X-Header Encryption - Cisco ASR 5000 Series Administration Manual
Enhanced charging services
Hide thumbs
Also See for ASR 5000 Series:
- Product overview (992 pages) ,
- Administration manual (509 pages) ,
- Installation manual (317 pages)
Table of Contents
Advertisement
▀ Enhanced Features and Functionality
Step 1
Creating/configuring a ruledef to identify the HTTP/WSP packets in which the x-headers must be inserted.
Step 2
Creating/configuring a rulebase and configuring the charging-action, which will insert the x-header fields into the
HTTP/WSP packets.
Step 3
Creating/configuring the x-header format.
Step 4
Configuring insertion of the x-header fields in the charging action.
X-Header Encryption
This section provides an overview of the X-Header Encryption feature.
X-Header Encryption enhances the X-header Insertion feature to increase the number of fields that can be inserted, and
also enables encrypting the fields before inserting them.
If x-header insertion has already happened for an IP flow (because of any x-header format), and if the current charging-
action has the first-request-only flag set, x-header insertion will not happen for that format. If the first-request-only flag
is not set in a charging-action, then for that x-header format, insertion will continue happening in any further suitable
packets in that IP flow.
Changes to x-header format configuration will not trigger re-encryption for existing calls. The changed configuration
will however, be applicable for new calls. The changed configuration will also apply at the next re-encryption time to
those existing calls for which re-encryption timeout is specified. If encryption is enabled for a parameter while data is
flowing, since its encrypted value will not be available, insertion of that parameter will stop.
Important:
The following steps describe how X-Header Encryption works:
Step 1
X-header insertion, encryption, and the encryption certificate is configured in the CLI.
Step 2
When the call gets connected, and after each regeneration time, the encryption certificate is used to encrypt the strings.
Step 3
When a packet hits a ruledef that has x-header format configured in its charging-action, x-header insertion into that
packet is done using the given x-header-format.
Step 4
If x-header-insertion is to be done for fields which are marked as encrypt, the previously encrypted value is populated
for that field accordingly.
TCP OOO Packets
ECS handles TCP OOO packets in two ways depending on the rulebase configuration:
Transmit Immediately: If the rulebase is configured to transmit immediately for TCP OOO packets, the OOO packets
will be forwarded immediately, and a copy of this packet will be added to the OOO queue for analysis.
Transmit After Reordering: If the rulebase is configured to transmit after reordering for TCP OOO packets, the OOO
packets will be added to the OOO queue for analysis. Header insertion on OOO request packets occurs on reordering
packets that are received before the OOO request timeout. When a reordering packet is received, the queued packets are
forwarded. However, if a reordering packet is not received before the OOO queue timeout, the queued packet will be
forwarded without any analysis done to those packets.
IP Fragmented Packets
▄ Cisco ASR 5x00 Enhanced Charging Services Administration Guide
60
Recovery of flows is not supported for this feature.
Enhanced Charging Service Overview
Advertisement
Table of Contents
