You are on page 1of 162

Starent Networks

Multimedia Core
Platforms

Lawful Intercept
Configuration
Guide
Version 9.0

P/N: 901-00-0081 Rev D

NOTICE OF COPYRIGHT

The material contained in this document is for informational purposes only and is subject to change without notice.
No part of this document may be reproduced, transmitted, transcribed, or stored in a retrieval system in any form or
by any means, mechanical, magnetic, optical, chemical, or otherwise without the written permission of Starent
Networks, Corp.
Starent, the Starent logo, ST16, and ST40 are registered trademarks of Starent Networks, Corp. How Wireless
Connects and StarOS are trademarks of Starent Networks, Corp.
VA Linux is a registered trademark of VA Linux Systems, Inc. Microsoft and Microsoft Windows are registered
trademarks of Microsoft Corporation. Sun, Solaris, and Netra are registered trademarks of Sun Microsystems.
Linux is a registered trademark of Linus Torvalds. Adobe, Acrobat, Acrobat Reader are registered trademarks
of Adobe Systems, Inc. CompactFlash is a trademark of SanDisk Corporation. Panduit is a registered trademark
or Panduit Corporation. HyperTerminal is a registered trademark of Hilgraeve Inc. MOLEX is a registered
trademark of Molex Inc. Red Hat is a registered trademark of Red Hat, Inc. Intel is a registered trademark of Intel
Corporation. PacketCable is a trademark of Cable Television Laboratories, Inc.
Any trademarks, trade names, service marks, or service names owned or registered by any other company and used
in this documentation are the property of their respective companies.

Copyright 2010 Cisco and/or its affiliates. All rights reserved.


30 International Place
Tewksbury, MA 01876
978.851.1100
Visit us at http://www.starentnetworks.com

TABLE OF CONTENTS

About This Guide


Conventions Used ......................................................................................................................... viii
Contacting Starent Networks .......................................................................................................... ix
Contacting Starent Networks Customer Support ....................................................................... ix
Providing Documentation Feedback .......................................................................................... x

Section I: Introduction and Overview


Chapter 1: Lawful Intercept in Wireless Data Services
Product Description ...................................................................................................................... 1-2
Product Specification ................................................................................................................... 1-3
Licenses ................................................................................................................................... 1-3
Hardware Requirements .......................................................................................................... 1-3
Platforms ............................................................................................................................. 1-3
Operating System Requirements ............................................................................................. 1-3
Network Deployment and Interfaces ............................................................................................ 1-4
Lawful Intercept with CSCF (P-CSCF and S-CSCF) ............................................................. 1-4
Lawful Intercept with GGSN/HA ............................................................................................ 1-5
Lawful Intercept with PDSN/HA ............................................................................................ 1-6
Active LI support in cdma2000 network ............................................................................ 1-6
Camp-on LI support in cdma2000 network ........................................................................ 1-8
Lawful Intercept with PDN Gateway (P-GW) ........................................................................ 1-9
Lawful Intercept with SGSN ................................................................................................. 1-10
Lawful Intercept with Serving Gateway (S-GW) .................................................................. 1-11
Supported Interfaces .............................................................................................................. 1-11

Section II: Service Configuration


Chapter 2: Lawful Intercept with CSCF Service
Introduction .................................................................................................................................. 2-2
Supported Standards ..................................................................................................................... 2-3
3GPP References ..................................................................................................................... 2-3
Other References ..................................................................................................................... 2-3
Supported Networks and Platforms .............................................................................................. 2-4
Licenses ........................................................................................................................................ 2-5
Functionality Support ................................................................................................................... 2-6
Types of Interception ............................................................................................................... 2-6
Supported LI Interface ............................................................................................................. 2-6

How it Works with CSCF Service ............................................................................................... 2-8


New Call Provisioning Operation ......................................................................................... 2-10
Existing Call Provisioning Operation ................................................................................... 2-12
De-provisioning Upon Call Termination .............................................................................. 2-13
De-provisioning Upon Intercept Duration Expiry ................................................................ 2-14
Configuring Lawful Intercept Functionality on CSCF .............................................................. 2-15
LI Context and Interface Configuration ................................................................................ 2-15
IP Header Configuration for LI Messages ............................................................................ 2-16
LI Administrative User Account Configuration .................................................................... 2-16
Configuring PacketCable DF Setup and Lawful Intercept on CSCF .................................... 2-17
Provisioning the Lawful Intercept on CSCF ......................................................................... 2-17
Verifying LI Configuration ................................................................................................... 2-18
Managing the Service ................................................................................................................. 2-19
Generating Event Logs .......................................................................................................... 2-19
Gathering Statistics and Other Information .......................................................................... 2-19

Chapter 3: Lawful Intercept with GGSN/HA Service


Introduction .................................................................................................................................. 3-2
Supported Standards .................................................................................................................... 3-4
3GPP References ..................................................................................................................... 3-4
Other References ..................................................................................................................... 3-4
Supported Networks and Platforms ............................................................................................. 3-5
Licenses ........................................................................................................................................ 3-6
Functionality Support ................................................................................................................... 3-7
How it Works with GGSN/HA Service ....................................................................................... 3-9
New Call Provisioning Operation ......................................................................................... 3-10
Existing Call Provisioning Operation ................................................................................... 3-12
De-provisioning Operation Upon Intercept Duration Expiry ............................................... 3-14
Configuring Lawful Intercept Functionality on GGSN/HA ...................................................... 3-15
LI Context and Interface Configuration ................................................................................ 3-15
IP Header Configuration for LI Messages ............................................................................ 3-16
LI Administrative User Account Configuration .................................................................... 3-16
Provisioning the Lawful Intercept on GGSN/HA ................................................................. 3-17
Verifying LI Configuration ................................................................................................... 3-17
Managing the Service ................................................................................................................. 3-19
Generating Event Logs .......................................................................................................... 3-19
Gathering Statistics and Other Information .......................................................................... 3-19

Chapter 4: Lawful Intercept with PDSN/HA Service


Introduction .................................................................................................................................. 4-2
Supported Standards .................................................................................................................... 4-3
3GPP References ..................................................................................................................... 4-3
Other References ..................................................................................................................... 4-3
Supported Networks and Platforms ............................................................................................. 4-4
Licenses ........................................................................................................................................ 4-5
Functionality Support ................................................................................................................... 4-6

ii

How it Works with PDSN/HA Service ........................................................................................ 4-7


New Call Provisioning Operation ............................................................................................ 4-9
Existing Call Provisioning Operation .................................................................................... 4-12
De-provisioning Upon Call Termination ............................................................................... 4-14
De-provisioning Upon Intercept Duration Expiry ................................................................. 4-15
Configuring Lawful Intercept Functionality on PDSN/HA ....................................................... 4-17
LI Context and Interface Configuration ................................................................................ 4-17
IP Header Configuration for LI Messages ............................................................................. 4-18
LI Administrative User Account Configuration .................................................................... 4-18
Configuring PacketCable DF Setup and Lawful Intercept on PDSN/HA ............................. 4-19
Provisioning the Lawful Intercept on PDSN/HA .................................................................. 4-19
Verifying LI Configuration ................................................................................................... 4-20
Managing the Service ................................................................................................................. 4-21
Generating Event Logs .......................................................................................................... 4-21
Gathering Statistics and Other Information ........................................................................... 4-21

Chapter 5: Lawful Intercept with PDN Gateway Service


Introduction .................................................................................................................................. 5-2
Supported Standards ..................................................................................................................... 5-4
3GPP References ..................................................................................................................... 5-4
Other References ..................................................................................................................... 5-4
Supported Networks and Platforms .............................................................................................. 5-5
Licenses ........................................................................................................................................ 5-6
Functionality Support ................................................................................................................... 5-7
How it Works with P-GW Service ............................................................................................... 5-9
New Call Provisioning Operation .......................................................................................... 5-10
Existing Call Provisioning Operation .................................................................................... 5-12
De-provisioning Operation Upon Intercept Duration Expiry ................................................ 5-13
Configuring Lawful Intercept Functionality on P-GW .............................................................. 5-15
LI Context and Interface Configuration ................................................................................ 5-15
LI Policy Configuration ......................................................................................................... 5-16
IP Header Configuration for LI Messages ............................................................................. 5-16
LI Administrative User Account Configuration .................................................................... 5-17
Provisioning the Lawful Intercept on P-GW ......................................................................... 5-17
Verifying LI Configuration ................................................................................................... 5-18
Managing the Service ................................................................................................................. 5-19
Generating Event Logs .......................................................................................................... 5-19
Gathering Statistics and Other Information ........................................................................... 5-19

Chapter 6: Lawful Intercept with SGSN Service


Introduction .................................................................................................................................. 6-2
Supported Standards ..................................................................................................................... 6-4
3GPP References ..................................................................................................................... 6-4
Other References ..................................................................................................................... 6-4
Supported Networks and Platforms .............................................................................................. 6-5
Licenses ........................................................................................................................................ 6-6

iii

Functionality Support ................................................................................................................... 6-7


How it Works with SGSN Service ............................................................................................... 6-9
New Call Provisioning Operation ......................................................................................... 6-10
Existing Call Provisioning Operation ................................................................................... 6-12
De-provisioning Operation Upon Intercept Duration Expiry ............................................... 6-13
Configuring Lawful Intercept Functionality on SGSN .............................................................. 6-15
LI Context and Interface Configuration ................................................................................ 6-15
LI Policy Configuration ........................................................................................................ 6-16
IP Header Configuration for LI Messages ............................................................................ 6-16
LI Policy Configuration for SMS .......................................................................................... 6-17
LI Administrative User Account Configuration .................................................................... 6-17
Provisioning the Lawful Intercept on SGSN ......................................................................... 6-18
Verifying LI Configuration ................................................................................................... 6-18
Managing the Service ................................................................................................................. 6-20
Generating Event Logs .......................................................................................................... 6-20
Gathering Statistics and Other Information .......................................................................... 6-20

Chapter 7: Lawful Intercept with Serving Gateway Service


Introduction .................................................................................................................................. 7-2
Supported Standards .................................................................................................................... 7-4
3GPP References ..................................................................................................................... 7-4
Other References ..................................................................................................................... 7-4
Supported Networks and Platforms ............................................................................................. 7-5
Licenses ........................................................................................................................................ 7-6
Functionality Support ................................................................................................................... 7-7
How it Works with S-GW Service ............................................................................................... 7-9
New Call Provisioning Operation ......................................................................................... 7-10
Existing Call Provisioning Operation ................................................................................... 7-12
De-provisioning Operation Upon Intercept Duration Expiry ............................................... 7-13
Configuring Lawful Intercept Functionality on S-GW .............................................................. 7-15
LI Context and Interface Configuration ................................................................................ 7-15
LI Policy Configuration ........................................................................................................ 7-16
IP Header Configuration for LI Messages ............................................................................ 7-16
LI Administrative User Account Configuration .................................................................... 7-17
Provisioning the Lawful Intercept on S-GW ......................................................................... 7-17
Verifying LI Configuration ................................................................................................... 7-18
Managing the Service ................................................................................................................. 7-19
Generating Event Logs .......................................................................................................... 7-19
Gathering Statistics and Other Information .......................................................................... 7-19

Chapter 8: Verifying and Saving Your Configuration


Verifying the Configuration ......................................................................................................... 8-1
Feature Configuration ............................................................................................................. 8-1
Service Configuration ............................................................................................................. 8-2
Context Configuration ............................................................................................................. 8-3
System Configuration .............................................................................................................. 8-3

iv

Finding Configuration Errors .................................................................................................. 8-3


Saving the Configuration .............................................................................................................. 8-4
Saving the Configuration on ST-series Platforms ................................................................... 8-4

Index

vi

ABOUT THIS GUIDE

This section contains an overview of the information contained within this document. It lists
conventions used and related documentation. In addition, it provides information about
contacting Starent Networks Corporation.
This document provides information and instructions for configuring, managing and
maintaining the system, using its command line interface (CLI). Information and
instructions for using the Web Element Manager software application to perform these
functions can be found in the application's online help system.
Topics covered in this reference are:

Operation information and terminology pertinent to the feature configuration

Configuring the services on system for Lawful Intercept support

Monitoring service counters, statistics and status

Troubleshooting service events and network connectivity

Sample configuration scripts

Engineering rules

The system is highly flexible and scalable. Since it is impossible to document every possible
configuration, this reference provides instructions for the minimum set of parameters
needed to make the system operational and support Lawful Intercept feature. Additional
commands that can be used to modify the system to accommodate your specific service and
network requirements are discussed in detail in the Command Line Interface Reference.
For interface and related attribute and VSA information, refer products Lawful Intercept
Interface Specification.
IMPORTANT
The information and instructions in this document assume that the system hardware has
been fully installed and the installation was verified according to the instructions found in
the System Installation Guide. This guide further assumes that basic system-level
configuration and functionality has been configured as described in the System
Administration Guide.

Conventions Used
The following tables describe the conventions used throughout this documentation.
Icon

Notice Type

Description

Information note

Provides information about important


features or instructions.

Caution

Alerts you of potential damage to a


program, device, or system.

Warning

Alerts you of potential personal injury or


fatality. May also alert you of potential
electrical hazards.

Electro-Static Discharge (ESD)

Alerts you to take proper grounding


precautions before handling a product.

Typeface Conventions

Description

Text represented as a screen display

This typeface represents displays that appear on


your terminal screen, for example:
Login:
This typeface represents commands that you
enter, for example:
show ip access-list

Text represented as commands

This document always gives the full form of a


command in lowercase letters. Commands are
not case sensitive.
This typeface represents a variable that is part of
a command, for example:
Text represented as a command variable

show card slot_number


slot_number is a variable representing the
desired chassis slot number.

Text represented as menu or sub-menu names

This typeface represents menus and sub-menus


that you access within a software application, for
example:
Click the File menu, then click New

Command Syntax Conventions

viii

Description

{ keyword or variable }

Required keywords and variables are surrounded by grouped


brackets. Required keywords and variables are those
components that are required to be entered as part of the
command syntax.

[ keyword or variable ]

Optional keywords or variables, or those that a user may or


may not choose to use, are surrounded by square brackets.

Command Syntax Conventions

Description
With some commands there may be a group of variables from
which the user chooses one. These are called alternative
variables and are documented by separating each variable
with a vertical bar (also known as a pipe filter).
Pipe filters can be used in conjunction with required or optional
keywords or variables. For example:

{ nonce | timestamp }
OR
[ count number_of_packets | size number_of_bytes ]

Contacting Starent Networks


Starent Networks, Corp.
30 International Place
Tewksbury, MA USA 01876
Telephone: 978.851.1100
Facsimile: 978.640.6825
E-mail: info@starentnetworks.com
Visit us at: http://www.starentnetworks.com

Contacting Starent Networks Customer Support


Starent Networks' customer support program is designed to provide innovative customer
support and superior service delivery. Our support program is based on the belief that our
customers expect their wireless communications equipment vendor to not be merely a part
of the vendor community, but also their trusted partner. To that end, Starent team
members are prepared to listen, participate with you in growing your successful business,
and work beside you to resolve any issue that may arise.
You can expect to receive fast, accurate, and professional care every time you contact us.
E-mail us at Support@starentnetworks.com or visit us at
https://support.starentnetworks.com/ (a valid user name and password is required to access
this site).
Our mailing address is:
30 International Place
Tewksbury, MA USA 01876
Our shipping address is:

ix

200 Ames Pond Drive


Tewksbury, MA USA 01876
IMPORTANT
For warranty and repair information, please be sure to include the Return Material
Authorization (RMA) tracking number on the outside of the package.

Providing Documentation Feedback


At Starent Networks, we take great pride in the overall quality of our user documentation.
Our Technical Communication team has strived to ensure the accuracy, completeness, and
general usability of our documentation.
As part of our goal to ensure the highest level of quality in our documentation, we welcome
customer feedback. Please e-mail us with any questions, comments, or suggestions at
TechComm@starentnetworks.com. Should you find an error or omission in our
documentation, a request for support can be opened from the Support area of our Internet
site- https://support.starentnetworks.com/. (Note that a valid username and password is
required in order to access this area.) When requesting support for documentation issues,
please ensure that Documentation Request is selected as the request type and that you
provide all relevant information including document title, part number, revision, document
date (if available), and any relevant chapter or page numbers.
We look forward to continually improving the quality of our documentation with your help.

SECTION I
INTRODUCTION AND OVERVIEW

Chapter 1 Lawful Intercept in Wireless Data Services

CHAPTER 1
LAWFUL INTERCEPT IN WIRELESS DATA SERVICES

This guide gives an overview of Lawful Intercept (LI) and its implementation in the
wireless data service system. It also explains the procedure for configuring the system and
executing lawful intercepts of subscriber sessions. The product Administration Guides
provide examples and procedures for configuration of basic services on the system. It is
recommended that you select the configuration example that best meets your service model,
and configure the required elements for that model, as described in the respective product
Administration Guide, before using the procedures in this chapter.
IMPORTANT
Lawful Intercept is a license enabled feature. The basic Lawful Intercept license supports
Active Triggers and Camp-on, and provides limited IRI Event Delivery. You must purchase
and install an Enhanced Lawful Intercept license to have full functionality, which includes
Active Triggers, Camp-on, and Event Delivery with the option to configure UDP
acknowledgements.

This overview provides general information about the MME including:

Product Description

Product Specification

Network Deployment and Interfaces

Lawful Intercept in Wireless Data Services

Product Description
The Lawful Intercept is an enhanced feature which provides interception of data session to
Law Enforcement Agencies (LEAs). LI service are configured differently on different
services. Refer following table to locate relevant chapter for LI configuration on supported
services for LI:
Table 1-1 Applicable Products and Relevant Chapters
Applicable Product(s)

1-2

Refer to Chapter

P-CSCF and C-CSCF

Chapter 2 Lawful Intercept with CSCF Service

GGSN/HA

Chapter 3 Lawful Intercept with GGSN/HA Service

PDSN/HA

Chapter 4 Lawful Intercept with PDSN/HA Service

PDN Gateway

Chapter 5 Lawful Intercept with PDN Gateway Service

SGSN

Chapter 6 Lawful Intercept with SGSN Service

Serving Gateway

Chapter 7 Lawful Intercept with Serving Gateway


Service

Product Specification

Product Specification
This section describes the hardware and software requirement for LI feature support.
The following information is located in this section:

Licenses

Hardware Requirements

Operating System Requirements

Licenses
The LI is a licensed product. A session use license key must be acquired and installed to use
the LI feature service.

For more information on License for this feature, refer respective product chapter in
Section II Service Configuration.

Hardware Requirements
Information in this section describes the hardware required to enable the LI feature service.

Platforms
The LI feature supports all ST-series Multimedia Core Platforms running any of the
following services:

Wi-MAX ASN Gateway

GGSN/HA

LNS

PDSN/HA

PDN Gateway

SGSN

Serving Gateway

Operating System Requirements


The LI feature is available for all Starent Multimedia Core Platforms running StarOS
Release 7.0 or later.

1-3

Lawful Intercept in Wireless Data Services

Network Deployment and Interfaces


This section describes the supported interfaces and configuration scenario of LI in various
networks.
The following LI configuration scenarios are provided in this section:

Lawful Intercept with CSCF (P-CSCF and S-CSCF)

Lawful Intercept with GGSN/HA

Lawful Intercept with PDSN/HA

Lawful Intercept with PDN Gateway (P-GW)

Lawful Intercept with SGSN

Lawful Intercept with Serving Gateway (S-GW)

Supported Interfaces

Lawful Intercept with CSCF (P-CSCF and S-CSCF)


The following figure displays simplified configuration views of the LI interface in an IMS
network with CSCF with the network elements required to provide Camp-on LI support for
the system functioning as either a P-CSCF or an S-CSCF.

1-4

Network Deployment and Interfaces

CSCF

Figure 1-1 Network Elements Supporting Camp-on Lawful Intercept

IMPORTANT
Note that DF 2 and DF 3 can be one in the same device though they are shown here as
separate logical devices.

Lawful Intercept with GGSN/HA


The following figure displays simplified configuration views of the LI in an GPRS/UMTS
network with GGSN/HA with the network elements required to provide Camp-on LI
support for the system functioning as either a GGSN or an HA.

1-5

Lawful Intercept in Wireless Data Services

Administration
Function (ADMF)

Intercepting Control
Element (ICE)

GGSN/HA

Delivery
Function 2 (DF 2)

Law Enforcement
Monitoring Facility (LEMF)

Delivery
Function 3 (DF 3)

Figure 1-2 Network Elements Supporting Camp-on Lawful Intercept with GGSN/HA

IMPORTANT
Note that DF 2 and DF 3 can be one in the same device though they are shown here as
separate logical devices.

Lawful Intercept with PDSN/HA


The system, functioning as a PDSN and/or an HA can perform Active or Camp-on Lawful
Intercepts. Active intercepts are de provisioned as soon as the intercepted session
terminates. Camp-on intercepts stay provisioned and continue to intercept all sessions for
the specified MN until the intercept is de provisioned.

Active LI support in cdma2000 network


The following figure displays the network elements required for the system, functioning as
either a PDSN or an HA, to provide Active LI support.

1-6

Network Deployment and Interfaces

Access
Function (AF)
AAA Server

PDSN/HA

Administration
Function (ADMF)

Delivery
Function (DF)

Collection
Function (CF)

Figure 1-3 Network Elements Supporting Active Lawful Intercept with PDSN/HA

IMPORTANT
Note that the ADMF and DF can be one in the same device though they are shown here as
separate logical devices.

1-7

Lawful Intercept in Wireless Data Services

Camp-on LI support in cdma2000 network


The following figure displays the network elements required for the system, functioning as
either a PDSN and/or HA, to provide Camp-on LI support.

Figure 1-4 Network Elements Supporting Camp-on Lawful Intercept with PDSN/HA

IMPORTANT
Note that DF 2 and DF 3 can be one in the same device though they are shown here as
separate logical devices.

1-8

Network Deployment and Interfaces

Lawful Intercept with PDN Gateway (P-GW)


The following figure displays simplified configuration views of the LI in an LTE/SAE
network with P-GW with the network elements required to provide Camp-on LI support for
the system functioning as a PDN Gateway.
Administration
Function (ADMF)

Intercepting Control
Element (ICE)

PDN Gateway

Delivery
Function 2 (DF 2)

Law Enforcement
Monitoring Facility (LEMF)

Delivery
Function 3 (DF 3)

Figure 1-5 Network Elements Supporting Camp-on Lawful Intercept with Serving Gateway

IMPORTANT
Note that DF 2 and DF 3 can be one in the same device though they are shown here as
separate logical devices.

1-9

Lawful Intercept in Wireless Data Services

Lawful Intercept with SGSN


The following figure displays simplified configuration views of the LI in an GPRS/UMTS
network with SGSN with the network elements required to provide Camp-on LI support for
the system functioning as an SGSN.
Administration
Function (ADMF)

Intercepting Control
Element (ICE)

SGSN

Delivery
Function 2 (DF 2)

Law Enforcement
Monitoring Facility (LEMF)

Delivery
Function 3 (DF 3)

Figure 1-6 Network Elements Supporting Camp-on Lawful Intercept with SGSN

IMPORTANT
Note that DF 2 and DF 3 can be one in the same device though they are shown here as
separate logical devices.

1-10

Network Deployment and Interfaces

Lawful Intercept with Serving Gateway (S-GW)


The following figure displays simplified configuration views of the LI in an LTE/SAE
network with S-GW with the network elements required to provide Camp-on LI support for
the system functioning as an Serving Gateway.
Administration
Function (ADMF)

Intercepting Control
Element (ICE)

Serving Gateway

Delivery
Function 2 (DF 2)

Law Enforcement
Monitoring Facility (LEMF)

Delivery
Function 3 (DF 3)

Figure 1-7 Network Elements Supporting Camp-on Lawful Intercept with Serving Gateway

IMPORTANT
Note that DF 2 and DF 3 can be one in the same device though they are shown here as
separate logical devices.

Supported Interfaces
In support of different network elements for Lawful Intercept system supports various
interface. For more information on supported interfaces and other attributes, refer Lawful
Intercept Interface Specification document for specific network service product.

1-11

Lawful Intercept in Wireless Data Services

1-12

SECTION II
SERVICE CONFIGURATION

Chapter 2 Lawful Intercept with CSCF Service


Chapter 3 Lawful Intercept with GGSN/HA Service
Chapter 4 Lawful Intercept with PDSN/HA Service
Chapter 5 Lawful Intercept with PDN Gateway Service
Chapter 6 Lawful Intercept with SGSN Service
Chapter 7 Lawful Intercept with Serving Gateway Service
Chapter 8 Verifying and Saving Your Configuration

CHAPTER 2
LAWFUL INTERCEPT WITH CSCF SERVICE

This chapter gives an overview of Lawful Intercept (LI) and its implementation in the
system. It also explains the procedure for configuring the system and executing lawful
intercepts of subscriber sessions. The SCM Administration Guide provides examples and
procedures for configuration of basic services on the system. It is recommended that you
select the configuration example that best meets your service model, and configure the
required elements for that model, as described in the SCM Administration Guide, before
using the procedures in this chapter.
IMPORTANT
Lawful Intercept is a license enabled feature. The basic Lawful Intercept license supports
Active Triggers and Camp-on, and provides limited IRI Event Delivery. You must purchase
and install an Enhanced Lawful Intercept license to have full functionality, which includes
Active Triggers, Camp-on, and Event Delivery with the option to configure UDP
acknowledgements.

This chapter discusses following for Lawful Intercept support:

Introduction

Supported Standards

Supported Networks and Platforms

Licenses

Functionality Support

How it Works with CSCF Service

Configuring Lawful Intercept Functionality on CSCF

Managing the Service

Lawful Intercept with CSCF Service

Introduction
The system supports the lawful interception (LI) of subscriber session information. This
functionality provides Telecommunication Service Providers (TSPs) with a mechanism to
assist Law Enforcement Agencies (LEAs) in the monitoring of suspicious individuals
(referred to as targets) for potential criminal activity.
LEAs provide one or more TSPs with court orders or warrants requesting the monitoring of
a particular target. The target is identified by information such as their SIL URL or TEL
URL.
Once the target has been identified, the system, functioning as either P-CSCF or S-CSCF,
serves as an access function (AF) and performs monitoring for both new data sessions that
are already in progress. While monitoring, the system intercepts and duplicates session
content/Content of Communication (CC) and/or Intercept Related Information (IRI) and
forwards it to a delivery function (DF) over an extensible, proprietary interface. The DF, in
turn, delivers the intercepted content to one or more collection functions (CFs).
Typically the intercept will of following type:

Call Identifying Information (CII)

CII + dialed digit extension

Full Intercept

This information is provisioned in the form of SIP URI or TEL URI. The address of LI
Server (DF) also needs to be provisioned for collecting the Call Event Data (or IRI). Both
P-CSCF and S-CSCF are used as intercept points. The S-CSCF and P-CSCF will report the
SIP Messages to or from the user under surveillance to LI server using the LI interface.
CAUTION
The procedure for P-CSCF and S-CSCF is still in development stage in 3GPP specification
and not clearly defined in 3GPP. The implantation of LI in CSCF is subject to change in
future.

IMPORTANT
If the session recovery feature is enabled on the system and an intercepted session is
recovered all, LI monitoring information will be recovered with it and LI will be restarted.

2-2

Supported Standards

Supported Standards
The LI feature complies with the following standards for 3GPP wireless data services.

3GPP References

Other References

3GPP References

3GPP TS 33.106 V8.1.0 (2008-09): 3rd Generation Partnership Project; Technical


Specification Group Services and System Aspects; 3G security; Lawful Interception
requirements (Release 8)

3GPP TS 33.107 V8.5.0 (2008-09): 3rd Generation Partnership Project; Technical


Specification Group Services and System Aspects; 3G security; Lawful interception
architecture and functions (Release 8)

3GPP TS 33.108 V8.0.0 (2007-06): 3rd Generation Partnership Project; Technical


Specification Group Services and System Aspects; 3G security; Handover interface for
Lawful Interception (LI) (Release 8)

Other References
The following directives were referenced for the Starent Networks LI implementation:

RFC 3603, Private Session Initiation Protocol (SIP) Proxy-to-Proxy Extensions for
Supporting the Packet Cable Distributed Call Signaling Architecture

TR-45 Lawfully Authorized Electronic Surveillance TIA/EIA J-STD-025 PN4465 RV


1.7

Technical Directive: Requirements for implementing statutory telecommunications


interception measures (TR TK), Version 4.0

PKT-SP-ES-INF-I02-061013: PacketCable 2.0 Electronic Surveillance Intra-Network


Specification

PKT-SP-ES-DCI-I01-060914: PacketCable 2.0 Electronic Surveillance Delivery


Function to Collection Function Interface Specification

2-3

Lawful Intercept with CSCF Service

Supported Networks and Platforms


This feature supports all ST-series Multimedia Core Platforms with StarOS Release 7.0 or
later running CSCF service.

2-4

Licenses

Licenses
A separate feature license is required to enable this feature.
Depending of feature usage, apart from base CSCF service license, any one of the following
license is required to enable this feature with CSCF service:

Lawful Intercept - 600-00-7522

Enhanced Lawful Intercept - 600-00-7567, 600-00-8534 (includes basic Lawful


Intercept license)

For more information on license requirements for this feature, contact your local sales
representative.

2-5

Lawful Intercept with CSCF Service

Functionality Support
This section describes the supported functions and interfaces on CSCF for LI.
The GGSN/HA supports following functions for provisioning of both IRI and CC:

Provisioning of an Intercept from Delivery/Mediation Function

De-Provisioning of an Intercept from Delivery/Mediation Function

Delivery of intercepted Control/Data to the Delivery/Mediation Function.

Starent CSCF supports Subject Based Lawful Interception using SIP URL and TEL URL as
target identity. The CSCF provides a proprietary interface to a 3rd party Mediation Function
(MF) or Delivery Function (DF). Having 3rd party MF is important as it hides all the
country specific details from CSCF.

Target Provisioning/De-Provisioning: Command Line Interface (CLI) over SSH


session will be used by Delivery Function for provisioning and de-provisioning session
intercept as it is used in PDSN/HA.

Delivery of Intercepted Data: CSCF provides UDP/IP based interface for delivering
the Call Event Data and Call Content Data. This interface cannot be used for CSCF
requirements. CSCF will use the Diameter interface for delivering the Call Event Data.

Types of Interception
A command line interface (CLI) over SSH session will be used by DF for provisioning and
de-provisioning of session intercept.
The CSCF provides following type of interceptions for target entitys sessions:

Interception when the call is active: If the call is already active and the DF provisions
that call, the target provision response from CSCF will contain detailed information on
the intercepted call. For the active call intercept event messages sent for future signaling
messages (in-dialog messages) for the same call.

camp-on mode: When Delivery Function tries to provision a target in CSCF, it does
not know whether the call is already active or not. So when a provisioning requested is
received for a session, which is inactive at that time, CSCF has to store that provisioning
information and inform the Delivery Function when the corresponding session is
connected in future.

Supported LI Interface
The CSCF supports following types of interfaces for LI support on CSCF:

Generic proprietary interface: this interface is not support in this version.

Diameter interface as specified in PacketCable Specification.

Currently LI on Starent CSCF uses the Diameter-based interfaces for Lawful Intercept:

2-6

Functionality Support

Provisioning Interface (INI1): The INI1 interface between AF and SS8 DF carries
messages via TCP/IP. To provide more security SSLv3 is used on top of TCP/IP. The
messages sent on the INI1 interface include target identities (SIP URL, TEL URL), the
information whether CC will be provided and the address of DF2 and DF3 delivery
function entities.
The lawful-intercept-ssdf CLI command is used to start interception for a target
identity. Interception of only events (IRI) or events and data (IRI + CC) can be
provisioned. The status of provisioning will be immediately displayed.
If the provisioning was done while the call is active for that target identity then the
intercepted information will be forwarded to the DF immediately. Otherwise the system
waits for the next session to arrive and permanently compares the SIP URL/TEL URL to
the LI monitoring list. If a match is found then the IRI and CC will be forwarded to the
MF/DF.
In case more than one target Identity (say SIP URL/TEL URL of some subscriber) are
provisioned for the same call then only one set of information will be forwarded to the
DF.
The no lawful-intercept-ssdf CLI command is used to stop interception.

Event Delivery Interface (INI2): The INI2 is the interface between the AF and SS8 DF
(Delivery Function). INI2 messages are carried via TCP/IP. SSLv3 over TCP is used to
provide more confidentiality.
After provisioning the list of target needs to be intercepted through provisioning
interface, the VPN manager will update all the SessMgr with the provisioning data. This
data will consist of the list of target that needs to be intercepted and the collector function
address/port to which the data needs to be sent.
Whenever a user is registered, each system checks the user against list of users
provisioned to intercept. If it matches, the corresponding call line will be marked to send
the intercepted data. So whenever the messages flow from/to the user, the event needs to
be sent to DF's address.
AF needs to establish a TCP connection and authenticate itself to the DF before sending
the event-data to DF. The link test messages should be sent periodically to keep the
connection alive.
The following information is transferred to the DF entity over the INI2 interface:

target identity (SIP URL, TEL URL)

events and associated parameters as defined in the standard

the target location (if available)

Correlation number

For more information on supported interface specification, message and TLV format, and
attributes, refer CSCF Lawful Intercept Interface Specification.

2-7

Lawful Intercept with CSCF Service

How it Works with CSCF Service


The system, functioning as a CSCF (P-CSCF or S-CSCF) can perform Active or Camp-on
Lawful Intercepts. Active intercepts are deprovisioned as soon as the intercepted session
terminates. Camp-on intercepts stay provisioned and continue to intercept all sessions for
the specified user until the intercept is deprovisioned.
This section discusses following procedures:

New Call Provisioning Operation

Existing Call Provisioning Operation

De-provisioning Upon Call Termination

De-provisioning Upon Intercept Duration Expiry

The following figure displays the network elements required for the system, functioning as
either a P-CSCF or S-CSCF, to provide Active LI support.
Access
Function (AF)
AAA Server

CSCF

Administration
Function (ADMF)

Delivery
Function (DF)

Collection
Function (CF)

Figure 2-1 Network Elements Supporting Active Lawful Intercept

IMPORTANT
Note that the ADMF and DF can be one in the same device though they are shown here as
separate logical devices.

2-8

How it Works with CSCF Service

The following figure displays the network elements required for the system, functioning as
either a P-CSCF or S-CSCF, to provide Camp-on LI support.

CSCF

Figure 2-2 Network Elements Supporting Camp-on Lawful Intercept

IMPORTANT
Note that DF 2 and DF 3 can be one in the same device though they are shown here as
separate logical devices.

2-9

Lawful Intercept with CSCF Service

New Call Provisioning Operation


The following figure shows the systems Camp-on LI operation when provisioned for a
session that has not yet started.

CSCF

ADMF

DF 2

LEMF

DF 3

1
2
3
4
5
6
7
8
9
10

Figure 2-3 Camp-on LI Provisioning Operation for New Calls

1 The Law Enforcement Monitoring Facility (LEMF) provisions the Administration Function
(ADMF) with information pertaining to a particular target, the type of information to be
collected, and the duration over which it is to be collected.
The type of information that can be collected is either call event (control messages), call
content (data), or both. Note that call event information is referred to as Intercept Related
Information (IRI) while call content is referred to as Content of Communication (CC).
In this example, both IRI and CC data is to be collected.
2 The ADMF provisions Delivery Function 2 (DF 2) with information pertaining to the target
to be lawfully intercepted and DF 2 returns an acknowledgement. Note that DF 2 is used for
intercepting only IRI data.
3 The ADMF provisions Delivery Function 3 (DF 3) with information pertaining to the target
to be lawfully intercepted and DF 3 returns an acknowledgement. Note that DF 3 is used for
intercepting only CC data.

2-10

How it Works with CSCF Service

4 Through a Secure Shell (SSH) session, the ADMF connects to the CSCF (P-CSCF or
S-CSCF) and provisions the lawful interception of target information. The provision request
includes the target identity (the SIP URL/TEL URL), the type of information to be
collected, and the IP addresses of DF 2 and DF 3.
The CSCF returns an acknowledgement to the ADMF indicating that the target is inactive.
5 The ADMF responds to the LEMF acknowledging the provision request.
6 The CSCF receives a session setup request from the target and initiates the process of
establishing the session.
7 The CSCF sends IRI information pertaining to the targets session to DF 2. The CSCF
provides a correlation identification number specific to the interception for the target. This
information is used by the LEMF to tie the intercepted IRI to the intercepted CC.
8 DF 2 forwards the information to the LEMF.
9 The S-CSCF sends CC information pertaining to the targets session to DF 3. The S-CSCF
provides a correlation identification number specific to the interception for the target.
10 DF 3 forwards the information to the LEMF.

2-11

Lawful Intercept with CSCF Service

Existing Call Provisioning Operation


The following figure illustrates LI operation when provisioned for a session that is already
in progress.

CSCF

ADMF

DF 2

LEMF

DF 3

1
2
3
4
5
6
7
8
9
10

Figure 2-4 Camp-on LI Provisioning Operation for Existing Calls

1 A subscriber session is already established on the CSCF(P-CSCF or S-CSCF).


2 The LEMF provisions the ADMF with information pertaining to a particular target, the type
of information to be collected, and the duration over which it is to be collected.
The type of information that can be collected is either call event (IRI), call content (CC), or
both.
In this example, both IRI and CC data is to be collected.
3 The ADMF provisions DF 2 with information pertaining to the target to be lawfully
intercepted and DF 2 returns an acknowledgement. Note that DF 2 is used for intercepting
only IRI data.
4 The ADMF provisions DF 3 with information pertaining to the target to be lawfully
intercepted and DF 3 returns an acknowledgement. Note that DF 3 is used for intercepting
only CC data.

2-12

How it Works with CSCF Service

5 Through an SSH session, the ADMF connects to the CSCF and provisions the lawful
interception of target information. The provision request includes the target identity (the
IMSI, and the MSISDN), the type of information to be collected, and the IP addresses of DF
2 and DF 3.
The CSCF returns an acknowledgement to the ADMF indicating that the target is active.
6 The ADMF responds to the LEMF acknowledging the provision request.
7 The CSCF sends IRI information pertaining to the targets session to DF 2. The CSCF
provides a correlation identification number specific to the interception for the target. This
information is used by the LEMF to tie the intercepted IRI to the intercepted CC.
8 DF 2 forwards the information to the LEMF.
9 The CSCF sends CC information pertaining to the targets session to DF 3. The CSCF
provides a correlation identification number specific to the interception for the target.
10 DF 3 forwards the information to the LEMF.

De-provisioning Upon Call Termination


The following figure describes de-provisioning LI functionality upon the termination of a
targets data session.

AAA
Server

CSCF

ADMF

DF

CF

1
2
3
4
5

Figure 2-5 Active LI De-provisioning Operation Upon Call Termination

1 The CSCF sends Accounting Stop message to the AAA server indicating the termination of
a targets data session. The message includes relevant information about the target.
2 The AAA server sends a message to the ADMF indicating a change in the state of the target
(i.e active to inactive).
3 The ADMF acknowledges the message in a response to the AAA server.
4 Through an SSH session, the ADMF connects to the CSCF and de-provisions the lawful
intercept functionality for the target.

2-13

Lawful Intercept with CSCF Service

5 The CSCF acknowledges the message in a response to the ADMF server.

De-provisioning Upon Intercept Duration Expiry


Law Enforcement agencies are generally given a fixed amount of time to perform Lawful
Intercepts.
The following figure describes de-provisioning Camp-on LI functionality upon the
expiration of the legal intercept period.

CSCF

ADMF

DF 2

DF 3

LEMF

1
2
3
4
5

Figure 2-6 Camp-on LI De-provisioning Operation Upon Intercept Duration Expiry

1 The LEMF de-provisions the ADMF from intercepting information for a particular target.
2 The ADMF de-provisions DF 2 for the target specified by the LEMF. DF 2 returns an
acknowledgement to the ADMF.
3 The ADMF de-provisions DF 3 for the target specified by the LEMF. DF 3 returns an
acknowledgement to the ADMF.
4 Through a Secure Shell (SSH) session, the ADMF connects to the CSCF and de-provisions
it. The CSCF returns an acknowledgement to the ADMF indicating that the target is
inactive.
5 The ADMF responds to the LEMF acknowledging the provision request.

2-14

Configuring Lawful Intercept Functionality on CSCF

Configuring Lawful Intercept Functionality on CSCF


This section provides a high-level series of steps and the associated configuration examples
for configuring the system with Lawful Intercept functionality on CSCF in a network.
IMPORTANT
This section provides the minimum instruction set for configuring a CSCF service that
allows the system to provide Lawful Intercept support. Commands that configure additional
Lawful Intercept properties are provided in the CSCF Lawful Intercept Interface
Specification and Command Line Interface Reference.

These instructions assume that you have already configured the system level configuration
as described in SCM Administration Guide.
To configure the Lawful Intercept feature on a CSCF service:
1 Configure LI context, interface and generate SSH key by applying the example
configuration in the LI Context and Interface Configuration section.
2 Configure the IP header of the content of event delivery message and other attributes, i.e.
base station id, by applying the example configuration in the IP Header Configuration for
LI Messages section.
3 Create and configure the Lawful Intercept administrative user account by applying the
example configuration in the LI Administrative User Account Configuration section.
4 Login to DF through SSH session using SSH key and configure PacketCable-based DF
setup and content delivery for the Lawful Intercept in CSCF service by applying the
example configuration in the Configuring PacketCable DF Setup and Lawful Intercept on
CSCF section.
5 Login to DF through SSH session and provision the Lawful Intercept in CSCF service by
applying the example configuration in the Provisioning the Lawful Intercept on CSCF
section.
6 Verify your Lawful Intercept configuration by following the steps in the Verifying LI
Configuration section.
7 Save your configuration as described in the Saving Your Configuration chapter.

LI Context and Interface Configuration


IMPORTANT
LI administrative users must only access the system using the Secure Shell (SSH) protocol.
Configuring the SSH server is described under Service Configuration section in the SCM
Administration Guide.

This section provides the configuration example to configure the LI context, SSH key, and
interface profile in a context:

2-15

Lawful Intercept with CSCF Service

configure
context <li_context_name> [-noconfirm]
interface <li_interface>
ip address <li_ip_addr> <netmask>
exit
ssh generate key
server sshd
end

Note:

The local management context should not be used to facilitate Lawful Intercept
functionality.

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is provisioned.

IP Header Configuration for LI Messages


This section describes the configuration of IP header for LI content or event delivery
message with event attribute. The system transmits intercepted data as either content or
event messages to the Delivery Function server DF(s) over an Ethernet interface.
configure
context <li_context_name>
lawful-intercept src-li-addr <source_IP_addr> <netmask>
end

Note:

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is configured and provisioned.

The IPv4 address <source_IP_addr> for this interface is the source address of the
CSCF.

The LI-administrator can include the source-address in the IP header of the event
delivery or content delivery messages transmitted to the DF to provide a quick ID for
a specific intercept.

LI Administrative User Account Configuration


IMPORTANT
For security reasons, it is recommended that the LI Administrator accounts be created only
for use with Lawful Intercept functionality and not for general system administration. Note
that only security administrators and administrators can provision Lawful Intercept. In
addition, to ensure security in accordance with the standards, LI administrative users must
only access the system using the Secure Shell (SSH) protocol.
Configuring the SSH server is described under Service Configuration section in the SCM
Administration Guide.

This section provides the configuration example to configure the LI Administrative user
account in a context:

2-16

Configuring Lawful Intercept Functionality on CSCF

configure
context <li_context_name>
administrator <user_name> password <passwd> li-administration
end

Note:

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is provisioned.

Configuring PacketCable DF Setup and Lawful Intercept on CSCF


After logging in as the LI-administrator by using ssh -l <li_admin_name>@context
command from DF, use the lawful-intercept command in the Exec mode to
configure or provision a lawful intercept instruction for the system.

<cscf_ip>

These instructions assume that you are in SSH shell and at the root prompt in LI Context
<li_context_name>, which is already configured, at the Exec mode with following prompt
appearing:
[<li_context_name>]<host_name>#
lawful-intercept packet-cable content-delivery df-setup content-id <id>
calltype cscf dest-addr <ip_addr> dest-port <port> li-context <li_ctx>
lawful-intercept packet-cable content-delivery intercept-request
content-id <id> calltype cscf filter-spec src-ip-addr <ip_addr>

Note:

Command li-context <li_context_name> does not need to be specified when the


provisioning is done in the LI context. It needs to be specified, if the command is
executed in local or some other context. It could not be local management context.

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is configured and provisioned.

Provisioning the Lawful Intercept on CSCF


After logging in as the LI-administrator by using ssh -l <li_admin_name>@context
command from DF, use the lawful-intercept command in the Exec mode to
configure or provision a lawful intercept instruction for the system.

<cscf_ip>

These instructions assume that you are in SSH shell and at the root prompt in LI Context
<li_context_name>, which is already configured, at the Exec mode with following prompt
appearing:
[<li_context_name>]<host_name>#
lawful-intercept ssdf dest-addr <ip_addr> dest-port <port> serial-number
<AF_num> version <ver> li-context <li_context_name>
lawful-intercept packet-cable content-delivery df-setup content-id <id>
calltype cscf dest-addr <ip_addr> dest-port <port> li-context <li_ctx>

2-17

Lawful Intercept with CSCF Service

lawful-intercept packet-cable content-delivery intercept-request


content-id <id> calltype cscf filter-spec src-ip-addr <ip_addr>

Note:

Command li-context <li_context_name> does not need to be specified when the


provisioning is done in the LI context. It needs to be specified, if the command is
executed in local or some other context. It could not be local management context.

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is configured and provisioned.

Verifying LI Configuration
1 Verify your configuration done for LI support by entering the following command in Exec
Mode:
show configuration

The following is an sample output of this command shows information saved in the LI
context configuration file:
banner lawful-intercept "LAWFUL INTERCEPT"
context li
lawful-intercept src-ip-addr 192.168.100.10
subscriber default
#exit
administrator liadmin encrypted password 5c4a3 li-administration
#exit
snmp engine-id local 800007e5809dd08c3e74e7373f
end

IMPORTANT
For security reasons none of the information and parameter specified during configuring the
the Lawful Intercept feature are saved in configuration files and is not shown when the
show configuration command is executed.

2-18

Managing the Service

Managing the Service


This section describes how to manage and administer the LI feature on a CSCF service.
It includes following procedures:

Generating Event Logs

Gathering Statistics and Other Information

For more information on LI management and administration, refer CSCF Lawful Intercept
Interface Specification.

Generating Event Logs


There is an LI event facility and corresponding event logs are generated. These logs are only
visible to system administrative users with li-administrator privileges.
For more information on configuring and viewing logging, refer to Configuring and
Viewing System Logs in System Administration Guide.

Gathering Statistics and Other Information


Information and statistics can be viewed for Lawful Intercept functionality. This
information is only visible to system administrative users with li-administrator privileges.
1 Verify your currently provisioned intercepts. by entering the following command in Exec
Mode:
show lawful-intercept packet-cable event-delivery all

The output of this command is a concise listing of all Lawful Intercept contexts settings as
shown in the sample output displayed below.
+------ S - Status of the interception (A) active (I) inactive
|+----- P - Provisioning method
(C) camp-on (A) active-only
||+---- T - Call Type (P) PDSN (H) HA (L) LNS (G) GGSN (S) SGSN
|||
(F) PDIF (N) ASNGW (C) CSCF
|||+--- R - Cscf Role (P) PROXY-CSCF (S) SERVING-CSCF (C) S-I-P-CSCF
||||
(N) Not Applicable
|||| +- M - Mobile ID (I) IMSI/MSID (M) MSISDN (E) IMEI
|||| |
|||| |
Event delivery method -------------------------------------------------+
|||| |
Content delivery method ---------------------------------------+
|
|||| |
Intercept ID
-----------------------------------+
|
|
vvvv v
|
|
|
SPTR M ID USERNAME
IP
Int.ID
Cont. Event
---- ------------------ ---------------------- --------------- -------- ------ ----ACCP I user1@192.168.49.1:5060
192.168.48.2
1
none diameter
ACCS I user1@192.168.49.1:5060
192.168.48.2
1
none diameter
ICC- - user2@192.168.49.1:5060
2
none diameter
Total active lawfully intercepted calls 2
Total camp-on triggers 2

2 Display your PacketCable event delivery related statistics by entering the following
command in Exec Mode:
show lawful-intercept packet-cable event-delivery full all

2-19

Lawful Intercept with CSCF Service

The output of this command is a concise listing of LI related statistics and parameter
settings as shown in the sample output displayed below.
Username
:
user1@192.168.49.1:5060
ip-address :
192.168.48.2
msid/imsi
:
msisdn
:
imei
:
session
:
Session Present
service-type:
cscf
role
:
proxy-cscf
li-context :
pcscfvpn
intercept-id:
1
Content-delivery: none
Num. Intercepted pkt forwarded for Active call: 0
Event-delivery: diameter
Num. Intercepted pkt forwarded for Active call: 0
Provisioning method: Camp-on trigger
LI-index
:
1
Username
:
user1@192.168.49.1:5060
ip-address :
192.168.48.2
msid/imsi
:
msisdn
:
imei
:
session
:
Session Present
service-type:
cscf
role
:
serving-cscf
li-context :
pcscfvpn
intercept-id:
1
Content-delivery: none
Num. Intercepted pkt forwarded for Active call: 0
Event-delivery: diameter
Num. Intercepted pkt forwarded for Active call: 0
Provisioning method: Camp-on trigger
LI-index
:
1
Username
:
user2@192.168.49.1:5060
ip-address :
msid/imsi
:
msisdn
:
imei
:
session
:
No Session
service-type:
cscf
li-context :
pcscfvpn
intercept-id:
1
Content-delivery: none
Num. Intercepted pkt forwarded for Active call: 0
Event-delivery: diameter
Num. Intercepted pkt forwarded for Active call: 0
Provisioning method: Camp-on trigger
LI-index
:
2
Total active lawfully intercepted calls 2
Total camp-on triggers 2

2-20

Managing the Service

2-21

Lawful Intercept with CSCF Service

2-22

CHAPTER 3
LAWFUL INTERCEPT WITH GGSN/HA SERVICE

This chapter gives an overview of Lawful Intercept (LI) and its implementation in the
system. It also explains the procedure for configuring the system and executing lawful
intercepts of subscriber sessions. The GGSN Administration Guide provides examples and
procedures for configuration of basic services on the system. It is recommended that you
select the configuration example that best meets your service model, and configure the
required elements for that model, as described in the GGSN Administration Guide, before
using the procedures in this chapter.
IMPORTANT
Lawful Intercept is a license enabled feature. The basic Lawful Intercept license supports
Active Triggers and Camp-on, and provides limited IRI Event Delivery. You must purchase
and install an Enhanced Lawful Intercept license to have full functionality, which includes
Active Triggers, Camp-on, and Event Delivery with the option to configure UDP
acknowledgements.

This chapter discusses following for Lawful Intercept support:

Introduction

Supported Standards

Supported Networks and Platforms

Licenses

Functionality Support

How it Works with GGSN/HA Service

Configuring Lawful Intercept Functionality on GGSN/HA

Managing the Service

Lawful Intercept with GGSN/HA Service

Introduction
The system supports the lawful interception (LI) of subscriber session information. This
functionality provides Telecommunication Service Providers (TSPs) with a mechanism to
assist Law Enforcement Agencies (LEAs) in the monitoring of suspicious individuals
(referred to as targets) for potential criminal activity.
LEAs provide one or more TSPs with court orders or warrants requesting the monitoring of
a particular target. The target is identified by information such as their mobile station
identification (MSID) number, their name, assigned IP address, or their network access
identifier (NAI). In 3GPP networks this identification may be based on information such as
their mobile station Integrated Services Digital Network (MSISDN) number, or their
international mobile subscriber identification (IMSI) number or IMEI matching 14 octets
available from IMEI-SV field.
The IRI and CC packets contain 14 octets IMEI value which will be used as target for
interception.
Once the target has been identified, the system, functioning as either a core network service
or HA, serves as an access function (AF) and performs monitoring for both new data
sessions/PDP contexts or sessions/PDP contexts that are already in progress. While
monitoring, the system intercepts and duplicates session content/Content of
Communication (CC) and/or Intercept Related Information (IRI) and forwards it to a
delivery function (DF) over an extensible, proprietary interface. The DF, in turn, delivers
the intercepted content to one or more collection functions (CFs).
Note that when a target in 3GPP network establishes multiple simultaneous PDP contexts,
the system intercepts CC and IRI for each of them.
For the GGSN/HA, the following IRI events are collected:

PDP context activation

PDP context de-activation

PDP Context Modification

Start of interception with PDP context active

The following table displays the information that could be sent by the GGSN/HA to the DF
for each of the events if it is available.

3-2

Introduction

Table 3-1 Information Provided per GGSN/HA IRI Event


Supported GGSN/HA IRI Events
PDP Context
Activation

Information Provided

PDP Context
De-activation

Start of Interception
with PDP Context Active

Observed MSISDN

Observed IMSI

Observed IMEI

PDP Address (observed party)

Event type

Event Time

Event Date

Correlation Number

Access Point Name

PDP Type

Network Element Identifier

Local Information

Failed Context Activation Reason

IAs (if applicable)

IMPORTANT
If the session recovery feature is enabled on the system and an intercepted session is
recovered all, LI monitoring information will be recovered with it and LI will be restarted.

3-3

Lawful Intercept with GGSN/HA Service

Supported Standards
The LI feature complies with the following standards for 3GPP wireless data services.

3GPP References

Other References

3GPP References

3GPP TS 33.106 V8.1.0 (2008-09): 3rd Generation Partnership Project; Technical


Specification Group Services and System Aspects; 3G security; Lawful Interception
requirements (Release 8)

3GPP TS 33.107 V8.5.0 (2008-09): 3rd Generation Partnership Project; Technical


Specification Group Services and System Aspects; 3G security; Lawful interception
architecture and functions (Release 8)

3GPP TS 33.108 V8.0.0 (2007-06): 3rd Generation Partnership Project; Technical


Specification Group Services and System Aspects; 3G security; Handover interface for
Lawful Interception (LI) (Release 8)

Other References
The following directives were referenced for the Starent Networks LI implementation:

3-4

TR-45 Lawfully Authorized Electronic Surveillance TIA/EIA J-STD-025 PN4465 RV


1.7

Technical Directive: Requirements for implementing statutory telecommunications


interception measures (TR TK), Version 4.0

Supported Networks and Platforms

Supported Networks and Platforms


This feature supports all ST-series Multimedia Core Platforms with StarOS Release 7.0 or
later running GGSN and/or HA service.

3-5

Lawful Intercept with GGSN/HA Service

Licenses
A separate feature license is required to enable this feature.
Depending of feature usage, apart from base GGSN and/or HA service license, any one of
the following license is required to enable this feature with GGSN/HA service:

Lawful Intercept - 600-00-7522

Enhanced Lawful Intercept - 600-00-7567, 600-00-8534 (includes basic Lawful


Intercept license)

For more information on license requirements for this feature, contact your local sales
representative.

3-6

Functionality Support

Functionality Support
This section describes the supported functions and interfaces on GGSN/HA for LI.
The GGSN/HA supports following functions for provisioning of both IRI and CC:

Provisioning of an Intercept from Delivery/Mediation Function

De-Provisioning of an Intercept from Delivery/Mediation Function

Delivery of intercepted Control/Data to the Delivery/Mediation Function.

Starent GGSN/HA supports Subject Based Lawful Interception using IMSI/MSISDN/IMEI


as target identity. The GGSN/HA provides a proprietary interface to a 3rd party Mediation
Function (MF) or Delivery Function (DF).
LI on Starent AGW uses the three main interfaces for Lawful Intercept:

Provisioning Interface (X1_1): This is a proprietary interface called X1_1 interface


corresponds to the command line interface over SSH session used by the ADMF. The
messages sent on the X1_1 interface include target identities (IMSI/MSISDN/IMEI), the
information whether CC will be provided and the address of DF2 and DF3 delivery
function entities.
The lawful-intercept CLI command is used to start interception for a target identity.
Interception of only events (IRI) or events and data (IRI + CC) can be provisioned. The
status of provisioning will be immediately displayed.
If the provisioning was done while the call is active for that target identity then the
intercepted information will be forwarded to the DF immediately. Otherwise the system
waits for the next session to arrive and permanently compares the IMSI/MSISDN/IMEI
to the LI monitoring list. If a match is found then the IRI and CC will be forwarded to the
MF/DF.
In case more than one target Identity (say IMSI, MSISDN, IMEI of same mobile
subscriber) are provisioned for the same call then only one set of information will be
forwarded to the DF.
The no lawful-intercept CLI command is used to stop interception.

Event Delivery Interface (X2): This is a proprietary interface called X2 interface. The
following information is transferred to the DF2 entity over the X2 interface:

target identity (MSISDN, IMSI, IMEI)

events and associated parameters as defined in the standard

the target location (if available)

Correlation number

Content Delivery Interface (X3): This is a proprietary interface called X3 interface. If


the content delivery is enabled while provisioning then the intercepted data will be
forwarded to the DF3. The intercepted data will be prefixed with the Intercept Header.
This will be packed into a UDP packet and sent to DF3 using IP interface. The GGSN
Correlation ID will be used to map the CC to the corresponding IRI. GGSN Correlation
Id is a unique number formed using the Charging ID and GGSN GTPC IP Address (4
bytes).
The LI header contains the following information:

3-7

Lawful Intercept with GGSN/HA Service

Intercept-id (DF assigns during provisioning): It is of 32 bit length in network byte


order and configured during provisioning.

Timestamp: It is of 64 bit length in network byte order and represents NTP


timestamps represented as a 64-bit fixed-point number, in seconds relative to
00:00:00 UTC on 1 January 1900.

Session Number: It is of 32 bit length in network byte order. This is a unique


session-number locally assigned by the AGW for the data stream being monitored.
This may be useful when an intercept provisioned matches multiple sessions in the
system. This will be same across all the PDP contexts of the UE.

Sequence Number: It is of 32 bit length in network byte order. Sequence number is an


incremental counter for each PDP context of the UE starting from 0. This is reset to 0
on node software task restart and wrapped around to 255 on reaching 32 bit max
value

IP packet direction: Indicates the direction of the IP packet flow.

Correlation ID: It is of 32 bit length in network byte order. The GGSN Correlation Id
is a unique number formed using the Charging ID and GGSN GTPC IP Address.

For more information on supported interface specification, message and TLV format, and
attributes, refer GGSN Lawful Intercept Interface Specification.

3-8

How it Works with GGSN/HA Service

How it Works with GGSN/HA Service


The system, functioning as a GGSN and/or HA performs Camp-on Lawful Intercepts.
Camp-on intercepts stay provisioned and continue to intercept all sessions for the specified
MN until the intercept is deprovisioned.
This section discusses following procedures:

New Call Provisioning Operation

Existing Call Provisioning Operation

De-provisioning Operation Upon Intercept Duration Expiry

The following figure displays the network elements required to provide Camp-on LI support
for the system functioning as either a GGSN or an HA.
Administration
Function (ADMF)

Intercepting Control
Element (ICE)

GGSN/HA

Delivery
Function 2 (DF 2)

Law Enforcement
Monitoring Facility (LEMF)

Delivery
Function 3 (DF 3)

Figure 3-1 Network Elements Supporting Lawful Intercept

IMPORTANT
Note that DF 2 and DF 3 can be one in the same device though they are shown here as
separate logical devices.

3-9

Lawful Intercept with GGSN/HA Service

New Call Provisioning Operation


The following figure illustrates LI operation when provisioned for a session that has not yet
started.

GGSN/HA

ADMF

DF 2

LEMF

DF 3

1
2
3
4
5
6
7
8
9
10

Figure 3-2 Camp-on LI Provisioning Operation for New Calls

1 The Law Enforcement Monitoring Facility (LEMF) provisions the Administration Function
(ADMF) with information pertaining to a particular target, the type of information to be
collected, and the duration over which it is to be collected.
The type of information that can be collected is either call event (control messages), call
content (data), or both. Note that call event information is referred to as Intercept Related
Information (IRI) while call content is referred to as Content of Communication (CC).
In this example, both IRI and CC data is to be collected.
2 The ADMF provisions Delivery Function 2 (DF 2) with information pertaining to the target
to be lawfully intercepted and DF 2 returns an acknowledgement. Note that DF 2 is used for
intercepting only IRI data.
3 The ADMF provisions Delivery Function 3 (DF 3) with information pertaining to the target
to be lawfully intercepted and DF 3 returns an acknowledgement. Note that DF 3 is used for
intercepting only CC data.

3-10

How it Works with GGSN/HA Service

4 Through a Secure Shell (SSH) session, the ADMF connects to the GGSN/HA and
provisions the lawful interception of target information. The provision request includes the
target identity (IMSI, MSISDN, IMEI), the type of information to be collected, and the IP
addresses of DF 2 and DF 3.
The GGSN/HA returns an acknowledgement to the ADMF indicating that the target is
inactive.
5 The ADMF responds to the LEMF acknowledging the provision request.
6 The GGSN/HA receives a session setup request from the target and initiates the process of
establishing the session.
7 The GGSN/HA sends IRI information pertaining to the targets session to DF 2. The
GGSN/HA provides a correlation identification number specific to the interception for the
target. This information is used by the LEMF to tie the intercepted IRI to the intercepted
CC.
8 DF 2 forwards the information to the LEMF.
9 The GGSN/HA sends CC information pertaining to the targets session to DF 3. The
GGSN/HA provides a correlation identification number specific to the interception for the
target.
10 DF 3 forwards the information to the LEMF.

3-11

Lawful Intercept with GGSN/HA Service

Existing Call Provisioning Operation


The following figure illustrates LI operation when provisioned for a session that is already
in progress.

GGSN/HA

ADMF

DF 2

LEMF

DF 3

1
2
3
4
5
6
7
8
9
10

Figure 3-3 Camp-on LI Provisioning Operation for Existing Calls

1 The GGSN/HA establish a subscriber session.


2 The LEMF provisions the ADMF with information pertaining to a particular target, the type
of information to be collected, and the duration over which it is to be collected.
The type of information that can be collected is either call event (IRI), call content (CC), or
both.
In this example, both IRI and CC data is to be collected.
3 The ADMF provisions DF 2 with information pertaining to the target to be lawfully
intercepted and DF 2 returns an acknowledgement. Note that DF 2 is used for intercepting
only IRI data.
4 The ADMF provisions DF 3 with information pertaining to the target to be lawfully
intercepted and DF 3 returns an acknowledgement. Note that DF 3 is used for intercepting
only CC data.

3-12

How it Works with GGSN/HA Service

5 Through an SSH session, the ADMF connects to the GGSN/HA and provisions the lawful
interception of target information. The provision request includes the target identity (IMSI,
MSISDN, IMEI), the type of information to be collected, and the IP addresses of DF 2 and
DF 3.
The GGSN/HA returns an acknowledgement to the ADMF indicating that the target is
active.
6 The ADMF responds to the LEMF acknowledging the provision request.
7 The GGSN/HA sends IRI information pertaining to the targets session to DF 2. The
GGSN/HA provides a correlation identification number specific to the interception for the
target. This information is used by the LEMF to tie the intercepted IRI to the intercepted
CC.
8 DF 2 forwards the information to the LEMF.
9 The GGSN/HA sends CC information pertaining to the targets session to DF 3. The
GGSN/HA provides a correlation identification number specific to the interception for the
target.
10 DF 3 forwards the information to the LEMF.

3-13

Lawful Intercept with GGSN/HA Service

De-provisioning Operation Upon Intercept Duration Expiry


Law Enforcement Agencies are generally given a fixed amount of time to perform Lawful
Intercepts. The following scenario describes the deprovisioning of an LI.
The following figure describes de-provisioning Camp-on LI functionality upon the
expiration of the legal intercept period.

GGSN/HA

ADMF

DF 2

DF 3

LEMF

1
2
3
4
5

Figure 3-4 Camp-on LI De-provisioning Operation Upon Intercept Duration Expiry

1 The LEMF de-provisions the ADMF from intercepting information for a particular target.
2 The ADMF de-provisions DF 2 for the target specified by the LEMF. DF 2 returns an
acknowledgement to the ADMF.
3 The ADMF de-provisions DF 3 for the target specified by the LEMF. DF 3 returns an
acknowledgement to the ADMF.
4 Through a Secure Shell (SSH) session, the ADMF connects to the GGSN/HA and
de-provisions it. The GGSN/HA returns an acknowledgement to the ADMF indicating that
the target is inactive.
5 The ADMF responds to the LEMF acknowledging the provision request.

3-14

Configuring Lawful Intercept Functionality on GGSN/HA

Configuring Lawful Intercept Functionality on GGSN/HA


This section provides a high-level series of steps and the associated configuration examples
for configuring the system with Lawful Intercept functionality on GGSN/HA in
GPRS/UMTS network.
IMPORTANT
This section provides the minimum instruction set for configuring an GGSN/HA service
that allows the system to provide Lawful Intercept support. Commands that configure
additional Lawful Intercept properties are provided in the GGSN Lawful Intercept Interface
Specification and Command Line Interface Reference.

These instructions assume that you have already configured the system level configuration
as described in GGSN Administration Guide.
To configure the Lawful Intercept feature on a GGSN/HA service:
1 Configure LI context interface and generate SSH key by applying the example
configuration in the LI Context and Interface Configuration section.
2 Configure the IP header of the content of event delivery message by applying the example
configuration in the IP Header Configuration for LI Messages section.
3 Create the Lawful Intercept administrative user account by applying the example
configuration in the LI Administrative User Account Configuration section.
4 Login to DF through SSH session and provision the Lawful Intercept in GGSN/HA service
by applying the example configuration in the Provisioning the Lawful Intercept on
GGSN/HA section.
5 Verify your Lawful Intercept configuration by following the steps in the Verifying LI
Configuration section.
6 Save your configuration as described in the Saving Your Configuration chapter.

LI Context and Interface Configuration


IMPORTANT
LI administrative users must only access the system using the Secure Shell (SSH) protocol.
Configuring the SSH server is described under Service Configuration section in the GGSN
Administration Guide.

This section provides the configuration example to configure the LI context, SSH key, and
interface profile in a context:
configure
context <li_context_name> [-noconfirm]
interface <li_interface>
ip address <li_ip_addr> <netmask>
exit

3-15

Lawful Intercept with GGSN/HA Service

ssh generate key


server sshd
end

Note:

The local management context should not be used to facilitate Lawful Intercept
functionality.

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is provisioned.

IP Header Configuration for LI Messages


This section describes the configuration of IP header for LI content or event delivery
message. The system transmits intercepted data as either content or event messages to the
Delivery Function server DF(s) over an Ethernet interface.
configure
context <li_context_name>
lawful-intercept src-ip-addr <source_IP_addr> <netmask>
end

Note:

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is configured and provisioned.

The IPv4 address <source_IP_addr> for this interface is the source address of the
GGSN/HA.

The LI-administrator can include the source-address in the IP header of the event
delivery or content delivery messages transmitted to the DF to provide a quick ID for
a specific intercept.

LI Administrative User Account Configuration


IMPORTANT
For security reasons, it is recommended that the LI Administrator accounts be created only
for use with Lawful Intercept functionality and not for general system administration. Note
that only security administrators and administrators can provision Lawful Intercept. In
addition, to ensure security in accordance with the standards, LI administrative users must
only access the system using the Secure Shell (SSH) protocol.
Configuring the SSH server is described under Service Configuration section in the GGSN
Administration Guide.

This section provides the configuration example to configure the LI Administrative user
account in a context:
configure
context <li_context_name>
administrator <user_name> password <passwd> li-administration
end

3-16

Configuring Lawful Intercept Functionality on GGSN/HA

Note:

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is provisioned.

Provisioning the Lawful Intercept on GGSN/HA


After logging in as the LI-administrator by using ssh -l <li_admin_name>@context
command from DF, use the lawful-intercept command in the Exec mode to
configure or provision a lawful intercept instruction for the system.

<ggsn_ip>

These instructions assume that you are in SSH shell and at the root prompt in LI Context
<li_context_name>, which is already configured, at the Exec mode with following prompt
appearing:
[<li_context_name>]<host_name>#
lawful-intercept { imei <imei_string> | imsi <imsi_string> | msisdn
<msisdn_string>} [calltype {ggsn | ha | sgsn} [ li-context
<li_context_name>] intercept-id <num> content-delivery {none |
udp-unack-format-1 dest-addr <dest_IP_address> dest-port <UDP_port>}
event-delivery {none | udp-unack-format-1 dest-addr <dest_IP_address>
dest-port <UDP_port> | udp-ack-format-1 dest-addr <dest_IP_address>
dest-port <UDP_port>}

Note:

Command li-context <li_context_name> does not need to be specified when the


provisioning is done in the LI context. It needs to be specified, if the command is
executed in local or some other context. It could not be local management context.

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is configured and provisioned.

Specifying call type is not mandatory while provisioning on GGSN targets for any
type of event and content delivery format.

Verifying LI Configuration
1 Verify your configuration done for LI support by entering the following command in Exec
Mode:
show configuration

The following is an sample output of this command shows information saved in the LI
context configuration file:
banner lawful-intercept "LAWFUL INTERCEPT"
context li
lawful-intercept src-ip-addr 192.168.100.10
subscriber default
#exit
administrator liadmin encrypted password 5c4a3 li-administration
#exit
snmp engine-id local 800007e5809dd08c3e74e7373f

3-17

Lawful Intercept with GGSN/HA Service

end

IMPORTANT
For security reasons none of the information and parameter specified during configuring the
the Lawful Intercept feature are saved in configuration files and is not shown when the
show configuration command is executed.

3-18

Managing the Service

Managing the Service


This section describes how to manage and administer the LI feature on an GGSN/HA
service.
It includes following procedures:

Generating Event Logs

Gathering Statistics and Other Information

For more information on LI management and administration, refer Lawful Intercept


Interface Specification.

Generating Event Logs


There is an LI event facility and corresponding event logs are generated. These logs are only
visible to system administrative users with li-administrator privileges.
For more information on configuring and viewing logging, refer to Configuring and
Viewing System Logs in System Administration Guide.

Gathering Statistics and Other Information


Information and statistics can be viewed for Lawful Intercept functionality. This
information is only visible to system administrative users with li-administrator privileges.
1 Verify your currently provisioned intercepts. by entering the following command in Exec
Mode:
show lawful-intercept all

The output of this command is a concise listing of all Lawful Intercept contexts settings as
shown in the sample output displayed below.
+----- S - shows Status of the interception.
(A) active,
(I) inactive
|+---- P - shows Provisioning method.
(C) camp-on,
(A) active-only
||+--- T - shows call Type.
(P) PDSN, (H) HA, (L) LNS), (G) GGSN,
(S) SGSN
||| +- M - shows Mobile ID
(I) IMSI/MSID, (M) MSISDN
||| | Event delivery method ---------------------------------------------------+
||| | Content delivery method ------------------------------------------+
|
||| | Intercept ID ---------------------------------------+
|
|
vvv v
|
|
|
SPT M ID
USERNAME
IP
Int. ID
Cont.
Event
--- ------------------ ---------------------- --------------- -------- ------ ----ICG I 40427000000001
1
udp1
udp1
ICG M 919876543210
987
udp1
udp1
Total active lawfully intercepted calls 0
Total camp-on triggers 2

2 Display your GGSN/HA LI call related statistics by entering the following command in
Exec Mode:
show lawful-intercept statistics

The output of this command is a concise listing of LI related statistics and parameter
settings as shown in the sample output displayed below.

3-19

Lawful Intercept with GGSN/HA Service

Total currently active LI calls:


Total current camp-on triggers:
Total event packets sent:
Total intercepted content packet sent:
Total event packets dropped: (no tcp
connection with mediation)
Total intercepted content packets dropped:
(no tcp connection with mediation)
Total events packet sent (for currently
active LI calls)
Total content packet sent (for currently
active LI calls)
Total LI provisioning stats:
via active-only method
via camp-on method
Total LI provisioning failure stats:
li-context not configured
src-ip-addr not configured
src-ip-addr mis-configured
Total LI session termination stats
due to call-disconnect
due to context n/a
due to de-provisioning
Total LI sess recovery stats:
recovery performed

3-20

0
2
0
0
0
0
0
0

0
2
0
0
0
2
0
0
0

CHAPTER 4
LAWFUL INTERCEPT WITH PDSN/HA SERVICE

This chapter gives an overview of Lawful Intercept (LI) and its implementation in the
system. It also explains the procedure for configuring the system and executing lawful
intercepts of subscriber sessions. The PDSN Administration Guide provides examples and
procedures for configuration of basic services on the system. It is recommended that you
select the configuration example that best meets your service model, and configure the
required elements for that model, as described in the PDSN Administration Guide, before
using the procedures in this chapter.
IMPORTANT
Lawful Intercept is a license enabled feature. The basic Lawful Intercept license supports
Active Triggers and Camp-on, and provides limited IRI Event Delivery. You must purchase
and install an Enhanced Lawful Intercept license to have full functionality, which includes
Active Triggers, Camp-on, and Event Delivery with the option to configure UDP
acknowledgements.

This chapter discusses following for Lawful Intercept support:

Introduction

Supported Standards

Supported Networks and Platforms

Licenses

Functionality Support

How it Works with PDSN/HA Service

Configuring Lawful Intercept Functionality on PDSN/HA

Managing the Service

Lawful Intercept with PDSN/HA Service

Introduction
The system supports the lawful interception (LI) of subscriber session information. This
functionality provides Telecommunication Service Providers (TSPs) with a mechanism to
assist Law Enforcement Agencies (LEAs) in the monitoring of suspicious individuals
(referred to as targets) for potential criminal activity.
LEAs provide one or more TSPs with court orders or warrants requesting the monitoring of
a particular target. The target is identified by information such as their mobile station
identification (MSID) number, their name, assigned IP address, or their network access
identifier (NAI). In 3GPP networks this identification may be based on information such as
their mobile station Integrated Services Digital Network (MSISDN) number, or their
international mobile subscriber identification (IMSI) number.
Once the target has been identified, the system, functioning as either a core network service
or HA, serves as an access function (AF) and performs monitoring for both new data
sessions/PDP contexts or sessions/PDP contexts that are already in progress. While
monitoring, the system intercepts and duplicates session content/Content of
Communication (CC) and/or Intercept Related Information (IRI) and forwards it to a
delivery function (DF) over an extensible, proprietary interface. The DF, in turn, delivers
the intercepted content to one or more collection functions (CFs).
IMPORTANT
If the session recovery feature is enabled on the system and an intercepted session is
recovered all, LI monitoring information will be recovered with it and LI will be restarted.

4-2

Supported Standards

Supported Standards
The LI feature complies with the following standards for 3GPP wireless data services.

3GPP References

Other References

3GPP References

3GPP TS 33.106 V8.1.0 (2008-09): 3rd Generation Partnership Project; Technical


Specification Group Services and System Aspects; 3G security; Lawful Interception
requirements (Release 8)

3GPP TS 33.107 V8.5.0 (2008-09): 3rd Generation Partnership Project; Technical


Specification Group Services and System Aspects; 3G security; Lawful interception
architecture and functions (Release 8)

3GPP TS 33.108 V8.0.0 (2007-06): 3rd Generation Partnership Project; Technical


Specification Group Services and System Aspects; 3G security; Handover interface for
Lawful Interception (LI) (Release 8)

Other References
The following directives were referenced for the Starent Networks LI implementation:

TR-45 Lawfully Authorized Electronic Surveillance TIA/EIA J-STD-025 PN4465 RV


1.7

Technical Directive: Requirements for implementing statutory telecommunications


interception measures (TR TK), Version 4.0

4-3

Lawful Intercept with PDSN/HA Service

Supported Networks and Platforms


This feature supports all ST-series Multimedia Core Platforms with StarOS Release 7.0 or
later running PDSN service.

4-4

Licenses

Licenses
A separate feature license is required to enable this feature.
Depending of feature usage, apart from base PDSN and/or HA service license, any one of
the following license is required to enable this feature with PDSN/HA service:

Lawful Intercept - 600-00-7522

Enhanced Lawful Intercept - 600-00-7567, 600-00-8534 (includes basic Lawful


Intercept license)

For more information on license requirements for this feature, contact your local sales
representative.

4-5

Lawful Intercept with PDSN/HA Service

Functionality Support
This section describes the supported functions and interfaces on PDSN for LI.
The PDSN supports following functions for provisioning of both IRI and CC:

Provisioning of an Intercept from Delivery/Mediation Function

De-Provisioning of an Intercept from Delivery/Mediation Function

Delivery of intercepted Control/Data to the Delivery/Mediation Function.

Starent PDSN supports Subject Based Lawful Interception using IMSI, MSISDN as target
identity. The PDSN provides a proprietary interface to a 3rd party Mediation Function (MF)
or Delivery Function (DF).
For more information on supported interface specification, message and TLV format, and
attributes, refer PDSN Lawful Intercept Interface Specification.

4-6

How it Works with PDSN/HA Service

How it Works with PDSN/HA Service


The system, functioning as a PDSN and/or an HA can perform Active or Camp-on Lawful
Intercepts. Active intercepts are deprovisioned as soon as the intercepted session terminates.
Camp-on intercepts stay provisioned and continue to intercept all sessions for the specified
MN until the intercept is deprovisioned.
This section discusses following procedures:

New Call Provisioning Operation

Existing Call Provisioning Operation

De-provisioning Upon Call Termination

De-provisioning Upon Intercept Duration Expiry

The following figure displays the network elements required for the system, functioning as
either a PDSN or an HA, to provide Active LI support.
Access
Function (AF)
AAA Server

PDSN/HA

Administration
Function (ADMF)

Delivery
Function (DF)

Collection
Function (CF)

Figure 4-1 Network Elements Supporting Active Lawful Intercept

IMPORTANT
Note that the ADMF and DF can be one in the same device though they are shown here as
separate logical devices.

4-7

Lawful Intercept with PDSN/HA Service

The following figure displays the network elements required for the system, functioning as
either a PDSN and/or HA, to provide Camp-on LI support.

Figure 4-2 Network Elements Supporting Camp-on Lawful Intercept

IMPORTANT
Note that DF 2 and DF 3 can be one in the same device though they are shown here as
separate logical devices.

4-8

How it Works with PDSN/HA Service

New Call Provisioning Operation


The following figure and the text that follows describe the LI operation when provisioned
for a session that has not yet started.

AAA
Server

PDSN/HA

ADMF

DF

CF

1
2
3
4
5
6
7
8
9

Figure 4-3 Active LI Provisioning Operation for New Calls

1 The ADMF provisions the AAA server (used for call event notification) to send it
notification of a call event for a particular target session. The provision specifies
information to identify the target such as the targets MSID or IP address.
2 The AAA Server acknowledges the provisioning from the ADMF. In this example, since no
session exists for the target, the AAA server also notifies the ADMF that the target is
inactive.
3 The PDSN/HA sends a RADIUS Accounting Start message to the AAA server indicating
the start of a subscriber data session. The message includes relevant information about the
subscriber which causes the AAA server to recognize him or her as an intercept target.
4 The AAA server sends a message to the ADMF indicating a change in the state of the target
(i.e inactive to active).
5 The ADMF acknowledges the message in a response to the AAA server.
6 Through a Secure Shell (SSH) session, the ADMF connects to the PDSN/HA and
provisions the lawful interception of target information.
7 The PDSN/HA acknowledges the message in a response to the ADMF server.

4-9

Lawful Intercept with PDSN/HA Service

8 The PDSN/HA intercepts the targets data packets as directed and delivers them to the DF.
9 The DF passes the intercepted packets to a CF.
The following figure shows the systems Camp-on LI operation when provisioned for a
session that has not yet started.

Figure 4-4 Camp-on LI Provisioning Operation for New Calls

1 The Law Enforcement Monitoring Facility (LEMF) provisions the Administration Function
(ADMF) with information pertaining to a particular target, the type of information to be
collected, and the duration over which it is to be collected.
The type of information that can be collected is either call event (control messages), call
content (data), or both. Note that call event information is referred to as Intercept Related
Information (IRI) while call content is referred to as Content of Communication (CC).
In this example, both IRI and CC data is to be collected.
2 The ADMF provisions Delivery Function 2 (DF 2) with information pertaining to the target
to be lawfully intercepted and DF 2 returns an acknowledgement. Note that DF 2 is used for
intercepting only IRI data.

4-10

How it Works with PDSN/HA Service

3 The ADMF provisions Delivery Function 3 (DF 3) with information pertaining to the target
to be lawfully intercepted and DF 3 returns an acknowledgement. Note that DF 3 is used for
intercepting only CC data.
4 Through a Secure Shell (SSH) session, the ADMF connects to the PDSN/HA and
provisions the lawful interception of target information. The provision request includes the
target identity (the IMSI, and the MSISDN), the type of information to be collected, and the
IP addresses of DF 2 and DF 3.
The PDSN/HA returns an acknowledgement to the ADMF indicating that the target is
inactive.
5 The ADMF responds to the LEMF acknowledging the provision request.
6 The PDSN/HA receives a session setup request from the target and initiates the process of
establishing the session.
7 The PDSN/HA sends IRI information pertaining to the targets session to DF 2. The
PDSN/HA provides a correlation identification number specific to the interception for the
target. This information is used by the LEMF to tie the intercepted IRI to the intercepted
CC.
8 DF 2 forwards the information to the LEMF.
9 The PDSN/HA sends CC information pertaining to the targets session to DF 3. The
PDSN/HA provides a correlation identification number specific to the interception for the
target.
10 DF 3 forwards the information to the LEMF.

4-11

Lawful Intercept with PDSN/HA Service

Existing Call Provisioning Operation


The following figure describes the LI operation when provisioned for a session that is
already in progress.

AAA
Server

PDSN/HA

ADMF

CF

DF

2
3
4
5
6
7

Figure 4-5 Active LI Provisioning Operation for Existing Calls

1 The PDSN/HA sends a RADIUS Accounting Start message to the AAA server indicating
the start of a subscriber data session. The message includes relevant information about the
subscriber.
2 The ADMF provisions the AAA server (used for call event notification) to send it
notification of a call event for a particular target session. The provision specifies
information to identify the target such as the targets MSID or IP address.
3 The AAA Server acknowledges the provisioning from the ADMF. In this example, since the
session already exists for the target, the AAA server also notifies the ADMF that the target
is active.
4 Through an SSH session, the ADMF connects to the PDSN/HA and provisions the lawful
interception of target information.
5 The PDSN/HA acknowledges the message in a response to the ADMF server.
6 The PDSN/HA intercepts the targets data packets as directed and delivers them to the DF.
7 The DF passes the intercepted packets to a CF.
The following figure illustrates LI operation when provisioned for a session that is already
in progress.

4-12

How it Works with PDSN/HA Service

Figure 4-6 Camp-on LI Provisioning Operation for Existing Calls

1 The PDSN/HA establish a subscriber session.


2 The LEMF provisions the ADMF with information pertaining to a particular target, the type
of information to be collected, and the duration over which it is to be collected.
The type of information that can be collected is either call event (IRI), call content (CC), or
both.
In this example, both IRI and CC data is to be collected.
3 The ADMF provisions DF 2 with information pertaining to the target to be lawfully
intercepted and DF 2 returns an acknowledgement. Note that DF 2 is used for intercepting
only IRI data.
4 The ADMF provisions DF 3 with information pertaining to the target to be lawfully
intercepted and DF 3 returns an acknowledgement. Note that DF 3 is used for intercepting
only CC data.
5 Through an SSH session, the ADMF connects to the PDSN/HA and provisions the lawful
interception of target information. The provision request includes the target identity (the
IMSI, and the MSISDN), the type of information to be collected, and the IP addresses of DF
2 and DF 3.

4-13

Lawful Intercept with PDSN/HA Service

The PDSN/HA returns an acknowledgement to the ADMF indicating that the target is
active.
6 The ADMF responds to the LEMF acknowledging the provision request.
7 The PDSN/HA sends IRI information pertaining to the targets session to DF 2. The
PDSN/HA provides a correlation identification number specific to the interception for the
target. This information is used by the LEMF to tie the intercepted IRI to the intercepted
CC.
8 DF 2 forwards the information to the LEMF.
9 The PDSN/HA sends CC information pertaining to the targets session to DF 3. The
PDSN/HA provides a correlation identification number specific to the interception for the
target.
10 DF 3 forwards the information to the LEMF.

De-provisioning Upon Call Termination


The following figure describes de-provisioning LI functionality upon the termination of a
targets data session.

AAA
Server

PDSN/HA

ADMF

DF

CF

1
2
3
4
5

Figure 4-7 Active LI De-provisioning Operation Upon Call Termination

1 The PDSN/HA sends a RADIUS Accounting Stop message to the AAA server indicating
the termination of a targets data session. The message includes relevant information about
the target.
2 The AAA server sends a message to the ADMF indicating a change in the state of the target
(i.e active to inactive).
3 The ADMF acknowledges the message in a response to the AAA server.
4 Through an SSH session, the ADMF connects to the PDSN/HA and de-provisions the
lawful intercept functionality for the target.

4-14

How it Works with PDSN/HA Service

5 The PDSN/HA acknowledges the message in a response to the ADMF server.

De-provisioning Upon Intercept Duration Expiry


Law Enforcement agencies are generally given a fixed amount of time to perform Lawful
Intercepts. The following scenarios describe the deprovisioning of an Active LI through an
AAA server and a Camp-on LI.
The following figure describes de-provisioning Active LI functionality upon the expiration
of the legal intercept period.

PDSN/HA

AAA
Server

ADMF

DF

CF

1
2
3
4

Figure 4-8 LI De-provisioning Operation Upon Intercept Duration Expiry

1 The ADMF de-provisions the target at the AAA server. The de-provisioning request
specifies information to identify the target such as the targets MSID or IP address.
2 The AAA Server acknowledges the request from the ADMF.
3 Through an SSH session, the ADMF connects to the PDSN/HA and de-provisions the
lawful intercept functionality.
4 The PDSN/HA acknowledges the message in a response to the ADMF server.
The following figure describes de-provisioning Camp-on LI functionality upon the
expiration of the legal intercept period.

4-15

Lawful Intercept with PDSN/HA Service

Figure 4-9 Camp-on LI De-provisioning Operation Upon Intercept Duration Expiry

1 The LEMF de-provisions the ADMF from intercepting information for a particular target.
2 The ADMF de-provisions DF 2 for the target specified by the LEMF. DF 2 returns an
acknowledgement to the ADMF.
3 The ADMF de-provisions DF 3 for the target specified by the LEMF. DF 3 returns an
acknowledgement to the ADMF.
4 Through a Secure Shell (SSH) session, the ADMF connects to the PDSN/HA and
de-provisions it. The PDSN/HA returns an acknowledgement to the ADMF indicating that
the target is inactive.
5 The ADMF responds to the LEMF acknowledging the provision request.

4-16

Configuring Lawful Intercept Functionality on PDSN/HA

Configuring Lawful Intercept Functionality on PDSN/HA


This section provides a high-level series of steps and the associated configuration examples
for configuring the system with Lawful Intercept functionality on PDSN/HA in 3GPP2
network.
IMPORTANT
This section provides the minimum instruction set for configuring an PDSN/HA service that
allows the system to provide Lawful Intercept support. Commands that configure additional
Lawful Intercept properties are provided in the PDSN Lawful Intercept Interface
Specification and Command Line Interface Reference.

These instructions assume that you have already configured the system level configuration
as described in PDSN Administration Guide.
To configure the Lawful Intercept feature on a PDSN/HA service:
1 Configure LI context interface and generate SSH key by applying the example
configuration in the LI Context and Interface Configuration section.
2 Configure the IP header of the content of event delivery message and other attributes, i.e.
base station id, by applying the example configuration in the IP Header Configuration for
LI Messages section.
3 Create the Lawful Intercept administrative user account by applying the example
configuration in the LI Administrative User Account Configuration section.
4 Login to DF through SSH session using SSH key and configure PacketCable-based DF
setup and content delivery for the Lawful Intercept in PDSN/HA service by applying the
example configuration in the Configuring PacketCable DF Setup and Lawful Intercept on
PDSN/HA section.
5 Login to DF through SSH session and provision the Lawful Intercept in PDSN/HA service
by applying the example configuration in the Provisioning the Lawful Intercept on
PDSN/HA section.
6 Verify your Lawful Intercept configuration by following the steps in the Verifying LI
Configuration section.
7 Save your configuration as described in the Saving Your Configuration chapter.

LI Context and Interface Configuration


IMPORTANT
LI administrative users must only access the system using the Secure Shell (SSH) protocol.
Configuring the SSH server is described under Service Configuration section in the PDSN
Administration Guide.

This section provides the configuration example to configure the LI context, SSH key, and
interface profile in a context:

4-17

Lawful Intercept with PDSN/HA Service

configure
context <li_context_name> [-noconfirm]
interface <li_interface>
ip address <li_ip_addr> <netmask>
exit
ssh generate key
server sshd
end

Note:

The local management context should not be used to facilitate Lawful Intercept
functionality.

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is provisioned.

IP Header Configuration for LI Messages


This section describes the configuration of IP header for LI content or event delivery
message with event attribute. The system transmits intercepted data as either content or
event messages to the Delivery Function server DF(s) over an Ethernet interface.
configure
context <li_context_name>
lawful-intercept src-ip-addr <source_IP_addr> <netmask>
lawful-intercept event-attributes bsid
end

Note:

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is configured and provisioned.

The IPv4 address <source_IP_addr> for this interface is the source address of the
PDSN/HA.

The LI-administrator can include the source-address in the IP header of the event
delivery or content delivery messages transmitted to the DF to provide a quick ID for
a specific intercept.

Base-station id can be included as event attribute in message.

LI Administrative User Account Configuration


IMPORTANT
For security reasons, it is recommended that the LI Administrator accounts be created only
for use with Lawful Intercept functionality and not for general system administration. Note
that only security administrators and administrators can provision Lawful Intercept. In
addition, to ensure security in accordance with the standards, LI administrative users must
only access the system using the Secure Shell (SSH) protocol.
Configuring the SSH server is described under Service Configuration section in the PDSN
Administration Guide.

4-18

Configuring Lawful Intercept Functionality on PDSN/HA

This section provides the configuration example to configure the LI Administrative user
account in a context:
configure
context <li_context_name>
administrator <user_name> password <passwd> li-administration
end

Note:

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is provisioned.

Configuring PacketCable DF Setup and Lawful Intercept on PDSN/HA


After logging in as the LI-administrator by using ssh -l <li_admin_name>@context
<pdsn_ip> command from DF, use the lawful-intercept command in the Exec mode to
configure or provision a lawful intercept instruction for the system.
These instructions assume that you are in SSH shell and at the root prompt in LI Context
<li_context_name>, which is already configured, at the Exec mode with following prompt
appearing:
[<li_context_name>]<host_name>#
lawful-intercept packet-cable content-delivery df-setup content-id <id>
calltype cscf dest-addr <ip_addr> dest-port <port> li-context <li_ctx>
lawful-intercept packet-cable content-delivery intercept-request
content-id <id> calltype cscf filter-spec src-ip-addr <ip_addr>

Note:

Command li-context <li_context_name> does not need to be specified when the


provisioning is done in the LI context. It needs to be specified, if the command is
executed in local or some other context. It could not be local management context.

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is configured and provisioned.

Provisioning the Lawful Intercept on PDSN/HA


After logging in as the LI-administrator by using ssh -l <li_admin_name>@context
<pdsn_ip> command from DF, use the lawful-intercept command in the Exec mode to
configure or provision a lawful intercept instruction for the system.
These instructions assume that you are in SSH shell and at the root prompt in LI Context
<li_context_name>, which is already configured, at the Exec mode with following prompt
appearing:
[<li_context_name>]<host_name>#
lawful-intercept {imsi <imsi_string> | msisdn <msisdn_string>} [calltype
{pdsn | ha | lns} [active-only] [allow-multiple-match] [ li-context
<li_context_name>] intercept-id <num> content-delivery {none |

4-19

Lawful Intercept with PDSN/HA Service

udp-unack-format-1 dest-addr <dest_IP_address> dest-port <UDP_port>}


event-delivery {none | udp-unack-format-1 dest-addr <dest_IP_address>
dest-port <UDP_port> | udp-ack-format-1 dest-addr <dest_IP_address>
dest-port <UDP_port>}

Note:

Command li-context <li_context_name> does not need to be specified when the


provisioning is done in the LI context. It needs to be specified, if the command is
executed in local or some other context. It could not be local management context.

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is configured and provisioned.

Verifying LI Configuration
1 Verify your configuration done for LI support by entering the following command in Exec
Mode:
show configuration

The following is an sample output of this command shows information saved in the LI
context configuration file:
banner lawful-intercept "LAWFUL INTERCEPT"
context li
lawful-intercept src-ip-addr 192.168.100.10
subscriber default
#exit
administrator liadmin encrypted password 5c4a3 li-administration
#exit
snmp engine-id local 800007e5809dd08c3e74e7373f
end

IMPORTANT
For security reasons none of the information and parameter specified during configuring the
the Lawful Intercept feature are saved in configuration files and is not shown when the
show configuration command is executed.

4-20

Managing the Service

Managing the Service


This section describes how to manage and administer the LI feature on an PDSN/HA
service.
It includes following procedures:

Generating Event Logs

Gathering Statistics and Other Information

For more information on LI management and administration, refer Lawful Intercept


Interface Specification.

Generating Event Logs


There is an LI event facility and corresponding event logs are generated. These logs are only
visible to system administrative users with li-administrator privileges.
For more information on configuring and viewing logging, refer to Configuring and
Viewing System Logs in System Administration Guide.

Gathering Statistics and Other Information


Information and statistics can be viewed for Lawful Intercept functionality. This
information is only visible to system administrative users with li-administrator privileges.
1 Verify your currently provisioned intercepts. by entering the following command in Exec
Mode:
show lawful-intercept all

The output of this command is a concise listing of all Lawful Intercept contexts settings as
shown in the sample output displayed below.
+----- S - shows Status of the interception. (A) active, (I) inactive
|+---- P - shows Provisioning method.
(C) camp-on, (A) active-only
||+--- T - shows call Type.
(P) PDSN, (H) HA, (L) LNS), (G) GGSN,
(S) SGSN
|||
Event delivery method ---------------------------------------------+
|||
Content delivery method ------------------------------------+
|
|||
Intercept ID
--------------------------------+
|
|
vvv
|
|
|
SPT MSID/IMSI
USERNAME
IP
Int. ID Cont. Event
--- --------------- ---------------------- --------------- -------- ------ ----AAP 0000012345
starent
10.0.0.16
12
udp1
none

2 Display your PDSN/HA LI call related statistics by entering the following command in
Exec Mode:
show lawful-intercept statistics

The output of this command is a concise listing of LI related statistics and parameter
settings as shown in the sample output displayed below.
Total currently active LI calls:
Total current camp-on triggers:
Total event packets sent:
Total intercepted content packet sent:

1
0
0
0

4-21

Lawful Intercept with PDSN/HA Service

Total event packets dropped: (no tcp


connection with mediation)
Total intercepted content packets dropped:
(no tcp connection with mediation)
Total events packet sent (for currently
active LI calls)
Total content packet sent (for currently
active LI calls)
Total LI provisioning stats:
via active-only method
via camp-on method
Total LI provisioning failure stats:
li-context not configured
src-ip-addr not configured
src-ip-addr mis-configured
Total LI session termination stats
due to call-disconnect
due to context n/a
due to de-provisioning
Total LI sess recovery stats:
recovery performed

4-22

0
0
1
1

1
0
0
0
0
0
0
0
0

CHAPTER 5
LAWFUL INTERCEPT WITH PDN GATEWAY SERVICE

This chapter gives an overview of Lawful Intercept (LI) and its implementation in the GTP
and P-MIP PDN Gateway node in LTE network. It also explains the procedure for
configuring the system and executing lawful intercepts of subscriber sessions. The PDN
Gateway Administration Guide provides examples and procedures for configuration of
basic services on the system. It is recommended that you select the configuration example
that best meets your service model, and configure the required elements for that model, as
described in the PDN Gateway Administration Guide, before using the procedures in this
chapter.
IMPORTANT
Lawful Intercept is a license enabled feature. The basic Lawful Intercept license supports
Active Triggers and Camp-on, and provides limited IRI Event Delivery. You must purchase
and install an Enhanced Lawful Intercept license to have full functionality, which includes
Active Triggers, Camp-on, and Event Delivery with the option to configure UDP
acknowledgements.

This chapter discusses following for Lawful Intercept support:

Introduction

Supported Standards

Supported Networks and Platforms

Licenses

Functionality Support

How it Works with P-GW Service

Configuring Lawful Intercept Functionality on P-GW

Managing the Service

Lawful Intercept with PDN Gateway Service

Introduction
The system supports the lawful interception (LI) of subscriber session information. This
functionality provides Telecommunication Service Providers (TSPs) with a mechanism to
assist Law Enforcement Agencies (LEAs) in the monitoring of suspicious individuals
(referred to as targets) for potential criminal activity.
LEAs provide one or more TSPs with court orders or warrants requesting the monitoring of
a particular target. The target is identified by information such as their mobile station
identification (MSID) number, their name, assigned IP address, or their network access
identifier (NAI). In 3GPP networks this identification may be based on information such as
their mobile station Integrated Services Digital Network (MSISDN) number, or their
international mobile subscriber identification (IMSI) number, or mobile equipment
identification (MIE) or user name.
Once the target has been identified, the system, functioning as either a core network service
or HA, serves as an access function (AF) and performs monitoring for both new data
sessions/bearer contexts or sessions/bearer contexts that are already in progress. While
monitoring, the system intercepts and duplicates session content/Content of
Communication (CC) and/or Intercept Related Information (IRI) and forwards it to a
delivery function (DF) over an extensible, proprietary interface. The DF, in turn, delivers
the intercepted content to one or more collection functions (CFs).
Note that when a target in 3GPP network establishes multiple simultaneous bearer contexts,
the system intercepts CC and IRI for each of them.
For the P-GW, the following IRI events are collected:

Bearer context activation

Bearer context de-activation

Bearer Context Modification

Start of interception with bearer context active

The following table displays the information that could be sent by the P-GW to the DF for
each of the events if it is available.

5-2

Introduction

Table 5-1 Information Provided per P-GW IRI Event


Supported P-GW IRI Events
Bearer Context
Activation

Bearer Context
Start of Interception
De-activation with Bearer Context Active

Observed MSISDN

Observed IMSI

Observed IMEI

P-GW Address (observed party)

Event type

Event Time

Event Date

Correlation Number

Access Point Name

Context Type

Network Element Identifier

Local Information

Failed Context Activation Reason

IAs (if applicable)

Information Provided

IMPORTANT
If the session recovery feature is enabled on the system and an intercepted session is
recovered all, LI monitoring information will be recovered with it and LI will be restarted.

5-3

Lawful Intercept with PDN Gateway Service

Supported Standards
The LI feature complies with the following standards for 3GPP wireless data services.

3GPP References

Other References

3GPP References

3GPP TS 33.106 V8.1.0 (2008-03): 3rd Generation Partnership Project; Technical


Specification Group Services and System Aspects; 3G security; Lawful Interception
requirements (Release 7)

3GPP TS 33.107 V8.6.0 (2008-12): 3rd Generation Partnership Project; Technical


Specification Group Services and System Aspects; 3G security; Lawful interception
architecture and functions (Release 6)

3GPP TS 23.401 V8.4.1 (2008-12): 3rd Generation Partnership Project; Technical


Specification Group Services and System Aspects; General Packet Radio Service
(GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network
(E-UTRAN) access (Release 8)

3GPP TS 29.276 V8.1.0 (2008-12): 3rd Generation Partnership Project; Technical


Specification Group Core Network and Terminals; 3GPP Evolved Packet System;
Optimized Handover Procedures and Protocols between E-UTRAN Access and
cdma2000 HRPD Access Stage 3 (Release 8)

3GPP TS 24.008 V8.4.0 (2008-12): 3rd Generation Partnership Project; Technical


Specification Group Core Network and Terminals; Mobile radio interface Layer 3
specification; Core network protocols; Stage 3 (Release 8)

Other References
The following directives were referenced for the Starent Networks LI implementation:

5-4

TR-45 Lawfully Authorized Electronic Surveillance TIA/EIA J-STD-025 PN4465 RV


1.7

Technical Directive: Requirements for implementing statutory telecommunications


interception measures (TR TK), Version 4.0

Supported Networks and Platforms

Supported Networks and Platforms


This feature supports all ST-series Multimedia Core Platforms with StarOS Release 9.0 or
later running P-GW service.

5-5

Lawful Intercept with PDN Gateway Service

Licenses
This feature is a base-feature support on LTE PDN Gateway service node and requires no
seperate license to enable this feature.

5-6

Functionality Support

Functionality Support
This section describes the supported functions and interfaces on P-GW for LI.
The P-GW supports following functions for provisioning of both IRI and CC:

Provisioning of an Intercept from Delivery/Mediation Function

De-Provisioning of an Intercept from Delivery/Mediation Function

Delivery of intercepted Control/Data to the Delivery/Mediation Function.

Starent P-GW supports Subject Based Lawful Interception using IMSI, MSISDN, MEI or
User Name as target identity. The P-GW provides a proprietary interface to a 3rd party
Mediation Function (MF) or Delivery Function (DF).
LI on Starent AGW uses the three main interfaces for Lawful Intercept:

Provisioning Interface (X1_1): This is a proprietary interface called X1_1 interface


corresponds to the command line interface over SSH session used by the ADMF. The
messages sent on the X1_1 interface include target identities (IMSI/MSISDN/MEI/User
name), the information whether CC will be provided and the address of DF2 and DF3
delivery function entities.
The lawful-intercept CLI command is used to start interception for a target identity.
Interception of only events (IRI) or events and data (IRI + CC) can be provisioned. The
status of provisioning will be immediately displayed.
If the provisioning was done while the call is active for that target identity then the
intercepted information will be forwarded to the DF immediately. Otherwise the system
waits for the next session to arrive and permanently compares the IMSI, MSISDN, MEI,
User name to the LI monitoring list. If a match is found then the IRI and CC will be
forwarded to the MF/DF.
In case more than one target Identity (say IMSI, MSISDN of same mobile subscriber,
MEI, user name) are provisioned for the same call then only one set of information will
be forwarded to the DF.
The no lawful-intercept CLI command is used to stop interception.

Event Delivery Interface (X2): This is a proprietary interface called X2 interface. The
following information is transferred to the DF2 entity over the X2 interface:

target identity (MSISDN, IMSI, MEI, User name)

events and associated parameters as defined in the standard

the target location (if available)

Correlation number

Content Delivery Interface (X3): This is a proprietary interface called X3 interface. If


the content delivery is enabled while provisioning then the intercepted data will be
forwarded to the DF3. The intercepted data will be prefixed with the Intercept Header.
This will be packed into a UDP packet and sent to DF3 using IP interface. The P-GW
Correlation ID will be used to map the CC to the corresponding IRI. P-GW Correlation
Id is a unique number formed using the Charging ID and P-GW IP Address.
The LI header contains the following information:

5-7

Lawful Intercept with PDN Gateway Service

Intercept-id (DF assigns during provisioning): It is of 32 bit length in network byte


order and configured during provisioning.

Timestamp: It is of 64 bit length in network byte order and represents NTP


timestamps represented as a 64-bit fixed-point number, in seconds relative to
00:00:00 UTC on 1 January 1900.

Session Number: It is of 32 bit length in network byte order. This is a unique


session-number locally assigned by the AGW for the data stream being monitored.
This may be useful when an intercept provisioned matches multiple sessions in the
system. This will be same across all the bearer contexts of the UE.

Sequence Number: It is of 32 bit length in network byte order. Sequence number is an


incremental counter for each bearer context of the UE starting from 0. This is reset to
0 on node software task restart and wrapped around to 255 on reaching 32 bit max
value

IP packet direction: Indicates the direction of the IP packet flow.

Correlation ID: It is of 32 bit length in network byte order. The P-GW Correlation Id
is a unique number formed using the Charging ID and P-GW IP Address.

For more information on supported interface specification, message and TLV format, and
attributes, refer PGW Lawful Intercept Interface Specification.

5-8

How it Works with P-GW Service

How it Works with P-GW Service


The system, functioning as a P-GW performs Camp-on Lawful Intercepts. Camp-on
intercepts stay provisioned and continue to intercept all sessions for the specified MN until
the intercept is deprovisioned.
This section discusses following procedures:

New Call Provisioning Operation

Existing Call Provisioning Operation

De-provisioning Operation Upon Intercept Duration Expiry

The following figure displays the network elements required to provide Camp-on LI support
for the system functioning as an P-GW.
Administration
Function (ADMF)

Intercepting Control
Element (ICE)

PDN Gateway

Delivery
Function 2 (DF 2)

Law Enforcement
Monitoring Facility (LEMF)

Delivery
Function 3 (DF 3)

Figure 5-1 Network Elements Supporting Lawful Intercept

IMPORTANT
Note that DF 2 and DF 3 can be one in the same device though they are shown here as
separate logical devices.

5-9

Lawful Intercept with PDN Gateway Service

New Call Provisioning Operation


The following figure illustrates LI operation when provisioned for a session that has not yet
started.

P-GW

ADMF

DF 2

LEMF

DF 3

1
2
3
4
5
6
7
8
9
10

Figure 5-2 Camp-on LI Provisioning Operation for New Calls

1 The Law Enforcement Monitoring Facility (LEMF) provisions the Administration Function
(ADMF) with information pertaining to a particular target, the type of information to be
collected, and the duration over which it is to be collected.
The type of information that can be collected is either call event (control messages), call
content (data), or both. Note that call event information is referred to as Intercept Related
Information (IRI) while call content is referred to as Content of Communication (CC).
In this example, both IRI and CC data is to be collected.
2 The ADMF provisions Delivery Function 2 (DF 2) with information pertaining to the target
to be lawfully intercepted and DF 2 returns an acknowledgement. Note that DF 2 is used for
intercepting only IRI data.
3 The ADMF provisions Delivery Function 3 (DF 3) with information pertaining to the target
to be lawfully intercepted and DF 3 returns an acknowledgement. Note that DF 3 is used for
intercepting only CC data.

5-10

How it Works with P-GW Service

4 Through a Secure Shell (SSH) session, the ADMF connects to the P-GW and provisions the
lawful interception of target information. The provision request includes the target identity
(the IMSI, MSISDN, MEI, User name), the type of information to be collected, and the IP
addresses of DF 2 and DF 3.
The P-GW returns an acknowledgement to the ADMF indicating that the target is inactive.
5 The ADMF responds to the LEMF acknowledging the provision request.
6 The P-GW receives a session setup request from the target and initiates the process of
establishing the session.
7 The P-GW sends IRI information pertaining to the targets session to DF 2. The P-GW
provides a correlation identification number specific to the interception for the target. This
information is used by the LEMF to tie the intercepted IRI to the intercepted CC.
8 DF 2 forwards the information to the LEMF.
9 The P-GW sends CC information pertaining to the targets session to DF 3. The P-GW
provides a correlation identification number specific to the interception for the target.
10 DF 3 forwards the information to the LEMF.

5-11

Lawful Intercept with PDN Gateway Service

Existing Call Provisioning Operation


The following figure illustrates LI operation when provisioned for a session that is already
in progress.

P-GW

ADMF

DF 2

LEMF

DF 3

1
2
3
4
5
6
7
8
9
10

Figure 5-3 Camp-on LI Provisioning Operation for Existing Calls

1 The P-GW establish a subscriber session.


2 The LEMF provisions the ADMF with information pertaining to a particular target, the type
of information to be collected, and the duration over which it is to be collected.
The type of information that can be collected is either call event (IRI), call content (CC), or
both.
In this example, both IRI and CC data is to be collected.
3 The ADMF provisions DF 2 with information pertaining to the target to be lawfully
intercepted and DF 2 returns an acknowledgement. Note that DF 2 is used for intercepting
only IRI data.
4 The ADMF provisions DF 3 with information pertaining to the target to be lawfully
intercepted and DF 3 returns an acknowledgement. Note that DF 3 is used for intercepting
only CC data.

5-12

How it Works with P-GW Service

5 Through an SSH session, the ADMF connects to the P-GW and provisions the lawful
interception of target information. The provision request includes the target identity (the
IMSI, MSISDN, MEI, User name), the type of information to be collected, and the IP
addresses of DF 2 and DF 3.
The P-GW returns an acknowledgement to the ADMF indicating that the target is active.
6 The ADMF responds to the LEMF acknowledging the provision request.
7 The P-GW sends IRI information pertaining to the targets session to DF 2. The P-GW
provides a correlation identification number specific to the interception for the target. This
information is used by the LEMF to tie the intercepted IRI to the intercepted CC.
8 DF 2 forwards the information to the LEMF.
9 The P-GW sends CC information pertaining to the targets session to DF 3. The P-GW
provides a correlation identification number specific to the interception for the target.
10 DF 3 forwards the information to the LEMF.

De-provisioning Operation Upon Intercept Duration Expiry


Law Enforcement Agencies are generally given a fixed amount of time to perform Lawful
Intercepts. The following scenario describes the deprovisioning of an LI.
The following figure describes de-provisioning Camp-on LI functionality upon the
expiration of the legal intercept period.

P-GW

ADMF

DF 2

DF 3

LEMF

1
2
3
4
5

Figure 5-4 Camp-on LI De-provisioning Operation Upon Intercept Duration Expiry

1 The LEMF de-provisions the ADMF from intercepting information for a particular target.
2 The ADMF de-provisions DF 2 for the target specified by the LEMF. DF 2 returns an
acknowledgement to the ADMF.

5-13

Lawful Intercept with PDN Gateway Service

3 The ADMF de-provisions DF 3 for the target specified by the LEMF. DF 3 returns an
acknowledgement to the ADMF.
4 Through a Secure Shell (SSH) session, the ADMF connects to the P-GW and de-provisions
it. The P-GW returns an acknowledgement to the ADMF indicating that the target is
inactive.
5 The ADMF responds to the LEMF acknowledging the provision request.

5-14

Configuring Lawful Intercept Functionality on P-GW

Configuring Lawful Intercept Functionality on P-GW


This section provides a high-level series of steps and the associated configuration examples
for configuring the system with Lawful Intercept functionality on P-GW in LTE/SAE
networks.
IMPORTANT
This section provides the minimum instruction set for configuring an P-GW service that
allows the system to provide Lawful Intercept support. Commands that configure additional
Lawful Intercept properties are provided in the PGW Lawful Intercept Interface
Specification and Command Line Interface Reference.

These instructions assume that you have already configured the system level configuration
as described in PGW Administration Guide.
To configure the Lawful Intercept feature on an P-GW service:
1 Configure LI context interface and generate SSH key by applying the example
configuration in the LI Context and Interface Configuration section.
2 Configure the LI policy for GTP P-GW by applying the example configuration in the LI
Policy Configuration section.
3 Configure the IP header of the content of event delivery message by applying the example
configuration in the IP Header Configuration for LI Messages section.
4 Create the Lawful Intercept administrative user account by applying the example
configuration in the LI Administrative User Account Configuration section.
5 Login to DF through SSH session and provision the Lawful Intercept in P-GW service by
applying the example configuration in the Provisioning the Lawful Intercept on P-GW
section.
6 Verify your Lawful Intercept configuration by following the steps in the Verifying LI
Configuration section.
7 Save your configuration as described in the Saving Your Configuration chapter.

LI Context and Interface Configuration


IMPORTANT
LI administrative users must only access the system using the Secure Shell (SSH) protocol.
Configuring the SSH server is described under Service Configuration section in the PDN
Gateway Administration Guide.

This section provides the configuration example to configure the LI context, SSH key, and
interface profile in a context:
configure
context <li_context_name> [-noconfirm]
interface <li_interface>

5-15

Lawful Intercept with PDN Gateway Service

ip address <li_ip_addr> <netmask>


exit
ssh generate key
server sshd
end

Note:

The local management context should not be used to facilitate Lawful Intercept
functionality.

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is provisioned.

LI Policy Configuration
This section describes the configuration of LI policy for P-GW LI.
configure
context <li_context_name>
lawful-intercept tcp application-heartbeat-messages timeout minutes
<dur_mins>
lawful-intercept tcp connection-retry-timer <dur_sec>
lawful-intercept tcp content-delivery dest-addr <dest_IP_addr>
dest-port <port>
lawful-intercept tcp event-delivery dest-addr <dest_IP_addr>
dest-port <port>
end

Note:

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is configured and provisioned.

The IPv4/IPv6 address <dest_IP_addr> for this interface is the destination address
of the LEA Delivery Function (DF).

The LI-administrator can include the source-address in the IP header of the event
delivery or content delivery messages transmitted to the DF to provide a quick ID for
a specific intercept.

IP Header Configuration for LI Messages


This section describes the configuration of IP header for LI content or event delivery
message. The system transmits intercepted data as either content or event messages to the
Delivery Function server DF(s) over an Ethernet interface.
configure
context <li_context_name>
lawful-intercept src-ip-addr <source_IP_addr> <netmask>
end

Note:

5-16

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is configured and provisioned.

The IPv4/IPv6 address <source_IP_addr> for this interface is the source address of
the P-GW.

Configuring Lawful Intercept Functionality on P-GW

The LI-administrator can include the source-address in the IP header of the event
delivery or content delivery messages transmitted to the DF to provide a quick ID for
a specific intercept.

LI Administrative User Account Configuration


IMPORTANT
For security reasons, it is recommended that the LI Administrator accounts be created only
for use with Lawful Intercept functionality and not for general system administration. Note
that only security administrators and administrators can provision Lawful Intercept. In
addition, to ensure security in accordance with the standards, LI administrative users must
only access the system using the Secure Shell (SSH) protocol.
Configuring the SSH server is described under Service Configuration Section in the PDN
Gateway Administration Guide.

This section provides the configuration example to configure the LI Administrative user in a
context:
configure
context <li_context_name>
administrator <user_name> password <passwd> li-administration
end

Note:

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is provisioned.

Provisioning the Lawful Intercept on P-GW


After logging in as the LI-administrator by using ssh -l <li_admin_name>@context
command from DF, use the lawful-intercept command in the Exec mode to
configure or provision a lawful intercept instruction for the system.

<pgw_ip>

These instructions assume that you are in SSH shell and at the root prompt in LI Context
<li_context_name>, which is already configured, at the Exec mode with following prompt
appearing:

For GTP P-GW


[<li_context_name>]<host_name>#
lawful-intercept {mei <imei_string>| imsi <imsi_string> | msisdn
<msisdn_string> [calltype pgw [ li-context <li_context_name>]
intercept-id <num> content-delivery {none | tcp-format |
udp-unack-format-1 dest-addr <dest_IP_address> dest-port <UDP_port>}
event-delivery {none | tcp-format | udp-unack-format-1 dest-addr
<dest_IP_address> dest-port <UDP_port> | udp-ack-format-1 dest-addr
<dest_IP_address> dest-port <UDP_port>}

For P-MIP P-GW

5-17

Lawful Intercept with PDN Gateway Service

[<li_context_name>]<host_name>#
lawful-intercept {username <user_name_string> [calltype pgw [ li-context
<li_context_name>] intercept-id <num> content-delivery {none |
tcp-format | udp-unack-format-1 dest-addr <dest_IP_address> dest-port
<UDP_port>}
event-delivery {none | tcp-format | udp-unack-format-1 dest-addr
<dest_IP_address> dest-port <UDP_port> | udp-ack-format-1 dest-addr
<dest_IP_address> dest-port <UDP_port>}

Note:

Command li-context <li_context_name> does not need to be specified when the


provisioning is done in the LI context. It needs to be specified, if the command is
executed in local or some other context. It could not be local management context.

Keyword username <user_name_string> is used for P-MIP type of P-GW only.

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is configured and provisioned.

Specifying call type is not mandatory while provisioning on P-GW target for any
type of event and content delivery format.

Verifying LI Configuration
1 Verify your configuration done for LI support by entering the following command in Exec
Mode:
show configuration

The following is an sample output of this command shows information saved in the LI
context configuration file:
banner lawful-intercept "LAWFUL INTERCEPT"
context li
lawful-intercept src-ip-addr 192.168.100.10
subscriber default
#exit
administrator liadmin encrypted password 5c4a3 li-administration
#exit
snmp engine-id local 800007e5809dd08c3e74e7373f
end

IMPORTANT
For security reasons none of the information and parameter specified during configuring the
the Lawful Intercept feature are saved in configuration files and is not shown when the
show configuration command is executed.

5-18

Managing the Service

Managing the Service


This section describes how to manage and administer the LI feature on an P-GW service.
It includes following procedures:

Generating Event Logs

Gathering Statistics and Other Information

For more information on LI management and administration, refer Lawful Intercept


Interface Specification.

Generating Event Logs


There is an LI event facility and corresponding event logs are generated. These logs are only
visible to system administrative users with li-administrator privileges.
For more information on configuring and viewing logging, refer to Configuring and
Viewing System Logs in System Administration Guide.

Gathering Statistics and Other Information


Information and statistics can be viewed for Lawful Intercept functionality. This
information is only visible to system administrative users with li-administrator privileges.
1 Verify your currently provisioned intercepts. by entering the following command in Exec
Mode:
show lawful-intercept all

The output of this command is a concise listing of all Lawful Intercept contexts settings as
shown in the sample output displayed below.
+--------- S - Status of the interception (A) active (I) inactive
|+-------- P - Provisioning method
(C) camp-on (A) active-only (G) Gx
||+------- T - Call Type (P) PDSN (H) HA (L) LNS (G) GGSN (S) SGSN (F) PDIF
|||
(N) ASNGW (C) CSCF (X) PGW (W) SGN (M) MME
|||+------ R - Cscf Role (P) PROXY-CSCF (S) SERVING-CSCF (C) S-I-P-CSCF (N) Not Applicable
||||+----- E - Event delivery method (N) None (T) TCP (U) UDP (A) ActiveUDP (D) DialUDP
|||||+---- C - Content delivery method (N) None (T) TCP (U) UDP
|||||| +-- M - Mobile ID (I) IMSI/MSID (M) MSISDN (E) IMEI
|||||| |
|||||| |
Intercept ID ----------------------------------------+
vvvvvv v
|
SPTREC M ID
USERNAME
IP
Int.ID
------ ---------------- ---------------------- --------------- -------ICX-UU I 40427000000001
1
ICX-UU M 919876543210
987
ICX-UU E 35146640668100
100
Total active lawfully intercepted calls 0
Total camp-on triggers 3

2 Display your P-GW LI call related statistics by entering the following command in Exec
Mode:
show lawful-intercept statistics

The output of this command is a concise listing of LI related statistics and parameter
settings as shown in the sample output displayed below.

5-19

Lawful Intercept with PDN Gateway Service

Total currently active LI calls:


Total current camp-on triggers:
Total event packets sent:
Total intercepted content packet sent:
Total event packets dropped: (no tcp
connection with mediation)
Total intercepted content packets dropped:
(no tcp connection with mediation)
Total events packet sent (for currently
active LI calls)
Total content packet sent (for currently
active LI calls)
Total LI provisioning stats:
via active-only method
via camp-on method
Total LI provisioning failure stats:
li-context not configured
src-ip-addr not configured
src-ip-addr mis-configured
Total LI session termination stats
due to call-disconnect
due to context n/a
due to de-provisioning
Total LI sess recovery stats:
recovery performed

5-20

0
2
0
0
0
0
0
0

0
2
0
0
0
2
0
0
0

CHAPTER 6
LAWFUL INTERCEPT WITH SGSN SERVICE

This chapter gives an overview of Lawful Intercept (LI) and its implementation in the
system. It also explains the procedure for configuring the system and executing lawful
intercepts of subscriber sessions. The SGSN Administration Guide provides examples and
procedures for configuration of basic services on the system. It is recommended that you
select the configuration example that best meets your service model, and configure the
required elements for that model, as described in the SGSN Administration Guide, before
using the procedures in this chapter.
IMPORTANT
Lawful Intercept is a license enabled feature. The basic Lawful Intercept license supports
Active Triggers and Camp-on, and provides limited IRI Event Delivery. You must purchase
and install an Enhanced Lawful Intercept license to have full functionality, which includes
Active Triggers, Camp-on, and Event Delivery with the option to configure UDP
acknowledgements.

This chapter discusses following for Lawful Intercept support:

Introduction

Supported Standards

Supported Networks and Platforms

Licenses

Functionality Support

How it Works with SGSN Service

Configuring Lawful Intercept Functionality on SGSN

Managing the Service

Lawful Intercept with SGSN Service

Introduction
The system supports the lawful interception (LI) of subscriber session information. This
functionality provides Telecommunication Service Providers (TSPs) with a mechanism to
assist Law Enforcement Agencies (LEAs) in the monitoring of suspicious individuals
(referred to as targets) for potential criminal activity.
LEAs provide one or more TSPs with court orders or warrants requesting the monitoring of
a particular target. The target is identified by information such as their mobile station
identification (MSID) number, their name, assigned IP address, or their network access
identifier (NAI). In 3GPP networks this identification may be based on information such as
their mobile station Integrated Services Digital Network (MSISDN) number, or their
international mobile subscriber identification (IMSI) number.
Once the target has been identified, the system, functioning as either a core network service
or HA, serves as an access function (AF) and performs monitoring for both new data
sessions/PDP contexts or sessions/PDP contexts that are already in progress. While
monitoring, the system intercepts and duplicates session content/Content of
Communication (CC) and/or Intercept Related Information (IRI) and forwards it to a
delivery function (DF) over an extensible, proprietary interface. The DF, in turn, delivers
the intercepted content to one or more collection functions (CFs).
Note that when a target in 3GPP network establishes multiple simultaneous PDP contexts,
the system intercepts CC and IRI for each of them.
For the SGSN, the following IRI events are collected:

PDP context activation

PDP context de-activation

PDP Context Modification

Start of interception with PDP context active

The following table displays the information that could be sent by the SGSN to the DF for
each of the events if it is available.

6-2

Introduction

Table 6-1 Information Provided per SGSN IRI Event


Supported SGSN IRI Events
PDP Context
Activation

Information Provided

PDP Context
De-activation

Start of Interception
with PDP Context Active

Observed MSISDN

Observed IMSI

Observed IMEI

PDP Address (observed party)

Event type

Event Time

Event Date

Correlation Number

Access Point Name

PDP Type

Network Element Identifier

Local Information

Failed Context Activation Reason

IAs (if applicable)

IMPORTANT
If the session recovery feature is enabled on the system and an intercepted session is
recovered all, LI monitoring information will be recovered with it and LI will be restarted.

6-3

Lawful Intercept with SGSN Service

Supported Standards
The LI feature complies with the following standards for 3GPP wireless data services.

3GPP References

Other References

3GPP References

3GPP TS 33.106 V7.0.1 (2006-07): 3rd Generation Partnership Project; Technical


Specification Group Services and System Aspects; 3G security; Lawful Interception
requirements (Release 7)

3GPP TS 33.107 V6.4.0 (2006-07): 3rd Generation Partnership Project; Technical


Specification Group Services and System Aspects; 3G security; Lawful interception
architecture and functions (Release 6)

3GPP TS 33.108 v6.8.0 (2004-12): 3rd Generation Partnership Project; Technical


Specification Group Services and System Aspects; 3G security; Handover interface for
Lawful Interception (Release 6)

3GPP TS 33.108 V8.0.0 (2007-06): 3rd Generation Partnership Project; Technical


Specification Group Services and System Aspects; 3G security; Handover interface for
Lawful Interception (LI) (Release 8)

Other References
The following directives were referenced for the Starent Networks LI implementation:

6-4

TR-45 Lawfully Authorized Electronic Surveillance TIA/EIA J-STD-025 PN4465 RV


1.7

Technical Directive: Requirements for implementing statutory telecommunications


interception measures (TR TK), Version 4.0

Supported Networks and Platforms

Supported Networks and Platforms


This feature supports all ST-series Multimedia Core Platforms with StarOS Release 8.0 or
later running SGSN service.

6-5

Lawful Intercept with SGSN Service

Licenses
A separate feature license is required to enable this feature.
Depending of feature usage, apart from base SGSN service license, any one of the
following license is required to enable this feature with SGSN service:

Lawful Intercept - 600-00-7522

Enhanced Lawful Intercept - 600-00-7567, 600-00-8534 (includes basic Lawful


Intercept license)

For more information on license requirements for this feature, contact your local sales
representative.

6-6

Functionality Support

Functionality Support
This section describes the supported functions and interfaces on SGSN for LI.
The SGSN supports following functions for provisioning of both IRI and CC:

Provisioning of an Intercept from Delivery/Mediation Function

De-Provisioning of an Intercept from Delivery/Mediation Function

Delivery of intercepted Control/Data to the Delivery/Mediation Function.

Starent SGSN supports Subject Based Lawful Interception using IMSI, MSISDN as target
identity. The SGSN provides a proprietary interface to a 3rd party Mediation Function (MF)
or Delivery Function (DF).
LI on Starent AGW uses the three main interfaces for Lawful Intercept:

Provisioning Interface (X1_1): This is a proprietary interface called X1_1 interface


corresponds to the command line interface over SSH session used by the ADMF. The
messages sent on the X1_1 interface include target identities (IMSI/MSISDN), the
information whether CC will be provided and the address of DF2 and DF3 delivery
function entities.
The lawful-intercept CLI command is used to start interception for a target identity.
Interception of only events (IRI) or events and data (IRI + CC) can be provisioned. The
status of provisioning will be immediately displayed.
If the provisioning was done while the call is active for that target identity then the
intercepted information will be forwarded to the DF immediately. Otherwise the system
waits for the next session to arrive and permanently compares the IMSI, MSISDN to the
LI monitoring list. If a match is found then the IRI and CC will be forwarded to the
MF/DF.
In case more than one target Identity (say IMSI, MSISDN of same mobile subscriber)
are provisioned for the same call then only one set of information will be forwarded to
the DF.
The no lawful-intercept CLI command is used to stop interception.

Event Delivery Interface (X2): This is a proprietary interface called X2 interface. The
following information is transferred to the DF2 entity over the X2 interface:

target identity (MSISDN, IMSI)

events and associated parameters as defined in the standard

the target location (if available)

Correlation number

Content Delivery Interface (X3): This is a proprietary interface called X3 interface. If


the content delivery is enabled while provisioning then the intercepted data will be
forwarded to the DF3. The intercepted data will be prefixed with the Intercept Header.
This will be packed into a UDP packet and sent to DF3 using IP interface. The SGSN
Correlation ID will be used to map the CC to the corresponding IRI. SGSN Correlation
Id is a unique number formed using the Charging ID and SGSN GTPC IP Address (4
bytes).
The LI header contains the following information:

6-7

Lawful Intercept with SGSN Service

Intercept-id (DF assigns during provisioning): It is of 32 bit length in network byte


order and configured during provisioning.

Timestamp: It is of 64 bit length in network byte order and represents NTP


timestamps represented as a 64-bit fixed-point number, in seconds relative to
00:00:00 UTC on 1 January 1900.

Session Number: It is of 32 bit length in network byte order. This is a unique


session-number locally assigned by the AGW for the data stream being monitored.
This may be useful when an intercept provisioned matches multiple sessions in the
system. This will be same across all the PDP contexts of the UE.

Sequence Number: It is of 32 bit length in network byte order. Sequence number is an


incremental counter for each PDP context of the UE starting from 0. This is reset to 0
on node software task restart and wrapped around to 255 on reaching 32 bit max
value

IP packet direction: Indicates the direction of the IP packet flow.

Correlation ID: It is of 32 bit length in network byte order. The SGSN Correlation Id
is a unique number formed using the Charging ID and SGSN GTPC IP Address.

For more information on supported interface specification, message and TLV format, and
attributes, refer SGSN Lawful Intercept Interface Specification.

6-8

How it Works with SGSN Service

How it Works with SGSN Service


The system, functioning as a SGSN performs Camp-on Lawful Intercepts. Camp-on
intercepts stay provisioned and continue to intercept all sessions for the specified MN until
the intercept is deprovisioned.
This section discusses following procedures:

New Call Provisioning Operation

Existing Call Provisioning Operation

De-provisioning Operation Upon Intercept Duration Expiry

The following figure displays the network elements required to provide Camp-on LI support
for the system functioning as an SGSN.
Administration
Function (ADMF)

Intercepting Control
Element (ICE)

SGSN

Delivery
Function 2 (DF 2)

Law Enforcement
Monitoring Facility (LEMF)

Delivery
Function 3 (DF 3)

Figure 6-1 Network Elements Supporting Lawful Intercept

IMPORTANT
Note that DF 2 and DF 3 can be one in the same device though they are shown here as
separate logical devices.

6-9

Lawful Intercept with SGSN Service

New Call Provisioning Operation


The following figure illustrates LI operation when provisioned for a session that has not yet
started.

SGSN

ADMF

DF 2

LEMF

DF 3

1
2
3
4
5
6
7
8
9
10

Figure 6-2 Camp-on LI Provisioning Operation for New Calls

1 The Law Enforcement Monitoring Facility (LEMF) provisions the Administration Function
(ADMF) with information pertaining to a particular target, the type of information to be
collected, and the duration over which it is to be collected.
The type of information that can be collected is either call event (control messages), call
content (data), or both. Note that call event information is referred to as Intercept Related
Information (IRI) while call content is referred to as Content of Communication (CC).
In this example, both IRI and CC data is to be collected.
2 The ADMF provisions Delivery Function 2 (DF 2) with information pertaining to the target
to be lawfully intercepted and DF 2 returns an acknowledgement. Note that DF 2 is used for
intercepting only IRI data.
3 The ADMF provisions Delivery Function 3 (DF 3) with information pertaining to the target
to be lawfully intercepted and DF 3 returns an acknowledgement. Note that DF 3 is used for
intercepting only CC data.

6-10

How it Works with SGSN Service

4 Through a Secure Shell (SSH) session, the ADMF connects to the SGSN and provisions the
lawful interception of target information. The provision request includes the target identity
(the IMSI, and the MSISDN), the type of information to be collected, and the IP addresses
of DF 2 and DF 3.
The SGSN returns an acknowledgement to the ADMF indicating that the target is inactive.
5 The ADMF responds to the LEMF acknowledging the provision request.
6 The SGSN receives a session setup request from the target and initiates the process of
establishing the session.
7 The SGSN sends IRI information pertaining to the targets session to DF 2. The SGSN
provides a correlation identification number specific to the interception for the target. This
information is used by the LEMF to tie the intercepted IRI to the intercepted CC.
8 DF 2 forwards the information to the LEMF.
9 The SGSN sends CC information pertaining to the targets session to DF 3. The SGSN
provides a correlation identification number specific to the interception for the target.
10 DF 3 forwards the information to the LEMF.

6-11

Lawful Intercept with SGSN Service

Existing Call Provisioning Operation


The following figure illustrates LI operation when provisioned for a session that is already
in progress.

SGSN

ADMF

DF 2

LEMF

DF 3

1
2
3
4
5
6
7
8
9
10

Figure 6-3 Camp-on LI Provisioning Operation for Existing Calls

1 The SGSN establish a subscriber session.


2 The LEMF provisions the ADMF with information pertaining to a particular target, the type
of information to be collected, and the duration over which it is to be collected.
The type of information that can be collected is either call event (IRI), call content (CC), or
both.
In this example, both IRI and CC data is to be collected.
3 The ADMF provisions DF 2 with information pertaining to the target to be lawfully
intercepted and DF 2 returns an acknowledgement. Note that DF 2 is used for intercepting
only IRI data.
4 The ADMF provisions DF 3 with information pertaining to the target to be lawfully
intercepted and DF 3 returns an acknowledgement. Note that DF 3 is used for intercepting
only CC data.

6-12

How it Works with SGSN Service

5 Through an SSH session, the ADMF connects to the SGSN and provisions the lawful
interception of target information. The provision request includes the target identity (the
IMSI, and the MSISDN), the type of information to be collected, and the IP addresses of DF
2 and DF 3.
The SGSN returns an acknowledgement to the ADMF indicating that the target is active.
6 The ADMF responds to the LEMF acknowledging the provision request.
7 The SGSN sends IRI information pertaining to the targets session to DF 2. The SGSN
provides a correlation identification number specific to the interception for the target. This
information is used by the LEMF to tie the intercepted IRI to the intercepted CC.
8 DF 2 forwards the information to the LEMF.
9 The SGSN sends CC information pertaining to the targets session to DF 3. The SGSN
provides a correlation identification number specific to the interception for the target.
10 DF 3 forwards the information to the LEMF.

De-provisioning Operation Upon Intercept Duration Expiry


Law Enforcement Agencies are generally given a fixed amount of time to perform Lawful
Intercepts. The following scenario describes the deprovisioning of an LI.
The following figure describes de-provisioning Camp-on LI functionality upon the
expiration of the legal intercept period.

SGSN

ADMF

DF 2

DF 3

LEMF

1
2
3
4
5

Figure 6-4 Camp-on LI De-provisioning Operation Upon Intercept Duration Expiry

1 The LEMF de-provisions the ADMF from intercepting information for a particular target.
2 The ADMF de-provisions DF 2 for the target specified by the LEMF. DF 2 returns an
acknowledgement to the ADMF.

6-13

Lawful Intercept with SGSN Service

3 The ADMF de-provisions DF 3 for the target specified by the LEMF. DF 3 returns an
acknowledgement to the ADMF.
4 Through a Secure Shell (SSH) session, the ADMF connects to the SGSN and de-provisions
it. The SGSN returns an acknowledgement to the ADMF indicating that the target is
inactive.
5 The ADMF responds to the LEMF acknowledging the provision request.

6-14

Configuring Lawful Intercept Functionality on SGSN

Configuring Lawful Intercept Functionality on SGSN


This section provides a high-level series of steps and the associated configuration examples
for configuring the system with Lawful Intercept functionality on SGSN in GPRS/UMTS
networks.
IMPORTANT
This section provides the minimum instruction set for configuring an SGSN service that
allows the system to provide Lawful Intercept support. Commands that configure additional
Lawful Intercept properties are provided in the SGSN Lawful Intercept Interface
Specification and Command Line Interface Reference.

These instructions assume that you have already configured the system level configuration
as described in SGSN Administration Guide.
To configure the Lawful Intercept feature on an SGSN service:
1 Configure LI context interface and generate SSH key by applying the example
configuration in the LI Context and Interface Configuration section.
2 Configure the LI policy for SGSN by applying the example configuration in the LI Policy
Configuration section.
3 Configure the IP header of the content of event delivery message by applying the example
configuration in the IP Header Configuration for LI Messages section.
4 Optional. Configure the LI policy for SMS messages on SGSN by applying the example
configuration in the LI Policy Configuration for SMS section.
5 Create the Lawful Intercept administrative user account by applying the example
configuration in the LI Administrative User Account Configuration section.
6 Login to DF through SSH session and provision the Lawful Intercept in SGSN service by
applying the example configuration in the Provisioning the Lawful Intercept on SGSN
section.
7 Verify your Lawful Intercept configuration by following the steps in the Verifying LI
Configuration section.
8 Save your configuration as described in the Saving Your Configuration chapter.

LI Context and Interface Configuration


IMPORTANT
LI administrative users must only access the system using the Secure Shell (SSH) protocol.
Configuring the SSH server is described under Service Configuration section in the SGSN
Administration Guide.

This section provides the configuration example to configure the LI context, SSH key, and
interface profile in a context:

6-15

Lawful Intercept with SGSN Service

configure
context <li_context_name> [-noconfirm]
interface <li_interface>
ip address <li_ip_addr> <netmask>
exit
ssh generate key
server sshd
end

Note:

The local management context should not be used to facilitate Lawful Intercept
functionality.

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is provisioned.

LI Policy Configuration
This section describes the configuration of LI policy for SGSN LI.
configure
context <li_context_name>
lawful-intercept tcp application-heartbeat-messages timeout minutes
<dur_mins>
lawful-intercept hand-off-policy
send-start-intercept-with-pdp-active-iri
lawful-intercept reprovision-target-policy
resend-pdp-context-active-iri
lawful-intercept tcp connection-retry-timer <dur_sec>
lawful-intercept tcp content-delivery dest-addr <dest_IP_addr>
dest-port <port>
lawful-intercept tcp event-delivery dest-addr <dest_IP_addr>
dest-port <port>
lawful-intercept interception-point-policy sms-mo request-received
lawful-intercept interception-point-policy sms-mt request-received
lawful-intercept sms-content-policy exlude-content
end

Note:

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is configured and provisioned.

The IPv4 address <dest_IP_addr> for this interface is the destination address of the
LEA Delivery Function (DF).

The LI-administrator can include the source-address in the IP header of the event
delivery or content delivery messages transmitted to the DF to provide a quick ID for
a specific intercept.

IP Header Configuration for LI Messages


This section describes the configuration of IP header for LI content or event delivery
message. The system transmits intercepted data as either content or event messages to the
Delivery Function server DF(s) over an Ethernet interface.
configure

6-16

Configuring Lawful Intercept Functionality on SGSN

context <li_context_name>
lawful-intercept src-ip-addr <source_IP_addr> <netmask>
end

Note:

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is configured and provisioned.

The IPv4 address <source_IP_addr> for this interface is the source address of the
SGSN.

The LI-administrator can include the source-address in the IP header of the event
delivery or content delivery messages transmitted to the DF to provide a quick ID for
a specific intercept.

LI Policy Configuration for SMS


This section describes the configuration of LI policy for SMSs (mobile-originated and
mobile-terminated) on SGSN.
configure
context <li_context_name>
lawful-intercept interception-point-policy sms-mo request-received
lawful-intercept interception-point-policy sms-mt request-received
lawful-intercept sms-content-policy exlude-content
end

Note:

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is configured and provisioned.

LI Administrative User Account Configuration


IMPORTANT
For security reasons, it is recommended that the LI Administrator accounts be created only
for use with Lawful Intercept functionality and not for general system administration. Note
that only security administrators and administrators can provision Lawful Intercept. In
addition, to ensure security in accordance with the standards, LI administrative users must
only access the system using the Secure Shell (SSH) protocol.
Configuring the SSH server is described under Service Configuration Section in the SGSN
Administration Guide.

This section provides the configuration example to configure the LI Administrative user in a
context:
configure
context <li_context_name>
administrator <user_name> password <passwd> li-administration
end

Note:

6-17

Lawful Intercept with SGSN Service

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is provisioned.

Provisioning the Lawful Intercept on SGSN


After logging in as the LI-administrator by using ssh -l <li_admin_name>@context
<sgsn_ip> command from DF, use the lawful-intercept command in the Exec mode to
configure or provision a lawful intercept instruction for the system.
These instructions assume that you are in SSH shell and at the root prompt in LI Context
<li_context_name>, which is already configured, at the Exec mode with following prompt
appearing:
[<li_context_name>]<host_name>#
lawful-intercept {imei | imsi <imsi_string> | msisdn <msisdn_string>
[calltype sgsn [ li-context <li_context_name>] intercept-id <num>
content-delivery {none | tcp-format | udp-unack-format-1 dest-addr
<dest_IP_address> dest-port <UDP_port>}
event-delivery {none | tcp-format | udp-unack-format-1 dest-addr
<dest_IP_address> dest-port <UDP_port> | udp-ack-format-1 dest-addr
<dest_IP_address> dest-port <UDP_port>}

Note:

Command li-context <li_context_name> does not need to be specified when the


provisioning is done in the LI context. It needs to be specified, if the command is
executed in local or some other context. It could not be local management context.

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is configured and provisioned.

Specifying call type is not mandatory while provisioning on SGSN target for any
type of event and content delivery format.

Verifying LI Configuration
1 Verify your configuration done for LI support by entering the following command in Exec
Mode:
show configuration

The following is an sample output of this command shows information saved in the LI
context configuration file:
banner lawful-intercept "LAWFUL INTERCEPT"
context li
lawful-intercept src-ip-addr 192.168.100.10
subscriber default
#exit
administrator liadmin encrypted password 5c4a3 li-administration
#exit
snmp engine-id local 800007e5809dd08c3e74e7373f

6-18

Configuring Lawful Intercept Functionality on SGSN

end

IMPORTANT
For security reasons none of the information and parameter specified during configuring the
the Lawful Intercept feature are saved in configuration files and is not shown when the
show configuration command is executed.

6-19

Lawful Intercept with SGSN Service

Managing the Service


This section describes how to manage and administer the LI feature on an SGSN service.
It includes following procedures:

Generating Event Logs

Gathering Statistics and Other Information

For more information on LI management and administration, refer Lawful Intercept


Interface Specification.

Generating Event Logs


There is an LI event facility and corresponding event logs are generated. These logs are
only visible to system administrative users with li-administrator privileges.
For more information on configuring and viewing logging, refer to Configuring and
Viewing System Logs in System Administration Guide.

Gathering Statistics and Other Information


Information and statistics can be viewed for Lawful Intercept functionality. This
information is only visible to system administrative users with li-administrator privileges.
1 Verify your currently provisioned intercepts. by entering the following command in Exec
Mode:
show lawful-intercept all

The output of this command is a concise listing of all Lawful Intercept contexts settings as
shown in the sample output displayed below.
+----- S - shows Status of the interception.
(A) active,
(I) inactive
|+---- P - shows Provisioning method.
(C) camp-on,
(A) active-only
||+--- T - shows call Type.
(P) PDSN, (H) HA, (L) LNS), (G) GGSN,
(S) SGSN
||| +- M - shows Mobile ID
(I) IMSI/MSID, (M) MSISDN
||| | Event delivery method ---------------------------------------------------+
||| | Content delivery method ------------------------------------------+
|
||| | Intercept ID ---------------------------------------+
|
|
vvv v
|
|
|
SPT M ID
USERNAME
IP
Int. ID
Cont.
Event
--- ------------------ ---------------------- --------------- -------- ------ ----ICS I 40427000000001
1
udp1
udp1
ICS M 919876543210
987
udp1
udp1
Total active lawfully intercepted calls 0
Total camp-on triggers 2

2 Display your SGSN LI call related statistics by entering the following command in Exec
Mode:
show lawful-intercept statistics

The output of this command is a concise listing of LI related statistics and parameter
settings as shown in the sample output displayed below.
Total currently active LI calls:
Total current camp-on triggers:

6-20

0
2

Managing the Service

Total event packets sent:


Total intercepted content packet sent:
Total event packets dropped: (no tcp
connection with mediation)
Total intercepted content packets dropped:
(no tcp connection with mediation)
Total events packet sent (for currently
active LI calls)
Total content packet sent (for currently
active LI calls)
Total LI provisioning stats:
via active-only method
via camp-on method
Total LI provisioning failure stats:
li-context not configured
src-ip-addr not configured
src-ip-addr mis-configured
Total LI session termination stats
due to call-disconnect
due to context n/a
due to de-provisioning
Total LI sess recovery stats:
recovery performed

0
0
0
0
0
0

0
2
0
0
0
2
0
0
0

6-21

Lawful Intercept with SGSN Service

6-22

CHAPTER 7
LAWFUL INTERCEPT WITH SERVING GATEWAY
SERVICE

This chapter gives an overview of Lawful Intercept (LI) and its implementation in the GTP
Serving Gagteway node in LTE network. It also explains the procedure for configuring the
system and executing lawful intercepts of subscriber sessions. The Serving Gateway
Administration Guide provides examples and procedures for configuration of basic services
on the system. It is recommended that you select the configuration example that best meets
your service model, and configure the required elements for that model, as described in the
Serving Gateway Administration Guide, before using the procedures in this chapter.
IMPORTANT
Lawful Intercept is a license enabled feature. The basic Lawful Intercept license supports
Active Triggers and Camp-on, and provides limited IRI Event Delivery. You must purchase
and install an Enhanced Lawful Intercept license to have full functionality, which includes
Active Triggers, Camp-on, and Event Delivery with the option to configure UDP
acknowledgements.

This chapter discusses following for Lawful Intercept support:

Introduction

Supported Standards

Supported Networks and Platforms

Licenses

Functionality Support

How it Works with S-GW Service

Configuring Lawful Intercept Functionality on S-GW

Managing the Service

Lawful Intercept with Serving Gateway Service

Introduction
The system supports the lawful interception (LI) of subscriber session information. This
functionality provides Telecommunication Service Providers (TSPs) with a mechanism to
assist Law Enforcement Agencies (LEAs) in the monitoring of suspicious individuals
(referred to as targets) for potential criminal activity.
LEAs provide one or more TSPs with court orders or warrants requesting the monitoring of
a particular target. The target is identified by information such as their mobile station
identification (MSID) number, their name, assigned IP address, or their network access
identifier (NAI). In 3GPP networks this identification may be based on information such as
their mobile station Integrated Services Digital Network (MSISDN) number, or their
international mobile subscriber identification (IMSI), or mobile equipment identification
(MEI).
Once the target has been identified, the system, functioning as either a core network service
or HA, serves as an access function (AF) and performs monitoring for both new data
sessions/bearer contexts or sessions/bearer contexts that are already in progress. While
monitoring, the system intercepts and duplicates session content/Content of
Communication (CC) and/or Intercept Related Information (IRI) and forwards it to a
delivery function (DF) over an extensible, proprietary interface. The DF, in turn, delivers
the intercepted content to one or more collection functions (CFs).
Note that when a target in 3GPP network establishes multiple simultaneous bearer contexts,
the system intercepts CC and IRI for each of them.
For the S-GW, the following IRI events are collected:

Bearer context activation

Bearer context de-activation

Bearer context Modification

Start of interception with bearer context active

The following table displays the information that could be sent by the S-GW to the DF for
each of the events if it is available.

7-2

Introduction

Table 7-1 Information Provided per S-GWIRI Event


Supported S-GW IRI Events
Bearer Context
Activation

Bearer Context
Start of Interception
De-activation with Bearer Context Active

Observed MSISDN

Observed IMSI

Observed IMEI

S-GW Address (observed party)

Event type

Event Time

Event Date

Correlation Number

Access Point Name

Context Type

Network Element Identifier

Local Information

Failed Context Activation Reason

IAs (if applicable)

Information Provided

IMPORTANT
If the session recovery feature is enabled on the system and an intercepted session is
recovered all, LI monitoring information will be recovered with it and LI will be restarted.

7-3

Lawful Intercept with Serving Gateway Service

Supported Standards
The LI feature complies with the following standards for 3GPP wireless data services.

3GPP References

Other References

3GPP References

3GPP TS 33.106 V8.1.0 (2008-03): 3rd Generation Partnership Project; Technical


Specification Group Services and System Aspects; 3G security; Lawful Interception
requirements (Release 7)

3GPP TS 33.107 V8.6.0 (2008-12): 3rd Generation Partnership Project; Technical


Specification Group Services and System Aspects; 3G security; Lawful interception
architecture and functions (Release 6)

3GPP TS 23.401 V8.4.1 (2008-12): 3rd Generation Partnership Project; Technical


Specification Group Services and System Aspects; General Packet Radio Service
(GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network
(E-UTRAN) access (Release 8)

3GPP TS 29.276 V8.1.0 (2008-12): 3rd Generation Partnership Project; Technical


Specification Group Core Network and Terminals; 3GPP Evolved Packet System;
Optimized Handover Procedures and Protocols between E-UTRAN Access and
cdma2000 HRPD Access Stage 3 (Release 8)

3GPP TS 24.008 V8.4.0 (2008-12): 3rd Generation Partnership Project; Technical


Specification Group Core Network and Terminals; Mobile radio interface Layer 3
specification; Core network protocols; Stage 3 (Release 8)

Other References
The following directives were referenced for the Starent Networks LI implementation:

7-4

TR-45 Lawfully Authorized Electronic Surveillance TIA/EIA J-STD-025 PN4465 RV


1.7

Technical Directive: Requirements for implementing statutory telecommunications


interception measures (TR TK), Version 4.0

Supported Networks and Platforms

Supported Networks and Platforms


This feature supports all ST-series Multimedia Core Platforms with StarOS Release 9.0 or
later running S-GW service.

7-5

Lawful Intercept with Serving Gateway Service

Licenses
This feature is a base-feature support on LTE Serving Gateway service node and requires no
seperate license to enable this feature.

7-6

Functionality Support

Functionality Support
This section describes the supported functions and interfaces on S-GW for LI.
The S-GW supports following functions for provisioning of both IRI and CC:

Provisioning of an Intercept from Delivery/Mediation Function

De-Provisioning of an Intercept from Delivery/Mediation Function

Delivery of intercepted Control/Data to the Delivery/Mediation Function.

Starent S-GW supports Subject Based Lawful Interception using IMSI, MSISDN, and MEI
as target identity. The S-GW provides a proprietary interface to a 3rd party Mediation
Function (MF) or Delivery Function (DF).
LI on Starent AGW uses the three main interfaces for Lawful Intercept:

Provisioning Interface (X1_1): This is a proprietary interface called X1_1 interface


corresponds to the command line interface over SSH session used by the ADMF. The
messages sent on the X1_1 interface include target identities (IMSI/MSISDN/MEI), the
information whether CC will be provided and the address of DF2 and DF3 delivery
function entities.
The lawful-intercept CLI command is used to start interception for a target identity.
Interception of only events (IRI) or events and data (IRI + CC) can be provisioned. The
status of provisioning will be immediately displayed.
If the provisioning was done while the call is active for that target identity then the
intercepted information will be forwarded to the DF immediately. Otherwise the system
waits for the next session to arrive and permanently compares the IMSI, MSISDN, MEI
to the LI monitoring list. If a match is found then the IRI and CC will be forwarded to the
MF/DF.
In case more than one target Identity (say IMSI, MSISDN, MEI of same mobile
subscriber) are provisioned for the same call then only one set of information will be
forwarded to the DF.
The no lawful-intercept CLI command is used to stop interception.

Event Delivery Interface (X2): This is a proprietary interface called X2 interface. The
following information is transferred to the DF2 entity over the X2 interface:

target identity (MSISDN, IMSI, MEI)

events and associated parameters as defined in the standard

the target location (if available)

Correlation number

Content Delivery Interface (X3): This is a proprietary interface called X3 interface. If


the content delivery is enabled while provisioning then the intercepted data will be
forwarded to the DF3. The intercepted data will be prefixed with the Intercept Header.
This will be packed into a UDP packet and sent to DF3 using IP interface. The S-GW
Correlation ID will be used to map the CC to the corresponding IRI. S-GW Correlation
Id is a unique number formed using the Charging ID and S-GW IP Address.
The LI header contains the following information:

7-7

Lawful Intercept with Serving Gateway Service

Intercept-id (DF assigns during provisioning): It is of 32 bit length in network byte


order and configured during provisioning.

Timestamp: It is of 64 bit length in network byte order and represents NTP


timestamps represented as a 64-bit fixed-point number, in seconds relative to
00:00:00 UTC on 1 January 1900.

Session Number: It is of 32 bit length in network byte order. This is a unique


session-number locally assigned by the AGW for the data stream being monitored.
This may be useful when an intercept provisioned matches multiple sessions in the
system. This will be same across all the bearer contexts of the UE.

Sequence Number: It is of 32 bit length in network byte order. Sequence number is an


incremental counter for each bearer context of the UE starting from 0. This is reset to
0 on node software task restart and wrapped around to 255 on reaching 32 bit max
value

IP packet direction: Indicates the direction of the IP packet flow.

Correlation ID: It is of 32 bit length in network byte order. The S-GW Correlation Id
is a unique number formed using the Charging ID and S-GW IP Address.

For more information on supported interface specification, message and TLV format, and
attributes, refer Serving Lawful Intercept Interface Specification.

7-8

How it Works with S-GW Service

How it Works with S-GW Service


The system, functioning as a S-GW performs Camp-on Lawful Intercepts. Camp-on
intercepts stay provisioned and continue to intercept all sessions for the specified MN until
the intercept is deprovisioned.
This section discusses following procedures:

New Call Provisioning Operation

Existing Call Provisioning Operation

De-provisioning Operation Upon Intercept Duration Expiry

The following figure displays the network elements required to provide Camp-on LI support
for the system functioning as an S-GW.
Administration
Function (ADMF)

Intercepting Control
Element (ICE)

Serving Gateway

Delivery
Function 2 (DF 2)

Law Enforcement
Monitoring Facility (LEMF)

Delivery
Function 3 (DF 3)

Figure 7-1 Network Elements Supporting Lawful Intercept

IMPORTANT
Note that DF 2 and DF 3 can be one in the same device though they are shown here as
separate logical devices.

7-9

Lawful Intercept with Serving Gateway Service

New Call Provisioning Operation


The following figure illustrates LI operation when provisioned for a session that has not yet
started.

S-GW

ADMF

DF 2

LEMF

DF 3

1
2
3
4
5
6
7
8
9
10

Figure 7-2 Camp-on LI Provisioning Operation for New Calls

1 The Law Enforcement Monitoring Facility (LEMF) provisions the Administration Function
(ADMF) with information pertaining to a particular target, the type of information to be
collected, and the duration over which it is to be collected.
The type of information that can be collected is either call event (control messages), call
content (data), or both. Note that call event information is referred to as Intercept Related
Information (IRI) while call content is referred to as Content of Communication (CC).
In this example, both IRI and CC data is to be collected.
2 The ADMF provisions Delivery Function 2 (DF 2) with information pertaining to the target
to be lawfully intercepted and DF 2 returns an acknowledgement. Note that DF 2 is used for
intercepting only IRI data.
3 The ADMF provisions Delivery Function 3 (DF 3) with information pertaining to the target
to be lawfully intercepted and DF 3 returns an acknowledgement. Note that DF 3 is used for
intercepting only CC data.

7-10

How it Works with S-GW Service

4 Through a Secure Shell (SSH) session, the ADMF connects to the S-GW and provisions the
lawful interception of target information. The provision request includes the target identity
(the IMSI, and the MSISDN, MEI), the type of information to be collected, and the IP
addresses of DF 2 and DF 3.
The S-GW returns an acknowledgement to the ADMF indicating that the target is inactive.
5 The ADMF responds to the LEMF acknowledging the provision request.
6 The S-GW receives a session setup request from the target and initiates the process of
establishing the session.
7 The S-GW sends IRI information pertaining to the targets session to DF 2. The S-GW
provides a correlation identification number specific to the interception for the target. This
information is used by the LEMF to tie the intercepted IRI to the intercepted CC.
8 DF 2 forwards the information to the LEMF.
9 The S-GW sends CC information pertaining to the targets session to DF 3. The S-GW
provides a correlation identification number specific to the interception for the target.
10 DF 3 forwards the information to the LEMF.

7-11

Lawful Intercept with Serving Gateway Service

Existing Call Provisioning Operation


The following figure illustrates LI operation when provisioned for a session that is already
in progress.

S-GW

ADMF

DF 2

LEMF

DF 3

1
2
3
4
5
6
7
8
9
10

Figure 7-3 Camp-on LI Provisioning Operation for Existing Calls

1 The S-GW establish a subscriber session.


2 The LEMF provisions the ADMF with information pertaining to a particular target, the type
of information to be collected, and the duration over which it is to be collected.
The type of information that can be collected is either call event (IRI), call content (CC), or
both.
In this example, both IRI and CC data is to be collected.
3 The ADMF provisions DF 2 with information pertaining to the target to be lawfully
intercepted and DF 2 returns an acknowledgement. Note that DF 2 is used for intercepting
only IRI data.
4 The ADMF provisions DF 3 with information pertaining to the target to be lawfully
intercepted and DF 3 returns an acknowledgement. Note that DF 3 is used for intercepting
only CC data.

7-12

How it Works with S-GW Service

5 Through an SSH session, the ADMF connects to the S-GW and provisions the lawful
interception of target information. The provision request includes the target identity (the
IMSI, and the MSISDN, MEI), the type of information to be collected, and the IP addresses
of DF 2 and DF 3.
The S-GW returns an acknowledgement to the ADMF indicating that the target is active.
6 The ADMF responds to the LEMF acknowledging the provision request.
7 The S-GW sends IRI information pertaining to the targets session to DF 2. The S-GW
provides a correlation identification number specific to the interception for the target. This
information is used by the LEMF to tie the intercepted IRI to the intercepted CC.
8 DF 2 forwards the information to the LEMF.
9 The S-GW sends CC information pertaining to the targets session to DF 3. The S-GW
provides a correlation identification number specific to the interception for the target.
10 DF 3 forwards the information to the LEMF.

De-provisioning Operation Upon Intercept Duration Expiry


Law Enforcement Agencies are generally given a fixed amount of time to perform Lawful
Intercepts. The following scenario describes the deprovisioning of an LI.
The following figure describes de-provisioning Camp-on LI functionality upon the
expiration of the legal intercept period.

SGSN

ADMF

DF 2

DF 3

LEMF

1
2
3
4
5

Figure 7-4 Camp-on LI De-provisioning Operation Upon Intercept Duration Expiry

1 The LEMF de-provisions the ADMF from intercepting information for a particular target.
2 The ADMF de-provisions DF 2 for the target specified by the LEMF. DF 2 returns an
acknowledgement to the ADMF.

7-13

Lawful Intercept with Serving Gateway Service

3 The ADMF de-provisions DF 3 for the target specified by the LEMF. DF 3 returns an
acknowledgement to the ADMF.
4 Through a Secure Shell (SSH) session, the ADMF connects to the S-GW and de-provisions
it. The S-GW returns an acknowledgement to the ADMF indicating that the target is
inactive.
5 The ADMF responds to the LEMF acknowledging the provision request.

7-14

Configuring Lawful Intercept Functionality on S-GW

Configuring Lawful Intercept Functionality on S-GW


This section provides a high-level series of steps and the associated configuration examples
for configuring the system with Lawful Intercept functionality on S-GW in LTE/SAE
networks.
IMPORTANT
This section provides the minimum instruction set for configuring an S-GW service that
allows the system to provide Lawful Intercept support. Commands that configure additional
Lawful Intercept properties are provided in the GTP-SGW Lawful Intercept Interface
Specification and Command Line Interface Reference.

These instructions assume that you have already configured the system level configuration
as described in Serving Gateway Administration Guide.
To configure the Lawful Intercept feature on an S-GW service:
1 Configure LI context interface and generate SSH key by applying the example
configuration in the LI Context and Interface Configuration section.
2 Configure the LI policy for GTP S-GW by applying the example configuration in the LI
Policy Configuration section.
3 Configure the IP header of the content of event delivery message by applying the example
configuration in the IP Header Configuration for LI Messages section.
4 Create the Lawful Intercept administrative user account by applying the example
configuration in the LI Administrative User Account Configuration section.
5 Login to DF through SSH session and provision the Lawful Intercept in S-GW service by
applying the example configuration in the Provisioning the Lawful Intercept on S-GW
section.
6 Verify your Lawful Intercept configuration by following the steps in the Verifying LI
Configuration section.
7 Save your configuration as described in the Saving Your Configuration chapter.

LI Context and Interface Configuration


IMPORTANT
LI administrative users must only access the system using the Secure Shell (SSH) protocol.
Configuring the SSH server is described under Service Configuration section in the Serving
Gateway Administration Guide.

This section provides the configuration example to configure the LI context, SSH key, and
interface profile in a context:
configure
context <li_context_name> [-noconfirm]
interface <li_interface>

7-15

Lawful Intercept with Serving Gateway Service

ip address <li_ip_addr> <netmask>


exit
ssh generate key
server sshd
end

Note:

The local management context should not be used to facilitate Lawful Intercept
functionality.

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is provisioned.

LI Policy Configuration
This section describes the configuration of LI policy for S-GW LI.
configure
context <li_context_name>
lawful-intercept tcp application-heartbeat-messages timeout minutes
<dur_mins>
lawful-intercept tcp connection-retry-timer <dur_sec>
lawful-intercept tcp content-delivery dest-addr <dest_IP_addr>
dest-port <port>
lawful-intercept tcp event-delivery dest-addr <dest_IP_addr>
dest-port <port>
end

Note:

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is configured and provisioned.

The IPv4/IPv6 address <dest_IP_addr> for this interface is the destination address
of the LEA Delivery Function (DF).

The LI-administrator can include the source-address in the IP header of the event
delivery or content delivery messages transmitted to the DF to provide a quick ID for
a specific intercept.

IP Header Configuration for LI Messages


This section describes the configuration of IP header for LI content or event delivery
message. The system transmits intercepted data as either content or event messages to the
Delivery Function server DF(s) over an Ethernet interface.
configure
context <li_context_name>
lawful-intercept src-ip-addr <source_IP_addr> <netmask>
end

Note:

7-16

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is configured and provisioned.

The IPv4/IPv6 address <source_IP_addr> for this interface is the source address of
the S-GW.

Configuring Lawful Intercept Functionality on S-GW

The LI-administrator can include the source-address in the IP header of the event
delivery or content delivery messages transmitted to the DF to provide a quick ID for
a specific intercept.

LI Administrative User Account Configuration


IMPORTANT
For security reasons, it is recommended that the LI Administrator accounts be created only
for use with Lawful Intercept functionality and not for general system administration. Note
that only security administrators and administrators can provision Lawful Intercept. In
addition, to ensure security in accordance with the standards, LI administrative users must
only access the system using the Secure Shell (SSH) protocol.
Configuring the SSH server is described under Service Configuration Section in the Serving
Gateway Administration Guide.

This section provides the configuration example to configure the LI Administrative user in a
context:
configure
context <li_context_name>
administrator <user_name> password <passwd> li-administration
end

Note:

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is provisioned.

Provisioning the Lawful Intercept on S-GW


After logging in as the LI-administrator by using ssh -l <li_admin_name>@context
command from DF, use the lawful-intercept command in the Exec mode to
configure or provision a lawful intercept instruction for the system.

<sgw_ip>

These instructions assume that you are in SSH shell and at the root prompt in LI Context
<li_context_name>, which is already configured, at the Exec mode with following prompt
appearing:

For GTP S-GW


[<li_context_name>]<host_name>#
lawful-intercept {mei <imei_string>| imsi <imsi_string> | msisdn
<msisdn_string> [calltype sgw [ li-context <li_context_name>]
intercept-id <num> content-delivery {none | tcp-format |
udp-unack-format-1 dest-addr <dest_IP_address> dest-port <UDP_port>}
event-delivery {none | tcp-format | udp-unack-format-1 dest-addr
<dest_IP_address> dest-port <UDP_port> | udp-ack-format-1 dest-addr
<dest_IP_address> dest-port <UDP_port>}

Note:

7-17

Lawful Intercept with Serving Gateway Service

Command li-context <li_context_name> does not need to be specified when the


provisioning is done in the LI context. It needs to be specified, if the command is
executed in local or some other context. It could not be local management context.

The context name <li_context_name> is the name of the context in which Lawful
Intercept functionality is configured and provisioned.

Specifying call type is not mandatory while provisioning on S-GW target for any
type of event and content delivery format.

Verifying LI Configuration
1 Verify your configuration done for LI support by entering the following command in Exec
Mode:
show configuration

The following is an sample output of this command shows information saved in the LI
context configuration file:
banner lawful-intercept "LAWFUL INTERCEPT"
context li
lawful-intercept src-ip-addr 192.168.100.10
subscriber default
#exit
administrator liadmin encrypted password 5c4a3 li-administration
#exit
snmp engine-id local 800007e5809dd08c3e74e7373f
end

IMPORTANT
For security reasons none of the information and parameter specified during configuring the
the Lawful Intercept feature are saved in configuration files and is not shown when the
show configuration command is executed.

7-18

Managing the Service

Managing the Service


This section describes how to manage and administer the LI feature on an S-GW service.
It includes following procedures:

Generating Event Logs

Gathering Statistics and Other Information

For more information on LI management and administration, refer Lawful Intercept


Interface Specification.

Generating Event Logs


There is an LI event facility and corresponding event logs are generated. These logs are only
visible to system administrative users with li-administrator privileges.
For more information on configuring and viewing logging, refer to Configuring and
Viewing System Logs in System Administration Guide.

Gathering Statistics and Other Information


Information and statistics can be viewed for Lawful Intercept functionality. This
information is only visible to system administrative users with li-administrator privileges.
1 Verify your currently provisioned intercepts. by entering the following command in Exec
Mode:
show lawful-intercept all

The output of this command is a concise listing of all Lawful Intercept contexts settings as
shown in the sample output displayed below.
+--------- S - Status of the interception (A) active (I) inactive
|+-------- P - Provisioning method
(C) camp-on (A) active-only (G) Gx
||+------- T - Call Type (P) PDSN (H) HA (L) LNS (G) GGSN (S) SGSN (F) PDIF
|||
(N) ASNGW (C) CSCF (X) PGW (W) SGN (M) MME
|||+------ R - Cscf Role (P) PROXY-CSCF (S) SERVING-CSCF (C) S-I-P-CSCF (N) Not Applicable
||||+----- E - Event delivery method (N) None (T) TCP (U) UDP (A) ActiveUDP (D) DialUDP
|||||+---- C - Content delivery method (N) None (T) TCP (U) UDP
|||||| +-- M - Mobile ID (I) IMSI/MSID (M) MSISDN (E) IMEI
|||||| |
|||||| |
Intercept ID ----------------------------------------+
vvvvvv v
|
SPTREC M ID
USERNAME
IP
Int.ID
------ ---------------- ---------------------- --------------- -------ICW-UU I 40427000000001
1
ICW-UU M 919876543210
987
ICW-UU E 35146640668100
100
Total active lawfully intercepted calls 0
Total camp-on triggers 3

2 Display your S-GW LI call related statistics by entering the following command in Exec
Mode:
show lawful-intercept statistics

The output of this command is a concise listing of LI related statistics and parameter
settings as shown in the sample output displayed below.

7-19

Lawful Intercept with Serving Gateway Service

Total currently active LI calls:


Total current camp-on triggers:
Total event packets sent:
Total intercepted content packet sent:
Total event packets dropped: (no tcp
connection with mediation)
Total intercepted content packets dropped:
(no tcp connection with mediation)
Total events packet sent (for currently
active LI calls)
Total content packet sent (for currently
active LI calls)
Total LI provisioning stats:
via active-only method
via camp-on method
Total LI provisioning failure stats:
li-context not configured
src-ip-addr not configured
src-ip-addr mis-configured
Total LI session termination stats
due to call-disconnect
due to context n/a
due to de-provisioning
Total LI sess recovery stats:
recovery performed

7-20

0
2
0
0
0
0
0
0

0
2
0
0
0
2
0
0
0

CHAPTER 8
VERIFYING AND SAVING YOUR CONFIGURATION

This chapter describes how to verify and save the system configuration.

Verifying the Configuration


You can use a number of commands to verify the configuration of your feature, service, or
system. Many are hierarchical in their implementation and some are specific to portions of
or specific lines in the configuration file.

Feature Configuration
In many configurations, specific features are set and need to be verified. Examples include
APN and IP address pool configuration. Using these examples, enter the following
commands to verify proper feature configuration:
show apn all

The output displays the complete configuration for the APN. In this example, an APN called
apn1 is configured.
access point name (APN): apn1
authentication context: test
pdp type: ipv4
Selection Mode: subscribed
ip source violation: Checked
accounting mode: gtpp
max-primary-pdp-contexts: 1000000
primary contexts: not available
local ip: 0.0.0.0
primary dns: 0.0.0.0
ppp keep alive period : 0
absolute timeout : 0
long duration timeout: 0
ip header compression: vj
data compression: stac mppc deflate
min compression size: 128
ip output access-group:
ppp authentication:
allow noauthentication: Enabled

drop limit: 10
No early PDUs: Disabled
total-pdp-contexts: 1000000
total contexts: not available
secondary dns: 0.0.0.0
ppp mtu : 1500
idle timeout : 0
long duration action: Detection
compression mode:

normal

ip input access-group:
imsi authentication:Disabled

Verifying and Saving Your Configuration

Enter the following command to display the IP address pool configuration:


show ip pool

The output from this command should look similar to the sample shown below. In this
example, all IP pools were configured in the isp1 context.
context : isp1:
+-----Type:
(P) - Public
(R) - Private
|
(S) - Static
(E) - Resource
|
|+----State:
(G) - Good
(D) - Pending Delete
(R)-Resizing
||
||++--Priority: 0..10 (Highest (0) .. Lowest (10))
||||
||||+-Busyout: (B) - Busyout configured
|||||
|||||
vvvvv Pool Name Start Address
Mask/End Address Used
Avail
----- --------- --------------- --------------- -------- -------PG00 ipsec
12.12.12.0
255.255.255.0
0
254
PG00 pool1
10.10.0.0
255.255.0.0
0
65534
SG00 vpnpool
192.168.1.250
192.168.1.254
0
5
Total Pool Count: 5

IMPORTANT
Many features can be configured on the system. There are show commands specifically for
these features. Refer to the Command Line Interface Reference for more information.

Service Configuration
Verify that your service was created and configured properly by entering the following
command:
show <service_type> <service_name>

The output is a concise listing of the service parameter settings similar to the sample
displayed below. In this example, a P-GW service called pgw1 is configured.
Service name
:
Service-Id
Context
Status
Restart Counter
EGTP Service
LMA Service
Session-Delete-Delay Timer
Session-Delete-Delay timeout
PLMN ID List
Newcall Policy

8-2

pgw1
: 1
: test1
: STARTED
: 8
: egtp1
: Not defined
: Enabled
: 10000(msecs)
: MCC: 100, MNC: 99
: None

Verifying the Configuration

Context Configuration
Verify that your context was created and configured properly by entering the following
command:
show context name <name>

The output shows the active context. Its ID is similar to the sample displayed below. In this
example, a context named test1 is configured.
Context Name
-----------test1

ContextID
--------2

State
----Active

System Configuration
Verify that your entire configuration file was created and configured properly by entering
the following command:
show configuration

This command displays the entire configuration including the context and service
configurations defined above.

Finding Configuration Errors


Identify errors in your configuration file by entering the following command:
show configuration errors

This command displays errors it finds within the configuration. For example, if you have
created a service named service1, but entered it as srv1 in another part of the
configuration, the system displays this error.
You must refine this command to specify particular sections of the configuration. Add the
keyword and choose a section from the help menu:

section

show configuration errors section ggsn-service

or
show configuration errors section aaa-config

If the configuration contains no errors, an output similar to the following is displayed:


######################################################################################
#
Displaying Global AAA-configuration errors
######################################################################################
Total 0 error(s) in this section !

8-3

Verifying and Saving Your Configuration

Saving the Configuration


Save system configuration information to a file locally or to a remote node on the network.
You can use this configuration file on any other systems that require the same configuration.
Files that you save locally can be stored in the SPCs/SMCs CompactFlash or on an
installed PCMCIA memory card on the SPC/SMC. Files that you save to a remote network
node can be transmitted via FTP or TFTP.

Saving the Configuration on ST-series Platforms


These instructions assume that you are at the root prompt for the Exec mode:
[local]host_name#

To save your current configuration, enter the following command:


save configuration url [-redundant] [-noconfirm] [showsecrets] [verbose]
Keyword/Variable

Description
Specifies the path and name to which the configuration file is to be stored. url may refer to a local or
a remote file. url must be entered using one of the following formats:

{ /flash | /pcmcia1 | /pcmcia2 } [ /dir ] /file_name

file:/{ /flash | /pcmcia1 | /pcmcia2 } [ /dir ] /file_name

tftp://{ ipaddr | host_name [ :port# ] } [ /dir ] /file_name

ftp://[ username [ :pwd ] @ ] { ipaddr | host_name } [ :port# ] [ /dir ] /file_name

sftp://[ username [ :pwd ] @ ] { ipaddr | host_name } [ :port# ] [ /dir ] /file_name

/flash corresponds to the CompactFlash on the SPC/SMC.


/pcmcia1 corresponds to PCMCIA slot 1.
/pcmcia2 corresponds to PCMCIA slot 2.
ipaddr is the IP address of the network server.
url

host_name is the network servers hostname.


port# is the network servers logical port number. Defaults are:

tftp: 69 - data

ftp: 20 - data, 21 - control

sftp: 115 - data

Note: host_name can only be used if the networkconfig parameter is configured for DHCP and
the DHCP server returns a valid nameserver.dx
username is the username required to gain access to the server, if necessary.
pwd is the password for the specified username if required.
/dir specifies the directory where the file is located if one exists.
/file_name specifies the name of the configuration file to be saved.
Note: Name configuration files with a .cfg extension.

8-4

Saving the Configuration

Keyword/Variable

Description
Optional: This keyword directs the system to save the CLI configuration file to the local device, defined
by the url variable, and then automatically copies the file to the like device on the standby SPC/SMC, if
available.

-redundant

Note: This keyword works only for like local devices that are located on both the active and standby
SPCs/SMCs. For example, if you save the file to the /pcmcia1 device on the active SPC/SMC, that
same type of device (a PC-Card in Slot 1 of the standby SPC/SMC) must be available. Otherwise, a
failure message is displayed.
Note: If saving the file to an external network (non-local) device, the system disregards this keyword.

-noconfirm

Optional: Indicates that no confirmation is to be given prior to saving the configuration information to
the specified filename (if one was specified) or to the currently active configuration file (if none was
specified).

showsecrets

Optional: This keyword causes the CLI configuration file to be saved with all passwords in plain text,
rather than their default encrypted format.

verbose

Optional: Specifies to display every parameter that is being saved to the new configuration file.

IMPORTANT
The -redundant keyword is only applicable when saving a configuration file to local
devices.
This command does not synchronize the local file system. If you have added, modified, or
deleted other files or directories to or from a local device for the active SPC/SMC, then you
must synchronize the local file system on both SPCs/SMCs.

EXAMPLE(S)
To save a configuration file called system.cfg to a directory that was previously created
called cfgfiles on the SPCs/SMCs CompactFlash, enter the following command:
save configuration /flash/cfgfiles/system.cfg

To save a configuration file called simple_ip.cfg to a directory called host_name_configs


using an FTP server with an IP address of 192.168.34.156 on which you have an account
with a username of administrator and a password of secure, use the following command:
save configuration
ftp://administrator:secure@192.168.34.156/host_name_configs/
simple_ip.cfg

To save a configuration file called init_config.cfg to the root directory of a TFTP server with a
hostname of config_server, enter the following command:
save configuration tftp://config_server/init_config.cfg

8-5

Verifying and Saving Your Configuration

8-6

INDEX

Numerics
3GPP
Supported standards for GGSN .......2-3, 3-4, 4-3
Supported standards for SGSN .......5-4, 6-4, 7-4
3GPP Standards .............2-3, 3-4, 4-3, 5-4, 6-4, 7-4
A
About This Guide ............................................... vii
active call interception ....................................... 2-8
C
camp-on interception ......................................... 2-9
Configuring
Lawful Intercept .. 2-15, 3-15, 4-17, 5-15, 6-15,

7-15
Contacting
Customer Support ...........................................ix
Starent Networks ............................................ix
Technical Support...........................................ix
Conventions
Used in document ........................................ viii
CSCF
LI configuration ........................................ 2-15
Customer Support
Contacting .....................................................ix
D
deprovisioning
call termination ......................................... 2-13
LI duration expires .................................... 2-14
Documentation
Providing feedback ..........................................x
E
existing call interception .................................. 2-12
F
Feedback
Documentation ................................................x
I
interception
active-call ................................................... 2-6
camp-on ...................................................... 2-6
type of ........................................................ 2-6

interfaces
supported on ............................................... 2-6
L
Lawful Intercept
Configuring.2-15, 3-15, 4-17, 5-15, 6-15, 7-15
Operation ................2-8, 3-9, 4-7, 5-9, 6-9, 7-9
Standards referenced 2-8, 3-4, 4-7, 5-4, 6-4, 7-4
LI configuration
CSCF........................................................ 2-15
N
new call interception ........................................ 2-10
P
Providing Documentation Feedback........................x
Provisioning a Lawful Intercept Instruction2-17, 3-17,

........................................ 4-19, 5-17, 6-18, 7-17


Provisioning a Lawful Intercept Order .... 2-17, 3-17,

4-19, .........................................5-17, 6-18, 7-17


S
Standards
GGSN 3GPP .................................2-3, 3-4, 4-3
SGSN 3GPP ..................................5-4, 6-4, 7-4
Starent Networks
Contacting .....................................................ix
Customer support ...........................................ix
Technical support ...........................................ix
T
Technical Support
Contacting .....................................................ix

Index-2

You might also like