Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Issue 01
Date 2014-04-30
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Website: http://www.huawei.com
Email: support@huawei.com
Contents
2 Overview.........................................................................................................................................5
2.1 Introduction....................................................................................................................................................................5
2.2 Benefits...........................................................................................................................................................................7
2.3 Application Networking Scenarios.................................................................................................................................7
6 Parameters...................................................................................................................................109
7 Counters......................................................................................................................................125
8 Glossary.......................................................................................................................................126
9 Reference Documents...............................................................................................................127
1.1 Scope
This document describes the Automatic OMCH Establishment, including its implementation
principles, procedures, and requirements for NEs.
l WRFD-031100 BOOTP
l WRFD-031101 NodeB Self-discovery Based on IP Mode
l LOFD-002004 Self-configuration
l TDLOFD-002004 Self-configuration
Table 1-1 lists the definitions of all kinds of macro base stations.
Co-MPT Co-MPT multimode base station refers to a base station deployed with
Multimode Base UMPT_GU, UMPT_GL, UMPT_GT, UMPT_UL, UMPT_UT,
Station UMPT_LT, UMPT_GUL, UMPT_GUT, UMPT_ULT, UMPT_GLT,
or UMPT_GULT, and it functionally corresponds to any combination
of eGBTS, NodeB, and eNodeB. For example, Co-MPT multimode
base station deployed with UMPT_GU functionally corresponds to the
combination of eGBTS and NodeB.
l Feature change
Changes in features of a specific product version
l Editorial change
Changes in wording or addition of information that was not described in the earlier version
SRAN9.0 01 (2014-04-30)
This issue includes the following changes.
In this document, micro base stations are all integrated entities. They work in UMTS or LTE
FDD mode, but not in GSM or LTE TDD mode. Descriptions of boards, cabinets, subracks,
slots, and RRUs are not relevant to micro integrated base stations. The following base stations
are single-mode ones, without co-MPT or separate-MPT multimode applications:
l BTS3202E
l BTS3203E
l BTS3803E
l BTS3902E
Automatic data Micro base stations do not support automatic data synchronization
synchronization by through the DHCP process.
DHCP
2 Overview
2.1 Introduction
Operation and maintenance channels (OMCHs) are established between base stations and the
operation maintenance center (OMC, either the U2000 or BSC). OMCHs are used to transmit
operation and maintenance information about base stations and are classified as follows:
l OMCHs between the single-mode base station, such as the eGBTS, NodeB, or eNodeB and
the U2000, or between the GBTS and the BSC.
l OMCHs between the co-MPT multimode base station and the U2000.
l MPT is short for main processing and transmission unit. OMCHs between the separate-
MPT multimode base station and the U2000. The separate-MPT multimode base station is
comprised of multiple cascaded single-mode base stations and therefore has multiple
OMCHs. For example, OMCHs for the separate-MPT UMTS/LTE dual-mode base station
include the OMCH between the NodeB and the U2000, and the OMCH between the
eNodeB and the U2000.
l OMCHs between the U2000 and the NodeB in an ATM network.
NOTE
One end of an OMCH is located at the main control board of a base station. Depending on the configuration
of the main control board, multimode base stations are classified into co-MPT multimode base stations and
separate-MPT multimode base stations. For co-MPT multimode base stations, GSM, UMTS, and LTE
modes share the same main control board and OMCH. For separate-MPT multimode base stations, GSM,
UMTS, and LTE modes have their respective main control boards and OMCHs.
In this document, a base station is used if differentiation among GSM, UMTS, and LTE modes is not
required. A GBTS, eGBTS, NodeB, eNodeB, co-MPT multimode base station, or separate-MPT multimode
base station is used if differentiation among GSM, UMTS, and LTE modes is required.
In this document, the BSC is the OMC of a GBTS and the U2000 is the OMC of an eGBTS, NodeB,
eNodeB, separate-MPT multimode base station, or co-MPT multimode base station.
The Automatic OMCH Establishment feature enables a powered-on base station, which is
configured with hardware but no transmission information, to obtain OMCH configuration
information through the transport network and automatically establish an OMCH to the U2000
or BSC. The base station can then automatically download software and configuration files/
configuration data from the U2000 or BSC over the established OMCH and activate them. After
being commissioned, the base station enters the working state. For details, see 3900 Series Base
Station Commissioning Guide.
This feature applies to base station deployment by PnP. Figure 2-1 shows the O&M path self-
establishment phase during deployment by PnP.
Figure 2-1 Automatic OMCH establishment phase during base station deployment by PnP
NOTE
This document describes only the procedures marked in the dashed box shown in Figure 2-1.
To establish an OMCH, a base station needs to obtain the following transmission configuration
information:
l Basic information, including its OM IP address, OM virtual local area network (VLAN)
ID, the interface IP address, the interface IP address mask, the IP address of the next-hop
gateway, the IP address of the U2000 or BSC, and the IP address mask of the U2000 or
BSC.
l Security-related information, including the Certificate Authority (CA) name, transmission
protocol (HTTP or HTTPS) used by the CA, CA address, CA port number, CA path, IP
address of the security gateway (SeGW), and name of the security gateway. Obtaining the
operator's CA information is required only when the base station needs to use digital
certificates issued by the operator's CA to perform identity authentication with other
devices.
For details about how the base station obtains the preceding information, see chapter "Base
Station Obtaining Transmission Configuration Information".
2.2 Benefits
With the Automatic OMCH Establishment feature, a base station can establish OMCHs by
network communication without requiring operations at the local end. This implements remote
base station deployment by PnP, thereby facilitating base station deployment and reducing the
deployment cost and time.
Table 2-1 describes the application networking scenarios for the Automatic OMCH
Establishment feature. In this document, the IPsec or non-IPsec networking indicates that the IP
layer communication between the base station and other devices is secured or not secured by
IPsec, respectively.
Figure 3-1 Protocol stacks for an OMCH between the eGBTS, NodeB, eNodeB, or co-MPT
multimode base station and the U2000
As shown in Figure 3-1, an OMCH between the eGBTS, NodeB, eNodeB, or co-MPT
multimode base station and the U2000 is carried over TCP and Secure Sockets Layer (SSL), of
which SSL is optional.
The eGBTS, NodeB, eNodeB, or co-MPT multimode base station listens to the TCP connection
establishment request with a specific TCP port number from the U2000, and establishes the TCP
connection to the U2000 as requested. After the TCP connection is established, the U2000
initiates an OMCH establishment request to the eGBTS, NodeB, eNodeB, or co-MPT multimode
base station.
The U2000 can use SSL to perform encryption and authentication for OMCHs and enable the
establishment of SSL-based OMCHs. SSL uses the public key infrastructure (PKI), with which
the communication between the base station and the U2000 is protected against eavesdropping
and therefore confidentiality and reliability are guaranteed. For details about SSL, see SSL
Feature Parameter Description.
Figure 3-2 shows the protocol stacks for an OMCH between the GBTS and the BSC.
Figure 3-2 Protocol stacks for an OMCH between the GBTS and the BSC
As shown in Figure 3-2, an OMCH between the GBTS and the BSC is carried over UDP. The
GBTS listens to the UDP connection establishment request with a specific UDP port number
from the BSC, and establishes the UDP connection to the BSC as requested. After the UDP
connection is established, the BSC initiates an OMCH establishment request to the GBTS.
NOTE
During the OMCH establishment procedure, the eGBTS, NodeB, eNodeB, or co-MPT multimode base
station listens to specific TCP port numbers, and the GBTS listens to the UDP port numbers. For details,
see Communication Matrix of 3900 Series Base Stations. The packets with these port numbers must be
allowed to pass through the firewall between the base station and the DHCP server, U2000, or BSC.
After establishing an OMCH to the U2000, the base station uses File Transmission Protocol (FTP) to
download software and configuration files from the FTP server. FTP runs over TCP/IP, and therefore its
transport layer can be secured using SSL. For details about FTP, see RFC 959.
After establishing an OMCH to the BSC, the GBTS uses the proprietary protocol that runs over UDP to
download software and configuration files from the BSC.
As shown in Figure 3-3, the network is divided into the trusted domain and the untrusted domain,
which are separated by the SeGW. Devices in the untrusted domain cannot access the devices
in the trusted domain. After a base station starts, it establishes an IPsec tunnel to the SeGW.
Packets from the base station are sent over the IPsec tunnel to pass the untrusted domain and
then forwarded by the SeGW to the U2000 or BSC in the trusted domain.
Figure 3-4 shows the protocol stacks for an OMCH between the eGBTS, NodeB, eNodeB, or
co-MPT multimode base station and the U2000 in IPsec networking scenarios. Figure 3-5 shows
the protocol stacks for an OMCH between the GBTS and the BSC.
Figure 3-4 Protocol stacks for an OMCH between the eGBTS, NodeB, eNodeB, or co-MPT
multimode base station and the U2000 (IPsec networking)
Figure 3-5 Protocol stacks for an OMCH between the GBTS and the BSC (IPsec networking)
NOTE
The protocol stacks shown in Figure 3-4 and Figure 3-5 apply only to IPsec networking scenarios. Whether
the base station supports IPsec depends on the base station type and the software and hardware pertaining
to the main control board.
IPsec networking is not supported by the following base stations: GBTSs in which the GTMU provides
the transmission port and NodeBs in which the WMPT provides the transmission port.
In IPsec networking scenarios, IPsec secures base station data. IPsec is a security architecture
defined by the Internet Engineering Task Force (IETF) and applicable to the IP layer. IPsec
secures data communication by identity authentication, data encryption, data integrity, and
address encryption. During the automatic OMCH establishment procedure, the base station
establishes an IPsec tunnel to the SeGW and then an OMCH secured by the IPsec tunnel.
During site deployment, NEs in the untrusted and trusted domains may communicate with one
another. For example, a base station uses an interface IP address in the untrusted domain to
communicate with the DHCP server in the trusted domain, or the DHCP relay in the untrusted
domain uses the IP address in the untrusted domain to communicate with the DHCP server in
the trusted domain. For details, see 3.3.3 Automatic OMCH Establishment in IPsec
Networking Scenario 1 and 3.3.4 Automatic OMCH Establishment in IPsec Networking
Scenario 2.
The base station uses the interface IP address to access the untrusted domain. Unless otherwise
specified, the base station uses the logical IP address to access the trusted domain.
When using IPsec to secure data and digital certificates to perform identity authentication, an
operator must deploy the PKI. During automatic OMCH establishment, the base station
interworks with the operator's PKI using the Certificate Management Protocol (CMP) and
obtains the operator-issued device certificate and CA root certificate. Then, the base station
establishes an IPsec tunnel to the SeGW as well as the OMCH that the new IPsec tunnel provides
security to. For details about IPsec tunnels, see IPsec Feature Parameter Description for
SingleRAN. For details about digital certificate management, see PKI Feature Parameter
Description for SingleRAN.
If the operator uses IPsec and pre-shared key (PSK) authentication, the base station fails to
automatically establish an OMCH. In this case, you must use other methods to deploy the base
station.
SSL is optional. The U2000 can use SSL to perform encryption and authentication for OMCHs
and enable the establishment of SSL-based OMCHs. SSL uses the PKI, with which the
communication between the base station and the U2000 is protected against eavesdropping and
therefore confidentiality and reliability are guaranteed. For details about SSL, see SSL Feature
Parameter Description.
l eGBTS, NodeB, eNodeB, and co-MPT multimode base station: IP over FE/GE, ATM, and
then IP over E1/T1
l GBTS: TDM, IP over E1/T1, and then IP over FE/GE
If an E1/T1 port is available on the physical layer, an eGBTS, NodeB, eNodeB, or co-MPT
multimode base station attempts to set the working mode of a detection port to E1/T1 mode, and
users can set the working mode of a detection port to E1/T1 mode for a GBTS by using the
related DIP switch.
1 11111111111111111111111111111110 0xFFFFFFFE
2 00000000000000001111111111111110 0x0000FFFE
3 00000000000000011111111111111110 0x0001FFFE
4 00000000000001111111111111111110 0x0007FFFE
5 00000000000000000011111111111110 0x00003FFE
6 00000000000111111111111111111110 0x001FFFFE
7 00000000000000000000111111111110 0x00000FFE
8 00000000011111111111111111111110 0x007FFFFE
9 00000000000000000000001111111110 0x000003FE
10 00000001111111111111111111111110 0x01FFFFFE
11 00000111111111111111111111111110 0x07FFFFFE
12 00011111111111111111111111111110 0x1FFFFFFE
13 01111111111111111111111111111110 0x7FFFFFFE
14 00000000000000000000000011111110 0x000000FE
15 00000000000000000000000000111110 0x0000003E
16 00000000000000111111111111111110 0x0003FFFE
17 00000000000000000111111111111110 0x00007FFE
18 00000000000011111111111111111110 0x000FFFFE
19 00000000000000000001111111111110 0x00001FFE
20 00000000001111111111111111111110 0x003FFFFE
21 00000000000000000000011111111110 0x000007FE
22 00000000111111111111111111111110 0x00FFFFFE
23 00000011111111111111111111111110 0x03FFFFFE
24 00001111111111111111111111111110 0x0FFFFFFE
25 00111111111111111111111111111110 0x3FFFFFFE
26 00000000000000000000000111111110 0x000001FE
27 00000000000000000000000001111110 0x0000007E
1 111111111111111111111111 0x00FFFFFF
2 000000000111111111111111 0x00007FFF
3 000000011111111111111111 0x0001FFFF
4 000000000001111111111111 0x00001FFF
5 000001111111111111111111 0x0007FFFF
6 000000000000011111111111 0x000007FF
7 000111111111111111111111 0x001FFFFF
8 000000000000000111111111 0x000001FF
9 011111111111111111111111 0x007FFFFF
10 000000000000000001111111 0x0000007F
11 000000000000000000011111 0x0000001F
12 000000001111111111111111 0x0000FFFF
13 000000000011111111111111 0x00003FFF
14 000000111111111111111111 0x0003FFFF
15 000000000000111111111111 0x00000FFF
16 000011111111111111111111 0x000FFFFF
17 000000000000001111111111 0x000003FF
18 001111111111111111111111 0x003FFFFF
19 000000000000000011111111 0x000000FF
20 000000000000000000111111 0x0000003F
NOTE
In Table 3-1 and Table 3-2, 1 indicates that the timeslot is occupied and 0 indicates that the timeslot is not
occupied. Timeslot combinations that are not listed in the tables cannot be used for PnP deployment.
If a base station works in IP over E1/T1 mode, its peer transmission device must be configured
as follows:
If the peer transmission device is not functioning as a DHCP server, the DHCP relay agent
function must be enabled on the interface for PPP/MP detection on the peer transmission device.
Introduction
Before an OMCH is established, a base station is not configured with any data and cannot
perform end-to-end communication with other devices at the IP layer. To implement this
communication, the base station needs to obtain the following information:
The base station uses DHCP to obtain the preceding information. DHCP is used to allocate and
distribute configuration parameters and adopts the client/server mode. The DHCP procedure
involves the following logical NEs:
l DHCP relay agent: an NE that transmits DHCP packets between a DHCP server and a
DHCP client. A DHCP relay client must be deployed between a DHCP server and a DHCP
client that are in different broadcast domains.
After a DHCP client accesses the network, it actively exchanges DHCP packets with its DHCP
server to obtain configuration parameters. During the exchange, the DHCP server and the DHCP
relay agent listen to DHCP packets in which the destination UDP port number is 67, and the
DHCP client listens to DHCP packets in which the destination UDP port number is 68.
DHCP Interworking
When a DHCP client and a DHCP server are in the same broadcast domain, they can receive
broadcast packets from each other. Figure 3-6 shows the interworking between the DHCP client
and DHCP server that are in the same broadcast domain.
Figure 3-6 DHCP interworking between the DHCP client and DHCP server that are in the same
broadcast domain
1. After the DHCP client starts, it broadcasts a DHCPDISCOVER packet to search for an
available DHCP server. The DHCPDISCOVER packet carries the identification
information about the DHCP client.
2. The DHCP server responds to the DHCPDISCOVER packet with a DHCPOFFER packet.
3. The DHCP client sends a DHCPREQUEST packet to the DHCP server, requesting
parameters such as an IP address.
4. The DHCP server sends a DHCPACK packet to the DHCP client to assign parameters such
as an IP address.
5. If the assigned parameters cannot be used, for example, an assigned IP address has been
used by other DHCP clients, the DHCP client sends a DHCPDECLINE packet to notify
the DHCP server.
6. If the DHCP client does not need the assigned parameters any more, it sends a
DHCPRELEASE packet to notify the DHCP server so that the DHCP server can assign
these parameters to other DHCP clients.
When the DHCP client and DHCP server are not in the same broadcast domain, they cannot
receive broadcast packets from each other. In this case, the DHCP relay agent function
must be enabled in the broadcast domain of the DHCP client to ensure the communication
between the DHCP client and DHCP server. Generally, the DHCP relay agent function is
enabled on the gateway. When the DHCP relay agent function is enabled, the IP address
of the corresponding DHCP server must be configured so that the DHCP relay agent can
forward the DHCP packets from the DHCP client to the correct DHCP server. Figure
3-7 shows the interworking between the DHCP client and DHCP server that are not in the
same broadcast domain.
Figure 3-7 DHCP interworking between the DHCP client and DHCP server that are not in the
same broadcast domain
NOTE
The actual length and sequence of each field in a DHCP packet in software implementation may be different
from those shown in Figure 3-8.
In a DHCP packet, the IP and UDP headers are in the standard format, and the DHCP header
contains the DHCP control and configuration information. In the DHCP header, the fields related
to automatic OMCH establishment are as follows:
l yiaddr: This field carries the interface IP address of the base station.
l giaddr: This field carries the IP address of the DHCP relay agent.
Option fields: They are encoded in code-length-value (CLV) format and consist of many
subcodes. Among them, Option 43 carries Huawei proprietary information elements (IEs)
and most configuration information of the base station. For example, subcode 1 in Option
43 carries the electronic serial number (ESN) of the Huawei base station. For details about
subcodes of Option43, see Table 3-7.
Because Option 43 has a limited length, Option 224 is also used to carry Huawei proprietary
IEs in SRAN8.0 or later.
For details about DHCP, see section "Dynamic Host Configuration Protocol (DHCP)" in RFC
2131 and "DHCP Options and BOOTP Vendor Extensions" in RFC 2132.
NOTE
The DHCP server and the U2000 are different logical communication entities, although they may be
deployed on the same hardware. Therefore, this document distinguishes between the DHCP server and the
U2000.
If the DHCP server is deployed on the base station controller, the base station can be on the same L2
network as the base station controller. If the DHCP server is deployed on the U2000, the base station cannot
be on the same L2 network as the U2000. For security reasons, the U2000's operating system can process
only DHCP unicast packets, not DHCP broadcast packets
From SRAN8.0 onwards, if single-mode base stations or separate-MPT multimode base stations
evolve to co-MPT multimode base stations, their DHCP servers must migrate to the U2000.
Even if the evolution is not implemented, the migration is recommended, because it provides
better function support and paves the way to future smooth upgrades and evolutions.
When the base station is not on the same L2 network as the DHCP server, a DHCP relay agent
must be deployed. Pay attention to the following when deploying a DHCP relay agent:
l When a next-hop gateway of the base station is deployed on the transport network, the
DHCP relay agent function must be enabled and the U2000 DHCP server IP address must
be configured on the next-hop gateway of the base station.
– If the Virtual Router Redundancy Protocol (VRRP) is deployed on the next-hop
gateway, configure the VRRP's virtual IP address as the IP address of the DHCP relay
agent.
– If the base station is a GBTS, run the SET BTSIP command. In this step, set
BTSGWIPSWITCH to ON and NEXTHOP to the IP address of the base station's next-
hop gateway.
l When the base station is on the same L2 network as the base station controller, DHCP
packets pass through the base station controller, and the U2000 serves as the DHCP server
for the base station (for example, eGBTS or NodeB), this base station controller can be
deployed as the DHCP relay agent. If the DHCP relay agent function is enabled on a certain
port of the base station controller, this port serves as the DHCP relay agent for all eGBTSs
and NodeBs connected to this port. The ADD DHCPRLY command can be used to enable
the DHCP relay agent function on a port of the base station controller. In this command:
– DHCPRLYID(BSC6910,BSC6900) indicates the identity of a DHCP relay agent.
– DHCPRLYGATEWAYIP(BSC6900,BSC6910) indicates the interface IP address of
the base station controller.
– DHCPSRVISEMSIP(BSC6900,BSC6910) indicates whether the U2000 that manages
the base station controller serves as the DHCP server for the base station. If not, the
DHCP server IP address of the base station (the DHCPSRVIP1(BSC6900,BSC6910)
parameter) also needs to be configured.
– DHCPPID is used to enable or disable the DHCP relay agent function only on
BSC6900s. The base station controller serves as the DHCP server for the base station
by default. You can select the OTHERSWITCH check box under the DHCPPID
parameter to enable the DHCP relay agent function for the base station.
A few MML command examples are as follows:
//Enabling the DHCP relay agent function on the base station controller when
the U2000 that manages this base station controller is the DHCP server for
the base station
ADD DHCPRLY: DHCPRLYID=1, DHCPRLYGATEWAYIP="10.1.1.1",
DHCPPID=OTHERSWITCH-1, DHCPSRVISEMSIP=Yes;
//Enabling the DHCP relay agent function on the base station controller when
the U2000 that manages this base station controller is not the DHCP server
for the base station and the DHCP server IP address of the base station is
10.0.0.1
ADD DHCPRLY: DHCPRLYID=1, DHCPRLYGATEWAYIP="10.1.1.1",
DHCPPID=OTHERSWITCH-1, DHCPSRVISEMSIP=No, DHCPSRVIP1="10.0.0.1";
NOTE
Whether the base station controller can serve as the DHCP server or DHCP relay agent depends on the
base station type.
l For GBTSs, the base station controller can only serve as the DHCP relay server.
l For NodeBs, the base station controller can serve as both the DHCP server and DHCP relay agent.
l For other types of base stations, such as the eGBTS and co-MPT multimode base station, the base
station controller can only serve as the DHCP relay agent.
l When base stations are cascaded or backplane co-transmission is applied, an upper-level
base station serves as the next-hop gateway for its lower-level base station. In this case, the
DHCP relay agent function must be enabled and the DHCP server IP address of the lower-
level base station must be configured on the upper-level base station.
– If the upper-level base station is an eGBTS, NodeB, eNodeB, or co-MPT multimode
base station, run the SET DHCPRELAYSWITCH command with ES set to
ENABLE to enable the DHCP relay agent function. Then, run the ADD
DHCPSVRIP command with DHCPSVRIP set to the DHCP server IP address of the
lower-level base station. A maximum of four DHCP server IP addresses can be
configured. A few MML command examples are as follows:
//Enabling the DHCP relay agent function on the upper-level base station
SET DHCPRELAYSWITCH: ES=ENABLE;
//Setting the DHCP server IP address to 10.19.19.11. Each DHCP broadcast
packet will be forwarded to all DHCP servers.
ADD DHCPSVRIP: DHCPSVRIP="10.19.19.11";
– If the upper-level base station is a GBTS, run the ADD BTSDHCPSVRIP command
with DHCPSRV set to the IP address of the lower-level base station's DHCP server. A
few MML command examples are as follows: For the eGBTS, NodeB, eNodeB, or co-
MPT multimode base station:
ADD BTSDHCPSVRIP: IDTYPE=BYID, BTSID=20, DHCPSRV="10.100.10.10";
In base station cascading scenarios, the upper-level base station attempts to use its OM IP
address and lower port IP address as the DHCP relay agent IP addresses.
In backplane co-transmission scenarios, the upper-level base station attempts to use its OM
IP address and upper transmission port's interface IP address as the DHCP relay agent IP
adddress. Note that the upper transmission port's interface IP address is on the same network
as the next-hop IP address of the DHCP server IP address.
For details about configuration requirements, see Table 3-27.
l A base station can serve as the DHCP relay agent for other base stations in the same L2
network. In this case, the DHCP relay agent function must be enabled and the DHCP server
IP addresses of the other base stations must be configured on the base station in question.
The enabling and configuring methods for this base station is the same as those for an upper-
level base station.
l Cascaded base stations cannot exceed four levels on the chain topology because DHCP
packets will be discarded if the number of DHCP relay agents is greater than four in the
transport network.
The U2000 that matches SRAN8.0 or a later version uses the combination of the ESN and slot
number or the combination of the deployment identifier (DID), subrack topology, and slot
number as the BS ID.
Base station controllers and U2000s that match versions earlier than SRAN8.0 use the
combination of the ESN and NE type or the combination of the DID and NE type as the BS ID.
l ESN identifies the baseband unit (BBU) backplane of the base station. Each backplane has
a unique ESN. The ESN is reported by the base station.
l Deployment ID (DID) is the site identifier planned by the operator. DID is scanned into
the base station using a barcode scanner connected to the USB port of the main control
board during base station deployment. After being scanned into the base station, the DID
is broadcast in all BBUs. All main control boards will record the DID and use it as the BS
ID in the DHCP procedure.
l Subrack topology identifies the interconnection relationship between BBU subracks that
are interconnected. The combination of the DID and subrack topology uniquely identifies
a BBU subrack.
l Slot number identifies the number of the slot that accommodates the main control board.
The slot number is used to differentiate main control boards in a BBU subrack. If the base
station is configured with active and standby main control boards, the slot number is that
of the active main control board. The slot number is reported by the base station.
l NE type indicates whether the base station works in the GSM, UMTS, or LTE mode.
When creating a base station commissioning task by PnP, operators must specify the ESN if the
U2000 uses the combination of the ESN and slot number as the BS ID. The DID must be included
in the base station configuration file if the U2000 uses the combination of the subrack topology
and slot number as the BS ID.
NOTE
In some networking scenarios, such as IPsec networking scenario 1, it is not recommended that the public
DHCP server deliver the transmission configuration based on the BS ID.
A combination of the DID, subrack topology, and slot number can be used as the BS ID only if the
transmission port of the base station is an Ethernet port and the DHCP server of the base station is deployed
on the U2000.
Figure 3-9 shows the procedure for a base station to obtain configuration information from a
DHCP server when no DHCP relay agent is deployed.
Figure 3-9 Procedure for obtaining configuration information with no DHCP relay agent
The procedure is as follows: After the base station is powered on, it broadcasts a
DHCPDISCOVER packet with the BS ID. The DHCP server then sends configuration
information to the base station based on the BS ID.
Figure 3-10 shows the procedure for a base station to obtain configuration information from a
DHCP server when a DHCP relay agent is deployed.
Figure 3-10 Procedure for obtaining configuration information with a DHCP relay agent
The procedure is as follows: The DHCP relay agent converts DHCP packets broadcast by the
base station to unicast packets and routes the unicast packets to the DHCP server. The DHCP
server sends unicast response packets to the DHCP relay agent, which then broadcasts received
response packets on the L2 network.
Figure 3-11 shows the two procedures for the base station in Figure 3-12 to obtain transmission
configuration information.
Figure 3-12 Two procedures for obtaining transmission configuration information in IPsec
networking scenarios
1. The base station exchanges DHCP packets with a public DHCP server to obtain
information, such as the interface IP address for accessing the untrusted domain and the
SeGW IP address. The base station also needs to obtain the CA IP address because digital
certificates are required for identity authentication with the SeGW. This procedure is
referred to as the first DHCP procedure.
2. The base station negotiates with the SeGW on the Internet Key Exchange (IKE) security
association (SA) and IPsec SA, and then establishes an IPsec tunnel. Because digital
certificates are required for identity authentication with the SeGW, the base station must
apply to the CA for digital certificates that can be identified by the SeGW.
3. The base station exchanges DHCP packets with its U2000 DHCP server to obtain the OM
IP address used for accessing the trusted domain. This procedure is referred to as the second
DHCP procedure. The second DHCP procedure varies depending on IPsec networking
scenarios. For details, see section "Obtaining Formal Transmission Configuration
Information from the Internal DHCP Server".
During the first DHCP procedure, the public DHCP server runs DHCP. It may not support
Huawei-defined DHCP Option fields and fail to identify the BS ID reported by the base station.
If this occurs, the public DHCP server selects an IP address from the IP address pool and sends
it to the base station. During the second DHCP procedure, the U2000 DHCP server sends
configuration parameters to the base station based on the BS ID reported by the base station.
NOTE
In addition to the preceding procedures, DHCP also supports the procedure for updating configuration
information. However, base stations in SRAN8.0 do not support the procedure for updating configuration
information.
the next automatic OMCH establishment procedure starts. As manual data check is a complex
and error-prone process, the automatic DHCP data synchronization function is introduced in this
version.
After the base station is deployed, the system automatically synchronizes manual modifications
to the transmission configuration data in the base station configuration file with the U2000 DHCP
server. This ensures the configuration information consistency between the U2000 DHCP server
and the base station. For manual modifications on a single base station, the system starts data
synchronization 10 minutes after the last manual data modification and completes the
synchronization within 5 minutes. For manual modifications on a number of base stations, the
system starts data synchronization for every 200 base stations as a batch and completes each
batch's synchronization within less than or equal to 30 minutes. DHCP data must be manually
modified on the U2000 GUI.
However, the automatic DHCP data synchronization function does not support automatic
synchronization of the NE name, NE type, ESN, and working mode because they identify a
specific NE.
In addition, this function does not support automatic synchronization of Security Gateway
Emergency Bypass because it must be manually configured.
Overview
Packets sent by a base station on a VLAN-based network must carry the VLAN ID. Before an
OMCH is established, that is, before the base station sends the first DHCP packet, the base station
must learn VLAN information after it starts. After learning VLAN information by parsing
received Address Resolution Protocol (ARP) packets with VLAN IDs, the base station delivers
DHCP packets with VLAN IDs and interworks with DHCP servers to obtain transmission
configuration information. The procedure for obtaining VLAN information is as follows:
1. Once the DHCP function is enabled on the base station, the base station starts the VLAN
acquisition process. With VLAN acquisition, the base station actively acquires VLAN IDs
of all received ARP packets and records these VLAN IDs in a PnP VLAN-ID table.
2. The base station sends DHCP packets without VLAN IDs or DHCP packets with VLAN
IDs set to 0.
3. The base station waits 20s. If the base station receives a DHCPOFFER packet within 20s,
it exits the DHCP procedure and enters the subsequent PnP deployment procedure.
Otherwise, the base station goes to the next step.
4. The base station checks the PnP VLAN-ID table and tries to use all acquired VLAN IDs
to send DHCP packets. After that, if the base station receives a valid DHCPOFFER packet,
it exits the DHCP procedure and enters the subsequent PnP deployment procedure.
5. When the preceding steps fail:
l If the base station has only one transmission port, the base station repeats the preceding
steps on this port.
l If the base station has multiple transmission ports, it repeats the preceding steps on other
transmission ports.
Table 3-4 describes the recommended schemes for the base station in SRAN8.0 and later
versions to obtain VLAN information during deployment.
If a base station is deployed by PnP, the scheme for obtaining VLAN information varies
depending on whether IPsec secures OMCH data and the capability of NEs:
deployed. This enables the next-hop gateway of the base station to send ARP packets
from which the base station derives VLAN information.
Scheme 1
Scheme 1 applies to two scenarios:
l IPsec does not secure OMCH data. Figure 3-14 shows the procedure for a base station to
obtain VLAN information in this scenario.
l IPsec secures OMCH data and NEs meet specific requirements. Figure 3-15 shows the
procedure for a base station to obtain VLAN information in this scenario.
1. The U2000 or BSC sends an OMCH establishment request to the OM IP address of the
base station.
2. To forward the OMCH establishment request to the correct base station, the next-hop
gateway of the base station broadcasts ARP packets to obtain the MAC address mapping
the destination IP address of the request. The next-hop gateway or the L2 network attaches
VLAN IDs to ARP packets so that correct VLAN IDs are contained in the ARP packets
received by the base station.
3. The base station parses all received ARP packets and records the VLAN IDs contained in
the packets.
4. The base station attempts to send all DHCP packets with recorded VLAN IDs. Only DHCP
packets with correct VLAN IDs can reach the DHCP relay agent that installed on the next-
hop gateway of the DHCP client.
1. The U2000 or BSC sends an OMCH establishment request to the OM IP address of the
base station. The request is forwarded to the SeGW.
2. The SeGW detects that the IPsec SA with the base station has not been established and
sends an IKE negotiation request to the interface IP address of the base station. The request
is routed to the next-hop gateway of the base station.
3. To forward the IKE negotiation request to the correct base station, the next-hop gateway
of the base station broadcasts ARP packets to obtain the MAC address mapping the
destination IP address of the request. The next-hop gateway or the L2 network attaches
VLAN IDs to ARP packets so that correct VLAN IDs are contained in the ARP packets
received by the base station.
4. The base station parses all received ARP packets and records the VLAN IDs contained in
the packets. It may record the VLAN ID in an ARP packet destined for another base station.
5. The base station attempts to send all DHCP packets with recorded VLAN IDs. Only DHCP
packets with correct VLAN IDs can reach the DHCP relay agent.
Scheme 2
Figure 3-16 shows the procedure for a base station to obtain VLAN information in scheme 2.
1. The U2000 sends a DHCPOFFER packet with no content to the interface IP address of the
base station. The packet is forwarded to the next-hop gateway of the base station.
2. To forward the DHCPOFFER packet to the correct base station, the next-hop gateway of
the base station broadcasts ARP packets to obtain the MAC address mapping the destination
IP address of the request. The next-hop gateway or the L2 network attaches VLAN IDs to
ARP packets so that correct VLAN IDs are contained in the ARP packets received by the
base station.
3. The base station parses all received ARP packets and records the VLAN IDs contained in
the packets. It may record the VLAN ID in an ARP packet destined for another base station.
4. The base station attempts to send all DHCP packets with recorded VLAN IDs. Only DHCP
packets with correct VLAN IDs can reach the DHCP relay agent.
Scheme 3
Figure 3-17 shows the procedure for a base station to obtain VLAN information in scheme 3.
Scheme 4
Figure 3-18 shows the procedure for a base station to obtain VLAN information in scheme 4.
1. The next-hop gateway periodically sends ping packets to the interface IP address of the
base station or an IP address on the network segment of the base station.
2. To forward ping packets to the correct base station, the next-hop gateway of the base station
broadcasts ARP packets to obtain the MAC address of the base station mapping the
destination IP address of the ping packets. The ARP packets received by the base station
carry correct VLAN IDs.
3. The base station parses all received ARP packets and records the VLAN IDs contained in
the packets. It may record the VLAN ID in an ARP packet destined for another base station.
4. The base station attempts to send all DHCP packets with recorded VLAN IDs. Only DHCP
packets with correct VLAN IDs can reach the DHCP relay agent.
NOTE
When the OMCH and service channels are disconnected, the SET DHCPSW command is used to
determine whether to start the DHCP procedure automatically to obtain the initial configuration information
or to restore the base station configuration. The SWITCH parameter indicates whether to enable the
function of starting the DHCP procedure automatically. The VLANSCANSW parameter indicates whether
to enable the VLAN scanning function when the base station sends DHCP packets.
The base station can use the saved and learned VLAN IDs to send DHCP packets when
reinitiating a DHCP procedure during or after deployment of the base station.
The saved VLAN IDs will be automatically cleared after the base station experiences a power-
off reset.
3.3.1 Overview
This chapter describes the automatic OMCH establishment procedures implemented by the
single-mode base station and co-MPT multimode base station in IPsec or non-IPsec networking
scenarios, and the procedures' requirements for NEs. In IPsec networking scenarios, the network
is divided into the untrusted domain and the trusted domain. Depending on NE distribution in
the untrusted domain and the trusted domain, IPsec networking scenarios are classified as
follows:
Automatic OMCH establishment may fail if the peer equipment is not ready or the configuration
of the base station, transmission equipment, or peer equipment is incorrect. In this case, the base
station initiates another DHCP procedure to obtain the configuration and then starts automatic
OMCH establishment again.
l The DHCP server is not deployed on the L2 network of the base station.
l The DHCP relay agent is deployed on the next-hop gateway of the base station.
l IPsec does not secure OMCH data.
1. After a base station commissioning task by PnP task is created on the U2000, the U2000
periodically sends an SSL-based or plaintext-based OMCH establishment request to the
base station. After an NE is created on the BSC, the BSC periodically sends a plaintext-
based OMCH establishment request to the base station. In the request, the source IP address
is the IP address of the U2000 or BSC and the destination IP address is the OM IP address
of the base station. After the next-hop gateway of the base station receives the request, it
broadcasts ARP packets to the base station to obtain the MAC address mapping the interface
IP address of the base station.
NOTE
l The next-hop gateway of the base station broadcasts ARP packets each time it receives a TCP
connection request sent periodically by the U2000.
l If the Use SSL option on the U2000 is selected, the U2000 periodically sends an SSL-based
OMCH establishment request to the base station. For the automatic OMCH establishment
procedure in this scenario, see the "SSL Authentication on the OMCH" section.
If this option is not selected, the U2000 periodically sends a plaintext-based OMCH establishment
request to the base station.
l During a DHCP procedure, a DHCP response packet sent by the U2000 contains the target RAT
for the base station. Upon detecting an inconsistency between the current and target RATs, the
base station changes its current RAT and then restarts. Afterwards, the base station reinitiates a
DHCP procedure.
2. The base station obtains VLAN information. For details, see section "3.2.8 Schemes for
Obtaining VLAN Information for DHCP Packets."
3. The base station first sends DHCP packets with no VLAN ID and then DHCP packets with
VLAN IDs. By exchanging DHCP packets with its next-hop gateway and DHCP server,
the base station obtains the OMCH configuration data and validates the data.
4. The base station responds to the OMCH establishment request from the U2000 or BSC and
then establishes an OMCH to the U2000 or BSC.
NOTE
If the OMCH fails to be established, the base station automatically restarts the automatic OMCH establishment
procedure.
5: DHCPACK DHCPOFFER
DHCPACK
When creating a base station commissioning by PnP task on the U2000, deployment engineers
can import configuration information listed in Table 3-7 into the DHCP server Deployment
engineers can manually modify the configuration information for the DHCP server only on the
U2000 GUI. Deployment may fail if the DHCP server is not configured with mandatory
parameters listed in Table 3-7 or optional parameters that must be configured in certain
scenarios.
1. After a PnP-based commissioning task is created on the U2000, the U2000 periodically
sends SSL-based OMCH establishment requests to the base station.
The source and destination IP addresses of the request packets are the IP address of the
U2000 and the O&M IP address of the base station, respectively.
Upon receiving the requests, the next-hop gateway of the base station sends ARP broadcast
packets to the base station to parse the MAC address corresponding to the interface IP
address of the base station.
2. The base station obtains VLAN information.
For details, see section "3.2.8 Schemes for Obtaining VLAN Information for DHCP
Packets."
3. The base station attempts to first send DHCP packets without VLAN IDs and then DHCP
packets with VLAN IDs. By exchanging the DHCP packets with the DHCP server, the base
station obtains OMCH configurations and makes them take effect.
4. Based on the CA information obtained from the DHCP server, the base station applies for
an operator-issued device certificate from the CA. For details, see the "Obtaining an
Operator-Issued Device Certificate" section.
5. In response to the OMCH establishment requests from the U2000, the base station performs
mutual authentication with the U2000 using the obtained device certificate. After the
authentication is successful, an OMCH is established between them.
In this scenario, the U2000 DHCP server delivers configurations to the base station. The
configurations include those described in the "Configuration Requirements for the DHCP
Server" section and CA information described in Table 3-8.
CA 38 1 to 127 CA name
Name
During the certificate application, the CA authenticates the base station by verifying its Huawei-
issued device certificate. Before delivery, Huawei base stations are preconfigured with Huawei-
issued device certificates, which are deployed on the UMPT and the LMPT (available from
SRAN7.0 onwards). During the certification application, the base station provides the CA with
Huawei-issued device certificates as its identity. The CA is also preconfigured with the Huawei
root certificate.
Before the certificate application, the base station obtains from the DHCP server partial
configuration data (such as the URL of the CA and the CA name) rather than the configuration
file. Therefore, the base station uses the default parameters described in Table 3-9 to complete
the certificate application. The base station cannot contain parameters other than those listed in
the table during the certification application or in the certificate request files.
NOTE
For details about the certificate application procedure, see the "Certificate Management and Application
Scenarios" part in PKI Feature Parameter Description for SingleRAN.
PKI redundancy is not supported during base station deployment by PnP. The active PKI server must work
properly during base station deployment by PnP.
Paramet Request Type Type of a certificate request. This parameter is set to NEW.
ers in The request can be either a
the new certificate request or a
certifica certificate update request.
te The default type is new
request certificate request.
file
Certificate Format of a certificate This parameter is set to CRMF.
Request File request file
Format
In addition to the operator-issued device certificate, the base station also obtains the root
certificate of the CA.
If the application for operator-issued digital certificates fails or the base station receives no
response within about 30 seconds, the preconfigured digital certificates are used for establishing
an OMCH.
Next-hop gateway of the base station l Is enabled with the DHCP relay agent
function and configured with the IP
address of the DHCP server, that is, the IP
address of the U2000. If an NAT server is
deployed, the IP address of the U2000
must be that converted by the NAT server.
l Is configured with a route whose
destination IP address is the DHCP server
IP address
l If the base station's OM IP address is not
its interface IP address, configure a route
whose destination IP address is the OM IP
address of the base station.
l Is configured with a route whose
destination IP address is the IP address of
the CA if the OMCH uses SSL
authentication.
l A public DHCP server and an U2000 DHCP server are deployed in the untrusted domain
and the trusted domain, respectively. The base station obtains from the public DHCP server
the transmission configuration information required for establishing a temporary IPsec
tunnel to the SeGW and obtains from the U2000 DHCP server the formal transmission
configuration information.
l The base station in the untrusted domain cannot directly access NEs in the trusted domain.
Instead, packets from the base station must be encrypted over the IPsec tunnel to the SeGW
before being transmitted to the U2000 or BSC in the trusted domain.
l A CA is deployed. During base station deployment, the CA is accessible through IP
addresses of NEs in the untrusted domain (for example, the interface IP address of the base
station).
l After the base station starts, it must apply to the CA for operator-issued digital certificates
before connecting to the SeGW. After obtaining the certificates, the base station negotiates
with the SeGW to establish an IPsec tunnel.
1. The base station obtains the following information from the public DHCP server:
l Temporary interface IP address used for accessing NEs in the untrusted domain.
l Configuration information used for establishing a temporary IPsec tunnel to the SeGW.
The configuration information includes the SeGW configuration data and the CA
configuration data.
2. The base station obtains digital certificates from the CA.
3. After establishing the temporary IPsec tunnel, the base station obtains the formal interface
IP address and other OMCH configuration data from the U2000 DHCP server and then
establishes a formal IPsec tunnel. The obtained information is used for accessing NEs in
the trusted domain and referred to as formal transmission configuration information in this
document.
The interface IP address obtained from the public DHCP server can be the same as or different
from that obtained from the U2000 DHCP server.
Figure 3-23 shows the automatic OMCH establishment procedure in IPsec networking scenario
1.
1. The base station obtains VLAN information. For details, see section "3.2.8 Schemes for
Obtaining VLAN Information for DHCP Packets."
2. Using the DHCP procedure, the base station obtains from the public DHCP server the
transmission configuration information used for establishing a temporary IPsec tunnel. The
information includes the interface IP address of the base station, CA configuration data,
SeGW configuration data, and U2000 DHCP server IP address. For details about the
configuration information on the public DHCP server, see section "Configuration
Requirements for the DHCP Server."
3. Using CMPv2, the base station applies to the CA for an operator-issued device certificate.
(For details about the certificate application procedure, see the "Obtaining an Operator-
Issued Device Certificate" section.) The base station then adds the obtained certificate to
the default trusted certificate list for subsequent IPsec tunnel establishment and SSL
authentication.
4. The base station establishes a temporary IPsec tunnel to the SeGW. For details about the
security parameters used by the base station during the temporary IPsec tunnel
establishment, see section "Establishing a Temporary IPsec Tunnel."
5. With protection from the temporary IPsec tunnel, the base station obtains formal
transmission configuration information from the U2000 DHCP server in different ways,
depending on whether the IP address used for accessing the trusted domain and the U2000
DHCP server IP address are available. For details, see section "Obtaining Formal
Transmission Configuration Information from the Internal DHCP Server."
6. The base station releases the temporary IPsec tunnel and uses formal transmission
configuration information to establish a formal IPsec tunnel to the SeGW. For details, see
section "Establishing a Temporary IPsec Tunnel."
7. After the formal IPsec tunnel is established, the base station waits for the OMCH
establishment request from the U2000/BSC and then establishes an OMCH to the U2000/
BSC. If an OMCH is not established between the U2000/BSC and base station within 10
minutes, the base station restarts the automatic OMCH establishment procedure. Because
the base station has obtained the operator-issued device certificate, SSL authentication is
supported between the U2000 and base station.
NOTE
During a DHCP procedure, a DHCP response packet sent by the U2000 contains the target RAT for
the base station. Upon detecting an inconsistency between the current and target RATs, the base
station changes its current RAT and then restarts. Afterwards, the base station reinitiates a DHCP
procedure.
If any steps except step 1 fail during the automatic OMCH establishment procedure, the base station
automatically restarts the automatic OMCH establishment procedure.
IPsec Redundancy Among Multiple SeGWs is not supported during base station deployment by PnP
when multiple SeGWs are configured. The active SeGW must work properly during base station
deployment by PnP.
All IP addresses or URLs listed in Table 3-11 except Internal DHCP Server IP Address
(List) can be used only in the untrusted domain. Particularly, NEs in the untrusted domain must
have access to the CA IP address and the CA URL. If the base station cannot access the CA, it
cannot obtain any operator-issued certificate.
NOTE
In IPsec networking scenario 1, the public DHCP server assigns an interface IP address in the IP address
pool to the base station, without parsing the BS ID contained in Option 43. Therefore, the BS ID contained
in DHCP packets is meaningless in such a scenario.
In addition to the operator-issued device certificate, the base station also obtains the root
certificate of the CA. The base station then uses both certificates to perform mutual
authentication with the SeGW on the operator's network. After the authentication is successful,
the base station and SeGW establish an IPsec tunnel, through which the base station accesses
the internal DHCP server and the U2000 in the trusted domain.
IKEv1 and IKEv2 are incompatible. During base station deployment by PnP, the base station
cannot predict the IKE version used by the SeGW. If the base station successfully negotiated an
IKE version with the SeGW, the base station preferentially tries this IKE version. Otherwise,
the base station tries IKEv2 before IKEv1.
IKE SA Negotiation
During IKE SA negotiation in the normal operation of the base station, the base station supports
a large number of algorithm groups. However, during base station deployment by PnP, the base
station only supports the 48 algorithm groups (see Table 3-13) in the IKEv2 proposal and the
120 algorithm groups (see Table 3-14) in the IKEv1 proposal.
NOTE
The number of algorithm groups in the IKEv2 proposal is calculated as follows: Encryption Algorithm has
four values, Authentication Algorithm has two values, Diffie-Hellman Group has three values, and PRF
Algorithm has two values. Therefore, the number of algorithm groups in the IKEv2 proposal is 48 (4 x 2
x 3 x 2).
The number of algorithm groups in the IKEv1 proposal is calculated in the same way as that in
the IKEv2 proposal.
To establish a temporary IPsec tunnel, the base station preferentially tries the five algorithm
groups listed in Table 3-14 in sequence. If this fails, the base station tries the other groups until
it establishes an IPsec tunnel. If all the supported algorithm groups fail, the base station obtains
transmission configuration from the public DHCP server again to set up a temporary IPsec tunnel
and then restarts an IKE SA negotiation.
IKEv2 proposal algorithms should be configured in the sequence shown in Table 3-15.
Otherwise, the IKEv2 negotiation may fail. To increase the deployment success rate and shorten
the deployment duration, it is recommended that IKEv2 proposal algorithms in configuration
files of the base station follow the configurations listed in Table 3-15.
NOTE
During base station deployment by PnP, the IDTYPE parameter in the IKEPEER MO is set to FQDN by
default and the base station uses SubjectAltName in the digital certificate as the local name of the base
station for IKE negotiation.
IPsec SA Negotiation
During IPsec SA negotiation in the normal operation of the base station, the base station supports
ESP and AH authentication in tunnel or transport mode. However, during base station
deployment by PnP, the base station only supports ESP authentication in tunnel mode.
During IPsec SA negotiation in the normal operation of the base station, the base station supports
multiple IPsec proposal algorithm groups. However, during base station deployment by PnP,
the base station supports only the encryption and authentication algorithm groups listed in Figure
3-24. It first tries the six algorithm groups marked in green. If this fails, it tries the six algorithm
groups marked in gray. Once IKE negotiation is successful using an algorithm group, the base
station applies this algorithm group.
The base station tries IKE version and algorithm groups in the following priority sequence:
NOTE
During base station deployment by PnP, the base station does not try all supported IPsec and IKE proposal
algorithms (such as the DES algorithm) when establishing an IPsec tunnel. This is because trying all
supported combinations of security parameters may take a long time.
During base station deployment by PnP, the base station must use tunnel mode instead of transfer mode as
the encapsulation mode when establishing an IPsec tunnel. This is because the U2000, BSC, DHCP server,
and FTP server do not support IPsec.
During base station deployment by PnP, the base station does not try the perfect forward secrecy (PFS).
If the IPsec and IKE proposal algorithms and their settings on the base station or SeGW side are
inconsistent with those tried during base station deployment by PnP, OMCH establishment may
fail, leading to deployment failures. Therefore, ensure there is consistency between the
parameters and settings.
Table 3-16 Parameters specific to the U2000 DHCP server in IPsec networking scenario 1
information. Using the MODE-CONFIG mode during IKE negotiation, the base station can
obtain one temporary logical IP address used for accessing the trusted domain and one U2000
DHCP server IP address. The base station can obtain one U2000 DHCP server IP address at
most.
NOTE
In IKEv1, CP is not standardized and is referred to as MODE-CONFIG, which is supported only by the
base station in aggressive mode. For details about the MODE-CONFIG, see RFC4306 Internet Key
Exchange (IKEv2) Protocol.
The base station follows procedures listed in Table 3-17 to obtain formal transmission
configuration information from the U2000 DHCP server, depending on whether the logical IP
address used for accessing the untrusted domain and any U2000 DHCP server IP address are
available.
Table 3-17 Obtaining formal transmission configuration information from the U2000 DHCP
server
The base station has obtained l The base station uses the See Table 3-18.
the interface IP address, logical IP address for
logical IP address, and accessing the trusted
U2000 DHCP server IP domain as the source IP
address. address, and uses any
NOTE U2000 DHCP server IP
The base station obtains the address as the destination
preceding IP addresses in IP address. The base
different ways: Interface IP station then unicasts
address: from the DHCP
DHCP packets to each
procedure Logical IP address:
from MODE-CONFIG mode U2000 DHCP server.
during IKE negotiation U2000 Only the U2000 DHCP
DHCP server IP address: from server that has the correct
the DHCP procedure or from BS ID sends
MODE-CONFIG mode during configuration
IKE negotiation
information to the base
station.
l The base station
automatically configures
an access control list
(ACL) rule in Any to Any
mode that allows DHCP
packets to reach the base
station.
The base station has obtained l The base station uses the See Table 3-19.
the interface IP address and interface IP address for
U2000 DHCP server IP accessing the untrusted
address, but not the logical IP domain as the source IP
address. address, and uses any
U2000 DHCP server IP
address as the destination
IP address. The base
station then unicasts
DHCP packets to each
U2000 DHCP server.
Only the U2000 DHCP
server that has the correct
BS ID sends
configuration
information to the base
station.
l The base station
automatically configures
an ACL rule that allows
DHCP packets to reach
the base station. In the
ACL rule, the source IP
address is the interface IP
address and the
destination IP address is
an U2000 DHCP server
IP address. If there are
multiple U2000 DHCP
servers, one ACL rule is
generated for each
connected U2000 DHCP
server.
The base station has not l The base station uses See Table 3-20.
obtained the logical IP 0.0.0.0 as the source IP
address for accessing the address and
trusted domain or any U2000 255.255.255.255 as the
DHCP server IP address. destination IP address to
broadcast DHCP packets
over an IPsec tunnel. The
packets are encapsulated
over the IPsec tunnel
before reaching the
SeGW.
l The base station
automatically configures
an ACL rule that allows
DHCP packets to reach
the base station. In the
ACL rule, the source
UDP port number is 68
and the destination UDP
port number is 67.
NE Requirement
NE Requirement
All NEs between the base station and the l Is configured with the firewall policy or
U2000 DHCP server the packet filtering policy so that they
allow the transmission of packets with 67
or 68 as the source and destination UDP
port number.
l Is configured with a route whose
destination IP address is the logical IP
address for accessing the trusted domain
or network segment of the logical IP
address so that related packets can be
routed to the SeGW.
NE Requirement
All NEs between the base station and the l Is configured with the firewall policy or
U2000 DHCP server the packet filtering policy so that they
allow the transmission of packets with 67
or 68 as the source and destination UDP
port number.
l Is configured with a route whose
destination IP address is the interface IP
address of the base station or the IP
address of the network segment.
NE Requirement
All NEs between the base station and the l Is configured with the firewall policy or
U2000 DHCP server the packet filtering policy so that they
allow the transmission of packets with 67
or 68 as the source and destination UDP
port number.
l Is configured with a route whose
destination IP address is the IP address of
the DHCP relay agent on the SeGW.
The base station obtains transmission configuration information in IPsec networking scenarios
differently from non-IPsec networking scenarios:
l The DHCP server can be deployed only on the U2000, not the base station controller. That
is, the U2000 DHCP server is used.
l The base station may obtain IP addresses of many DHCP servers. Therefore, it needs to
communicate with each DHCP server to find the correct DHCP server. IPsec secures
OMCH data.
l Therefore, among the configuration information sent by the U2000 DHCP server to the
base station, the SeGW IP address is mandatory and the local name of the SeGW is optional.
The local name of the SeGW is used to authenticate the SeGW.
The procedure for establishing a formal IPsec tunnel differs from the procedure for establishing
a temporary IPsec tunnel as follows:
l The base station uses the interface IP address delivered by the U2000 DHCP server and
SeGW IP address delivered by the U2000 DHCP server for IKE SA and formal IPsec
establishment negotiations between the base station and SeGW. During IPsec tunnel
establishment, the base station automatically configures an ACL rule in OM IP to Any
mode and the SeGW configures an ACL rule in Any to OM IP or Any to Any mode.
l The base station preferentially tries security parameters with which the temporary IPsec
tunnel was successfully established to establish the formal IPsec tunnel. If this fails, the
base station follows the sequence described in the "Establishing a Temporary IPsec
Tunnel" to try other security parameters.
Establishing an OMCH
The procedure for establishing an OMCH in an IPsec networking scenario is similar to that in
a non-IPsec networking scenario, except that, in an IPsec networking scenario, the U2000 and
base station must authenticate each other after the base station obtains operator-issued
certificates. The operator can choose to use SSL for the authentication. To authenticate the base
station, a device certificate and root certificate must be configured for the U2000.
NE Requirement
NE Requirement
NE Requirement
l An U2000 DHCP server in the trusted domain is deployed. IPsec does not secure DHCP
packets. Using a DHCP procedure in the untrusted domain, the base station obtains its
temporary IP address and the OM IP address, the SeGW IP address, and the CA IP address.
From the U2000 DHCP server, the base station obtains the formal transmission
configuration information.
The base station in the untrusted domain cannot directly access NEs in the trusted domain.
Instead, packets from the base station must be encrypted over the IPsec tunnel to the SeGW
before being transmitted to the U2000 or BSC in the trusted domain.
l A CA is deployed and provides digital certificates for the base station to perform mutual
authentication with other NEs. During base station deployment, the CA can be accessed
by NEs' IP addresses in the untrusted domain.
l After the base station starts, it must apply to the CA for operator-issued digital certificates
before connecting to the SeGW.
Figure 3-26 shows the automatic OMCH establishment procedure in IPsec networking scenario
2.
1. The base station obtains VLAN information. For details, see section "3.2.8 Schemes for
Obtaining VLAN Information for DHCP Packets."
2. The base station obtains required configuration information from the U2000 DHCP server.
The information includes the interface IP address and the OM IP address of the base station,
the CA IP address, and the SeGW address.
NOTE
During a DHCP procedure, a DHCP response packet sent by the U2000 contains the target RAT for
the base station. Upon detecting an inconsistency between the current and target RATs, the base
station changes its current RAT and then restarts. Afterwards, the base station reinitiates a DHCP
procedure.
3. By using the configuration information obtained from the U2000 DHCP server, the base
station applies to the CA for an operator-issued device certificate. (For details about the
certificate application procedure, see the "Obtaining an Operator-Issued Device
Certificate" section.) The base station then adds the obtained certificate to the default
trusted certificate list for subsequent IPsec tunnel establishment and SSL authentication.
4. By using the configuration information obtained from the U2000 DHCP server, the base
station establishes a formal IPsec tunnel to the SeGW.
5. After the formal IPsec tunnel is established, the base station waits for the OMCH
establishment request from the U2000/BSC and then establishes an OMCH to the U2000/
BSC. Because the base station has obtained the operator-issued device certificate, SSL
authentication is supported between the U2000 and base station.
NOTE
If an IPsec tunnel or OMCH fails to be established, the base station automatically restarts the automatic OMCH
establishment procedure.
IPsec Redundancy Among Multiple SeGWs is not supported during base station deployment by PnP when
multiple SeGWs are configured. The active SeGW must work properly during base station deployment by PnP.
Table 3-22 Parameters specific to the U2000 DHCP server in IPsec networking scenario 2
Table 3-23 Configuration requirements for network equipment in IPsec networking scenario 2
Next-hop gateway of the base station l Is enabled with the DHCP relay agent
function.
l Is configured with correct DHCP server
IP addresses.
the SeGW. During base station deployment, the CA is accessible through IP addresses of
NEs in the untrusted domain (for example, the interface IP address of the base station).
1. The base station obtains VLAN information. For details, see section "3.2.8 Schemes for
Obtaining VLAN Information for DHCP Packets."
2. The base station obtains the OMCH configuration data and CA configuration data
(optional) from the U2000 DHCP server. If the base station uses the PSK for authentication,
the base station does not need to obtain the CA configuration data. If the base station uses
digital certificates for authentication, the base station must obtain the CA configuration
data.
NOTE
During a DHCP procedure, a DHCP response packet sent by the U2000 contains the target RAT for the
base station. Upon detecting an inconsistency between the current and target RATs, the base station
changes its current RAT and then restarts. Afterwards, the base station reinitiates a DHCP procedure.
3. The base station applies to the CA for an operator-issued device certificate if it has obtained
CA information. (For details about the certificate application procedure, see the "Obtaining
an Operator-Issued Device Certificate" section.) The base station then adds the obtained
certificate to default trusted certificate list for subsequent IPsec tunnel establishment and
SSL authentication.
4. Based on the configuration information obtained from the U2000 DHCP server, the base
station establishes an OMCH to the U2000 or BSC. Because the base station has obtained
operator-issued certificates, SSL authentication is supported between the U2000 and base
station.
NOTE
If an IPsec tunnel or OMCH fails to be established, the base station automatically restarts the automatic OMCH
establishment procedure.
After the OMCH is established, the base station obtains the official configuration information and makes the
configuration take effect. Then, the base station restarts and establishes an IPsec tunnel to the SeGW to secure
services and signaling.
Table 3-24 Parameters specific to the U2000 DHCP server in IPsec networking scenario 3
Table 3-25 Configuration requirements for network equipment in IPsec networking scenario 3
Next-hop gateway of the base station l Is enabled with the DHCP relay agent
function and configured with the IP
address of the DHCP server, that is, the IP
address of the U2000. If an NAT server is
deployed, the IP address of the U2000
must be that converted by the NAT server.
l Is configured with a route whose
destination IP address is the DHCP server
IP address.
l Is configured with a route whose
destination IP address is the OM IP
address of the base station if the OM IP
address is not the same as the interface IP
address of the base station.
l Is configured with a route whose
destination IP address is the CA IP
address.
3.4.1 Networking
The separate-MPT multimode base station is similar to many single-mode base stations that are
interconnected using the transmission board. The interconnection can either be based on the
panel or the backplane. Generally, the transmission board of a certain mode provides a shared
transmission interface for connecting to the transport network. The base station in this mode is
called an upper-level base station, and base stations in the other modes are called lower-level
base stations. The upper-level base station acts as the DHCP relay agent of lower-level base
stations.
Figure 3-29 shows the OMCH networking for the separate-MPT multimode base station that
uses panel-based interconnection. The upper-level base station provides two transmission
interfaces, one for panel-based interconnection (lower transmission interface) and the other for
connecting to the transport network (upper transmission interface).
Figure 3-29 OMCH networking for the separate-MPT multimode base station that uses panel-
based interconnection
Figure 3-30 shows the OMCH networking for the separate-MPT multimode base station that
uses backplane-based interconnection.
Figure 3-30 OMCH networking for the separate-MPT multimode base station that uses
backplane-based interconnection
The automatic OMCH establishment procedure for the separate-MPT base station is similar to
the respective automatic OMCH establishment procedure for each single-mode base station.
Lower-level base stations can start the automatic OMCH establishment procedure only after the
upper-level base station completes the procedure. This section describes the differences in the
procedures between the separate-MPT base station and the single-mode base station.
1. Same as the single-mode base station, the upper-level base station follows the OMCH
establishment procedure described in chapter "3.3 Automatic OMCH Establishment by
the Single-mode Base Station and Co-MPT Multimode Base Station." The upper-level
base station then obtains software and configuration files from the U2000 or BSC over the
established OMCH. The upper-level base station activates software and configuration files
and then enters the working state.
2. Each lower-level base station exchanges DHCP packets with the DHCP relay agent (upper-
level base station) and the DHCP server to obtain the transmission configuration
information.
3. Each lower-level base station establishes an OMCH to the U2000 or BSC.
The DHCP servers of the upper-level base station and lower-level base stations can be deployed
on the same NE or different NEs.
Table 3-26 Setting of the OM Bearing Board parameter on DHCP servers of lower-level base
stations
NOTE
SSL authentication takes effect only on main control boards. If the certificate for SSL authentication is not
deployed on the main control board of a base station, the main control board must obtain a valid certificate
from other boards. In this case, certificate sharing must be used. For details, see PKI Feature Parameter
Description for SingleRAN.
The upper-level base station acts as the DHCP relay agent to forward DHCP packets and as a
router to forward OMCH and service packets for lower-level base stations. The transport network
for the upper-level base station needs to forward DHCP packets from the DHCP servers of lower-
level base stations. Therefore, the upper-level base station and its transport network must be
configured with data listed in Table 3-27.
All devices on the transport network for the l Is configured with routes to the DHCP
upper-level base station servers of lower-level base stations.
l Is configured with routes to the IP address
of the DHCP relay agent of the upper-
level base station.
l Is configured with routes to the OM IP
address and service IP address of the
lower-level base station.
DHCP servers of lower-level base stations Is configured with routes to the IP address of
the DHCP relay agent of the upper-level base
station.
l Backplane-based interconnection:
The IP addresses of the DHCP relay agent are as follows:
1. OM IP address of the upper-level base station
2. IP addresses of the upper transmission interface on the upper-level base station. If there
are several IP addresses of the upper transmission interface, the IP address used as the IP
address of the DHCP relay agent must be on the same network segment as the next-hop IP
address of the upper-level base station's route to the DHCP server of the lower-level base
station.
l Panel-based interconnection:
The IP addresses of the DHCP relay agent are as follows:
1. OM IP address of the upper-level base station
2. IP addresses of the lower transmission interface on the upper-level base station. If there
are several addresses of the lower transmission interface, the IP addresses used as the IP
addresses of the DHCP relay agent vary by scenario:
– If VLANs have been deployed for neither the OMCH nor the service channel on the
lower-level base station, the IP addresses of the lower transmission interface that is not
configured with VLANs are used.
– If VLANs have been deployed for both the OMCH and the service channel on the lower-
level base station, the IP address of the interface that is used by the OMCH to deploy
VLANs is used.
– If VLANs have been deployed for the service channel but not for the OMCH on the
lower-level base station, the IP addresses of the interface where no VLAN has been
deployed are used.
In both backplane- and panel-based interconnection scenarios, if there are active and standby
OMCHs on the upper-level base station, the OM IP address in use will be used as the IP address
of the DHCP relay agent. For example, if the OM IP address of the standby OMCH is in use, it
will be used as the IP address of the DHCP relay agent.
Backplane-based Interconnection
Figure 3-32 shows examples of DHCP relay agent's IP addresses and route deployment in
backplane-based interconnection.
Figure 3-32 Examples of DHCP relay agent's IP addresses and route deployment in GBTS &
NodeB backplane-based interconnection
l IP addresses of the DHCP relay agent and route from the DHCP server to the IP address
of the DHCP relay agent
– IP addresses of the DHCP relay agent are 10.20.20.22 (OM IP address) and 10.100.1.10
(IP address 1).
– The destination IP address of the route from the DHCP server to the IP address of the
DHCP relay agent is 10.100.1.10 or 10.20.20.22.
l IP routes on the upper-level base station
– Run the following command to configure a route to the DHCP server of the lower-level
base station (BSC):
ADD IPRT: RTIDX=1, SN=6, SBT=BASE_BOARD, DSTIP="10.101.1.10",
DSTMASK="255.255.255.255", RTTYPE=NEXTHOP, NEXTHOP="10.100.1.1";
l Run the following command to configure a route to the RNC service IP address:
l Run the following command to configure a route to the OM IP address of the lower-level
base station (The service IP address is the same as the OM IP address):
ADD IPRT: RTIDX=1, SN=6, SBT=BACK_BOARD, DSTIP="10.30.20.20",
DSTMASK="255.255.255.255", RTTYPE=IF, IFT=TUNNEL, IFNO=1;
Panel-based Interconnection:
Figure 3-33 shows examples of DHCP relay agent's IP addresses and route deployment in panel-
based interconnection.
Figure 3-33 Examples of DHCP relay agent's IP addresses and route deployment in panel-based
interconnection
l IP address of the DHCP relay agent and route from the DHCP server to the IP address of
the DHCP relay agent
– If VLANs have been deployed for neither the OMCH nor the service channel on the
lower-level base station, IP addresses of the DHCP relay agent are 10.20.20.22 (OM IP
address), 10.100.1.10 (IP address 1), and 10.110.1.10 (IP address 2), and the destination
IP address of the route to the IP address of the DHCP relay agent is 10.20.20.22,
10.100.1.10, or 10.110.1.10.
– If VLANs have been deployed for both the OMCH and the service channel on the lower-
level base station, IP addresses of the DHCP relay agent are 10.20.20.22 (OM IP
address) and 10.100.1.10 (IP address 1), and the destination IP address of the route to
the IP address of the DHCP relay agent is 10.20.20.22 or 10.100.1.10.
To deploy VLANs for the OMCH and service channel on the lower-level base station,
configure VLANMAP information on the upper-level base station as follows:
//Run the following command to configure VLANs for the OMCH on the lower-
level base station:
ADD VLANMAP: NEXTHOPIP="10.100.1.30", MASK="255.255.255.0",
VLANMODE=SINGLEVLAN, VLANID=10, SETPRIO=DISABLE;
//Run the following command to configure VLANs for the service channel on
the lower-level base station:
ADD VLANMAP: NEXTHOPIP="10.110.1.30", MASK="255.255.255.0",
VLANMODE=SINGLEVLAN, VLANID=20, SETPRIO=DISABLE;
– If VLANs have been deployed for the service channel but not for the OMCH on the
lower-level base station, IP addresses of the DHCP relay agent are 10.20.20.22 (OM IP
address) and 10.100.1.10 (IP address 1), and the destination IP address of the route to
the IP address of the DHCP relay agent is 10.20.20.22 or 10.100.1.10.
To deploy VLANs for the service channel on the lower-level base station, configure
VLANMAP information on the upper-level base station as follows:
IP addresses of the DHCP relay agent are 10.20.20.22 (OM IP address) and 10.100.1.10
(IP address 1).
//Run the following command to configure VLANs for the service channel on
the lower-level base station
ADD VLANMAP: NEXTHOPIP="10.110.1.30", MASK="255.255.255.0",
VLANMODE=SINGLEVLAN, VLANID=20, SETPRIO=DISABLE;
– Run the following command to configure a route to the RNC service IP address:
ADD IPRT: RTIDX=1, SN=6, SBT=BASE_BOARD, DSTIP="10.200.20.10",
DSTMASK="255.255.255.255", RTTYPE=NEXTHOP, NEXTHOP="10.100.20.1";
– Run the following command to configure a route to the OM IP address of the lower-
level base station:
ADD IPRT: RTIDX=1, SN=6, SBT=BASE_BOARD, DSTIP="10.20.20.20 ",
DSTMASK="255.255.255.255", RTTYPE=NEXTHOP, NEXTHOP="10.100.1.30";
– Run the following command to configure a route to the service IP address of the lower-
level base station:
ADD IPRT: RTIDX=1, SN=6, SBT=BASE_BOARD, DSTIP=" 10.30.1.30 ",
DSTMASK="255.255.255.255", RTTYPE=NEXTHOP, NEXTHOP="10.110.1.30";
l Route from the U2000 to the OM IP address of the lower-level base station:
The destination IP address of the route is 10.20.20.20, the destination subnet mask is
255.255.255.255, and the next-hop IP address is 10.100.11.10.
Table 3-28 Configuration requirements for configuration files of the base station in all scenarios
SN MO Requirement
SN MO Requirement
SN MO Requirement
Table 3-29 Configuration requirements for the configuration files of the base station in IPsec
networking scenariosSNNEMORequirement
SN NE MO Requirement
1 Base OMCH If either the OMCH or the service channel is secured by IPsec, the
statio OMCH and the service channel must use different IP addresses.
n Otherwise, an error may occur in DHCP parameters.
2 Base ACLRU If neither requirement is met, errors may occur when parameters
statio LE configured on the SeGW are exported from the CME, leading to
n failures in base station deployment by PnP. The configured ACL
rule meets either of the following requirements:
l The SIP and DIP parameters are set to 0.0.0.0, and the SWC
and DWC parameters are set to 255.255.255.255. That is, both
the source and destination IP addresses can be any address.
l The SIP is set to the OM IP address, and the DIPparameter is
set to the IP address of the U2000, the IP address of the U2000
network segment, or 0.0.0.0. Note that IPsec tunnels do not
secure OMCHs established during base station deployment if
the ACTION parameter is set to DENY(Deny). IPsec tunnels
secure the OMCHs only when the ACTION parameter is not
set to DENY(Deny).
4 Base BFDSE If the base station uses the IPsec tunnel pair topology, the BFD
statio SSION session cannot be bound to a route during the BFD session
n configuration.
NOTE
When you configure or modify the information of the U2000 DHCP server on the U2000, the destination
IP address of the OMCH route and the IP address of the destination network segment must be correct.
SN Requirement
The preceding three services can be deployed on different U2000s and use different IP addresses.
Therefore, network planning and base station data configuration must ensure normal
communication between the OM IP address of the base station and the IP addresses of the three
services.
Table 3-31 describes the impact of U2000 deployment on automatic OMCH establishment.
Singl l All Singl Single For details, see 3.3 For details, see 3.3
e- applicati e server Automatic OMCH Automatic OMCH
server on serve Establishment by the Establishment by the
syste services r Single-mode Base Single-mode Base
m are Station and Co-MPT Station and Co-MPT
deployed Multimode Base Multimode Base
on the Station and 3.4 Station and 3.4
same Automatic OMCH Automatic OMCH
server Establishment by the Establishment by the
l and the Separate-MPT Separate-MPT
server Multimode Base Multimode Base
has only Station. Station.
one IP
address.
HA l The Activ Active For details, see 3.3 For details, see 3.3
syste active e or or Automatic OMCH Automatic OMCH
m and stand standby Establishment by the Establishment by the
standby by node Single-mode Base Single-mode Base
nodes node Station and Co-MPT Station and Co-MPT
have the Multimode Base Multimode Base
same Station and 3.4 Station and 3.4
function Automatic OMCH Automatic OMCH
and data Establishment by the Establishment by the
on the Separate-MPT Separate-MPT
two Multimode Base Multimode Base
nodes are Station. Station.
synchron
ized.
l The
active
and
standby
nodes
use the
same IP
address.
For example:When the U2000 uses the multi-server load-sharing (SLS) networking, the DHCP
service is deployed on the master server, whereas the FTP service and the OMCH management
service can be deployed on either the master or slave server. When the FTP service and OMCH
management service are deployed on different U2000 servers and accordingly use different IP
addresses, the route configuration on the base station and the transport network must ensure that
the IP addresses of the two services are reachable using configured routes. If IPsec secures
OMCH data, the IPsec SA's traffic selector (TS) successfully negotiated between the base station
and the SeGW must cover the traffic between the OM IP address of the base station and the IP
addresses of the FTP service and the OMCH management service.
OMCH networking requires that the NAT server be deployed only on the U2000 side, but not
the base station or BSC side. Figure 3-34 shows the OMCH networking in which the NAT server
is deployed on the U2000 side.
Figure 3-34 OMCH networking when the NAT server is deployed on the U2000
The IP address and port number of the U2000 can be converted by the NAT. Therefore, the route
whose destination IP address is the U2000 IP address on the base station side must use an U2000
IP address visible on the base station side as the destination address. As shown in Figure
3-34, the local IP address configured for the U2000 is 10.20.0.1, that is , the source IP address
of packtes sentd by the U2000 is 10.20.0.1. After the conversion performed by the NAT server,
however, the source IP address in TCP packets received by the base station is 10.10.1.1 instead
of 10.20.0.1. Therefore, the route whose destination IP address is 10.10.1.1 instead of 10.20.0.1
must be configured on the base station side.
NOTE
The IP address and port number on the base station side cannot be converted by the NAT server because
the DHCP server uses the IP address of the DHCP relay agent (giaddr) or IP address of the DHCP client
(ciaddr) as the destination IP address for responding to the DHCP message and the giaddr or ciaddr fields
contained in the DHCP message cannot be converted by the NAT server.
4.1 Overview
ATM-based automatic OMCH establishment for Base Stations (corresponding to feature
WRFD-031100 BOOTP) is used for the bootstrap of diskless workstations. It enables the diskless
workstation to obtain the IP address from the server during the startup. Compared with the
Reverse Address Resolution Protocol (RARP) that implements the same function, BOOTP is
more versatile and easier to use. BOOTP complies with the RFC 951 and RFC 1542 protocols.
BOOTP that is applied to the RAN system enables the NodeB to establish an IPoA path based
on the obtained IP address and default PVC. In this way, a remote OM channel can be set up
between the NodeB and the U2000 or LMT.
The NodeB configuration data normally contains the data of the IPoA path. If the data is correct,
the user can remotely access and maintain the NodeB. If the data is incorrect, BOOTP helps the
NodeB to establish a correct IPoA path so that the NodeB can be remotely maintained.
4.2 Principles
BOOTP is used in ATM networking to establish an IPoA path so that a remote OM channel
from the U2000 or LMT to the NodeB can be set up.
The configuration data required for setting up an IPoA path includes the Permanent Virtual
Channel (PVC), transport ports carrying the PVC, and IP addresses.
The procedure of BOOTP establishment consists of port listening, port configuration, PVC setup
and BOOTP request initiation, RNC returning the BOOTPREPLY message, and IPoA
configuration, as shown in Figure 4-1.
The prerequisites for port listening are as follows: The physical links must be connected properly.
(If a link works abnormally, ports are not configured on this link.); the transport ports of other
transport devices connecting the RNC and the NodeB must be correctly configured.
The procedure of BOOTP establishment is different in the case of different port types. For the
unchannelized STM-1/OC-3 ports, the PVC can be set up without port listening as
interconnection is not involved. The following describes the port listening function in the case
of IMA, UNI, and fractional ATM.
The NodeB first tries to listen to the IMA/UNI ports because whether the IMA/UNI ports or
fractional ATM ports are used cannot be determined initially. If the listening fails, the NodeB
listens to the fractional ATM ports.
Listening to the timeslots by using the exhaustive method will be time-consuming because the
combinations of timeslots are countless. To prevent this problem, the range of timeslot
combinations needs to be minimized. The combinations need to contain only the typical timeslot
bitmaps commonly used by the telecom operators.
To listen to fractional ATM links is to apply the exhaustive method to these typical timeslot
bitmaps, which is a way to configure the fractional ATM links. If the links work properly, the
listening is successful; if the links work abnormally, it indicates that the timeslot bitmap does
not match the configuration at the peer end, and the NodeB needs to try other timeslot bitmaps.
The NodeB first uses the E1 timeslot bitmaps to listen to the ports, because whether the physical
links connected to the NodeB are E1s or T1s cannot be determined initially. If the listening fails,
the NodeB uses the T1 timeslot bitmaps to listen to the ports.
After the PVC is set up, the NodeB issues a BOOTPREQUEST message on this PVC to request
the RNC to assign an IP address. The IP address will be used as the OM address of the NodeB.
This IP address can be used for logging in to the NodeB and be used for maintenance purposes.
On receipt of the BOOTPREQUEST message, the RNC replies with a BOOTPREPLY message
containing the assigned IP address. The message is transmitted over the established PVC (fixed
to 1/33).
On the RNC side, run the ADD UNODEBIP command to configure the IP address of the OM
channel. The main parameter of this command is as follows:
NBCTRLSN(BSC6900,BSC6910): This parameter specifies the main control board slot number
of the NodeB. When there are multiple main control boards in a base station, the RNC compares
the slot number of a main control board reported in the BOOTP process with the slot number
specified by users. If the reported and specified slot numbers are the same, the RNC returns a
BOOTPREPLY message to the base station.
5.1 Introduction
In TDM networking, the protocol stack on the Abis interface is as follows:
Figure 5-1 shows the protocol stack on the Abis interface in TDM networking.
OML timeslot detection in TDM networking applies to the GBTS in Abis over TDM mode. This
function is used to establish an OMCH (that is, an OML) between the GBTS and BSC.
5.2 Process
As shown in Figure 5-2, the process of OML timeslot detection in TDM networking consists
of two procedures: sending L2ML establishment requests and saving detection information.
1. The GBTS determines whether an E1 or T1 link is used for OML timeslot detection based
on the DIP switch of the main control board.
2. To establish an OML to the BSC, the GBTS attempts to send L2ML establishment requests
based on certain combinations of bandwidths and E1/T1 ports that support OML timeslot
detection.
OML timeslot detection in TDM networking requires 64 kbit/s or 16 kbit/s bandwidth and can
be implemented on E1/T1 ports 0 and 1 of the main control board. Therefore, there are four
possible combinations, which the GBTS tries in the following order:
l For an E1 link, the GBTS sends L2ML establishment requests over 64 kbit/s timeslots 1
through 31.
l For a T1 link, the GBTS sends L2ML establishment requests over 64 kbit/s timeslots 1
through 24.
l For an E1 link, the GBTS sends L2ML establishment requests over the third 16 kbit/s sub-
timeslots of 64 kbit/s timeslots 1 through 31.
l For a T1 link, the GBTS sends L2ML establishment requests over the third 16 kbit/s sub-
timeslots of 64 kbit/s timeslots 1 through 24.
Upon receiving an L2ML establishment request, the BSC selects a 64 kbit/s timeslot or a 16
kbit/s sub-timeslot based on base station configurations, and responds to the request. By default,
the BSC selects the last 64 kbit/s timeslot of an E1/T1 link, or the third 16 kbit/s sub-timeslot
of the last 64 kbit/s timeslot. The last 64 kbit/s timeslot is timeslot 31 for an E1 link and timeslot
24 for a T1 link.
If the last 64 kbit/s timeslot or the third 16 kbit/s sub-timeslot of the last 64 kbit/s timeslot cannot
carry an OML, run the SET BTSOMLTS command on the BSC LMT to set the timeslot that
is used to carry the OML, and run the SET BTSOMLDETECT command to set the OML
timeslot detection function.
Upon receiving a correct response over a timeslot, the GBTS uses the timeslot to carry the OML.
Otherwise, the GBTS attempts to establish an OML on other ports or timeslots.
6 Parameters
DHCPR BSC690 ADD None None Meaning: This parameter indicates the IP Address of
LYGAT 0 DHCPR DHCP Relay Gateway.
EWAYI LY GUI Value Range: Valid IP Address
P MOD Unit: None
DHCPR
LY Actual Value Range: Valid IP Address
Default Value: None
DHCPR BSC691 ADD None None Meaning: This parameter indicates the IP Address of
LYGAT 0 DHCPR DHCP Relay Gateway.
EWAYI LY GUI Value Range: Valid IP Address
P MOD Unit: None
DHCPR
LY Actual Value Range: Valid IP Address
Default Value: None
DHCPS BSC690 ADD WRFD- IP Meaning: Whether the IP address of the DHCP server
RVISE 0 DHCPR 050410 Transmi is the same as the IP address of the EMS.
MSIP LY ssion GUI Value Range: No(DHCP server IP address needs
MOD Introduc to be specified), Yes(Same as the EMS IP address)
DHCPR tion on
Iur Unit: None
LY
Interface Actual Value Range: Yes, No
Default Value: Yes(Same as the EMS IP address)
DHCPS BSC691 ADD WRFD- Iu/Iur IP Meaning: Whether the IP address of the DHCP server
RVISE 0 DHCPR 150244 Transmi is the same as the IP address of the EMS.
MSIP LY ssion GUI Value Range: No(DHCP server IP address needs
MOD Based to be specified), Yes(Same as the EMS IP address)
DHCPR on
Dynami Unit: None
LY
c Load Actual Value Range: Yes, No
Balance Default Value: Yes(Same as the EMS IP address)
DHCPS BSC690 ADD WRFD- IP Meaning: First IP Address of the DHCP Server.
RVIP1 0 DHCPR 050410 Transmi GUI Value Range: Valid IP Address
LY ssion
Introduc Unit: None
MOD
DHCPR tion on Actual Value Range: Valid IP Address
LY Iur Default Value: None
Interface
DHCPS BSC691 ADD WRFD- Iu/Iur IP Meaning: First IP Address of the DHCP Server.
RVIP1 0 DHCPR 150244 Transmi GUI Value Range: Valid IP Address
LY ssion
Based Unit: None
MOD
DHCPR on Actual Value Range: Valid IP Address
LY Dynami Default Value: None
c Load
Balance
DHCPPI BSC690 ADD WRFD- IP Meaning: NE type identifier in the DHCP message. The
D 0 DHCPR 050410 Transmi parameter specifies the type of NEs for which the
LY ssion multimode base station controller can perform DHCP
MOD Introduc relay. TGWSWITCH is the relay switch of TGW, and
DHCPR tion on OTHERSWITCH is the relay switch of NEs supporting
LY Iur the relay function except TGW, such as SRAN, NodeB,
Interface USU, eNodeB, and eGBTS.
GUI Value Range: TGWSWITCH(TGWSWITCH),
OTHERSWITCH(OTHERSWITCH)
Unit: None
Actual Value Range: TGWSWITCH,
OTHERSWITCH
Default Value: TGWSWITCH:1,OTHERSWITCH:1
ES BTS390 SET MRFD- IP- Meaning: Indicates whether to enable the DHCP relay
0, DHCPR 221501 Based switch.
BTS390 ELAYS WRFD- Multi- GUI Value Range: DISABLE(Disable), ENABLE
0 WITCH 031101 mode (Enable)
WCDM LST Co-
A, MRFD- Transmi Unit: None
DHCPR
BTS390 ELAYS 231501 ssion on Actual Value Range: DISABLE, ENABLE
0 LTE WITCH LBFD-0 BS side Default Value: DISABLE(Disable)
0300102 (NodeB)
/ NodeB
TDLBF Self-
D-00300 discover
102 y Based
LBFD-0 on IP
0300103 Mode
/ IP-
TDLBF Based
D-00300 Multi-
103 mode
MRFD- Co-
211501 Transmi
ssion on
BS side
(eNode
B)
Chain
Topolog
y
Tree
Topolog
y
IP-
Based
Multi-
mode
Co-
Transmi
ssion on
BS side
(GBTS)
DHCPS BTS390 ADD WRFD- NodeB Meaning: Indicates the IP address of the DHCP server.
VRIP 0, DHCPS 031101 Self- GUI Value Range: Valid IP address
BTS390 VRIP discover
0 MRFD- y Based Unit: None
RMV 211501
WCDM DHCPS on IP Actual Value Range: Valid IP address
A, VRIP LBFD-0 Mode Default Value: None
BTS390 0300102
0 LTE LST IP-
DHCPS / Based
VRIP TDLBF Multi-
D-00300 mode
102 Co-
LBFD-0 Transmi
0300103 ssion on
/ BS side
TDLBF (GBTS)
D-00300
103 Chain
Topolog
y
Tree
Topolog
y
IDTYPE BTS390 ADD LOFD-0 IPsec Meaning: Indicates the type of the identification
0, IKEPEE 03009 / payload that the local end transmits. The authentication
BTS390 R TDLOF BTS can be performed based on IP or fully qualified domain
0 D-00300 Integrate name (FQDN).
MOD d Ipsec
WCDM IKEPEE 9 GUI Value Range: IP(IP Identify), FQDN(Name
A, R NodeB Identify)
BTS390 GBFD-1
DSP 13524 Integrate Unit: None
0 LTE d IPSec
IKEPEE Actual Value Range: IP, FQDN
R WRFD-
140209 Default Value: None
LST
IKEPEE
R
FLAG BTS390 ADD WRFD- ATM/IP Meaning: Indicates the master/slave flag of the remote
0, OMCH 050404 Dual maintenance channel.
BTS390 DSP Stack GUI Value Range: MASTER(Master), SLAVE(Slave)
0 LBFD-0 Node B
OMCH 04002 / Unit: None
WCDM
A, MOD TDLBF Centrali Actual Value Range: MASTER, SLAVE
BTS390 OMCH D-00400 zed
2 U2000 Default Value: None
0 LTE RMV
OMCH LOFD-0 Manage
03005 ment
LST
OMCH OM
GBFD-1 Channel
18601 Backup
GBFD-1
18611 Abis
over IP
Abis IP
over E1/
T1
PEERIP BTS390 ADD WRFD- ATM/IP Meaning: Indicates the peer IP address of the remote
0, OMCH 050404 Dual maintenance channel, indicates the IP address of the
BTS390 MOD Stack U2000 in an IP network and the device IP address of the
0 LBFD-0 Node B RNC in an ATM network.
OMCH 04002 /
WCDM GUI Value Range: Valid IP address
A, DSP TDLBF Centrali
BTS390 OMCH D-00400 zed Unit: None
0 LTE LST 2 U2000 Actual Value Range: Valid IP address
OMCH LOFD-0 Manage
ment Default Value: None
03005
OM
GBFD-1 Channel
18601 Backup
GBFD-1
18611 Abis
over IP
Abis IP
over E1/
T1
PEERM BTS390 ADD WRFD- ATM/IP Meaning: Indicates the subnet mask of the peer IP
ASK 0, OMCH 050404 Dual address for the remote maintenance channel.
BTS390 MOD Stack GUI Value Range: Valid IP address
0 LBFD-0 Node B
OMCH 04002 / Unit: None
WCDM
A, DSP TDLBF Centrali Actual Value Range: Valid IP address
BTS390 OMCH D-00400 zed
2 U2000 Default Value: None
0 LTE LST
OMCH LOFD-0 Manage
03005 ment
OM
GBFD-1 Channel
18601 Backup
GBFD-1
18611 Abis
over IP
Abis IP
over E1/
T1
VLAN BTS390 ADD WRFD- IP Meaning: Indicates the VLAN mode. When this
MODE 0, VLAN 050402 Transmi parameter is set to SINGLEVLAN, the configured
BTS390 MAP ssion VLAN ID and VLAN priority can be directly used to
0 LBFD-0 Introduc label the VLAN tag. If this parameter is set to
MOD 03003 /
WCDM VLAN tion on VLANGROUP, the next hop IP addresses are mapped
A, TDLBF Iub to the VLAN groups, and then mapped to the VLAN
MAP D-00300
BTS390 Interface tags in the VLAN groups according to the DSCPs of the
0 LTE LST 3 IP packets. In VLAN group mode, ensure that the
VLAN VLAN VLAN groups have been configured by running the
MAP GBFD-1 Support
18601 ADD VLANCLASS command. Otherwise, the
(IEEE configuration does not take effect.
802.1p/
q) GUI Value Range: SINGLEVLAN(Single VLAN),
VLANGROUP(VLAN Group)
Abis Unit: None
over IP
Actual Value Range: SINGLEVLAN, VLANGROUP
Default Value: None
CATLO BTS390 ADD WRFD- Hybrid Meaning: Indicates the type of the BFD session. If this
G 0, BFDSE 050403 Iub IP parameter is set to MAINTENANCE, this BFD session
BTS390 SSION Transmi is used only for continuity check (CC). If this parameter
0 LOFD-0 ssion is set to RELIABILITY, the BFD session is used to
MOD 03007 /
WCDM BFDSE trigger route interlock. Route interlock enables the
A, TDLOF Bidirecti standby route to take over once the active route becomes
SSION D-00300 onal
BTS390 faulty, and therefore prevents service interruption
0 LTE DSP 7 Forward caused by route failures.
BFDSE ing
SSION GBFD-1 Detectio GUI Value Range: MAINTENANCE(Maintenance),
18601 n RELIABILITY(Reliability)
LST
BFDSE Unit: None
Abis
SSION over IP Actual Value Range: MAINTENANCE,
RELIABILITY
Default Value: RELIABILITY(Reliability)
DID BTS390 SET NE None None Meaning: Indicates the deployment identifier that
0, LST NE specifies the site of the NE. When multiple NEs are
BTS390 deployed at the same site, these NEs have the same
0 deployment identifier.
WCDM GUI Value Range: 0~64 characters
A,
BTS390 Unit: None
0 LTE Actual Value Range: 0~64 characters
Default Value: NULL(empty string)
SIP BTS390 ADD WRFD- IP Meaning: Indicates the source IP address of data to
0, ACLRU 050402 Transmi which the ACL rule is applied. To add an ACL rule that
BTS390 LE WRFD- ssion is applicable to data of all source IP addresses, set this
0 MOD 140209 Introduc parameter to 0.0.0.0.
WCDM ACLRU tion on GUI Value Range: Valid IP address
A, LE LOFD-0 Iub
BTS390 Interface Unit: None
03009 /
0 LTE DSP Actual Value Range: Valid IP address
TDLOF NodeB
ACLRU
D-00300 integrate Default Value: None
LE
9 d IPSec
LST
ACLRU LOFD-0 IPsec
LE 0301401
/ Access
TDLOF Control
D-00301 List
401 (ACL)
Abis
GBFD-1
over IP
18601
BTS
GBFD-1
Integrate
13524
d Ipsec
DIP BTS390 ADD WRFD- IP Meaning: Indicates the destination IP address of data to
0, ACLRU 050402 Transmi which the ACL rule is applied. To add an ACL rule that
BTS390 LE WRFD- ssion is applicable to data of all destination IP addresses, set
0 MOD 140209 Introduc this parameter to 0.0.0.0.
WCDM ACLRU tion on GUI Value Range: Valid IP address
A, LE LOFD-0 Iub
BTS390 Interface Unit: None
03009 /
0 LTE DSP Actual Value Range: Valid IP address
TDLOF NodeB
ACLRU
D-00300 integrate Default Value: None
LE
9 d IPSec
LST
ACLRU LOFD-0 IPsec
LE 0301401
/ Access
TDLOF Control
D-00301 List
401 (ACL)
Abis
GBFD-1
over IP
18601
BTS
GBFD-1
Integrate
13524
d Ipsec
SWC BTS390 ADD WRFD- IP Meaning: Indicates the wildcard of the source IP
0, ACLRU 050402 Transmi address. The wildcard is used to determine which bits
BTS390 LE WRFD- ssion can be neglected when IP address matching is being
0 MOD 140209 Introduc performed. It can be considered as the inverse of the
WCDM ACLRU tion on corresponding subnet mask.
A, LE LOFD-0 Iub GUI Value Range: Valid wildcard of the IP address
BTS390 03009 / Interface
0 LTE DSP Unit: None
TDLOF NodeB
ACLRU Actual Value Range: Valid wildcard of the IP address
D-00300 integrate
LE
9 d IPSec Default Value: None
LST
ACLRU LOFD-0 IPsec
LE 0301401
/ Access
TDLOF Control
D-00301 List
401 (ACL)
Abis
GBFD-1
over IP
18601
BTS
GBFD-1
Integrate
13524
d Ipsec
DWC BTS390 ADD WRFD- IP Meaning: Indicates the wildcard of the destination IP
0, ACLRU 050402 Transmi address. The wildcard is used to determine which bits
BTS390 LE WRFD- ssion can be neglected when IP address matching is being
0 MOD 140209 Introduc performed. It can be considered as the inverse of the
WCDM ACLRU tion on corresponding subnet mask.
A, LE LOFD-0 Iub GUI Value Range: Valid wildcard of the IP address
BTS390 03009 / Interface
0 LTE DSP Unit: None
TDLOF NodeB
ACLRU Actual Value Range: Valid wildcard of the IP address
D-00300 integrate
LE
9 d IPSec Default Value: None
LST
ACLRU LOFD-0 IPsec
LE 0301401
/ Access
TDLOF Control
D-00301 List
401 (ACL)
Abis
GBFD-1
over IP
18601
BTS
GBFD-1
Integrate
13524
d Ipsec
ACTIO BTS390 ADD WRFD- IP Meaning: Indicates the action taken on the data that
N 0, ACLRU 050402 Transmi matches the ACL rule. When the ACL to which the ACL
BTS390 LE WRFD- ssion rule belongs is referenced by a packet filter, the BS
0 DSP 140209 Introduc accepts or transmits the data that matches the rule if this
WCDM ACLRU tion on parameter is set to PERMIT, and rejects the data if this
A, LE LOFD-0 Iub parameter is set to DENY. When the ACL is referenced
BTS390 03009 / Interface by an IPSec policy, the BS encrypts or decrypts the data
0 LTE LST that matches the rule if this parameter is set to PERMIT,
TDLOF NodeB
ACLRU and does not perform any encryption or decryption on
D-00300 integrate
LE the data if this parameter is set to DENY.
9 d IPSec
LOFD-0 GUI Value Range: DENY(Deny), PERMIT(Permit)
IPsec
0301401 Unit: None
/ Access
Control Actual Value Range: DENY, PERMIT
TDLOF
D-00301 List Default Value: PERMIT(Permit)
401 (ACL)
Abis
GBFD-1
over IP
18601
BTS
GBFD-1
Integrate
13524
d Ipsec
CARRY BSC691 ADD WRFD- ATM Meaning: VPI value of the VCL of the bearer network
VPI 0 IPOAP 050105 Switchin GUI Value Range: 0~4095
VC WRFD- g Based
Hub Unit: None
MOD 031100
IPOAP Node B Actual Value Range: 0~4095
WRFD-
VC 0503010 BOOTP Default Value: None
5 Permane
WRFD- nt AAL5
050301 Connect
ions for
Control
Plane
Traffic
ATM
Transmi
ssion
Introduc
tion
Package
CARRY BSC690 ADD WRFD- ATM Meaning: VPI value of the VCL of the bearer network
VPI 0 IPOAP 050105 Switchin GUI Value Range: 0~4095
VC WRFD- g Based
Hub Unit: None
MOD 031100
IPOAP Node B Actual Value Range: 0~4095
WRFD-
VC 0503010 BOOTP Default Value: None
5 Permane
WRFD- nt AAL5
050301 Connect
ions for
Control
Plane
Traffic
ATM
Transmi
ssion
Introduc
tion
Package
CARRY BSC691 ADD WRFD- ATM Meaning: VCI value of the VCL of the bearer network
VCI 0 IPOAP 050105 Switchin GUI Value Range: 32~65535
VC WRFD- g Based
Hub Unit: None
MOD 031100
IPOAP Node B Actual Value Range: 32~65535
WRFD-
VC 0503010 BOOTP Default Value: None
5 Permane
WRFD- nt AAL5
050301 Connect
ions for
Control
Plane
Traffic
ATM
Transmi
ssion
Introduc
tion
Package
CARRY BSC690 ADD WRFD- ATM Meaning: VCI value of the VCL of the bearer network
VCI 0 IPOAP 050105 Switchin GUI Value Range: 32~65535
VC WRFD- g Based
Hub Unit: None
MOD 031100
IPOAP Node B Actual Value Range: 32~65535
WRFD-
VC 0503010 BOOTP Default Value: None
5 Permane
WRFD- nt AAL5
050301 Connect
ions for
Control
Plane
Traffic
ATM
Transmi
ssion
Introduc
tion
Package
NBAT BSC690 ADD WRFD- BOOTP Meaning: When the operation and maintenance channel
MOAMI 0 UNODE 031100 NodeB of NodeB is operating in the ATM, this parameter
P BIP WRFD- Self- indicates the address of the operation and maintenance
MOD 031101 discover console. The IP address and IPOA client IP address
UNODE y Based must be in the same network segment.
BIP on IP GUI Value Range: Valid IP Address
Mode Unit: None
Actual Value Range: Valid IP Address
Default Value: None
NBAT BSC691 ADD WRFD- BOOTP Meaning: When the operation and maintenance channel
MOAMI 0 UNODE 031100 NodeB of NodeB is operating in the ATM, this parameter
P BIP WRFD- Self- indicates the address of the operation and maintenance
MOD 031101 discover console. The IP address and IPOA client IP address
UNODE y Based must be in the same network segment.
BIP on IP GUI Value Range: Valid IP Address
Mode Unit: None
Actual Value Range: Valid IP Address
Default Value: None
NBCTR BSC690 ADD None None Meaning: Number of the slot for the NodeB main
LSN 0 UNODE control board.
BIP GUI Value Range: 0~7;255
MOD Unit: None
UNODE
BIP Actual Value Range: 0~7, 255
Default Value: 255
NBCTR BSC691 ADD None None Meaning: Number of the slot for the NodeB main
LSN 0 UNODE control board
BIP GUI Value Range: 0~7;255
MOD Unit: None
UNODE
BIP Actual Value Range: 0~7, 255
Default Value: 255
7 Counters
8 Glossary
9 Reference Documents