Cisco ASR 5000 series Product Overview page 718

▀ Category-based Content Filtering Support
Step 3
System sends the AAA Access Request to AAA server for MS.
Step 4
AAA server processes the AAA Access Request from the Content Filtering subsystem to create the session, and the
Policy Manager in AAA server uses subscriber identification parameters including NAI (username@domain), Calling
Station ID (IMSI, MSID) and Framed IP Address (HoA) as the basis for subscriber lookup.
Step 5
The Policy Manager and AAA generate and send an Access Accept message including all policy and other attributes to
establish the session to the Content Filtering subsystem.
The Policy Manager and/or AAA include following attributes in the Access Accept message:
Step 6
Content Filtering subsystem creates a new session for MS.
Step 7
Content Filtering subsystem sends Accounting-Start messages to AAA server.
Step 8
AAA server sends Accounting-Start response message to Content Filtering subsystem.
Step 9
Content Filtering subsystem establishes data flow with MS.
Step 10
MS requests for data with URL name.
Step 11
Within the system access control list (ACL) processes the request and directs the request to ECS/Content Filtering
subsystem based on the subscriber configuration.
Step 12
System performs ECS action on the content and then applies content filtering if required.
Within the system, if the bearer flow is treated by Content Filtering or other in-line services, the SessMgr
feeds it to the Content Service Steering (CSS) API. If Content Filtering is the first service touch point, TCP
and HTTP traffic analyzers within a given SessMgr utilize deep-packet inspection to extract the requested
URL.
▄ Cisco ASR 5000 Series Product Overview
Filter ID or Access Control List Name: Applied to subscriber session. It typically contains the name
of the Content Service Steering (CSS) ACL. The CSS ACL establishes the particular service
treatments such as Content Filtering, ECS, Traffic Performance Optimization, Stateful Firewall,
VPN, etc. to apply to a subscriber session and the service order sequence to use in the inbound or
outbound directions. Real-time or delay sensitive flows are directly transmitted to the Internet with
no further processing required. In this case, no CSS ACL or Filter ID is included in the Access
Response.
SN-CF-Category-Policy: Applied to the subscriber content flow. Policy ID included in this attribute
overrides the policy identifier applied to subscriber through rulebase or APN/Subscriber
configuration. This content filtering policy determines the action to be taken on a content request
from subscriber on the basis of its category. At anytime only one content filtering policy can be
associated with a rulebase.
SN1-Rulebase Name: This custom attribute contain information such as consumer, business name,
child/adult/teen, etc.). The rulebase name identifies the particular rule definitions to apply. Rulebase
definitions are used in ECS as the basis for deriving charging actions such as prepaid/postpaid
volume/duration/destination billing and charging data files (EDRs/UDRs). Rulebase definitions are
also used in content filtering to determine whether a type of user class such as teenagers should be
permitted to receive requested content belonging to a particular type of category such as adult
entertainment, gambling or hate sites. Rulebase definitions are generated in the Active Charging
Configuration Mode and can be applied to individual subscribers, to domains or on per-context
basis.
Content Filtering Support Overview
OL-22938-02