DO NOT SHARE THESE DOCS WITH CUSTOMERS!
This is an LA release that will only be provided to a select number of PLM-sanctioned customers (PDFs only). Contact PLM for details.
In this section:
Use the intercept and call data channel (CDC) commands to configure the parameters for lawful intercept (LI) processing on the SBC. Lawful interception is a means of conducting lawfully authorized electronic surveillance of communication against warranted users or subscribers.
Refer to the Lawful Intercept page and associated pages for an in-depth explanation of SBC LI functionality.
You must configured LI parameters within the default address context.
The SBC 5210 and SBC 7000 systems support creating IP Interface Groups containing sets of IP interfaces that are not "processor friendly" (i.e. carried on physical Ethernet ports served by separate processors). However, restrictions exist regarding the usage of such Interface Groups.
(This ability does not apply to the SBC 5110 and 5400 systems which have only two physical media ports. IP interfaces from the two physical ports may be configured within the same IP Interface Groups without restrictions.)
For complete details, refer to Configuring IP Interface Groups and Interfaces.
When configuring LI, you must be logged in as the 'calea' user. Refer to Managing SBC Core Users and Accounts for descriptions of users and permissions.
As the user 'calea', use the following command syntax to configure LI.
% set addressContext <default> intercept callDataChannel <callDataChannel> nodeNumber <integer>
As the user 'calea', use the following CLI syntax to establish the LI call data channel configuration:
% set addressContext <default> intercept callDataChannel <callDataChannel_name> diamNode <name> diameterPeer <calea Diameter peer name> diameterRealmRoute <calea realmRoute> dsrProtocolVersion <0 | 1> embedTapIdInCccId <enabled | disabled> interceptStandard <etsi | packetcable | packetcablePlusEtsi | packetcableVTwo | threeGpp> ipInterfaceGroupName <ipInterfaceGroup_Name> kaTimer <0-65535 seconds> liPolDipForRegdOodMsgs <disabled | enabled> mediaIpInterfaceGroupName <IP interface group name> mediationServer <server name> priIpAddress <IPv4 address> priMode <active | outofservice | standby> priPort <0-65535> priState <disabled | enabled> retries <value> rtcpInterception <disabled | enabled> secIpAddress <IP_Address> secMode <active | outofservice | standby> secState <disabled | enabled> vendorId <none | groupTwoThousand | ss8 | utimaco | verint>
The following table describes the CDC parameters that determine the type of LI you are deploying. They must be configured for all types of LI.
The following table identifies the interceptStandard
and vendorId
configuration combinations the SBC supports for each type of LI.
The following table lists the rest of the CDC parameters. Not all parameters apply to each type of LI; some parameters do not become available until you specify an interceptStandard
and vendorID
combination of an LI type to which they apply.
The SBC allows configuration of a maximum of 16 mediation servers in the Call Data Channel (CDC). Persistent TCP connections can be established towards all configured mediation servers. When a call is intercepted, the SBC selects among the Delivery Function 2 (DF2) servers in a round-robin manner.
Mediation server objects contain signaling (X2) and media (X3) IP addresses. The SBC allows configuration of multiple mediation servers with the same X2 IP address but different X3 IP addresses.
For IMS LI, the SBC does not support an active-standby configuration for the X2 servers. It assumes that the DF2 servers are running in active-active mode, and in case of failure, moves the IP address of the active DF2 server to the standby DF2 server.
The X2 and X3 servers operate independently. Even if the X2 servers are not reachable, the SBC sends X3 media if a DF3 server is available, and vice versa.
The SBC supports TCP to transport media details.
% set addressContext <addressContext name> intercept callDataChannel <CDC name> mediationServer <mediationServer name> media tcp dscpValue <0-63> ipAddress <IPv4/IPv6 address> kaInterval <5-60 seconds> kaProbe <4-8 seconds> kaTime <60-7200 seconds> mode <inService | outOfService> portNumber <0-65535> state <disabled | enabled>
set addressContext default intercept callDataChannel CDC mediationServer MS1 signaling <DF Group Name> df1.stc.com
The SBC supports UDP to transport media details. PC 2.0 LI only supports UDP transport for media.
% set addressContext <addressContext name> intercept callDataChannel <CDC name> mediationServer <mediationServer name> media udp dscpValue <0-63> ipAddress <IPv4/IPv6 address> mode <inService | outOfService> portNumber <0-65535> state <disabled | enabled>
% set addressContext <addressContext name> intercept callDataChannel <CDC name> mediationServer <mediationServer name> signaling dscpValue <0-63> ipAddress <IPv4/IPv6 address> mode <inService | outOfService> portNumber <0-65535> protocolType <tcp | udp> realmName <realm name> state <disabled | enabled>
The protocolType
"udp
" is not currently supported for signaling interception.
To retrieve LI statistics, use the command:
> show status addressContext <addressContext name> intercept
To configure the name of the IP interface group used to stream to the LI server, use the commands:
% set addressContext default intercept callDataChannel CDC ipInterfaceGroupName LIG1 % commit
The ipInterfaceGroup
/mediaIpInterfaceGroup
for CDC must be different from other signaling/media ipInterface
groups. This ensures that LI doesn't use signaling ipAddress
to send intercepted traffic (media/signaling) towards the mediation server.
To configure the intercept standard, use the commands:
% set addressContext default intercept callDataChannel CDC interceptStandard etsi % commit
To configure the vendor ID, use the commands:
% set addressContext default intercept callDataChannel CDC interceptStandard etsi vendorId verint % commit
To configure intercept standard, vendor type, and mediation server name, use the commands:
% set addressContext default intercept callDataChannel CDC interceptStandard etsi vendorId verint mediationServer ms1 % commit
To configure mediation server parameters for media interception over TCP, use the commands:
% set addressContext default intercept callDataChannel CDC mediationServer ms1 media tcp dscpValue 0 ipAddress 10.54.66.67 portNumber 7870 % commit % set addressContext default intercept callDataChannel CDC mediationServer ms1 media tcp mode inService state enabled % commit
To configure mediation server parameters for media interception over UDP, use the commands:
% set addressContext default intercept callDataChannel CDC mediationServer ms1 media udp dscpValue 0 ipAddress 10.54.66.57 portNumber 7881 % commit % set addressContext default intercept callDataChannel CDC mediationServer ms1 media udp mode inService state enabled % commit
To configure mediation server parameters for signaling interception, use the commands:
% set addressContext default intercept callDataChannel CDC mediationServer ms1 signaling dscpValue 0 ipAddress 10.54.64.80 portNumber 7880 protocolType tcp % commit % set addressContext default intercept callDataChannel CDC mediationServer ms1 signaling mode inService state enabled % commit
To enable RTCP interception, use the commands:
% set addressContext default intercept callDataChannel CDC rtcpInterception enabled % commit
To enable sending a policy dip to the PSX for registered users' out-of-dialog messages, use the commands:
% set addressContext default intercept callDataChannel CDC liPolDipForRegdOodMsgs enabled % commit
To use the Mediation Server for the interception:
set addressContext default intercept callDataChannel CDC mediationServer MS1 signaling dfGroupName df1.stc.com