Related articles:

Overview

Similar to other types of LI, the primary configuration object for specifying PC 2.0 LI parameters is the call data channel (CDC) which includes the configuration of mediation server objects. CDC configuration must be completed by an authorized LI user (the calea user) using the EMS user interface or the SBC CLI.

Diameter configuration to support the X2 call data interface is mandatory for PC 2.0 LI. The SBC supports a single Diameter node for all Diameter functions. Therefore Diameter node configuration must be completed by a user with admin privileges and the node is shared if Diameter is used for more than one purpose. When handling PC 2.0 LI, the SBC does not use the IP interface group specified within the Diameter node configuration for X2 traffic, it uses the IP interface group specified in the CDC configuration for X2 (signaling) traffic. The dumpPDU flag within Diameter node configuration is not applicable when Diameter is used for LI X2 traffic. 

The remaining Diameter objects (Diameter peers and realm routes) are configured within the CDC object. When created in the CDC, these Diameter objects are specific to use for PC 2.0 LI.

The optional IPsec configuration must be completed by a user with admin privileges if either the X2 or X3 interface is to be secured with IPsec.

Packet Cable 2.0 LI Command Syntax

The following code block identifies the CDC parameters required for PC 2.0 LI deployments. 

% set addressContext default intercept callDataChannel <callDataChannel_name> interceptStandard packetcableVTwo  
  diamNode <name>  
  diameterPeer <calea Diameter peer name>
  diameterRealmRoute  <calea realmRoute>
  embedTapIdInCccId <enabled | disabled>      
  ipInterfaceGroupName <IP interface group>
  liPolDipForRegdOodMsg <enabled | disabled>
  mediaIpInterfaceGroupName <IP interface group>
  mediationServer <MS name>
  rtcpInterception <enabled | disabled>
  vendorId <none | atos>

Packet Cable 2.0 LI Command Parameters

The following table describes the CDC parameters  required for PC 2.0 LI deployments. 

Parameters Required in PC 2.0 LI Deployments

ParameterDescription
diamNode

Specifies the name assigned to the SBC Diameter node configuration (up to 23 characters). SBC configuration includes a single Diameter node to define the SBC side of the Diameter interface. If Diameter is used for more than one purpose on the SBC then the Diameter node is shared.

Note: Diameter node configuration must be completed on the SBC by a user with admin privileges. Then the Diameter node name is entered in the CDC for a PC 2.0 LI deployment by a calea user using this parameter. Additional Diameter objects (described in the next two rows) are created within the CDC by the calea user.

diameterPeer

Diameter peer configuration under the CDC object, specifically for the mediation server (DF) side of the Diameter X2 signaling interface for PC 2.0 LI deployments. A maximum of 16 Diameter peers can be configured within the CDC.

<calea Diameter peer name> – Specifies a unique name for this Diameter peer configuration (up to 23 characters). This name must not duplicate any name used for either LI or non-LI Diameter peers.

  • deviceWatchdogTimer – Specifies the Device-Watchdog-Requests timer value, in milliseconds (range: 0-100000 / default=1000).
  • deviceWatchdogTimerAnswerTimeout – Specifies the Device Watchdog Answer timeout value, in milliseconds. The SBC considers a peer down if it does not receive a reply to a Device Watchdog Request before this timer expires. (range: 1000-500000 | default = 2000)
  • dscpValue – Specifies the Differentiated Services Code Point (DSCP) value for intercepted signaling packets sent to this peer. (range: 0-63 / default = 16)
  • fqdn – Specifies the FQDN for this peer (1-256 characters).
  • ipAddress – Specifies the IP address for this peer.
  • sessionDistribution – Specifies how to distribute Diameter sessions. Options are:

    • honor-reply-order (default) – Diameter session creation across multiple IP connections under this peer honors the order of the IP addresses that are returned in the DNS reply starting from the first one.

    • round-robin – Diameter session creation across multiple IP connections under this peer are rotated in round-robin fashion starting from the first one.

  •  state – Specifies the administrative state of this peer:
    • disabled (default)
    • enabled
  • tcpPort –  Specifies the TCP port number for this peer (default is 3868).
diameterRealmRoute

Diameter realm route configuration under the CDC object, specifically for the mediation server (DF) side of the Diameter X2 signaling interface for PC 2.0 LI deployments. A maximum of 16 Diameter realm routes can be configured within the CDC.

<calea realmRoute name> – Specifies a unique name for the Diameter realm route for the specified Diameter peer (up to 23 characters). This name must not duplicate any name used for either LI or non-LI Diameter realm routes.

  • appId – Specifies the application ID (Diameter interface type) for this route.
    • x2 – For PC 2.0 LI, the application ID must be set to X2. 
  • peer – Specifies the name of the Diameter peer this route belongs to.
  • priority – Specifies the priority of this route. (range 0-100 / default = 0)
  • realm – Specifies the realm (FQDN) for this route. This name must match the realm name for the mediation server that is associated with this route.
  • state – Specifies the administrative state of this route.
    • disabled (default)
    • enabled
embedTapIdInCccId

Specifies whether the SBC embeds the Tap ID in the CCCID (Call Content Connection Identifier) it sends with X2 and X3 messages to the DF. The Tap ID comes from X1 surveillance data. The options are:

  • enabled – The SBC generates a CCCID with the Tap ID embedded if the Tap ID is a decimal value between 1 and 65534. If the Tap ID is null, it is converted to 0, but if it is out of range or not a decimal number, it is converted to 65535 or hex 0xFFFF.
  • disabled – (default) Embedding of the Tap ID is not required.
ipInterfaceGroupNameSpecifies the name of the IP interface group to send X2 signaling data to the mediation server (DF).
liPolDipForRegdOodMsg

Specifies whether the SBC should send a policy request to the PSX, when the SBC receives a registered user's out-of-dialog messages, to determine whether interception is required.

  • disabled (default) – The SBC does not send policy request to PSX for out-of-dialog messages.
  • enabled – The SBC sends a policy request to PSX for out-of-dialog messages.
mediaIpInterfaceGroupNameSpecifies the name of the IP interface group to send X3 call content to the mediation server (DF).
mediationServer

Mediation server configuration to specify parameters for X2 and X3 destinations. Up to 16 mediation servers can be configured in the CDC for a PC 2.0 LI deployment.

<mediation server name> – Specifies the name of the mediation server configuration object. The following media (UDP transport only) and signaling parameters can be configured for each PC 2.0 LI mediation server.

  • media udp
    • dscpValue – Specifies the Differentiated Services Code Point (DSCP) value for intercepted media packets. (range: 0-63 / default = 16).
    • ipAddress – Specifies the IPv or IPv6 address of the mediation server to which the SBC delivers intercepted media.
    • mode – Specifies the operational mode of the UDP connection towards the mediation server:
      • inService
      • outOfService
    • portNumber – Specifies the port number of the mediation server to which the SBC delivers intercepted media.

    • state – Specifies the administrative state of the UDP connection towards the mediation server:

      • disabled
      • enabled
  • signaling
    • mode – Specifies the operational mode of the signaling connection towards the mediation server:
      • inService
      • outOfService
    • realmName – The name of the realm to which this mediation server belongs. This name must match the realm name in the diameterRealmRoute configuration for the Diameter connection to be used to reach this mediation server.
    • state – Specifies the administrative state of the signaling connection towards the mediation server:
      • disabled
      • enabled
rtcpInterception

Specifies whether to intercept RTCP information. Options are:

  • disabled (default) – SBC does not intercept RTCP information.
  • enabled – SBC intercepts RTCP information.
vendorId

The vendor name of the LI server. The values supported for PC 2.0 LI:

  • atos
  • none

Configuration Examples

The following series of examples show the basic tasks required to configure PC 2.0 LI.

Configure the Diameter Node Object

Logged in as a user with admin privileges, configure the Diameter node that represents the SBC side of the X2 Diameter interface.

% set addressContext default diamNode DN ipInterfaceGroupName LIG1 originRealm pc20.test primaryOriginHost origin.pc20.test
commit
Info

For more information on Diameter node configuration, refer to Diameter Node - CLI or Address Context - Diam Node (EMA).

Note

During configuration of the CDC object you specify IP interface groups for the X2 and X3 interfaces. IP interface groups and the IP interfaces they contain are SBC configuration objects that define networking parameters. IP interface groups must be created by an admin user prior to configuring the CDC object so the names are available to include in CDC configuration. Refer to IP Interface Group - CLI or System Provisioning - IP Interface Group for more information.

Configure the CDC Object

Logged in as the calea user, configure CDC parameters for PC 2.0 LI including its subordinate objects: Diameter peers, Diameter realm routes, and mediation servers.

### set general CDC parameters
 
% set addressContext default intercept callDataChannel CDC interceptStandard packetcableVTwo vendorId atos ipInterfaceGroupName LIG1 mediaIpInterfaceGroupName LIG1 diamNode DN
commit
 
### create a Diameter peer within the CDC as a destination for LI X2 traffic

% set addressContext default intercept callDataChannel CDC diameterPeer caleaPeer1 ipAddress 10.12.14.100 fqdn p1.seagull.company.com state enabled
commit
 
### create a Diameter realm route within the CDC to reach the LI Diameter peer
% set addressContext default intercept callDataChannel CDC diameterRealmRoute caleaRealmRoute1 peer caleaPeer1 realm seagull.company.com state enabled
commit
 
### create a mediation server that incorporates the Diameter realm specified in the Diameter realm route
% set addressContext default intercept callDataChannel CDC mediationServer MS1 signalling diameterRealm seagull.company.com state enabled
% set addressContext default intercept callDataChannel CDC mediationServer MS1 media udp ipAddress 10.12.14.200 portNumber 9999
% set addressContext default intercept callDataChannel CDC mediationServer MS1 media udp state enabled mode inService
commit
Info

For more information on CDC configuration, refer to Configure CDC for PacketCable 2.0 (EMS), Create Diameter Peer for SBC Nodes with PacketcableVTwo (EMS), and Create Diameter Realm Routes for SBC Nodes with PacketcableVTwo (EMS) or Intercept - CLI and Diameter Node - CLI.

(Optional) Configuring IPsec for Signaling and Media Interception

Logged in as a user with admin privileges, configure IPsec if needed. This optional configuration is needed if you require a secure connection between the SBC and the mediation server. The SBC supports IPsec over TCP for signaling interception (X2 interface) and IPsec over UDP for media interception (X3 interface). When configuring IPsec, the SPD entry must include: 

  • localIdentity ipAddress – The SBC interface group IP address specified in the CDC.

  • remoteIdentity ipAddress – The mediation server IP address specified in the CDC.

### create and configure IKE and IPsec protection profiles
   
set profiles security ipsecProtectionProfile Peer1_IPSEC_PROT_PROF saLifetimeTime 28800
set profiles security ipsecProtectionProfile Peer1_IPSEC_PROT_PROF espAlgorithms integrity hmacSha1,hmacMd5
set profiles security ipsecProtectionProfile Peer1_IPSEC_PROT_PROF espAlgorithms encryption aesCbc128,_3DesCbc
  
set profiles security ikeProtectionProfile Peer1_IKE_PROT_PROF saLifetimeTime 28800
set profiles security ikeProtectionProfile Peer1_IKE_PROT_PROF algorithms encryption aesCbc128,_3DesCbc
set profiles security ikeProtectionProfile Peer1_IKE_PROT_PROF algorithms integrity hmacSha1,hmacMd5
set profiles security ikeProtectionProfile Peer1_IKE_PROT_PROF dpdInterval noDpd
  
### create IKE peer
  
set addressContext default ipsec peer Peer1 ipAddress 10.12.14.200 preSharedKey 00000000000000000000000000000000 localIdentity type ipV4Addr ipAddress 10.12.14.16
set addressContext default ipsec peer Peer1 remoteIdentity type ipV4Addr ipAddress 10.12.14.200
set addressContext default ipsec peer Peer1 protocol ikev1 protectionProfile Peer1_IKE_PROT_PROF
  
### create an SPD rule for this IKE peer
  
set addressContext default ipsec spd Peer1_SPD state enabled precedence 1001
set addressContext default ipsec spd Peer1_SPD localIpAddr 10.12.14.16 localIpPrefixLen 32 remoteIpAddr 10.12.14.200 remoteIpPrefixLen 32
set addressContext default ipsec spd Peer1_SPD action protect
set addressContext default ipsec spd Peer1_SPD protocol 0
set addressContext default ipsec spd Peer1_SPD protectionProfile Peer1_IPSEC_PROT_PROF
set addressContext default ipsec spd Peer1_SPD mode transport
set addressContext default ipsec spd Peer1_SPD peer Peer1
  
### enable IPsec on the IP interface group
  
set addressContext default ipInterfaceGroup LIG1 enabled
Info

For more information on IPsec configuration, refer to IP Security - CLI or Security - IPsec (EMA).