•Important: Category-based Static-and-Dynamic Content Filtering feature is not supported in this release.
[600-00-7801] Blacklisting Integrated Service[ 600-00-7586 ] Integrated Content Filtering Service, 1k SessionsImportant: External Content Filtering Server support through Internet Content Adaptation Protocol (ICAP) interface is a licensed feature, requiring a separate license. For more information, see the ICAP Interface Support chapter of the System Enhanced Feature Configuration Guide.
Important: For information on obtaining and installing licenses, refer to Managing License Keys in the System Administration and Configuration Guide.
• Session Controller (SessCtrl): The SessCtrl runs on the primary SPC/SMC and is responsible for managing ECS and URL Blacklisting services.
• Session Manager (SessMgr): A single SessMgr treats ECS charging and URL Blacklisting that is applicable to common subscriber sessions.Important: For information on WEM administration, refer to the Web Element Manager Installation and Administration Guide.
• Downloads the URL Blacklist database (cumulative.csv) from the specified source at configured schedule
• Converts the URL Blacklist database (cumulative.csv) file to Starent Format Master Database (SFMDB) file
Step 2 The WEM pushes the optblk.bin file to the chassis (to the flash/pcmcia device) at pre-determined intervals. The optblk.bin file contains the full blacklist. If this file is verified to be correct it replaces the optblk.bin file on the chassis, and the last optblk.bin is rolled over.Important: The URL Blacklisting feature is enabled only if the url-blacklisting action is set in any of the rulebases. Thus, the automatic detection of the Blacklist database, storing it in memory, and loading onto the SessMgrs will happen only if the url-blacklisting action is set in any of the rulebases.
Content Filtering policy enforcement is the process of deciding if a subscriber should be able to receive some content. Typical options are to allow, block, or replace/redirect the content based on the rating of the content and the policy defined for that content. For the list of content categories, refer to the Category List appendix in the Content Filtering Services Administration Guide.
• Reduced processing latency: In-line service processing eliminates unnecessary hand-offs and forwarding to external network elements.
• Simplified policy provisioning: Enables all policies like Content Filtering, ECS and QoS to be retrieved from same AAA/Policy Manager signaling interface thus reducing total volume of control transactions and associated delay.
• Simplified provisioning and complete service integration: Provisioning of separate resources like packet processing cards for processing subscriber data sessions and discrete services are eliminated. The same CPU can contain active Session Manager tasks for running Content Filtering and ECS charging.
• Integration with Content Service Steering (CSS) architecture: Enables applicable sessions to be forwarded to the in-line content filtering subsystem while delay and time sensitive voice/multimedia services immediately forwarded to Internet.
• Service control: Precise control over the interaction and service order handling of bearer flows with required applications like Content Filtering, ECS, Subscriber-aware Stateful Firewall, integrated Policy Charging and Rules Function (PCRF) for Service Based Bearer Control.Important: For more information on rulebases and rule definitions, refer to the Enhanced Charging Services Administration Guide.
• Session Controller (SessCtrl): The SessCtrl runs on the primary SPC/SMC and is responsible for managing ECS and Content Filtering services.
• Session Manager (SessMgr): A single SessMgr treats ECS charging and Content Filtering that is applicable to common subscriber sessions.
•Important: For more information on External Storage Systems, refer to the ESS Installation and Administration Guide.
Important: For information on WEM administration, refer to the Web Element Manager Installation and Administration Guide.
Step 4 AAA server processes the AAA Access Request from the Content Filtering subsystem to create the session, and the Policy Manager in AAA server uses subscriber identification parameters including NAI (username@domain), Calling Station ID (IMSI, MSID) and Framed IP Address (HoA) as the basis for subscriber lookup.
• Filter ID or Access Control List Name: Applied to subscriber session. It typically contains the name of the Content Service Steering (CSS) ACL. The CSS ACL establishes the particular service treatments such as Content Filtering, ECS, Traffic Performance Optimization, Stateful Firewall, VPN, etc. to apply to a subscriber session and the service order sequence to use in the inbound or outbound directions. Real-time or delay sensitive flows are directly transmitted to the Internet with no further processing required. In this case, no CSS ACL or Filter ID is included in the Access Response.
• SN-CF-Category-Policy: Applied to the subscriber content flow. Policy ID included in this attribute overrides the policy identifier applied to subscriber through rulebase or APN/Subscriber configuration. This content filtering policy determines the action to be taken on a content request from subscriber on the basis of its category. At anytime only one content filtering policy can be associated with a rulebase.
• SN1-Rulebase Name: This custom attribute contain information such as consumer, business name, child/adult/teen, etc.). The rulebase name identifies the particular rule definitions to apply. Rulebase definitions are used in ECS as the basis for deriving charging actions such as prepaid/postpaid volume/duration/destination billing and charging data files (EDRs/UDRs). Rulebase definitions are also used in content filtering to determine whether a type of user class such as teenagers should be permitted to receive requested content belonging to a particular type of category such as adult entertainment, gambling or hate sites. Rulebase definitions are generated in the Active Charging Configuration Mode and can be applied to individual subscribers, to domains or on per-context basis.For information on configuring the ICAP interface support for external ACF servers, refer to the ICAP Interface Support chapter of the System Enhanced Feature Configuration Guide.ESS supports generation of EDR/UDR/FDR (xDR) files from the chassis. To store generated xDR files, on the ASR 5000 chassis, the system allocates 512 MB of memory on the packet processing card’s RAM. The generated xDRs are stored in CSV format in the /records directory on the packet processing card RAM. These generated xDRs can be used for billing as well as for generation of reports to analyze network usage and subscriber trends. As this temporary storage space (size configurable) reaches its limit, the system deletes older xDRs to make room for new xDRs. Setting gzip file compression extends the storage capacity by approximately 10:1.For more information on the ESS, refer to the ESS Installation and Administration Guide.Important: The hardware required for these components may vary, depending on the number of clients that require access, components managed, and other variables like EDR generation rate or CDR storage and processing requirements.
Certain basic server requirements are recommended for WEM and inPilot to exploit the CF solution. For information on these system requirements, refer to WEM Installation and Administration Guide and inPilot Installation and Administration Guide.Important: You must ensure that the minimum system requirements are met before proceeding with the MCRDBS installation.
•
![]() |
Cisco Systems Inc. |
Tel: 408-526-4000 |
Fax: 408-527-0883 |