[VOIPSEC] CALEA Enforcement

Fri May 12 02:07:57 CDT 2006

Just to complement Hadriel:
   Support of lawful interception was NOT yet a requirement in ETSI TISPAN
   NGN RELEASE 1 for the Ia interface.
   That's why the 1st H.248 PROFILE version for Ia (= ETSI ES 283 018 H.248
   Ia Profile Version 1) is lacking that capability.
   If there'll be such a requirement for Ia in TISPAN post-R1 releases,
   then it will be covered in next Ia Profile versions.

- Albrecht

                      "Hadriel Kaplan"                                                                                             
                      <HKaplan at acmepac         To:      "'Shai Mohaban'" <shai at juniper.net>                                        
                      ket.com>                 cc:      Voipsec at voipsa.org                                                         
                      Sent by:                 Subject: Re: [VOIPSEC] CALEA Enforcement                                            
                      Voipsec-bounces@                                                                                             
                      voipsa.org                                                                                                   

                      11.05.2006 18:22                                                                                             

Not to get too off-topic, but the TISPAN H.248 Ia interface is not specific
to doing this on routers - it can be done on any BGF functional element,
and
the only way it really works today (not that it is done today at all) is if
that functional element does more than open/close gates.  If the UE is
behind a NAT the BGF would have to do more, and if it's an LI interface it
would have to do more (I have yet to see a CCC interface that is purely
packet mirroring), and then there's the RTP/media-specific stuff service
providers do today in middle-boxes that TISPAN has yet to recognize needing
to be done.

Another point is "controlling" or relaying the media through double-NATing
(whether in a router or elsewhere) actually enables traffic engineering and
optimal routes that cannot be pragmatically achieved with just best-effort
routing or MPLS alone today.  But that's way off topic for this forum.

-hadriel

> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Shai Mohaban
> Sent: Thursday, May 11, 2006 3:56 AM
> To: Geoff Devine; Voipsec at voipsa.org
> Subject: Re: [VOIPSEC] CALEA Enforcement
>
> Geoff,
>
> Running the media _ALWAYS_ through an SBC is one way but definitely not
> the only way and not even the best way. One other potential solution,
> which is also undetectable and is much better in terms of traffic
> engineering, optimal route, etc, is to deploy some LI capabilities in
> the edge routers (or the BRAS, etc). As far as I know LI is not required
> for internal calls (and this is not relevant at all in the residential
> market as there are no "internal" calls in this case) and virtually all
> external traffic, including the media, will go through the edge router.
> So the edge router can be controlled by some external signaling entity
> (P-CSCF, SBC, etc) and be provisioned in real time with flows that need
> to be duplicated. In fact the new NGN architectures from TISPAN and the
> ITU already have exactly this kind of control mechanism to open and
> close gates (using H.248 in the case of TISPAN). Extending those
> interfaces to enable LI should not be too difficult...
>

_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org