Content for TS 33.107 Word version: 16.0.0
0…
4
5…
5A…
6…
7…
7A…
8…
9…
10…
11…
12…
12.2…
12.3…
12.4…
12.5…
13…
14…
15…
16…
17…
18…
19…
20…
21…
22…
23…
A…
B…
C…
D…
E…
F…
G…
H…
I…
J…
L…
12.5 Functional requirements for LI in case of untrusted non-3GPP IP access
12.5.0 Introduction
12.5.1 Provision of Intercept Related Information
12.5.2 X3-interface
12.5.3 LI events for untrusted Non-3GPP IP access
12.6 Functional requirements for LI in case of Handovers between E-UTRAN and CDMA2000 Accesses.
12.7 Functional requirements for LI in case of interworking between SGSN and EPS nodes over S4/S12 interfaces
12.8 Functional requirements for LI in case of interworking between SGSN and PDN-GW over Gn/Gp interfaces
12.9 Functional Requirements for LI in case of Control and User Plane Separation
12.9.1 Background
12.9.2 LI Architecture with CUPS
12.9.3 Provision of Content of Communications
12.9.4 Provision of Intercept Related Information
...
...
12.5 Functional requirements for LI in case of untrusted non-3GPP IP access Word‑p. 153
12.5.0 Introduction |R12|
This clause specifies functional requirements applicable to the PDN-GW and HSS. In addition, this clause specifies requirements applicable to the ePDG in case this node is using a GTPv2 based protocol over s2b interface as specified in TS 23.402.
The e-PDG not using a GTPv2 based protocol over s2b interface and the AAA server are subjected to all the requirements specified in this document for PDG and AAA server for the case of I-WLAN interworking.
Interception in the PDN-GW is a national option.
Interception in the PDN-GW shall be based on IMSI or NAI. In case of GTPv2 based protocol, interception at the ePDG and PDN-GW shall be based on IMSI.
For the delivery of the CC and IRI, the PDN-GW and ePDG provides correlation number and target identity to the DF2 and DF3 which is used there in order to select the different LEAs where the product shall be delivered.
LI based on HSS reporting is a national option. Requirements on the HSS specified in clause 7A.2 and subsections apply also to the case in which non-3GPP IP access and 3GPP AAA server are based. Intercept Related Information (Events) are serving system, subscriber record change, registration termination, and location information request.
12.5.1 Provision of Intercept Related Information
12.5.1.0 General |R12|
Intercept Related Information (Events) shall be sent at attach/tunnel activation on interfaces s2b and s2c, detach/tunnel deactivation, session modification, start of interception with active tunnel, Serving Evolved Packet System.
In case of GTPv2 based s2b, Intercept Related Information shall be sent at attach/bearer activation, detach/bearer deactivation, bearer modification and start of interception with active bearer.
The following event is applicable to the HSS, which is a national option:
-
Serving Evolved Packet System;
-
Subscriber record change;
-
Registration termination;
-
Location information request.
12.5.1.1 X2-interface Word‑p. 154
The following information needs to be transferred from the PDN-GW, ePDG or the HSS to the DF2 in order to allow a DF2 to perform its functionality:
-
target identity;
-
events and associated parameters as defined in clause 12.5.1.2 and 12.5.3 may be provided;
-
the target location (if available) or the IAs in case of location dependent interception; (FFS)
-
date/time of Location (if target location provided);
-
correlation number;
-
Quality of Service (QoS) information, if available;
-
encryption parameters (keys and associated parameters for decrypting CC), if available and necessary.
The PDN-GW detect packets containing packet header information in the communications path but the information needed for Packet Data Header Information reporting may need to be transferred from the PDN-GW either directly to the DF2 or via another network entity in order to allow the DF2 to perform its functionality.
The IRI should be sent to DF2 using a reliable transport mechanism.
12.5.1.2 Structure of the events
There are several different events in which the information is sent to the DF2 if this is required. The events for interception are configurable (if they are sent to DF2) in the PDN-GW, ePDG or the HSS and can be suppressed in the DF2.
The following events are applicable to the PDN-GW:
-
PMIP attach/tunnel activation;
-
PMIP detach/tunnel deactivation;
-
PMIP session modification;
-
Start of interception with active PMIP tunnel;
-
DSMIP registration/tunnel activation;
-
DSMIP deregistration/tunnel deactivation;
-
DSMIP session modification;
-
Start of interception with active DSMIP tunnel;
-
DSMIP HA Switch;
-
PMIP Resource Allocation Deactivation ;
-
Packet Data Header Information
-
Bearer activation;
-
Bearer deactivation;
-
Bearer modification;
-
Start of interception with active bearer.
The following events are applicable to the ePDG:
-
Bearer activation;
-
Bearer deactivation;
-
Bearer modification:
-
Start of interception with active bearer.
The following events are applicable to the HSS, which is national option:
-
Serving Evolved Packet System;
-
Subscriber record change;
-
Registration termination;
-
Location information request.
A set of elements as shown below can be associated with the events. The events trigger the transmission of the information from the nodes to DF2. Available IEs from this set of elements as shown below can be extended in the nodes, if this is necessary as a national option. DF2 can extend available information if this is necessary as a national option. When the GTP protocol is used over the s2b interface, elements from table 12.2.1.2 are included in the applicable events.
Element
Description
Observed MN NAI
The Network Access Identifier of the Mobile Node (target identity).
Observed IMSI
The IMSI of the target.
New observed MN NAI
The Network Access Identifier of the Mobile Node (target identity).
New observed IMSI
The IMSI of the target
Old observed IMSI of the target (if available)
Old observed MN NAI of the target (if available)
Any other IMPU or IMPI (if available) available in the diameter message associated to the target
Event type
Indicates which type of event is delivered: PMIP attach/tunnel activation, PMIP detach/tunnel deactivation, Start of interception with active PMIP tunnel, DSMIP registration/tunnel activation, DSMIP deregistration/tunnel deactivation, Start of interception with active DSMIP tunnel, DSMIP HA Switch, PMIP resource Allocation Deactivation, Serving Evolved Packet System, Subscriber record change, Registration termination, Location information request, Packet Data Header Information.
Event time
Time of the event generation in the ICE. Time stamp shall be generated relative to ICE internal clock.
Event date
Date of the event generation in the ICE.
Change Type
This indicates what has been changed (MSISDN, IMSI, or IMEI) in the Subscriber Change Record
Correlation number
The correlation number is used to correlate CC and IRI.
Network Element Identifier
Unique identifier for the ICE reporting the event.
Logical Function Information
Used to distinguish between multiple logical functions operating in a single physical network element.
Lifetime
Indicates the lifetime of the tunnel; shall be set to a nonzero value in the case of registration or lifetime extension; is set to zero in case of deregistration.
Failed attach reason
Reason for the failed attach/tunnel deactivation of the target.
Session modification failure reason
Reason for a failure of a session modification attempt for the target
Access technology type
Indicates the Radio Access Type.
Handover indicator
Provides information on whether the triggered as part of a handover.
APN
The Access Point Name used for the connection.
UE address info
Includes one or more IP addresses allocated to the UE.
Additional Parameters
Additional information provided by the UE, such as protocol configuration options.
Home Agent address
Contains the IP address of the Home Agent.
Care of Address
The Local IP address assigned to the UE by the Access Network, used as Care of Address for DSMIPv6 over S2c reference point.
HSS/AAA address
The address of the HSS/AAA triggering the PDN-GW reallocation.
Target PDN-GW address
The address of the PDN-GW which the UE will be reallocated to.
Revocation trigger
Contains the cause for the revocation procedure.
Foreign domain address
The relevant IP address in the foreign domain.
Visited network identifier
An identifier that allows the home network to identify the visited network TS 29.273.
Requested IPv6 Home Prefix
The IPv6 Home Prefix requested by the UE.
IPv6 home prefix
The IPv6 home prefix assigned by the PDN GW to the UE.
Home address
Contains the UE Home IP address.
Destination IP Address
The IP address, including type IPv4 or IPv6, of the destination of the IP packet.
Destination Port Number
The port number of the destination of the IP packet.
Flow Label (IPv6 only)
The field in the IPv6 header that is used by a source to label packets of a flow (see RFC 3697 [41]).
Packet Count
The number of packets detected and reported (for a particular summary period).
Packet Data Summary Reason
The reason for a Packet Data Summary message being sent to the LEMF (e.g., timed out, counter expiration, end of session)
Packet Size
The size of the packet. (i.e., Total Length Field in IPv4 or Payload Length field in IPv6)
Source IP Address
The IP address, including type IPv4 or IPv6, of the source of the IP packet.
Source Port Number
The port number of the source of the IP packet.
Sum of Packet Sizes (for a particular summary period)
The sum of values contained in the Total Length fields of the IPv4 packets or the sum of the values contained in the Payload Length fields of the IPv6 packets.
Summary Period
Includes the dates and times of the first and last packets in a particular packet data interval.
Transport Protocol (e.g., TCP)
The identification of the transport protocol of the packet or packet flow being reported.
Any User-Data (AVP Name):
any change in the profit and identities of the target (if available in the Diameter message)
Any Associated-Identities (AVP Name):
any change of any associated identities of the target
Request direction:
Information if the serving node is requesting to the HSS, or requested by the
HSS.
Other update:
carrier specific of target's data that are in the intercepted diameter messages
Other Public User Identities
Other IMPU or IMPI that was allocated to Target and will be deregistered (if available)
Requesting node identifier
(I CSCF; AS) that are interfaced directly in the HSS and transmitting a diameter message from a network
Requesting network node identifier
such as IP-SM-GW Id, GMSC Id, SGSN Id, MME Id GMLC Id (country identifier is included in such request) that are in the different diameter messages related to location request for information (to route the right SMS or Call attempt, or GMLC based location request, to the right node on which is attached the target.)
Requesting node type
(IP-SM-GW AS, GMSC, SGSN, MME, GMLC) (if available)
12.5.2 X3-interface Word‑p. 158
The access method for the delivering of PDN-GW and/or ePDG Intercept Product is based on duplication of packets without modification at the intercepting node. The duplicated packets with additional information in a header are sent to DF3 for further delivery to the LEA.
[not reproduced yet]
Figure 12.5.2.1: Configuration for interception of PDN-GW, ePDG product data
In addition to the intercepted content of communication, the following information needs to be transferred from the PDN-GW and/or ePDG to the DF3 to perform its functionality:
-
target identity;
-
correlation number;
-
time stamp (optional);
-
direction (indicates whether T-PDU is MO or MT) - optional;
-
the target location (if available) or the IAs in case of location dependent interception;
-
date/time of Location (if target location provided);
12.5.3 LI events for untrusted Non-3GPP IP access
12.5.3.1 Initial Attach and PDN connection activation with PMIPv6 on S2b
In the VPLMN, LI shall be done at the ePDG according to LI requirements for I-WLAN; no additional requirement applies to the S-GW for this case.
When the attach or PDN connectivity activation is detected over PMIP at the PDN-GW, a PMIP attach/tunnel activation event shall be generated. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Time
-
Event Date
-
Correlation number
-
Logical Function Information
-
Network Element Identifier
-
Lifetime
-
Failed attach reason
-
Access Technology Type
-
Handoff Indicator
-
APN
-
UE Address Info
-
Additional Parameters
12.5.3.2 Initial attach and PDN connection activation for S2c in untrusted non-3GPP IP access Word‑p. 159
In the VPLMN, LI shall be done at the ePDG according to LI requirements for PDG for I-WLAN.
When the attach or PDN connectivity activation is detected over DS-MIPv6 at the PDN-GW, a DSMIP registration/tunnel activation event shall be generated. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Time
-
Event Date
-
Correlation number
-
Network Element Identifier
-
Logical Function Information
-
Lifetime
-
Failed attach reason
-
Home address
-
Care of Address
-
APN
-
Requested IPv6 Home Prefix
12.5.3.3 UE/ePDG-initiated Detach Procedure and UE Requested PDN disconnection with PMIP
In the VPLMN, LI shall be done at the ePDG according to LI requirements for PDG for I-WLAN; no additional requirement applies to the S-GW for this case.
When the detach or UE requested PDN disconnection is detected over PMIP at the PDN-GW, a PMIP detach/tunnel deactivation event shall be generated. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Time
-
Event Date
-
Correlation number
-
Network Element Identifier
-
Logical Function Information
-
APN
12.5.3.4 Detach and PDN Disconnection for S2c in Un-trusted Non-3GPP IP access Word‑p. 160
In the VPLMN, LI shall be done at the ePDG according to LI requirements for PDG for I-WLAN.
When the detach or PDN disconnection is detected over DS-MIPv6 at the PDN-GW, a DSMIP deregistration/tunnel deactivation event shall be generated. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Time
-
Event Date
-
Correlation number
-
Network Element Identifier
-
Home address
-
Logical Function Information
-
Initiator
-
Care of Address
12.5.3.5 Serving Evolved Packet System
The Serving Evolved Packet System report event is generated at the HSS, when the HSS has detected that the target has roamed. Such events could be mainly triggered by Diameter messages such as:
-
Through SWx interface, Server-Assignment-Request in case of command of 3GPP AAA to HSS (see clause A of TS 29.273, and clause 5 of GSMA IR.61 [65]).
The elements of table 12.5.3.5 will be delivered to the DF2, if available.
Information Element
Observed MSISDN
Observed IMSI
Observed ME Identity
Event Type
Event Time
Event Date
Network Element Identifier
Logical Function Information
Visited Network Identifier (for example, AVP name such as Visited-PLMN-Id)
12.5.3.6 Start of interception with active tunnel/bearer
When interception is started at the PDN-GW/ePDG and the target has an already active tunnel/bearer, a start of interception with active tunnel/bearer shall be generated. The event shall be detected by the same node for which tunnel/bearer activation reporting is applicable and reported. Separate events are defined for the specific protocol (PMIP, DSMIP, GTP). When the GTP protocol is used for the s2b interface, the event Start of interception with active bearer is applicable as specified in section 12.2.3.6. The parameter applicable to the tunnel activation event, as defined in the related sections, will be delivered to the DF2 if available. One event shall be sent for each active tunnel.
12.5.3.7 PDN-GW reallocation upon initial attach on s2c Word‑p. 161
When a PDN GW reallocation procedure is detected by the PDN-GW, a DSMIP HA Switch event shall be generated. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Date
-
Event Time
-
Network Element Identifier
-
Logical Function Information
-
HSS/AAA address
-
Target PDN-GW address
12.5.3.8 PDN GW initiated Resource Allocation Deactivation with S2b PMIP
When a PDN GW initiated resource allocation deactivation is detected, a PMIP Resource Allocation Deactivation event shall be sent. The following elements will be delivered to DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Date
-
Event Time
-
Network Element Identifier
-
Logical Function Information
-
Revocation trigger
-
UE address info
-
Correlation number
12.5.3.9 PMIP session modification |R11|
In the VPLMN, LI shall be done at the ePDG according to LI requirements for PDG for I-WLAN; no additional requirement applies to the S-GW for this case.
When a session modification is detected at the PDN-GW, a PMIP session modification event shall be generated by the PDN-GW. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Time
-
Event Date
-
Network Element Identifier
-
Logical Function Information
-
Correlation number
-
Lifetime
-
UE Address Info
-
Access Technology Type
-
Additional Parameters
-
Session failure modification reason
-
Handover indicator
12.5.3.10 DSMIP session modification |R11|
In the VPLMN, LI shall be done at the ePDG according to LI requirements for PDG for I-WLAN.
When the session modification is detected over DS-MIPv6 at the PDN-GW, a DSMIP session modification event shall be generated. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Time
-
Event Date
-
Correlation number
-
Network Element Identifier
-
Logical Function Information
-
Lifetime
-
Session failure modification reason
-
Home address
-
Care of Address
-
APN
-
Requested IPv6 Home Prefix
12.5.3.11 Packet Data Header Information |R12| Word‑p. 162
12.5.3.11.0 General
Packet Data Header Information reporting can be done either on a per-packet (i.e., non-summarized) basis or in a summary report.
12.5.3.11.1 Packet Data Header Report
This event is used to provide packet header reports on a per packet basis (non-summarized reporting) and is triggered by each packet sent or received by the target. These elements will be delivered by the PDN-GW either directly to the DF2 or via another network entity if available:
-
Observed MN NAI
-
Observed MSISDN
-
Observed IMEI
-
Event Type
-
Event Time
-
Event Date
-
Network Element Identifier
-
Correlation number
-
Logical Function Information
-
Lifetime
-
UE Address Info
-
Access Technology Type
-
Serving Network
-
Home address
-
Care of Address
-
APN
-
Location information
-
Source IP Address
-
Source Port Number
-
Destination IP Address
-
Destination Port Number
-
Transport Protocol (e.g., TCP)
-
Packet Size
-
Flow Label (IPv6 only)
12.5.3.11.2 Packet Data Summary Report Word‑p. 163
This event is used to report:
-
the source and destination information derived from the packet headers, including:
-
source and destination IP Addresses,
-
IP next-layer protocol,
-
Layer-4 ports, and
-
Flow label, if the packet is IPv6
-
summary information for the number of packets and bytes transmitted or received by the target for each unique packet flow within an EPS bearer, and
-
the date and the time of the first and last packets associated with that packet flow. A packet flow is defined as the 6-tuple of source/destination IP address/port number and the layer 4 protocol and EPS bearer.
IP addresses and the IP next-layer protocol are always reported, the flow label is reported if the packet is IPv6, and the layer-4 ports are reported.
The event provides packet summary reports for each unique packet data session (EPS bearer) and packet flow, and is triggered by one of the following:
-
start of a packet flow associated with an EPS bearer
-
an interim report for a packet flow associated with an EPS bearer is to be reported
-
end of a packet flow associated with an EPS bearer (including end of the EPS bearer itself).
An interim report can be triggered by
-
The expiration of a configurable timer per intercept (called a Summary Timer). The Summary Timer is configurable in units of seconds;
-
A per-intercept configurable count threshold is reached.
These elements will be delivered either directly to DF2 or via DF3 for each packet flow if available:
-
Observed MN NAI
-
Observed MSISDN
-
Observed IMEI
-
Event Type
-
Event Time
-
Event Date
-
Network Element Identifier
-
Logical Function Information
-
Correlation number
-
Lifetime
-
UE Address Info
-
Access Technology Type
-
Serving Network
-
Home address
-
Care of Address
-
APN
-
Location information
-
Source IP Address
-
Source Port Number
-
Destination IP Address
-
Destination Port Number
-
Transport Protocol (e.g., TCP)
-
Flow Label (IPv6 only)
-
Summary Period
-
Packet Count (for this summary period)
-
Sum of Packet Sizes (for this summary period)
\endnl
If the packets are IPv4, the sum of all observed packet sizes is the sum of the values contained in the Total Length field of each packet as specified in IETF RFC 791[39].
If the packet is IPv6, the sum of all observed packet sizes is the sum of the values contained in the Payload Length field for each packet as specified in IETF RFC 2460 [40].
If no packets were detected for the duration of the Summary Timer, then the Packet Data Summary Report shall not be sent.
12.5.3.12 Bearer activation |R12| Word‑p. 164
When the Attach is handled by the ePDG over the GTP based s2b interface (TS 23.402), or the Dedicated bearer activation on the GTP based S2b interface (TS 23.402) is detected by the ePDG, or a Bearer activation is detected at the PDN-GW, a Bearer activation event shall be generated. The elements listed in section 12.2.3.3 will be delivered to the DF2 if available.
12.5.3.13 Bearer deactivation |R12|
When the Detach is handled by the ePDG over GTP S2b interface (TS 23.402), or a Bearer deactivation is detected at the PDN-GW, or the PDN GW initiated Resource Allocation Deactivation is detected by the ePDG on GTP based s2b interface, a Bearer deactivation event shall be generated. The elements listed in section 12.2.3.4 will be delivered to the DF2 if available.
12.5.3.14 Bearer modification |R12|
When a Bearer Modification is handled by the ePDG over GTP S2b interface (TS 23.402), or a Bearer modification is detected at the PDN-GW, a Bearer modification event shall be generated. The elements listed in section 12.2.3.5 will be delivered by the ePDG to the DF2 if available.
12.5.3.15 HSS subscriber record change |R13|
This event will be only used to report when there is a change of association between IMSI, MSISDN or IMEI of the target. It is induced mainly by Subscriber Profile management by the HSS or the CSP administration tools through the HSS.
Such events could be mainly triggered by Diameter messages such as:
-
Through SWx interface, -Push-Profile-Request (PPR) in case of command of HSS to 3GPP AAA Server: see clause A of TS 29.273.
The elements of table 12.5.3.15 will be delivered to DF2, if available.
Information Element
New observed MSISDN
New observed IMSI
New Observed IMEI (if available)
Old observed MSISDN
Old observed IMSI
Old observed IMEI (if available)
Event Type
Event Time
Event Date
Network Element Identifier (HSS id...)
Change Type (MSISDN, IMSI or IMEI)
Other update: carrier specific.
12.5.3.16 Registration Termination |R13| Word‑p. 165
This event "Registration Termination" will be used to report to DF2 when HSS send to 3GPP AAA Server It is the equivalent of cancel location or purge to serving system in CS domain. This kind of event is induced by the registration of the target.
The event will be triggered by the following Diameter messages:
The following elements of table 12.5.3.16 such as the previous serving system of the target will be delivered to DF2.
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Network Element Identifier (HSS Id...)
Previous serving system identifier (if available)
12.5.3.17 Location Information request |R13|
This event will be used to report any location information request on the target by a node to HSS, when the target is connected to trusted non-3GPP IP access. A location information request could be generated by an IP-SM-GW AS (as an SMS Centre) or GMSC or SGSN or MME from another Network through a diameter request transmitted by either an AS or the I CSCF of the home network to the HSS of the target. The event will be triggered by the following Diameter messages:
The elements of table 12.5.3.17, observed IMSI, MSISDN, the identifier of the requesting node type and network, will be delivered to DF2, if available.
Information Element
Observed MSISDN
Observed IMSI
Requesting network identifier such as PLMN Id (country identifier included),
Requesting node type (IP-SM-GW AS, GMSC, SGSN, MME, GMLC)
Event Type
Event Time
Event Date
Network Element Identifier (HSS id...)
12.6 Functional requirements for LI in case of Handovers between E-UTRAN and CDMA2000 Accesses. Word‑p. 166
When an handover is performed from CDMA2000 Access to E-UTRAN, the MME shall intercept the attach event received from the HRPD AN based on IMSI.
Interception at S-GW and PDN-GW shall be done according to the requirements given in section 12.2 or 12.3 and related subsections, depending on the protocol used over the S5/S8 interface.
12.7 Functional requirements for LI in case of interworking between SGSN and EPS nodes over S4/S12 interfaces
The SGSN and the HSS are subjected to the requirements applicable to these nodes for PS interception, as specified throughout this document.
The S-GW is subjected to the requirements specified in section 12.2 and subsections. The applicable events shall be reported also when received from the SGSN over S4 interface. CC shall be also reported when received over S4/S12 interfaces. The network procedures for which the events applicable to the S-GW, defined in section 12.2 and subsections, are generated when the S-GW is connected over S4/S12 interfaces to a SGSN are defined in TS 23.060.
The PDN-GW is subjected to the requirements specified in section 12.2 or 12.3 and related subsections, depending on the protocol used on S5/S8 interfaces, which are applicable also to the case in which the PDN-GW is involved for a target for which a S4 based SGSN is used.
12.8 Functional requirements for LI in case of interworking between SGSN and PDN-GW over Gn/Gp interfaces
According to TS 23.060 and TS 23.401 a PDN-GW may provide a Gn/Gp interface for interworking with the SGSN. When this interface is provided, from LI perspective the PDN-GW acts as a GGSN towards the involved SGSN. In this case, in addition to the requirements specified in this clause, all the requirements specified by this document for the GGSN are applicable to the PDN-GW.
The PDN-GW shall use the same correlation number in records when the PDP context/EPS bearer modification signalling is detected due to the handover between different accesses involving a Gn/Gp interface (i.e. from E-UTRAN to 2G/3G and vice versa). After the handover, the PDN-GW shall report the events applicable to the new access and continue to use the same correlation number inside the same PDP context/EPS bearer.
The SGSN is subjected to the requirements applicable to this node for PS interception, as specified throughout this document.
12.9 Functional Requirements for LI in case of Control and User Plane Separation |R14| Word‑p. 167
12.9.1 Background
As defined in TS 23.214, the Serving Gateway and PDN Gateway may have separated control plane and user plane functions. The control plane (CP) functions (Serving Gateway-C and PDN Gateway-C) provide the traffic forwarding rules (referred to as Forward Action Rules in TS 23.214) to the user plane (UP) functions (Serving Gateway-U and PDN Gateway-U). The UP functions forward the user plane traffic as per the Forward Action Rules.
As defined in subclause 12.1 of the present document, the Serving Gateway and PDN Gateway provide the LI functions for the EPC packet data interception. As defined in subclause 15.2, a PDN Gateway can also provide the CC Intercept Function for an IMS-based VoLTE. As defined in clause 20, the BBIFF functions of an S8HR LI functions may be implemented within a Serving Gateway. Therefore, the LI functions available in the Serving Gateway and PDN Gateway shall be carried over to the split Serving Gateway and PDN Gateway with the new CUPS architecture.
12.9.2 LI Architecture with CUPS
12.9.2.1 Overview
The LI architecture for EPC packet data interception with CUPS is depicted in figure 12.1.4.
With CUPS, all the signalling related interfaces (i.e., control plane data) terminate at the Serving Gateway C and PDN Gateway-C. Therefore, the IRI related LI functions provided within a Serving Gateway and PDN Gateway for EPC packet data interception shall be provided by the Serving Gateway-C and PDN Gateway-C respectively. The X2 reference point terminates at the Serving Gateway-C and PDN Gateway-C.
With CUPS, user plane data pass through the Serving Gateway-U and PDN Gateway-U. Therefore, the duplication of user plane data to support the CC interception for EPC packet data shall be done at the Serving Gateway-U and PDN Gateway-U. A new LI specific functional element referred to as Split X3 LI Interworking Function (SX3LIF) is defined.
The UP function duplicates the user plane packets of the traffic to be intercepted (identified by the packet detection rules) as instructed by the CP function and then sends the duplicated user plane packets to the SX3LIF over the X3u reference point. The CP function also provides the forwarding action rules to the UP function which enables the UP function to determine how to send the duplicated user plane packets over the X3u reference point to the SX3LIF. The CP function provides the intercept control information (such as correlation identifier, target identity, and intercepted packet identification rules) to the SX3LIF over the X3c reference point. The SX3LIF receives the user plane packets from the UP function (over the X3u reference point), associates the user plane packets to the target interception based on the intercept related information that it received from the CP function (over the X3c reference point) and then delivers the CC to the DF3 over the X3 reference point.
Figure 12.1.4 also shows an X2 reference point between SX3LIF and DF2. Only the IRI events that require access to the user plane packets (e.g. packet data header information) are passed on this X2 reference point from SX3LIF to DF2. In an alternate option, when such IRI events are generated by the DF3, this X2 reference point between SX3LIF and DF2 is not necessary.
Figure 12.1.4 also shows an X1_1 reference point between ADMF and the SX3LIF. This reference point is used to provide the DF2 address and DF3 address to the SX3LIF. Provision of DF2 address is required only when the IRI events that require access to the user plane packets are generated by the SX3LIF.
12.9.2.2 Packet detection rules
The packet detection rules allow the UP function to determine which user plane packets are duplicated and sent to the SX3LIF.
12.9.2.3 Forwarding action rules Word‑p. 168
The forwarding action rules indicate how the UP function is to forward the duplicated packets to the SX3LIF over the X3u reference point. The information such as the destination IP address at the SX3LIF and the GTP tunnel Id of the tunnel toward which the duplicated packets are sent on the X3u reference point may be part of the forwarding action rules.
12.9.2.4 Intercepted packet identification rules
The intercepted packet identification rules allow the SX3LIF to identify and associate the user plane packets received over the X3u reference point to the target intercept information. Part of the forwarding action rules (e.g. the information such as destination IP address of X3u tunnel, GTP tunnel Id of the X3u tunnel), target identity and correlation identifier are part of the intercepted packet identification rules.
The SX3LIF uses the IP address and the GTP tunnel Id of the tunnel on the X3u reference point to associate the received user plane packets with the target intercept information that it receives from the CP function over X3c reference point.
12.9.3 Provision of Content of Communications
12.9.3.1 Interception for Serving Gateway
12.9.3.2 Interception for PDN Gateway
When the CC interception is required and is to be done at the PDN Gateway, the PDN Gateway-C shall/activate send the following information to the PDN Gateway-U.
-
Packet detection rules as described in 12.9.2.2
-
Forwarding action rules as described in 12.9.2.3
-
An indication to perform the packet duplication and forward the same to the SX3LIF.
In addition, the PDN Gateway-C shall send the following information to the SX3LIF:
-
target identity
-
correlation identifier
-
Intercepted packet identification rules as described in 12.9.2.4.
The PDN Gateway-U shall identify the user plane packets as per the packet detection rules (subsclause 12.9.2.2) and shall forward the packets to the SX3LIF over the X3u reference point as per the forwarding action rules (subclause 12.9.2.3). The SX3LIF shall associate the user plane packets to the target interception as per the intercepted packet identification rules and shall deliver the CC to DF3 over the X3 reference point as defined subclause 12.4.2 and subclause 12.5.2.
12.9.4 Provision of Intercept Related Information Word‑p. 169
12.9.4.1 Interception at the Serving Gateway
When the IRI interception is to be done at the Serving Gateway, the Serving Gateway-C shall deliver the IRI over the X2 reference point to DF2 as defined in subclause 12.2.3, and subclause 12.4.3.
When the IRI events are to be generated from the user plane packets, the Serving Gateway-C shall provide the information to the Serving Gateway-U as it does for the CC interception in accordance to 12.9.3.1. The IRI event that requires access to the user plane packets (e.g. packet data header information) can be generated in one of the following two ways:
-
Serving Gateway-C informing the SX3LIF to generate the IRI events that require access to the user plane packets (e.g. packet data header information), and SX3LIF delivering the IRI events that require access to the user plane packets (e.g. packet data header information) to the DF2
-
DF3 generating the IRI event based on the user plane packets and then delivering the event to the DF2.
When the second approach (i.e. DF3-based) is used, SX3LIF does not require to support the X2 reference point.
12.9.4.2 Interception at the PDN Gateway
When the IRI interception is to be done at the PDN Gateway, the PDN Gateway-C shall deliver the IRI over the X2 reference point to DF2 as defined in subclause 12.2.3, subclause 12.3.3, subclause 12.4.3 and subclause 12.5.3.
When the IRI events are to be generated from the user plane packets, the PDN Gateway-C shall provide the information to the PDN Gateway-U as it does for the CC interception in accordance to 12.9.3.2. The IRI event that requires access to the user plane packets (e.g. packet data header information) can be generated in one of the following two ways:
-
PDN Gateway-C informing the SX3LIF to generate the IRI events that require access to the user plane packets (e.g. packet data header information), and SX3LIF delivering the IRI events that require access to the user plane packets (e.g. packet data header information) to the DF2
-
DF3 generating the IRI event based on the user plane packets and then delivering the event to the DF2.
When the second approach (i.e. DF3-based) is used, SX3LIF does not require to support the X2 reference point.
12.5.0 Introduction |R12|
This clause specifies functional requirements applicable to the PDN-GW and HSS. In addition, this clause specifies requirements applicable to the ePDG in case this node is using a GTPv2 based protocol over s2b interface as specified in TS 23.402.
The e-PDG not using a GTPv2 based protocol over s2b interface and the AAA server are subjected to all the requirements specified in this document for PDG and AAA server for the case of I-WLAN interworking.
Interception in the PDN-GW is a national option.
Interception in the PDN-GW shall be based on IMSI or NAI. In case of GTPv2 based protocol, interception at the ePDG and PDN-GW shall be based on IMSI.
For the delivery of the CC and IRI, the PDN-GW and ePDG provides correlation number and target identity to the DF2 and DF3 which is used there in order to select the different LEAs where the product shall be delivered.
LI based on HSS reporting is a national option. Requirements on the HSS specified in clause 7A.2 and subsections apply also to the case in which non-3GPP IP access and 3GPP AAA server are based. Intercept Related Information (Events) are serving system, subscriber record change, registration termination, and location information request.
12.5.1 Provision of Intercept Related Information
12.5.1.0 General |R12|
Intercept Related Information (Events) shall be sent at attach/tunnel activation on interfaces s2b and s2c, detach/tunnel deactivation, session modification, start of interception with active tunnel, Serving Evolved Packet System.
In case of GTPv2 based s2b, Intercept Related Information shall be sent at attach/bearer activation, detach/bearer deactivation, bearer modification and start of interception with active bearer.
The following event is applicable to the HSS, which is a national option:
- Serving Evolved Packet System;
- Subscriber record change;
- Registration termination;
- Location information request.
12.5.1.1 X2-interface Word‑p. 154
The following information needs to be transferred from the PDN-GW, ePDG or the HSS to the DF2 in order to allow a DF2 to perform its functionality:
-
target identity;
-
events and associated parameters as defined in clause 12.5.1.2 and 12.5.3 may be provided;
-
the target location (if available) or the IAs in case of location dependent interception; (FFS)
-
date/time of Location (if target location provided);
-
correlation number;
-
Quality of Service (QoS) information, if available;
-
encryption parameters (keys and associated parameters for decrypting CC), if available and necessary.
The PDN-GW detect packets containing packet header information in the communications path but the information needed for Packet Data Header Information reporting may need to be transferred from the PDN-GW either directly to the DF2 or via another network entity in order to allow the DF2 to perform its functionality.
The IRI should be sent to DF2 using a reliable transport mechanism.
12.5.1.2 Structure of the events
There are several different events in which the information is sent to the DF2 if this is required. The events for interception are configurable (if they are sent to DF2) in the PDN-GW, ePDG or the HSS and can be suppressed in the DF2.
The following events are applicable to the PDN-GW:
-
PMIP attach/tunnel activation;
-
PMIP detach/tunnel deactivation;
-
PMIP session modification;
-
Start of interception with active PMIP tunnel;
-
DSMIP registration/tunnel activation;
-
DSMIP deregistration/tunnel deactivation;
-
DSMIP session modification;
-
Start of interception with active DSMIP tunnel;
-
DSMIP HA Switch;
-
PMIP Resource Allocation Deactivation ;
-
Packet Data Header Information
-
Bearer activation;
-
Bearer deactivation;
-
Bearer modification;
-
Start of interception with active bearer.
The following events are applicable to the ePDG:
-
Bearer activation;
-
Bearer deactivation;
-
Bearer modification:
-
Start of interception with active bearer.
The following events are applicable to the HSS, which is national option:
-
Serving Evolved Packet System;
-
Subscriber record change;
-
Registration termination;
-
Location information request.
A set of elements as shown below can be associated with the events. The events trigger the transmission of the information from the nodes to DF2. Available IEs from this set of elements as shown below can be extended in the nodes, if this is necessary as a national option. DF2 can extend available information if this is necessary as a national option. When the GTP protocol is used over the s2b interface, elements from table 12.2.1.2 are included in the applicable events.
Element
Description
Observed MN NAI
The Network Access Identifier of the Mobile Node (target identity).
Observed IMSI
The IMSI of the target.
New observed MN NAI
The Network Access Identifier of the Mobile Node (target identity).
New observed IMSI
The IMSI of the target
Old observed IMSI of the target (if available)
Old observed MN NAI of the target (if available)
Any other IMPU or IMPI (if available) available in the diameter message associated to the target
Event type
Indicates which type of event is delivered: PMIP attach/tunnel activation, PMIP detach/tunnel deactivation, Start of interception with active PMIP tunnel, DSMIP registration/tunnel activation, DSMIP deregistration/tunnel deactivation, Start of interception with active DSMIP tunnel, DSMIP HA Switch, PMIP resource Allocation Deactivation, Serving Evolved Packet System, Subscriber record change, Registration termination, Location information request, Packet Data Header Information.
Event time
Time of the event generation in the ICE. Time stamp shall be generated relative to ICE internal clock.
Event date
Date of the event generation in the ICE.
Change Type
This indicates what has been changed (MSISDN, IMSI, or IMEI) in the Subscriber Change Record
Correlation number
The correlation number is used to correlate CC and IRI.
Network Element Identifier
Unique identifier for the ICE reporting the event.
Logical Function Information
Used to distinguish between multiple logical functions operating in a single physical network element.
Lifetime
Indicates the lifetime of the tunnel; shall be set to a nonzero value in the case of registration or lifetime extension; is set to zero in case of deregistration.
Failed attach reason
Reason for the failed attach/tunnel deactivation of the target.
Session modification failure reason
Reason for a failure of a session modification attempt for the target
Access technology type
Indicates the Radio Access Type.
Handover indicator
Provides information on whether the triggered as part of a handover.
APN
The Access Point Name used for the connection.
UE address info
Includes one or more IP addresses allocated to the UE.
Additional Parameters
Additional information provided by the UE, such as protocol configuration options.
Home Agent address
Contains the IP address of the Home Agent.
Care of Address
The Local IP address assigned to the UE by the Access Network, used as Care of Address for DSMIPv6 over S2c reference point.
HSS/AAA address
The address of the HSS/AAA triggering the PDN-GW reallocation.
Target PDN-GW address
The address of the PDN-GW which the UE will be reallocated to.
Revocation trigger
Contains the cause for the revocation procedure.
Foreign domain address
The relevant IP address in the foreign domain.
Visited network identifier
An identifier that allows the home network to identify the visited network TS 29.273.
Requested IPv6 Home Prefix
The IPv6 Home Prefix requested by the UE.
IPv6 home prefix
The IPv6 home prefix assigned by the PDN GW to the UE.
Home address
Contains the UE Home IP address.
Destination IP Address
The IP address, including type IPv4 or IPv6, of the destination of the IP packet.
Destination Port Number
The port number of the destination of the IP packet.
Flow Label (IPv6 only)
The field in the IPv6 header that is used by a source to label packets of a flow (see RFC 3697 [41]).
Packet Count
The number of packets detected and reported (for a particular summary period).
Packet Data Summary Reason
The reason for a Packet Data Summary message being sent to the LEMF (e.g., timed out, counter expiration, end of session)
Packet Size
The size of the packet. (i.e., Total Length Field in IPv4 or Payload Length field in IPv6)
Source IP Address
The IP address, including type IPv4 or IPv6, of the source of the IP packet.
Source Port Number
The port number of the source of the IP packet.
Sum of Packet Sizes (for a particular summary period)
The sum of values contained in the Total Length fields of the IPv4 packets or the sum of the values contained in the Payload Length fields of the IPv6 packets.
Summary Period
Includes the dates and times of the first and last packets in a particular packet data interval.
Transport Protocol (e.g., TCP)
The identification of the transport protocol of the packet or packet flow being reported.
Any User-Data (AVP Name):
any change in the profit and identities of the target (if available in the Diameter message)
Any Associated-Identities (AVP Name):
any change of any associated identities of the target
Request direction:
Information if the serving node is requesting to the HSS, or requested by the
HSS.
Other update:
carrier specific of target's data that are in the intercepted diameter messages
Other Public User Identities
Other IMPU or IMPI that was allocated to Target and will be deregistered (if available)
Requesting node identifier
(I CSCF; AS) that are interfaced directly in the HSS and transmitting a diameter message from a network
Requesting network node identifier
such as IP-SM-GW Id, GMSC Id, SGSN Id, MME Id GMLC Id (country identifier is included in such request) that are in the different diameter messages related to location request for information (to route the right SMS or Call attempt, or GMLC based location request, to the right node on which is attached the target.)
Requesting node type
(IP-SM-GW AS, GMSC, SGSN, MME, GMLC) (if available)
- target identity;
- events and associated parameters as defined in clause 12.5.1.2 and 12.5.3 may be provided;
- the target location (if available) or the IAs in case of location dependent interception; (FFS)
- date/time of Location (if target location provided);
- correlation number;
- Quality of Service (QoS) information, if available;
- encryption parameters (keys and associated parameters for decrypting CC), if available and necessary.
- PMIP attach/tunnel activation;
- PMIP detach/tunnel deactivation;
- PMIP session modification;
- Start of interception with active PMIP tunnel;
- DSMIP registration/tunnel activation;
- DSMIP deregistration/tunnel deactivation;
- DSMIP session modification;
- Start of interception with active DSMIP tunnel;
- DSMIP HA Switch;
- PMIP Resource Allocation Deactivation ;
- Packet Data Header Information
- Bearer activation;
- Bearer deactivation;
- Bearer modification;
- Start of interception with active bearer.
- Bearer activation;
- Bearer deactivation;
- Bearer modification:
- Start of interception with active bearer.
- Serving Evolved Packet System;
- Subscriber record change;
- Registration termination;
- Location information request.
Element
Description
Observed MN NAI
The Network Access Identifier of the Mobile Node (target identity).
Observed IMSI
The IMSI of the target.
New observed MN NAI
The Network Access Identifier of the Mobile Node (target identity).
New observed IMSI
The IMSI of the target
Old observed IMSI of the target (if available)
Old observed MN NAI of the target (if available)
Any other IMPU or IMPI (if available) available in the diameter message associated to the target
Event type
Indicates which type of event is delivered: PMIP attach/tunnel activation, PMIP detach/tunnel deactivation, Start of interception with active PMIP tunnel, DSMIP registration/tunnel activation, DSMIP deregistration/tunnel deactivation, Start of interception with active DSMIP tunnel, DSMIP HA Switch, PMIP resource Allocation Deactivation, Serving Evolved Packet System, Subscriber record change, Registration termination, Location information request, Packet Data Header Information.
Event time
Time of the event generation in the ICE. Time stamp shall be generated relative to ICE internal clock.
Event date
Date of the event generation in the ICE.
Change Type
This indicates what has been changed (MSISDN, IMSI, or IMEI) in the Subscriber Change Record
Correlation number
The correlation number is used to correlate CC and IRI.
Network Element Identifier
Unique identifier for the ICE reporting the event.
Logical Function Information
Used to distinguish between multiple logical functions operating in a single physical network element.
Lifetime
Indicates the lifetime of the tunnel; shall be set to a nonzero value in the case of registration or lifetime extension; is set to zero in case of deregistration.
Failed attach reason
Reason for the failed attach/tunnel deactivation of the target.
Session modification failure reason
Reason for a failure of a session modification attempt for the target
Access technology type
Indicates the Radio Access Type.
Handover indicator
Provides information on whether the triggered as part of a handover.
APN
The Access Point Name used for the connection.
UE address info
Includes one or more IP addresses allocated to the UE.
Additional Parameters
Additional information provided by the UE, such as protocol configuration options.
Home Agent address
Contains the IP address of the Home Agent.
Care of Address
The Local IP address assigned to the UE by the Access Network, used as Care of Address for DSMIPv6 over S2c reference point.
HSS/AAA address
The address of the HSS/AAA triggering the PDN-GW reallocation.
Target PDN-GW address
The address of the PDN-GW which the UE will be reallocated to.
Revocation trigger
Contains the cause for the revocation procedure.
Foreign domain address
The relevant IP address in the foreign domain.
Visited network identifier
An identifier that allows the home network to identify the visited network TS 29.273.
Requested IPv6 Home Prefix
The IPv6 Home Prefix requested by the UE.
IPv6 home prefix
The IPv6 home prefix assigned by the PDN GW to the UE.
Home address
Contains the UE Home IP address.
Destination IP Address
The IP address, including type IPv4 or IPv6, of the destination of the IP packet.
Destination Port Number
The port number of the destination of the IP packet.
Flow Label (IPv6 only)
The field in the IPv6 header that is used by a source to label packets of a flow (see RFC 3697 [41]).
Packet Count
The number of packets detected and reported (for a particular summary period).
Packet Data Summary Reason
The reason for a Packet Data Summary message being sent to the LEMF (e.g., timed out, counter expiration, end of session)
Packet Size
The size of the packet. (i.e., Total Length Field in IPv4 or Payload Length field in IPv6)
Source IP Address
The IP address, including type IPv4 or IPv6, of the source of the IP packet.
Source Port Number
The port number of the source of the IP packet.
Sum of Packet Sizes (for a particular summary period)
The sum of values contained in the Total Length fields of the IPv4 packets or the sum of the values contained in the Payload Length fields of the IPv6 packets.
Summary Period
Includes the dates and times of the first and last packets in a particular packet data interval.
Transport Protocol (e.g., TCP)
The identification of the transport protocol of the packet or packet flow being reported.
Any User-Data (AVP Name):
any change in the profit and identities of the target (if available in the Diameter message)
Any Associated-Identities (AVP Name):
any change of any associated identities of the target
Request direction:
Information if the serving node is requesting to the HSS, or requested by the
HSS.
Other update:
carrier specific of target's data that are in the intercepted diameter messages
Other Public User Identities
Other IMPU or IMPI that was allocated to Target and will be deregistered (if available)
Requesting node identifier
(I CSCF; AS) that are interfaced directly in the HSS and transmitting a diameter message from a network
Requesting network node identifier
such as IP-SM-GW Id, GMSC Id, SGSN Id, MME Id GMLC Id (country identifier is included in such request) that are in the different diameter messages related to location request for information (to route the right SMS or Call attempt, or GMLC based location request, to the right node on which is attached the target.)
Requesting node type
(IP-SM-GW AS, GMSC, SGSN, MME, GMLC) (if available)
12.5.2 X3-interface Word‑p. 158
The access method for the delivering of PDN-GW and/or ePDG Intercept Product is based on duplication of packets without modification at the intercepting node. The duplicated packets with additional information in a header are sent to DF3 for further delivery to the LEA.
[not reproduced yet]
Figure 12.5.2.1: Configuration for interception of PDN-GW, ePDG product data
In addition to the intercepted content of communication, the following information needs to be transferred from the PDN-GW and/or ePDG to the DF3 to perform its functionality:
-
target identity;
-
correlation number;
-
time stamp (optional);
-
direction (indicates whether T-PDU is MO or MT) - optional;
-
the target location (if available) or the IAs in case of location dependent interception;
-
date/time of Location (if target location provided);
12.5.3 LI events for untrusted Non-3GPP IP access
12.5.3.1 Initial Attach and PDN connection activation with PMIPv6 on S2b
In the VPLMN, LI shall be done at the ePDG according to LI requirements for I-WLAN; no additional requirement applies to the S-GW for this case.
When the attach or PDN connectivity activation is detected over PMIP at the PDN-GW, a PMIP attach/tunnel activation event shall be generated. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Time
-
Event Date
-
Correlation number
-
Logical Function Information
-
Network Element Identifier
-
Lifetime
-
Failed attach reason
-
Access Technology Type
-
Handoff Indicator
-
APN
-
UE Address Info
-
Additional Parameters
12.5.3.2 Initial attach and PDN connection activation for S2c in untrusted non-3GPP IP access Word‑p. 159
In the VPLMN, LI shall be done at the ePDG according to LI requirements for PDG for I-WLAN.
When the attach or PDN connectivity activation is detected over DS-MIPv6 at the PDN-GW, a DSMIP registration/tunnel activation event shall be generated. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Time
-
Event Date
-
Correlation number
-
Network Element Identifier
-
Logical Function Information
-
Lifetime
-
Failed attach reason
-
Home address
-
Care of Address
-
APN
-
Requested IPv6 Home Prefix
12.5.3.3 UE/ePDG-initiated Detach Procedure and UE Requested PDN disconnection with PMIP
In the VPLMN, LI shall be done at the ePDG according to LI requirements for PDG for I-WLAN; no additional requirement applies to the S-GW for this case.
When the detach or UE requested PDN disconnection is detected over PMIP at the PDN-GW, a PMIP detach/tunnel deactivation event shall be generated. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Time
-
Event Date
-
Correlation number
-
Network Element Identifier
-
Logical Function Information
-
APN
12.5.3.4 Detach and PDN Disconnection for S2c in Un-trusted Non-3GPP IP access Word‑p. 160
In the VPLMN, LI shall be done at the ePDG according to LI requirements for PDG for I-WLAN.
When the detach or PDN disconnection is detected over DS-MIPv6 at the PDN-GW, a DSMIP deregistration/tunnel deactivation event shall be generated. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Time
-
Event Date
-
Correlation number
-
Network Element Identifier
-
Home address
-
Logical Function Information
-
Initiator
-
Care of Address
12.5.3.5 Serving Evolved Packet System
The Serving Evolved Packet System report event is generated at the HSS, when the HSS has detected that the target has roamed. Such events could be mainly triggered by Diameter messages such as:
-
Through SWx interface, Server-Assignment-Request in case of command of 3GPP AAA to HSS (see clause A of TS 29.273, and clause 5 of GSMA IR.61 [65]).
The elements of table 12.5.3.5 will be delivered to the DF2, if available.
Information Element
Observed MSISDN
Observed IMSI
Observed ME Identity
Event Type
Event Time
Event Date
Network Element Identifier
Logical Function Information
Visited Network Identifier (for example, AVP name such as Visited-PLMN-Id)
12.5.3.6 Start of interception with active tunnel/bearer
When interception is started at the PDN-GW/ePDG and the target has an already active tunnel/bearer, a start of interception with active tunnel/bearer shall be generated. The event shall be detected by the same node for which tunnel/bearer activation reporting is applicable and reported. Separate events are defined for the specific protocol (PMIP, DSMIP, GTP). When the GTP protocol is used for the s2b interface, the event Start of interception with active bearer is applicable as specified in section 12.2.3.6. The parameter applicable to the tunnel activation event, as defined in the related sections, will be delivered to the DF2 if available. One event shall be sent for each active tunnel.
12.5.3.7 PDN-GW reallocation upon initial attach on s2c Word‑p. 161
When a PDN GW reallocation procedure is detected by the PDN-GW, a DSMIP HA Switch event shall be generated. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Date
-
Event Time
-
Network Element Identifier
-
Logical Function Information
-
HSS/AAA address
-
Target PDN-GW address
12.5.3.8 PDN GW initiated Resource Allocation Deactivation with S2b PMIP
When a PDN GW initiated resource allocation deactivation is detected, a PMIP Resource Allocation Deactivation event shall be sent. The following elements will be delivered to DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Date
-
Event Time
-
Network Element Identifier
-
Logical Function Information
-
Revocation trigger
-
UE address info
-
Correlation number
12.5.3.9 PMIP session modification |R11|
In the VPLMN, LI shall be done at the ePDG according to LI requirements for PDG for I-WLAN; no additional requirement applies to the S-GW for this case.
When a session modification is detected at the PDN-GW, a PMIP session modification event shall be generated by the PDN-GW. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Time
-
Event Date
-
Network Element Identifier
-
Logical Function Information
-
Correlation number
-
Lifetime
-
UE Address Info
-
Access Technology Type
-
Additional Parameters
-
Session failure modification reason
-
Handover indicator
12.5.3.10 DSMIP session modification |R11|
In the VPLMN, LI shall be done at the ePDG according to LI requirements for PDG for I-WLAN.
When the session modification is detected over DS-MIPv6 at the PDN-GW, a DSMIP session modification event shall be generated. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Time
-
Event Date
-
Correlation number
-
Network Element Identifier
-
Logical Function Information
-
Lifetime
-
Session failure modification reason
-
Home address
-
Care of Address
-
APN
-
Requested IPv6 Home Prefix
12.5.3.11 Packet Data Header Information |R12| Word‑p. 162
12.5.3.11.0 General
Packet Data Header Information reporting can be done either on a per-packet (i.e., non-summarized) basis or in a summary report.
12.5.3.11.1 Packet Data Header Report
This event is used to provide packet header reports on a per packet basis (non-summarized reporting) and is triggered by each packet sent or received by the target. These elements will be delivered by the PDN-GW either directly to the DF2 or via another network entity if available:
-
Observed MN NAI
-
Observed MSISDN
-
Observed IMEI
-
Event Type
-
Event Time
-
Event Date
-
Network Element Identifier
-
Correlation number
-
Logical Function Information
-
Lifetime
-
UE Address Info
-
Access Technology Type
-
Serving Network
-
Home address
-
Care of Address
-
APN
-
Location information
-
Source IP Address
-
Source Port Number
-
Destination IP Address
-
Destination Port Number
-
Transport Protocol (e.g., TCP)
-
Packet Size
-
Flow Label (IPv6 only)
12.5.3.11.2 Packet Data Summary Report Word‑p. 163
This event is used to report:
-
the source and destination information derived from the packet headers, including:
-
source and destination IP Addresses,
-
IP next-layer protocol,
-
Layer-4 ports, and
-
Flow label, if the packet is IPv6
-
summary information for the number of packets and bytes transmitted or received by the target for each unique packet flow within an EPS bearer, and
-
the date and the time of the first and last packets associated with that packet flow. A packet flow is defined as the 6-tuple of source/destination IP address/port number and the layer 4 protocol and EPS bearer.
IP addresses and the IP next-layer protocol are always reported, the flow label is reported if the packet is IPv6, and the layer-4 ports are reported.
The event provides packet summary reports for each unique packet data session (EPS bearer) and packet flow, and is triggered by one of the following:
-
start of a packet flow associated with an EPS bearer
-
an interim report for a packet flow associated with an EPS bearer is to be reported
-
end of a packet flow associated with an EPS bearer (including end of the EPS bearer itself).
An interim report can be triggered by
-
The expiration of a configurable timer per intercept (called a Summary Timer). The Summary Timer is configurable in units of seconds;
-
A per-intercept configurable count threshold is reached.
These elements will be delivered either directly to DF2 or via DF3 for each packet flow if available:
-
Observed MN NAI
-
Observed MSISDN
-
Observed IMEI
-
Event Type
-
Event Time
-
Event Date
-
Network Element Identifier
-
Logical Function Information
-
Correlation number
-
Lifetime
-
UE Address Info
-
Access Technology Type
-
Serving Network
-
Home address
-
Care of Address
-
APN
-
Location information
-
Source IP Address
-
Source Port Number
-
Destination IP Address
-
Destination Port Number
-
Transport Protocol (e.g., TCP)
-
Flow Label (IPv6 only)
-
Summary Period
-
Packet Count (for this summary period)
-
Sum of Packet Sizes (for this summary period)
\endnl
If the packets are IPv4, the sum of all observed packet sizes is the sum of the values contained in the Total Length field of each packet as specified in IETF RFC 791[39].
If the packet is IPv6, the sum of all observed packet sizes is the sum of the values contained in the Payload Length field for each packet as specified in IETF RFC 2460 [40].
If no packets were detected for the duration of the Summary Timer, then the Packet Data Summary Report shall not be sent.
12.5.3.12 Bearer activation |R12| Word‑p. 164
When the Attach is handled by the ePDG over the GTP based s2b interface (TS 23.402), or the Dedicated bearer activation on the GTP based S2b interface (TS 23.402) is detected by the ePDG, or a Bearer activation is detected at the PDN-GW, a Bearer activation event shall be generated. The elements listed in section 12.2.3.3 will be delivered to the DF2 if available.
12.5.3.13 Bearer deactivation |R12|
When the Detach is handled by the ePDG over GTP S2b interface (TS 23.402), or a Bearer deactivation is detected at the PDN-GW, or the PDN GW initiated Resource Allocation Deactivation is detected by the ePDG on GTP based s2b interface, a Bearer deactivation event shall be generated. The elements listed in section 12.2.3.4 will be delivered to the DF2 if available.
12.5.3.14 Bearer modification |R12|
When a Bearer Modification is handled by the ePDG over GTP S2b interface (TS 23.402), or a Bearer modification is detected at the PDN-GW, a Bearer modification event shall be generated. The elements listed in section 12.2.3.5 will be delivered by the ePDG to the DF2 if available.
12.5.3.15 HSS subscriber record change |R13|
This event will be only used to report when there is a change of association between IMSI, MSISDN or IMEI of the target. It is induced mainly by Subscriber Profile management by the HSS or the CSP administration tools through the HSS.
Such events could be mainly triggered by Diameter messages such as:
-
Through SWx interface, -Push-Profile-Request (PPR) in case of command of HSS to 3GPP AAA Server: see clause A of TS 29.273.
The elements of table 12.5.3.15 will be delivered to DF2, if available.
Information Element
New observed MSISDN
New observed IMSI
New Observed IMEI (if available)
Old observed MSISDN
Old observed IMSI
Old observed IMEI (if available)
Event Type
Event Time
Event Date
Network Element Identifier (HSS id...)
Change Type (MSISDN, IMSI or IMEI)
Other update: carrier specific.
12.5.3.16 Registration Termination |R13| Word‑p. 165
This event "Registration Termination" will be used to report to DF2 when HSS send to 3GPP AAA Server It is the equivalent of cancel location or purge to serving system in CS domain. This kind of event is induced by the registration of the target.
The event will be triggered by the following Diameter messages:
The following elements of table 12.5.3.16 such as the previous serving system of the target will be delivered to DF2.
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Network Element Identifier (HSS Id...)
Previous serving system identifier (if available)
12.5.3.17 Location Information request |R13|
This event will be used to report any location information request on the target by a node to HSS, when the target is connected to trusted non-3GPP IP access. A location information request could be generated by an IP-SM-GW AS (as an SMS Centre) or GMSC or SGSN or MME from another Network through a diameter request transmitted by either an AS or the I CSCF of the home network to the HSS of the target. The event will be triggered by the following Diameter messages:
The elements of table 12.5.3.17, observed IMSI, MSISDN, the identifier of the requesting node type and network, will be delivered to DF2, if available.
Information Element
Observed MSISDN
Observed IMSI
Requesting network identifier such as PLMN Id (country identifier included),
Requesting node type (IP-SM-GW AS, GMSC, SGSN, MME, GMLC)
Event Type
Event Time
Event Date
Network Element Identifier (HSS id...)
- target identity;
- correlation number;
- time stamp (optional);
- direction (indicates whether T-PDU is MO or MT) - optional;
- the target location (if available) or the IAs in case of location dependent interception;
- date/time of Location (if target location provided);
12.5.3.1 Initial Attach and PDN connection activation with PMIPv6 on S2b
In the VPLMN, LI shall be done at the ePDG according to LI requirements for I-WLAN; no additional requirement applies to the S-GW for this case.
When the attach or PDN connectivity activation is detected over PMIP at the PDN-GW, a PMIP attach/tunnel activation event shall be generated. The following elements will be delivered to the DF2 if available:
- Observed MN NAI
- Observed IMSI
- Event Type
- Event Time
- Event Date
- Correlation number
- Logical Function Information
- Network Element Identifier
- Lifetime
- Failed attach reason
- Access Technology Type
- Handoff Indicator
- APN
- UE Address Info
- Additional Parameters
12.5.3.2 Initial attach and PDN connection activation for S2c in untrusted non-3GPP IP access Word‑p. 159
In the VPLMN, LI shall be done at the ePDG according to LI requirements for PDG for I-WLAN.
When the attach or PDN connectivity activation is detected over DS-MIPv6 at the PDN-GW, a DSMIP registration/tunnel activation event shall be generated. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Time
-
Event Date
-
Correlation number
-
Network Element Identifier
-
Logical Function Information
-
Lifetime
-
Failed attach reason
-
Home address
-
Care of Address
-
APN
-
Requested IPv6 Home Prefix
12.5.3.3 UE/ePDG-initiated Detach Procedure and UE Requested PDN disconnection with PMIP
In the VPLMN, LI shall be done at the ePDG according to LI requirements for PDG for I-WLAN; no additional requirement applies to the S-GW for this case.
When the detach or UE requested PDN disconnection is detected over PMIP at the PDN-GW, a PMIP detach/tunnel deactivation event shall be generated. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Time
-
Event Date
-
Correlation number
-
Network Element Identifier
-
Logical Function Information
-
APN
12.5.3.4 Detach and PDN Disconnection for S2c in Un-trusted Non-3GPP IP access Word‑p. 160
In the VPLMN, LI shall be done at the ePDG according to LI requirements for PDG for I-WLAN.
When the detach or PDN disconnection is detected over DS-MIPv6 at the PDN-GW, a DSMIP deregistration/tunnel deactivation event shall be generated. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Time
-
Event Date
-
Correlation number
-
Network Element Identifier
-
Home address
-
Logical Function Information
-
Initiator
-
Care of Address
12.5.3.5 Serving Evolved Packet System
The Serving Evolved Packet System report event is generated at the HSS, when the HSS has detected that the target has roamed. Such events could be mainly triggered by Diameter messages such as:
-
Through SWx interface, Server-Assignment-Request in case of command of 3GPP AAA to HSS (see clause A of TS 29.273, and clause 5 of GSMA IR.61 [65]).
The elements of table 12.5.3.5 will be delivered to the DF2, if available.
Information Element
Observed MSISDN
Observed IMSI
Observed ME Identity
Event Type
Event Time
Event Date
Network Element Identifier
Logical Function Information
Visited Network Identifier (for example, AVP name such as Visited-PLMN-Id)
12.5.3.6 Start of interception with active tunnel/bearer
When interception is started at the PDN-GW/ePDG and the target has an already active tunnel/bearer, a start of interception with active tunnel/bearer shall be generated. The event shall be detected by the same node for which tunnel/bearer activation reporting is applicable and reported. Separate events are defined for the specific protocol (PMIP, DSMIP, GTP). When the GTP protocol is used for the s2b interface, the event Start of interception with active bearer is applicable as specified in section 12.2.3.6. The parameter applicable to the tunnel activation event, as defined in the related sections, will be delivered to the DF2 if available. One event shall be sent for each active tunnel.
12.5.3.7 PDN-GW reallocation upon initial attach on s2c Word‑p. 161
When a PDN GW reallocation procedure is detected by the PDN-GW, a DSMIP HA Switch event shall be generated. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Date
-
Event Time
-
Network Element Identifier
-
Logical Function Information
-
HSS/AAA address
-
Target PDN-GW address
12.5.3.8 PDN GW initiated Resource Allocation Deactivation with S2b PMIP
When a PDN GW initiated resource allocation deactivation is detected, a PMIP Resource Allocation Deactivation event shall be sent. The following elements will be delivered to DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Date
-
Event Time
-
Network Element Identifier
-
Logical Function Information
-
Revocation trigger
-
UE address info
-
Correlation number
12.5.3.9 PMIP session modification |R11|
In the VPLMN, LI shall be done at the ePDG according to LI requirements for PDG for I-WLAN; no additional requirement applies to the S-GW for this case.
When a session modification is detected at the PDN-GW, a PMIP session modification event shall be generated by the PDN-GW. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Time
-
Event Date
-
Network Element Identifier
-
Logical Function Information
-
Correlation number
-
Lifetime
-
UE Address Info
-
Access Technology Type
-
Additional Parameters
-
Session failure modification reason
-
Handover indicator
12.5.3.10 DSMIP session modification |R11|
In the VPLMN, LI shall be done at the ePDG according to LI requirements for PDG for I-WLAN.
When the session modification is detected over DS-MIPv6 at the PDN-GW, a DSMIP session modification event shall be generated. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Time
-
Event Date
-
Correlation number
-
Network Element Identifier
-
Logical Function Information
-
Lifetime
-
Session failure modification reason
-
Home address
-
Care of Address
-
APN
-
Requested IPv6 Home Prefix
12.5.3.11 Packet Data Header Information |R12| Word‑p. 162
12.5.3.11.0 General
Packet Data Header Information reporting can be done either on a per-packet (i.e., non-summarized) basis or in a summary report.
12.5.3.11.1 Packet Data Header Report
This event is used to provide packet header reports on a per packet basis (non-summarized reporting) and is triggered by each packet sent or received by the target. These elements will be delivered by the PDN-GW either directly to the DF2 or via another network entity if available:
-
Observed MN NAI
-
Observed MSISDN
-
Observed IMEI
-
Event Type
-
Event Time
-
Event Date
-
Network Element Identifier
-
Correlation number
-
Logical Function Information
-
Lifetime
-
UE Address Info
-
Access Technology Type
-
Serving Network
-
Home address
-
Care of Address
-
APN
-
Location information
-
Source IP Address
-
Source Port Number
-
Destination IP Address
-
Destination Port Number
-
Transport Protocol (e.g., TCP)
-
Packet Size
-
Flow Label (IPv6 only)
12.5.3.11.2 Packet Data Summary Report Word‑p. 163
This event is used to report:
-
the source and destination information derived from the packet headers, including:
-
source and destination IP Addresses,
-
IP next-layer protocol,
-
Layer-4 ports, and
-
Flow label, if the packet is IPv6
-
summary information for the number of packets and bytes transmitted or received by the target for each unique packet flow within an EPS bearer, and
-
the date and the time of the first and last packets associated with that packet flow. A packet flow is defined as the 6-tuple of source/destination IP address/port number and the layer 4 protocol and EPS bearer.
IP addresses and the IP next-layer protocol are always reported, the flow label is reported if the packet is IPv6, and the layer-4 ports are reported.
The event provides packet summary reports for each unique packet data session (EPS bearer) and packet flow, and is triggered by one of the following:
-
start of a packet flow associated with an EPS bearer
-
an interim report for a packet flow associated with an EPS bearer is to be reported
-
end of a packet flow associated with an EPS bearer (including end of the EPS bearer itself).
An interim report can be triggered by
-
The expiration of a configurable timer per intercept (called a Summary Timer). The Summary Timer is configurable in units of seconds;
-
A per-intercept configurable count threshold is reached.
These elements will be delivered either directly to DF2 or via DF3 for each packet flow if available:
-
Observed MN NAI
-
Observed MSISDN
-
Observed IMEI
-
Event Type
-
Event Time
-
Event Date
-
Network Element Identifier
-
Logical Function Information
-
Correlation number
-
Lifetime
-
UE Address Info
-
Access Technology Type
-
Serving Network
-
Home address
-
Care of Address
-
APN
-
Location information
-
Source IP Address
-
Source Port Number
-
Destination IP Address
-
Destination Port Number
-
Transport Protocol (e.g., TCP)
-
Flow Label (IPv6 only)
-
Summary Period
-
Packet Count (for this summary period)
-
Sum of Packet Sizes (for this summary period)
\endnl
If the packets are IPv4, the sum of all observed packet sizes is the sum of the values contained in the Total Length field of each packet as specified in IETF RFC 791[39].
If the packet is IPv6, the sum of all observed packet sizes is the sum of the values contained in the Payload Length field for each packet as specified in IETF RFC 2460 [40].
If no packets were detected for the duration of the Summary Timer, then the Packet Data Summary Report shall not be sent.
12.5.3.12 Bearer activation |R12| Word‑p. 164
When the Attach is handled by the ePDG over the GTP based s2b interface (TS 23.402), or the Dedicated bearer activation on the GTP based S2b interface (TS 23.402) is detected by the ePDG, or a Bearer activation is detected at the PDN-GW, a Bearer activation event shall be generated. The elements listed in section 12.2.3.3 will be delivered to the DF2 if available.
12.5.3.13 Bearer deactivation |R12|
When the Detach is handled by the ePDG over GTP S2b interface (TS 23.402), or a Bearer deactivation is detected at the PDN-GW, or the PDN GW initiated Resource Allocation Deactivation is detected by the ePDG on GTP based s2b interface, a Bearer deactivation event shall be generated. The elements listed in section 12.2.3.4 will be delivered to the DF2 if available.
12.5.3.14 Bearer modification |R12|
When a Bearer Modification is handled by the ePDG over GTP S2b interface (TS 23.402), or a Bearer modification is detected at the PDN-GW, a Bearer modification event shall be generated. The elements listed in section 12.2.3.5 will be delivered by the ePDG to the DF2 if available.
12.5.3.15 HSS subscriber record change |R13|
This event will be only used to report when there is a change of association between IMSI, MSISDN or IMEI of the target. It is induced mainly by Subscriber Profile management by the HSS or the CSP administration tools through the HSS.
Such events could be mainly triggered by Diameter messages such as:
-
Through SWx interface, -Push-Profile-Request (PPR) in case of command of HSS to 3GPP AAA Server: see clause A of TS 29.273.
The elements of table 12.5.3.15 will be delivered to DF2, if available.
Information Element
New observed MSISDN
New observed IMSI
New Observed IMEI (if available)
Old observed MSISDN
Old observed IMSI
Old observed IMEI (if available)
Event Type
Event Time
Event Date
Network Element Identifier (HSS id...)
Change Type (MSISDN, IMSI or IMEI)
Other update: carrier specific.
12.5.3.16 Registration Termination |R13| Word‑p. 165
This event "Registration Termination" will be used to report to DF2 when HSS send to 3GPP AAA Server It is the equivalent of cancel location or purge to serving system in CS domain. This kind of event is induced by the registration of the target.
The event will be triggered by the following Diameter messages:
The following elements of table 12.5.3.16 such as the previous serving system of the target will be delivered to DF2.
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Network Element Identifier (HSS Id...)
Previous serving system identifier (if available)
12.5.3.17 Location Information request |R13|
This event will be used to report any location information request on the target by a node to HSS, when the target is connected to trusted non-3GPP IP access. A location information request could be generated by an IP-SM-GW AS (as an SMS Centre) or GMSC or SGSN or MME from another Network through a diameter request transmitted by either an AS or the I CSCF of the home network to the HSS of the target. The event will be triggered by the following Diameter messages:
The elements of table 12.5.3.17, observed IMSI, MSISDN, the identifier of the requesting node type and network, will be delivered to DF2, if available.
Information Element
Observed MSISDN
Observed IMSI
Requesting network identifier such as PLMN Id (country identifier included),
Requesting node type (IP-SM-GW AS, GMSC, SGSN, MME, GMLC)
Event Type
Event Time
Event Date
Network Element Identifier (HSS id...)
- Observed MN NAI
- Observed IMSI
- Event Type
- Event Time
- Event Date
- Correlation number
- Network Element Identifier
- Logical Function Information
- Lifetime
- Failed attach reason
- Home address
- Care of Address
- APN
- Requested IPv6 Home Prefix
- Observed MN NAI
- Observed IMSI
- Event Type
- Event Time
- Event Date
- Correlation number
- Network Element Identifier
- Logical Function Information
- APN
In the VPLMN, LI shall be done at the ePDG according to LI requirements for PDG for I-WLAN.
When the detach or PDN disconnection is detected over DS-MIPv6 at the PDN-GW, a DSMIP deregistration/tunnel deactivation event shall be generated. The following elements will be delivered to the DF2 if available:
- Observed MN NAI
- Observed IMSI
- Event Type
- Event Time
- Event Date
- Correlation number
- Network Element Identifier
- Home address
- Logical Function Information
- Initiator
- Care of Address
12.5.3.5 Serving Evolved Packet System
The Serving Evolved Packet System report event is generated at the HSS, when the HSS has detected that the target has roamed. Such events could be mainly triggered by Diameter messages such as:
- Through SWx interface, Server-Assignment-Request in case of command of 3GPP AAA to HSS (see clause A of TS 29.273, and clause 5 of GSMA IR.61 [65]).
Information Element
Observed MSISDN
Observed IMSI
Observed ME Identity
Event Type
Event Time
Event Date
Network Element Identifier
Logical Function Information
Visited Network Identifier (for example, AVP name such as Visited-PLMN-Id)
12.5.3.6 Start of interception with active tunnel/bearer
When interception is started at the PDN-GW/ePDG and the target has an already active tunnel/bearer, a start of interception with active tunnel/bearer shall be generated. The event shall be detected by the same node for which tunnel/bearer activation reporting is applicable and reported. Separate events are defined for the specific protocol (PMIP, DSMIP, GTP). When the GTP protocol is used for the s2b interface, the event Start of interception with active bearer is applicable as specified in section 12.2.3.6. The parameter applicable to the tunnel activation event, as defined in the related sections, will be delivered to the DF2 if available. One event shall be sent for each active tunnel.
12.5.3.7 PDN-GW reallocation upon initial attach on s2c Word‑p. 161
When a PDN GW reallocation procedure is detected by the PDN-GW, a DSMIP HA Switch event shall be generated. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Date
-
Event Time
-
Network Element Identifier
-
Logical Function Information
-
HSS/AAA address
-
Target PDN-GW address
12.5.3.8 PDN GW initiated Resource Allocation Deactivation with S2b PMIP
When a PDN GW initiated resource allocation deactivation is detected, a PMIP Resource Allocation Deactivation event shall be sent. The following elements will be delivered to DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Date
-
Event Time
-
Network Element Identifier
-
Logical Function Information
-
Revocation trigger
-
UE address info
-
Correlation number
12.5.3.9 PMIP session modification |R11|
In the VPLMN, LI shall be done at the ePDG according to LI requirements for PDG for I-WLAN; no additional requirement applies to the S-GW for this case.
When a session modification is detected at the PDN-GW, a PMIP session modification event shall be generated by the PDN-GW. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Time
-
Event Date
-
Network Element Identifier
-
Logical Function Information
-
Correlation number
-
Lifetime
-
UE Address Info
-
Access Technology Type
-
Additional Parameters
-
Session failure modification reason
-
Handover indicator
12.5.3.10 DSMIP session modification |R11|
In the VPLMN, LI shall be done at the ePDG according to LI requirements for PDG for I-WLAN.
When the session modification is detected over DS-MIPv6 at the PDN-GW, a DSMIP session modification event shall be generated. The following elements will be delivered to the DF2 if available:
-
Observed MN NAI
-
Observed IMSI
-
Event Type
-
Event Time
-
Event Date
-
Correlation number
-
Network Element Identifier
-
Logical Function Information
-
Lifetime
-
Session failure modification reason
-
Home address
-
Care of Address
-
APN
-
Requested IPv6 Home Prefix
12.5.3.11 Packet Data Header Information |R12| Word‑p. 162
12.5.3.11.0 General
Packet Data Header Information reporting can be done either on a per-packet (i.e., non-summarized) basis or in a summary report.
12.5.3.11.1 Packet Data Header Report
This event is used to provide packet header reports on a per packet basis (non-summarized reporting) and is triggered by each packet sent or received by the target. These elements will be delivered by the PDN-GW either directly to the DF2 or via another network entity if available:
-
Observed MN NAI
-
Observed MSISDN
-
Observed IMEI
-
Event Type
-
Event Time
-
Event Date
-
Network Element Identifier
-
Correlation number
-
Logical Function Information
-
Lifetime
-
UE Address Info
-
Access Technology Type
-
Serving Network
-
Home address
-
Care of Address
-
APN
-
Location information
-
Source IP Address
-
Source Port Number
-
Destination IP Address
-
Destination Port Number
-
Transport Protocol (e.g., TCP)
-
Packet Size
-
Flow Label (IPv6 only)
12.5.3.11.2 Packet Data Summary Report Word‑p. 163
This event is used to report:
-
the source and destination information derived from the packet headers, including:
-
source and destination IP Addresses,
-
IP next-layer protocol,
-
Layer-4 ports, and
-
Flow label, if the packet is IPv6
-
summary information for the number of packets and bytes transmitted or received by the target for each unique packet flow within an EPS bearer, and
-
the date and the time of the first and last packets associated with that packet flow. A packet flow is defined as the 6-tuple of source/destination IP address/port number and the layer 4 protocol and EPS bearer.
IP addresses and the IP next-layer protocol are always reported, the flow label is reported if the packet is IPv6, and the layer-4 ports are reported.
The event provides packet summary reports for each unique packet data session (EPS bearer) and packet flow, and is triggered by one of the following:
-
start of a packet flow associated with an EPS bearer
-
an interim report for a packet flow associated with an EPS bearer is to be reported
-
end of a packet flow associated with an EPS bearer (including end of the EPS bearer itself).
An interim report can be triggered by
-
The expiration of a configurable timer per intercept (called a Summary Timer). The Summary Timer is configurable in units of seconds;
-
A per-intercept configurable count threshold is reached.
These elements will be delivered either directly to DF2 or via DF3 for each packet flow if available:
-
Observed MN NAI
-
Observed MSISDN
-
Observed IMEI
-
Event Type
-
Event Time
-
Event Date
-
Network Element Identifier
-
Logical Function Information
-
Correlation number
-
Lifetime
-
UE Address Info
-
Access Technology Type
-
Serving Network
-
Home address
-
Care of Address
-
APN
-
Location information
-
Source IP Address
-
Source Port Number
-
Destination IP Address
-
Destination Port Number
-
Transport Protocol (e.g., TCP)
-
Flow Label (IPv6 only)
-
Summary Period
-
Packet Count (for this summary period)
-
Sum of Packet Sizes (for this summary period)
\endnl
If the packets are IPv4, the sum of all observed packet sizes is the sum of the values contained in the Total Length field of each packet as specified in IETF RFC 791[39].
If the packet is IPv6, the sum of all observed packet sizes is the sum of the values contained in the Payload Length field for each packet as specified in IETF RFC 2460 [40].
If no packets were detected for the duration of the Summary Timer, then the Packet Data Summary Report shall not be sent.
12.5.3.12 Bearer activation |R12| Word‑p. 164
When the Attach is handled by the ePDG over the GTP based s2b interface (TS 23.402), or the Dedicated bearer activation on the GTP based S2b interface (TS 23.402) is detected by the ePDG, or a Bearer activation is detected at the PDN-GW, a Bearer activation event shall be generated. The elements listed in section 12.2.3.3 will be delivered to the DF2 if available.
12.5.3.13 Bearer deactivation |R12|
When the Detach is handled by the ePDG over GTP S2b interface (TS 23.402), or a Bearer deactivation is detected at the PDN-GW, or the PDN GW initiated Resource Allocation Deactivation is detected by the ePDG on GTP based s2b interface, a Bearer deactivation event shall be generated. The elements listed in section 12.2.3.4 will be delivered to the DF2 if available.
12.5.3.14 Bearer modification |R12|
When a Bearer Modification is handled by the ePDG over GTP S2b interface (TS 23.402), or a Bearer modification is detected at the PDN-GW, a Bearer modification event shall be generated. The elements listed in section 12.2.3.5 will be delivered by the ePDG to the DF2 if available.
12.5.3.15 HSS subscriber record change |R13|
This event will be only used to report when there is a change of association between IMSI, MSISDN or IMEI of the target. It is induced mainly by Subscriber Profile management by the HSS or the CSP administration tools through the HSS.
Such events could be mainly triggered by Diameter messages such as:
-
Through SWx interface, -Push-Profile-Request (PPR) in case of command of HSS to 3GPP AAA Server: see clause A of TS 29.273.
The elements of table 12.5.3.15 will be delivered to DF2, if available.
Information Element
New observed MSISDN
New observed IMSI
New Observed IMEI (if available)
Old observed MSISDN
Old observed IMSI
Old observed IMEI (if available)
Event Type
Event Time
Event Date
Network Element Identifier (HSS id...)
Change Type (MSISDN, IMSI or IMEI)
Other update: carrier specific.
12.5.3.16 Registration Termination |R13| Word‑p. 165
This event "Registration Termination" will be used to report to DF2 when HSS send to 3GPP AAA Server It is the equivalent of cancel location or purge to serving system in CS domain. This kind of event is induced by the registration of the target.
The event will be triggered by the following Diameter messages:
The following elements of table 12.5.3.16 such as the previous serving system of the target will be delivered to DF2.
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Network Element Identifier (HSS Id...)
Previous serving system identifier (if available)
12.5.3.17 Location Information request |R13|
This event will be used to report any location information request on the target by a node to HSS, when the target is connected to trusted non-3GPP IP access. A location information request could be generated by an IP-SM-GW AS (as an SMS Centre) or GMSC or SGSN or MME from another Network through a diameter request transmitted by either an AS or the I CSCF of the home network to the HSS of the target. The event will be triggered by the following Diameter messages:
The elements of table 12.5.3.17, observed IMSI, MSISDN, the identifier of the requesting node type and network, will be delivered to DF2, if available.
Information Element
Observed MSISDN
Observed IMSI
Requesting network identifier such as PLMN Id (country identifier included),
Requesting node type (IP-SM-GW AS, GMSC, SGSN, MME, GMLC)
Event Type
Event Time
Event Date
Network Element Identifier (HSS id...)
- Observed MN NAI
- Observed IMSI
- Event Type
- Event Date
- Event Time
- Network Element Identifier
- Logical Function Information
- HSS/AAA address
- Target PDN-GW address
- Observed MN NAI
- Observed IMSI
- Event Type
- Event Date
- Event Time
- Network Element Identifier
- Logical Function Information
- Revocation trigger
- UE address info
- Correlation number
- Observed MN NAI
- Observed IMSI
- Event Type
- Event Time
- Event Date
- Network Element Identifier
- Logical Function Information
- Correlation number
- Lifetime
- UE Address Info
- Access Technology Type
- Additional Parameters
- Session failure modification reason
- Handover indicator
- Observed MN NAI
- Observed IMSI
- Event Type
- Event Time
- Event Date
- Correlation number
- Network Element Identifier
- Logical Function Information
- Lifetime
- Session failure modification reason
- Home address
- Care of Address
- APN
- Requested IPv6 Home Prefix
12.5.3.11.0 General
Packet Data Header Information reporting can be done either on a per-packet (i.e., non-summarized) basis or in a summary report.
12.5.3.11.1 Packet Data Header Report
This event is used to provide packet header reports on a per packet basis (non-summarized reporting) and is triggered by each packet sent or received by the target. These elements will be delivered by the PDN-GW either directly to the DF2 or via another network entity if available:
- Observed MN NAI
- Observed MSISDN
- Observed IMEI
- Event Type
- Event Time
- Event Date
- Network Element Identifier
- Correlation number
- Logical Function Information
- Lifetime
- UE Address Info
- Access Technology Type
- Serving Network
- Home address
- Care of Address
- APN
- Location information
- Source IP Address
- Source Port Number
- Destination IP Address
- Destination Port Number
- Transport Protocol (e.g., TCP)
- Packet Size
- Flow Label (IPv6 only)
12.5.3.11.2 Packet Data Summary Report Word‑p. 163
This event is used to report:
-
the source and destination information derived from the packet headers, including:
-
source and destination IP Addresses,
-
IP next-layer protocol,
-
Layer-4 ports, and
-
Flow label, if the packet is IPv6
-
summary information for the number of packets and bytes transmitted or received by the target for each unique packet flow within an EPS bearer, and
-
the date and the time of the first and last packets associated with that packet flow. A packet flow is defined as the 6-tuple of source/destination IP address/port number and the layer 4 protocol and EPS bearer.
IP addresses and the IP next-layer protocol are always reported, the flow label is reported if the packet is IPv6, and the layer-4 ports are reported.
The event provides packet summary reports for each unique packet data session (EPS bearer) and packet flow, and is triggered by one of the following:
-
start of a packet flow associated with an EPS bearer
-
an interim report for a packet flow associated with an EPS bearer is to be reported
-
end of a packet flow associated with an EPS bearer (including end of the EPS bearer itself).
An interim report can be triggered by
-
The expiration of a configurable timer per intercept (called a Summary Timer). The Summary Timer is configurable in units of seconds;
-
A per-intercept configurable count threshold is reached.
These elements will be delivered either directly to DF2 or via DF3 for each packet flow if available:
-
Observed MN NAI
-
Observed MSISDN
-
Observed IMEI
-
Event Type
-
Event Time
-
Event Date
-
Network Element Identifier
-
Logical Function Information
-
Correlation number
-
Lifetime
-
UE Address Info
-
Access Technology Type
-
Serving Network
-
Home address
-
Care of Address
-
APN
-
Location information
-
Source IP Address
-
Source Port Number
-
Destination IP Address
-
Destination Port Number
-
Transport Protocol (e.g., TCP)
-
Flow Label (IPv6 only)
-
Summary Period
-
Packet Count (for this summary period)
-
Sum of Packet Sizes (for this summary period)
\endnl
If the packets are IPv4, the sum of all observed packet sizes is the sum of the values contained in the Total Length field of each packet as specified in IETF RFC 791[39].
If the packet is IPv6, the sum of all observed packet sizes is the sum of the values contained in the Payload Length field for each packet as specified in IETF RFC 2460 [40].
If no packets were detected for the duration of the Summary Timer, then the Packet Data Summary Report shall not be sent.
-
the source and destination information derived from the packet headers, including:
- source and destination IP Addresses,
- IP next-layer protocol,
- Layer-4 ports, and
- Flow label, if the packet is IPv6
- summary information for the number of packets and bytes transmitted or received by the target for each unique packet flow within an EPS bearer, and
- the date and the time of the first and last packets associated with that packet flow. A packet flow is defined as the 6-tuple of source/destination IP address/port number and the layer 4 protocol and EPS bearer. IP addresses and the IP next-layer protocol are always reported, the flow label is reported if the packet is IPv6, and the layer-4 ports are reported.
- start of a packet flow associated with an EPS bearer
- an interim report for a packet flow associated with an EPS bearer is to be reported
- end of a packet flow associated with an EPS bearer (including end of the EPS bearer itself).
- The expiration of a configurable timer per intercept (called a Summary Timer). The Summary Timer is configurable in units of seconds;
- A per-intercept configurable count threshold is reached.
- Observed MN NAI
- Observed MSISDN
- Observed IMEI
- Event Type
- Event Time
- Event Date
- Network Element Identifier
- Logical Function Information
- Correlation number
- Lifetime
- UE Address Info
- Access Technology Type
- Serving Network
- Home address
- Care of Address
- APN
- Location information
- Source IP Address
- Source Port Number
- Destination IP Address
- Destination Port Number
- Transport Protocol (e.g., TCP)
- Flow Label (IPv6 only)
- Summary Period
- Packet Count (for this summary period)
- Sum of Packet Sizes (for this summary period) \endnl If the packets are IPv4, the sum of all observed packet sizes is the sum of the values contained in the Total Length field of each packet as specified in IETF RFC 791[39]. If the packet is IPv6, the sum of all observed packet sizes is the sum of the values contained in the Payload Length field for each packet as specified in IETF RFC 2460 [40]. If no packets were detected for the duration of the Summary Timer, then the Packet Data Summary Report shall not be sent.
12.5.3.12 Bearer activation |R12| Word‑p. 164
When the Attach is handled by the ePDG over the GTP based s2b interface (TS 23.402), or the Dedicated bearer activation on the GTP based S2b interface (TS 23.402) is detected by the ePDG, or a Bearer activation is detected at the PDN-GW, a Bearer activation event shall be generated. The elements listed in section 12.2.3.3 will be delivered to the DF2 if available.
12.5.3.13 Bearer deactivation |R12|
When the Detach is handled by the ePDG over GTP S2b interface (TS 23.402), or a Bearer deactivation is detected at the PDN-GW, or the PDN GW initiated Resource Allocation Deactivation is detected by the ePDG on GTP based s2b interface, a Bearer deactivation event shall be generated. The elements listed in section 12.2.3.4 will be delivered to the DF2 if available.
12.5.3.14 Bearer modification |R12|
When a Bearer Modification is handled by the ePDG over GTP S2b interface (TS 23.402), or a Bearer modification is detected at the PDN-GW, a Bearer modification event shall be generated. The elements listed in section 12.2.3.5 will be delivered by the ePDG to the DF2 if available.
12.5.3.15 HSS subscriber record change |R13|
This event will be only used to report when there is a change of association between IMSI, MSISDN or IMEI of the target. It is induced mainly by Subscriber Profile management by the HSS or the CSP administration tools through the HSS.
Such events could be mainly triggered by Diameter messages such as:
-
Through SWx interface, -Push-Profile-Request (PPR) in case of command of HSS to 3GPP AAA Server: see clause A of TS 29.273.
The elements of table 12.5.3.15 will be delivered to DF2, if available.
Information Element
New observed MSISDN
New observed IMSI
New Observed IMEI (if available)
Old observed MSISDN
Old observed IMSI
Old observed IMEI (if available)
Event Type
Event Time
Event Date
Network Element Identifier (HSS id...)
Change Type (MSISDN, IMSI or IMEI)
Other update: carrier specific.
12.5.3.16 Registration Termination |R13| Word‑p. 165
This event "Registration Termination" will be used to report to DF2 when HSS send to 3GPP AAA Server It is the equivalent of cancel location or purge to serving system in CS domain. This kind of event is induced by the registration of the target.
The event will be triggered by the following Diameter messages:
The following elements of table 12.5.3.16 such as the previous serving system of the target will be delivered to DF2.
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Network Element Identifier (HSS Id...)
Previous serving system identifier (if available)
12.5.3.17 Location Information request |R13|
This event will be used to report any location information request on the target by a node to HSS, when the target is connected to trusted non-3GPP IP access. A location information request could be generated by an IP-SM-GW AS (as an SMS Centre) or GMSC or SGSN or MME from another Network through a diameter request transmitted by either an AS or the I CSCF of the home network to the HSS of the target. The event will be triggered by the following Diameter messages:
The elements of table 12.5.3.17, observed IMSI, MSISDN, the identifier of the requesting node type and network, will be delivered to DF2, if available.
Information Element
Observed MSISDN
Observed IMSI
Requesting network identifier such as PLMN Id (country identifier included),
Requesting node type (IP-SM-GW AS, GMSC, SGSN, MME, GMLC)
Event Type
Event Time
Event Date
Network Element Identifier (HSS id...)
- Through SWx interface, -Push-Profile-Request (PPR) in case of command of HSS to 3GPP AAA Server: see clause A of TS 29.273.
Information Element
New observed MSISDN
New observed IMSI
New Observed IMEI (if available)
Old observed MSISDN
Old observed IMSI
Old observed IMEI (if available)
Event Type
Event Time
Event Date
Network Element Identifier (HSS id...)
Change Type (MSISDN, IMSI or IMEI)
Other update: carrier specific.
This event "Registration Termination" will be used to report to DF2 when HSS send to 3GPP AAA Server It is the equivalent of cancel location or purge to serving system in CS domain. This kind of event is induced by the registration of the target.
The event will be triggered by the following Diameter messages:
The following elements of table 12.5.3.16 such as the previous serving system of the target will be delivered to DF2.
Information Element
Observed MSISDN
Observed IMSI
Event Type
Event Time
Event Date
Network Element Identifier (HSS Id...)
Previous serving system identifier (if available)
12.5.3.17 Location Information request |R13|
This event will be used to report any location information request on the target by a node to HSS, when the target is connected to trusted non-3GPP IP access. A location information request could be generated by an IP-SM-GW AS (as an SMS Centre) or GMSC or SGSN or MME from another Network through a diameter request transmitted by either an AS or the I CSCF of the home network to the HSS of the target. The event will be triggered by the following Diameter messages:
The elements of table 12.5.3.17, observed IMSI, MSISDN, the identifier of the requesting node type and network, will be delivered to DF2, if available.
Information Element
Observed MSISDN
Observed IMSI
Requesting network identifier such as PLMN Id (country identifier included),
Requesting node type (IP-SM-GW AS, GMSC, SGSN, MME, GMLC)
Event Type
Event Time
Event Date
Network Element Identifier (HSS id...)
When an handover is performed from CDMA2000 Access to E-UTRAN, the MME shall intercept the attach event received from the HRPD AN based on IMSI.
Interception at S-GW and PDN-GW shall be done according to the requirements given in section 12.2 or 12.3 and related subsections, depending on the protocol used over the S5/S8 interface.
12.7 Functional requirements for LI in case of interworking between SGSN and EPS nodes over S4/S12 interfaces
The SGSN and the HSS are subjected to the requirements applicable to these nodes for PS interception, as specified throughout this document.
The S-GW is subjected to the requirements specified in section 12.2 and subsections. The applicable events shall be reported also when received from the SGSN over S4 interface. CC shall be also reported when received over S4/S12 interfaces. The network procedures for which the events applicable to the S-GW, defined in section 12.2 and subsections, are generated when the S-GW is connected over S4/S12 interfaces to a SGSN are defined in TS 23.060.
The PDN-GW is subjected to the requirements specified in section 12.2 or 12.3 and related subsections, depending on the protocol used on S5/S8 interfaces, which are applicable also to the case in which the PDN-GW is involved for a target for which a S4 based SGSN is used.
12.8 Functional requirements for LI in case of interworking between SGSN and PDN-GW over Gn/Gp interfaces
According to TS 23.060 and TS 23.401 a PDN-GW may provide a Gn/Gp interface for interworking with the SGSN. When this interface is provided, from LI perspective the PDN-GW acts as a GGSN towards the involved SGSN. In this case, in addition to the requirements specified in this clause, all the requirements specified by this document for the GGSN are applicable to the PDN-GW.
The PDN-GW shall use the same correlation number in records when the PDP context/EPS bearer modification signalling is detected due to the handover between different accesses involving a Gn/Gp interface (i.e. from E-UTRAN to 2G/3G and vice versa). After the handover, the PDN-GW shall report the events applicable to the new access and continue to use the same correlation number inside the same PDP context/EPS bearer.
The SGSN is subjected to the requirements applicable to this node for PS interception, as specified throughout this document.
12.9 Functional Requirements for LI in case of Control and User Plane Separation |R14| Word‑p. 167
12.9.1 Background
As defined in TS 23.214, the Serving Gateway and PDN Gateway may have separated control plane and user plane functions. The control plane (CP) functions (Serving Gateway-C and PDN Gateway-C) provide the traffic forwarding rules (referred to as Forward Action Rules in TS 23.214) to the user plane (UP) functions (Serving Gateway-U and PDN Gateway-U). The UP functions forward the user plane traffic as per the Forward Action Rules.
As defined in subclause 12.1 of the present document, the Serving Gateway and PDN Gateway provide the LI functions for the EPC packet data interception. As defined in subclause 15.2, a PDN Gateway can also provide the CC Intercept Function for an IMS-based VoLTE. As defined in clause 20, the BBIFF functions of an S8HR LI functions may be implemented within a Serving Gateway. Therefore, the LI functions available in the Serving Gateway and PDN Gateway shall be carried over to the split Serving Gateway and PDN Gateway with the new CUPS architecture.
12.9.2 LI Architecture with CUPS
12.9.2.1 Overview
The LI architecture for EPC packet data interception with CUPS is depicted in figure 12.1.4.
With CUPS, all the signalling related interfaces (i.e., control plane data) terminate at the Serving Gateway C and PDN Gateway-C. Therefore, the IRI related LI functions provided within a Serving Gateway and PDN Gateway for EPC packet data interception shall be provided by the Serving Gateway-C and PDN Gateway-C respectively. The X2 reference point terminates at the Serving Gateway-C and PDN Gateway-C.
With CUPS, user plane data pass through the Serving Gateway-U and PDN Gateway-U. Therefore, the duplication of user plane data to support the CC interception for EPC packet data shall be done at the Serving Gateway-U and PDN Gateway-U. A new LI specific functional element referred to as Split X3 LI Interworking Function (SX3LIF) is defined.
The UP function duplicates the user plane packets of the traffic to be intercepted (identified by the packet detection rules) as instructed by the CP function and then sends the duplicated user plane packets to the SX3LIF over the X3u reference point. The CP function also provides the forwarding action rules to the UP function which enables the UP function to determine how to send the duplicated user plane packets over the X3u reference point to the SX3LIF. The CP function provides the intercept control information (such as correlation identifier, target identity, and intercepted packet identification rules) to the SX3LIF over the X3c reference point. The SX3LIF receives the user plane packets from the UP function (over the X3u reference point), associates the user plane packets to the target interception based on the intercept related information that it received from the CP function (over the X3c reference point) and then delivers the CC to the DF3 over the X3 reference point.
Figure 12.1.4 also shows an X2 reference point between SX3LIF and DF2. Only the IRI events that require access to the user plane packets (e.g. packet data header information) are passed on this X2 reference point from SX3LIF to DF2. In an alternate option, when such IRI events are generated by the DF3, this X2 reference point between SX3LIF and DF2 is not necessary.
Figure 12.1.4 also shows an X1_1 reference point between ADMF and the SX3LIF. This reference point is used to provide the DF2 address and DF3 address to the SX3LIF. Provision of DF2 address is required only when the IRI events that require access to the user plane packets are generated by the SX3LIF.
12.9.2.2 Packet detection rules
The packet detection rules allow the UP function to determine which user plane packets are duplicated and sent to the SX3LIF.
12.9.2.3 Forwarding action rules Word‑p. 168
The forwarding action rules indicate how the UP function is to forward the duplicated packets to the SX3LIF over the X3u reference point. The information such as the destination IP address at the SX3LIF and the GTP tunnel Id of the tunnel toward which the duplicated packets are sent on the X3u reference point may be part of the forwarding action rules.
12.9.2.4 Intercepted packet identification rules
The intercepted packet identification rules allow the SX3LIF to identify and associate the user plane packets received over the X3u reference point to the target intercept information. Part of the forwarding action rules (e.g. the information such as destination IP address of X3u tunnel, GTP tunnel Id of the X3u tunnel), target identity and correlation identifier are part of the intercepted packet identification rules.
The SX3LIF uses the IP address and the GTP tunnel Id of the tunnel on the X3u reference point to associate the received user plane packets with the target intercept information that it receives from the CP function over X3c reference point.
12.9.3 Provision of Content of Communications
12.9.3.1 Interception for Serving Gateway
12.9.3.2 Interception for PDN Gateway
When the CC interception is required and is to be done at the PDN Gateway, the PDN Gateway-C shall/activate send the following information to the PDN Gateway-U.
-
Packet detection rules as described in 12.9.2.2
-
Forwarding action rules as described in 12.9.2.3
-
An indication to perform the packet duplication and forward the same to the SX3LIF.
In addition, the PDN Gateway-C shall send the following information to the SX3LIF:
-
target identity
-
correlation identifier
-
Intercepted packet identification rules as described in 12.9.2.4.
The PDN Gateway-U shall identify the user plane packets as per the packet detection rules (subsclause 12.9.2.2) and shall forward the packets to the SX3LIF over the X3u reference point as per the forwarding action rules (subclause 12.9.2.3). The SX3LIF shall associate the user plane packets to the target interception as per the intercepted packet identification rules and shall deliver the CC to DF3 over the X3 reference point as defined subclause 12.4.2 and subclause 12.5.2.
12.9.4 Provision of Intercept Related Information Word‑p. 169
12.9.4.1 Interception at the Serving Gateway
When the IRI interception is to be done at the Serving Gateway, the Serving Gateway-C shall deliver the IRI over the X2 reference point to DF2 as defined in subclause 12.2.3, and subclause 12.4.3.
When the IRI events are to be generated from the user plane packets, the Serving Gateway-C shall provide the information to the Serving Gateway-U as it does for the CC interception in accordance to 12.9.3.1. The IRI event that requires access to the user plane packets (e.g. packet data header information) can be generated in one of the following two ways:
-
Serving Gateway-C informing the SX3LIF to generate the IRI events that require access to the user plane packets (e.g. packet data header information), and SX3LIF delivering the IRI events that require access to the user plane packets (e.g. packet data header information) to the DF2
-
DF3 generating the IRI event based on the user plane packets and then delivering the event to the DF2.
When the second approach (i.e. DF3-based) is used, SX3LIF does not require to support the X2 reference point.
12.9.4.2 Interception at the PDN Gateway
When the IRI interception is to be done at the PDN Gateway, the PDN Gateway-C shall deliver the IRI over the X2 reference point to DF2 as defined in subclause 12.2.3, subclause 12.3.3, subclause 12.4.3 and subclause 12.5.3.
When the IRI events are to be generated from the user plane packets, the PDN Gateway-C shall provide the information to the PDN Gateway-U as it does for the CC interception in accordance to 12.9.3.2. The IRI event that requires access to the user plane packets (e.g. packet data header information) can be generated in one of the following two ways:
-
PDN Gateway-C informing the SX3LIF to generate the IRI events that require access to the user plane packets (e.g. packet data header information), and SX3LIF delivering the IRI events that require access to the user plane packets (e.g. packet data header information) to the DF2
-
DF3 generating the IRI event based on the user plane packets and then delivering the event to the DF2.
When the second approach (i.e. DF3-based) is used, SX3LIF does not require to support the X2 reference point.
12.9.1 Background
As defined in TS 23.214, the Serving Gateway and PDN Gateway may have separated control plane and user plane functions. The control plane (CP) functions (Serving Gateway-C and PDN Gateway-C) provide the traffic forwarding rules (referred to as Forward Action Rules in TS 23.214) to the user plane (UP) functions (Serving Gateway-U and PDN Gateway-U). The UP functions forward the user plane traffic as per the Forward Action Rules.
As defined in subclause 12.1 of the present document, the Serving Gateway and PDN Gateway provide the LI functions for the EPC packet data interception. As defined in subclause 15.2, a PDN Gateway can also provide the CC Intercept Function for an IMS-based VoLTE. As defined in clause 20, the BBIFF functions of an S8HR LI functions may be implemented within a Serving Gateway. Therefore, the LI functions available in the Serving Gateway and PDN Gateway shall be carried over to the split Serving Gateway and PDN Gateway with the new CUPS architecture.
12.9.2 LI Architecture with CUPS
12.9.2.1 Overview
The LI architecture for EPC packet data interception with CUPS is depicted in figure 12.1.4.
With CUPS, all the signalling related interfaces (i.e., control plane data) terminate at the Serving Gateway C and PDN Gateway-C. Therefore, the IRI related LI functions provided within a Serving Gateway and PDN Gateway for EPC packet data interception shall be provided by the Serving Gateway-C and PDN Gateway-C respectively. The X2 reference point terminates at the Serving Gateway-C and PDN Gateway-C.
With CUPS, user plane data pass through the Serving Gateway-U and PDN Gateway-U. Therefore, the duplication of user plane data to support the CC interception for EPC packet data shall be done at the Serving Gateway-U and PDN Gateway-U. A new LI specific functional element referred to as Split X3 LI Interworking Function (SX3LIF) is defined.
The UP function duplicates the user plane packets of the traffic to be intercepted (identified by the packet detection rules) as instructed by the CP function and then sends the duplicated user plane packets to the SX3LIF over the X3u reference point. The CP function also provides the forwarding action rules to the UP function which enables the UP function to determine how to send the duplicated user plane packets over the X3u reference point to the SX3LIF. The CP function provides the intercept control information (such as correlation identifier, target identity, and intercepted packet identification rules) to the SX3LIF over the X3c reference point. The SX3LIF receives the user plane packets from the UP function (over the X3u reference point), associates the user plane packets to the target interception based on the intercept related information that it received from the CP function (over the X3c reference point) and then delivers the CC to the DF3 over the X3 reference point.
Figure 12.1.4 also shows an X2 reference point between SX3LIF and DF2. Only the IRI events that require access to the user plane packets (e.g. packet data header information) are passed on this X2 reference point from SX3LIF to DF2. In an alternate option, when such IRI events are generated by the DF3, this X2 reference point between SX3LIF and DF2 is not necessary.
Figure 12.1.4 also shows an X1_1 reference point between ADMF and the SX3LIF. This reference point is used to provide the DF2 address and DF3 address to the SX3LIF. Provision of DF2 address is required only when the IRI events that require access to the user plane packets are generated by the SX3LIF.
12.9.2.2 Packet detection rules
The packet detection rules allow the UP function to determine which user plane packets are duplicated and sent to the SX3LIF.
12.9.2.3 Forwarding action rules Word‑p. 168
The forwarding action rules indicate how the UP function is to forward the duplicated packets to the SX3LIF over the X3u reference point. The information such as the destination IP address at the SX3LIF and the GTP tunnel Id of the tunnel toward which the duplicated packets are sent on the X3u reference point may be part of the forwarding action rules.
12.9.2.4 Intercepted packet identification rules
The intercepted packet identification rules allow the SX3LIF to identify and associate the user plane packets received over the X3u reference point to the target intercept information. Part of the forwarding action rules (e.g. the information such as destination IP address of X3u tunnel, GTP tunnel Id of the X3u tunnel), target identity and correlation identifier are part of the intercepted packet identification rules.
The SX3LIF uses the IP address and the GTP tunnel Id of the tunnel on the X3u reference point to associate the received user plane packets with the target intercept information that it receives from the CP function over X3c reference point.
12.9.3 Provision of Content of Communications
12.9.3.1 Interception for Serving Gateway
12.9.3.2 Interception for PDN Gateway
When the CC interception is required and is to be done at the PDN Gateway, the PDN Gateway-C shall/activate send the following information to the PDN Gateway-U.
- Packet detection rules as described in 12.9.2.2
- Forwarding action rules as described in 12.9.2.3
- An indication to perform the packet duplication and forward the same to the SX3LIF.
- target identity
- correlation identifier
- Intercepted packet identification rules as described in 12.9.2.4.
12.9.4 Provision of Intercept Related Information Word‑p. 169
12.9.4.1 Interception at the Serving Gateway
When the IRI interception is to be done at the Serving Gateway, the Serving Gateway-C shall deliver the IRI over the X2 reference point to DF2 as defined in subclause 12.2.3, and subclause 12.4.3.
When the IRI events are to be generated from the user plane packets, the Serving Gateway-C shall provide the information to the Serving Gateway-U as it does for the CC interception in accordance to 12.9.3.1. The IRI event that requires access to the user plane packets (e.g. packet data header information) can be generated in one of the following two ways:
-
Serving Gateway-C informing the SX3LIF to generate the IRI events that require access to the user plane packets (e.g. packet data header information), and SX3LIF delivering the IRI events that require access to the user plane packets (e.g. packet data header information) to the DF2
-
DF3 generating the IRI event based on the user plane packets and then delivering the event to the DF2.
When the second approach (i.e. DF3-based) is used, SX3LIF does not require to support the X2 reference point.
12.9.4.2 Interception at the PDN Gateway
When the IRI interception is to be done at the PDN Gateway, the PDN Gateway-C shall deliver the IRI over the X2 reference point to DF2 as defined in subclause 12.2.3, subclause 12.3.3, subclause 12.4.3 and subclause 12.5.3.
When the IRI events are to be generated from the user plane packets, the PDN Gateway-C shall provide the information to the PDN Gateway-U as it does for the CC interception in accordance to 12.9.3.2. The IRI event that requires access to the user plane packets (e.g. packet data header information) can be generated in one of the following two ways:
-
PDN Gateway-C informing the SX3LIF to generate the IRI events that require access to the user plane packets (e.g. packet data header information), and SX3LIF delivering the IRI events that require access to the user plane packets (e.g. packet data header information) to the DF2
-
DF3 generating the IRI event based on the user plane packets and then delivering the event to the DF2.
When the second approach (i.e. DF3-based) is used, SX3LIF does not require to support the X2 reference point.
12.9.4.1 Interception at the Serving Gateway
When the IRI interception is to be done at the Serving Gateway, the Serving Gateway-C shall deliver the IRI over the X2 reference point to DF2 as defined in subclause 12.2.3, and subclause 12.4.3.
When the IRI events are to be generated from the user plane packets, the Serving Gateway-C shall provide the information to the Serving Gateway-U as it does for the CC interception in accordance to 12.9.3.1. The IRI event that requires access to the user plane packets (e.g. packet data header information) can be generated in one of the following two ways:
- Serving Gateway-C informing the SX3LIF to generate the IRI events that require access to the user plane packets (e.g. packet data header information), and SX3LIF delivering the IRI events that require access to the user plane packets (e.g. packet data header information) to the DF2
- DF3 generating the IRI event based on the user plane packets and then delivering the event to the DF2. When the second approach (i.e. DF3-based) is used, SX3LIF does not require to support the X2 reference point.
12.9.4.2 Interception at the PDN Gateway
When the IRI interception is to be done at the PDN Gateway, the PDN Gateway-C shall deliver the IRI over the X2 reference point to DF2 as defined in subclause 12.2.3, subclause 12.3.3, subclause 12.4.3 and subclause 12.5.3.
When the IRI events are to be generated from the user plane packets, the PDN Gateway-C shall provide the information to the PDN Gateway-U as it does for the CC interception in accordance to 12.9.3.2. The IRI event that requires access to the user plane packets (e.g. packet data header information) can be generated in one of the following two ways:
- PDN Gateway-C informing the SX3LIF to generate the IRI events that require access to the user plane packets (e.g. packet data header information), and SX3LIF delivering the IRI events that require access to the user plane packets (e.g. packet data header information) to the DF2
- DF3 generating the IRI event based on the user plane packets and then delivering the event to the DF2. When the second approach (i.e. DF3-based) is used, SX3LIF does not require to support the X2 reference point.
