Overview 

Note

The LI configuration parameters are the same across all platforms, but where to configure the parameters differs.

In a distributed system, the LI configuration is split between the signaling and media nodes.

The Lawful Interception solution has three discrete interfaces between the network element and mediation server to provide provisioning, call data (signaling) and call content (media) information. These interfaces are created after the connection is established between the XCIPIO mediation server Delivery Function (DF) and the network element Access Function (AF). The interface from the mediation server to the lawful interception agency is standardized. The interfaces between AF and DF are defined as:

  • X1 or INI-1 interface for provisioning targets,
  • X2 or INI-2 interface for providing signaling information for the target,
  • X3 or INI-3 interface for providing media or call content for the target

where the X interface is defined by the 3GPP standard while INI is defined by the ETSI standard.

An interconnect SBC provides peering between IMS network and other peering networks (CDMA, business, and other service providers). The SBC interfaces with two XCIPIO mediation servers. The Network elements expose provisioning, call data and/or call content interface towards these mediation servers for legal interception.

The Mediation Function (MF) provides the required interworking by interfacing to the Law Enforcement Agency (LEA) through Handover Interfaces (HI1, HI2, HI3) on one side and to the VoIP packet network elements(s) through X3 (for collection of media).

Note

Unless otherwise stated, the LI configuration process is the same on Cloud-based and non-Cloud based systems.

If you do not have an SBC system with access to the PSX and EMS, refer to Configuring LI on I-SBC using the EMA GUI to configure the I-SBC LI through EMA.

Note

You can use the SBC EMA to configure only the default and IMS LI for the I-SBC.

Ribbon Lawful Intercept (LI) Solution

The Ribbon EMS acts as a AF (Administrative Function) from a mediation server function perspective to terminate provisioning of the targets.

The Ribbon SBC acts as CC IAPs (call content IAPs) for bearer interception.

The Ribbon LI solution supports the interfaces with the mediation server function to facilitate X1 provisioning and X3 media information for the target.

  • X1 or INI-1 interface is supported by the EMS for provisioning targets, and the target data is stored in the PSX database. This functionality is based on the provisioning interface.
  • X3 or INI-3 interface is supported by the SBC for intercepting call content over TCP/IPsec.

The Ribbon LI solution supports X1, X2, and X3 interfaces.

Note

The SBC supports interception of all supported media streams, such as:

  • Audio
  • Video
  • T.140
  • MSRP
  • BFCP
  • FECC

 

Note

Legacy/Default LI and IMS LI on D-SBC supports interception of Audio streams only; lawful Intercept of other media streams are supported by PCSI LI.

 For more information, refer to Configuring SBC For Lawful Interception.

Steps in Setting up the LI Solution

Creating X1 Interface

The X1 interface enables LI Intercept Access Points (IAP) to support multiple (two instances) regionally deployed Delivery Function systems to provision intercept targets. The EMS supports X1 interface over Transport Layer Security (TLS) connection towards the mediation server.  

Configure the intercept server X1 transport address and TLS certificate from the EMS to initiate a transport connection over the X1 interface. The transport address and TLS certificate are individually specified for each of the mediation servers in the network.

Note

The TLS configuration on the X1 interface is optional.

Provision Intercept Targets over X1

The Intercept server provisions the target URIs over the X1 interface on the EMS. The EMS sends the target information to the PSX over the PIPE interface established over a SSH connection. The PSX stores the targets in an LI Target table.

Creating X3 Interface

The X3 interface is configured on the SBC under call data channel.

Note

IPsec for X3 interface is optional.

Call Data Channel (CDC) is required to be configured on the S-SBC, M-SBC, and I-SBC.