to Right)
Main control UMPTb1 Yes 2 Slot7 Slot6 - - - -
board UMPTb2

UMPTe1
UMPTe2
UMPTe3
Satellite USCUb22 No 1 Slot5 Slot1 - - - -
card board
USCUb14 No 1 Slot5 Slot4 Slot0 Slot1 - -

USCUb11

Baseband UBBPd_L Yes 6 Slot3 Slot2 Slot1 Slot0 Slot4 Slot5


board

UBBPe_L

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 18


LMPT

LTE main processing and transmission unit (LMPT): manages the eNodeB, implements OM management
and signaling processing functions, and provides clock for the BBU3900.

Ports SFP0 and FE/GE0 are 1 GE transmission line actually, and cannot be used at one time.
Ports SFP1 and FE/GE1 are 1 GE transmission line actually, and cannot be used at one time.
The eNodeB adopts LMPT board cold backup, which means that two LMPT boards work in
active/standby mode.

1. When the active LMPT board becomes faulty, services will be automatically switched over to the
standby LMPT board. The switchover will cause service interruption, and the interruption is about 2
minutes.
2. Operators can run the following MML command to conduct a switchover: SWP BRD.
3. Hot backup is not supported.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 19


UMPT

UMPTa/b panel

UMPTe panel

 Universal main processing and transmission unit (UMPT): main control board of the BBU3900,
provides signaling processing and resource management functions for other boards.
 The following types of UMPT board apply to LTE networks: UMPTa1, UMPTa2, UMPTa6, UMPTb1,
and UMPTb2, UMPTe1,UMPTe2,UMPTe3. The board type is marked in the lower left corner of each
board.
 Each UMPT board has the following ports: 1. One FE/GE optical port and one FE/GE electrical port,
which are used to transmit service data and signaling over the Ethernet 2. Four E1/T1 ports, which
are used to input and output E1/T1 signals

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 20


LBBP

 Baseband processing board of the BBU3900, implements uplink and downlink baseband processing, and provides CPRI ports for communication between the BBU and RF modules. An LBBP board can be
placed in slots 0 to 5. A maximum of three boards (for the same mode) can be used. The types of LBBP board apply to LTE networks are as follows: LBBPc, LBBPd1, LBBPd2, and LBBPd3.

 Resources are dynamically allocated to services according to the LBBP capacity and load.
 CPU processing capacity is shared between cells, users, uplink and downlink services.
 Complete redundancy of baseband resources is available between cells. When some baseband resources are unavailable, the associated services can be diverted to other baseband resources so that the
services in the cell are not disrupted or can resume.

Baseband Resource Pool

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 21


LBBP/UBBP Board Specifications

Board Name Cell Quantity Cell Bandwidth Antenna Configuration


3x20M 1T1R
•In LTE FDD scenarios, the LBBPc and LBBPd board specifications are as follows:
3x20M 1T2R
LBBPc 3 1.4M/3M/5M/10M/15M/20M 3x10M 4T4R
3x20M 2T2R
1x20M 4T4R
3x20M 1T1R
LBBPd1 3 1.4M/3M/5M/10M/15M/20M 3x20M 1T2R
3x20M 2T2R
3x20M 1T1R
3x20M 1T2R
LBBPd2 3 1.4M/3M/5M/10M/15M/20M
3x20M 2T2R
3x20M 4T4R
6x20M 1T1R
LBBPd3 6 1.4M/3M/5M/10M/15M/20M 6x20M 1T2R
6x20M 2T2R

Board Name Cell Quantity Cell Bandwidth Antenna Configuration


3x20M 1T1R
•In LTE FDD scenarios,3 the UBBP board
UBBPd3 specifications are as follows:
1.4M/3M/5M/10M/15M/20M 3x20M 1T2R
3x20M 2T2R
3x20M 1T1R
3x20M 1T2R
UBBPd4 3 1.4M/3M/5M/10M/15M/20M
3x20M 2T2R
3x20M 4T4R
6x20M 1T1R
UBBPd5 6 1.4M/3M/5M/10M/15M/20M 6x20M 1T2R
6x20M 2T2R
6x20M 1T1R
6x20M 1T2R
UBBPd6 6 1.4M/3M/5M/10M/15M/20M
6x20M 2T2R
6x20M 4T4R

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 22


LBBP/UBBP Board Specifications

Board Name Cell Quantity Cell Bandwidth Antenna Configuration


3x20M 1T1R
•In UBBPe1
LTE FDD scenarios,
3 the LBBPc and LBBPd board specifications
1.4M/3M/5M/10M/15M/20M are1T2R
3x20M as follows:
3x20M 2T2R
3x20M 1T1R
3x20M 1T2R
UBBPe2 3 1.4M/3M/5M/10M/15M/20M 3x20M 2T2R
3x20M 2T4R
3x20M 4T4R
6x20M 1T1R
UBBPe3 6 1.4M/3M/5M/10M/15M/20M 6x20M 1T2R
6x20M 2T2R
6x20M 1T1R
6x20M 1T2R
UBBPe4 6 1.4M/3M/5M/10M/15M/20M 6x20M 2T2R
6x20M 2T4R
6x20M 4T4R
9x20M 1T1R
9x20M 1T2R
UBBPe5 9 1.4M/3M/5M/10M/15M/20M 9x20M 2T2R
9x20M 2T4R
•In LTE FDD scenarios, the UBBP board specifications are as follows:
9x20M 4T4R
12x20M 1T1R
12x20M 1T2R
UBBPe6 12 1.4M/3M/5M/10M/15M/20M 12x20M 2T2R
12x20M 2T4R
12x20M 4T4R

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 23


UCIU&UCCU
The Universal Inter-Connection Infrastructure Unit (UCIU) provides the following functions:
Supports single- or multi-mode configuration and management. When in multi-mode, it is shared
by multiple modes and can be configured and managed by any mode.
Interconnects BBUs, and forwards control and synchronization information from one BBU to
another.
Supports co-site of a 3900 series base station and a 3012 series base station.

The Universal Inter-Connection Combo Unit (UCCU) provides the following functions:
Supports interconnection between the BBU and USU.
Allows the BBU to exchange data with the USU.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 24


UCCU typical application scenarios
UCCU is typically applied in BBU remote connection in the Cloud BB networking. As
shown in the following figure, a UCCU is installed in a BBU, converts the data over
sCPRI and SRIO interfaces, and interconnects with USU3910 or the switch through
the remote interface.

UCCU supports data transmission over 10GE port and 40GE port. 10GE port is
used as the outbound interface. UCCU supports the data synchronization of S1,
X2, and eX2 interfaces, which requires configuring the security and SCTP polices
in advance.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 25


OM Channel Design
 DSCP Value of the OM Channel
The DSCP value ranges from 0 to 63, and the recommended DSCP value is 46.
SET DIFPRI: PRIRULE=DSCP, OMHIGHPRI=46, OMLOWPRI=18 ;

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 26


OM Channel Backup
When the active OMCH is disconnected, the U2000 issues a command to the eNodeB to switch to the standby OMCH.
The switching process takes at least 6 minutes, during which U2000 takes 3 minutes to detect the broken link and
eNodeB disconnection, 1 minute to conduct link-related processing, and 2 minutes to check the link at a certain
interval. If U2000 detects available links, an OM link is created.
 ADD OMCH: FLAG=MASTER, IP="70.32.81.4", MASK="255.255.0.0", PEERIP="10.121.70.213",
PEERMASK="255.255.255.0", BEAR=IPV4, SN=7, SBT=BASE_BOARD, BRT=YES, DSTIP="10.121.70.0",
DSTMASK="255.255.255.0", RT=NEXTHOP, NEXTHOP="70.30.3.200";
 ADD OMCH: FLAG=SLAVE, IP="70.32.80.4", MASK="255.255.0.0", PEERIP="10.121.70.213", PEERMASK="255.255.255.0",
BEAR=IPV4, SN=7, SBT=BASE_BOARD, BRT=YES, DSTIP="10.121.70.0", DSTMASK="255.255.255.0", RT=NEXTHOP,
NEXTHOP="70.30.1.100“;
The following are key points to be focused. For details, see the MML command reference.

A maximum of two remote OM channels can be added to an eNodeB: one active channel and one standby channel.
The active channel takes effect upon eNodeB startup. If there is no active OMCH, the standby OMCH does not

automatically work as the active OMCH. In this case, the system thinks that the eNodeB has not configured a remote
OMCH.
After an active/standby switchover, the standby OMCH does not automatically switch back to the active OMCH,

unless the standby OMCH is faulty.


For other restrictions, see the MML Help.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 27


OM Channel Backup Policies
1. Usually, OMCH backup is used in scenarios where the remote HA U2000 system is used.
2. The OMCH backup is required over the Ethernet. An eNodeB configures different IP addresses for the active and
standby OMCHs, whereas U2000 can configure the same IP address for the active and standby OMCHs. In the
actual application scenarios, the number of OMCH IP addresses increases by many folds. You need to decide
whether to use the OMCH backup function based on the actual situation.
3. Two physical ports can be used for the OMCH backup to provide higher reliability. It is recommended that the active
and standby OM IP addresses be in different network segments to provide higher reliability.
4. If the OMCH is over the E1/T1, there is no need to use backup. The E1/T1 provides high reliability; the convergence
layer of the transport network has considered ring protection for the resources. Therefore, in this scenario, the
OMCH backup is unnecessary.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 28


OMCH Channel Backup Scenarios
 Scenario 1: Non-security network, a physical port, two IP addresses in two different segments
 As only one physical port is used, the other physical port can be used to support later expansion to multimode
eNodeB. However, if the physical port or the connected network device becomes faulty, both the active and
standby channels will break down.
 Scenario 2: Non-security network, two physical ports, two IP addresses in different segments
 Applied to single-mode site, can not be updated to multimode site.
 When a single physical port or a peer physical port becomes faulty, or when a route breaks down, OM channel
can run smoothly with good redundancy. The number of IP addresses that you need to plan is not too large.
 Scenario 3: Security network, one physical port, two loop IP addresses in different segment, OMIP is
invisible for transmission
 As only one physical port is used, the other physical port can be used to support later expansion to multimode
eNodeB. However, if the physical port or the connected network device becomes faulty, both the active and
standby channels will break down.
 Scenario 4: Security network, two eNodeB physical ports, two loop IP addresses in two different
segments
 OMIP is invisible to transmission network and single-mode eNodeBs cannot be updated to multimode
eNodeBs. When the physical ports on a single eNodeB becomes faulty, OM channels can be used normally
with good redundancy. The number of IP addresses that you need to plan is large.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential


MML Command Security Design – SSL
 To ensure the security of the OM transport network, such as protect against eavesdropping, malicious
attacks, or unauthorized access, the MML command security function is recommended to be activated,
especially in non-IPSec networking scenarios.
 To encrypt an MML command, enable this function on the U2000 client by choosing Security >
Certificate Authentication Manager > SSL Connection Manager.

Step1

Step2

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 30


eNodeB Naming Design
 Recommended naming rules: area name + site type +_ + serial number.
 Area name abbreviated whenever possible, for example, Shanghai jingqiao_DBS3900_1
 If a unique site type is used in a project, the site type is not required.

1. Customer's requirements
2. Unique in the entire network
3. Easy to understand and easy to use
4. Restrictions: The name supports a maximum of 64 characters. It cannot be an empty string or contain is less than (<), is greater than (>), exclamation (!), question mark (?), caret (^), two or more spaces, or two or more percents (%).

eNodeB Name eNodeB ID


Aleksandrow_DBS3900_1 1
Aleksandrow_DBS3900_2 2

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 31


Cell Naming Design
 It is recommended that cell names be designed based on the eNodeB name. Recommended cell naming
rules: eNodeB name + _ + cell + serial number.
 The serial number starts from 1.
When the customer network has several EARFCNs: numbers 1 to 5 are set for the first EARFCN and
numbers 6 to 10 are set for the second EARFCN.

1. Customer's requirements
2. Unique in the entire network
3. Easy to understand and easy to use eNodeB Cell Name Cell ID
4. Aleksandrow_DBS3900_1_Cell1
Restrictions: The name supports a maximum of 994 characters. It cannot be an empty string1or contain is
less than (<), is greater than (>), exclamation (!), question mark (?), caret (^), two or more spaces, or two
Aleksandrow_DBS3900_1_Cell2 2
or more percents (%).
PS: LocalCellId: 0 to 11; SectorId: 0 to 11; cellID: 0 to 255; PhyCellId: 0 to 503
LocalCellId is planned in the eNodeB and is generally the same as the value of SectorId.
CellID+eNBID+PLMN=ECGI, unique cell identifier in eUTRAN. PCI multiplexing is required, and the PCI
of a cell must be different with the PCIs of adjacent cells for handovers. PCIs are used because the
eNodeB easily parses PCIs. Generally, the eNodeB measures PCIs, ECGIs, and TACs in sequence.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 32


Internal Resource Numbering Design

 Numbering design for S1/X2 SCTPLNK


When the main control board is LMPT or UMPT, an eNodeB supports a maximum of 112 SCTP
links. In this scenario, the recommended numbering policies are as follows:
 No. of SCTPLNK on the S1 interface: 0 to 30;
 No. of SCTPLNK on the X2 interface: 31 to 111
Note that product specifications may change. The preceding information is for reference only.

 Numbering design for IPPATH


When the main control board is LMPT or UMPT, an eNodeB supports a maximum of 320 IP
paths. In this scenario, the recommended numbering policies are as follows:
 It is recommended that the IP paths to the peer objects on the user plane (that is, S1
interface) be numbered first. The No ranges from 0 to 30, starting from 0. Then, number
the IP paths to the neighboring eNodeBs (that is, X2 interface). The No ranges from 31 to
127, starting from 31.
Note that product specifications may change. The preceding information is for reference only.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 33


目录

1 Introduction to the LTE Network Design Service

2 Resource Allocation, OM Design, and Naming and Numbering Design

3 Time Synchronization and Clock Source Design

4 Reliability , IP Interworking and Transmission Security Design

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 34


1. Learn the concepts of time synchronization and
frequency synchronization.
2. Learn the rules for selecting clock or time sources.
3. Learn clock configurations.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 35


References

 LTE eRAN12.1 Network Design Guide


 LTE eRAN12.1 Synchronization Feature Parameter Description

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 36


Time Synchronization
Overview of Time Sources
Selection and Configuration of a Time
Source
Clock Synchronization
Overview of Clock Sources
Selection and Configuration of a Clock
Source

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 37


Time Synchronization
 Time synchronization is also referred to as time-of-day synchronization, where the origin of the
timescale for a signal needs to be synchronized with the Universal Time Coordinated (UTC).
Therefore, time synchronization implies synchronization in absolute time. The UTC time is a
universal timing standard, in which the atomic time is maintained accurately to ensure time
synchronization across the world, with the precision to microseconds.
 Design criteria:
1. Type of available time synchronization server onsite
2. Customer's requirements for time sources
 To ensure the OM time accuracy, the synchronization server is selected in the following
sequence:
1. GPS
2. Dedicated NTP server for customers
3. U2000 (which can be set and used as the NTP server)

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 38


 Time Synchronization Design

eNodeB synchronization

Time Synchronization Recommended


Parameter Value
Time synchronization
GPS/NTP/U2000
server
Time synchronization
360 minutes
period (configurable)
Number of port for time
synchronization 123
(configurable)

如果对时周期设置过短,频繁对时会对 U2000 造成冲击。

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 39


GPS

Advantage:
Slot 5
Slot 1 accuracy;
providing time
synchronization
Slot 4/Slot 5 and clock
Slot 0/Slot 1 synchronization at
the same time
Disadvantage:
requiring the
USCU and the
Port Connector Description
GPS antenna; a
GPS port SMA coaxial connector Receiving GPS signals
site with the
PCB welded wiring
RGPS port Receiving RGPS signals
terminal capability of
TOD0 port RJ-45 connector Receiving or sending 1PPS+TOD signals receiving GPS
TOD1 port RJ-45 connector
Receiving or sending 1PPS+TOD signals; receiving M1000 TOD signals.
signals
Receiving BITS clock signals; supporting adaptive inputs of
BITS port SMA coaxial connector
2.048M and 10M clock reference sources
M-1PPS port SMA coaxial connector Receiving M1000 1PPS signals

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 40


GPS Time and Clock Synchronization Configuration

•Time synchronization: SET TIMESRC: TIMESRC=GPS; SET TZ: ZONET=GMT+0800, DST=NO;


•Clock synchronization: ADD GPS: GN=0, CN=0, SRN=0, SN=7, CABLETYPE=TWISTED-PAIR, CABLE_LEN=30,
MODE=GPS, PRI=1;

1. The compensation value is calculated on the basis of the GPS feeder length to increase the clock accuracy. The
clock accuracy is affected if there is an excessively large difference between the configured GPS feeder length and
the actual feeder length.
2. GPS: Global Positioning System
GLONASS: GLObal NAvigation Satellite System
GPS/GLONASS: GPS Active 1U USCU
COMPASS: BeiDou (COMPASS) Navigation Satellite System
COMPASS/GPS: CPMPASS Active
GPS/COMPASS: GPS Active
3. When RGPS is used, the local satellite card is not required, because the external third-party device provides
demodulated satellite synchronization signals for the BS.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 41


NTP Synchronization
1. SET TIMESRC: TIMESRC=NTP; // Set the NTP server as CLK source.
2. SET TZ: ZONET=GMT+0800, DST=NO;
3. ADD NTPC: MODE=IPV4, IP="10.10.10.1", PORT=123, SYNCCYCLE=60, AUTHMODE=PLAIN;
In the remote HA U2000 system, the active and standby U2000 servers have different IP addresses. In terms of
security, you need to set both of them as the NTP servers, and specify which one is the active server.
1. ADD NTPC: MODE=IPV4, IP="10.10.10.2", PORT=123, SYNCCYCLE=60, AUTHMODE=PLAIN;
2. SET MASTERNTPS: MODE=IPV4, IP="10.10.10.1";
NTP Security Authentication

1. Cause: Manual operations, automatic time adjustment of the NTP


2. Impact scope: Fault management, performance management, scheduled tasks,
and CDRs

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 42


Time Synchronization
Overview of Time Sources
Selection and Configuration of a Time
Source
Clock Synchronization
Overview of Clock Sources
Selection and Configuration of a Clock
Source

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 43


Clock Synchronization
 Design
 On a digital communication network, bit streams of coded information are transmitted and switched at specific
bit rates. Therefore, the communication equipment on the network should use the clocks of the same
frequency and process bit streams based on the same timescale. On a synchronization network, the phase
offset or frequency offset between two or more signals stays within the specified range within a specific time.
 Clock frequency is also called frequency synchronization, which means that the frequency of a signal is the
same as the reference frequency.
 eNodeB Clock Accuracy
The clock accuracy is relatively high and must reach the straum-2 clock standard. As specified by the 3GPP
protocols, the recommended clock accuracy of the eNodeB is ±0.05 ppm. Compared with the 10 MHz clock,
the difference is ±0.5 Hz (0.05 ppm x 10 MHz = 0.5 Hz).
 FDD Scenarios
1.Frequency synchronization: The accuracy of eNodeB clock is recommended to ±0.05 ppm. Relative to
10MHz, the offset is ±0.5Hz.
2.Time synchronization: low requirements, just satisfy with maintenance clock accuracy (1s)

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 44


System Clock Source Design
System Clock Source Design System Clock Source Configuration

IP Clock GPS 1588V2 Ethernet Syn BITS E1T1 Crystal Oscillator



 Types of eNodeB clock source


 Working modes of eNodeB clock sources Auto Manual Free

IP Clock
eNodeB

Router/ IP Network
LAN Switch

Clock
physical link

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 45


Introduction to Clock Sources
Frequen
Phase
Clock cy
Synchroni Advantage Disadvantage
Source Synchro
zation
nization
GPS 1. Each eNodeB is configured with an independent GPS card, which The investments in the GPS and RGPS
does not need the support of the network. equipment and its installation and
√ √ 2. The clock has a high accuracy, and supports time synchronization maintenance are required.

IEEE1588 V2 1. With only frequency synchronization, this technology supports 1. To achieve time synchronization,
transparent transmission across the data network and has low all intermediate transport
requirements for the intermediate transport equipment. equipment must be upgraded to
2. This technology supports both frequency synchronization and time support IEEE1588 V2.
√ √ synchronization, and meets the clock requirements of LTE TDD. 2. The clock recovery quality is easily
3. IEEE1588 V2 is a standard protocol. Therefore, profile-based affected by the delay, jitter, and
interworking between equipment of different manufacturers is packet loss rate across the data
supported. network.

Clock over IP 1. This technology supports the transparent transmission across the 1. This technology does not support
data network and has low requirements for the intermediate time synchronization.
transport equipment. 2. The clock recovery quality is easily
√ × 2. This technology is mature and has been in commercial use for a affected by the delay, jitter, and
long time. packet loss rate across the data
network.

Synchronous 1. 1. Clock signals are extracted from the physical layer and are not 1. This technology does not support
Ethernet related to upper layer services. Therefore, the interworking time synchronization.
performance is satisfactory. 2. In the E-UTRAN, besides
2. The clock recovery quality is satisfactory. The technology is mature
eNodeBs, the intermediate
and insusceptible to packet loss rate and jitter.
transport equipment such as hubs
√ × 3. The transmission of clock signals does not occupy transmission
bandwidth. and LAN switches must be capable
of transparent transmission or
regeneration of clock signals at the
physical layer.
Page 46
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Strategy for Selecting eNodeB Clock Sources

 1. If eNodeBs are configured with the GPS clock, the GPS clock is used as the system clock
reference source.
 2. When an FE or GE port on the eNodeB is set to 100 Mbit/s or 1000 Mbit/s, and all
equipment on the network supports synchronous Ethernet, synchronous Ethernet is
recommended.
 3. Huawei IP clocks and IEEE 1588 V2 are recommended.
 4. If a customer has a dedicated clock server that supports the G8265.1 protocol, the eNodeB
can interconnect with the customer's clock server using the G8265.1 protocol.
 5. If eNodeBs use the E1/T1 line clock, the E1/T1 line clock is used as the system clock
source.
 6. When transmission is unavailable during site deployment or when external clocks cannot be
acquired due to the external reference failure, internal clocks are used instead.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential


Requirements for the QoS of the Data Bearer Network

For IEEE1588 V2, clock over IP, and synchronous Ethernet technologies, the clock is obtained from the network,
and then clock signals are distributed. Therefore, the data bearer network must have a fairly high QoS. The
following table lists the requirements of the three synchronization technologies for the QoS of the data bearer
network.
Technology Item Specification Remarks
Jitter < 20 ms /
IEEE1588V2 Packet loss
< 1% /
rate
Jitter < 20 ms /
Clock over IP Packet loss
< 1% /
rate
Similar to E1/T1, synchronous Ethernet uses the mechanism of extracting
clock signals from the physical layer. Therefore, synchronous Ethernet does
Input not have special requirements of the three synchronization technologies for
Synchronous
frequency <±0.016ppm the QoS of the data bearer network.
Ethernet
accuracy
As the eNodeB reference clock source, the input frequency accuracy should
be better than ±4.6 ppm and must reach the straum-2 clock standard
(±0.016ppm).

Remarks: The QoS requirements on the data bearer network for IEEE1588 V2 and IP Clock
are defined by Huawei, those for synchronous Ethernet are defined by the protocol.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 48


Local Crystal Oscillator
Local crystal oscillator, also known as free running, is a working mode used when there are no
available reference clocks after the system clock is warmed up, or when reference clocks for the
network become unavailable and the specified holdover mode reaches the threshold. This mode
ends when the eNodeB obtains and locks reference clocks again.
The crystal oscillator accuracy of the 10M clock in the LMPT reaches 0.01 ppm, which can satisfy
the clock accuracy (±0.05 ppm) of the eNodeB for a short time.
Application scenarios:
1. In a new site, the transmission resources are not ready and the eNodeB cannot obtain external
reference clocks.
2. In some trial offices or demo offices, there are few sites or there are no external reference clocks
temporarily.
3. External reference clocks are faulty.
The clock has been calibrated before delivery. In the initial use, the clock calibration is not required
onsite. And then, the clock calibration must be performed at an interval of 90 days, which requires
heavy workload. It is not used generally because the clock accuracy is worse than 0.05 ppm after
the clock performance deteriorates. Instead, external reference clocks are recommended.

Note: When the internal performance deteriorates, you need to lock the standard external clock
source (Rubidium equipment) to calibrate the clock. If the internal test results are unsatisfactory,
local crystal oscillator must be calibrated after one month.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 49


Combined Synchronization Sources
 Combination of GPS and
Synchronous Ethernet
GPS and synchronous Ethernet implement time
synchronization and frequency synchronization,
respectively. Synchronous Ethernet enhances time
synchronization robustness and improves time
holdover performance.

 Combination of IEEE1588 V2 and


Synchronous Ethernet
The IEEE1588 V2 server and synchronous Ethernet must
extract clock signals from the same clock source.
IEEE1588 V2 and synchronous Ethernet implement time
synchronization and frequency synchronization,
respectively. Synchronous Ethernet enhances time
synchronization robustness and improves time holdover
performance.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 50


Dual-Clock Mode is Recommended
 Each eNodeB can be configured with two IP clock links, either of which is used to
connect an independent IPCLK1000. If either of the IPCLK1000s is faulty or the
intermediate data bearer network is faulty, frequency synchronization is
implemented by using the clock link on the other clock server.

 The two clock servers can be manually or automatically switched as follows:


 In manual mode, you need to manually specify the clock server to be used.

 In automatic mode, the eNodeB determines which clock server to be used based

on the status of clock links.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 51


Recommended Huawei IPCLK1000

 Reference clock inputs supported by IPCLK1000:


BITS clock, external 8 kHz clock, external 1PPS clock, GPS/RGPS clock, 2.048 MHz clock
 Clock signal outputs supported by IPCLK1000:
2.048 Mbit/s signals, 1.544 Mbit/s signals, 2.048 MHz signals, and 1.544 MHz signals, and
1PPS+TOD
 IPCLK1000 specifications:
It provide four GE/FE ports and each port supports 512 clients.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 52


Settings on the eNodeB Side (For Reference)

1. Run the following command to set the clock synchronization mode:


SET CLKSYNCMODE:CLKSYNCMODE=FREQ; Add IPCLK links.
2. Run the following commands to add IP clock links for the eNodeB:
ADD
IPCLKLINK:ICPT=PTP,SN=7,CNM=UNICAST,IPMODE=IPV4,CIP="xxx.xxx.xxx.xxx",SIP="xxx.xxx.xxx.xxx"
,DELAYTYPE=E2E,PROFILETYPE=1588V2;
3. Run the following command to set the working mode of the clock:
SET CLKMODE:MODE=MANUAL,CLKSRC=IPCLK,SYNMODE=OFF;

For details about IPCLK1000 settings, see the corresponding


IPCLK1000 user guide.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 53


目录

1 Introduction to the LTE Network Design Service

2 Resource Allocation, OM Design, and Naming and Numbering Design

3 Time Synchronization and Clock Source Design

4 Reliability , IP Interworking and Transmission Security Design

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 54


Learn the LTE reliability design
IP interworking design
Transmission Security design

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 55


References

 LTE eRAN12.1 Network Design Guide


 Security Feature Parameter Description

 Transport Resource Management Feature


Parameter Description

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 56


Reliability Design

IP Interworking Design

Transmission Security design

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 57


Contents of Reliability Design

Reliability Design

Redundancy Design Fault Detection

Signaling plane and user IP PATH connection


plane separation detection

IP route backup IP PM detection

SCTP dual homing BFD detection

Ethernet link aggregation IEEE802.3ah

OM channel backup IEEE802.1ag

S1-Flex

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 58


Redundancy Mechanism and Detection Mechanism
Supported by LTE Network Currently
• The eNodeB detects faults by the detection mechanism, and implements active/standby
switchover by the redundancy mechanism, achieving reliable transmission .
Protocol Transmission Reliability Transmission Maintenance Detection
Layer Redundancy Protection Maintenance Time
Mechanism Object Mechanism
Application OM channel OM channel OM handshake Private handshake
layer backup protocol protocol: 3s to 5s
SCTP multi- S1/X2 channel SCTP detection Heartbeat and
homing mechanism retransmission
detection: Through
proper settings of the
Transport layer parameters, the
switchover can be
completed within five
seconds.
BFD detection Unit: 100 ms. The
duration is configurable.
Network layer IP path backup Route and link BFD detection Unit: 100 ms. The
duration is configurable.
Data link layer Physical port detection Unit: 100 ms.
Ethernet port Link and IEEE 802.3ah 3s
Physical layer
trunk Ethernet port detection
Application IEEE 802.1ag 1s
layer detection
None Physical port detection Unit: 100 ms.
Transport layer

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 59


Hybrid Transmission of Signaling Plane & User Plane
Signaling plane data and user plane data are transmitted over different channels to separate the user
plane from the signaling plane.
There are two methods:
Method 1: Different physical connections are provided on the eNodeB side, and therefore signaling
plane and user plane are carried over different physical ports, using different device IP addresses.
Method 2: Only one physical connection is provided on the eNodeB side, and the signaling plane and
user plane use different IP addresses or VLAN IDs, and they are separated by the intermediate
network equipment.

Another IP address is required. It is not recommended that the signaling plane be separated from the
user plane. The separation is used only when the customer has the requirement.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 60


IP Route Backup

In IP route backup, there are multiple routes to a destination. The route with the highest priority
is the active route and the routes with lower priorities are standby routes. Each route uses
different physical connections. When the active route is unreachable, the eNodeB performs an
active/standby switchover to select a standby route to prevent services from being interrupted.
When the active route is restored, the system is automatically switched over to the active route
with the highest priority.
 

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 61


IP Route Backup

MML commands:
//add an IP address to Ethernet port 0
ADD DEVIP:SN=7,SBT=BASE_BOARD,PT=ETH,PN=0,IP="11.11.11.11",MASK="255.255.255.0";

//add an IP address to Ethernet port 1


ADD DEVIP:SN=7,SBT=BASE_BOARD,PT=ETH,PN=1,IP="12.12.12.12",MASK="255.255.255.0";

//add the active route (Route backup is applied between the eNodeB and the SeGW.)
ADDIPRT:SN=7,SBT=BASE_BOARD,DSTIP="13.13.13.13",DSTMASK="255.255.255.0",RTTYPE=NEXTHOP,NEXTH
OP="11.11.11.10",PREF=50,DESCRI="Master IP Route";

//add the standby route


ADDIPRT:SN=7,SBT=BASE_BOARD,DSTIP="13.13.13.13",DSTMASK="255.255.255.0",RTTYPE=NEXTHOP,NEXTH
OP="12.12.12.10",PREF=60,DESCRI="Slave IP Route";

The eNodeB has two device IP addresses but they cannot be on the same network segment. If there is only one
device IP address, IP route backup cannot be configured.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 62


Route Types

1. Default route: 0.0.0.0/0.0.0.0


NOTE : The configuration of the default route is a dangerous act, often leading to loops. Therefore, the
default route is not recommended.
The default route is mainly used in terminals. However, the eNodeBs are not just terminals; they also
perform the forward functions as a route in co-transmission and cascading scenarios. If the default
route is configured on the eNodeBs, the unicast or multicast packets over other IP address will be
forwarded by default route, which will cause loops.
Host route: *.*.*.*/32 mask of destination IP address is 255.255.255.255

3. Network segment route: mask of destination IP address is not 255.255.255.255 (Recommend )

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 63


SCTP Dual-Homing
• Two ends of an SCTP link are bound with N (N≥2) IP addresses to
achieve redundancy transmission.
• LTE support SCTP dual-homing only.
• When SCTP dual-homing is used, two IP addresses are required, one is
active and the other is standby. The IP addresses for the local and peer
ends must be different. The multi-homing links form an active/standby
switchover.  
• The two IP addresses can be positioned on one port or on different
ports on a board. The SCTPLNK is set up on the board, and no port is
specified.
• This function is used with the EPC after negotiation. Huawei does not One SCTPLNK is specified by four
recommended this function proactively. parameters: local IP + local SCTP port ID +
• Cross-connected links are not supported. peer IP + peer SCTP port ID
Huawei core network supports a maximum of
256 SCTP links with the same IP address
and the same port number.
The difference between the switchovers for
SCTP dual-homing and OM channels are as
follows: When the active SCTP route
restores, the eNodeB will use the active route
again. When the active OM channel restores,
the eNodeB uses the active one only after
the U2000 detects that the standby OM
channel is disconnected.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 64


Ethernet Link Aggregation
• Ethernet link aggregation binds two
Ethernet ports to set up a logical path.
This function increases the bandwidth
between the LAN switch and an eNodeB
and combines the bandwidths of the two
links, providing a higher bandwidth and
larger throughput and enhancing the
capability of the entire network.

• This function can be used only when the


peer transmission equipment also
supports this function. Generally, common
switches support this function.

• Port priority: A small value indicates a


higher priority.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 65


S1-Flex
 S1-Flex is a feature that enables one eNodeB to set up S1-MME connections with multiple
MMEs of an operator. These MMEs form a resource pool. When a UE accesses an
eNodeB, the eNodeB selects an MME for the UE and sets up a dedicated S1 connection.
The functions of S1-Flex
 If a UE moves within an MME pool area, the serving MME remains unchanged, lowering
the signaling overhead.
 The MME pool enables load balancing, increasing the sharing gain.
 The network is easy to manage. For example, the network topology is easy to adjust,
minimizing the impact on existing services. Deletion of MMEs is easier.
 The MMEs of a resource pool are mutual backups of each other, improving network
reliability.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 66


S1-Flex
MME Selection :
The eNodeB selects an MME based on the following policies: If a UE provides an MME identity,

the eNodeB preferentially selects the MME identified by the MME identity, that is, NNSF. If a UE
does not provide an MME identity or the MME identified by the UE-provided MME identity is not
available, the eNodeB selects an MME for the UE based on the following policies:
 In an overlapping area, the eNodeB selects an MME pool based on the MME pool
priorities, network topology, and average load of each MME pool.
 In the MME pool, the eNodeB selects an MME based on the MME priorities, capacities,
and loads.

MME Selection for Ues Redirected from GERAN/UTRAN Cells :

In scenarios where GSM/UMTS and LTE networks coexist, if a UE is redirected from a


GERAN/UTRAN cell to an E-UTRAN cell, the eNodeB can select the MME having the UE's
contexts or an MME with a light load. The eNBRsvdPara.RsvdSwPara0 parameter is used to
control the MME selection policy used for such UEs.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 67


Fault Detection
1 IP PATH connection detection: It is recommended that this function be disabled. If
intermittent disconnection occurs on the transmission network, it can be disconnected.

IP PM detection: It can be used only when the transmission network supports IP PM. It is
2 recommended that this function be disabled. It is used to monitor transmission network
performance.

BFD detection: The peer device must support this function. SBFD is applicable to the
3 detection on the same network segment, and MBFD is applicable to the end-to-end
detection.

4 GTP-U : IP Path Fault Detection and problem location

IEEE802.3ah: The peer device must support this function. It supports link performance
5
monitoring, fault detection, and loopback detection.

IEEE802.1ag: The peer device must support this function. It supports Ethernet CC, LB,
6
and LT.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 68


IP PATH Connection Detection

It is recommended that this function be disabled.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 69


IP Performance Monitoring (IP PM)

 Function: used to detect the transmission quality between the eNodeB and the S-GW and monitor transmission performance
parameters, including the number of TX/RX packets, packet loss rate, unidirectional delay and jitter, and bidirectional RTT.

 Advantage: provides transmission KPIs and works with the dynamic flow control algorithm, preventing dynamic changes in
the transmission bandwidth from affecting QoS.

 Disadvantage: A larger number of IP PM streams are activated leads to a more accurate congestion decision, but consumes
more resources.

 Requirements for the equipment: The IP PM protocol is a Huawei proprietary protocol. This function can be used only when
the eNodeB and EPC support this function. The DSCP values of the intermediate transmission network must be the same as
the settings of the eNodeB and EPC and cannot be modified. Otherwise, the IP PM function fails to be activated.

 Recommended scenario: This function is recommended when Huawei EPC is used, especially in the ADSL-based IP
transmission scenarios, such as poor link quality, high packet loss rate, unstable link, and great change in the bandwidth.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 70


IP Performance Monitoring (IP PM)
 External congestion detection: This function checks the packet loss rate of a user data path using the IP PM
mechanism and dynamically adjusts the logical port bandwidth using the calculated packet loss rate on the
path, implementing dynamic admission control of transmission bandwidth and flow control adjustment and
preventing packet loss due to network congestion.

Max bandwidth :100Mbps


Note
bottleneck:30Mbps 1. detect
If BFD is enabled, IP PM
sessions from A to B and from B
to A must be set up.
2. calculate the bottleneck

MME/SGW eNodeB
Bandwidth change
3. Transport Dynamic
Flow Control

The preceding figure shows the IP PM-based adaptive flow control principle. The dotted lines indicate the
changes in the bandwidths of the IP/Ethernet transmission network. IP PM between the S-GW/MME and the
eNodeB is enabled to check the changes in the transmission network performance, including the delay, jitter,
and packet loss rate and to estimate the minimum end-to-end available transmission bandwidth. The eNodeB
sends the information about available bandwidth to the flow control module, and the module adjusts the data
traffic that will be sent to the transmission network, reducing lost packets during transmission on the
transmission network and improving the bandwidth usage.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 71


IP Performance Monitoring (1)
1. Adding IP PM Sessions
1) A triplet consists of the local IP address,
peer IP address, and protocol type; a quadbit
consists of the local IP address, peer IP
address, protocol type, and DSCP. Note that
protocol type refers to the protocol type of
the IP PM packet, which is UDP and cannot
be reconfigured.

2) Currently, the activation direction can be


UP or BIDIR. UP is the recommended value.

3) When the activation direction is UP, the IP


PM session initiated by the eNodeB is
activated. If this parameter is set to BIDIR,
the IP PM sessions initiated by eNodeB and
the peer are activated.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 72


IP Performance Monitoring (1)

5) In VLAN group mode, if an IP PM session with IPPMTYPE of THREE_TUPLE is added, a VLANCLASS


object with SRVPRIO of 0 must be added. Otherwise, the IP PM session fails to be activated.

2. Run the following command to query the status of an IP PM session. The status information includes
parameters such as the transmission line delay, jitter, and packet loss rate.
 DSP IPPMSESSION: IPPMSN=0;
Note that:
1) Before adding an IPPM session, ensure that the peer NE supports IP PM rules.
2) Before adding an IPPM session, check whether the peer NE supports bidirectional activation. If the peer
NE does not support bidirectional activation, only UL IP PM sessions can be added for the local end.
Otherwise, intermittent failures may occur on the link.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 73


Bidirectional Forwarding Detection (BFD)
 Function: used to fast detect faults on any types of channel between links and to detect the
connectivity of the path (a physical link or logical link) between two systems. BFD is applicable
to the protocols of Layer 2 and higher layers. The eNodeB implements the BFD mechanism
based on the UDP protocol.

 Advantage: IP route fault detection. BFD duration is quick, in the unit of 100 ms.
 Disadvantage:
 Requirements for the equipment: Currently, the eNodeB supports BFD V1, and therefore the
peer equipment also must support BFD V1. If the peer equipment does not support BFD V1,
this function cannot be used.
 Both ends are started at the same time, and the detection durations at both ends are similar.

 Recommended scenario:
 SBFD: mainly used to detect faults in the point-to-point network with IP addresses of both
ends being on the same network segment.
 MBFD: used to detect faults in the end-to-end network with multiple routing nodes.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 74


SBFD and MBFD
 Single-hop BFD (SBFD): used to detect faults between the eNodeB and the transmission equipment
(Layer3) or between the S-GW/MME and transmission equipment; used to locate faults or trigger the
protection protocol switchover between the eNodeB and the transmission equipment or between the
S-GW/MME and the transmission equipment. The SBFD does not traverse Layer 3 devices.
 Multi-hop BFD (MBFD): used to detect the faults between the eNodeBs, between the eNodeB and
the S-GW, or between the eNodeB and the remote transport device; used to locate faults and trigger
the protection path switchover between two endpoints, which ensures network reliability.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 75


Bidirectional Forwarding Detection (BFD)
 +++ HUAWEI 2010-07-08 15:37:15 O&M #62147 %%ADD BFDSESSION: SN=7, BFDSN=0,
SRCIP="10.141.225.226", DSTIP="10.69.23.24", HT=MULTI_HOP;%% RETCODE = 0

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 76


BFD and Route Association
•Assume that a number of routes with priority reach the multi-hop destination. When MBFD detects a link failure,
route interlock is initiated. MBFaD disables the route with the highest priority and then detects the route with
secondary priority. If link failures are still found, MBFD disables the route with secondary priority and then detects the
routes with less priority. If MBFD detects link failures of the route with the lowest priority, MBFD does not disable that
link but enables all related routes. In addition, MBFD detects failures starting from the route with the highest priority
again.
Example:
1. Add two routes to the same
destination IP address (138.32.1.50.
The priorities of the routes are 50 and
60, respectively. The route whose
priority is 50 is the master one.
2. Add an BFD multiple hops detection
to the destination IP address
(138.32.1.50) and set the parameter
Session Catalog as RELIABILITY.
Route association can be triggered only
after the parameter Session Catalog is
set to RELIABILITY.
3. When the BFD detection fails, the
master route (the route whose priority is
50) will be forbidden and the standby
one (route whose priority is 60) will be
activated. If the standby one is
reachable, this one will be used.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 77


GTP-U
GTP-U detection is used to check whether links on the user plane of an eNodeB are available. The
detection uses GTP-U control packets to monitor S1/X2 user plane links at the application layer. The Ping
command can be used to monitor only the link on the network layer.

GTP-U detection can be divided into the following types:

Dynamic detection: Heartbeat messages are sent for detection only when there is at least
one online UE. If no echo response is received after three consecutive echo requests are sent,
the eNodeB will release UEs without generating any alarm or deactivating the cell and then
inform the EPC that UEs are released. Settings of GTP-U path detection can be different on
UGWs at both ends. According to the 3GPP protocol, eNodeBs support dynamic GTP-U
detection by default and no command can be executed to disable the detection.

Static detection: Heartbeat messages are sent for detection even if there is no online UE. If
no echo response is received after three consecutive echo requests are sent, the eNodeB will
release UEs while generating an alarm and deactivating the cell. This is not related to the GTP-U
path detection on the peer UGW. In dynamic GTP-U detection mode, when an eNodeB detects
an IP path fault, it releases the UE, and the detection stops when no services are performed.
Without dynamic GTP-U detection, an eNodeB cannot detect the status of an IP path. By default,
the path is considered as normal and other UEs access the network through the path. In this
case, the UEs are accessed and released repeatedly. Therefore, it is recommended that static
GTP-U detection be enabled to prevent UEs from being accessed and released repeatedly.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 78


IEEE802.3ah and IEEE802.1ag

•A complete Ethernet OAM feature is achieved by two solutions. One solution is based on
IEEE 802. 1ag and focuses on E2E Ethernet OAM. The other solution is based on IEEE 802.
3ah and focuses on P2P.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 79


IEEE802.3ah and IEEE802.1ag
• Link performance
Advantage: focus on point-to-point The peer device must
monitoring
IEEE 802.3ah Ethernet fault monitoring (consider comply with the IEEE
• Fault detection
only the user side not network side) 802.3ah protocol.
• Loopback test

The transmission
• Continuity check Advantage: focus on end-to-end
equipment must comply
IEEE 802.1ag • Loopback test Ethernet fault monitoring of the
with the IEEE 802.1ag
• Linktrace test Ethernet link
protocol.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 80


3AH Configuration
1. Activate the OAM function at the local end: ACT ETHOAM3AH
2. Perform a loopback test: STR ETHOAMLOOPTST

Failure cause:
The protocol is not
negotiated or
configured at the
peer end.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 81


1AG Configuration
 Add a connectivity fault management maintenance domain: ADD CFMMO
 Add a maintenance association (MA): ADD CFMMA
 Add a local maintenance association end point (MEP): ADD CFMMEP
 Add a remote maintenance association end point (RMEP): ADD CFMRMEP
 Activate the continuity check (CC): ACT CFMCC

1. Query the status of the remote maintenance association end point (RMEP): DSP CFMRMEP. If
the configuration is correct, the REMP status is normal.
2. If the link is disconnected, the REMP status is abnormal.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 82


ETH OAM (Y.1731) Application Scenarios
802.1ag,1731
802.1ag,1731

802.3h,1ag

eNodeB switch switch Router SGW

 1) ETH OAM provides the transmission connectivity and performance detection functions for the layer-2
Ethernet, including:
• IEEE802.3ag: provides one-hop Ethernet transmission connectivity detection and bit error monitoring, including
route detection, fault detection, link monitoring, and remote loopback.
• IEEE802.1ag: provides one- or multi-hop Ethernet transmission connectivity detection, link trace, and link
loopback.
 2) Y.1731: provides the functions provided by IEEE802.1ag, and the following functions: link delay detection
and packet loss detection.
• The main application scenarios of Y.1731 in IP RAN is as follows: When end-to-end layer-2 Ethernet
performance monitoring and fault detection are co-deployed on the eNodeB and transmission equipment, this
function must be enable on the peer device.
• ETH OAM is not widely used on the live network. Y.1731 is used to implement the connection between Huawei
routers and switches. A compatibility test is recommended for interconnection between devices provided by
other vendors.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential


ETH OAM (Y.1731) Feature Deployment
 Feature conflict: The features ITU-T Y.1731 and IEEE 802.1ag cannot be used concurrently. To switch between the
features, you need to delete all configuration for the feature you used before and then enable the other feature.
 Feature dependency: depends on ETH interfaces
 Networking plan:

Maintenance domain (MD), MD LEVEL

VLAN1
MEP MA
MIP
MA1

VLAN1

VLAN2 MA1 VLAN2


MEP MIP MIP MEP SGW

You need to plan:


1. Maintenance domain (MD): The MD size is usually the same as that of the layer-2 network. You are advised to set MD
LEVEL to the highest level.
2. Maintenance association (MA): The MA size must be the same as that of VLAN.
3. Maintenance association end points (MEPs) in each MD and MA, and remote maintenance association end points (RMEPs)
and maintenance association intermediate points (MIPs) for the eNodeB
4. Detection period and interval
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
ETH OAM (Y.1731) Feature Configuration Process
Start

Set IEEE 802.1ag/ITU-T Y.1731.

When ITU –T Y.1731


Add the MD. is used, only the
priority is valid. The
MD name is invalid.
Add the MA.

When ITU –T
Add the MEP. Y.1731 is used,
MA is MEG ID.

Add the RMEP.


The observation is allowed only after CC detection is
enabled at both the local and peer ends.
End To initiate the LB/LT test at the local end, run the following
command: PING BTSCFM/TRC BTSCFM. If the pinging is
After the configuration, you can: successfully, the operation succeeded. If the pinging is not
1) Run ACT CFMCC to start ETH OAM connectivity check (CC) detection. successful, the execution failed.
2) Run CFMPING to start MAC loopback detection.
3) Run CFMTRACE to start ETHOAM link trace.
4) Run ACT ETHLM to start packet loss detection.
5) Run ACT ETHDM to start delay detection.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential


Reliability Design

IP Interworking Design

Transmission Security design

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 86


Contents of IP Interworking Design

VLAN
IP Route
Planning

Physical Port/
IP Address IP Interworking Design
Communication
Planning Port Matrix

QoS

Negotiation
Parameters

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 87


eNodeB IP Address Planning

Comparison between interface IP address and logical IP address :


Solution Advantages Disadvantages Selection Policy
The service address To decouple the service address More IP addresses are used in the single- Default policy
shares with the from the interface address for mode base station and the configurations are
logical address. better address planning complicated.

To be applicable for all the


scenarios

The service address To be simple to maintain in the Difficult to evolve to the multi-mode base Customization solution only
shares with the single-mode base station and station and have to reserve IP addresses; for the scenarios using
interface address or free from configuring the route difficult to evolve from non-security independent transmission
on the same network on the gateway scenarios to security scenarios; not suitable and non-IPSec scenarios,
segment as the for security scenarios especially for the like-for-
interface address like swap scenario
The service address and interface address are
coupled and therefore the planning cannot be
unified.

Logical IP address planning :


Logical IP Address Planning Identification Remarks
Logical IP address 1: LTE CP (S1/X2) LTE_CP_IP The subnet mask of logic IP
addresses in an eNodeB
Logical IP address 2: LTE UP (S1/X2) LTE_UP_IP must be 255.255.255.255.
Logical IP address 3: LTE OM LTE_MP_IP The service IP address uses the
logical IP address.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 88


接口地址和逻辑地址
对比

eNodeB IP Address Planning


对比::

IP planning and VLAN planning (in single eNodeB and non-IPSec mode)
Networking Description Advantages Disadvantages
Isolation between OM data The OM channel and the service High security by isolating OM data and Complicated configurations
and service data. channel are configured with different service data
sub-interfaces and VLANs. More IP addresses used

Isolation between OM data Service data is configured with High security by isolating OM data and Complicated configurations
and service data (isolation different sub-interfaces and VLANs service data
between CP and UP data in based on the mode. All OM data is More IP addresses used
LTE) configured with a dedicated sub- The performance statistics can be
interface and VLAN. collected based on the mode in the
intermediate network. Different QoS
policies can be used.
IP planning and VLAN planning (in single eNodeB and IPSec mode)
Networking Advantages Disadvantages Selection Principle
The external data is Reduced IKE and investment This solution cannot distinguish the Recommended by default
transmitted over the same radio access technology (RAT),
VLAN and VPN, and not Simple configurations OM, and service management
isolated. (counters or fault isolation).

The external data of OM This solution can distinguish the OM and This solution cannot distinguish Alternative
and service is transmitted service management (counter or fault RAT and service management
over two VLANs or VPNs, isolation). (counter or fault isolation). Scenario 1: Reconstruct the secure node
respectively, and are where the OM data and service data are
isolated. Different policies, such as security, More IPSec resources consumed isolated.
reliability, or QoS, are adopted for OM
and service. Scenario 2: The OM data and service data are
transmitted in different transmission paths.
This solution supports that the OM data
and service data are transmitted in Scenario 3: The customers are required to
different transmission paths. carry out different policies on OM and
services, such as security, reliability, and
QoS.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 89


接口地址和逻辑地址
对比

eNodeB IP Address Planning


对比::

IP planning and VLAN planning (inter-eNodeBs)


Scenario Planning Description Advantages and Disadvantages
The eNodeB connects Different segments and The recommended subnet mask of the IP address is IP address waste (all zeros and ones
to the SeGW without same VLAN 255.255.255.252. addresses in each segment are
using a layer 2 wasted); easy to plan and maintain
network. If the network data need not to be isolated, the VLAN
tag is not asked to be labeled.
The layer 2 network Different segments and The recommended subnet mask of the IP address is IP address waste (all zeros and ones
with sufficient IP different VLANs 255.255.255.248, which is compatible with the Virtual addresses in each segment are
addresses Router Redundancy Protocol (VRRP) network over wasted); easy to plan and maintain
the OM channel. The needed addresses include the
interface IP address on the eNodeB, the virtual IP
address for VRRP, and another two interface IP
addresses.
The layer 2 network Same segment and same The recommended subnet mask of the IP address is To save IP addresses; difficult to
with insufficient IP VLAN 255.255.255.128. To prevent the broadcast storm in plan and maintain for the broadcast
addresses; the VLAN the layer 2 network, the recommended number of domain affects the network's
is not configured to eNodeBs within one segment is less than 100. The security and reliability.
isolate networks as recommended number of eNodeBs in the preliminary
requested by the network construction is 50.
customers
The layer 2 network Same segment and The recommended subnet mask of the IP address is To save IP addresses; easy to plan
with insufficient IP different VLANs 255.255.255.128. To prevent the broadcast storm in and maintain the layer 2 network,
addresses; the VLAN the layer 2 network, the recommended number of routers are required to support super
is configured to eNodeBs within one segment is less than 100. The VLAN
isolate networks as recommended number of eNodeBs in the preliminary
requested by the network construction is 50.The super VLAN and the
customers dot1q VLAN tag termination sub-interfaces and inter-
VLAN ARP proxy are configured on the SeGW. The
dot1q VLAN tag termination sub-interfaces attach
VLAN labels for different eNodeBs.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 90


IP Address Planning Policies

1. One physical port is recommended instead of two ports for physical resource reduction.
2. Gigabit optical or electrical ports are recommended to meet the high requirements for the transmission bandwidth
of the LTE and for future network expansion.
3. For a networking without IPsec tunnels, it is recommended that each eNodeB be allocated with two IP addresses
for address resource reduction, route planning and future maintenance. One IP address is for the S1/X2
interface and the other address is for the operation and maintenance (OM) and clock. If IP addresses are
insufficient, an eNodeB can be allocated with only one IP address.
4. For a networking with IPsec tunnels, IP addresses must be planned based on the actual conditions of the
customer.
 For the security of internal IP addresses, it is recommended that external IP addresses (interface IP addresses)
and internal IP addresses (logic IP addresses) be combined. That is, external IP addresses are used to set up
IPsec tunnels with security gateways and are readable on the network.
 Internal IP addresses are used for service communication and are encapsulated in IPsec tunnels.  
5. For easy configuration and maintenance of eNodeBs, engineers should use as few IP addresses as possible.
Generally, IP addresses are limited and many customers require reducing IP addresses. During the planning,
engineers must communicate with customers and fully understand their requirements. IP planning must be
combined with the VLAN planning.
5. In IPsec mode, each tunnel must be set with an external interface IP address (except for LOOPINT interface) in
addition to the internal logic IP addresses (OM, SYNC, S1/X2 IP addresses). The logical OM IP address is used
as the clock IP address.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 91


Precautions for IP planning
 (1) If the local IP of the OMCH is an interface IP address instead of the logic IP address, the
following commands are used: ADD DEVIP and ADD OMCH. The IP address in ADD DEVIP
is referenced in ADD OMCH.
If the local IP of the OMCH is the logic IP address, t he following command is used: ADD
OMCH. The IP address in ADD DEVIP is not referenced.
 (2) It is recommended that the subnet mask be a 32-bit mask for the device IP address at a
loopback interface.
 (3) In general, the IP addresses in the 192.168 network segment are used for internal
communication by communication devices. You should not use the segment during the
planning. For example, IP addresses used in the SAE are 192.168.0.0/255.255.240, that is,
from 192.168.0.1 to 192.168.15.254. During the IP address planning, the network segment
should not be used if possible. At least, IP addresses in the segment cannot be used as
internal communication addresses of interconnected devices. This caution is also applicable
for the interconnection to the core network of other vendors.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 92


IP Route Planning

Route Configuration
… Route …
Priority

In the case of layer-3 network at the IP


1. When IP route backup is used, set
transmission layer, perform the following
configurations: various routes with different priorities.

1. Default route: The configuration is simple. 2. The smaller the value of the PREF
Only one route is required, and both the parameter, the higher the priority.
destination IP address and the subnet mark 3. When the high-priority route is
consist of 0s.
unreachable, the system is automatically
2. Host IP address: The destination IP address
switched over to the low-priority route.
is a specific IP address, with a 32-bit mask.
4. When active and standby maintenance
3. Network segment route: The destination IP
address is a specific IP address. The channels are used, do not trigger an

configuration is relatively simple, and is active/standby switchover based on the


recommended. priorities of bound routes.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 93


VLAN

Storm Separation
… VLAN Priority

VLAN is a technology that a physical LAN is


1. VLAN priorities range from 0 to 7. The
divided into different broadcast domains, and
value 7 indicates the highest priority.
different VLANs cannot be accessed each
2. It is recommended that the eNodeB set
other at L2 to prevent broadcast storm.
VLAN priorities.
1.You can plan a certain number of eNodeBs
3. The mapping from VLAN priorities to
in a VLAN.
transmission equipment QoS must be
2.eNodeBs can be differentiated by different
planned after the transmission network
VLAN IDs, which means each eNodeB has
negotiation.
one VLAN ID.
3.VLAN planning must be negotiated with
transmission network planning.

1. VLANs are configured in the following methods: by next hop and by DSCP.
2. When VLANs are configured by next hop, different VLAN IDs correspond to different
next hops. In this case, the IP addresses of eNodeBs must be on different network
segments.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 94


QoS

Protocol Structure Application layer QoS: signaling,


service data, and OM data

Mapping

IP layer QoS: DiffServ, DSCP, IPPATH.

Mapping

Data link layer QoS: VLAN priority and


multilink PPP

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 95


Service QoS Design
Actual values are determined as required. The following values are recommended by Huawei.

VLAN Pri
Service Type DSCP DSCP MML Commands Configured with DSCP Data Type

QCI1 0x2E 46 ADD UDTPARAGRP USERDATA 5


QCI2 0x1A 34 ADD UDTPARAGRP USERDATA 4
QCI3 0x1A 34 ADD UDTPARAGRP USERDATA 4
QCI4 0x1A 34 ADD UDTPARAGRP USERDATA 4
9 service types QCI5 0x2E 46 ADD UDTPARAGRP USERDATA 5
QCI6 0x12 18 ADD UDTPARAGRP USERDATA 2
QCI7 0x12 18 ADD UDTPARAGRP USERDATA 2
QCI8 0x12 18 ADD UDTPARAGRP USERDATA 2
QCI9 0 0 ADD UDTPARAGRP USERDATA 0
SCTP 0x30 48 SET DIFPRI SIG 6
MML 0x30 46 SET DIFPRI OM_H 5
OM
FTP 0xE 18 SET DIFPRI OM_L 2
IP Clock 1588V2 0x30 46 SET DIFPRI USERDATA 5
Configure it as
BFD Manual Configuration ADD BFDSESSION OTHER
required.
IKE 0x30 48 SET IKECFG USERDATA 6
ADD IPPMSESSION OTHER Configure it as
IPPM Manual Configuration
required.
Ping 0 0 PING USERDATA 0
GTPU Echo 检测 0x2E 46 MOD GTPU OTHER 5
Configure it as
TWAMP Manual Cofigurate ADD TWAMPSENDER OTHER
required
TRACERT 0 0 TRACERT USERDATA 0
No configuration is required. The DSCP value in the 0
eNodeB response message is the same as the DSCP
value in the command for pinging the eNodeB and its
Ping (response message) 0 0 USERDATA
peer eNodeB. Generally, the DSCP value is 0 in the
command for pinging the transmission device and the CN
NE.
ARP No DSCP value No configuration is required. OTHER 5

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 96


Negotiation Parameters

Global interconnection
parameters eNodeBID, MCC, and MNC

Determine interconnection parameters by the protocol stack. For details, see


S1/X2 interconnection
parameters the following table:

Cell-level parameters

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 97


Communication Port Number Design
 If a firewall exists on the transmission network between the eNodeB and another NE such as the U2000 or IP clock, the port for

communication between the eNodeB and other NEs must be opened on the firewall. Communication port number design is mainly

used to specify the TCP/UDP ports that must be opened for eNodeB services on the firewall of the operator and list the numbers of

ports on the user plane and signaling plane on the eNodeB.

 For details about the design process, see the latest communication matrix at http://support.huawei.com and the numbers of ports

confirmed by the operator.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 98


Duplex Mode and Self-Negotiation Processing
Mechanism of the eNodeB
 Both NEs connected by an optical fiber must work in self-negotiation mode or gigabit full duplex
mode. Otherwise, the self-negotiation interface may be broken down.
 If both NEs connected over an electrical port are set inconsistently, the interface working in self-
negotiation mode switches to the mode in which the other interface works. In this case, the eNodeB
must be configured in self-negotiation mode and the peer transmission device can be configured in
self-negotiation or full duplex mode.
 You are advised to specify the rate and duplex mode at both ends of the link and not to use self-
negotiation if possible. This does not apply to gigabit electrical ports in full duplex mode.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 99


Reliability Design

IP Interworking Design

Transmission Security design

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 100


Transmission Security Design

IEEE 802.1X
Port Security
Management

IPsec
Transmission
Security Design

PSK

PKI

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 101


IPsec
 IPSec is an IP layer security framework protocol defined by the Internet Engineering Task
Force (IETF). It provides protection of sensitive data during transmission over unprotected
network environment (such as Internet) and provides privacy, completeness, and validity for
end-to-end communication data.

Scenario 1: The customer network has a SeGW. To communicate with the DHCP server and to obtain the temporary
eNodeB IP address, U2000 IP address, and SeGW IP address, the OMCH of the eNodeB must be authenticated by
the SeGW and a security channel must be set up. This scenario is used by a self-organizing network (SON) and
requires no manual handling. This scenario is not analyzed in the network design document.
Scenario 2: The customer network has a SeGW. To access the EPC, the S1 interface of the eNodeB must be
authenticated by the SeGW and a security channel must be set up. To improve reliability, a backup SeGW to the EPC
is used and the Virtual Router Redundancy Protocol (VRRP) is started.
Scenario 3: The customer network has a SeGW. To access other eNodeBs, the X2 interface of the eNodeB must be
authenticated by the SeGW and a security channel must be set up.
Scenario 4: The data over the X2 interface traverses insecure public transmission network. IPSec is used between the
eNodeBs; the eNodeBs are authenticated by each other; security channels are set up.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 102


Secure Networking Solutions
 Comparison of OM Data Encryption Solutions
Item OM data transmitted over the IPSec tunnel and OM OM data not transmitted over the IPSec tunnel and
data protected by SSL and IPSec OM data protected by SSL
Data security Authentication protection: The protection performance of Integrity protection:
IPSec is slightly stronger than that of SSL. This is because The protection performance of SSL is slightly stronger
IPSec forcibly uses bidirectional authentication and SSL uses than that of IPSec. This is because IPSec uses the short
unidirectional authentication or bidirectional authentication. Hashed Message Authentication Code (HMAC).
Encryption protection strength:
The protection performance of IPSec is equal to that of SSL.

Equipment and High Low. This is because if the OM data are not transmitted
network security over the IPSec tunnel, the equipment and network are at
the risk of attacks.
Base station In this solution, the requirements of eNodeB deployment by In this solution, the requirements of eNodeB deployment
deployment using PnP is complicated. This is because higher security by using PnP is simple: The DHCP relay to the U2000 is
requirements pose greater challenge for eNodeB configured as the next hop of the eNodeB. The eNodeB
deployment by PnP. deployment can be conducted step by step. The
deployment process is controllable and viewable. Any
A nonstop deployment is required and all the problems faults occurred in the deployment can be remotely located.
occurred during the deployment need to be solved by The IPSec tunnel can be established after setting up the
visiting sites. Downloading certificates and establishing OM channel.
IPSec tunnel must be finished before setting up the OM
channel.
Operation and If the IPSec tunnel is faulty, the eNodeB cannot be If the IPSec is faulty, the eNodeB can be commissioned
maintenance commissioned remotely. remotely on the premise that the OM channel is
established before setting up the IPSec tunnel.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 103


Secure Networking Solutions

Comparison of Solutions for Clock Synchronization Data Encryption

If an IP clock server is deployed, the IP clock server is usually behind the SeGW. The following
figure shows the security policies.
 Time synchronization data cannot enter IPSec tunnels;
 Time synchronization data is usually transmitted in multicast packets;
 During time synchronization, time needs to be compensated node by node, and precision
cannot be ensured.
If the clock configured in the transport network is used instead of the IP clock server, you are
recommended to choose a suitable clock in compliance with the situation.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 104


Secure Networking Solutions
 Authentication Solutions
Authentication Method PKI Authentication PSK Authentication
Two communicating parties use digital certificates as Two communicating parties use preconfigured shared
their identities and use root certificates to keys as their identities. If the two communicating parties
authenticate each other’s digital certificate. The have the same shared key, the authentication is
identity of a communicating party is authenticated if successful.
its digital certificate is authenticated.
Networking

Security This method uses asymmetrical encryption and This method uses symmetrical encryption and provides
provides high security. low security.
OM This method supports the standard online certificate This method needs to assign different PSKs for each
management process and supports certificate update. eNodeB. The key management is complicated and the
keys cannot be updated.
Site deployment This method supports eNodeB deployment by using This method supports eNodeB deployment only by using
PnP and by using a USB flash drive a USB flash drive
Conclusion Advantages: Advantage: simple deployment
High security; Disadvantages:
Complete online certificate management; Low security;
Support of eNodeB deployment by using PnP and by Complicated keys management;
using a USB flash drive
Support of eNodeB deployment only by using a USB
Disadvantage: high cost flash driver.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 105


Port Security Management
The port security management includes the following three points:
 The U2000 monitors and manages the local access to the eNodeB. The U2000 administrator can monitor the
local access operations in real time.
 The U2000 can enable or disable the local ports.
 The eNodeB actively reports the causes of a link failure and the number of reconnections after link recovery.
The following describes these points briefly.

 Monitoring Local Access


In any of the following three local access scenarios, the eNodeB reports an event alarm: login to
the eNodeB by using the local maintenance terminal (LMT), login to the eNodeB by using the
LDT, log in to the debug port by using the Telnet.
 Enabling and Disabling Local Ports
The local ports are local debug port, Ethernet ports, and E1/T1 ports. The U2000 sends MML
commands to the eNodeB to enable or disable these three ports. By default, these ports are
enabled.
 Reporting Link Fault Alarms
If the SCTP link or PPP link is broken, the cause of the break is reported. When the broken link is
restored, the number of reconnection times is reported.

CAUTION : Do not perform any operation on the local ports, unless the customer wants to
disable the local ports.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 106


IEEE 802.1x Design

IEEE 802.1x is a LAN access control protocol. Its full name is Port-Based Network Access
Control. It is based on client/server mode and can restrict unauthorized user or equipment
from accessing the LAN or WLAN from the access ports.

At the information collection stage, ask the customer whether to enable IEEE 802.1x.
If IEEE 802.1x is to be enabled, ask the customer whether the access network supports IEEE
802.1x. Configure Huawei CA certificate and the eNodeB ESN on the RADIUS server.
After power-on and access to the network, the eNodeB automatically performs security
authentication.
Equipment Requirements
The IEEE 802.1x authentication mechanism is enabled by default.
eNodeB
The IEEE 802.1x client software is installed.
Access Supports 802.1x.
equipment Supports EAPOL and EAPOR encapsulations.
Supports EAPOR encapsulation.
Huawei root CA certificate is configured on the RADIUS server for determining the
RADIUS server validity of the digital certificate built in the eNodeB.
Huawei eNodeB ESN is configured on the RADIUS server for determining that the
access eNodeB is Huawei eNodeB.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 107


PKI
PKI uses asymmetric key algorithms and techniques to ensure information security. It uses a digital
certificate complying with the ITU-T X509 standard and manages the public key of asymmetrical keys.

PKI System
Architecture

LTE/EPC architecture supported by the PKI system


PKI system

SeGW
CRL CA

L2/L3
network Core network SAE
eNodeB AR

M2000

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 108


PSK
PSK is a unicode string used to verify an L2TP/IPSec connection. The PSK certification
does not require hardware investment and configurations in terms of PKI. It is only
used for L2TP/IPSec connection verification using the computer certificate.

Example of secure
networking with
PSK

Therefore, using the PSK to verify the L2TP/IPSec connection is a relatively weak authentication
method. PSK is often used in the small network and home network, while PKI is often used as a
long-term reliable authentication method. In secure networking with PSK, the network can be
deployed without the PKI system.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 109


secure networking reliability solutions
Networking Description Advantages Disadvantages Selection Principles
Solutions (Application Sub-
scenarios)
Two SeGWs The SeGWs Expandable: If the data of one The SeGWs must support IPSec tunnel hot backup. This solution is
supporting implement IPSec SeGW is changed, other two recommended by default.
IPSec tunnel tunnel hot SeGWs can be automatically
hot backup backup, which is synchronized.
transparent to the
base station. Transparency: Switchovers
between the active and standby
SeGWs are transparent to the
base station.

Simple base station configurations


Active/Standb The base station The SeGW must support Bidirectional Forwarding Detection (BFD) This solution is not
y IPSec establishes two and can be used together with Huawei eNodeBs. recommended.
tunnels on an IPSec tunnels,
eNodeB which work in The SeGW must set up two BFD sessions with each eNodeB. This This solution is used only
active/standby limits the performance and specifications of the SeGW. when the SeGW does not
mode. support IPSec tunnel hot
Using this solution for remote disaster recovery may cause invalid backup and is not used for
Switchovers switchovers, which prolong service interruption.
between the remote disaster recovery.
If the SeGW becomes faulty, a switchover in hot backup mode
active and is first triggered.During the switchover, the BFD may expire due
standby IPSec to a maximum of 3-second detection duration. If this happens, a
tunnels are switchover for remote disaster recovery is triggered. In this case,
transparent to the the service interruption period increases to dozens of seconds or
SeGW. longer.

This solution does not support switchback, which is not suitable to


remote disaster recovery.

This solution causes difficulties for eNodeB deployment by using


注意:
PnP.The BFD should be set to disabled on the network devices
1 、不同厂商 BFD 检测易存在兼容性问题,需经过充分对接测试。
before deployment. If not, the BFD is not set up during the
2 、华为安全网关目前最多支持 500 个 BFD 会话
deployment and the route will not take effect, resulting in a
3 、具体参见《 IPsec 特性参数描述》
failed PnP deployment.
Only one Only one SeGW Simple networking This solution has the risk of single-point failures and therefore has Not recommended
SeGW is used to low reliability.
deployed HUAWEI
connectTECHNOLOGIES CO.,
backhaul Low deployment costLTD. Huawei Confidential Page 110
equipment with
Multi-SeGW IPSec Disaster Tolerance

 Multi-SeGW IPSec disaster recovery uses the IKE DPD mechanism to monitor the status
of IPSec channels between the eNodeB and the SeGWs. If the IPSec channel between
the eNodeB and the active SeGW becomes faulty, the eNodeB attempts to establish a
standby IPSec channel between the eNodeB and a standby SeGW, thereby achieving
IPSec disaster recovery between multiple SeGWs.

Application Constraints Deployment Constraints


The Multi-SeGW IPSec disaster recovery feature is not supported
The routes from the eNodeB to multiple SeGWs are reachable.
during base station deployment by PnP.
Multi-SeGW IPSec disaster recovery and IPSec channel backup
The DPD function has been enabled on the SeGW side.
are mutually exclusive.
On the eNodeB side, the ACL rules for IPSec tunnels must be When the status of IPSec SAs is normal, SeGWs can send the
configured in IP to IP or IP to Any mode. If ACL rules for IPSec eNodeB's downlink routing information to the secure network.
tunnels are configured in Any to Any mode, SeGWs cannot When the status of IPSec SAs is abnormal, SeGWs can send the
dynamically send the eNodeB's downlink routing information to eNodeB's downlink routing revocation information to the secure
the secure network based on the status of IPSec SAs. network.

On the eNodeB side, the ACL IDs referenced by IPSec policies to The secure network can learn the eNodeB's downlink routing
which all active and standby IKE peers belong must be the same. information sent by SeGWs.
The DPD function must be enabled on all active and stanby IKE
The license for Multi-SeGW IPSec disaster recovery is activated.
peers on the eNodeB side.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 111


Thank you
www.huawei.com

You might also like