Lawful Intercept - Cisco ASR 5000 series Product Overview

PDN Gateway Overview
where GTP is used as the S5/S8 protocol, the EPS bearer constitutes a concatenation of a radio bearer, S1-U bearer and
an S5/S8 bearer anchored on the P-GW. In cases where PMIPv6 is used the EPS bearer is concatenated between the UE
and HSGW with IP connectivity between the HSGW and P-GW.
Note: This release supports only GTP-based S5/S8 and PMIPv6 S2a capabilities with no commercial support for
PMIPv6 S5/S8.
An EPS bearer uniquely identifies traffic flows that receive a common QoS treatment between a UE and P-GW in the
GTP-based S5/S8 design, and between a UE and HSGW in the PMIPv6 S2a approach. If different QoS scheduling
priorities are required between Service Data Flows, they should be assigned to separate EPS bearers. Packet filters are
signalled in the NAS procedures and associated with a unique packet filter identifier on a per-PDN connection basis.
One EPS bearer is established when the UE connects to a PDN, and that remains established throughout the lifetime of
the PDN connection to provide the UE with always-on IP connectivity to that PDN. That bearer is referred to as the
default bearer. A PDN connection represents a traffic flow aggregate between a mobile access terminal and an external
Packet Data Network (PDN) such as an IMS network, a walled garden application cloud or a back-end enterprise
network. Any additional EPS bearer that is established to the same PDN is referred to as a dedicated bearer. The EPS
bearer Traffic Flow Template (TFT) is the set of all 5-tuple packet filters associated with a given EPS bearer. The EPC
core elements assign a separate bearer ID for each established EPS bearer. At a given time a UE may have multiple
PDN connections on one or more P-GWs.

Lawful Intercept

Provides a standardized architecture for lawful monitoring and interception of subscriber call content and control events
as mandated by a court ordered warrant from a law enforcement agency.
In accordance with 3GPP TS 33.108 Release 8 requirements the Cisco P-GW supports the Lawful Intercept Access
Function for intercepting control and data messages of mobile targets. Law Enforcement Agencies request the network
operator to start the interception of a particular mobile user based on court ordered subpoenas.
The Cisco EPC gateways provide access to the intercepted Content of Communications (CC) and the Intercept Related
Information (IRI) of the mobile target and services related to the target on behalf of Law Enforcement Agencies. In this
release the P-GW supports the following three interfaces:
X1 provisioning interface from Administrative Function (ADMF) using CLI over SSH: Intercept targets can be
provisioned using subscriber information including MSISDN, IMSI and MEI. Interception of only events (IRI)
or events and call content (IRI + CC) can be provisioned.
X2 event delivery interface for transferring Intercept Related Information (IRI) to a Delivery Function/Mediation
server: Intercepted events include QoS information (if available), bearer activation (Default and Dedicated
bearer), start of intercept with bearer active, bearer modification, bearer deactivation, and UE requested bearer
resource modification.
X3 content delivery: Includes intercepted call content for all default and dedicated EPS bearers.
The intercepted call control data is encoded in a Cisco proprietary message header format using an optional TLV field to
pack the IRI information. The message header also includes other identifying information including sequence numbers,
timestamps and session & correlation numbers to correlate session and bearer related information with interception on
other EPC elements. If provisioning is activated while the call is active for the target identity then the intercepted
information is immediately forwarded to the mediation server. Otherwise camp-on monitoring is used and the system
waits for the call to become active (ECM CONNECTED state) and compares the IMSI, MSISDN and MEI against the
LI monitoring list as a trigger to begin the intercept.
OL-22938-02
Features and Functionality - Base Software ▀
Cisco ASR 5000 Series Product Overview ▄