Versions Compared

Old Version 17

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version 18

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Add_workflow_for_techpubs
AUTH1UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cb41059c, userName='null'}
JIRAIDAUTHSBX-92189
REV5UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cb8305e9, userName='null'}
REV6UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26ca2e03c3, userName='null'}
REV3UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26ca18039c, userName='null'}
REV4UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26c89e0137, userName='null'}
REV1UserResourceIdentifier{userKey=8a00a0c8606235800160682f2d680001, userName='null'}
REV2UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cbba0641, userName='null'}

 

Panel

In this section:

Table of Contents
maxLevel4

Info
iconfalse

Related articles:

Anchor
Configure the CDC
Configure the CDC
Configuring the Call Data Channel

To configure Call Data Channel (CDC):

Anchor
Configuring the Node Number
Configuring the Node Number
Configuring the Node Number

As user ''Calea'', use the following commands to configure LI:

Code Block
languagenone
set addressContext default intercept nodeNumber 7788

Include Page
CDC_Configured_through_EMS
CDC_Configured_through_EMS

Anchor
Configuring CDC for Intercept Flavor as IMS LI
Configuring CDC for Intercept Flavor as IMS LI
Creating CDC for Intercept Flavor as IMS LI

For other options of configuring the intercept flavor as IMS LI, refer to the section Configuring SBC For Lawful Interception.

Code Block
% set addressContext default intercept callDataChannel <callDataChannel_name>
   dsrProtocolVersion <0 | 1>
   liPolDipForRegdOodMsg <disabled | enabled>
   interceptStandard <etsi | threeGpp>
   rtcpInterception <disabled | enabled>
   ipInterfaceGroupName <ipInterfaceGroup_name>
   mediaIpInterfaceGroupName <mediaIpInterfaceGroup_name>
   vendorId <verint | utimaco | none | groupTwoThousand>

The following is an example of how to create a CDC for the intercept flavor as IMS LI.

Code Block
languagenone
% set addressContext default intercept nodeNumber 74120 callDataChannel CDC ipInterfaceGroupName LIG1 dsrProtocolVersion 1 interceptStandard etsi vendorId verintgroupTwoThousand mediaIpInterfaceGroupName LIG1 ipInterfaceGroupName LIG1
LIG2
% commit
Info
titleNote
Mediation server’s ipInterfaceGroup

The ipInterfaceGroup/mediaIpInterfaceGroup for CDC must be different from other signaling/media ipInterface groups. This ensures that LI doesn't use signaling ipAddress to send intercepted traffic (media/signaling) towards the mediation server.

Info
titleNote

The SBC allows configuration of a maximum of 16 mediation servers for IMS LI in the Call Data Channel (CDC). When a call is tapped, the SBC selects among the Delivery Function 2 (DF2) servers in a round-robin manner, and establishes persistent TCP connections with all configured mediation servers.

Each mediation server object contains the Signaling(X2) and Media (X3) IP addresses. The SBC allows configuration of multiple mediation servers with the same X2 IP address but a different X3 IP address.

For IMS LI, the SBC does not support any Active-Standby configuration for the X2 servers. It assumes that the DF2 servers are running in Active-Active mode, and in case of a failure, moves the IP address of the active DF2 server to the standby DF2 server.

The X2 and X3 servers operate independently. Even if the X2 servers are not reachable, the SBC sends X3 media if DF3 servers are available, and vice versa.

The SBC buffers the X2 messages if the corresponding mediation server is not operational.

For more information, refer to Intercept - CLI.

The alarms sonusSbxImMediationServerX2MsgBufferFull and sonusSbxImMediationServerX2MsgBufferAvailable indicate the status of the DSR buffer. The alarms are raised depending on whether the DSR buffer is full, or available Mediation Server.

Anchor
Configuring CDC for Media Interception Over TCP
Configuring CDC for Media Interception Over TCP
Configuring CDC for Media Interception Over TCP

Code Block
% set addressContext default intercept callDataChannel <callDataChannel_name> mediationServer <MS_name> media tcp
   ipAddress <IP_Address>
   portNumber <0-65535>
   dscpValue <0-63>
   mode <inService | OutofService>
   state <disabled | enabled>
   kaTime <60-7200>
   kaInterval <5-60>
   kaProbe <4-8>

The following is an example of how to configure a CDC for the media interception over TCP.

Code Block
languagenone
% set addressContext default intercept callDataChannel CDC mediationServer MS1 media tcp ipAddress 10.54.78.20 portNumber 65120 
% commit
% set addressContext default intercept callDataChannel CDC mediationServer MS1 media tcp state enabled mode inService
% commit 

Anchor
Configuring CDC for Media Interception Over UDP
Configuring CDC for Media Interception Over UDP
Configuring CDC for Media Interception Over UDP

Code Block
% set addressContext default intercept callDataChannel <callDataChannel_name> mediationServer <MS_name> media udp
   ipAddress <IP_Address>
   portNumber <0-65535>
   dscpValue <0-63>
   mode <inService | OutofService>
   state <disabled | enabled>
   kaTime <60-7200>
   kaInterval <5-60>
   kaProbe <4-8>

The following is an example of how to configure a CDC for the media interception over UDP.

Code Block
languagenone
% set addressContext default intercept callDataChannel CDC mediationServer MS1 media udp ipAddress 10.54.78.20 portNumber 65200
% commit
% set addressContext default intercept callDataChannel CDC mediationServer MS1 media udp state enabled mode inService
% commit 
Info
titleNote

The SBC supports IPsec for signaling and media interception over TCP and UDP.

Anchor
Configuring CDC for Signaling Interception
Configuring CDC for Signaling Interception
Configuring CDC for Signaling Interception

Code Block
% set addressContext default intercept callDataChannel <callDataChannel_name> mediationServer <MS_name> signaling
   ipAddress <IP_Address>
   portNumber <0-65535>
   dscpValue <0-63>
   protocolType <tcp | udp>
   mode <inService | OutofService>
   state <disabled | enabled>


Info
titleNote

The signaling interception does not support the protocolType udp.

The following is an example of how to configure a CDC for the signaling interception.

info
Code Block
languagenone
% set addressContext default intercept callDataChannel CDC mediationServer MS1 signaling ipAddress 10.54.78.20 portNumber 65300 protocolType tcp
% commit
% set addressContext default intercept callDataChannel CDC mediationServer MS1 signaling state enabled mode inService
% commit
titleNote
The protocolType "udp" is not supported for Signaling interception.
 Anchor
Configuring CDC for RTCP Interception
Configuring CDC for RTCP Interception
Configuring CDC for RTCP Interception
 Code Block
languagenone
% set addressContext default intercept callDataChannel CDC rtcpInterception enabled
% commit
 Info
titleNote
The rtcpInterception parameter is visible, when interceptStandard and vendorId is configured as IMS LI.
 Anchor
Configuring CDC for "Li Pol Dip For Regd Ood Msg"
Configuring CDC for "Li Pol Dip For Regd Ood Msg"
Configuring CDC for "Li Pol Dip For Regd Ood Msg"
The parameter liPolDipForRegdOodMsg when enabled is used to indicate SBC to send policy request to PSX for registered Out-Of-Dialog requests(messages) to be intercepted. When this parameter is disabled, policy request is not sent to PSX for registered Out-Of-Dialog requests (messages).
Enable the support for Policy dip, for registered users out-of-dialog messages, to decide on interception, by executing the command
 Code Block
languagenone
% set addressContext default intercept callDataChannel CDC liPolDipForRegdOodMsg enabled
% commit
 Info
titleNote
The liPolDipForRegdOodMsg  parameter is visible, when interceptStandard and vendorId is configured as IMS LI.
 Anchor
Configuring SBC Core IPsec
Configuring SBC Core IPsec
Configuring the SBC Core IPsec
As user ''Admin'', use the following commands to configure IPsec:
 Info
titleNote
  •  This optional configuration is needed if secure connection is required between the 
     Spacevars
    0product
     and the Mediation Server.  
  • The SBC does not support supports IPsec for media interception over UDP.
  • The SPD entry is required to create the following entries:
    • localIdentity ipAddress – The SBC Interface Group IP associated with the LI CDC.
    • remoteIdentity ipAddress – The Mediation Server IP configured in the LI CDC.
  • The Recommended setting for LI IPsec mode is 'transport'.
 Info
titleInfo
For more information on IPsec configuration, refer to the section IP Security - CLI.
 Code Block
### create and configure IKE and IPsec protection profiles
   
set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF saLifetimeTime 28800
set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF espAlgorithms integrity hmacSha1,hmacMd5
set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF espAlgorithms encryption aesCbc128,_3DesCbc
  
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF saLifetimeTime 28800
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF algorithms encryption aesCbc128,_3DesCbc
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF algorithms integrity hmacSha1,hmacMd5
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF dpdInterval noDpd
  
### create IKE peer
  
set addressContext default ipsec peer PRGGSX2 ipAddress 10.54.78.20 preSharedKey 00000000000000000000000000000000 localIdentity type ipV4Addr ipAddress 10.220.41.161
set addressContext default ipsec peer PRGGSX2 remoteIdentity type ipV4Addr ipAddress 10.54.78.20
set addressContext default ipsec peer PRGGSX2 protocol ikev1 protectionProfile PRGGSX2_IKE_PROT_PROF
  
### create an SPD rule for this IKE peer
  
set addressContext default ipsec spd PRGGSX2_SPD state enabled precedence 1001
set addressContext default ipsec spd PRGGSX2_SPD localIpAddr 10.220.41.161 localIpPrefixLen 32 remoteIpAddr 10.54.78.20 remoteIpPrefixLen 32
set addressContext default ipsec spd PRGGSX2_SPD action protect
set addressContext default ipsec spd PRGGSX2_SPD protocol 0
set addressContext default ipsec spd PRGGSX2_SPD protectionProfile PRGGSX2_IPSEC_PROT_PROF
set addressContext default ipsec spd PRGGSX2_SPD mode transport
set addressContext default ipsec spd PRGGSX2_SPD peer PRGGSX2
  
### enable IPsec on the IP interface group
  
set addressContext default ipInterfaceGroup LIG1 enabled
 Info
titleNote
The SBC is enhanced to support IMS LI for PS-to-PS Handover scenarios. The enhancement has no impact on the IMS routing.
Viewing IMS LI Configuration
Enter the show commands to view the configurations.
 Anchor
Viewing the Intercept Details
Viewing the Intercept Details
Viewing the Intercept Details
To view the intercept details, execute the following command:
 Code Block
languagenone
show status addressContext default intercept callDataChannel
callDataChannel CDC {
    mediationServerMediaStatus MS1 {
        tcpChannelstatus inService;
        tcpPacketsSent   0;
        tcpPacketsLost   0;
        udpPacketsSent   0;
        udpPacketsLost   0;
    }
    mediationServerSignalingStatus MS1 {
        tcpChannelStatus inService;
        DSRSuccess       0;
        DSRFailures      0;
    }
}
[ok]
 Anchor
Viewing the CDC Configuration
Viewing the CDC Configuration
Viewing the CDC Configuration
To view the CDC configuration, execute the following command:
 Code Block
languagenone
show addressContext default intercept
nodeNumber 7788;
callDataChannel CDC {
    dsrProtocolVersion    0;
	interceptStandard     etsi;
    vendorId              verint;
    ipInterfaceGroupName  LIG1;
    liPolDipForRegdOodMsg enabled;
    rtcpInterception      enabled;
    mediaIpInterfaceGroupName LIG1;
    mediationServer MS1 {
        signaling {
            ipAddress    10.54.78.20;
            portNumber   65300;
            protocolType tcp;
            mode         inService;
            state        enabled;
        }
        media {
            tcp {
                ipAddress  10.54.78.20;
                portNumber 65120;
                mode       inService;
                state      enabled;
            }
            udp {
                ipAddress  10.54.78.20;
                portNumber 65200;
                mode       inService;
                state      enabled;
            }
        }
    }
}
[ok]


 
 Pagebreak