Skip to end of metadata
Go to start of metadata


The SBC Core provides Lawful Intercept (LI) support using one of two methods:

  • Using ERE with provisioning support from EMA (license required).
  • Using centralized PSX with provisioning support from EMS (license required).

The SBC supports up to 500 simultaneous LI sessions. SBC works in coordination with an Intercept Server (IS) to provide call data and call content to law enforcement agencies for calls involving identified intercept subjects. When it receives matching LI criteria in a policy response from ERE (or external PSX in centralized PSX solution), the SBC routes the call as directed and additionally reports call events to the IS.

The SBC also sends an RTP copy of the call's voice streams (call content) to an IP address provided by the IS. LI is configured by EMA (or EMS in centralized PSX solution). The target number is uploaded to LI table of ERE (or PSX, with the help of EMS).

You must use the default addressContext when configuring LI.

See Lawful Intercept page for an in-depth explanation of LI functionality.

Info

The SBC 52x0 and SBC 7000 systems support creating IP Interface Groups containing sets of IP interfaces that are not "processor friendly" (i.e. carried on physical Ethernet ports served by separate processors). However, restrictions exist regarding the usage of such Interface Groups.

For complete details, see Configuring IP Interface Groups and Interfaces.

(The above ability does not apply to the SBC 51x0 and SBC 5400 systems which have only two physical media ports. IP interfaces from the two physical ports may be configured within the same IP Interface Groups without restriction.)

 

When configuring LI through EMA/ERE, you must be 'Calea' user. See Managing SBC Core Users and Accounts for descriptions of users and permissions.

 

LI Commands

Command Syntax

As user 'Calea', use the following command syntax to configure LI.

% set addressContext <default> intercept 
   callDataChannel <callDataChannel> 
   nodeNumber <integer>

Command Parameters

Table : Intercept Parameters

 

Parameter

Length/Range

Description

CallDataChannel

1-23

The user-configurable LI Call Data Control Channel name.

(See Call Data Channel Parameters table below for parameter details)

nodeNumber

0-9999999

The unique global node number to assign to the SBC which is used by the LI server for identification purposes.

Call Data Channel Commands

Command Syntax

As user 'Calea', use the following command to establish the LI call data channel configuration:

Call Data Channel Syntax
% set addressContext <default> intercept callDataChannel <callDataChannel_name>
	interceptStandard < etsi | packetcable | packetcablePlusEtsi | threeGpp>
	ipInterfaceGroupName <ipInterfaceGroup_Name> 
	kaTimer <0-65535 seconds>
	liPolDipForRegdOodMsgs <disabled | enabled>
	mediationServer <server name>
	priIpAddress <IPv4 address> 
	priMode <active | outofservice | standby> 
	priPort <0-65535> 
	priState <disabled | enabled> 
	retries <value>
	rtcpInterception <disabled | enabled>
	secIpAddress <IP_Address> 
	secMode <active | outofservice | standby> 
	secState <disabled | enabled>
	vendorId <none | ss8 | utimaco | verint>

Call Data Channel (CDC) Parameters

Table : Call Data Channel Parameters

 

Parameter

Length/Range

Description

interceptStandard

N/A

The Intercept Standard to use for this Call Data Channel.

  • etsi
  • packetcable (default)
  • packetcablePlusEtsi1
  • threeGpp

Modified: for 5.1.4

ipInterfaceGroupName

0-23

<IPIG name> – Name of the IP interface group used to stream to the LI Server.

kaTimer

0-65535

<# seconds> (default = 5) – The keep-alive timer value, in seconds.

liPolDipForRegdOodMsgs N/A

 Use this flag to control the sending of the policy dip to PSX for registered user's Out-Of-Dialog messages.

  • disabled (default) – SBC does not send policy request to PSX for registered out-of-dialog requests (messages).
  • enabled – SBC sends policy request to PSX for registered out-of-dialog requests for interception.
mediationServer0-23

<name> – Name of the Mediation Server. Up to eight Mediation Servers are configurable for each CDC. See Mediation Server Configurations below for parameter details.

Note: The mediationServer parameter is only visible when interceptStandard and vendorId are configured for IMS LI (see table Configuring SBC for Different LI Flavors).

priIpAddress

N/A

<IPv4 address> – The primary LI Server's IPv4 address where Call Data Channel messages are sent. (default = 0.0.0.0)

priMode

N/A

Mode of the primary server. Options are:

  • active (default)
  • outOfService
  • standby

priPort

0-65535

<port number> – The primary LI Server's UDP port where Call Data Channel messages are sent. (default = 0)

pristate

N/A

Use this flag to enable/disable communication to the primary LI Server.

  • enabled (default)
  • disabled

retries

N/A

Number of retries before the LI Call Data Channel is considered as failed. (default = 3)

rtcpInterception

N/A

Enable this flag to intercept RTCP information for IMS LI.

  • disabled (default)
  • enabled

secIpAddress

N/A

Secondary LI Server's IPv4 address where Call Data Channel messages are sent. (default = 0.0.0.0)

secMode

N/A

Mode of the secondary server. Options are:

  • active
  • outOfService (default)
  • standby

secState

N/A

Use this flag to enable/disable communication to secondary LI Server.

  • enabled (default)
  • disabled

vendorId

N/A

The vendor name of the LI server.

  • none (default)
  • ss8
  • utimaco
  • verint

1For Legacy LI, when interceptStandard is set to packetcablePlusEtsi, the following behavior can be seen. SBC sends the following parameters in Signaling Start message in addition to the existing parameters.

PACKET_CABLE_CHARGE_NUMBER_ID (16)

PACKET_CABLE_SONUS_HIGH_LAYER_COMPATIBILITY_ID (142)

PACKET_CABLE_SONUS_LOW_LAYER_COMPATIBILITY_ID (143)

PACKET_CABLE_SONUS_CALLING_PARTY_CATEGORY_ID (156)

PACKET_CABLE_SONUS_LOCATION_NUMBER_ID (151)

PACKET_CABLE_SONUS_LOCATION_NUMBER_NOA_ID (150)

PACKET_CABLE_SONUS_TRUNK_GROUP_NAME_ID (154)

PACKET_CABLE_SONUS_PEER_TRUNK_GROUP_ID (153)

PACKET_CABLE_SONUS_PEER_TRUNK_GROUP_NAME_ID (155)

PACKET_CABLE_SONUS_USER_TO_USER_INFO_ID (144)

PACKET_CABLE_SONUS_TMR_ID (140) or  PACKET_CABLE_SONUS_USI_ID (141)

PACKET_CABLE_SONUS_CALLING_PARTY_SUBADDR_ID (145)

PACKET_CABLE_SONUS_CALLED_PARTY_SUBADDR_ID (146)

PACKET_CABLE_SONUS_GENERIC_NUM_ID (148)

PACKET_CABLE_SONUS_GENERIC_NUM_NOA_ID (147)

PACKET_CABLE_SONUS_GENERIC_NOTIF_ID (149)

PACKET_CABLE_SONUS_REDIRECTION_INFO_ID (152)

 

The SBC sends the following parameters in Call Answer message in addition to the existing parameters.

PACKET_CABLE_SONUS_USER_TO_USER_INFO_ID (144)

PACKET_CABLE_SONUS_GENERIC_NUM_ID (148)

PACKET_CABLE_SONUS_GENERIC_NUM_NOA_ID (147)

PACKET_CABLE_SONUS_GENERIC_NOTIF_ID (149)

PACKET_CABLE_SONUS_CALLED_PARTY_CATEGORY_ID (157)

PACKET_CABLE_TRUNK_GROUP_ID_ID (24)

PACKET_CABLE_SONUS_TRUNK_GROUP_NAME_ID (154)

PACKET_CABLE_SONUS_PEER_TRUNK_GROUP_ID (153)

PACKET_CABLE_SONUS_PEER_TRUNK_GROUP_NAME_ID (155)

 

Note: All the preceding parameters are sent when the respective parameters are received in the SIP signaling messages(INVITE, 200 OK and so on).

 

The SBC sends the Service instance message for the following services in addition to the existing services:

IMLIB_SERVICE_NAME_CALL_HOLD (8)

IMLIB_SERVICE_NAME_CALL_RETRIEVE (9)

IMLIB_SERVICE_NAME_CALL_SUSPEND (10)

IMLIB_SERVICE_NAME_CALL_RESUME (11)

 

PACKET_CABLE_DN_LENGTH is changed from 20 to 31, so there will be impact in all the relevant parameters which use this value:

PACKET_CABLE_CHARGE_NUMBER_ID in Call Answer message.

PACKET_CABLE_CHARGE_NUMBER_ID in Service Instance message.

PACKET_CABLE_SIGNAL_TO_NUMBER_ID and PACKET_CABLE_SIGNAL_FROM_NUMBER_ID Signaling Instance message.


 

 

Mediation Server Configurations

Mediation Server for Media Interception over TCP

Command Syntax

% set addressContext <addressContext name> intercept callDataChannel <CDC name> mediationServer <mediationServer name> media tcp
	dscpValue <0-63>
	ipAddress <IPv4/IPv6 address>
	mode <inService | outOfService>
	portNumber <0-65535>
	state <disabled | enabled>

Command Parameters

Table : Mediation Server: Media over TCP Parameters

ParameterDescriptions

media tcp

 Use TCP to transport mediation server details.

  • dscpValue – The DSCP value for intercepted media packets sent on TCP port. (range: 0-63 / default = 16)
  • ipAddress – The IPv4/IPv6 Address of the mediation server for media interception over TCP.
  • mode – The operational mode of the signaling/media connection towards the mediation server.
    • inService
    • outOfService (default)
  • portNumber – The TCP port number of the mediation server for media interception over TCP. (range: 0-65536 / default = 0)
  • state – The administrative state of the TCP connection towards the mediation server.
    • disabled (default)
    • enabled

 

Mediation Server for Media Interception over UDP

Command Syntax

% set addressContext <addressContext name> intercept callDataChannel <CDC name> mediationServer <mediationServer name> media udp
	dscpValue <0-63>
	ipAddress <IPv4/IPv6 address>
	mode <inService | outOfService>
	portNumber <0-65535>
	state <disabled | enabled>

Command Parameters

Table : Mediation Server: Media over UDP Parameters

ParameterDescriptions

media udp

 Use UDP to transport mediation server details.

  • dscpValue – The DSCP value for intercepted media packets sent on UDP port. (range: 0-63 / default = 16)
  • ipAddress – The IPv4/IPv6 Address of the mediation server for media interception over UDP.
  • mode – The operational mode of the signaling/media connection towards the mediation server.
    • inService
    • outOfService (default)
  • portNumber – The UDP port number of the mediation server for media interception over UDP. (range: 0-65536 / default = 0)
  • state – The administrative state of the UDP connection towards the mediation server.
    • disabled (default)
    • enabled

 

Mediation Server for signaling interception

Command Syntax

Mediation Server Syntax
% set addressContext <addressContext name> intercept callDataChannel <CDC name> mediationServer <mediationServer name> signaling
	dscpValue <0-63>
	ipAddress <IPv4/IPv6 address>
	mode <inService | outOfService>
	portNumber <0-65535>
	protocolType <tcp | udp>
	state <disabled | enabled>

Command Parameters

Table : Mediation Server: Signaling Parameters

ParameterDescriptions

signaling

Mediation server signaling interception settings.

  • dscpValue – The DSCP value for intercepted signaling packets sent on this port. (range: 0-63 / default = 16)
  • ipAddress – The IPv4/IPv6 Address of the mediation server for signaling interception.
  • mode – The operational mode of the signaling/media connection towards the mediation server.
    • inService
    • outOfService (default)
  • portNumber – The UDP/TCP port number of the mediation server for signaling interception. (range: 0-65536 / default = 0)
  • protocolType – The protocol used by the mediation server for signaling interception (TCP/UDP).
    • tcp (default)
    • udp
  • state – The administrative state of the signaling/media connection towards the mediation server.
    • disabled (default)
    • enabled

Note

The protocolType "udp" command is not supported for Signaling interception in this release.

 

To retrieve the LI statistics:

> show status addressContext <addressContext name> intercept

 

Configuring SBC for Different LI Flavors

The following table depicts the interceptStandard and verndorId configuration options to configure SBC for the the various LI flavors.

Table : Configuring SBC for Different LI Flavors

 
Configuration Settings

 

LI Flavor

interceptStandardvendorId
packetcablenone/utimaco/verintLegacy LI (default)
packetcabless8SS8 LI
packetcablePlusEtsinone/utimaco/verintLegacy LI (default)
threeGpp/etsinone/utimaco/verintIMS LI

Command Examples

To configure the name of the IP interface group used to stream to the LI Server:

% set addressContext default intercept callDataChannel CDC ipInterfaceGroupName LIG1
% commit

Note

The mediation server’s ipInterfaceGroup must be different from other signaling ipInterface groups to ensure that LI does not use the signaling ipAddress to send intercepted traffic (media/signaling) towards the mediation server. 

 

To configure intercept standard:

% set addressContext default intercept callDataChannel CDC interceptStandard etsi
% commit

 

To configure the vendor ID:

% set addressContext default intercept callDataChannel CDC interceptStandard etsi vendorId verint
% commit

 

To configure mediation server for media interception:

Note

Mediation server’s ipInterfaceGroup must be different from other signaling ipInterface groups. This ensures that LI doesn't use signaling ipAddress to send intercepted traffic (media/signaling) towards Mediation Server.

% set addressContext default intercept callDataChannel CDC interceptStandard etsi vendorId verint mediationServer ms1
% commit

 

To configure mediation server for media interception over TCP:

% set addressContext default intercept callDataChannel CDC mediationServer ms1 media tcp dscpValue 0 ipAddress 10.54.66.67 portNumber 7870
% commit
% set addressContext default intercept callDataChannel CDC mediationServer ms1 media tcp mode inService state enabled 
% commit

 

To configure mediation server for media interception over UDP:

% set addressContext default intercept callDataChannel CDC mediationServer ms1 media udp dscpValue 0 ipAddress 10.54.66.57 portNumber 7881
% commit
% set addressContext default intercept callDataChannel CDC mediationServer ms1 media udp mode inService state enabled 
% commit

 

To configure mediation server for signaling interception:

% set addressContext default intercept callDataChannel CDC mediationServer ms1 signaling dscpValue 0 ipAddress 10.54.64.80 portNumber 7880 protocolType tcp
% commit
% set addressContext default intercept callDataChannel CDC mediationServer ms1 signaling mode inService state enabled
% commit

 

To configure RTCP interception:

% set addressContext default intercept callDataChannel CDC rtcpInterception enabled
% commit

 

To enable the sending of the policy dip to PSX for registered user's Out-Of-Dialog messages:

% set addressContext default intercept callDataChannel CDC liPolDipForRegdOodMsgs enabled
% commit