General description
According to the classic implementation, the search of an ESR to which a command for data tunnel establishment (data tunnel create) should be sent, is conducted up to the node tree beginning with a node where an AP is located. This logic requires AP and ESR to be located at the same branch of ESR object tree, and ESR to be located at the same node with AP or higher. This solution is not suitable for clients that have a part of access points grouped by clients and another part grouped by regions in its domain structure. It is not also suitable for federal clients that have division into clients (AllClients.Federal.BANK) and then into regions (BANK.Centr.Moskva).
The proposed solution gives an opportunity to configure the ESR location parameter "Domain of Station ESR" where a node where a search for an ESR (for data tunnel establishment) should be conducted can be specified. Thus, when moving up the tree from an AP to find an ESR for data tunnel establishment, EMS will be able to use this parameter to move from a federal client node to a region node containing the ESR.
The classic scheme of node tree search for data tunnel establishment
ESR has two options to establish data tunnels for access points:
1) data tunnels configured dynamically (locally) - in this case, all necessary information for data tunnel configuring is contained in ESR configuration, and its interaction with EMS management system is not required (this option is not considered further);
2) data tunnels configured dynamically on RADIUS server commands. In this case, it is necessary to configure interaction with the RADIUS server on ESR and complete the settings in EMS. PCRF server acts as a RADIUS server with which ESR interacts. This way to establish data tunnels will be considered further.
Establishing data tunnels to ESR is made on the PCRF command initiated by EMS and sent in the following cases:
1) initializing a new AP;
2) reinitializing of an AP;
3) moving an AP to another node;
4) changing SSID parameters linked to a domain where an AP is located;
5) removing/creating a SSID link to an AP domain;
6) changing/assigning/removing a domain shaper or SSID of an AP.
In all these cases, EMS should define ESR devices to which a command for data tunnel establishment will be sent. To use ESR for data tunnel establishment, it should be added to EMS node tree with "ESR mode" = "Station" in the tab "Access". It should not be phased out.
According to classic logic for searching the ESR to which data tunnels will be established, EMS will start with checking the node where an AP is located for ESR devices suitable for data tunnel establishment. If such a device has not been found, EMS will continue its search in a higher-level node and so on, until an appropriate ESR is found, or the root is reached (EMS node). In case if ESR has not been found, the command for data tunnel establishment will not be executed. An example of the mechanism work can be seen in Figure 2.1.
Figure 2.1
step 1: An AP is detected in Eltex node;
step 2: The node "Eltex" is checked for the ESR. It is not found, the algorithm moves to the higher-level node "Novosibirsk".
step 3: The node "Novosibirsk" is checked for the ESR. It is not found, move to the higher-level node "Novosibirskaya_oblast";
step 4: The node "Novosibirskaya_oblast" is checked for the ESR. It is not found, the algorithm moves to the higher-level node "MRF_Sibir";
step 5: The node "Novosibirskaya_oblast" is checked for the ESR. It is found! It will be used for data tunnel establishment.
If several ESR devices appropriate for data tunnel establishment are found, the command will be sent to all of them.
Problems of defining an ESR for data tunnel establishing in a classic ESR search
Look at the scheme in Figure 3.1:
Figure 3.1
In the scheme for AP Alfabank-KRS-Achinks10kv_1_a8:f9:4b:12:12:10 given above, a data tunnel should be established from the node "Krasnoyarsk_Achinsk10kv" to the ESR that is located in the node "MRF_Sibir". If the classic scheme is used, the device will not be detected, and the command for data tunnel establishment will not be sent. To solve this problem, the opportunity to define ESR location in node settings has been added to SoftWLC 1.14 and EMS 3.18. ESR search logic for tunnel establishment has been also added.
The scheme of searching ESR for data tunnel establishment by location configuration in a node
In the scheme of searching ESR for data tunnel establishment by location configuration there is an opportunity to specify a domain to search an ESR in node configuration. The logic is as follows:
1) EMS starts checking an AP node for configuration of a domain appropriate to move to. This rule has the highest priority, and if the domain is found, EMS will move to it regardless of whether there is an ESR suitable for data tunnel establishment. 2) if a transition rule for moving to another node has been found, the node is checked for ESR searches held before:
2.1) if the search has not been held, the algorithm will move to this node, and start checking for the transition rule (beginning from paragraph 1);
2.2) if the search has been held, the rule is ignored, and the algorithm moves to paragraph 3.
3) if a transition rule had not been found (or it was ignored due to the reasons described in 2.2), a search to find ESR devices appropriate to establish a data tunnel will be done;
4) if no transition rules and ESR devices for data tunnel establishment had been found, the algorithm moves to a higher-level node, and the search is done again, beginning with paragraph 1.
In Figure 4.1, a block diagram of the algorithm for searching an ESR appropriate for data tunnel establishment is given:
Figure 4.1
The below Figure 4.2 shows an example of search implementation for the case when a domain node contains a rule of transition to another domain to find ESR for data tunnel establishment:
Figure 4.2
step 1: check the node Krasnoayarsk_Achinsk10kv for the transition rule: not found; check the node for ESR devices appropriate for data tunnel establishment: not found; move to the next node Krasnoyarsk;
step 2: check the node Krasnoyarsk for the transition rule: not found; check the node for ESR devices appropriate for data tunnel establishment: not found; move to the next node Sibir;
step 3: check the node Sibir for the transition rule: found, points to the node MRF_Sibir; move to this node (after verifying that there were no transitions to it before);
step 4: Check the node MRF_Sibir for the transition rule: not found; check the node for ESR devices appropriate for data tunnel establishment: ESR is found!
Configuring ESR location in EMS
In the example in the figure 5.1. an AP is located in the node "Alfabank-KRS-Achinsk10kv.Krasnoyarsk.Sibir.ALFA_BANK.Federal.AllClients.root". ESR devices to which it establishes GRE tunnels according to option 43 parameters assigned during getting the primary address, are located in the node "MRF_Sibir.Local.AllClients.root". Therefore, it will not be found by the AP, if the classic ESR search will be done. It is necessary to define a node on which ESR location will be configured, and from which a transition to a node containing ESR will be made.
Figure 5.1
In the example above (Figure 5.1), ESR location could be configured in the node "MRF_Sibir.Local.AllClients.root", but it would not be appropriate, as the rule would work only for access points that are located in this node and in lower-level ones. When new clients will be connected, new nodes will be created for them in neighbouring branches. Thus, it will be necessary to define ESR location for each new client and to configure it for all existing clients in the transition to a scheme with dynamic configuration of data tunnels using RADIUS commands, that can be a very time-consuming task. But if a rule that will oblige all access points located lower than the domain "Sibir" to establish tunnels to ESR devices located in the node "MRF_Sibir" (and to take it into consideration when assigning a primary address to an AP) is adopted, then ESR location can be configured in the node "Sibir" (of the domain "Sibir.ALFA_BANK.Federal.AllClients.root"), that will allow all access points located lower than the node "Sibir" to find an ESR, to which data tunnels can be established without additional settings. To configure ESR location, move to the node "Sibir" and open the tab "Access" (Figure 5.2).
Figure 5.2
ESR location configuration is specified in "Domain of Station ESR". To change it, click "Edit" in the tab "Access" of the node. Edit window will be opened (Figure 5.3):
Figure 5.3
In the window, select ESR location by clicking a button to the right of "Domain of Station ESR". Domain selection window, where a domain with node containing ESR to which an AP will establish tunnels, will be opened (Figure 5.4):
Figure 5.4
Click "Accept".
In "Domain of Station ESR", a transition rule will appear. The rule will contain a domain where a transition will be made to search ESR for data tunnel establishment (Figure 5.5).
Figure 5.5
Click "Accept" to confirm the changes.
As can be seen in Figure 5.6, a domain to which a transition will be made when searching ESR for data tunnel establishment, will appear in the field "Domain of ESR Station" of the tab "Access".
Figure 5.6
If a transition rule is adopted in a node (and in lower-level nodes) where access points initialized before are located, it is necessary to initialize them again (Figure 5.7).
Figure 5.7
Perform AP reinitialization. During the process, the following entries can be seen in a log:
Station ESR objects for AP 172.30.2.1 have been found in MRF_Sibir.Local.AllClients.root
- ESR1000-slave 100.123.0.174
- ESR1000-master 100.123.0.173
Tunnel IP = "192.168.253.11"
Send a command 'data-tunnel create' to ESR NAS ip 100.123.0.174
Send a command 'data-tunnel create' to ESR NAS ip 100.123.0.173
This log demonstrates that ESR for data tunnel establishment has been successfully found, and the command for tunnel creation has been sent to it.
If errors of the following type occurred in the log:
Send a command 'data-tunnel create' to ESR NAS ip 100.123.0.175
PCRF NBI error: CoA request error on 100.123.0.175: Timeout: No Response from RADIUS Server
It demonstrates that a problem occurred while running a command for establishing a tunnel on this ESR.
The following message:
12.07.2019 15:04:14 Step 7: Creating a tunnel for AP WEP-12ac_a8:f9:4b:b0:2b:e0 (mng ip 172.30.2.11)
No ESR objects found for the AP 172.30.2.11
Tells that no ESR devices appropriate for tunnel establishment have been found. The message does not necessary demonstrate a problem, because when the scheme with dynamically configured data tunnels is used, it is not necessary to send the 'create' command to ESR.
To clear ESR location configuration, move to the node where it is configured, open the tab "Access"and click "Edit". Select a domain in the field "Domain of Station ESR" and click "Clear" (see Figure 5.8 below):
Figure 5.8
After that, configuration of "Domain of Station ESR" will be cleared (Figure 5.9):
Figure 5.9
Click "Accept" to save configuration (Figure 5.10):
After that, a classic scheme will be used in this node to search for an ESR to which data tunnels can be established.
Attention!!! Reinitialization is required for all access points that are located in the configured node or in lower-level nodes after assigning/changing/deleting ESR location in "Domain of Station ESR"!
Occupancy monitoring of the node where ESR devices for data tunnel establishment are located
To monitor occupancy of nodes where ESR devices to which access points can establish tunnels, the new tab "Wireless" accessible for any node has been implemented. All ESR devices having access points that establish tunnels on them are displayed there, starting with the selected node and then down the tree.
In the example in Figure 6.1, the root node is selected to see all ESR devices:
Figure 6.1
In Figure 6.1, in the tab "Wireless" → "Tunnel nodes" columns show:
- "Node ID" - object index
- "Node name" - the name of the node where ESR is located
- "Node domain" - the domain with the node where ESR devices are located
- "AP count" - the number of AP and ESR-10 that should establish tunnels on the ESR in the node. Attention! All devices that should establish tunnels are taken into account regardless of their accessibility. Phased-out devices are not taken into account (the checkbox "Out of service" in the tab "Access" is checked, or there is no tunnel ip).
- "ESR list" - the list containing ESR devices that are located in the node and can be used for data tunnel establishment. An indication that ESR data can be used for tunnel establishment is a setting in the tab "Access" → "ESR mode": "Station". Several ESR devices can be located in a node, because to provide redundancy, two devices are usually used. Attention! If there are no access points that can establish tunnels to ESR in a node, this not is not displaysed!
To see a list of access points that build tunnels to specific ESR devices, select a node where these ESR devices are located and click "Tun. node AP list" in the left part of the tab "Wireless" (Figure 6.2).
Figure 6.2
Columns in Figure 6.2 show:
- "AP ID" - object index
- "AP name" - object name
- "AP MAC" - MAC address of the device (AP or ESR-10)
- "AP domain" - the domain in which the device is located
All devices that should establish data tunnels to given ESR devices are displayed regardless of their accessibility. Only devices that have the status "Out of service" are not taken into consideration.
If there are no ESR devices to which data tunnels can be established, or there are no access points to establish them, nothing will be displayed in the tab.
For information to be displayed in the tab "Wireless", click "Edit privileges" in user roles configuration and check the "Dynamic tunnels" checkbox in the tab "WirelessCommon".
An opportunity to see a list of ESR devices to which a device (an AP or ESR-10) should establish tunnels is also implemented. To do this, select a device, open the tab "Monitoring" and select "Tunnel nodes" (Figure 6.3).
Figure 6.3
In the above figure 6.3, the following parameters are shown:
"Node ID" - object index
"Node name" - the node where an ESR device to which an AP should establish tunnels is located
"Node domain" - the domain in which ESR devices to which an AP should establish tunnels are located
"ESR list" - the list of devices that are located in the node. Several ESR devices can be located in a node, because to provide redundancy, two devices are usually used.
ESR location configuration principles
When configuring ESR location, the following principles should be adhered to:
- The node structure that does not allow using the classic search of ESR for data tunnel establishment (up the node tree from a node where an AP is located) should be avoided.
- Never use the transition rule in a node where ESR devices appropriate for data tunnel establishment are located. In this case, ESR data will never be found.
- Do not use several transition rules within one node branch from an AP to the root.
- Do not use a double transition rule (a transition to the first node occurs, then the second transition rule is used in this node or in a higher-level node to move to the third node).
- When configuring a transition rule, specify a node containing an ESR to which data tunnels are going to be established.