In this section:
Configuring the Call Data Channel
To configure Call Data Channel (CDC):
- Configuring the Node Number
- Creating CDC for Intercept Flavor as IMS LI
- Configuring CDC for Media Interception Over TCP
- Configuring CDC for Media Interception Over UDP
- Configuring CDC for Signaling Interception
- Configuring CDC for RTCP Interception
- Configuring CDC for "Li Pol Dip For Regd Ood Msg"
- Configuring SBC Core IPsec
Note
All LI flavors except Default/Legacy LI support IPV6 addresses.
Configuring the Node Number
As user ''Calea'', use the following commands to configure LI:
set addressContext default intercept nodeNumber 7788
Note
- If the CDC is configured through RAMP, the node number is configured automatically by RAMP.
- If the CDC is configured through the SBC, the node number must be configured along with the CDC on the SBC.
Creating CDC for Intercept Flavor as IMS LI
For other options of configuring the intercept flavor as IMS LI, refer to the section Configuring SBC For Lawful Interception.
% set addressContext default intercept callDataChannel <callDataChannel_name> liPolDipForRegdOodMsg <disabled | enabled> interceptStandard <etsi | threeGpp> rtcpInterception <disabled | enabled> ipInterfaceGroupName <ipInterfaceGroup_name> mediaIpInterfaceGroupName <mediaIpInterfaceGroup_name> vendorId <verint | utimaco | none | groupTwoThousand> dsrProtocolVersion <0 | 1>
An example of how to create a CDC for the intercept flavor as IMS LI is shown below:
Note
The dsrProtocolVersion always comes after the interceptStandard and vendorId.
set addressContext default intercept nodeNumber 74120 callDataChannel CDC ipInterfaceGroupName LIF1 interceptStandard etsi vendorId groupTwoThousand mediaIpInterfaceGroupName LIF1 dsrProtocolVersion 1 % commit
Note
The ipInterfaceGroup/mediaIpInterfaceGroup for CDC must be different from other signaling/media ipInterface groups. This ensures that LI doesn't use signaling ipAddress to send intercepted traffic (media/signaling) towards the mediation server.
Refer to Viewing the CDC Configuration for an example configuration. For IPsec encapsulation, refer to the section Configuring IPsec for Signaling and Media Interception.
Note
The SBC allows configuration of a maximum of 16 mediation servers for IMS LI in the Call Data Channel (CDC). When a call is tapped, the SBC selects among the Delivery Function 2 (DF2) servers in a round-robin manner, and establishes persistent TCP connections with all configured mediation servers.
Each mediation server object contains the Signaling(X2) and Media (X3) IP addresses. The SBC allows configuration of multiple mediation servers with the same X2 IP address but a different X3 IP address.
For IMS LI, the SBC does not support any Active-Standby configuration for the X2 servers. It assumes that the DF2 servers are running in Active-Active mode, and in case of a failure, moves the IP address of the active DF2 server to the standby DF2 server.
The X2 and X3 servers operate independently. Even if the X2 servers are not reachable, the SBC sends X3 media if DF3 servers are available, and vice versa.
The SBC buffers the X2 messages if the corresponding mediation server is not operational.
For more information, refer to Intercept - CLI.
The alarms sonusSbxImMediationServerX2MsgBufferFull and sonusSbxImMediationServerX2MsgBufferAvailable indicate the status of the DSR buffer. The alarms are raised depending on whether the DSR buffer is full, or available.
Configuring CDC for Media Interception Over TCP
% set addressContext default intercept callDataChannel <callDataChannel_name> mediationServer <MS_name> media tcp ipAddress <IP_Address> portNumber <0-65535> dscpValue <0-63> mode <inService | OutofService> state <disabled | enabled> kaTime <60-7200> kaInterval <5-60> kaProbe <4-8>
The following is an example of how to configure a CDC for the media interception over TCP.
set addressContext default intercept callDataChannel CDC mediationServer MS1 media tcp ipAddress 10.54.78.20 portNumber 65120 commit set addressContext default intercept callDataChannel CDC mediationServer MS1 media tcp state enabled mode inService commit
Configuring CDC for Media Interception Over UDP
% set addressContext default intercept callDataChannel <callDataChannel_name> mediationServer <MS_name> media udp ipAddress <IP_Address> portNumber <0-65535> dscpValue <0-63> mode <inService | OutofService> state <disabled | enabled> kaTime <60-7200> kaInterval <5-60> kaProbe <4-8>
The following is an example of how to configure a CDC for the media interception over UDP.
set addressContext default intercept callDataChannel CDC mediationServer MS1 media udp ipAddress 10.54.78.20 portNumber 65200 commit set addressContext default intercept callDataChannel CDC mediationServer MS1 media udp state enabled mode inService commit
Note
The SBC supports IPsec for signaling interception over TCP.
The SBC supports IPsec for media interception over TCP and UDP.
Configuring CDC for Media Interception Over TLS
X3 Interface
The current configurations for media and TCP are replicated for the TLS protocol.
X3 Interface Syntax – TLS Profile Name
SBC supports configuring tlsProfileName on the Mediation Server for the media (X3) channel as part of the TLS protocol container.
X3 Interface CLI - TLS Profile Name
set addressContext default intercept callDataChannel <Call Data Channel> mediationServer <server name> media < tcp | tls | udp > tlsProfileName <name>
X3 Interface – IP Address, Port Number, State, and Mode
For the media (X3) interface, the SBC provides an option to configure the IP Address, IP Port, State, and Mode when configuring protocolType as tls. The current configurations of media/tcp are replicated for the TLS protocol.
X3 Interface CLI - IP Address, Port Number, State, and Mode
set addressContext default intercept callDataChannel <CDC name> mediationServer <Mediation Server name media tls ipAddress <ip address> portNumber <port number> set addressContext default intercept callDataChannel CDC mediationServer MSA media tls tlsProfileName <profile name> set addressContext default intercept callDataChannel CDC mediationServer MSA media tls state <disabled | enabled> mode <inService | outOfService>
Command Parameters - X3 Interface
Parameter Name | Length/Range | Default Value | Description | M/O |
| N/A | N/A | Call Data Channel name | M |
| N/A | N/A | Mediation Server name | O |
| <inService | OutofService> | outOfService | The operational mode of TLS connection towards the mediation server for media interception. | O |
| N/A | N/A | Port number of the mediation server for media interception over TLS. | O |
| < disabled | enabled > | disabled | The administrative state of the TLS connection towards the mediation server for media interception. | O |
tlsProfileName | N/A | N/A | TLS Profile name used by this Signaling Port. | O |
Configuration Examples
Configuration for creating the CallDataChannel
set addressContext default intercept callDataChannel CDC interceptStandard threeGpp vendorId groupTwoThousand ipInterfaceGroupName LIG1 mediaIpInterfaceGroupName LIG1 liPolDipForRegdOodMsg enabled rtcpInterception enabled dsrProtocolVersion 1 commit
Configuration for Creating the CDC with Mediation for Signaling
set addressContext default intercept callDataChannel CDC mediationServer MSA signaling ipAddress 10.54.81.88 portNumber 3412 protocolType tls commit set addressContext default intercept callDataChannel CDC mediationServer MSA signaling tlsProfileName defaultTlsProfile commit set addressContext default intercept callDataChannel CDC mediationServer MSA signaling state enabled> mode inService commit
Configuration for Creating the CDC with Mediation for Media
set addressContext default intercept callDataChannel CDC mediationServer MSA media tls ipAddress 10.54.81.88 portNumber 4511 commit set addressContext default intercept callDataChannel CDC mediationServer MSA media tls tlsProfileName defaultTlsProfile commit set addressContext default intercept callDataChannel CDC mediationServer MSA media tls state enabled mode inService commit
Configuring CDC for Signaling Interception
Command Syntax - CLI
% set addressContext <addressContext name> intercept callDataChannel <CDC name> mediationServer <mediationServer name> signaling
dfGroupName <DF Group name>
dscpValue <0-63>
ipAddress <IPv4/IPv6 address>
mode <inService | outOfService>
portNumber <0-65535>
protocolType <tcp | udp>
realmName <realm name>
state <disabled | enabled>
Command Parameters
Note
The SBC CNe does not support multiple Mediation Servers. However, this feature is supported with a single mediation server.
Up to 63 characters The name of the DF Group configured against the Intercept Targets for which this Mediation server is to be used for interception. Note: This parameter is applicable for PC2 LI and IMS LI. However, it is optional in IMS LI. 0-63 The DSCP value for intercepted signaling packets sent on this port. The default is 16. IPv4: 32-bit format IPv6: 128-bit format The IPv4/IPv6 Address of the mediation server for signaling interception. N/A The operational mode of the signaling/media connection towards the mediation server. 0-65536 The UDP/TCP port number of the mediation server for signaling interception. The default is 0. N/A The protocol used by the mediation server for signaling interception (TCP/UDP). N/A The name of the realm to which this mediation server belongs. This name must match the realm name in the Note: This option applies only to PC 2.0 LI deployments. N/A The administrative state of the signaling/media connection towards the mediation server. The Parameter Length/Range Descriptions dfGroupNamedscpValueipAddressmodeinServiceoutOfService (default)portNumberprotocolTypetcp (default)udprealmNamediameterRealmRoute configuration for the Diameter connection used to reach this mediation server. statedisabled (default)enabled
Note
protocolType "udp" is not currently supported for signaling interception.
The following is an example of how to configure a CDC for the signaling interception.
set addressContext default intercept callDataChannel CDC mediationServer MS1 signaling ipAddress 10.54.78.20 portNumber 65300 protocolType tcp dfGroupName dfGroupname_1
commit
set addressContext default intercept callDataChannel CDC mediationServer MS1 signaling state enabled mode inService
commit
Configuring CDC for RTCP Interception
set addressContext default intercept callDataChannel CDC rtcpInterception enabled commit
Note
The rtcpInterception parameter is visible, when interceptStandard and vendorId is configured as IMS LI.
Configuring CDC for "Li Pol Dip For Regd Ood Msg"
The parameter liPolDipForRegdOodMsg when enabled is used to indicate SBC to send policy request to PSX for registered Out-Of-Dialog requests(messages) to be intercepted. When this parameter is disabled, policy request is not sent to PSX for registered Out-Of-Dialog requests (messages).
Enable the support for Policy dip, for registered users out-of-dialog messages, to decide on interception, by executing the command
set addressContext default intercept callDataChannel CDC liPolDipForRegdOodMsg enabled commit
Note
The liPolDipForRegdOodMsg parameter is visible, when interceptStandard and vendorId is configured as IMS LI.
Configuring IPsec for Signaling and Media Interception
As user ''Admin'', use the following commands to configure IPsec:
Note
- This optional configuration is needed if secure connection is required between the SBC and the Mediation Server.
The SBC supports IPsec for signaling interception over TCP.
The SBC supports IPsec for media interception over TCP, UDP, and TLS.
- The SPD entry is required to create the following entries:
localIdentity ipAddress– The SBC Interface Group IP associated with the LI CDC.remoteIdentity ipAddress– The Mediation Server IP configured in the LI CDC.
The recommended setting for LI IPsec mode is 'transport'.
Info
For more information on IPsec configuration, refer to the section IP Security - CLI.
### create and configure IKE and IPsec protection profiles set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF saLifetimeTime 28800 set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF espAlgorithms integrity hmacSha1,hmacMd5 set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF espAlgorithms encryption aesCbc128,_3DesCbc set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF saLifetimeTime 28800 set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF algorithms encryption aesCbc128,_3DesCbc set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF algorithms integrity hmacSha1,hmacMd5 set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF dpdInterval noDpd ### create IKE peer set addressContext default ipsec peer PRGGSX2 ipAddress 10.54.78.20 preSharedKey 00000000000000000000000000000000 localIdentity type ipV4Addr ipAddress 10.220.41.161 set addressContext default ipsec peer PRGGSX2 remoteIdentity type ipV4Addr ipAddress 10.54.78.20 set addressContext default ipsec peer PRGGSX2 protocol ikev1 protectionProfile PRGGSX2_IKE_PROT_PROF ### create an SPD rule for this IKE peer set addressContext default ipsec spd PRGGSX2_SPD state enabled precedence 1001 set addressContext default ipsec spd PRGGSX2_SPD localIpAddr 10.220.41.161 localIpPrefixLen 32 remoteIpAddr 10.54.78.20 remoteIpPrefixLen 32 set addressContext default ipsec spd PRGGSX2_SPD action protect set addressContext default ipsec spd PRGGSX2_SPD protocol 0 set addressContext default ipsec spd PRGGSX2_SPD protectionProfile PRGGSX2_IPSEC_PROT_PROF set addressContext default ipsec spd PRGGSX2_SPD mode transport set addressContext default ipsec spd PRGGSX2_SPD peer PRGGSX2 ### enable IPsec on the IP interface group set addressContext default ipInterfaceGroup LIG1 enabled
Note
The SBC is enhanced to support IMS LI for PS-to-PS Handover scenarios. The enhancement has no impact on the IMS routing.
Viewing IMS LI Configuration
Enter the show commands to view the configurations.
Viewing the Intercept Details
To view the intercept details, execute the following command:
show status addressContext default intercept callDataChannel
callDataChannel CDC {
mediationServerMediaStatus MS1 {
tcpChannelstatus inService;
tcpPacketsSent 0;
tcpPacketsLost 0;
udpPacketsSent 0;
udpPacketsLost 0;
}
mediationServerSignalingStatus MS1 {
tcpChannelStatus inService;
DSRSuccess 0;
DSRFailures 0;
}
}
[ok]
Viewing the CDC Configuration
To view the CDC configuration, execute the following command:
show addressContext default intercept
nodeNumber 7788;
callDataChannel CDC {
dsrProtocolVersion 0;
interceptStandard etsi;
vendorId verint;
ipInterfaceGroupName LIG1;
liPolDipForRegdOodMsg enabled;
rtcpInterception enabled;
mediaIpInterfaceGroupName LIG1;
mediationServer MS1 {
signaling {
ipAddress 10.54.78.20;
portNumber 65300;
protocolType tcp;
mode inService;
state enabled;
}
media {
tcp {
ipAddress 10.54.78.20;
portNumber 65120;
mode inService;
state enabled;
}
udp {
ipAddress 10.54.78.20;
portNumber 65200;
mode inService;
state enabled;
}
}
}
}
[ok]
Overview
Content Tools