Cisco Cisco Packet Data Gateway (PDG) Guida Alla Risoluzione Dei Problemi
Content Filtering Support Overview
▀ Category-based Content Filtering Support
▄ Cisco ASR 5000 Series Content Filtering Services Administration Guide
OL-22959-01
Apart from the advantages described previously, Category-based Content Filtering service reduces the requirement of
over-provisioning of capacity at neighboring gateway routers. It also eliminates requirements of external Server Load
Balancers and enhances the accuracy in subscriber charging records.
over-provisioning of capacity at neighboring gateway routers. It also eliminates requirements of external Server Load
Balancers and enhances the accuracy in subscriber charging records.
The Category-based Content Filtering solution has the following logical functions:
Deep Packet Inspection (DPI) for Content Rating (event detection and content extraction)
Content Rating Policy Enforcement; for example, permit, discard, deny, redirect
Content-ware accounting CF-EDR generation for events of interest
ECS and Content Filtering Application
The Category-based Content Filtering subsystem is integrated within the Enhanced Charging Service (ECS) subsystem.
Although it is not necessary to provision content-based charging in conjunction with content filtering, it is highly
desirable as it enables a single point of deep-packet inspection for both services. It also enables a single policy decision
and enforcement point for both services thereby streamlining the required number of signaling interactions with external
AAA/Policy Manager servers. Utilizing both services also increases billing accuracy of charging records by insuring
that mobile subscribers are only charged for visited sites content.
Although it is not necessary to provision content-based charging in conjunction with content filtering, it is highly
desirable as it enables a single point of deep-packet inspection for both services. It also enables a single policy decision
and enforcement point for both services thereby streamlining the required number of signaling interactions with external
AAA/Policy Manager servers. Utilizing both services also increases billing accuracy of charging records by insuring
that mobile subscribers are only charged for visited sites content.
The Category-based Content Filtering solution uses Content Filtering Policy to analyze the content requested by
subscribers. Content Filtering Policy provides a decision point for analyzed content on the basis of its category and
priority.
subscribers. Content Filtering Policy provides a decision point for analyzed content on the basis of its category and
priority.
The Category-based Content Filtering solution also utilizes ECS rulebases in order to determine the correct policy
decision and enforcement action such as accept, block, redirect, or replace. Rulebase names are retrieved during initial
authentication from the AAA/Policy Manager. Some possible examples of rulebase names include Consumer,
Enterprise, Child, Teen, Adult, and Sport. Rulebase names are used by the ECS subsystem to instantiate the particular
rule definition that applies for a particular session. Rulebase work in conjunction with a content filtering policy and only
one content filtering policy can be associated with a rulebase.
decision and enforcement action such as accept, block, redirect, or replace. Rulebase names are retrieved during initial
authentication from the AAA/Policy Manager. Some possible examples of rulebase names include Consumer,
Enterprise, Child, Teen, Adult, and Sport. Rulebase names are used by the ECS subsystem to instantiate the particular
rule definition that applies for a particular session. Rulebase work in conjunction with a content filtering policy and only
one content filtering policy can be associated with a rulebase.
I
MPORTANT
:
For more information on rulebases and rule definitions, refer to the Enhanced Charging Services
Administration Guide.
The ECS subsystem includes L3–L7 deep packet inspection capabilities. It correlates all L3 packets with higher layer
criteria such as URL detection within an HTTP header, it also provides stateful packet inspection for complex protocols
like FTP, RTSP, and SIP that open ports for the data path.
criteria such as URL detection within an HTTP header, it also provides stateful packet inspection for complex protocols
like FTP, RTSP, and SIP that open ports for the data path.
The Content Filtering subsystem uses the deep-packet inspection capabilities of ECS for URL/URI extraction.
ECS functionality is managed by the following components:
Session Controller (SessCtrl): The SessCtrl runs on the primary SPC/SMC and is responsible for managing
ECS and Content Filtering services.
Session Manager (SessMgr): A single SessMgr treats ECS charging and Content Filtering that is applicable to
common subscriber sessions.