November 23, 2007 Security Level:

Training on the Basics of

the PDSN
CDMA Team in Wireless Network General
Engineers’ Office www.huawei.com

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential

 Contents

What is a PDSN?
Other equipments in PDSN network
Huawei PDSN

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 2

 What is a PDSN? Concept

PDSN - Packet Data Serving Node

Position of the PDSN in the network:

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 3

 What is a PDSN? Functions

Try to understand the functions of the PDSN from the perspective of a subscriber surfing the
Internet:

. 1.1
10.1
ss:
e
dr
ad
IP www.sohu.com

Um Abis A8/A9 A10/A11

Internet
10.1.1.1 BSC PCF IP address: 202.110.19.34
Who can give me an IP address? PDSN

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 4

 What is a PDSN? Functions

Functions of the PDSN

The PDSN is a core network element in a CDMA system. As the gateway through which mobile
stations (MSs) access external public data networks (PDNs), the PDSN is located at the joint
between the packet domain of the core network of the CDMA system and an external PDN. The
PDSN provides IP addresses for MSs and connects MSs to the IP network. In addition, the PDSN
forwards the data service messages of MSs to provide packet data services for MSs.

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 5

 Contents

What is a PDSN?
Other equipments in PDSN network
Huawei PDSN

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 6

 Other equipments in PDSN network

Several questions:
 I can access to the Internet. Can you?
 The IP address assigned to me is 10.1.1.1. Can this IP address be directly used to
communicate with the Internet address
www.sohu.com (202.110.19.34)?
 If there are viruses on the Internet, how can my terminal be protected?
 What I enter in the address bar is www.sohu.com. How come my terminal figures out it
needs to communicate with the IP address 202.110.19.34?
……

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 7

 Other equipments in PDSN network-AAA

 I can access to the Internet. Can you?

Answers:
1. Two ways for the terminal to access the Internet:
--PC + Terminal (Connect the terminal to a PC through the USB port, --and dial #777)
--Direct access
2. When configuring a dial-up connection, I need to enter a username and password. What are they
used for?
--User authentication (service authentication) always in AAA for 1X and DO
3. Which network element performs subscriber authentication? The PDSN?

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 8

 Other equipments in PDSN network-AAA

－－ No, it is the AAA that performs subscriber authentication.

Are the username and

password correct? No?
Access denied!

Username, password AAA

Um Abis A8/A9 A10/A11

Internet
BSC PCF
10.1.1.1 PDSN

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 9

 Other equipments in PDSN network-AAA

Concept and functions of an AAA Server

AAA - Authentication, Authorization, and Accounting
Functions:
• Implementing subscriber authentication and authorization
• Generating bills for users
• Providing the auditing function for real-time paying users
• Converting quotas and updating PPS requests for pre-paying users

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 10

 Other equipments in PDSN network-AAA

Composition of the NAI, used for dial-up:

Concept of the NAI
NAI - Network Access Identifier
Composition of the NAI
Username + Separator + Domain name
Concept of the domain
A domain is an aggregate of users in a CDMA2000 packet data network who have the same features,
for example, accessing the same PDN, or having the same authentication method, IP address allocation
method, or DNS properties.
The domain information is critical configuration information of the PDSN9660. When an MS originates
data services, the origination message carries the domain information of the MS.
Based on the domain information, the PDSN9660 determines which PDN the MS is to access and what
access method to use.
The concept of the domain is introduced for the convenience of management. Multiple domains or
domain types (authentication domains and structural domains) can be created on the PDSN9660 to
realize centralized configuration and management for subscriber groups with different features.

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 11

 Other equipments in PDSN network-Firewall

◆The IP address assigned to me is 10.1.1.1. Can this IP address be directly used to

communicate with the Internet address
www.sohu.com (202.110.19.34)?
 If there are viruses on the Internet, how can my terminal be protected?
-- Address translation
-- Firewall

10.1.1.1 202.110.19.20
Malicious attacks

Um Abis A8/A9 A10/A11 www.sohu.com

Internet
BSC PCF
10.1.1.1
PDSN IP address: 202.110.19.34
Firewall

AAA

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 12

 Other equipments in PDSN network-Firewall

Concept and functions of a Firewall

Generally, the first thing to do in guaranteeing security is set up a line of defense between internal
networks and external networks. This line of defense blocks most external attacks. Network security
products that complete this task are known as firewalls.
An Internet firewall is a system that implements access control policies or a set of such systems.
The firewall monitors the access channel between trusted networks (equivalent to internal networks)
and distrusted networks (equivalent to external networks) to prevent security threats in distrusted
networks from entering trusted networks.
Commonly used firewalls: Eudemon200 , Eudemon1000

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 13

 Other equipments in PDSN network-DNS
◆What I enter in the address bar of the explorer is www.sohu.com. How come my terminal
figures out it needs to communicate with the IP address 202.110.19.34?

www.sohu.com-202.110.19.34
www.sina.com-202.119.205.118
……

DNS

www.sohu
Um Abis A8/A9 A10/A11 .com
PDSN Internet
BSC PCF
IP address: 202.110.19.34
10.1.1.1
Firewall

AAA

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 14

 Other equipments in PDSN network-DNS

Concept and functions of the DNS

DNS － Domain Name System
The DNS uses a hierarchical naming method to assign a meaningful name
to each device in the network. Domain name servers are configured in the network to set up
mapping relations between domain names and IP addresses. In this way, users can use easy-to-
remember meaningful domain names and do not have to remember obscure IP addresses.

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 15

 Contents

What is a PDSN?
Other equipments in PDSN network
Huawei PDSN

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 16

 Huawei PDSN

Hardware structure of the Huawei PDSN

NE40-4 NE40-8

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 17

 Huawei PDSN

NE40-8 FAN OK FAN Failure

FAN subrack

-48V power in

Power switch

Power module
1+1 hot backup Air flow direction

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 18

 Huawei PDSN

Three types of boards:

SRU - Switching and Routing Unit
SPU - Service Processing Unit
LPU - Line interface Processing Unit

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 19

 Functions of the Boards

◆SRU
Functions: As the core circuit board used for system management, the SRU collects routing
information and generates routing tables. In addition, the SRU controls message exchange and
serves as the operation and maintenance proxy of the system.
Hardware:
•One 40-gigabyte hard disk or two 1-gigabyte compact flash card, used to store the host software
packet and the BAM folder
•16-megabyte Flash memory, used to store configuration files
The SRU provides Ethernet ports and console ports for operation and maintenance. The default
Ethernet numbers are Ethernet0/0/0.
The SRU provides AUX ports used to connect the power distribution monitoring box.
Two SRUs works in 1+1 hot backup mode..

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 20

 SRU

RUN/ALM/ACT

RESET

10/100BASE-TX(RJ45)

Console(RJ45)
AUX(RJ45)

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 21

 SRU

Technical specifications of an SRU:

Items Parameters of SRU

Interface and connector Console (RJ45)

AUX (RJ45)
10/100BASE-TX (RJ45)

Power consumption The maximum power consumption is 85 W.

Gross throughput of the system 64 Gbit/s

Processor MPC750PRX366RE (350 MHz)

L2 CACHE 1 MB

SDRAM 512 M

Flash Memory 16 MB

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 22

 Functions of the Boards

◆SPU
Functions: The SPU realizes all the service processing functions of the PDSN9660, namely,
A10/A11 connections, PPP connections, billing signaling processing, and data message forwarding.
The processing capability of the SPU determines the capacity of the PDSN.
If configured with the compress service processing card (CSPC), the PDSN supports compressing
services and IPSec encryption/decryption.
The SPU has no external ports on its panel.

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 23

 SPU
The SPU board with CSPC cards:
CSPC card
SPU board

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 24

 SPU

Technical specification of an SPU:

Items Parameters of SRU

weight 3.4 kg
Power consumption The maximum power consumption is 100 W.

Gross throughput of the system 64 Gbit/s

Processor MPC750PRX366RE (350 MHz)

L2 CACHE 1 MB

SDRAM 512 M

Flash Memory 16 MB

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 25

 SPU
The SPU board must work together with the DBU:

DBU
DBU

DBU: Data buffer unit.

Huawei Quidway R3640E

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 26

 Functions of the Boards

◆LPU
Functions: The LPU provides external ports, which are used to connect the PCF, AAA, and
equipment on the network side.
Types:
•16-port 10/100 Mbit/s adaptive Ethernet electrical LPU (common)
•4-port 1000 Mbit/s Ethernet single-mode/multi-mode GBIC optical LPU
•16/32-port10/100 Mbit/s adaptive Ethernet LPU, supporting flexible --``configuration of cards
The ports of two LPUs can work independently or in active/standby mode.

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 27

 LPU

15

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 28

 LPU
Interface attributes of a 16-port 10/100M autosensing Ethernet electrical LPU:

Attribute Description
Connector type RJ-45
Connector quantity 16
Function 10/100 Mbps auto-sensing
Support half-duplex and full-duplex mode
Maximum transmission distance 100 m

Specification of the applied cable Category 5 unshielded twisted pair (Category 5 UTP)

Standard compliance IEEE 802.3

IEEE 802.3 u
Network protocol supported IP
Frame format supported Ethernet_II
Ethernet_SAP
Ethernet_SNAP

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 29

 Logical structure of the PDSN

Console For LMT

SRU
Power system FAN system
Control bus Control bus

Control

Control bus

SPU
Data bus Data bus
LPU LPU

Switching

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 30

 Software version of PDSN

Software version:
Vx00R00xCxxBxxx
Patch version:
Vx00R00xCxxBxxxSPxx
Example: V800R002C02B027
V800R002C02B027SP07

V800R001: The original version of PDSN

V800R002: Current main version
V800R005: Current main version

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 31

 Software version of PDSN

Differences between the V800R001, V800R002 and V800R005

Restriction:
The V800R001 can only run with the R1 SPU.
The V800R002 can only run with the R2 SPU.
The V800R005 can both run with the R1 and R2 SPUs.

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 32

 November 23, 2007 Security Level:

Thank You
www.huawei.com
www.huawei.com

HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential