Overview

The SBC Core acting as P-CSCF or I-BCF can be configured to intercept IMS sessions. This feature can also be used in non-IMS deployments, to intercept audio/video/clearmode and fax streams.

The figure below depicts the deployment scenario of the SBC to support Lawful Interception (LI).

Figure 1: SBC for Lawful Interception



  • X1 interface: This interface is known as Provisioning interface that is supported by Ribbon RAMP using XML/TCP.
  • X2 interface: This interface is known as Signaling interface that is supported by Ribbon SBC to send call data (signaling) messages over TCP using an optional IPSec tunnel. This interface encapsulates a copy of the SIP signaling message sent/received towards/from the target.
  • X3 interface: This interface is known as Media interface that is supported by Ribbon SBC to send call content (media) messages over UDP or TCP. These media streams (audio/video/image/clearmode/MSRP/BFCP/FECC) carries a copy of the stream sent/received towards/from the target. The SBC sends media call content messages over UDP or TCP through X3 interface. The SBC is enhanced to support sending the media call content messages over TCP using an optional IPsec tunnel through X3 interface.

    Note

    The SBC support IPsec with IMS LI for media interception over UDP and TCP.

At a high level, the functions performed by the Lawful Intercept are:

  • Support of Encapsulation mode (multimedia) for all signaling messages and media streams, Encapsulation mode signifies intercepting the received or sent signaling or media stream, by appending an header with extra information, towards the Mediation Server.
  • Support for SIP URI and DN based interception
  • Support for intercepting RTP media types such as audio, video, image (fax), clearmode
  • Support for intercepting any SIP signaling messages
  • Support for sending intercepted signaling messages over TCP, using an optional IPSec tunnel

  • Support for Real Time Control Protocol (RTCP) interception
  • Support for Video and auxiliary video interception
  • Support for Message Session Relay Protocol (MSRP) and Binary Floor Control Protocol (BFCP) interception
  • Support for Far End Camera Control (FECC) interception

If media interception over UDP and TCP are both configured at the CDC, the transport type for interception is decided based on the following conditions:

  • For Audio, Video, and FECC interception:
        a. First preference is provided to UDP interception. If a CDC configuration for the Mediation server for media contains UDP mediation server information, media is intercepted over UDP.
        b. The next preference is provided to TCP interception. If a CDC does not have UDP Mediation server configuration and it has only TCP mediation server configuration for Media, media is intercepted over TCP.
  • For MSRP interception:
       a. Only interception over TCP is supported.
       b. If CDC is not configured for TCP interception, interception is not supported.
  • For BFCP over TCP:
       a. Only interception over TCP is supported.
       b. If CDC is not configured for TCP interception, interception is not supported.
  • For BFCP over UDP:
       a. Only interception over UDP is supported.
       b. If CDC is not configured for UDP interception, interception is not supported.
Note

The SBC is enhanced to support IMS LI for PS-to-PS Handover scenarios. The enhancement has no impact on the IMS routing.

RAMP/PSX support for LI

For more information on RAMP and PSX configuration for Lawful intercept, refer to the RAMP doc Lawful Intercept Guide.

For configuration details, see Configuring SBC For Lawful Interception.

Note

The interface between PSX and the SBC allows the PSX to send, and the SBC to receive, the TAP ID or Lawful Intercept ID. Use RAMP to perform the relevant configurations.

The TAP ID, is a decimal value between 1 and 4,294,967,295 (4 bytes). The default value of TAP ID is 0.

If the SBC receives a non-zero TAP ID from the PSX, it embeds the value in the Correlation ID (CCID) and sends the TAP ID as a separate Tag Length Value (TLV) in the Direct Signaling Report (DSR) message.

If the SBC receives the value 0 as TAP ID, it does not take any action.