Similar to other types of LI, the primary configuration object for specifying PC 2.0 LI parameters is the call data channel (CDC) which includes the configuration of mediation server objects. CDC configuration must be completed by an authorized LI user (the calea user) using the EMS user interface or the SBC CLI.
Diameter configuration to support the X2 call data interface is mandatory for PC 2.0 LI. The SBC supports a single Diameter node for all Diameter functions. Therefore Diameter node configuration must be completed by a user with admin privileges and the node is shared if Diameter is used for more than one purpose. When handling PC 2.0 LI, the SBC does not use the IP interface group specified within the Diameter node configuration for X2 traffic, it uses the IP interface group specified in the CDC configuration for X2 (signaling) traffic. The dumpPDU
flag within Diameter node configuration is not applicable when Diameter is used for LI X2 traffic.
The remaining Diameter objects (Diameter peers and realm routes) are configured within the CDC object. When created in the CDC, these Diameter objects are specific to use for PC 2.0 LI.
The optional IPsec configuration must be completed by a user with admin privileges if either the X2 or X3 interface is to be secured with IPsec.
The following code block identifies the CDC parameters required for PC 2.0 LI deployments.
% set addressContext default intercept callDataChannel <callDataChannel_name> interceptStandard packetcableVTwo diamNode <name> diameterPeer <calea Diameter peer name> diameterRealmRoute <calea realmRoute> embedTapIdInCccId <enabled | disabled> ipInterfaceGroupName <IP interface group> liPolDipForRegdOodMsg <enabled | disabled> mediaIpInterfaceGroupName <IP interface group> mediationServer <MS name> rtcpInterception <enabled | disabled> vendorId <none | atos>
The following table describes the CDC parameters required for PC 2.0 LI deployments.
The following series of examples show the basic tasks required to configure PC 2.0 LI.
Logged in as a user with admin privileges, configure the Diameter node that represents the SBC side of the X2 Diameter interface.
% set addressContext default diamNode DN ipInterfaceGroupName LIG1 originRealm pc20.test primaryOriginHost origin.pc20.test commit
For more information on Diameter node configuration, refer to Diameter Node - CLI or Address Context - Diam Node (EMA).
During configuration of the CDC object you specify IP interface groups for the X2 and X3 interfaces. IP interface groups and the IP interfaces they contain are SBC configuration objects that define networking parameters. IP interface groups must be created by an admin user prior to configuring the CDC object so the names are available to include in CDC configuration. Refer to IP Interface Group - CLI or System Provisioning - IP Interface Group for more information.
Logged in as the calea user, configure CDC parameters for PC 2.0 LI including its subordinate objects: Diameter peers, Diameter realm routes, and mediation servers.
### set general CDC parameters % set addressContext default intercept callDataChannel CDC interceptStandard packetcableVTwo vendorId atos ipInterfaceGroupName LIG1 mediaIpInterfaceGroupName LIG1 diamNode DN commit ### create a Diameter peer within the CDC as a destination for LI X2 traffic % set addressContext default intercept callDataChannel CDC diameterPeer caleaPeer1 ipAddress 10.12.14.100 fqdn p1.seagull.company.com state enabled commit ### create a Diameter realm route within the CDC to reach the LI Diameter peer % set addressContext default intercept callDataChannel CDC diameterRealmRoute caleaRealmRoute1 peer caleaPeer1 realm seagull.company.com state enabled commit ### create a mediation server that incorporates the Diameter realm specified in the Diameter realm route % set addressContext default intercept callDataChannel CDC mediationServer MS1 signalling diameterRealm seagull.company.com state enabled % set addressContext default intercept callDataChannel CDC mediationServer MS1 media udp ipAddress 10.12.14.200 portNumber 9999 % set addressContext default intercept callDataChannel CDC mediationServer MS1 media udp state enabled mode inService commit
For more information on CDC configuration, refer to Configure CDC for PacketCable 2.0 (EMS), Create Diameter Peer for SBC Nodes with PacketcableVTwo (EMS), and Create Diameter Realm Routes for SBC Nodes with PacketcableVTwo (EMS) or Intercept - CLI and Diameter Node - CLI.
Logged in as a user with admin privileges, configure IPsec if needed. This optional configuration is needed if you require a secure connection between the SBC and the mediation server. The SBC supports IPsec over TCP for signaling interception (X2 interface) and IPsec over UDP for media interception (X3 interface). When configuring IPsec, the SPD entry must include:
localIdentity ipAddress
– The SBC interface group IP address specified in the CDC.
remoteIdentity ipAddress
– The mediation server IP address specified in the CDC.
### create and configure IKE and IPsec protection profiles set profiles security ipsecProtectionProfile Peer1_IPSEC_PROT_PROF saLifetimeTime 28800 set profiles security ipsecProtectionProfile Peer1_IPSEC_PROT_PROF espAlgorithms integrity hmacSha1,hmacMd5 set profiles security ipsecProtectionProfile Peer1_IPSEC_PROT_PROF espAlgorithms encryption aesCbc128,_3DesCbc set profiles security ikeProtectionProfile Peer1_IKE_PROT_PROF saLifetimeTime 28800 set profiles security ikeProtectionProfile Peer1_IKE_PROT_PROF algorithms encryption aesCbc128,_3DesCbc set profiles security ikeProtectionProfile Peer1_IKE_PROT_PROF algorithms integrity hmacSha1,hmacMd5 set profiles security ikeProtectionProfile Peer1_IKE_PROT_PROF dpdInterval noDpd ### create IKE peer set addressContext default ipsec peer Peer1 ipAddress 10.12.14.200 preSharedKey 00000000000000000000000000000000 localIdentity type ipV4Addr ipAddress 10.12.14.16 set addressContext default ipsec peer Peer1 remoteIdentity type ipV4Addr ipAddress 10.12.14.200 set addressContext default ipsec peer Peer1 protocol ikev1 protectionProfile Peer1_IKE_PROT_PROF ### create an SPD rule for this IKE peer set addressContext default ipsec spd Peer1_SPD state enabled precedence 1001 set addressContext default ipsec spd Peer1_SPD localIpAddr 10.12.14.16 localIpPrefixLen 32 remoteIpAddr 10.12.14.200 remoteIpPrefixLen 32 set addressContext default ipsec spd Peer1_SPD action protect set addressContext default ipsec spd Peer1_SPD protocol 0 set addressContext default ipsec spd Peer1_SPD protectionProfile Peer1_IPSEC_PROT_PROF set addressContext default ipsec spd Peer1_SPD mode transport set addressContext default ipsec spd Peer1_SPD peer Peer1 ### enable IPsec on the IP interface group set addressContext default ipInterfaceGroup LIG1 enabled
For more information on IPsec configuration, refer to IP Security - CLI or Security - IPsec (EMA).