Cisco Cisco Packet Data Gateway (PDG) Documentation Roadmaps
Content Filtering Support Overview
▀ Category-based Content Filtering Support
▄ Cisco ASR 5000 Series Product Overview
OL-22938-01
Dynamic rating is accurate only for complete response data and does not work properly for data divided in
packets. Since only first response packet is used for dynamic rating and not the complete response, the rating
will be only 60-80% accurate.
will be only 60-80% accurate.
Only text-based dynamic rating is supported, image-based rating is not supported.
Only one category ―PORN‖ is supported in all languages, while 14 other categories are supported in English.
Content in zipped/encoded form will not be supported for dynamic rating.
WAP traffic is not supported. Only static rating will be done for WAP packets.
Three packet processing cards are required to support Dynamic Content Filtering.
ECS and Content Filtering Application
The Category-based Content Filtering solution is provided as an integrated subsystem within the Enhanced Charging
Service (ECS). Although it is not necessary to provision content-based charging in conjunction with content filtering, it
is highly desirable as it enables a single point of deep-packet inspection for both services. It also enables a single policy
decision and enforcement point for both services thereby streamlining the required number of signaling interactions with
external AAA/Policy Manager servers. Utilizing both services also increases billing accuracy of charging records by
insuring that mobile subscribers are only charged for visited sites content.
Service (ECS). Although it is not necessary to provision content-based charging in conjunction with content filtering, it
is highly desirable as it enables a single point of deep-packet inspection for both services. It also enables a single policy
decision and enforcement point for both services thereby streamlining the required number of signaling interactions with
external AAA/Policy Manager servers. Utilizing both services also increases billing accuracy of charging records by
insuring that mobile subscribers are only charged for visited sites content.
The Category-based Content Filtering solution uses Content Filtering Policy to analyze the content requested by
subscribers. Content Filtering Policy provides a decision point for analyzed content on the basis of its category and
priority.
subscribers. Content Filtering Policy provides a decision point for analyzed content on the basis of its category and
priority.
The Category-based Content Filtering solution also utilizes ACS rulebases in order to determine the correct policy
decision and enforcement action such as accept, block, redirect, or replace. Rulebase names are retrieved during initial
authentication from the AAA/Policy Manager. Some possible examples of rulebase names include Consumer,
Enterprise, Child, Teen, Adult, and Sport. Rulebase names are used by the ACS subsystem to instantiate the particular
rule definition that applies for a particular session. Rulebase work in conjunction with a content filtering policy and only
one content filtering policy can be associated with a rulebase.
decision and enforcement action such as accept, block, redirect, or replace. Rulebase names are retrieved during initial
authentication from the AAA/Policy Manager. Some possible examples of rulebase names include Consumer,
Enterprise, Child, Teen, Adult, and Sport. Rulebase names are used by the ACS subsystem to instantiate the particular
rule definition that applies for a particular session. Rulebase work in conjunction with a content filtering policy and only
one content filtering policy can be associated with a rulebase.
Important:
For more information on rulebases and rule definitions, refer to the Enhanced Charging Services
Administration Guide.
The ACS subsystem includes L3–L7 deep packet inspection capabilities. It correlates all L3 packets with higher layer
criteria such as URL detection within an HTTP header, it also provides stateful packet inspection for complex protocols
like FTP, RTSP, and SIP that dynamically open ports for the data path.
criteria such as URL detection within an HTTP header, it also provides stateful packet inspection for complex protocols
like FTP, RTSP, and SIP that dynamically open ports for the data path.
The Content Filtering subsystem uses the deep-packet inspection capabilities of ECS for URL/URI extraction.
ECS functionality is managed by the following components:
Session Controller (SessCtrl): The SessCtrl runs on the primary SPC/SMC and is responsible for managing
ECS and Content Filtering services.
Session Manager (SessMgr): A single SessMgr treats ECS charging and Content Filtering that is applicable to
common subscriber sessions.