Content for TS 33.107 Word version: 16.0.0
0…
4
5…
5A…
6…
7…
7A…
8…
9…
10…
11…
12…
12.2…
12.3…
12.4…
12.5…
13…
14…
15…
16…
17…
18…
19…
20…
21…
22…
23…
A…
B…
C…
D…
E…
F…
G…
H…
I…
J…
L…
9 Invocation of Lawful Interception (LI) for 3GPP WLAN interworking services
9.0 General
9.1 Provision of Intercept Product - Short Message Service
9.2 Provision of Intercepted Content of Communications - 3GPP WLAN Interworking services
9.3 Provision of Intercept Related Information
9.4 Structure of I-WLAN Events
...
...
9 Invocation of Lawful Interception (LI) for 3GPP WLAN interworking services |R6|
9.0 General |R12|
WLAN Interworking specifications (TS 23.234, TS 24.234 and TS 29.234) are no longer maintained for Release 12 onwards.
This clause 9 is therefore no longer maintained.
Figure 23 shows the extract from the reference configuration which is relevant for the invocation of the Lawful Interception of the packet data 3GPP WLAN Interworking network.
[not reproduced yet]
Figure 23: Functional model for invocation of Lawful Interception for 3GPP WLAN Interworking Services
The HI2 and HI3 interfaces represent the interfaces between the LEA and two delivery functions. Both interfaces are subject to national requirements. They are included for completeness, but are beyond the scope of this specification.
The delivery functions are used:
- to convert the information on the X2-interface to the corresponding information on the HI2 interface;
- to distribute the intercept related information to the relevant LEA(s);
- to distribute the intercept product to the relevant LEA(s).
9.1 Provision of Intercept Product - Short Message Service Word‑p. 84
LI for SMS in the 3GPP-WLAN Interworking case is described in Clause 7A.4.
9.2 Provision of Intercepted Content of Communications - 3GPP WLAN Interworking services
9.2.0 General |R12|
The access method for the delivering of 3GPP WLAN Interworking Intercept Product is based on duplication of packets without modification at the PDG or WAG. The duplicated packets with additional information in the header, as described in the following sections, are sent to DF3 for further delivery. Note that CC available at the WAG is likely to be encrypted.
[not reproduced yet]
Figure 24: Configuration for interception of 3GPP WLAN Interworking product data
9.2.1 X3-interface Word‑p. 85
In addition to the intercepted content of communications, the following information needs to be transferred from the PDG or WAG to the DF3 in order to allow the DF3 to perform its functionality:
-
target identity;
-
correlation number;
-
time stamp - optional;
-
direction (indicates whether T-PDU is MO or MT) - optional;
-
the target location (if available in the intercepting node).
9.3 Provision of Intercept Related Information
9.3.0 General |R12|
Figure 25 shows the transfer of intercept related information to the DF2. If an event for / from a mobile subscriber occurs, the PDG, WAG, or the AAA Server sends the relevant data to the DF2. Packet Data Header Information reporting is a national option. For Packet Data Header Information reporting, a PDG/WAG either isolates the relevant data and sends it to the DF2 or sends the packet stream to another entity in the network (e.g., DF3) for isolation which then provides the relevant data to the DF2.
[not reproduced yet]
Figure 25: Provision of Intercept Related Information
9.3.1 X2-interface Word‑p. 86
The following information needs to be transferred from the PDG, WAG or the AAA server to the DF2 in order to allow a DF2 to perform its functionality:
-
target identity (IMSI, NAI, or MSISDN);
-
events and associated parameters as defined in section 9.3.2 may be provided;
-
the target location (if available);
-
Correlation number;
-
Quality of Service (QoS) identifier (if available).
The IRI should be sent to DF2 using a reliable transport mechanism.
The PDG/WAG detects packets containing packet data header information in the communications path but the information needed for Packet Data Header Information reporting may need to be transferred from the PDG/WAG either directly to the DF2 or via another network entity in order to allow the DF2 to perform its functionality.
9.3.2 3GPP WLAN Interworking LI Events and Event Information
The following events are applicable to AAA Server:
-
I-WLAN Access Initiation;
-
I-WLAN re-authentication,
-
I-WLAN Access Termination;
-
I-WLAN Tunnel Establishment;
-
I-WLAN Tunnel Disconnect;
-
Start of Intercept with I-WLAN Communication Active;
The following events are applicable to the PDG and WAG:
-
I-WLAN Tunnel Establishment;
-
I-WLAN Tunnel Disconnect;
-
Start of Intercept with I-WLAN Communication Active.
-
Packet Data Header Information.
A set of possible elements as shown below is used to generate the events. Information associated with the events are transmitted from the PDG, WAG or AAA server to DF2.
Some of these parameters apply to the PDG or WAG and some apply to the AAA server. Parameters sent from the PDG, WAG or AAA server is dependent on what is available at the network element. If interception is performed at the PDG, then Packet Data Header Information reporting shall also be performed at the PDG and not at the WAG.
Element
Description
PDG
AAA Server
Observed NAI
NAI of the target.
Not available
Available, see TS 29.234
Event type
Description which type of event is delivered: I-WLAN Access Initiation, I-WLAN Access Termination, I-WLAN Tunnel Establishment, I-WLAN Tunnel Disconnect, Start of Intercept with I-WLAN Communication Active, Packet Data Header Information.
Available from ICE
Available from ICE
Event date
Date of the event generation in the PDG or the AAA server.
Available from ICE
Available from ICE
Event time
Time of the event generation in the PDG or the AAA server. Timestamp shall be generated relative to the PDG or AAA server internal clock.
Available from ICE
Available from ICE
WLAN UE Local IP address
The WLAN UE Local IP address of observed party. The WLAN UE Local IP address field specified in TS 24.234 and IETF RFC 2409, represents the IPv4/IPv6 address of the WLAN UE in the WLAN AN. It is an address used to deliver the packet to a WLAN UE in a WLAN AN. Note that this address might be dynamic.
Available, see TS 24.234 and IETF RFC 2409
Not available
WLAN UE MAC address
The WLAN MAC address of the target. Note that this address might be dynamic and the validity of the MAC Address is outside of the scope of 3GPP.
Not available
Available, see TS 29.234
WLAN UE Remote IP address
The WLAN UE Remote IP address of observed party. The WLAN UE Remote IP address field specified in TS 24.234, represents the IPv4/IPv6 address of the WLAN UE in the network being accessed by the WLAN AN. It is an address used in the data packet encapsulated by the WLAN UE-initiated tunnel and is the source address used by applications in the WLAN UE. Note that this address might be dynamic.
Available, see TS 24.234
Not available
WLAN Access Point Name
WLAN Operator Name
The name of the WLAN operator name serving the target.
Not available
Available, see TS 29.234
WLAN Location Data
The location of the WLAN serving the target (e.g., string like "coffee shop" or "airport", etc.).
Not available
Available, see TS 29.234
WLAN Location Information
Location Information regarding the WLAN as provided in RADIUS or DIAMETER signalling exchanged with the AAA server.
Not available
Available, see TS 29.234
Correlation Number
The correlation number is used to correlate CC and IRI. The correlation number is also used to allow the correlation of IRI records. In case of the AAA server, the Correlation Number is only used to correlate IRI records.
Generated for LI by PDG
Generated for LI by AAA server
Network Element Identifier
Unique identifier for the element reporting the ICE.
Generated for LI by PDG
Generated for LI by AAA server
Initiator
The initiator of the request either the network or the WLAN UE.
Generated for LI by PDG
Generated for LI by AAA server
NAS IP/IPv6 address
The IP or IPv6 address of the NAS in the WLAN.
Not available
Available, see TS 29.234
Visited PLMN ID
Identity of the visited PLMN to which the user is terminating their WLAN tunnels or through which the user is establishing their WLAN tunnels.
Not available
Available, see TS 29.234
Session Alive Time
The amount of time in seconds during which the target can be registered for WLAN access.
Not available
Available, see TS 29.234
Failed access reason
Provides the reason for why a WLAN access attempt failed ("Authentication Failed").
Not available
Available from ICE
Session termination reason
Provides a reason for why a WLAN access session is terminated.
Not available
Available, see TS 29.234
Failed tunnel establishment reason
Provides a reason for why a WLAN tunnel establishment failed ("Authentication failed" or "Authorization failed").
Available from ICE
Available from ICE
NSAPI
Network layer Service Access Point Identifier
The NSAPI information element contains an NSAPI identifying a PDP Context in a mobility management context specified by the Tunnel Endpoint Identifier Control Plane.
Destination IP Address
The IP address, including type IPv4 or IPv6, of the destination of the IP packet.
Available from ICE
Available from ICE
Destination Port Number
The port number of the destination of the IP packet.
Available from ICE
Available from ICE
Flow Label (IPv6 only)
The field in the IPv6 header that is used by a source to label packets of a flow (see RFC 3697 [41]).
Available from ICE
Available from ICE
Packet Count
The number of packets detected and reported (for a particular summary period).
Available from ICE
Available from ICE
Packet Data Summary Reason
The reason for a Packet Data Summary message being sent to the LEMF (e.g., timed out, counter expiration, end of session)
Available from ICE
Available from ICE
Packet Size
The size of the packet. (i.e., Total Length Field in IPv4 or Payload Length field in IPv6)
Available from ICE
Available from ICE
Source IP Address
The IP address, including type IPv4 or IPv6, of the source of the IP packet.
Available from ICE
Available from ICE
Source Port Number
The port number of the source of the IP packet.
Available from ICE
Available from ICE
Sum of Packet Sizes (for a particular summary period)
The sum of values contained in the Total Length fields of the IPv4 packets or the sum of the values contained in the Payload Length fields of the IPv6 packets.
Available from ICE
Available from ICE
Summary Period
Includes the dates and times of the first and last packets in a particular packet data interval.
Available from ICE
Available from ICE
Transport Protocol (e.g., TCP)
The identification of the transport protocol of the packet or packet flow being reported.
Available from ICE
Available from ICE
Element
Description
WAG
Observed MSISDN
MSISDN of the target.
Available, see TS 29.234
Observed IMSI
IMSI of the target.
Available, see TS 29.234
Event type
Description which type of event is delivered: I-WLAN Tunnel Establishment, I-WLAN Tunnel Disconnect, Start of Intercept with I-WLAN Communication Active, Packet Data Header Information.
Available from ICE
Event date
Date of the event generation in the PDG/WAG or the AAA server.
Available from ICE
Event time
Time of the event generation in the PDG/WAG or the AAA server. Timestamp shall be generated relative to the PDG/WAG or AAA server internal clock.
Available from ICE
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
The W-APN of the access point.
Available, see TS 29.234
Correlation Number
The correlation number is used to correlate CC and IRI. The correlation number is also used to allow the correlation of IRI records.
Generated for LI by WAG
Network Element Identifier
Unique identifier for the element reporting the ICE.
Generated for LI by WAG
NAS IP/IPv6 address
The IP or IPv6 address of the NAS in the WLAN.
Available, see TS 29.234
Tunnel Protocol
Source Ports
Destination Ports
Session Alive Time
The amount of time in seconds during which the target can be registered for WLAN access.
Available, see TS 29.234
Destination IP Address
The IP address, including type IPv4 or IPv6, of the destination of the IP packet.
Available from ICE
Destination Port Number
The port number of the destination of the IP packet.
Available from ICE
Flow Label (IPv6 only)
The field in the IPv6 header that is used by a source to label packets of a flow (see RFC 3697 [41]).
Available from ICE
Packet Count
The number of packets detected and reported (for a particular summary period).
Available from ICE
Packet Data Summary Reason
The reason for a Packet Data Summary message being sent to the LEMF (e.g., timed out, counter expiration, end of session)
Available from ICE
Packet Size
The size of the packet. (i.e., Total Length Field in IPv4 or Payload Length field in IPv6)
Available from ICE
Source IP Address
The IP address, including type IPv4 or IPv6, of the source of the IP packet.
Available from ICE
Source Port Number
The port number of the source of the IP packet.
Available from ICE
Sum of Packet Sizes (for a particular summary period)
The sum of values contained in the Total Length fields of the IPv4 packets or the sum of the values contained in the Payload Length fields of the IPv6 packets.
Available from ICE
Summary Period
Includes the dates and times of the first and last packets in a particular packet data interval.
Available from ICE
Transport Protocol (e.g., TCP)
The identification of the transport protocol of the packet or packet flow being reported.
Available from ICE
9.4 Structure of I-WLAN Events |R7| Word‑p. 91
9.4.1 I-WLAN Access Initiation
For I-WLAN Access Initiation including I-WLAN re-authentication, for both I-WLAN Access Initiation-event is generated. The elements, shown in Table 4, will be delivered to the DF2, if available, by the AAA server.
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Network Element Identifier
WLAN Operator Name
WLAN LocationData
WLAN Location Information
NAS IP/IPv6 Address
WLAN UE MAC Address
Visited PLMN ID
Session Alive Time
Failed Access reason
9.4.2 WLAN Access Termination Word‑p. 92
For WLAN Access Termination or the immediate purging of a user from a WLAN access, a WLAN access termination-event is generated. The elements, shown in Table 5, will be delivered to the DF2, if available, by the AAA server.
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Network Element Identifier
WLAN Operator Name
WLAN Location Data
WLAN Location Information
NAS IP/IPv6 Address
WLAN UE MAC Address
Session Termination reason
9.4.3 I-WLAN Tunnel Establishment
For I-WLAN Tunnel Establishment, a I-WLAN tunnel establishment-event is generated. The elements, shown in Table 6, 6a, and Table 7, will be delivered to the DF2 if available, by the PDG, WAG or AAA server, respectively.
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation number
WLAN UE Local IP address
WLAN UE Remote IP address
WLAN Access Point Name
Network Element Identifier
Failed tunnel establishment reason
NSAPI (optional)
Table 6a: I-WLAN Tunnel Establishment - WAG
\col.1:h-05
\col.1:textbg
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Correlation number
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
NAS IP/IPv6 address
Tunnel Protocol
Source Ports
Destination Ports
Session Alive Time
Network Element Identifier
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation number
WLAN Access Point Name
Network Element Identifier
Visited PLMN ID
Failed tunnel establishment reason
9.4.4 I-WLAN Tunnel Disconnect Word‑p. 93
At I-WLAN Tunnel Disconnect, a I-WLAN tunnel disconnect event is generated. The elements, shown in Table 8, 8a, and Table 9, will be delivered to the DF2, if available, by the PDG, WAG or AAA server, respectively.
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation number
WLAN UE Local IP Address
WLAN UE Remote IP address
WLAN Access Point Name
Network Element Identifier
Initiator (optional)
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Correlation number
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
NAS IP/IPv6 address
Tunnel Protocol
Source Ports
Destination Ports
Network Element Identifier
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation number
Tunnel address of observed party
WLAN Access Point Name
Network Element Identifier
Initiator (optional)
9.4.5 Start of Intercept with I-WLAN Communication Active Word‑p. 94
This event will be generated if interception for a target is started and if the target has one or more active I-WLAN Access sessions or one or more I-WLAN Tunnels established. The elements, shown in Table 10,10a, and Table 11, will be delivered to the DF2, if available, by the PDG, WAG or AAA server, respectively.
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation Number
WLAN UE Local IP Address
WLAN UE Remote IP address
WLAN Access Point Name
Network Element Identifier
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Correlation number
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
NAS IP/IPv6 address
Tunnel Protocol
Source Ports
Destination Ports
Session Alive Time
Network Element Identifier
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation Number
WLAN Access Point Name
Network Element Identifier
WLAN Operator Name
WLAN Location Data
WLAN Location Information
NAS IP/IPv6 address
Visited PLMN ID
9.4.6 Packet Data Header Information |R12| Word‑p. 95
9.4.6.0 Introduction
Packet Data Header Information reporting can be done either on a per-packet (i.e., non-summarized) basis or in a summary report.
9.4.6.1 Packet Data Header Report
This event is used to provide packet header reports on a per packet basis (non-summarized reporting) and is triggered by each packet sent or received by the target. These elements will be delivered either directly to DF2 or via another network entity if available:
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation number
WLAN UE Local IP Address
WLAN UE Remote IP address
WLAN Access Point Name
Network Element Identifier
Initiator (optional)
Source IP Address
Source Port Number
Destination IP Address
Destination Port Number
Transport Protocol (e.g., TCP)
Packet Size
Flow Label (IPv6 only)
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Correlation number
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
NAS IP/IPv6 address
Tunnel Protocol
Source Ports
Destination Ports
Network Element Identifier
Source IP Address
Source Port Number
Destination IP Address
Destination Port Number
Transport Protocol (e.g., TCP)
Packet Size
Flow Label (IPv6 only)
9.4.6.2 Packet Data Summary Report Word‑p. 96
This event is used to report:
-
the source and destination information derived from the packet headers, including:
-
source and destination IP Addresses,
-
IP next-layer protocol,
-
Layer-4 ports, and
-
Flow label, if the packet is IPv6
-
summary information for the number of packets and bytes transmitted or received by the target for each unique packet flow within a WLAN tunnel, and
-
the date and the time of the first and last packets associated with that packet flow. A packet flow is defined as the 6-tuple of source/destination IP address/port number and the layer 4 protocol and WLAN tunnel.
IP addresses and the IP next-layer protocol are always reported, the flow label is reported if the packet is IPv6, and the layer-4 ports are reported.
The event provides packet summary reports for each unique packet data session (PDP context) and packet flow, and is triggered by one of the following:
-
start of a packet flow associated with a WLAN Tunnel
-
an interim report for a packet flow associated with a WLAN Tunnel is to be reported
-
end of a packet flow associated with a WLAN Tunnel (including end of the WLAN Tunnel itself).
An interim report can be triggered by
-
The expiration of a configurable timer per intercept (called a Summary Timer). The Summary Timer is configurable in units of seconds;
-
A per-intercept configurable count threshold is reached.
These elements will be delivered either directly to DF2 or via an MF for each packet flow if available:
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation number
WLAN UE Local IP Address
WLAN UE Remote IP address
WLAN Access Point Name
Network Element Identifier
Initiator (optional)
Source IP Address
Source Port Number
Destination IP Address
Destination Port Number
Transport Protocol (e.g., TCP)
Flow Label (IPv6 only)
Summary Period
Packet Count (for this summary period)
Sum of Packet Sizes (for this summary period)
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Correlation number
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
NAS IP/IPv6 address
Tunnel Protocol
Source Ports
Destination Ports
Network Element Identifier
Source IP Address
Source Port Number
Destination IP Address
Destination Port Number
Transport Protocol (e.g., TCP)
Flow Label (IPv6 only)
Summary Period
Packet Count (for this summary period)
Sum of Packet Sizes (for this summary period)
If the packets are IPv4, the sum of all observed packet sizes is the sum of the values contained in the Total Length field of each packet as specified in IETF RFC 791 [39].
If the packet is IPv6, the sum of all observed packet sizes is the sum of the values contained in the Payload Length field for each packet as specified in IETF RFC 2460 [40].
If no packets were detected for the duration of the Summary Timer, then the Packet Data Summary Report shall not be sent.
9.2.0 General |R12|
The access method for the delivering of 3GPP WLAN Interworking Intercept Product is based on duplication of packets without modification at the PDG or WAG. The duplicated packets with additional information in the header, as described in the following sections, are sent to DF3 for further delivery. Note that CC available at the WAG is likely to be encrypted.
[not reproduced yet]
Figure 24: Configuration for interception of 3GPP WLAN Interworking product data
9.2.1 X3-interface Word‑p. 85
In addition to the intercepted content of communications, the following information needs to be transferred from the PDG or WAG to the DF3 in order to allow the DF3 to perform its functionality:
-
target identity;
-
correlation number;
-
time stamp - optional;
-
direction (indicates whether T-PDU is MO or MT) - optional;
-
the target location (if available in the intercepting node).
- target identity;
- correlation number;
- time stamp - optional;
- direction (indicates whether T-PDU is MO or MT) - optional;
- the target location (if available in the intercepting node).
9.3.0 General |R12|
Figure 25 shows the transfer of intercept related information to the DF2. If an event for / from a mobile subscriber occurs, the PDG, WAG, or the AAA Server sends the relevant data to the DF2. Packet Data Header Information reporting is a national option. For Packet Data Header Information reporting, a PDG/WAG either isolates the relevant data and sends it to the DF2 or sends the packet stream to another entity in the network (e.g., DF3) for isolation which then provides the relevant data to the DF2.
[not reproduced yet]
Figure 25: Provision of Intercept Related Information
9.3.1 X2-interface Word‑p. 86
The following information needs to be transferred from the PDG, WAG or the AAA server to the DF2 in order to allow a DF2 to perform its functionality:
-
target identity (IMSI, NAI, or MSISDN);
-
events and associated parameters as defined in section 9.3.2 may be provided;
-
the target location (if available);
-
Correlation number;
-
Quality of Service (QoS) identifier (if available).
The IRI should be sent to DF2 using a reliable transport mechanism.
The PDG/WAG detects packets containing packet data header information in the communications path but the information needed for Packet Data Header Information reporting may need to be transferred from the PDG/WAG either directly to the DF2 or via another network entity in order to allow the DF2 to perform its functionality.
9.3.2 3GPP WLAN Interworking LI Events and Event Information
The following events are applicable to AAA Server:
-
I-WLAN Access Initiation;
-
I-WLAN re-authentication,
-
I-WLAN Access Termination;
-
I-WLAN Tunnel Establishment;
-
I-WLAN Tunnel Disconnect;
-
Start of Intercept with I-WLAN Communication Active;
The following events are applicable to the PDG and WAG:
-
I-WLAN Tunnel Establishment;
-
I-WLAN Tunnel Disconnect;
-
Start of Intercept with I-WLAN Communication Active.
-
Packet Data Header Information.
A set of possible elements as shown below is used to generate the events. Information associated with the events are transmitted from the PDG, WAG or AAA server to DF2.
Some of these parameters apply to the PDG or WAG and some apply to the AAA server. Parameters sent from the PDG, WAG or AAA server is dependent on what is available at the network element. If interception is performed at the PDG, then Packet Data Header Information reporting shall also be performed at the PDG and not at the WAG.
Element
Description
PDG
AAA Server
Observed NAI
NAI of the target.
Not available
Available, see TS 29.234
Event type
Description which type of event is delivered: I-WLAN Access Initiation, I-WLAN Access Termination, I-WLAN Tunnel Establishment, I-WLAN Tunnel Disconnect, Start of Intercept with I-WLAN Communication Active, Packet Data Header Information.
Available from ICE
Available from ICE
Event date
Date of the event generation in the PDG or the AAA server.
Available from ICE
Available from ICE
Event time
Time of the event generation in the PDG or the AAA server. Timestamp shall be generated relative to the PDG or AAA server internal clock.
Available from ICE
Available from ICE
WLAN UE Local IP address
The WLAN UE Local IP address of observed party. The WLAN UE Local IP address field specified in TS 24.234 and IETF RFC 2409, represents the IPv4/IPv6 address of the WLAN UE in the WLAN AN. It is an address used to deliver the packet to a WLAN UE in a WLAN AN. Note that this address might be dynamic.
Available, see TS 24.234 and IETF RFC 2409
Not available
WLAN UE MAC address
The WLAN MAC address of the target. Note that this address might be dynamic and the validity of the MAC Address is outside of the scope of 3GPP.
Not available
Available, see TS 29.234
WLAN UE Remote IP address
The WLAN UE Remote IP address of observed party. The WLAN UE Remote IP address field specified in TS 24.234, represents the IPv4/IPv6 address of the WLAN UE in the network being accessed by the WLAN AN. It is an address used in the data packet encapsulated by the WLAN UE-initiated tunnel and is the source address used by applications in the WLAN UE. Note that this address might be dynamic.
Available, see TS 24.234
Not available
WLAN Access Point Name
WLAN Operator Name
The name of the WLAN operator name serving the target.
Not available
Available, see TS 29.234
WLAN Location Data
The location of the WLAN serving the target (e.g., string like "coffee shop" or "airport", etc.).
Not available
Available, see TS 29.234
WLAN Location Information
Location Information regarding the WLAN as provided in RADIUS or DIAMETER signalling exchanged with the AAA server.
Not available
Available, see TS 29.234
Correlation Number
The correlation number is used to correlate CC and IRI. The correlation number is also used to allow the correlation of IRI records. In case of the AAA server, the Correlation Number is only used to correlate IRI records.
Generated for LI by PDG
Generated for LI by AAA server
Network Element Identifier
Unique identifier for the element reporting the ICE.
Generated for LI by PDG
Generated for LI by AAA server
Initiator
The initiator of the request either the network or the WLAN UE.
Generated for LI by PDG
Generated for LI by AAA server
NAS IP/IPv6 address
The IP or IPv6 address of the NAS in the WLAN.
Not available
Available, see TS 29.234
Visited PLMN ID
Identity of the visited PLMN to which the user is terminating their WLAN tunnels or through which the user is establishing their WLAN tunnels.
Not available
Available, see TS 29.234
Session Alive Time
The amount of time in seconds during which the target can be registered for WLAN access.
Not available
Available, see TS 29.234
Failed access reason
Provides the reason for why a WLAN access attempt failed ("Authentication Failed").
Not available
Available from ICE
Session termination reason
Provides a reason for why a WLAN access session is terminated.
Not available
Available, see TS 29.234
Failed tunnel establishment reason
Provides a reason for why a WLAN tunnel establishment failed ("Authentication failed" or "Authorization failed").
Available from ICE
Available from ICE
NSAPI
Network layer Service Access Point Identifier
The NSAPI information element contains an NSAPI identifying a PDP Context in a mobility management context specified by the Tunnel Endpoint Identifier Control Plane.
Destination IP Address
The IP address, including type IPv4 or IPv6, of the destination of the IP packet.
Available from ICE
Available from ICE
Destination Port Number
The port number of the destination of the IP packet.
Available from ICE
Available from ICE
Flow Label (IPv6 only)
The field in the IPv6 header that is used by a source to label packets of a flow (see RFC 3697 [41]).
Available from ICE
Available from ICE
Packet Count
The number of packets detected and reported (for a particular summary period).
Available from ICE
Available from ICE
Packet Data Summary Reason
The reason for a Packet Data Summary message being sent to the LEMF (e.g., timed out, counter expiration, end of session)
Available from ICE
Available from ICE
Packet Size
The size of the packet. (i.e., Total Length Field in IPv4 or Payload Length field in IPv6)
Available from ICE
Available from ICE
Source IP Address
The IP address, including type IPv4 or IPv6, of the source of the IP packet.
Available from ICE
Available from ICE
Source Port Number
The port number of the source of the IP packet.
Available from ICE
Available from ICE
Sum of Packet Sizes (for a particular summary period)
The sum of values contained in the Total Length fields of the IPv4 packets or the sum of the values contained in the Payload Length fields of the IPv6 packets.
Available from ICE
Available from ICE
Summary Period
Includes the dates and times of the first and last packets in a particular packet data interval.
Available from ICE
Available from ICE
Transport Protocol (e.g., TCP)
The identification of the transport protocol of the packet or packet flow being reported.
Available from ICE
Available from ICE
Element
Description
WAG
Observed MSISDN
MSISDN of the target.
Available, see TS 29.234
Observed IMSI
IMSI of the target.
Available, see TS 29.234
Event type
Description which type of event is delivered: I-WLAN Tunnel Establishment, I-WLAN Tunnel Disconnect, Start of Intercept with I-WLAN Communication Active, Packet Data Header Information.
Available from ICE
Event date
Date of the event generation in the PDG/WAG or the AAA server.
Available from ICE
Event time
Time of the event generation in the PDG/WAG or the AAA server. Timestamp shall be generated relative to the PDG/WAG or AAA server internal clock.
Available from ICE
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
The W-APN of the access point.
Available, see TS 29.234
Correlation Number
The correlation number is used to correlate CC and IRI. The correlation number is also used to allow the correlation of IRI records.
Generated for LI by WAG
Network Element Identifier
Unique identifier for the element reporting the ICE.
Generated for LI by WAG
NAS IP/IPv6 address
The IP or IPv6 address of the NAS in the WLAN.
Available, see TS 29.234
Tunnel Protocol
Source Ports
Destination Ports
Session Alive Time
The amount of time in seconds during which the target can be registered for WLAN access.
Available, see TS 29.234
Destination IP Address
The IP address, including type IPv4 or IPv6, of the destination of the IP packet.
Available from ICE
Destination Port Number
The port number of the destination of the IP packet.
Available from ICE
Flow Label (IPv6 only)
The field in the IPv6 header that is used by a source to label packets of a flow (see RFC 3697 [41]).
Available from ICE
Packet Count
The number of packets detected and reported (for a particular summary period).
Available from ICE
Packet Data Summary Reason
The reason for a Packet Data Summary message being sent to the LEMF (e.g., timed out, counter expiration, end of session)
Available from ICE
Packet Size
The size of the packet. (i.e., Total Length Field in IPv4 or Payload Length field in IPv6)
Available from ICE
Source IP Address
The IP address, including type IPv4 or IPv6, of the source of the IP packet.
Available from ICE
Source Port Number
The port number of the source of the IP packet.
Available from ICE
Sum of Packet Sizes (for a particular summary period)
The sum of values contained in the Total Length fields of the IPv4 packets or the sum of the values contained in the Payload Length fields of the IPv6 packets.
Available from ICE
Summary Period
Includes the dates and times of the first and last packets in a particular packet data interval.
Available from ICE
Transport Protocol (e.g., TCP)
The identification of the transport protocol of the packet or packet flow being reported.
Available from ICE
- target identity (IMSI, NAI, or MSISDN);
- events and associated parameters as defined in section 9.3.2 may be provided;
- the target location (if available);
- Correlation number;
- Quality of Service (QoS) identifier (if available).
- I-WLAN Access Initiation;
- I-WLAN re-authentication,
- I-WLAN Access Termination;
- I-WLAN Tunnel Establishment;
- I-WLAN Tunnel Disconnect;
- Start of Intercept with I-WLAN Communication Active;
- I-WLAN Tunnel Establishment;
- I-WLAN Tunnel Disconnect;
- Start of Intercept with I-WLAN Communication Active.
- Packet Data Header Information.
Element
Description
PDG
AAA Server
Observed NAI
NAI of the target.
Not available
Available, see TS 29.234
Event type
Description which type of event is delivered: I-WLAN Access Initiation, I-WLAN Access Termination, I-WLAN Tunnel Establishment, I-WLAN Tunnel Disconnect, Start of Intercept with I-WLAN Communication Active, Packet Data Header Information.
Available from ICE
Available from ICE
Event date
Date of the event generation in the PDG or the AAA server.
Available from ICE
Available from ICE
Event time
Time of the event generation in the PDG or the AAA server. Timestamp shall be generated relative to the PDG or AAA server internal clock.
Available from ICE
Available from ICE
WLAN UE Local IP address
The WLAN UE Local IP address of observed party. The WLAN UE Local IP address field specified in TS 24.234 and IETF RFC 2409, represents the IPv4/IPv6 address of the WLAN UE in the WLAN AN. It is an address used to deliver the packet to a WLAN UE in a WLAN AN. Note that this address might be dynamic.
Available, see TS 24.234 and IETF RFC 2409
Not available
WLAN UE MAC address
The WLAN MAC address of the target. Note that this address might be dynamic and the validity of the MAC Address is outside of the scope of 3GPP.
Not available
Available, see TS 29.234
WLAN UE Remote IP address
The WLAN UE Remote IP address of observed party. The WLAN UE Remote IP address field specified in TS 24.234, represents the IPv4/IPv6 address of the WLAN UE in the network being accessed by the WLAN AN. It is an address used in the data packet encapsulated by the WLAN UE-initiated tunnel and is the source address used by applications in the WLAN UE. Note that this address might be dynamic.
Available, see TS 24.234
Not available
WLAN Access Point Name
WLAN Operator Name
The name of the WLAN operator name serving the target.
Not available
Available, see TS 29.234
WLAN Location Data
The location of the WLAN serving the target (e.g., string like "coffee shop" or "airport", etc.).
Not available
Available, see TS 29.234
WLAN Location Information
Location Information regarding the WLAN as provided in RADIUS or DIAMETER signalling exchanged with the AAA server.
Not available
Available, see TS 29.234
Correlation Number
The correlation number is used to correlate CC and IRI. The correlation number is also used to allow the correlation of IRI records. In case of the AAA server, the Correlation Number is only used to correlate IRI records.
Generated for LI by PDG
Generated for LI by AAA server
Network Element Identifier
Unique identifier for the element reporting the ICE.
Generated for LI by PDG
Generated for LI by AAA server
Initiator
The initiator of the request either the network or the WLAN UE.
Generated for LI by PDG
Generated for LI by AAA server
NAS IP/IPv6 address
The IP or IPv6 address of the NAS in the WLAN.
Not available
Available, see TS 29.234
Visited PLMN ID
Identity of the visited PLMN to which the user is terminating their WLAN tunnels or through which the user is establishing their WLAN tunnels.
Not available
Available, see TS 29.234
Session Alive Time
The amount of time in seconds during which the target can be registered for WLAN access.
Not available
Available, see TS 29.234
Failed access reason
Provides the reason for why a WLAN access attempt failed ("Authentication Failed").
Not available
Available from ICE
Session termination reason
Provides a reason for why a WLAN access session is terminated.
Not available
Available, see TS 29.234
Failed tunnel establishment reason
Provides a reason for why a WLAN tunnel establishment failed ("Authentication failed" or "Authorization failed").
Available from ICE
Available from ICE
NSAPI
Network layer Service Access Point Identifier
The NSAPI information element contains an NSAPI identifying a PDP Context in a mobility management context specified by the Tunnel Endpoint Identifier Control Plane.
Destination IP Address
The IP address, including type IPv4 or IPv6, of the destination of the IP packet.
Available from ICE
Available from ICE
Destination Port Number
The port number of the destination of the IP packet.
Available from ICE
Available from ICE
Flow Label (IPv6 only)
The field in the IPv6 header that is used by a source to label packets of a flow (see RFC 3697 [41]).
Available from ICE
Available from ICE
Packet Count
The number of packets detected and reported (for a particular summary period).
Available from ICE
Available from ICE
Packet Data Summary Reason
The reason for a Packet Data Summary message being sent to the LEMF (e.g., timed out, counter expiration, end of session)
Available from ICE
Available from ICE
Packet Size
The size of the packet. (i.e., Total Length Field in IPv4 or Payload Length field in IPv6)
Available from ICE
Available from ICE
Source IP Address
The IP address, including type IPv4 or IPv6, of the source of the IP packet.
Available from ICE
Available from ICE
Source Port Number
The port number of the source of the IP packet.
Available from ICE
Available from ICE
Sum of Packet Sizes (for a particular summary period)
The sum of values contained in the Total Length fields of the IPv4 packets or the sum of the values contained in the Payload Length fields of the IPv6 packets.
Available from ICE
Available from ICE
Summary Period
Includes the dates and times of the first and last packets in a particular packet data interval.
Available from ICE
Available from ICE
Transport Protocol (e.g., TCP)
The identification of the transport protocol of the packet or packet flow being reported.
Available from ICE
Available from ICE
Element
Description
WAG
Observed MSISDN
MSISDN of the target.
Available, see TS 29.234
Observed IMSI
IMSI of the target.
Available, see TS 29.234
Event type
Description which type of event is delivered: I-WLAN Tunnel Establishment, I-WLAN Tunnel Disconnect, Start of Intercept with I-WLAN Communication Active, Packet Data Header Information.
Available from ICE
Event date
Date of the event generation in the PDG/WAG or the AAA server.
Available from ICE
Event time
Time of the event generation in the PDG/WAG or the AAA server. Timestamp shall be generated relative to the PDG/WAG or AAA server internal clock.
Available from ICE
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
The W-APN of the access point.
Available, see TS 29.234
Correlation Number
The correlation number is used to correlate CC and IRI. The correlation number is also used to allow the correlation of IRI records.
Generated for LI by WAG
Network Element Identifier
Unique identifier for the element reporting the ICE.
Generated for LI by WAG
NAS IP/IPv6 address
The IP or IPv6 address of the NAS in the WLAN.
Available, see TS 29.234
Tunnel Protocol
Source Ports
Destination Ports
Session Alive Time
The amount of time in seconds during which the target can be registered for WLAN access.
Available, see TS 29.234
Destination IP Address
The IP address, including type IPv4 or IPv6, of the destination of the IP packet.
Available from ICE
Destination Port Number
The port number of the destination of the IP packet.
Available from ICE
Flow Label (IPv6 only)
The field in the IPv6 header that is used by a source to label packets of a flow (see RFC 3697 [41]).
Available from ICE
Packet Count
The number of packets detected and reported (for a particular summary period).
Available from ICE
Packet Data Summary Reason
The reason for a Packet Data Summary message being sent to the LEMF (e.g., timed out, counter expiration, end of session)
Available from ICE
Packet Size
The size of the packet. (i.e., Total Length Field in IPv4 or Payload Length field in IPv6)
Available from ICE
Source IP Address
The IP address, including type IPv4 or IPv6, of the source of the IP packet.
Available from ICE
Source Port Number
The port number of the source of the IP packet.
Available from ICE
Sum of Packet Sizes (for a particular summary period)
The sum of values contained in the Total Length fields of the IPv4 packets or the sum of the values contained in the Payload Length fields of the IPv6 packets.
Available from ICE
Summary Period
Includes the dates and times of the first and last packets in a particular packet data interval.
Available from ICE
Transport Protocol (e.g., TCP)
The identification of the transport protocol of the packet or packet flow being reported.
Available from ICE
9.4.1 I-WLAN Access Initiation
For I-WLAN Access Initiation including I-WLAN re-authentication, for both I-WLAN Access Initiation-event is generated. The elements, shown in Table 4, will be delivered to the DF2, if available, by the AAA server.
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Network Element Identifier
WLAN Operator Name
WLAN LocationData
WLAN Location Information
NAS IP/IPv6 Address
WLAN UE MAC Address
Visited PLMN ID
Session Alive Time
Failed Access reason
9.4.2 WLAN Access Termination Word‑p. 92
For WLAN Access Termination or the immediate purging of a user from a WLAN access, a WLAN access termination-event is generated. The elements, shown in Table 5, will be delivered to the DF2, if available, by the AAA server.
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Network Element Identifier
WLAN Operator Name
WLAN Location Data
WLAN Location Information
NAS IP/IPv6 Address
WLAN UE MAC Address
Session Termination reason
9.4.3 I-WLAN Tunnel Establishment
For I-WLAN Tunnel Establishment, a I-WLAN tunnel establishment-event is generated. The elements, shown in Table 6, 6a, and Table 7, will be delivered to the DF2 if available, by the PDG, WAG or AAA server, respectively.
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation number
WLAN UE Local IP address
WLAN UE Remote IP address
WLAN Access Point Name
Network Element Identifier
Failed tunnel establishment reason
NSAPI (optional)
Table 6a: I-WLAN Tunnel Establishment - WAG
\col.1:h-05
\col.1:textbg
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Correlation number
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
NAS IP/IPv6 address
Tunnel Protocol
Source Ports
Destination Ports
Session Alive Time
Network Element Identifier
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation number
WLAN Access Point Name
Network Element Identifier
Visited PLMN ID
Failed tunnel establishment reason
9.4.4 I-WLAN Tunnel Disconnect Word‑p. 93
At I-WLAN Tunnel Disconnect, a I-WLAN tunnel disconnect event is generated. The elements, shown in Table 8, 8a, and Table 9, will be delivered to the DF2, if available, by the PDG, WAG or AAA server, respectively.
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation number
WLAN UE Local IP Address
WLAN UE Remote IP address
WLAN Access Point Name
Network Element Identifier
Initiator (optional)
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Correlation number
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
NAS IP/IPv6 address
Tunnel Protocol
Source Ports
Destination Ports
Network Element Identifier
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation number
Tunnel address of observed party
WLAN Access Point Name
Network Element Identifier
Initiator (optional)
9.4.5 Start of Intercept with I-WLAN Communication Active Word‑p. 94
This event will be generated if interception for a target is started and if the target has one or more active I-WLAN Access sessions or one or more I-WLAN Tunnels established. The elements, shown in Table 10,10a, and Table 11, will be delivered to the DF2, if available, by the PDG, WAG or AAA server, respectively.
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation Number
WLAN UE Local IP Address
WLAN UE Remote IP address
WLAN Access Point Name
Network Element Identifier
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Correlation number
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
NAS IP/IPv6 address
Tunnel Protocol
Source Ports
Destination Ports
Session Alive Time
Network Element Identifier
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation Number
WLAN Access Point Name
Network Element Identifier
WLAN Operator Name
WLAN Location Data
WLAN Location Information
NAS IP/IPv6 address
Visited PLMN ID
9.4.6 Packet Data Header Information |R12| Word‑p. 95
9.4.6.0 Introduction
Packet Data Header Information reporting can be done either on a per-packet (i.e., non-summarized) basis or in a summary report.
9.4.6.1 Packet Data Header Report
This event is used to provide packet header reports on a per packet basis (non-summarized reporting) and is triggered by each packet sent or received by the target. These elements will be delivered either directly to DF2 or via another network entity if available:
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation number
WLAN UE Local IP Address
WLAN UE Remote IP address
WLAN Access Point Name
Network Element Identifier
Initiator (optional)
Source IP Address
Source Port Number
Destination IP Address
Destination Port Number
Transport Protocol (e.g., TCP)
Packet Size
Flow Label (IPv6 only)
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Correlation number
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
NAS IP/IPv6 address
Tunnel Protocol
Source Ports
Destination Ports
Network Element Identifier
Source IP Address
Source Port Number
Destination IP Address
Destination Port Number
Transport Protocol (e.g., TCP)
Packet Size
Flow Label (IPv6 only)
9.4.6.2 Packet Data Summary Report Word‑p. 96
This event is used to report:
-
the source and destination information derived from the packet headers, including:
-
source and destination IP Addresses,
-
IP next-layer protocol,
-
Layer-4 ports, and
-
Flow label, if the packet is IPv6
-
summary information for the number of packets and bytes transmitted or received by the target for each unique packet flow within a WLAN tunnel, and
-
the date and the time of the first and last packets associated with that packet flow. A packet flow is defined as the 6-tuple of source/destination IP address/port number and the layer 4 protocol and WLAN tunnel.
IP addresses and the IP next-layer protocol are always reported, the flow label is reported if the packet is IPv6, and the layer-4 ports are reported.
The event provides packet summary reports for each unique packet data session (PDP context) and packet flow, and is triggered by one of the following:
-
start of a packet flow associated with a WLAN Tunnel
-
an interim report for a packet flow associated with a WLAN Tunnel is to be reported
-
end of a packet flow associated with a WLAN Tunnel (including end of the WLAN Tunnel itself).
An interim report can be triggered by
-
The expiration of a configurable timer per intercept (called a Summary Timer). The Summary Timer is configurable in units of seconds;
-
A per-intercept configurable count threshold is reached.
These elements will be delivered either directly to DF2 or via an MF for each packet flow if available:
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation number
WLAN UE Local IP Address
WLAN UE Remote IP address
WLAN Access Point Name
Network Element Identifier
Initiator (optional)
Source IP Address
Source Port Number
Destination IP Address
Destination Port Number
Transport Protocol (e.g., TCP)
Flow Label (IPv6 only)
Summary Period
Packet Count (for this summary period)
Sum of Packet Sizes (for this summary period)
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Correlation number
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
NAS IP/IPv6 address
Tunnel Protocol
Source Ports
Destination Ports
Network Element Identifier
Source IP Address
Source Port Number
Destination IP Address
Destination Port Number
Transport Protocol (e.g., TCP)
Flow Label (IPv6 only)
Summary Period
Packet Count (for this summary period)
Sum of Packet Sizes (for this summary period)
If the packets are IPv4, the sum of all observed packet sizes is the sum of the values contained in the Total Length field of each packet as specified in IETF RFC 791 [39].
If the packet is IPv6, the sum of all observed packet sizes is the sum of the values contained in the Payload Length field for each packet as specified in IETF RFC 2460 [40].
If no packets were detected for the duration of the Summary Timer, then the Packet Data Summary Report shall not be sent.
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Network Element Identifier
WLAN Operator Name
WLAN Location Data
WLAN Location Information
NAS IP/IPv6 Address
WLAN UE MAC Address
Session Termination reason
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation number
WLAN UE Local IP address
WLAN UE Remote IP address
WLAN Access Point Name
Network Element Identifier
Failed tunnel establishment reason
NSAPI (optional)
Table 6a: I-WLAN Tunnel Establishment - WAG
\col.1:h-05
\col.1:textbg
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Correlation number
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
NAS IP/IPv6 address
Tunnel Protocol
Source Ports
Destination Ports
Session Alive Time
Network Element Identifier
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation number
WLAN Access Point Name
Network Element Identifier
Visited PLMN ID
Failed tunnel establishment reason
At I-WLAN Tunnel Disconnect, a I-WLAN tunnel disconnect event is generated. The elements, shown in Table 8, 8a, and Table 9, will be delivered to the DF2, if available, by the PDG, WAG or AAA server, respectively.
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation number
WLAN UE Local IP Address
WLAN UE Remote IP address
WLAN Access Point Name
Network Element Identifier
Initiator (optional)
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Correlation number
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
NAS IP/IPv6 address
Tunnel Protocol
Source Ports
Destination Ports
Network Element Identifier
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation number
Tunnel address of observed party
WLAN Access Point Name
Network Element Identifier
Initiator (optional)
9.4.5 Start of Intercept with I-WLAN Communication Active Word‑p. 94
This event will be generated if interception for a target is started and if the target has one or more active I-WLAN Access sessions or one or more I-WLAN Tunnels established. The elements, shown in Table 10,10a, and Table 11, will be delivered to the DF2, if available, by the PDG, WAG or AAA server, respectively.
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation Number
WLAN UE Local IP Address
WLAN UE Remote IP address
WLAN Access Point Name
Network Element Identifier
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Correlation number
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
NAS IP/IPv6 address
Tunnel Protocol
Source Ports
Destination Ports
Session Alive Time
Network Element Identifier
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation Number
WLAN Access Point Name
Network Element Identifier
WLAN Operator Name
WLAN Location Data
WLAN Location Information
NAS IP/IPv6 address
Visited PLMN ID
9.4.6 Packet Data Header Information |R12| Word‑p. 95
9.4.6.0 Introduction
Packet Data Header Information reporting can be done either on a per-packet (i.e., non-summarized) basis or in a summary report.
9.4.6.1 Packet Data Header Report
This event is used to provide packet header reports on a per packet basis (non-summarized reporting) and is triggered by each packet sent or received by the target. These elements will be delivered either directly to DF2 or via another network entity if available:
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation number
WLAN UE Local IP Address
WLAN UE Remote IP address
WLAN Access Point Name
Network Element Identifier
Initiator (optional)
Source IP Address
Source Port Number
Destination IP Address
Destination Port Number
Transport Protocol (e.g., TCP)
Packet Size
Flow Label (IPv6 only)
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Correlation number
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
NAS IP/IPv6 address
Tunnel Protocol
Source Ports
Destination Ports
Network Element Identifier
Source IP Address
Source Port Number
Destination IP Address
Destination Port Number
Transport Protocol (e.g., TCP)
Packet Size
Flow Label (IPv6 only)
9.4.6.2 Packet Data Summary Report Word‑p. 96
This event is used to report:
-
the source and destination information derived from the packet headers, including:
-
source and destination IP Addresses,
-
IP next-layer protocol,
-
Layer-4 ports, and
-
Flow label, if the packet is IPv6
-
summary information for the number of packets and bytes transmitted or received by the target for each unique packet flow within a WLAN tunnel, and
-
the date and the time of the first and last packets associated with that packet flow. A packet flow is defined as the 6-tuple of source/destination IP address/port number and the layer 4 protocol and WLAN tunnel.
IP addresses and the IP next-layer protocol are always reported, the flow label is reported if the packet is IPv6, and the layer-4 ports are reported.
The event provides packet summary reports for each unique packet data session (PDP context) and packet flow, and is triggered by one of the following:
-
start of a packet flow associated with a WLAN Tunnel
-
an interim report for a packet flow associated with a WLAN Tunnel is to be reported
-
end of a packet flow associated with a WLAN Tunnel (including end of the WLAN Tunnel itself).
An interim report can be triggered by
-
The expiration of a configurable timer per intercept (called a Summary Timer). The Summary Timer is configurable in units of seconds;
-
A per-intercept configurable count threshold is reached.
These elements will be delivered either directly to DF2 or via an MF for each packet flow if available:
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation number
WLAN UE Local IP Address
WLAN UE Remote IP address
WLAN Access Point Name
Network Element Identifier
Initiator (optional)
Source IP Address
Source Port Number
Destination IP Address
Destination Port Number
Transport Protocol (e.g., TCP)
Flow Label (IPv6 only)
Summary Period
Packet Count (for this summary period)
Sum of Packet Sizes (for this summary period)
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Correlation number
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
NAS IP/IPv6 address
Tunnel Protocol
Source Ports
Destination Ports
Network Element Identifier
Source IP Address
Source Port Number
Destination IP Address
Destination Port Number
Transport Protocol (e.g., TCP)
Flow Label (IPv6 only)
Summary Period
Packet Count (for this summary period)
Sum of Packet Sizes (for this summary period)
If the packets are IPv4, the sum of all observed packet sizes is the sum of the values contained in the Total Length field of each packet as specified in IETF RFC 791 [39].
If the packet is IPv6, the sum of all observed packet sizes is the sum of the values contained in the Payload Length field for each packet as specified in IETF RFC 2460 [40].
If no packets were detected for the duration of the Summary Timer, then the Packet Data Summary Report shall not be sent.
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation Number
WLAN UE Local IP Address
WLAN UE Remote IP address
WLAN Access Point Name
Network Element Identifier
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Correlation number
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
NAS IP/IPv6 address
Tunnel Protocol
Source Ports
Destination Ports
Session Alive Time
Network Element Identifier
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation Number
WLAN Access Point Name
Network Element Identifier
WLAN Operator Name
WLAN Location Data
WLAN Location Information
NAS IP/IPv6 address
Visited PLMN ID
9.4.6.0 Introduction
Packet Data Header Information reporting can be done either on a per-packet (i.e., non-summarized) basis or in a summary report.
9.4.6.1 Packet Data Header Report
This event is used to provide packet header reports on a per packet basis (non-summarized reporting) and is triggered by each packet sent or received by the target. These elements will be delivered either directly to DF2 or via another network entity if available:
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation number
WLAN UE Local IP Address
WLAN UE Remote IP address
WLAN Access Point Name
Network Element Identifier
Initiator (optional)
Source IP Address
Source Port Number
Destination IP Address
Destination Port Number
Transport Protocol (e.g., TCP)
Packet Size
Flow Label (IPv6 only)
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Correlation number
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
NAS IP/IPv6 address
Tunnel Protocol
Source Ports
Destination Ports
Network Element Identifier
Source IP Address
Source Port Number
Destination IP Address
Destination Port Number
Transport Protocol (e.g., TCP)
Packet Size
Flow Label (IPv6 only)
9.4.6.2 Packet Data Summary Report Word‑p. 96
This event is used to report:
-
the source and destination information derived from the packet headers, including:
-
source and destination IP Addresses,
-
IP next-layer protocol,
-
Layer-4 ports, and
-
Flow label, if the packet is IPv6
-
summary information for the number of packets and bytes transmitted or received by the target for each unique packet flow within a WLAN tunnel, and
-
the date and the time of the first and last packets associated with that packet flow. A packet flow is defined as the 6-tuple of source/destination IP address/port number and the layer 4 protocol and WLAN tunnel.
IP addresses and the IP next-layer protocol are always reported, the flow label is reported if the packet is IPv6, and the layer-4 ports are reported.
The event provides packet summary reports for each unique packet data session (PDP context) and packet flow, and is triggered by one of the following:
-
start of a packet flow associated with a WLAN Tunnel
-
an interim report for a packet flow associated with a WLAN Tunnel is to be reported
-
end of a packet flow associated with a WLAN Tunnel (including end of the WLAN Tunnel itself).
An interim report can be triggered by
-
The expiration of a configurable timer per intercept (called a Summary Timer). The Summary Timer is configurable in units of seconds;
-
A per-intercept configurable count threshold is reached.
These elements will be delivered either directly to DF2 or via an MF for each packet flow if available:
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation number
WLAN UE Local IP Address
WLAN UE Remote IP address
WLAN Access Point Name
Network Element Identifier
Initiator (optional)
Source IP Address
Source Port Number
Destination IP Address
Destination Port Number
Transport Protocol (e.g., TCP)
Flow Label (IPv6 only)
Summary Period
Packet Count (for this summary period)
Sum of Packet Sizes (for this summary period)
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Correlation number
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
NAS IP/IPv6 address
Tunnel Protocol
Source Ports
Destination Ports
Network Element Identifier
Source IP Address
Source Port Number
Destination IP Address
Destination Port Number
Transport Protocol (e.g., TCP)
Flow Label (IPv6 only)
Summary Period
Packet Count (for this summary period)
Sum of Packet Sizes (for this summary period)
If the packets are IPv4, the sum of all observed packet sizes is the sum of the values contained in the Total Length field of each packet as specified in IETF RFC 791 [39].
If the packet is IPv6, the sum of all observed packet sizes is the sum of the values contained in the Payload Length field for each packet as specified in IETF RFC 2460 [40].
If no packets were detected for the duration of the Summary Timer, then the Packet Data Summary Report shall not be sent.
-
the source and destination information derived from the packet headers, including:
- source and destination IP Addresses,
- IP next-layer protocol,
- Layer-4 ports, and
- Flow label, if the packet is IPv6
- summary information for the number of packets and bytes transmitted or received by the target for each unique packet flow within a WLAN tunnel, and
- the date and the time of the first and last packets associated with that packet flow. A packet flow is defined as the 6-tuple of source/destination IP address/port number and the layer 4 protocol and WLAN tunnel. IP addresses and the IP next-layer protocol are always reported, the flow label is reported if the packet is IPv6, and the layer-4 ports are reported.
- start of a packet flow associated with a WLAN Tunnel
- an interim report for a packet flow associated with a WLAN Tunnel is to be reported
- end of a packet flow associated with a WLAN Tunnel (including end of the WLAN Tunnel itself).
- The expiration of a configurable timer per intercept (called a Summary Timer). The Summary Timer is configurable in units of seconds;
- A per-intercept configurable count threshold is reached.
Information Element
Observed MSISDN
Observed IMSI
Observed NAI
Event Type
Event Time
Event Date
Correlation number
WLAN UE Local IP Address
WLAN UE Remote IP address
WLAN Access Point Name
Network Element Identifier
Initiator (optional)
Source IP Address
Source Port Number
Destination IP Address
Destination Port Number
Transport Protocol (e.g., TCP)
Flow Label (IPv6 only)
Summary Period
Packet Count (for this summary period)
Sum of Packet Sizes (for this summary period)
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Correlation number
WLAN UE IP address
WLAN PDG Tunnel Endpoint IP address
WLAN Access Point Name
NAS IP/IPv6 address
Tunnel Protocol
Source Ports
Destination Ports
Network Element Identifier
Source IP Address
Source Port Number
Destination IP Address
Destination Port Number
Transport Protocol (e.g., TCP)
Flow Label (IPv6 only)
Summary Period
Packet Count (for this summary period)
Sum of Packet Sizes (for this summary period)
