Cisco Cisco IOS Software Release 12.4(22)XR
159
Cisco Packet Data Serving Node Release 5.5 for Cisco IOS Release 12.4(22)XR9
OL-19026-02
Lawful Intercept in PDSN
•
Allows multiple LEAs to run a lawful intercept on the same target without each other’s knowledge.
•
Does not affect subscriber services on the PDSN.
•
Supports wiretaps in both the input and output direction.
•
Supports wiretaps of Layer 3 traffic.
•
Cannot be detected by the target. Neither the network administrator nor the calling parties is aware
that packets are being copied or that the call is being tapped.
that packets are being copied or that the call is being tapped.
•
Uses Simple Network Management Protocol Version 3 (SNMPv3) and security features such as
the View-based Access Control Model (SNMP-VACM-MIB) and User-based Security Model
(SNMP-USM-MIB) to restrict access to lawful intercept information and components.
the View-based Access Control Model (SNMP-VACM-MIB) and User-based Security Model
(SNMP-USM-MIB) to restrict access to lawful intercept information and components.
•
Hides information about lawful intercepts from all but the most privileged users. An administrator
must set up access rights to enable privileged users to access lawful intercept information.
must set up access rights to enable privileged users to access lawful intercept information.
•
Provides two secure interfaces for performing an intercept: one for setting up the wiretap and one for
sending the intercepted traffic to the LEA.
sending the intercepted traffic to the LEA.
Lawful Intercept in PDSN
PDSN packet matching is based on the International Mobile Subscriber Identity (IMSI), NAI, or MDN
of a given mobile node. In mobile gateways, each TAP created is uniquely associated with one session
and the traffic flowing through the session is subject to interception if the Lawful Intercept is provisioned
for this session.
of a given mobile node. In mobile gateways, each TAP created is uniquely associated with one session
and the traffic flowing through the session is subject to interception if the Lawful Intercept is provisioned
for this session.
If the TAPs are already available and a session is coming up, the TAPs will be given priority in the
following order, IMSI, NAI and MDN. But if a particular session is already up and TAPs are being
created, then the latest one will be added with session.
following order, IMSI, NAI and MDN. But if a particular session is already up and TAPs are being
created, then the latest one will be added with session.
PDSN’s Lawful Intercept looks like packet replication. While handling the packet in upstream and
downstream directions, PDSN checks whether any TAP is associated with this user’s traffic flow. If so,
the user's IP packets are replicated. The original packet is sent to the original destination. The replicated
and encapsulated packet is sent to the mediation device. Lawful Intercept does not look into the type of
packet. It blindly replicates the received packets in either direction and sends the replicated packets to
the mediation device. The PDSN can replicate voice as well as data packets.
downstream directions, PDSN checks whether any TAP is associated with this user’s traffic flow. If so,
the user's IP packets are replicated. The original packet is sent to the original destination. The replicated
and encapsulated packet is sent to the mediation device. Lawful Intercept does not look into the type of
packet. It blindly replicates the received packets in either direction and sends the replicated packets to
the mediation device. The PDSN can replicate voice as well as data packets.
The CISCO-TAP2-MIB allows configuring the mediation device to encapsulate and transport the
replicated packets using PacketCable UDP, RTP with Nack resilience, TCP with head of line blocking,
and SCTP with head of line blocking. PDSN uses UDP (PacketCableTM) as the encapsulation scheme.
replicated packets using PacketCable UDP, RTP with Nack resilience, TCP with head of line blocking,
and SCTP with head of line blocking. PDSN uses UDP (PacketCableTM) as the encapsulation scheme.
PDSN intercepts both IPv4 and IPv6 packets and delivers packets using IPv4 transport.
Network Components Used for Lawful Intercept
The following network components are used for lawful intercepts:
•
Mediation Device—A mediation device (supplied by a third-party vendor) handles most of the
processing for the lawful intercept. The mediation device:
processing for the lawful intercept. The mediation device:
–
Provides the interface used to set up and provision the lawful intercept.
–
Generates requests to other network devices to set up and run the lawful intercept.