Дорожная карта для Cisco Cisco Packet Data Gateway (PDG)
Content Filtering Support Overview
▀ URL Blacklisting Support
▄ Cisco ASR 5000 Series Product Overview
OL-22938-01
How URL Blacklisting Works
This section describes how URL Blacklisting works.
Blacklist Updates
The following steps describe how the blacklist is updated in the system:
Step 1
The WEM downloads the blacklist file from the specified source (NCMEC/other). The clear text file is converted into a
non-human readable optimized format (OPTBLDB) and then pushed to the CDP.
non-human readable optimized format (OPTBLDB) and then pushed to the CDP.
Step 2
The CDP pushes the optblk.bin file to the chassis (to the flash/pcmcia device) at pre-determined intervals. The
optblk.bin file contains the full blacklist. If this file is verified to be correct it replaces the optblk.bin file on the chassis,
and the last optblk.bin is rolled over.
optblk.bin file contains the full blacklist. If this file is verified to be correct it replaces the optblk.bin file on the chassis,
and the last optblk.bin is rolled over.
Step 3
The blacklist file is auto-detected by the Session Controller (SessCtrl), which verifies the integrity of the Blacklist
database using checksums, and then loads it.
database using checksums, and then loads it.
The new blacklist is loaded only if it has been received properly. If the full Blacklist database is not found, corrupted, or
if the loading fails, traps are generated. Correspondingly clear traps are also generated on a valid Blacklist database
being available, and after a successful load.
if the loading fails, traps are generated. Correspondingly clear traps are also generated on a valid Blacklist database
being available, and after a successful load.
Step 4
The SessMgrs read the file and load the blacklisted URLs in a local in-memory database.
Important:
The URL Blacklisting feature is enabled only if the url-blacklisting action is set in any of the
rulebases. Thus, the automatic detection of the Blacklist database, storing it in memory, and loading onto the SessMgrs
will happen only if the url-blacklisting action is set in any of the rulebases.
will happen only if the url-blacklisting action is set in any of the rulebases.
Step 5
The Blacklist database is loaded on each SessMgr as and when they come up (if URL Blacklisting is set in any
rulebase) or when URL Blacklisting gets set in any of the rulebases.
rulebase) or when URL Blacklisting gets set in any of the rulebases.
When the SessMgrs start for the first time or after recovery, if URL Blacklisting is set in any of the rulebases, the stored
Blacklist database at SessCtrl is loaded onto the SessMgrs. This holds true for standby managers as well i.e., when
standby managers come up the Blacklist database is loaded onto them.
Blacklist database at SessCtrl is loaded onto the SessMgrs. This holds true for standby managers as well i.e., when
standby managers come up the Blacklist database is loaded onto them.
Whenever a SessMgr is killed, standby manager which already has the Blacklist database loaded takes its place, and a
new standby manager is created which loads the Blacklist database as part of SessMgr getting started for the first time.
new standby manager is created which loads the Blacklist database as part of SessMgr getting started for the first time.
If SessCtrl is killed, while recovering it checks if URL Blacklisting is set in any of the rulebases, if set it will store the
Blacklist database onto itself and load all the SessMgrs as well.
Blacklist database onto itself and load all the SessMgrs as well.
Step 6
When a new Blacklist database is loaded on to the SessMgrs, the new database (and any stored versions that have rolled
over) are synced to the other SPC so that after switchover, the proper Blacklist database can be accessed.
over) are synced to the other SPC so that after switchover, the proper Blacklist database can be accessed.
URL Blacklisting Action
The following steps describe how the URL Blacklisting feature works: