Starent Networks Multimedia Core PlatformsLawful Intercept Configuration GuideVersion 9.0Generally Available03-31-2010P/N: 901-00-0081 Rev ENOTICE OF COPYRIGHTThe material contained in this document is for informational purposes only and is subject to change without notice.No part of this document may be reproduced, transmitted, transcribed, or stored in a retrieval system in any form or by any means, mechanical, magnetic, optical, chemical, or otherwise without the written permission of Starent Networks, Corp.Starent, the Starent logo, ST16, and ST40 are registered trademarks of Starent Networks, Corp. How Wireless Connects and StarOS are trademarks of Starent Networks, Corp.VA Linux is a registered trademark of VA Linux Systems, Inc. Microsoft and Microsoft Windows are registered trademarks of Microsoft Corporation. Sun, Solaris, and Netra are registered trademarks of Sun Microsystems. Linux is a registered trademark of Linus Torvalds. Adobe, Acrobat, Acrobat Reader are registered trademarks of Adobe Systems, Inc. CompactFlash is a trademark of SanDisk Corporation. Panduit is a registered trademark or Panduit Corporation. HyperTerminal is a registered trademark of Hilgraeve Inc. MOLEX is a registered trademark of Molex Inc. Red Hat is a registered trademark of Red Hat, Inc. Intel is a registered trademark of Intel Corporation. PacketCable is a trademark of Cable Television Laboratories, Inc. Any trademarks, trade names, service marks, or service names owned or registered by any other company and used in this documentation are the property of their respective companies.Copyright 2010 Cisco and/or its affiliates. All rights reserved.30 International PlaceTewksbury, MA 01876978.851.1100Visit us at http://www.starentnetworks.comTABLE OF CONTENTSAbout This GuideConventions Used .........................................................................................................................viiiContacting Starent Networks .......................................................................................................... ixContacting Starent Networks Customer Support ....................................................................... ixProviding Documentation Feedback.......................................................................................... xSection I: Introduction and OverviewChapter 1: Lawful Intercept in Wireless Data ServicesProduct Description ......................................................................................................................1-2Product Specification...................................................................................................................1-3Licenses...................................................................................................................................1-3Hardware Requirements..........................................................................................................1-3Platforms .............................................................................................................................1-3Operating System Requirements.............................................................................................1-3Network Deployment and Interfaces ............................................................................................1-4Lawful Intercept with CSCF (P-CSCF and S-CSCF).............................................................1-4Lawful Intercept with GGSN/HA ............................................................................................1-5Lawful Intercept with PDSN/HA............................................................................................1-6Active LI support in cdma2000 network ............................................................................1-6Camp-on LI support in cdma2000 network ........................................................................1-8Lawful Intercept with PDN Gateway (P-GW)........................................................................1-9Lawful Intercept with SGSN .................................................................................................1-10Lawful Intercept with Serving Gateway (S-GW) ..................................................................1-11Supported Interfaces ..............................................................................................................1-11Section II: Service ConfigurationChapter 2: Lawful Intercept with CSCF ServiceIntroduction..................................................................................................................................2-2Supported Standards .....................................................................................................................2-33GPP References .....................................................................................................................2-3Other References.....................................................................................................................2-3Supported Networks and Platforms ..............................................................................................2-4Licenses ........................................................................................................................................2-5Functionality Support ...................................................................................................................2-6Types of Interception ...............................................................................................................2-6Supported LI Interface .............................................................................................................2-6Generally Available03-31-2010iiHow it Works with CSCF Service............................................................................................... 2-8New Call Provisioning Operation......................................................................................... 2-10Existing Call Provisioning Operation................................................................................... 2-12De-provisioning Upon Call Termination.............................................................................. 2-13De-provisioning Upon Intercept Duration Expiry................................................................ 2-14Configuring Lawful Intercept Functionality on CSCF.............................................................. 2-15LI Context and Interface Configuration ................................................................................ 2-15IP Header Configuration for LI Messages............................................................................ 2-16LI Administrative User Account Configuration .................................................................... 2-16Configuring PacketCable DF Setup and Lawful Intercept on CSCF .................................... 2-17Provisioning the Lawful Intercept on CSCF ......................................................................... 2-17Verifying LI Configuration ................................................................................................... 2-18Managing the Service ................................................................................................................. 2-19Generating Event Logs .......................................................................................................... 2-19Gathering Statistics and Other Information.......................................................................... 2-19Chapter 3: Lawful Intercept with GGSN/HA ServiceIntroduction .................................................................................................................................. 3-2Supported Standards.................................................................................................................... 3-43GPP References ..................................................................................................................... 3-4Other References ..................................................................................................................... 3-4Supported Networks and Platforms............................................................................................. 3-5Licenses ........................................................................................................................................ 3-6Functionality Support ................................................................................................................... 3-7How it Works with GGSN/HA Service....................................................................................... 3-9New Call Provisioning Operation......................................................................................... 3-10Existing Call Provisioning Operation................................................................................... 3-12De-provisioning Operation Upon Intercept Duration Expiry............................................... 3-14Configuring Lawful Intercept Functionality on GGSN/HA...................................................... 3-15LI Context and Interface Configuration ................................................................................ 3-15IP Header Configuration for LI Messages............................................................................ 3-16LI Administrative User Account Configuration .................................................................... 3-16Provisioning the Lawful Intercept on GGSN/HA ................................................................. 3-17Verifying LI Configuration ................................................................................................... 3-17Managing the Service ................................................................................................................. 3-19Generating Event Logs .......................................................................................................... 3-19Gathering Statistics and Other Information.......................................................................... 3-19Chapter 4: Lawful Intercept with PDSN/HA ServiceIntroduction .................................................................................................................................. 4-2Supported Standards.................................................................................................................... 4-33GPP References ..................................................................................................................... 4-3Other References ..................................................................................................................... 4-3Supported Networks and Platforms............................................................................................. 4-4Licenses ........................................................................................................................................ 4-5Functionality Support ................................................................................................................... 4-6Generally Available03-31-2010iiiHow it Works with PDSN/HA Service ........................................................................................4-7New Call Provisioning Operation ............................................................................................4-9Existing Call Provisioning Operation ....................................................................................4-12De-provisioning Upon Call Termination ...............................................................................4-14De-provisioning Upon Intercept Duration Expiry .................................................................4-15Configuring Lawful Intercept Functionality on PDSN/HA.......................................................4-17LI Context and Interface Configuration................................................................................4-17IP Header Configuration for LI Messages .............................................................................4-18LI Administrative User Account Configuration ....................................................................4-18Configuring PacketCable DF Setup and Lawful Intercept on PDSN/HA .............................4-19Provisioning the Lawful Intercept on PDSN/HA ..................................................................4-19Verifying LI Configuration...................................................................................................4-20Managing the Service .................................................................................................................4-21Generating Event Logs ..........................................................................................................4-21Gathering Statistics and Other Information ...........................................................................4-21Chapter 5: Lawful Intercept with PDN Gateway ServiceIntroduction..................................................................................................................................5-2Supported Standards .....................................................................................................................5-43GPP References .....................................................................................................................5-4Other References.....................................................................................................................5-4Supported Networks and Platforms ..............................................................................................5-5Licenses ........................................................................................................................................5-6Functionality Support ...................................................................................................................5-7How it Works with P-GW Service ...............................................................................................5-9New Call Provisioning Operation ..........................................................................................5-10Existing Call Provisioning Operation ....................................................................................5-12De-provisioning Operation Upon Intercept Duration Expiry ................................................5-13Configuring Lawful Intercept Functionality on P-GW ..............................................................5-15LI Context and Interface Configuration................................................................................5-15LI Policy Configuration .........................................................................................................5-16IP Header Configuration for LI Messages .............................................................................5-16LI Administrative User Account Configuration ....................................................................5-17Provisioning the Lawful Intercept on P-GW .........................................................................5-17Verifying LI Configuration...................................................................................................5-18Managing the Service .................................................................................................................5-19Generating Event Logs ..........................................................................................................5-19Gathering Statistics and Other Information ...........................................................................5-19Chapter 6: Lawful Intercept with SGSN ServiceIntroduction..................................................................................................................................6-2Supported Standards .....................................................................................................................6-43GPP References .....................................................................................................................6-4Other References.....................................................................................................................6-4Supported Networks and Platforms ..............................................................................................6-5Licenses ........................................................................................................................................6-6Generally Available03-31-2010ivFunctionality Support ................................................................................................................... 6-7How it Works with SGSN Service ............................................................................................... 6-9New Call Provisioning Operation......................................................................................... 6-10Existing Call Provisioning Operation................................................................................... 6-12De-provisioning Operation Upon Intercept Duration Expiry............................................... 6-13Configuring Lawful Intercept Functionality on SGSN .............................................................. 6-15LI Context and Interface Configuration ................................................................................ 6-15LI Policy Configuration........................................................................................................ 6-16IP Header Configuration for LI Messages............................................................................ 6-16LI Policy Configuration for SMS .......................................................................................... 6-17LI Administrative User Account Configuration .................................................................... 6-17Provisioning the Lawful Intercept on SGSN ......................................................................... 6-18Verifying LI Configuration ................................................................................................... 6-18Managing the Service ................................................................................................................. 6-20Generating Event Logs .......................................................................................................... 6-20Gathering Statistics and Other Information.......................................................................... 6-20Chapter 7: Lawful Intercept with Serving Gateway ServiceIntroduction .................................................................................................................................. 7-2Supported Standards.................................................................................................................... 7-43GPP References ..................................................................................................................... 7-4Other References ..................................................................................................................... 7-4Supported Networks and Platforms............................................................................................. 7-5Licenses ........................................................................................................................................ 7-6Functionality Support ................................................................................................................... 7-7How it Works with S-GW Service ............................................................................................... 7-9New Call Provisioning Operation......................................................................................... 7-10Existing Call Provisioning Operation................................................................................... 7-12De-provisioning Operation Upon Intercept Duration Expiry............................................... 7-13Configuring Lawful Intercept Functionality on S-GW .............................................................. 7-15LI Context and Interface Configuration ................................................................................ 7-15LI Policy Configuration........................................................................................................ 7-16IP Header Configuration for LI Messages............................................................................ 7-16LI Administrative User Account Configuration .................................................................... 7-17Provisioning the Lawful Intercept on S-GW ......................................................................... 7-17Verifying LI Configuration ................................................................................................... 7-18Managing the Service ................................................................................................................. 7-19Generating Event Logs .......................................................................................................... 7-19Gathering Statistics and Other Information.......................................................................... 7-19Chapter 8: Verifying and Saving Your ConfigurationVerifying the Configuration ......................................................................................................... 8-1Feature Configuration............................................................................................................. 8-1Service Configuration............................................................................................................. 8-2Context Configuration ............................................................................................................. 8-3System Configuration .............................................................................................................. 8-3Generally Available03-31-2010vFinding Configuration Errors..................................................................................................8-3Saving the Configuration ..............................................................................................................8-4Saving the Configuration on ST-series Platforms ...................................................................8-4IndexGenerally Available03-31-2010viABOUT THIS GUIDEThis section contains an overview of the information contained within this document. It lists conventions used and related documentation. In addition, it provides information about contacting Starent Networks Corporation.This document provides information and instructions for configuring, managing and maintaining the system, using its command line interface (CLI). Information and instructions for using the Web Element Manager software application to perform these functions can be found in the application's online help system.Topics covered in this reference are: Operation information and terminology pertinent to the feature configuration Configuring the services on system for Lawful Intercept support Monitoring service counters, statistics and status Troubleshooting service events and network connectivity Sample configuration scripts Engineering rulesThe system is highly flexible and scalable. Since it is impossible to document every possible configuration, this reference provides instructions for the minimum set of parameters needed to make the system operational and support Lawful Intercept feature. Additional commands that can be used to modify the system to accommodate your specific service and network requirements are discussed in detail in the Command Line Interface Reference.For interface and related attribute and VSA information, refer products Lawful Intercept Interface Specification.IMPORTANTThe information and instructions in this document assume that the system hardware has been fully installed and the installation was verified according to the instructions found in the System Installation Guide. This guide further assumes that basic system-level configuration and functionality has been configured as described in the System Administration Guide.Generally Available03-31-2010 viiiConventions UsedThe following tables describe the conventions used throughout this documentation.Icon Notice Type DescriptionInformation noteProvides information about important features or instructions.CautionAlerts you of potential damage to a program, device, or system.WarningAlerts you of potential personal injury or fatality. May also alert you of potential electrical hazards.Electro-Static Discharge (ESD)Alerts you to take proper grounding precautions before handling a product.Typeface Conventions DescriptionText represented as a scr eendi spl ayThis typeface represents displays that appear on your terminal screen, for example:Logi n:Text represented as commandsThis typeface represents commands that you enter, for example:show ip access-listThis document always gives the full form of a command in lowercase letters. Commands are not case sensitive.Text represented as a command variableThis typeface represents a variable that is part of a command, for example:show card slot_numberslot_number is a variable representing the desired chassis slot number.Text represented as menu or sub-menu namesThis typeface represents menus and sub-menus that you access within a software application, for example:Click the File menu, then click NewCommand Syntax Conventions Description{ keyword or variable }Required keywords and variables are surrounded by grouped brackets. Required keywords and variables are those components that are required to be entered as part of the command syntax. [ keyword or variable ]Optional keywords or variables, or those that a user may or may not choose to use, are surrounded by square brackets.Generally Available03-31-2010ixContacting Starent NetworksStarent Networks, Corp. 30 International PlaceTewksbury, MA USA 01876Telephone: 978.851.1100 Facsimile: 978.640.6825 E-mail: info@starentnetworks.com Visit us at: http://www.starentnetworks.com Contacting Starent Networks Customer SupportStarent Networks' customer support program is designed to provide innovative customer support and superior service delivery. Our support program is based on the belief that our customers expect their wireless communications equipment vendor to not be merely a part of the vendor community, but also their trusted partner. To that end, Starent team members are prepared to listen, participate with you in growing your successful business, and work beside you to resolve any issue that may arise.You can expect to receive fast, accurate, and professional care every time you contact us.E-mail us at Support@starentnetworks.com or visit us at https://support.starentnetworks.com/ (a valid user name and password is required to access this site).Our mailing address is:30 International PlaceTewksbury, MA USA 01876Our shipping address is:|With some commands there may be a group of variables from which the user chooses one. These are called alternative variables and are documented by separating each variable with a vertical bar (also known as a pipe filter). Pipe filters can be used in conjunction with required or optional keywords or variables. For example:{ nonce | timestamp }OR[ count number_of_packets | size number_of_bytes ]Command Syntax Conventions DescriptionGenerally Available03-31-2010 x200 Ames Pond DriveTewksbury, MA USA 01876IMPORTANTFor warranty and repair information, please be sure to include the Return Material Authorization (RMA) tracking number on the outside of the package.Providing Documentation FeedbackAt Starent Networks, we take great pride in the overall quality of our user documentation. Our Technical Communication team has strived to ensure the accuracy, completeness, and general usability of our documentation.As part of our goal to ensure the highest level of quality in our documentation, we welcome customer feedback. Please e-mail us with any questions, comments, or suggestions at TechComm@starentnetworks.com. Should you find an error or omission in our documentation, a request for support can be opened from the Support area of our Internet site- https://support.starentnetworks.com/. (Note that a valid username and password is required in order to access this area.) When requesting support for documentation issues, please ensure that Documentation Request is selected as the request type and that you provide all relevant information including document title, part number, revision, document date (if available), and any relevant chapter or page numbers.We look forward to continually improving the quality of our documentation with your help.SECTION I INTRODUCTION AND OVERVIEWGenerally Available03-31-2010Chapter 1 Lawful Intercept in Wireless Data ServicesCHAPTER 1LAWFUL INTERCEPT IN WIRELESS DATA SERVICESThis guide gives an overview of Lawful Intercept (LI) and its implementation in the wireless data service system. It also explains the procedure for configuring the system and executing lawful intercepts of subscriber sessions. The product Administration Guides provide examples and procedures for configuration of basic services on the system. It is recommended that you select the configuration example that best meets your service model, and configure the required elements for that model, as described in the respective product Administration Guide, before using the procedures in this chapter.IMPORTANTLawful Intercept is a license enabled feature. The basic Lawful Intercept license supports Active Triggers and Camp-on, and provides limited IRI Event Delivery. You must purchase and install an Enhanced Lawful Intercept license to have full functionality, which includes Active Triggers, Camp-on, and Event Delivery with the option to configure UDP acknowledgements.This overview provides general information about the MME including: Product Description Product Specification Network Deployment and InterfacesLawful Intercept in Wireless Data Services Generally Available03-31-2010 1-2Product DescriptionThe Lawful Intercept is an enhanced feature which provides interception of data session to Law Enforcement Agencies (LEAs). LI service are configured differently on different services. Refer following table to locate relevant chapter for LI configuration on supported services for LI:Table 1-1 Applicable Products and Relevant ChaptersApplicable Product(s) Refer to ChapterP-CSCF and C-CSCF Chapter 2 Lawful Intercept with CSCF ServiceGGSN/HA Chapter 3 Lawful Intercept with GGSN/HA ServicePDSN/HA Chapter 4 Lawful Intercept with PDSN/HA ServicePDN Gateway Chapter 5 Lawful Intercept with PDN Gateway ServiceSGSN Chapter 6 Lawful Intercept with SGSN ServiceServing GatewayChapter 7 Lawful Intercept with Serving Gateway ServiceGenerally Available03-31-2010 Product Specification1-3Product SpecificationThis section describes the hardware and software requirement for LI feature support.The following information is located in this section: Licenses Hardware Requirements Operating System RequirementsLicensesThe LI is a licensed product. A session use license key must be acquired and installed to use the LI feature service. For more information on License for this feature, refer respective product chapter in Section II Service Configuration.Hardware RequirementsInformation in this section describes the hardware required to enable the LI feature service.Platforms The LI feature supports all ST-series Multimedia Core Platforms running any of the following services: Wi-MAX ASN Gateway GGSN/HA LNS PDSN/HA PDN Gateway SGSN Serving GatewayOperating System RequirementsThe LI feature is available for all Starent Multimedia Core Platforms running StarOS Release 7.0 or later.Lawful Intercept in Wireless Data Services Generally Available03-31-2010 1-4Network Deployment and InterfacesThis section describes the supported interfaces and configuration scenario of LI in various networks.The following LI configuration scenarios are provided in this section: Lawful Intercept with CSCF (P-CSCF and S-CSCF) Lawful Intercept with GGSN/HA Lawful Intercept with PDSN/HA Lawful Intercept with PDN Gateway (P-GW) Lawful Intercept with SGSN Lawful Intercept with Serving Gateway (S-GW) Supported InterfacesLawful Intercept with CSCF (P-CSCF and S-CSCF)The following figure displays simplified configuration views of the LI interface in an IMS network with CSCF with the network elements required to provide Camp-on LI support for the system functioning as either a P-CSCF or an S-CSCF.Generally Available03-31-2010 Network Deployment and Interfaces1-5Figure 1-1 Network Elements Supporting Camp-on Lawful InterceptIMPORTANTNote that DF 2 and DF 3 can be one in the same device though they are shown here as separate logical devices.Lawful Intercept with GGSN/HAThe following figure displays simplified configuration views of the LI in an GPRS/UMTS network with GGSN/HA with the network elements required to provide Camp-on LI support for the system functioning as either a GGSN or an HA.CSCFLawful Intercept in Wireless Data Services Generally Available03-31-2010 1-6Figure 1-2 Network Elements Supporting Camp-on Lawful Intercept with GGSN/HAIMPORTANTNote that DF 2 and DF 3 can be one in the same device though they are shown here as separate logical devices.Lawful Intercept with PDSN/HAThe system, functioning as a PDSN and/or an HA can perform Active or Camp-on Lawful Intercepts. Active intercepts are de provisioned as soon as the intercepted session terminates. Camp-on intercepts stay provisioned and continue to intercept all sessions for the specified MN until the intercept is de provisioned.Active LI support in cdma2000 networkThe following figure displays the network elements required for the system, functioning as either a PDSN or an HA, to provide Active LI support.Intercepting ControlElement (ICE)DeliveryFunction 2(DF 2)AdministrationFunction (ADMF)DeliveryFunction 3 (DF 3)Law EnforcementMonitoring Facility (LEMF)GGSN/HAGenerally Available03-31-2010 Network Deployment and Interfaces1-7Figure 1-3 Network Elements Supporting Active Lawful Intercept with PDSN/HAIMPORTANTNote that the ADMF and DF can be one in the same device though they are shown here as separate logical devices.AAA ServerAccessFunction (AF)DeliveryFunction (DF)AdministrationFunction (ADMF)CollectionFunction (CF)PDSN/HALawful Intercept in Wireless Data Services Generally Available03-31-2010 1-8Camp-on LI support in cdma2000 networkThe following figure displays the network elements required for the system, functioning as either a PDSN and/or HA, to provide Camp-on LI support.Figure 1-4 Network Elements Supporting Camp-on Lawful Intercept with PDSN/HAIMPORTANTNote that DF 2 and DF 3 can be one in the same device though they are shown here as separate logical devices.Generally Available03-31-2010 Network Deployment and Interfaces1-9Lawful Intercept with PDN Gateway (P-GW)The following figure displays simplified configuration views of the LI in an LTE/SAE network with P-GW with the network elements required to provide Camp-on LI support for the system functioning as a PDN Gateway.Figure 1-5 Network Elements Supporting Camp-on Lawful Intercept with Serving GatewayIMPORTANTNote that DF 2 and DF 3 can be one in the same device though they are shown here as separate logical devices.Intercepting ControlElement (ICE)DeliveryFunction 2(DF 2)AdministrationFunction (ADMF)DeliveryFunction 3 (DF 3)Law EnforcementMonitoring Facility (LEMF)PDN GatewayLawful Intercept in Wireless Data Services Generally Available03-31-2010 1-10Lawful Intercept with SGSNThe following figure displays simplified configuration views of the LI in an GPRS/UMTS network with SGSN with the network elements required to provide Camp-on LI support for the system functioning as an SGSN.Figure 1-6 Network Elements Supporting Camp-on Lawful Intercept with SGSNIMPORTANTNote that DF 2 and DF 3 can be one in the same device though they are shown here as separate logical devices.Intercepting ControlElement (ICE)DeliveryFunction 2(DF 2)AdministrationFunction (ADMF)DeliveryFunction 3 (DF 3)Law EnforcementMonitoring Facility (LEMF)SGSNGenerally Available03-31-2010 Network Deployment and Interfaces1-11Lawful Intercept with Serving Gateway (S-GW)The following figure displays simplified configuration views of the LI in an LTE/SAE network with S-GW with the network elements required to provide Camp-on LI support for the system functioning as an Serving Gateway.Figure 1-7 Network Elements Supporting Camp-on Lawful Intercept with Serving GatewayIMPORTANTNote that DF 2 and DF 3 can be one in the same device though they are shown here as separate logical devices.Supported InterfacesIn support of different network elements for Lawful Intercept system supports various interface. For more information on supported interfaces and other attributes, refer Lawful Intercept Interface Specification document for specific network service product.Intercepting ControlElement (ICE)DeliveryFunction 2(DF 2)AdministrationFunction (ADMF)DeliveryFunction 3 (DF 3)Law EnforcementMonitoring Facility (LEMF)Serving GatewayLawful Intercept in Wireless Data Services Generally Available03-31-2010 1-12SECTION II SERVICE CONFIGURATIONGenerally Available03-31-2010Chapter 2 Lawful Intercept with CSCF ServiceChapter 3 Lawful Intercept with GGSN/HA ServiceChapter 4 Lawful Intercept with PDSN/HA ServiceChapter 5 Lawful Intercept with PDN Gateway ServiceChapter 6 Lawful Intercept with SGSN ServiceChapter 7 Lawful Intercept with Serving Gateway ServiceChapter 8 Verifying and Saving Your ConfigurationCHAPTER 2LAWFUL INTERCEPT WITH CSCF SERVICEThis chapter gives an overview of Lawful Intercept (LI) and its implementation in the system. It also explains the procedure for configuring the system and executing lawful intercepts of subscriber sessions. The SCM Administration Guide provides examples and procedures for configuration of basic services on the system. It is recommended that you select the configuration example that best meets your service model, and configure the required elements for that model, as described in the SCM Administration Guide, before using the procedures in this chapter.IMPORTANTLawful Intercept is a license enabled feature. The basic Lawful Intercept license supports Active Triggers and Camp-on, and provides limited IRI Event Delivery. You must purchase and install an Enhanced Lawful Intercept license to have full functionality, which includes Active Triggers, Camp-on, and Event Delivery with the option to configure UDP acknowledgements.This chapter discusses following for Lawful Intercept support: Introduction Supported Standards Supported Networks and Platforms Licenses Functionality Support How it Works with CSCF Service Configuring Lawful Intercept Functionality on CSCF Managing the ServiceLawful Intercept with CSCF Service Generally Available03-31-2010 2-2IntroductionThe system supports the lawful interception (LI) of subscriber session information. This functionality provides Telecommunication Service Providers (TSPs) with a mechanism to assist Law Enforcement Agencies (LEAs) in the monitoring of suspicious individuals (referred to as targets) for potential criminal activity.LEAs provide one or more TSPs with court orders or warrants requesting the monitoring of a particular target. The target is identified by information such as their SIL URL or TEL URL.Once the target has been identified, the system, functioning as either P-CSCF or S-CSCF, serves as an access function (AF) and performs monitoring for both new data sessions that are already in progress. While monitoring, the system intercepts and duplicates session content/Content of Communication (CC) and/or Intercept Related Information (IRI) and forwards it to a delivery function (DF) over an extensible, proprietary interface. The DF, in turn, delivers the intercepted content to one or more collection functions (CFs).Typically the intercept will of following type: Call Identifying Information (CII) CII +dialed digit extension Full InterceptThis information is provisioned in the form of SIP URI or TEL URI. The address of LI Server (DF) also needs to be provisioned for collecting the Call Event Data (or IRI). Both P-CSCF and S-CSCF are used as intercept points. The S-CSCF and P-CSCF will report the SIP Messages to or from the user under surveillance to LI server using the LI interface.CAUTIONThe procedure for P-CSCF and S-CSCF is still in development stage in 3GPP specification and not clearly defined in 3GPP. The implantation of LI in CSCF is subject to change in future.IMPORTANTIf the session recovery feature is enabled on the system and an intercepted session is recovered all, LI monitoring information will be recovered with it and LI will be restarted.Generally Available03-31-2010 Supported Standards2-3Supported StandardsThe LI feature complies with the following standards for 3GPP wireless data services. 3GPP References Other References3GPP References 3GPP TS 33.106 V8.1.0 (2008-09): 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G security; Lawful Interception requirements (Release 8) 3GPP TS 33.107 V8.5.0 (2008-09): 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G security; Lawful interception architecture and functions (Release 8) 3GPP TS 33.108 V8.0.0 (2007-06): 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G security; Handover interface for Lawful Interception (LI) (Release 8)Other ReferencesThe following directives were referenced for the Starent Networks LI implementation: RFC 3603, Private Session Initiation Protocol (SIP) Proxy-to-Proxy Extensions for Supporting the Packet Cable Distributed Call Signaling Architecture TR-45 Lawfully Authorized Electronic Surveillance TIA/EIA J -STD-025 PN4465 RV 1.7 Technical Directive: Requirements for implementing statutory telecommunications interception measures (TR TK), Version 4.0 PKT-SP-ES-INF-I02-061013: PacketCable 2.0 Electronic Surveillance Intra-Network Specification PKT-SP-ES-DCI-I01-060914: PacketCable 2.0 Electronic Surveillance Delivery Function to Collection Function Interface SpecificationLawful Intercept with CSCF Service Generally Available03-31-2010 2-4Supported Networks and PlatformsThis feature supports all ST-series Multimedia Core Platforms with StarOS Release 7.0 or later running CSCF service.Generally Available03-31-2010 Licenses2-5LicensesA separate feature license is required to enable this feature.Depending of feature usage, apart from base CSCF service license, any one of the following license is required to enable this feature with CSCF service: Lawful Intercept - 600-00-7522 Enhanced Lawful Intercept - 600-00-7567, 600-00-8534 (includes basic Lawful Intercept license)For more information on license requirements for this feature, contact your local sales representative.Lawful Intercept with CSCF Service Generally Available03-31-2010 2-6Functionality SupportThis section describes the supported functions and interfaces on CSCF for LI.The GGSN/HA supports following functions for provisioning of both IRI and CC: Provisioning of an Intercept from Delivery/Mediation Function De-Provisioning of an Intercept from Delivery/Mediation Function Delivery of intercepted Control/Data to the Delivery/Mediation Function.Starent CSCF supports Subject Based Lawful Interception using SIP URL and TEL URL as target identity. The CSCF provides a proprietary interface to a 3rd party Mediation Function (MF) or Delivery Function (DF). Having 3rd party MF is important as it hides all the country specific details from CSCF. Target Provisioning/De-Provisioning: Command Line Interface (CLI) over SSH session will be used by Delivery Function for provisioning and de-provisioning session intercept as it is used in PDSN/HA. Delivery of Intercepted Data: CSCF provides UDP/IP based interface for delivering the Call Event Data and Call Content Data. This interface cannot be used for CSCF requirements. CSCF will use the Diameter interface for delivering the Call Event Data.Types of InterceptionA command line interface (CLI) over SSH session will be used by DF for provisioning and de-provisioning of session intercept.The CSCF provides following type of interceptions for target entitys sessions: Interception when the call is active: If the call is already active and the DF provisions that call, the target provision response from CSCF will contain detailed information on the intercepted call. For the active call intercept event messages sent for future signaling messages (in-dialog messages) for the same call. camp-on mode: When Delivery Function tries to provision a target in CSCF, it does not know whether the call is already active or not. So when a provisioning requested is received for a session, which is inactive at that time, CSCF has to store that provisioning information and inform the Delivery Function when the corresponding session is connected in future.Supported LI InterfaceThe CSCF supports following types of interfaces for LI support on CSCF: Generic proprietary interface: this interface is not support in this version. Diameter interface as specified in PacketCable Specification.Currently LI on Starent CSCF uses the Diameter-based interfaces for Lawful Intercept:Generally Available03-31-2010 Functionality Support2-7 Provisioning Interface (INI1): The INI1 interface between AF and SS8 DF carries messages via TCP/IP. To provide more security SSLv3 is used on top of TCP/IP. The messages sent on the INI1 interface include target identities (SIP URL, TEL URL), the information whether CC will be provided and the address of DF2 and DF3 delivery function entities. The lawful-intercept-ssdf CLI command is used to start interception for a target identity. Interception of only events (IRI) or events and data (IRI +CC) can be provisioned. The status of provisioning will be immediately displayed.If the provisioning was done while the call is active for that target identity then the intercepted information will be forwarded to the DF immediately. Otherwise the system waits for the next session to arrive and permanently compares the SIP URL/TEL URL to the LI monitoring list. If a match is found then the IRI and CC will be forwarded to the MF/DF. In case more than one target Identity (say SIP URL/TEL URL of some subscriber) are provisioned for the same call then only one set of information will be forwarded to the DF. The no lawful-intercept-ssdf CLI command is used to stop interception. Event Delivery Interface (INI2): The INI2 is the interface between the AF and SS8 DF (Delivery Function). INI2 messages are carried via TCP/IP. SSLv3 over TCP is used to provide more confidentiality.After provisioning the list of target needs to be intercepted through provisioning interface, the VPN manager will update all the SessMgr with the provisioning data. This data will consist of the list of target that needs to be intercepted and the collector function address/port to which the data needs to be sent.Whenever a user is registered, each system checks the user against list of users provisioned to intercept. If it matches, the corresponding call line will be marked to send the intercepted data. So whenever the messages flow from/to the user, the event needs to be sent to DF's address.AF needs to establish a TCP connection and authenticate itself to the DF before sending the event-data to DF. The link test messages should be sent periodically to keep the connection alive.The following information is transferred to the DF entity over the INI2 interface: target identity (SIP URL, TEL URL) events and associated parameters as defined in the standard the target location (if available) Correlation numberFor more information on supported interface specification, message and TLV format, and attributes, refer CSCF Lawful Intercept Interface Specification.Lawful Intercept with CSCF Service Generally Available03-31-2010 2-8How it Works with CSCF ServiceThe system, functioning as a CSCF (P-CSCF or S-CSCF) can perform Active or Camp-on Lawful Intercepts. Active intercepts are deprovisioned as soon as the intercepted session terminates. Camp-on intercepts stay provisioned and continue to intercept all sessions for the specified user until the intercept is deprovisioned.This section discusses following procedures: New Call Provisioning Operation Existing Call Provisioning Operation De-provisioning Upon Call Termination De-provisioning Upon Intercept Duration ExpiryThe following figure displays the network elements required for the system, functioning as either a P-CSCF or S-CSCF, to provide Active LI support.Figure 2-1 Network Elements Supporting Active Lawful InterceptIMPORTANTNote that the ADMF and DF can be one in the same device though they are shown here as separate logical devices.AAA ServerAccessFunction (AF)DeliveryFunction (DF)AdministrationFunction (ADMF)CollectionFunction (CF)CSCFGenerally Available03-31-2010 How it Works with CSCF Service2-9The following figure displays the network elements required for the system, functioning as either a P-CSCF or S-CSCF, to provide Camp-on LI support.Figure 2-2 Network Elements Supporting Camp-on Lawful InterceptIMPORTANTNote that DF 2 and DF 3 can be one in the same device though they are shown here as separate logical devices.CSCFLawful Intercept with CSCF Service Generally Available03-31-2010 2-10New Call Provisioning OperationThe following figure shows the systems Camp-on LI operation when provisioned for a session that has not yet started.Figure 2-3 Camp-on LI Provisioning Operation for New Calls1 The Law Enforcement Monitoring Facility (LEMF) provisions the Administration Function (ADMF) with information pertaining to a particular target, the type of information to be collected, and the duration over which it is to be collected.The type of information that can be collected is either call event (control messages), call content (data), or both. Note that call event information is referred to as Intercept Related Information (IRI) while call content is referred to as Content of Communication (CC). In this example, both IRI and CC data is to be collected.2 The ADMF provisions Delivery Function 2 (DF 2) with information pertaining to the target to be lawfully intercepted and DF 2 returns an acknowledgement. Note that DF 2 is used for intercepting only IRI data.3 The ADMF provisions Delivery Function 3 (DF 3) with information pertaining to the target to be lawfully intercepted and DF 3 returns an acknowledgement. Note that DF 3 is used for intercepting only CC data.DF 2 DF 3 LEMF ADMF CSCF15324781096Generally Available03-31-2010 How it Works with CSCF Service2-114 Through a Secure Shell (SSH) session, the ADMF connects to the CSCF (P-CSCF or S-CSCF) and provisions the lawful interception of target information. The provision request includes the target identity (the SIP URL/TEL URL), the type of information to be collected, and the IP addresses of DF 2 and DF 3.The CSCF returns an acknowledgement to the ADMF indicating that the target is inactive.5 The ADMF responds to the LEMF acknowledging the provision request.6 The CSCF receives a session setup request from the target and initiates the process of establishing the session.7 The CSCF sends IRI information pertaining to the targets session to DF 2. The CSCF provides a correlation identification number specific to the interception for the target. This information is used by the LEMF to tie the intercepted IRI to the intercepted CC.8 DF 2 forwards the information to the LEMF.9 The S-CSCF sends CC information pertaining to the targets session to DF 3. The S-CSCF provides a correlation identification number specific to the interception for the target.10 DF 3 forwards the information to the LEMF.Lawful Intercept with CSCF Service Generally Available03-31-2010 2-12Existing Call Provisioning OperationThe following figure illustrates LI operation when provisioned for a session that is already in progress.Figure 2-4 Camp-on LI Provisioning Operation for Existing Calls1 A subscriber session is already established on the CSCF(P-CSCF or S-CSCF).2 The LEMF provisions the ADMF with information pertaining to a particular target, the type of information to be collected, and the duration over which it is to be collected.The type of information that can be collected is either call event (IRI), call content (CC), or both.In this example, both IRI and CC data is to be collected.3 The ADMF provisions DF 2 with information pertaining to the target to be lawfully intercepted and DF 2 returns an acknowledgement. Note that DF 2 is used for intercepting only IRI data.4 The ADMF provisions DF 3 with information pertaining to the target to be lawfully intercepted and DF 3 returns an acknowledgement. Note that DF 3 is used for intercepting only CC data.DF 2 DF 3 LEMF ADMF CSCF26435781091Generally Available03-31-2010 How it Works with CSCF Service2-135 Through an SSH session, the ADMF connects to the CSCF and provisions the lawful interception of target information. The provision request includes the target identity (the IMSI, and the MSISDN), the type of information to be collected, and the IP addresses of DF 2 and DF 3.The CSCF returns an acknowledgement to the ADMF indicating that the target is active.6 The ADMF responds to the LEMF acknowledging the provision request.7 The CSCF sends IRI information pertaining to the targets session to DF 2. The CSCF provides a correlation identification number specific to the interception for the target. This information is used by the LEMF to tie the intercepted IRI to the intercepted CC.8 DF 2 forwards the information to the LEMF.9 The CSCF sends CC information pertaining to the targets session to DF 3. The CSCF provides a correlation identification number specific to the interception for the target.10 DF 3 forwards the information to the LEMF.De-provisioning Upon Call TerminationThe following figure describes de-provisioning LI functionality upon the termination of a targets data session.Figure 2-5 Active LI De-provisioning Operation Upon Call Termination1 The CSCF sends Accounting Stop message to the AAA server indicating the termination of a targets data session. The message includes relevant information about the target.2 The AAA server sends a message to the ADMF indicating a change in the state of the target (i.e active to inactive).3 The ADMF acknowledges the message in a response to the AAA server.4 Through an SSH session, the ADMF connects to the CSCF and de-provisions the lawful intercept functionality for the target. ADMF DF CFAAA Server CSCF32145Lawful Intercept with CSCF Service Generally Available03-31-2010 2-145 The CSCF acknowledges the message in a response to the ADMF server.De-provisioning Upon Intercept Duration ExpiryLaw Enforcement agencies are generally given a fixed amount of time to perform Lawful Intercepts.The following figure describes de-provisioning Camp-on LI functionality upon the expiration of the legal intercept period.Figure 2-6 Camp-on LI De-provisioning Operation Upon Intercept Duration Expiry1 The LEMF de-provisions the ADMF from intercepting information for a particular target.2 The ADMF de-provisions DF 2 for the target specified by the LEMF. DF 2 returns an acknowledgement to the ADMF.3 The ADMF de-provisions DF 3 for the target specified by the LEMF. DF 3 returns an acknowledgement to the ADMF.4 Through a Secure Shell (SSH) session, the ADMF connects to the CSCF and de-provisions it. The CSCF returns an acknowledgement to the ADMF indicating that the target is inactive.5 The ADMF responds to the LEMF acknowledging the provision request.DF 2 DF 3 LEMF ADMF CSCF15423Generally Available03-31-2010 Configuring Lawful Intercept Functionality on CSCF2-15Configuring Lawful Intercept Functionality on CSCFThis section provides a high-level series of steps and the associated configuration examples for configuring the system with Lawful Intercept functionality on CSCF in a network.IMPORTANTThis section provides the minimum instruction set for configuring a CSCF service that allows the system to provide Lawful Intercept support. Commands that configure additional Lawful Intercept properties are provided in the CSCF Lawful Intercept Interface Specification and Command Line Interface Reference.These instructions assume that you have already configured the system level configuration as described in SCM Administration Guide.To configure the Lawful Intercept feature on a CSCF service:1 Configure LI context, interface and generate SSH key by applying the example configuration in the LI Context and Interface Configuration section.2 Configure the IP header of the content of event delivery message and other attributes, i.e. base station id, by applying the example configuration in the IP Header Configuration for LI Messages section.3 Create and configure the Lawful Intercept administrative user account by applying the example configuration in the LI Administrative User Account Configuration section.4 Login to DF through SSH session using SSH key and configure PacketCable-based DF setup and content delivery for the Lawful Intercept in CSCF service by applying the example configuration in the Configuring PacketCable DF Setup and Lawful Intercept on CSCF section.5 Login to DF through SSH session and provision the Lawful Intercept in CSCF service by applying the example configuration in the Provisioning the Lawful Intercept on CSCF section.6 Verify your Lawful Intercept configuration by following the steps in the Verifying LI Configuration section.7 Save your configuration as described in the Saving Your Configuration chapter.LI Context and Interface ConfigurationIMPORTANTLI administrative users must only access the system using the Secure Shell (SSH) protocol. Configuring the SSH server is described under Service Configuration section in the SCM Administration Guide.This section provides the configuration example to configure the LI context, SSH key, and interface profile in a context:Lawful Intercept with CSCF Service Generally Available03-31-2010 2-16conf i gur econt ext [ - noconf i r m]i nt er f acei paddr ess exi tsshgener at ekeyser ver sshdendNote: The local management context should not be used to facilitate Lawful Intercept functionality. The context name is the name of the context in which Lawful Intercept functionality is provisioned.IP Header Configuration for LI MessagesThis section describes the configuration of IP header for LI content or event delivery message with event attribute. The system transmits intercepted data as either content or event messages to the Delivery Function server DF(s) over an Ethernet interface.conf i gur econt ext l awf ul - i nt er cept sr c- l i - addr endNote: The context name is the name of the context in which Lawful Intercept functionality is configured and provisioned. The IPv4 address for this interface is the source address of the CSCF. The LI-administrator can include the source-address in the IP header of the event delivery or content delivery messages transmitted to the DF to provide a quick ID for a specific intercept.LI Administrative User Account ConfigurationIMPORTANTFor security reasons, it is recommended that the LI Administrator accounts be created only for use with Lawful Intercept functionality and not for general system administration. Note that only security administrators and administrators can provision Lawful Intercept. In addition, to ensure security in accordance with the standards, LI administrative users must only access the system using the Secure Shell (SSH) protocol. Configuring the SSH server is described under Service Configuration section in the SCM Administration Guide.This section provides the configuration example to configure the LI Administrative user account in a context:Generally Available03-31-2010 Configuring Lawful Intercept Functionality on CSCF2-17conf i gur econt ext admi ni st r at or passwor d l i - admi ni st r at i onendNote: The context name is the name of the context in which Lawful Intercept functionality is provisioned.Configuring PacketCable DF Setup and Lawful Intercept on CSCFAfter logging in as the LI-administrator by using ssh -l @context command from DF, use the lawful-intercept command in the Exec mode to configure or provision a lawful intercept instruction for the system.These instructions assume that you are in SSH shell and at the root prompt in LI Context , which is already configured, at the Exec mode with following prompt appearing:[ ] #l awf ul - i nt er cept packet - cabl econt ent - del i ver ydf - set upcont ent - i dcal l t ypecscf dest - addr dest - por t l i - cont ext l awf ul - i nt er cept packet - cabl econt ent - del i ver yi nt er cept - r equestcont ent - i d cal l t ypecscf f i l t er - specsr c- i p- addr Note: Command l i - cont ext does not need to be specified when the provisioning is done in the LI context. It needs to be specified, if the command is executed in local or some other context. It could not be local management context. The context name is the name of the context in which Lawful Intercept functionality is configured and provisioned.Provisioning the Lawful Intercept on CSCFAfter logging in as the LI-administrator by using ssh -l @context command from DF, use the lawful-intercept command in the Exec mode to configure or provision a lawful intercept instruction for the system.These instructions assume that you are in SSH shell and at the root prompt in LI Context , which is already configured, at the Exec mode with following prompt appearing:[ ] #l awf ul - i nt er cept ssdf dest - addr dest - por t ser i al - number ver si on l i - cont ext l awf ul - i nt er cept packet - cabl econt ent - del i ver ydf - set upcont ent - i dcal l t ypecscf dest - addr dest - por t l i - cont ext Lawful Intercept with CSCF Service Generally Available03-31-2010 2-18l awf ul - i nt er cept packet - cabl econt ent - del i ver yi nt er cept - r equestcont ent - i d cal l t ypecscf f i l t er - specsr c- i p- addr Note: Command l i - cont ext does not need to be specified when the provisioning is done in the LI context. It needs to be specified, if the command is executed in local or some other context. It could not be local management context. The context name is the name of the context in which Lawful Intercept functionality is configured and provisioned.Verifying LI Configuration1 Verify your configuration done for LI support by entering the following command in Exec Mode:show configurationThe following is an sample output of this command shows information saved in the LI context configuration file:banner l awf ul - i nt er cept " LAWFULI NTERCEPT"cont ext l il awf ul - i nt er cept sr c- i p- addr 192. 168. 100. 10subscr i ber def aul t#exi tadmi ni st r at or l i admi nencr ypt edpasswor d5c4a3l i - admi ni st r at i on#exi tsnmpengi ne- i dl ocal 800007e5809dd08c3e74e7373fendIMPORTANTFor security reasons none of the information and parameter specified during configuring the the Lawful Intercept feature are saved in configuration files and is not shown when the show configuration command is executed.Generally Available03-31-2010 Managing the Service2-19Managing the ServiceThis section describes how to manage and administer the LI feature on a CSCF service.It includes following procedures: Generating Event Logs Gathering Statistics and Other InformationFor more information on LI management and administration, refer CSCF Lawful Intercept Interface Specification.Generating Event LogsThere is an LI event facility and corresponding event logs are generated. These logs are only visible to system administrative users with li-administrator privileges.For more information on configuring and viewing logging, refer to Configuring and Viewing System Logs in System Administration Guide.Gathering Statistics and Other InformationInformation and statistics can be viewed for Lawful Intercept functionality. This information is only visible to system administrative users with li-administrator privileges. 1 Verify your currently provisioned intercepts. by entering the following command in Exec Mode:show lawful-intercept packet-cable event-delivery allThe output of this command is a concise listing of all Lawful Intercept contexts settings as shown in the sample output displayed below.+- - - - - - S- St at usof t hei nt er cept i on( A) act i ve( I ) i nact i ve | +- - - - - P- Pr ovi si oni ngmet hod( C) camp- on( A) act i ve- onl y | | +- - - - T- Cal l Type( P) PDSN( H) HA( L) LNS( G) GGSN( S) SGSN | | | ( F) PDI F( N) ASNGW( C) CSCF | | | +- - - R- Cscf Rol e( P) PROXY- CSCF( S) SERVI NG- CSCF( C) S- I - P- CSCF | | | | ( N) Not Appl i cabl e | | | | +- M- Mobi l eI D( I ) I MSI / MSI D( M) MSI SDN( E) I MEI| | | | || | | | | Event del i ver ymet hod- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + | | | | | Cont ent del i ver ymet hod- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +|| | | | | I nt er cept I D- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +| |vvvvv| | |SPTRM I DUSERNAMEI PI nt . I DCont . Event- - - -- - - - - - - - - - - - - - - - - -- - - - - - - - - - - - - - - - - - - - - -- - - - - - - - - - - - - - -- - - - - - - -- - - - - -- - - - -ACCPI - user 1@192. 168. 49. 1: 5060192. 168. 48. 21nonedi amet erACCSI - user 1@192. 168. 49. 1: 5060192. 168. 48. 21nonedi amet erI CC- - - user 2@192. 168. 49. 1: 5060- 2nonedi amet erTot al act i vel awf ul l yi nt er cept edcal l s2Tot al camp- ont r i gger s22 Display your PacketCable event delivery related statistics by entering the following command in Exec Mode:show lawful-intercept packet-cable event-delivery full allLawful Intercept with CSCF Service Generally Available03-31-2010 2-20The output of this command is a concise listing of LI related statistics and parameter settings as shown in the sample output displayed below.User name: user 1@192. 168. 49. 1: 5060i p- addr ess: 192. 168. 48. 2msi d/ i msi : -msi sdn: -i mei : -sessi on: Sessi onPr esentser vi ce- t ype: cscfr ol e: pr oxy- cscfl i - cont ext : pcscf vpni nt er cept - i d: 1Cont ent - del i ver y: noneNum. I nt er cept edpkt f or war dedf or Act i vecal l : 0Event - del i ver y: di amet erNum. I nt er cept edpkt f or war dedf or Act i vecal l : 0Pr ovi si oni ngmet hod: Camp- ont r i ggerLI - i ndex: 1User name: user 1@192. 168. 49. 1: 5060i p- addr ess: 192. 168. 48. 2msi d/ i msi : -msi sdn: -i mei : -sessi on: Sessi onPr esentser vi ce- t ype: cscfr ol e: ser vi ng- cscfl i - cont ext : pcscf vpni nt er cept - i d: 1Cont ent - del i ver y: noneNum. I nt er cept edpkt f or war dedf or Act i vecal l : 0Event - del i ver y: di amet erNum. I nt er cept edpkt f or war dedf or Act i vecal l : 0Pr ovi si oni ngmet hod: Camp- ont r i ggerLI - i ndex: 1User name: user 2@192. 168. 49. 1: 5060 i p- addr ess: -msi d/ i msi : -msi sdn: -i mei : -sessi on: NoSessi onser vi ce- t ype: cscfl i - cont ext : pcscf vpni nt er cept - i d: 1Cont ent - del i ver y: noneNum. I nt er cept edpkt f or war dedf or Act i vecal l : 0Event - del i ver y: di amet erNum. I nt er cept edpkt f or war dedf or Act i vecal l : 0Pr ovi si oni ngmet hod: Camp- ont r i ggerLI - i ndex: 2Tot al act i vel awf ul l yi nt er cept edcal l s2Tot al camp- ont r i gger s2CHAPTER 3LAWFUL INTERCEPT WITH GGSN/HA SERVICEThis chapter gives an overview of Lawful Intercept (LI) and its implementation in the system. It also explains the procedure for configuring the system and executing lawful intercepts of subscriber sessions. The GGSN Administration Guide provides examples and procedures for configuration of basic services on the system. It is recommended that you select the configuration example that best meets your service model, and configure the required elements for that model, as described in the GGSN Administration Guide, before using the procedures in this chapter.IMPORTANTLawful Intercept is a license enabled feature. The basic Lawful Intercept license supports Active Triggers and Camp-on, and provides limited IRI Event Delivery. You must purchase and install an Enhanced Lawful Intercept license to have full functionality, which includes Active Triggers, Camp-on, and Event Delivery with the option to configure UDP acknowledgements.This chapter discusses following for Lawful Intercept support: Introduction Supported Standards Supported Networks and Platforms Licenses Functionality Support How it Works with GGSN/HA Service Configuring Lawful Intercept Functionality on GGSN/HA Managing the ServiceLawful Intercept with GGSN/HA Service Generally Available03-31-2010 3-2IntroductionThe system supports the lawful interception (LI) of subscriber session information. This functionality provides Telecommunication Service Providers (TSPs) with a mechanism to assist Law Enforcement Agencies (LEAs) in the monitoring of suspicious individuals (referred to as targets) for potential criminal activity.LEAs provide one or more TSPs with court orders or warrants requesting the monitoring of a particular target. The target is identified by information such as their mobile station identification (MSID) number, their name, assigned IP address, or their network access identifier (NAI). In 3GPP networks this identification may be based on information such as their mobile station Integrated Services Digital Network (MSISDN) number, or their international mobile subscriber identification (IMSI) number or IMEI matching 14 octets available from IMEI-SV field. The IRI and CC packets contain 14 octets IMEI value which will be used as target for interception.Once the target has been identified, the system, functioning as either a core network service or HA, serves as an access function (AF) and performs monitoring for both new data sessions/PDP contexts or sessions/PDP contexts that are already in progress. While monitoring, the system intercepts and duplicates session content/Content of Communication (CC) and/or Intercept Related Information (IRI) and forwards it to a delivery function (DF) over an extensible, proprietary interface. The DF, in turn, delivers the intercepted content to one or more collection functions (CFs).Note that when a target in 3GPP network establishes multiple simultaneous PDP contexts, the system intercepts CC and IRI for each of them.For the GGSN/HA, the following IRI events are collected: PDP context activation PDP context de-activation PDP Context Modification Start of interception with PDP context activeThe following table displays the information that could be sent by the GGSN/HA to the DF for each of the events if it is available.Generally Available03-31-2010 Introduction3-3IMPORTANTIf the session recovery feature is enabled on the system and an intercepted session is recovered all, LI monitoring information will be recovered with it and LI will be restarted.Table 3-1 Information Provided per GGSN/HA IRI EventInformation ProvidedSupported GGSN/HA IRI EventsPDP ContextActivationPDP ContextDe-activationStart of Interceptionwith PDP Context ActiveObserved MSISDN X X XObserved IMSI X X XObserved IMEI X X XPDP Address (observed party) X X XEvent type X X XEvent Time X X XEvent Date X X XCorrelation Number X X XAccess Point Name X X XPDP Type X XNetwork Element Identifier X X XLocal Information X X XFailed Context Activation Reason XIAs (if applicable) X X XLawful Intercept with GGSN/HA Service Generally Available03-31-2010 3-4Supported StandardsThe LI feature complies with the following standards for 3GPP wireless data services. 3GPP References Other References3GPP References 3GPP TS 33.106 V8.1.0 (2008-09): 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G security; Lawful Interception requirements (Release 8) 3GPP TS 33.107 V8.5.0 (2008-09): 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G security; Lawful interception architecture and functions (Release 8) 3GPP TS 33.108 V8.0.0 (2007-06): 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G security; Handover interface for Lawful Interception (LI) (Release 8)Other ReferencesThe following directives were referenced for the Starent Networks LI implementation: TR-45 Lawfully Authorized Electronic Surveillance TIA/EIA J -STD-025 PN4465 RV 1.7 Technical Directive: Requirements for implementing statutory telecommunications interception measures (TR TK), Version 4.0Generally Available03-31-2010 Supported Networks and Platforms3-5Supported Networks and PlatformsThis feature supports all ST-series Multimedia Core Platforms with StarOS Release 7.0 or later running GGSN and/or HA service.Lawful Intercept with GGSN/HA Service Generally Available03-31-2010 3-6LicensesA separate feature license is required to enable this feature.Depending of feature usage, apart from base GGSN and/or HA service license, any one of the following license is required to enable this feature with GGSN/HA service: Lawful Intercept - 600-00-7522 Enhanced Lawful Intercept - 600-00-7567, 600-00-8534 (includes basic Lawful Intercept license)For more information on license requirements for this feature, contact your local sales representative.Generally Available03-31-2010 Functionality Support3-7Functionality SupportThis section describes the supported functions and interfaces on GGSN/HA for LI.The GGSN/HA supports following functions for provisioning of both IRI and CC: Provisioning of an Intercept from Delivery/Mediation Function De-Provisioning of an Intercept from Delivery/Mediation Function Delivery of intercepted Control/Data to the Delivery/Mediation Function.Starent GGSN/HA supports Subject Based Lawful Interception using IMSI/MSISDN/IMEI as target identity. The GGSN/HA provides a proprietary interface to a 3rd party Mediation Function (MF) or Delivery Function (DF).LI on Starent AGW uses the three main interfaces for Lawful Intercept: Provisioning Interface (X1_1): This is a proprietary interface called X1_1 interface corresponds to the command line interface over SSH session used by the ADMF. The messages sent on the X1_1 interface include target identities (IMSI/MSISDN/IMEI), the information whether CC will be provided and the address of DF2 and DF3 delivery function entities. The lawful-intercept CLI command is used to start interception for a target identity. Interception of only events (IRI) or events and data (IRI +CC) can be provisioned. The status of provisioning will be immediately displayed. If the provisioning was done while the call is active for that target identity then the intercepted information will be forwarded to the DF immediately. Otherwise the system waits for the next session to arrive and permanently compares the IMSI/MSISDN/IMEI to the LI monitoring list. If a match is found then the IRI and CC will be forwarded to the MF/DF. In case more than one target Identity (say IMSI, MSISDN, IMEI of same mobile subscriber) are provisioned for the same call then only one set of information will be forwarded to the DF. The no lawful-intercept CLI command is used to stop interception. Event Delivery Interface (X2): This is a proprietary interface called X2 interface. The following information is transferred to the DF2 entity over the X2 interface: target identity (MSISDN, IMSI, IMEI) events and associated parameters as defined in the standard the target location (if available) Correlation number Content Delivery Interface (X3): This is a proprietary interface called X3 interface. If the content delivery is enabled while provisioning then the intercepted data will be forwarded to the DF3. The intercepted data will be prefixed with the Intercept Header. This will be packed into a UDP packet and sent to DF3 using IP interface. The GGSN Correlation ID will be used to map the CC to the corresponding IRI. GGSN Correlation Id is a unique number formed using the Charging ID and GGSN GTPC IP Address (4 bytes). The LI header contains the following information:Lawful Intercept with GGSN/HA Service Generally Available03-31-2010 3-8 Intercept-id (DF assigns during provisioning): It is of 32 bit length in network byte order and configured during provisioning. Timestamp: It is of 64 bit length in network byte order and represents NTP timestamps represented as a 64-bit fixed-point number, in seconds relative to 00:00:00 UTC on 1 J anuary 1900. Session Number: It is of 32 bit length in network byte order. This is a unique session-number locally assigned by the AGW for the data stream being monitored. This may be useful when an intercept provisioned matches multiple sessions in the system. This will be same across all the PDP contexts of the UE. Sequence Number: It is of 32 bit length in network byte order. Sequence number is an incremental counter for each PDP context of the UE starting from 0. This is reset to 0 on node software task restart and wrapped around to 255 on reaching 32 bit max value IP packet direction: Indicates the direction of the IP packet flow. Correlation ID: It is of 32 bit length in network byte order. The GGSN Correlation Id is a unique number formed using the Charging ID and GGSN GTPC IP Address.For more information on supported interface specification, message and TLV format, and attributes, refer GGSN Lawful Intercept Interface Specification.Generally Available03-31-2010 How it Works with GGSN/HA Service3-9How it Works with GGSN/HA ServiceThe system, functioning as a GGSN and/or HA performs Camp-on Lawful Intercepts. Camp-on intercepts stay provisioned and continue to intercept all sessions for the specified MN until the intercept is deprovisioned.This section discusses following procedures: New Call Provisioning Operation Existing Call Provisioning Operation De-provisioning Operation Upon Intercept Duration ExpiryThe following figure displays the network elements required to provide Camp-on LI support for the system functioning as either a GGSN or an HA.Figure 3-1 Network Elements Supporting Lawful InterceptIMPORTANTNote that DF 2 and DF 3 can be one in the same device though they are shown here as separate logical devices.Intercepting ControlElement (ICE)DeliveryFunction 2(DF 2)AdministrationFunction (ADMF)DeliveryFunction 3 (DF 3)Law EnforcementMonitoring Facility (LEMF)GGSN/HALawful Intercept with GGSN/HA Service Generally Available03-31-2010 3-10New Call Provisioning OperationThe following figure illustrates LI operation when provisioned for a session that has not yet started.Figure 3-2 Camp-on LI Provisioning Operation for New Calls1 The Law Enforcement Monitoring Facility (LEMF) provisions the Administration Function (ADMF) with information pertaining to a particular target, the type of information to be collected, and the duration over which it is to be collected.The type of information that can be collected is either call event (control messages), call content (data), or both. Note that call event information is referred to as Intercept Related Information (IRI) while call content is referred to as Content of Communication (CC). In this example, both IRI and CC data is to be collected.2 The ADMF provisions Delivery Function 2 (DF 2) with information pertaining to the target to be lawfully intercepted and DF 2 returns an acknowledgement. Note that DF 2 is used for intercepting only IRI data.3 The ADMF provisions Delivery Function 3 (DF 3) with information pertaining to the target to be lawfully intercepted and DF 3 returns an acknowledgement. Note that DF 3 is used for intercepting only CC data.DF 2 DF 3 LEMF ADMF GGSN/HA15324781096Generally Available03-31-2010 How it Works with GGSN/HA Service3-114 Through a Secure Shell (SSH) session, the ADMF connects to the GGSN/HA and provisions the lawful interception of target information. The provision request includes the target identity (IMSI, MSISDN, IMEI), the type of information to be collected, and the IP addresses of DF 2 and DF 3.The GGSN/HA returns an acknowledgement to the ADMF indicating that the target is inactive.5 The ADMF responds to the LEMF acknowledging the provision request.6 The GGSN/HA receives a session setup request from the target and initiates the process of establishing the session.7 The GGSN/HA sends IRI information pertaining to the targets session to DF 2. The GGSN/HA provides a correlation identification number specific to the interception for the target. This information is used by the LEMF to tie the intercepted IRI to the intercepted CC.8 DF 2 forwards the information to the LEMF.9 The GGSN/HA sends CC information pertaining to the targets session to DF 3. The GGSN/HA provides a correlation identification number specific to the interception for the target.10 DF 3 forwards the information to the LEMF.Lawful Intercept with GGSN/HA Service Generally Available03-31-2010 3-12Existing Call Provisioning OperationThe following figure illustrates LI operation when provisioned for a session that is already in progress.Figure 3-3 Camp-on LI Provisioning Operation for Existing Calls1 The GGSN/HA establish a subscriber session.2 The LEMF provisions the ADMF with information pertaining to a particular target, the type of information to be collected, and the duration over which it is to be collected.The type of information that can be collected is either call event (IRI), call content (CC), or both.In this example, both IRI and CC data is to be collected.3 The ADMF provisions DF 2 with information pertaining to the target to be lawfully intercepted and DF 2 returns an acknowledgement. Note that DF 2 is used for intercepting only IRI data.4 The ADMF provisions DF 3 with information pertaining to the target to be lawfully intercepted and DF 3 returns an acknowledgement. Note that DF 3 is used for intercepting only CC data.DF 2 DF 3 LEMF ADMF GGSN/HA26435781091Generally Available03-31-2010 How it Works with GGSN/HA Service3-135 Through an SSH session, the ADMF connects to the GGSN/HA and provisions the lawful interception of target information. The provision request includes the target identity (IMSI, MSISDN, IMEI), the type of information to be collected, and the IP addresses of DF 2 and DF 3.The GGSN/HA returns an acknowledgement to the ADMF indicating that the target is active.6 The ADMF responds to the LEMF acknowledging the provision request.7 The GGSN/HA sends IRI information pertaining to the targets session to DF 2. The GGSN/HA provides a correlation identification number specific to the interception for the target. This information is used by the LEMF to tie the intercepted IRI to the intercepted CC.8 DF 2 forwards the information to the LEMF.9 The GGSN/HA sends CC information pertaining to the targets session to DF 3. The GGSN/HA provides a correlation identification number specific to the interception for the target.10 DF 3 forwards the information to the LEMF.Lawful Intercept with GGSN/HA Service Generally Available03-31-2010 3-14De-provisioning Operation Upon Intercept Duration ExpiryLaw Enforcement Agencies are generally given a fixed amount of time to perform Lawful Intercepts. The following scenario describes the deprovisioning of an LI.The following figure describes de-provisioning Camp-on LI functionality upon the expiration of the legal intercept period.Figure 3-4 Camp-on LI De-provisioning Operation Upon Intercept Duration Expiry1 The LEMF de-provisions the ADMF from intercepting information for a particular target.2 The ADMF de-provisions DF 2 for the target specified by the LEMF. DF 2 returns an acknowledgement to the ADMF.3 The ADMF de-provisions DF 3 for the target specified by the LEMF. DF 3 returns an acknowledgement to the ADMF.4 Through a Secure Shell (SSH) session, the ADMF connects to the GGSN/HA and de-provisions it. The GGSN/HA returns an acknowledgement to the ADMF indicating that the target is inactive.5 The ADMF responds to the LEMF acknowledging the provision request.DF 2 DF 3 LEMF ADMF GGSN/HA15423Generally Available03-31-2010 Configuring Lawful Intercept Functionality on GGSN/HA3-15Configuring Lawful Intercept Functionality on GGSN/HAThis section provides a high-level series of steps and the associated configuration examples for configuring the system with Lawful Intercept functionality on GGSN/HA in GPRS/UMTS network.IMPORTANTThis section provides the minimum instruction set for configuring an GGSN/HA service that allows the system to provide Lawful Intercept support. Commands that configure additional Lawful Intercept properties are provided in the GGSN Lawful Intercept Interface Specification and Command Line Interface Reference.These instructions assume that you have already configured the system level configuration as described in GGSN Administration Guide.To configure the Lawful Intercept feature on a GGSN/HA service:1 Configure LI context interface and generate SSH key by applying the example configuration in the LI Context and Interface Configuration section.2 Configure the IP header of the content of event delivery message by applying the example configuration in the IP Header Configuration for LI Messages section.3 Create the Lawful Intercept administrative user account by applying the example configuration in the LI Administrative User Account Configuration section.4 Login to DF through SSH session and provision the Lawful Intercept in GGSN/HA service by applying the example configuration in the Provisioning the Lawful Intercept on GGSN/HA section.5 Verify your Lawful Intercept configuration by following the steps in the Verifying LI Configuration section.6 Save your configuration as described in the Saving Your Configuration chapter.LI Context and Interface ConfigurationIMPORTANTLI administrative users must only access the system using the Secure Shell (SSH) protocol. Configuring the SSH server is described under Service Configuration section in the GGSN Administration Guide.This section provides the configuration example to configure the LI context, SSH key, and interface profile in a context:conf i gur econt ext [ - noconf i r m]i nt er f acei paddr ess exi tLawful Intercept with GGSN/HA Service Generally Available03-31-2010 3-16sshgener at ekeyser ver sshdendNote: The local management context should not be used to facilitate Lawful Intercept functionality. The context name is the name of the context in which Lawful Intercept functionality is provisioned.IP Header Configuration for LI MessagesThis section describes the configuration of IP header for LI content or event delivery message. The system transmits intercepted data as either content or event messages to the Delivery Function server DF(s) over an Ethernet interface.conf i gur econt ext l awf ul - i nt er cept sr c- i p- addr endNote: The context name is the name of the context in which Lawful Intercept functionality is configured and provisioned. The IPv4 address for this interface is the source address of the GGSN/HA. The LI-administrator can include the source-address in the IP header of the event delivery or content delivery messages transmitted to the DF to provide a quick ID for a specific intercept.LI Administrative User Account ConfigurationIMPORTANTFor security reasons, it is recommended that the LI Administrator accounts be created only for use with Lawful Intercept functionality and not for general system administration. Note that only security administrators and administrators can provision Lawful Intercept. In addition, to ensure security in accordance with the standards, LI administrative users must only access the system using the Secure Shell (SSH) protocol. Configuring the SSH server is described under Service Configuration section in the GGSN Administration Guide.This section provides the configuration example to configure the LI Administrative user account in a context:conf i gur econt ext admi ni st r at or passwor d l i - admi ni st r at i onendGenerally Available03-31-2010 Configuring Lawful Intercept Functionality on GGSN/HA3-17Note: The context name is the name of the context in which Lawful Intercept functionality is provisioned.Provisioning the Lawful Intercept on GGSN/HAAfter logging in as the LI-administrator by using ssh -l @context command from DF, use the lawful-intercept command in the Exec mode to configure or provision a lawful intercept instruction for the system.These instructions assume that you are in SSH shell and at the root prompt in LI Context , which is already configured, at the Exec mode with following prompt appearing:[ ] #l awf ul - i nt er cept {i mei | i msi | msi sdn }[ cal l t ype{ggsn| ha| sgsn}[ l i - cont ext] i nt er cept - i d cont ent - del i ver y{none|udp- unack- f or mat - 1dest - addr dest - por t } event - del i ver y{none| udp- unack- f or mat - 1dest - addr dest - por t | udp- ack- f or mat - 1dest - addr dest - por t }Note: Command l i - cont ext does not need to be specified when the provisioning is done in the LI context. It needs to be specified, if the command is executed in local or some other context. It could not be local management context. The context name is the name of the context in which Lawful Intercept functionality is configured and provisioned. Specifying call type is not mandatory while provisioning on GGSN targets for any type of event and content delivery format.Verifying LI Configuration1 Verify your conf