Versions Compared

Old Version 1

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version Current

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Add_docset_workflow
AUTH1samenon
DEV2skatta
DEV1assharma
SVT2sekumar
LDEV1ksaurabh
SVT1spurushotham
LSVT1radaikalam

Noprint
Panel
borderColorgreen
bgColortransparent
borderWidth2

Back to Table of Contents

Back to New Best Practices in VoLTE Release

Back to Configuring SBC for IMS (VoLTE)

...

 

Panel

In this section:

Table of Contents
maxLevel3

...

Info
iconfalse

Related articles:

Children Display

Overview

Excerpt Include
Lawful Intercept
Lawful Intercept
nopaneltrue

 

User "calea" must be created on SBC before attempting LI provisioning.

Creating the CALEA User through CLI

Div
classexcerptdiv
Excerpt

Spacevars
0series4
acting as P-CSCF or I-BCF is configurable to intercept IMS sessions using Lawful Interception (LI)  techniques (legally sanctioned official access to private communications). This feature can also be used in non-IMS deployments to intercept audio, clear mode and fax streams.

At a high level, SBC Lawful Intercept functionality includes:

  • Support of Encapsulation mode (multimedia) for all signaling messages and media streams; Encapsulation mode signifies intercepting the received or sent signaling or media stream, by appending an header with extra information, towards the Mediation Server.
  • Support for SIP URI and DN based interception
  • Support for intercepting RTP media types such as audio, image (fax), clearmode
  • Support for intercepting any SIP signaling messages

  • Support for sending intercepted signaling messages over TCP, using an optional IPSec tunnel

Info

For CLI and EMA changes in this release to support Lawful Intercept, see:

 

The figure below depicts a SBC deployment scenario supporting LI.

Caption
0Figure
1SBC for Lawful Interception

Image Removed

Panel
bgColortransparent
  • X1 interface: Provisioning interface supported by EMS using SOAP XML/TCP.
  • X2 interface: Signaling interface supported by SBC to send call data (signaling) messages over TCP using an optional IPSec tunnel. This interface encapsulates a copy of the SIP signaling message sent/received towards/from the target.
  • X3 interface: Media interface supported by SBC to send call content (media) messages over UDP only. These media streams (audio/image/clearmode) carries a copy of the stream sent/received towards/from the target.
Noprint

Back to Top

EMS/PSX support for LI

For information on configuring EMS and PSX for Lawful Intercept, see EMS document Sonus Lawful Intercept.

Configuring SBC for LI

Note

 Perform these steps if not already configured in EMS. The LI license is provisioned before interception, using EMS. For more details to provision LI license, see EMS pages LI Target Setting and Managing Licenses

To configure LI, perform the following steps:

...

  1. Log on as admin user.

  2. Create a CALEA user, by executing the following command:

    Code Block
    languagenone
    % set oam localAuth user calea group Calea
commit


    You will see a system-generated password. Use this password when you log on to CALEA user for the first time.

...

Add the static route towards the Mediation Server with suitable (full) prefix, executing the command:

 

Code Block
languagenone
% set addressContext default staticRoute 10.70.54.106 32 10.54.1.1 LIG1 LIF1 preference 100
Note

For a CALEA user, address context used is always default.

SBC uses the same IP Interface, defined in IP Interface Group, to send Call Data and Call Content information.When you add the static route towards the Mediation Server, use the same interface group configured in Call Data Channel (CDC).  Any other static route already added from the different IP Interface group within same address context is to be deleted.

 

 

Log on as CALEA user as only CALEA user is authorized to intercept calls.

 

...

If you are logging as a CALEA user for the first time,

...

Enter the new password and then re-enter the same password to confirm.

 

 

...

Configure the CDC with the details of the Mediation Server, by executing the command:

 

Code Block
languagenone
% set addressContext default intercept callDataChannel CDC1 priIpAddress 10.70.56.94 dsrTcpPort 6161 ipInterfaceGroupName LIG1 mediaTypeIntercepted multimedia priState disabled priMode outOfService UDPMediaTransport udpMediaIpAddress 10.70.56.94 udpMediaPort 3002
Note

When the mediaTypeIntercepted  is set to multimeda only then  UDPMediaTransport  ( media-related details such as udpMediaIpAddress and udpMediaPort) can be configured.

 

 

...

Trigger a TCP connection towards the Mediation Server for sending intercepted signaling messages, by executing the command:

 

Note

Either primaryTCPChannelStatus or secondaryTCPChannelStatus is active at a time for interception.

Code Block
languagenone
% set addressContext default intercept callDataChannel CDC1 priState enabled priMode active
commit
Noprint

Back to Top

...

Verify the TCP connection status, by executing the command:

Code Block
languagenone
> show status addressContext default intercept interceptCallDataChannelStatistics default primaryTCPChannelStatus
primaryTCPChannelStatus inService;

Verify the secondary TCP channel status, by executing the command:

Code Block
languagenone
> show status addressContext default intercept interceptCallDataChannelStatistics default secondaryTCPChannelStatus
secondaryTCPChannelStatus outOfService;

...

View the number of successful intercepted DSR messages, by executing the command:

Code Block
languagenone
> show status addressContext default intercept interceptCallDataChannelStatistics default DSRSuccess
DSRSuccess 464;

View the number of unsuccessful intercepted DSR messages, by executing the command:

Code Block
languagenone
> show status addressContext default intercept interceptCallDataChannelStatistics default DSRFailures
DSRFailures 0; 

...

The parameter liPolDipForRegdOodMsg when enabled is used to indicate SBC to send policy request to PSX for registered Out-Of-Dialog requests(messages) to be intercepted. When this parameter is disabled, policy request is not sent to PSX for registered Out-Of-Dialog requests(messages).

Enable the support for Policy dip, for registered users out-of-dialog messages, to decide on interception, by executing the command

Code Block
languagenone
% set addressContext default intercept callDataChannel CDC1 liPolDipForRegdOodMsg enabled 
commit
Noprint

Back to Top

Resetting the Configuration

You can make the changes in the configuration as follows:

  1. Terminate the current connection
  2. Change/Reset the configuration
  3. Reestablish the connection

...

Terminate the TCP connection towards the Mediation Server, by executing the command:

Code Block
languagenone
% set addressContext default intercept callDataChannel CDC1 priState disabled priMode outOfService
commit

Once the state is set to disabled and mode is set to outOfService, the connection towards the LI mediation server is terminated. Verify the TCP connection status to ensure that the connection is terminated.

Now, you can change/reset the configuration.

...

The following configurations can be changed/reset:

Info

Prerequisite: Before you change/reset the configuration, ensure the state is disabled and the mode is out of service.

...

Change the mode of interception, by executing the command:

Code Block
languagenone
% set addressContext default intercept callDataChannel CDC1 mediaTypeIntercepted multimedia
commit

...

Change IP address of the Mediation Server, by executing the command:

Code Block
languagenone
% set addressContext default intercept callDataChannel CDC1 priIpAddress 10.56.3.1
commit

...

Change the signalling TCP port of the Mediation Server, by executing the command:

Code Block
languagenone
% set addressContext default intercept callDataChannel CDC1 dsrTcpPort 4041
commit
Noprint

Back to Top

...

Once you have made the desired changes in the configuration, you need to re- establish the connection to the Mediation Server.

Re-establish the connection, by executing the command:

Code Block
languagenone
% set addressContext default intercept callDataChannel CDC1 priState enabled priMode active
commit

Once the state is set to enabled and mode is set to active, the connection towards the mediation server is re-established.

Viewing the LI Configuration

Enter the show commands to view the configurations.

Creating the CALEA User through EMA

Info
titleNote

You do not need to create a CALEA user for EMS registered D-SBC setups.

  1. Log into the EMA GUI.
  2. Select Administration > Users and Application Management > User and Session Management.
  3. Click New User. The Create User panel appears.

  4. Select Calea from the Role drop-down menu.

    Caption
    0Figure
    1Create CALEA User

    Image Added


  5. Configure the other fields in the Create User panel.

  6. Click Save.
    The CALEA user saves with a temporary password, which appears in the Create User panel. Record the temporary password.

    Caption
    0Figure
    1Temporary Password Example

    Image Added


  7. Click the check mark icon.
  8. Select Admin > Log Out to logout. 
  9. A prompt to confirm the logout appears. Click Yes.
  10. Log into the EMA GUI as the CALEA user with the temporary password.

  11. A prompt to create a new password appears. Enter and confirm a new password.

    Caption
    0Figure
    1Enter new Password Example

    Image Added


  12. Click Sign In.

View the CALEA user status

View the CALEA user status, by executing the following command:

Code Block
languagenone

...

> show status oam localAuth userStatus
userStatus admin {
    currentStatus Enabled;
    userId        3000;
}
userStatus calea {
    currentStatus Enabled;
    userId        3329;
}
[ok]

...

View the intercept details

View the intercept details, by executing the command:

Code Block
languagenone
calea@pear> show status addressContext default intercept interceptCallDataChannelStatistics default
primaryChannelStatus      outOfService;
secondaryChannelStatus    outOfService;
StartSuccess              0;
StartFailures             0;
StopSuccess               0;
StopFailures              0;
CallAnswerSuccess         0;
CallAnswerFailures        0;
CallDisconnectSuccess     0;
CallDisconnectFailures    0;
ServiceInstanceSuccess    0;
ServiceInstanceFailures   0;
IndicationSuccess         0;
IndicationFailures        0;
KeepAliveSuccess          0;
KeepAliveFailures         0;
RestartSuccess            0;
RestartFailures           0;
RadiusAckReceived         0;
StartResponsesReceived    0;
primaryTCPChannelStatus   inService;
secondaryTCPChannelStatus outOfService;
DSRSuccess                299;
DSRFailures               0;
[ok]

View the CDC configuration

View the CDC configuration, by executing the command:

Code Block
languagenone
calea@pear% show addressContext default intercept callDataChannel CDC1
priState              enabled;
priMode               active;
priIpAddress          10.70.54.106;
ipInterfaceGroupName  LIG1;
liPolDipForRegdOodMsg enabled;
dsrTcpPort            8161;
mediaTypeIntercepted  multimedia;
UDPMediaTransport {
        udpMediaIpAddress 10.70.54.106;
        udpMediaPort      3004;
    }
}
[ok]

...

 Pagebreak