In this section:
Overview
The DSC provides a very flexible and powerful mechanism for examining SS7 messages transiting the system. This mechanism provides a rich set of features giving operators full control over which messages can transit their networks, how to route the messages and insight into the accounting rules associated with the messages.
The MSU Tracing functionality uses the screening tables to determine if an incoming message must be traced through the DSC SS7 applications. Similarly to Gateway Screening, MSU tracing allows screening validation, but the screening results are not applied. This feature is unlicensed and is available to assist in traffic analysis.
The Screening Test Mode functionality is used to log screening failures but without discarding MSUs. This functionality is also used as part of the creation of new screening criteria to test screening results without affecting the traffic.
For detailed information about configuring GWS, refer to Configuring the Gateway Screening and MSU Tracing.
The screening and routing features are all based on 17 inter-related screening tables for filtering messages as shown in the following figure.
For information about screening criteria, refer to Screening Criteria.
Note
1 All screening tables can link to the Redirect to App IDs table.
2 Except for the Allowed SCCP CLD PAs and Affected SCCP Mgmts tables, all tables can link to the Redirect to PCs table.
Interdependencies Between GWST Screening Tables
Gateway Redirection
Gateway Redirection is available as part of Gateway Screening and provides the operator the opportunity to route specific MSUs to a new destination PC or application. An example use of this function would be to take Short Message Service (SMS) messages [identified by the Transaction Capabilities Application Part (TCAP) Operation Code] and send these messages through a different path to their intended destination. Another example would be to take specific messages and send these messages to a unique Global Title Translation (GTT) table which applies only to these messages.
To redirect traffic to a specific route or application, new tables have been added to the traditional GWS tables (Redirect to PCs and Redirect to App IDs tables). These tables provide a list of point codes or applications, a cost associated with each of these destinations, and an indication of these to be a copy of the MSU or the MSU itself that is to be routed.
If a list of PCs is returned, MTP3 uses the lowest cost available routeset based on the provided PCs instead of the Destination Point Code (DPC) and attempts to route the MSU to its destination following typical SS7 routing procedures. If all the routesets for the PC list are unavailable at MTP3, the MSU is discarded or passed through based on the error handling flag.
The PC redirection feature only applies to the through-switched traffic and not to the MSUs with a DPC set to a local PC (LPC or VNode).
The redirection table allows a user to enter up to 16 destinations per entry reference point (EPR) with a given cost. If more than one destination has the same lowest cost, load sharing is applied. Two load sharing options, round-robin and SLS-based, are available per screening reference. For the round-robin option, the GWS provides the ordered list by rotating any records with the same cost for every MSU using the given EPR list.
For more information about Gateway Redirection, refer to Redirection Concepts.
Gateway Accounting
Service providers who engage in interconnection agreements with other operators often require the ability to audit and monitor the traffic entering and leaving their SS7 network. Their needs are typically two-fold: validation that the traffic being presented to the network is authorized (that is, a message transfer agreement is in place) and if not, the origin of the messages is known and verification that inter-carrier billing data is accurate. Using Gateway Accounting, network administrators can define rule sets based on SS7 messages to collect statistical information, which may be used for auditing purposes.
For information about Gateway Accounting, refer to Gateway Accounting.
Gateway Statistics
The Gateway Screening and Redirection Statistics track screening and redirection results for GWS licensed systems, based on a user's existing GWST configuration. This statistics file is a key data component (as recommended in the GSMA IR.82 Security SS7 Implementation) to determine traffic patterns and screen hot spots from possible malicious nodes or individuals.
For more information about Gateway Screening and Redirection Statistics, refer to Gateway Screening Data Measurements.
GWS Search Utility
The GWS Search Utility allows you to simulate the traversal of a given MSU through the various GWST tables and can assist you with the following:
- validating the GWST setup concerning the handling of an MSU with specific fields
- diagnosing a screening error through the GWST tables of a previously mishandled MSU
In the Web UI, provisioning the GWS Search Utility attributes based on the corresponding MSU information (DPC, OPC, SIO, Message Type, and so on), generates a report for each parsed screening table and includes the full screening steps breakdown.
Note
All relevant attributes corresponding to MSU fields must be provisioned to properly report the associated screening table results.
For more information about the GWS Search Utility, refer to Using the GWS Search Utility.
Overview
Content Tools