для Cisco Cisco ASR 5000
The Category-based Content Filtering solution has the following logical functions:
• Deep Packet Inspection (DPI) for Content Rating (event detection and content extraction)
• Content Rating Function with Static Rating of URLs
• Content Rating Policy Enforcement; for example, permit, discard, deny, redirect
• Content-ware accounting CF-EDR generation for events of interest
Category-based Content Filtering can work in Static-only mode. Static-and-Dynamic and Dynamic-only
Content Filtering modes are not supported.
Content Filtering modes are not supported.
Important
ECS and Content Filtering Application
The Category-based Content Filtering subsystem is integrated within the Enhanced Charging Service (ECS)
subsystem. Although it is not necessary to provision content-based charging in conjunction with content
filtering, it is highly desirable as it enables a single point of deep-packet inspection for both services. It also
enables a single policy decision and enforcement point for both services thereby streamlining the required
number of signaling interactions with external AAA/Policy Manager servers. Utilizing both services also
increases billing accuracy of charging records by insuring that mobile subscribers are only charged for visited
sites content.
subsystem. Although it is not necessary to provision content-based charging in conjunction with content
filtering, it is highly desirable as it enables a single point of deep-packet inspection for both services. It also
enables a single policy decision and enforcement point for both services thereby streamlining the required
number of signaling interactions with external AAA/Policy Manager servers. Utilizing both services also
increases billing accuracy of charging records by insuring that mobile subscribers are only charged for visited
sites content.
The Category-based Content Filtering solution uses Content Filtering Policy to analyze the content requested
by subscribers. Content Filtering Policy provides a decision point for analyzed content on the basis of its
category and priority.
by subscribers. Content Filtering Policy provides a decision point for analyzed content on the basis of its
category and priority.
The Category-based Content Filtering solution also utilizes ECS rulebases in order to determine the correct
policy decision and enforcement action such as accept, block, redirect, or replace. Rulebase names are retrieved
during initial authentication from the AAA/Policy Manager. Some possible examples of rulebase names
include Consumer, Enterprise, Child, Teen, Adult, and Sport. Rulebase names are used by the ECS subsystem
to instantiate the particular rule definition that applies for a particular session. Rulebase work in conjunction
with a content filtering policy and only one content filtering policy can be associated with a rulebase.
policy decision and enforcement action such as accept, block, redirect, or replace. Rulebase names are retrieved
during initial authentication from the AAA/Policy Manager. Some possible examples of rulebase names
include Consumer, Enterprise, Child, Teen, Adult, and Sport. Rulebase names are used by the ECS subsystem
to instantiate the particular rule definition that applies for a particular session. Rulebase work in conjunction
with a content filtering policy and only one content filtering policy can be associated with a rulebase.
For more information on rulebases and rule definitions, refer to the Enhanced Charging Services Administration
Guide.
Guide.
The CF Policy ID can be enabled depending on the subscriber (Child, Adult, etc.) and not based on the
subscriber’s device. This can be configured through PCRF for Gx using the SN-CF-Policy-ID attribute. For
more information, refer to the Subscriber Configuration section in the Content Filtering Service Configuration
chapter of this guide.
subscriber’s device. This can be configured through PCRF for Gx using the SN-CF-Policy-ID attribute. For
more information, refer to the Subscriber Configuration section in the Content Filtering Service Configuration
chapter of this guide.
If the SN-CF-Policy-ID sent by PCRF is 0 or junk (not configured on GGSN), then that value is ignored
and the value of CF Policy ID remains to what it was before the PCRF message came (default, not set or
any other value). For more information on this attribute, refer to the AAA Interface Administration and
Reference.
and the value of CF Policy ID remains to what it was before the PCRF message came (default, not set or
any other value). For more information on this attribute, refer to the AAA Interface Administration and
Reference.
Important
The ECS subsystem includes L3–L7 deep packet inspection capabilities. It correlates all L3 packets with
higher layer criteria such as URL detection within an HTTP header, it also provides stateful packet inspection
for complex protocols like FTP, RTSP, and SIP that dynamically open ports for the data path.
higher layer criteria such as URL detection within an HTTP header, it also provides stateful packet inspection
for complex protocols like FTP, RTSP, and SIP that dynamically open ports for the data path.
The Content Filtering subsystem uses the deep-packet inspection capabilities of ECS for URL/URI extraction.
CF Administration Guide, StarOS Release 18
7
Content Filtering Support Overview
ECS and Content Filtering Application