Use the intercept and call data channel (CDC) commands to configure the parameters for lawful intercept (LI) processing on the SBC. Lawful interception is a means of conducting lawfully authorized electronic surveillance of communication against warranted users or subscribers.
Refer to the Lawful Intercept page and associated pages for an in-depth explanation of SBC LI functionality.
LI Commands
Command Syntax
As the user 'calea', use the following command syntax to configure LI.
% set addressContext <default> intercept
callDataChannel <callDataChannel>
nodeNumber <integer>
Command Parameters
Parameter | Length/Range | Description |
---|
CallDataChannel
| 1-23 | The user-configurable LI Call Data Control Channel name. See Call Data Channel Parameters tables below for details on the parameters within the CDC. |
nodeNumber
| 0-9999999 | The unique global node number to assign to the SBC which is used by the LI server for identification purposes. |
Call Data Channel Commands
CDC Command Syntax
As the user 'calea', use the following CLI syntax to establish the LI call data channel configuration:
% set addressContext <default> intercept callDataChannel <callDataChannel_name>
diamNode <name>
diameterPeer <calea Diameter peer name>
diameterRealmRoute <calea realmRoute>
dsrProtocolVersion <0 | 1>
embedTapIdInCccId <enabled | disabled>
interceptStandard <etsi | packetcable | packetcablePlusEtsi | packetcableVTwo | threeGpp>
ipInterfaceGroupName <ipInterfaceGroup_Name>
kaTimer <0-65535 seconds>
liPolDipForRegdOodMsgs <disabled | enabled>
mediaIpInterfaceGroupName <IP interface group name>
mediationServer <server name>
priIpAddress <IPv4 address>
priMode <active | outofservice | standby>
priPort <0-65535>
priState <disabled | enabled>
retries <value>
rtcpInterception <disabled | enabled>
secIpAddress <IP_Address>
secMode <active | outofservice | standby>
secState <disabled | enabled>
vendorId <none | groupTwoThousand | ss8 | utimaco | verint>
CDC Command Parameters
The following table describes the CDC parameters that determine the type of LI you are deploying. They must be configured for all types of LI.
CDC Parameters that Determine LI Type
Parameter | Description |
---|
interceptStandard
| The intercept standard to use for this CDC. etsi packetcable (default)packetcablePlusEtsi
packetcableVTwo threeGpp
|
vendorId
| The vendor name of the LI server. atos none (default)groupTwoThousand ss8 utimaco verint
|
Intercept Standards and Vendors for Different LI Types
The following table identifies the interceptStandard
and vendorId
configuration combinations the SBC supports for each type of LI.
Intercept Standards and Vendors per LI Type
CDC Configuration Settings | LI Type |
---|
interceptStandard | vendorId |
---|
packetcable/packetCablePlusEtsi | none/utimaco/verint | Legacy LI (default) |
packetcable | ss8 | PCSI LI |
threeGpp/etsi | none/utimaco/verint/groupTwoThousand | IMS LI |
packetcableVTwo
| atos/none | PC 2.0 LI |
The following table lists the rest of the CDC parameters. Not all parameters apply to each type of LI; some parameters do not become available until you specify an interceptStandard
and vendorID
combination of an LI type to which they apply.
CDC Parameters Per LI Type
Parameter | Length/Range | Description | Applicable To |
---|
diamNode | up to 23 characters | <name> – Specifies the name assigned to the SBC Diameter node configuration. SBC configuration includes a single Diameter node to define the SBC side of the Diameter interface. If Diameter is used for more than one purpose on the SBC then the Diameter node is shared.
Note: Diameter node configuration must be completed on the SBC by a user with admin privileges. Then, the Diameter node name is entered in the CDC for a PC 2.0 LI deployment by the calea user using this parameter. | |
diameterPeer | up to 23 characters | Diameter peer configuration under the CDC object, specifically for the mediation server (DF) side of the Diameter X2 signaling interface for PC 2.0 LI deployments. A maximum of 16 Diameter peers can be configured within the CDC. <calea Diameter peer name> – Specifies a unique name for this Diameter peer configuration (up to 23 characters). This name must not duplicate any name used for either LI or non-LI Diameter peers.
deviceWatchdogTimer – Specifies the Device-Watchdog-Requests timer value, in milliseconds (range: 0-100000 / default=1000).deviceWatchdogTimerAnswerTimeout – Specifies the Device Watchdog Answer timeout value, in milliseconds. The SBC considers a peer down if it does not receive a reply to a Device Watchdog Request before this timer expires. (range: 1000-500000 | default = 2000)dscpValue – Specifies the Differentiated Services Code Point (DSCP) value for intercepted signaling packets sent to this peer. (range: 0-63 / default = 16)fqdn – Specifies the FQDN for this peer (1-256 characters).ipAddress – Specifies the IP address for this peer.sessionDistribution – Specifies how to distribute Diameter sessions. Options are:honor-reply-order (default) – Diameter session creation across multiple IP connections under this peer honors the order of the IP addresses that are returned in the DNS reply starting from the first one.
round-robin – Diameter session creation across multiple IP connections under this peer are rotated in round-robin fashion starting from the first one.
state – Specifies the administrative state of this peer:disabled (default)enabled tcpPort – Specifies the TCP port number for this peer (default is 3868).
| |
diameterRealmRoute | up to 23 characters | Diameter realm route configuration under the CDC object, specifically for the mediation server (DF) side of the Diameter X2 signaling interface for PC 2.0 LI deployments. A maximum of 16 Diameter realm routes can be configured within the CDC. <calea realmRoute name> – Specifies a unique name for the Diameter realm route for the specified Diameter peer (up to 23 characters). This name must not duplicate any name used for either LI or non-LI Diameter realm routes.
appId – Specifies the application ID (Diameter interface type) for this route.x2 – For PC 2.0 LI, the application ID must be set to X2.e2 rf rx
peer – Specifies the name of the Diameter peer this route belongs to.priority – Specifies the priority of this route. (range 0-100 / default = 0)realm – Specifies the realm (FQDN) for this route. This name must match the realm name for the mediation server that is associated with this route.state – Specifies the administrative state of this route.disabled (default)enabled
| |
dsrProtocolVersion
| N/A | Signifies the intercepted X2 signaling protocol version towards the mediation servers. The default value 0 maintains backward compatibility with SBC Core 8.0 or earlier. | |
embedTapIdInCccId | N/A | Specifies whether the SBC embeds the Tap ID in the CCCID (Call Content Connection Identifier) it sends with X2 and X3 messages to the DF. The Tap ID comes from X1 surveillance data. The options are: enabled – The SBC generates a CCCID with the Tap ID embedded if the Tap ID is a decimal value between 1 and 65534. If the Tap ID is null, it is converted to 0, but if it is out of range or not a decimal number, it is converted to 65535 or hex 0xFFFF.disabled – (default) Embedding of the Tap ID is not required.
| |
ipInterfaceGroupName
| 0-23 | <IPIG name> – Specifies the name of the IP interface group to send X2 signaling data to the LI server.
| - Default LI
- IMS LI
- PC 2.0 LI
|
kaTimer
| 0-65535 | <# seconds> (default = 5) – The keep-alive timer value, in seconds.
| |
liPolDipForRegdOodMsgs | N/A | Specifies whether the SBC should send a policy request to the PSX, when the SBC receives a registered user's out-of-dialog messages, to determine whether interception is required. disabled (default) – The SBC does not send policy request to PSX for out-of-dialog messages.enabled – The SBC sends a policy request to PSX for out-of-dialog messages.
NOTE: This parameter is only visible when the interceptStandard is not set to packetcable. | |
mediaIpInterfaceGroupName | 1-23 characters | Specifies the name of the IP interface group to send X3 call content to the mediation server (DF). | |
mediationServer | 0-23 | <name> – Mediation server configuration to specify parameters for X2 and X3 destinations. Up to 16 mediation servers can be configured. See Mediation Server Configurations below for parameter details.
| |
priIpAddress
| N/A | <IPv4 address> – The primary LI server's IPv4 address where Call Data Channel messages are sent. (default = 0.0.0.0)
| |
priMode
| N/A | Mode of the primary server. Options are: active (default)outOfService standby
| |
priPort
| 0-65535 | <port number> – The primary LI server's UDP port where Call Data Channel messages are sent. (default = 0)
| |
pristate
| N/A | Use this flag to enable/disable communication to the primary LI server. enabled (default)disabled
| |
retries
| N/A | Number of retries before the LI Call Data Channel is considered as failed. (default = 3) | |
rtcpInterception
| N/A | Specifies whether to intercept RTCP information. Options are: disabled (default)enabled
| |
secIpAddress
| N/A | Secondary LI server's IPv4 address where Call Data Channel messages are sent. (default = 0.0.0.0) | |
secMode
| N/A | Mode of the secondary server. Options are: active outOfService (default) standby
| |
secState
| N/A | Use this flag to enable/disable communication to secondary LI server. enabled (default)disabled
| |
The SBC supports TCP to transport media details.
Command Syntax
% set addressContext <addressContext name> intercept callDataChannel <CDC name> mediationServer <mediationServer name> media tcp
dscpValue <0-63>
ipAddress <IPv4/IPv6 address>
kaInterval <5-60 seconds>
kaProbe <4-8 seconds>
kaTime <60-7200 seconds>
mode <inService | outOfService>
portNumber <0-65535>
state <disabled | enabled>
Command Parameters
Mediation Server: Media over TCP Parameters
Parameter | Length/Range | Descriptions |
---|
dscpValue | 0-63 | The DSCP value for intercepted media packets sent on TCP port. (Default = 16) |
ipAddress | IPv4/IPv6 format | The IPv4/IPv6 Address of the mediation server for media interception over TCP. |
kaInterval
| 5-60 | The duration between two successive keep alive retransmissions, if acknowledgement to the previous keep alive transmission is not received. (Default = 30 seconds) |
kaProbe
| 4-8 | The number of retransmissions to be carried out before declaring that the remote end is not available. (Default = 4) |
kaTime
| 60 to 7200 | The duration, in seconds, between the two keep alive transmissions in the idle condition. (Default = 180 seconds) |
mode | N/A | The operational mode of the signaling/media connection towards the mediation server. inService outOfService (default)
|
portNumber | 0-65535 | The TCP port number of the mediation server for media interception over TCP. (Default = 0) |
state | N/A | The administrative state of the TCP connection towards the mediation server. disabled (default)enabled
|
The SBC supports UDP to transport media details. PC 2.0 LI only supports UDP transport for media.
Command Syntax
% set addressContext <addressContext name> intercept callDataChannel <CDC name> mediationServer <mediationServer name> media udp
dscpValue <0-63>
ipAddress <IPv4/IPv6 address>
mode <inService | outOfService>
portNumber <0-65535>
state <disabled | enabled>
Command Parameters
Mediation Server: Media over UDP Parameters
Parameter | Length/Range | Descriptions |
---|
dscpValue | 0-63 | The DSCP value for intercepted media packets sent on UDP port. (Default = 16) |
ipAddress | IPv4/IPv6 format | The IPv4/IPv6 Address of the mediation server for media interception over UDP. |
mode | N/A | The operational mode of the signaling/media connection towards the mediation server.
inService outOfService (default)
|
portNumber | 0-65535 | The UDP port number of the mediation server for media interception over UDP. (Default = 0) |
state
| N/A | The administrative state of the UDP connection towards the mediation server. disabled (default)enabled
|
Command Syntax
% set addressContext <addressContext name> intercept callDataChannel <CDC name> mediationServer <mediationServer name> signaling
dscpValue <0-63>
ipAddress <IPv4/IPv6 address>
mode <inService | outOfService>
portNumber <0-65535>
protocolType <tcp | udp>
realmName <realm name>
state <disabled | enabled>
Command Parameters
Mediation Server: Signaling Parameters
Parameter | Descriptions |
---|
signaling
| Mediation server signaling interception settings. dscpValue – The DSCP value for intercepted signaling packets sent on this port. (range: 0-63 / default = 16)ipAddress – The IPv4/IPv6 Address of the mediation server for signaling interception.mode – The operational mode of the signaling/media connection towards the mediation server.
inService outOfService (default)
portNumber – The UDP/TCP port number of the mediation server for signaling interception. (range: 0-65536 / default = 0)protocolType – The protocol used by the mediation server for signaling interception (TCP/UDP).
realmName – The name of the realm to which this mediation server belongs. This name must match the realm name in the diameterRealmRoute configuration for the Diameter connection to be used to reach this mediation server. This option applies only to PC 2.0 LI deployments.state – The administrative state of the signaling/media connection towards the mediation server.
disabled (default)enabled
|
To retrieve LI statistics, use the command:
> show status addressContext <addressContext name> intercept
Command Examples
To configure the name of the IP interface group used to stream to the LI server, use the commands:
% set addressContext default intercept callDataChannel CDC ipInterfaceGroupName LIG1
% commit
To configure the intercept standard, use the commands:
% set addressContext default intercept callDataChannel CDC interceptStandard etsi
% commit
To configure the vendor ID, use the commands:
% set addressContext default intercept callDataChannel CDC interceptStandard etsi vendorId verint
% commit
To configure intercept standard, vendor type, and mediation server name, use the commands:
% set addressContext default intercept callDataChannel CDC interceptStandard etsi vendorId verint mediationServer ms1
% commit
To configure mediation server parameters for media interception over TCP, use the commands:
% set addressContext default intercept callDataChannel CDC mediationServer ms1 media tcp dscpValue 0 ipAddress 10.54.66.67 portNumber 7870
% commit
% set addressContext default intercept callDataChannel CDC mediationServer ms1 media tcp mode inService state enabled
% commit
To configure mediation server parameters for media interception over UDP, use the commands:
% set addressContext default intercept callDataChannel CDC mediationServer ms1 media udp dscpValue 0 ipAddress 10.54.66.57 portNumber 7881
% commit
% set addressContext default intercept callDataChannel CDC mediationServer ms1 media udp mode inService state enabled
% commit
To configure mediation server parameters for signaling interception, use the commands:
% set addressContext default intercept callDataChannel CDC mediationServer ms1 signaling dscpValue 0 ipAddress 10.54.64.80 portNumber 7880 protocolType tcp
% commit
% set addressContext default intercept callDataChannel CDC mediationServer ms1 signaling mode inService state enabled
% commit
To enable RTCP interception, use the commands:
% set addressContext default intercept callDataChannel CDC rtcpInterception enabled
% commit
To enable sending a policy dip to the PSX for registered users' out-of-dialog messages, use the commands:
% set addressContext default intercept callDataChannel CDC liPolDipForRegdOodMsgs enabled
% commit