IMPORTANT:
Installing the ECS License
Creating the ECS Administrative User Account
configure
context
local
administrator <user_name> password <password> ecs
end
Enabling Active Charging
configure
require
active-charging
context local
interface <interface_name>
ip
address <ipv4/ipv6_address> <ipv4/ipv6_address/mask>
exit
server
ftpd
end
Activating P2P Analyzer
Configuring the EDR Flow Format
configure
active-charging
service <service_name>
edr-format <edr_format_name> [ -noconfirm ]
attribute <attribute> { [ format { MM/DD/YY-HH:MM:SS | MM/DD/YYYY-HH:MM:SS | YYYY/MM/DD-HH:MM:SS | YYYYMMDDHHMMSS | seconds } ] [ localtime ] | [ { ip | tcp } { bytes | pkts } { downlink | uplink } ] priority <priority> }
rule-variable <protocol> <rule> priority <priority>
rule-variable
traffic-type priority <priority>
rule-variable
voip-duration priority <priority>
event-label <event-label> priority <priority>
end
configure
active-charging
service ecs_svc1
edr-format edr_flow_format
attribute sn-start-time format seconds priority 10
attribute sn-end-time format seconds priority 20
attribute radius-calling-station-id priority 30
rule-variable ip server-ip-address priority 60
attribute sn-server-port priority 70
attribute sn-app-protocol priority 80
attribute sn-parent-protocol priority 81
rule-variable ip protocol priority 82
rule-variable p2p protocol priority 90
attribute sn-volume-amt ip
bytes uplink priority 100
attribute sn-volume-amt ip
bytes downlink priority 110
attribute sn-volume-amt ip
pkts uplink priority 120
attribute sn-volume-amt ip
pkts downlink priority 130
rule-variable bearer 3gpp charging-id priority 140
rule-variable bearer 3gpp imei priority 141
rule-variable bearer 3gpp rat-type priority 142
rule-variable bearer 3gpp user-location-information priority 143
rule-variable
traffic-type priority 160
rule-variable
voip-duration priority 170
end
configure
active-charging
service ecs_svc1
edr-format edr_http_format
attribute sn-start-time format seconds priority 10
attribute sn-end-time format seconds priority 20
attribute radius-calling-station-id priority 30
rule-variable ip server-ip-address priority 50
rule-variable http host priority 70
rule-variable http content type priority 80
attribute transaction-downlink-bytes priority 90
attribute transaction-uplink-bytes priority 100
attribute transaction-downlink-packets priority 110
attribute transaction-uplink-packets priority 120
rule-variable bearer 3gpp charging-id priority 130
end
Configuring Deep Packet Inspection
Configuring Routing Rule Definition
configure
active-charging
service <service_name>
ruledef <ruledef_name>
<protocol> <expression>
<operator> <condition>
rule-application routing
end
configure
active-charging
service srv1
ruledef
http_anymatch
http
any-match = TRUE
exit
ruledef
icmp_anymatch
icmp
any-match = TRUE
exit
ruledef
ip_anymatch
ip
any-match = TRUE
exit
ruledef
mms_anymatch
mms
any-match = TRUE
exit
ruledef
rr_http_80
tcp
either-port = 80
rule-application
routing
exit
ruledef
rr_http_8080
tcp
either-port = 8080
rule-application
routing
exit
ruledef
rr_mms_http_ct
http
content type = application/vnd.wap.mms-message
rule-application
routing
exit
ruledef
rr_mms_http_url
http
url ends-with .mms
rule-application
routing
exit
ruledef
rr_mms_wsp_ct
wsp
content type = application/vnd.wap.mms-message
rule-application
routing
exit
ruledef
rr_mms_wsp_ct_uri
rule-application
routing
exit
ruledef
rr_mms_wsp_url
wsp
url ends-with .mms
rule-application
routing
exit
ruledef
rr_wsp_cl_dst_port
udp
dst-port = 9200
rule-application
routing
exit
ruledef
rr_wsp_cl_src_port
udp
src-port = 9200
rule-application
routing
exit
ruledef
rr_wsp_co_dst_port
udp
dst-port = 9201
rule-application
routing
exit
ruledef
rr_wsp_co_src_port
udp
src-port = 9201
rule-application
routing
exit
end
Configuring Rulebase
configure
active-charging
service <service_name>
rulebase <rulebase_name> [ -noconfirm ]
route
priority <priority> ruledef <ruledef_name> analyzer <analyzer> [ description ]
rtp
dynamic-flow-detection
flow
end-condition handoff timeout normal-end-signaling session-end edr edr_format_name
edr transaction-complete
http edr-format edr_format_name
end
configure
active-charging
service ecs_svc1
rulebase p2p-rb
flow
end-condition handoff timeout normal-end-signaling session-end edr edr_flow_format
action
priority 4 ruledef rtsp_setup charging-action
standard
action
priority 5 ruledef rtsp_play charging-action
standard
action
priority 6 ruledef rtsp_teardown charging-action
standard
action
priority 7 ruledef rtsp_anymatch charging-action
standard
action
priority 10 ruledef sip_anymatch charging-action
handshake
action
priority 11 ruledef rtp_anymatch charging-action
handshake
action
priority 12 ruledef udp_anymatch charging-action
handshake
action
priority 13 ruledef tcp_anymatch charging-action
handshake
action
priority 16 ruledef mms_anymatch
charging-action policy1
action
priority 60 ruledef http_anymatch
charging-action standard
action
priority 95 ruledef udp_anymatch
charging-action standard
action
priority 99 ruledef icmp_anymatch
charging-action standard
action
priority 100 ruledef ip_anymatch charging-action
handshake
action
priority 990 ruledef tcp_anymatch charging-action
standard
action
priority 1000 ruledef ip_anymatch charging-action
standard
route
priority 1 ruledef rr_wsp_co_src_port analyzer wsp-connection-oriented
route
priority 2 ruledef rr_wsp_co_dst_port analyzer wsp-connection-oriented
route
priority 3 ruledef rr_wsp_cl_src_port analyzer wsp-connection-less
route
priority 4 ruledef rr_wsp_cl_dst_port analyzer wsp-connection-less
route
priority 5 ruledef rr_http_80 analyzer http
route
priority 6 ruledef rr_http_8080 analyzer http
route
priority 7 ruledef rr_mms_http_ct analyzer mms
route
priority 8 ruledef rr_mms_http_url analyzer mms
route
priority 9 ruledef rr_mms_wsp_ct analyzer mms
route
priority 10 ruledef rr_mms_wsp_url analyzer mms
route
priority 11 ruledef rr_mms_wsp_ct_uri analyzer mms
route
priority 60 ruledef sip_src analyzer sip
route
priority 65 ruledef sip_dst analyzer sip
route
priority 70 ruledef rtsp_src analyzer rtsp
route
priority 75 ruledef rtsp_dst analyzer rtsp
route
priority 250 ruledef sdp_route analyzer sdp
rtp
dynamic-flow-detection
edr
transaction-complete http edr edr_http_format
edr
voip-call-end edr edr_flow_format
udr
threshold interval 60
udr
threshold volume total 100000
p2p
dynamic-flow-detection
end
Configuring Tethering Detection Feature
configure
active-charging
service <ecs_service_name>
tethering-database [ os-signature <os_signature_db_file_name> | tac <tac_db_file_name> | ua-signature <ua_signature_db_file_name> ] +
ruledef <tethering_detection_ruledef_name>
tethering-detection { flow-not-tethered | flow-tethered }
exit
rulebase <rulebase_name>
tethering-detection [ os-db-only | ua-db-only ]
action
priority <priority> ruledef <tethering_detection_ruledef_name> charging-action <charging_action_name>
...
end
Sample Configurations
configure
active-charging
service ecs_service
tethering-database
ruledef
tethered-traffic
tethering-detection
flow-tethered
tcp
any-match = TRUE
exit
ruledef
ftp-pkts
ftp
any-match = TRUE
exit
ruledef
http-pkts
http
any-match = TRUE
exit
ruledef
tcp-pkts
tcp
any-match = TRUE
exit
ruledef
ip-pkts
ip
any-match = TRUE
exit
ruledef
http-port
tcp
either-port = 80
rule-application
routing
exit
ruledef
ftp-port
tcp
either-port = 21
rule-application
routing
exit
charging-action
premium
content-id
1
retransmissions-counted
billing-action
egcdr
exit
charging-action
standard
content-id
2
retransmissions-counted
billing-action
egcdr
exit
rulebase
consumer
tethering-detection
action
priority 10 ruledef tethered-traffic charging-action premium
action
priority 20 ruledef ftp-pkts charging-action standard
action
priority 30 ruledef http-pkts charging-action standard
action
priority 40 ruledef tcp-pkts charging-action standard
action
priority 50 ruledef ip-pkts charging-action standard
route
priority 80 ruledef http-port analyzer http
exit
rulebase
default
end
configure
active-charging
service ecs_service
tethering-database
ruledef
ftp-pkts
ftp
any-match = TRUE
exit
ruledef
ftp-pkts-tethered
ftp
any-match = TRUE
tethering-detection
flow-tethered
exit
ruledef
http-pkts
http
any-match = TRUE
exit
ruledef
http-pkts-tethered
http
any-match = TRUE
tethering-detection
flow-tethered
exit
ruledef
tcp-pkts
tcp
any-match = TRUE
exit
ruledef
tcp-pkts-tethered
tcp
any-match = TRUE
tethering-detection
flow-tethered
exit
ruledef
ip-pkts
ip
any-match = TRUE
exit
ruledef
ip-pkts-tethered
ip
any-match = TRUE
tethering-detection
flow-tethered
exit
ruledef
http-port
tcp
either-port = 80
rule-application
routing
exit
ruledef
ftp-port
tcp
either-port = 21
rule-application
routing
exit
charging-action
premium-http
content-id
10
retransmissions-counted
billing-action
egcdr
exit
charging-action
premium-ftp
content-id
20
retransmissions-counted
billing-action
egcdr
exit
charging-action
premium
content-id
1
retransmissions-counted
billing-action
egcdr
exit
charging-action
standard
content-id
2
retransmissions-counted
billing-action
egcdr
exit
rulebase
consumer
tethering-detection
action
priority 10 ruledef ftp-pkts-tethered charging-action premium-ftp
action
priority 20 ruledef ftp-pkts charging-action standard
action
priority 30 ruledef http-pkts-tethered charging-action premium-http
action
priority 40 ruledef http-pkts charging-action standard
action
priority 50 ruledef tcp-pkts-tethered charging-action premium
action
priority 60 ruledef tcp-pkts charging-action standard
action
priority 70 ruledef ip-pkts-tethered charging-action premium
action
priority 80 ruledef ip-pkts charging-action standard
route
priority 80 ruledef http-port analyzer http
exit
rulebase
default
end
EDR Module Configuration
configure
context <context_name>
edr-module
active-charging-service
file
name <file_name> rotation volume <file_size_bytes> rotation time <file_complete_seconds> rotation num-records <records_number> storage-limit <storage_limit_bytes> headers reset-indicator
edr-format-name trap-on-file-delete compression gzip file-sequence-number
rulebase-seq-num
cdr [ push-interval <interval> | remove-file-after-transfer | transfer-mode { pull | push
primary { encrypted-url <enc_url> | url <url> } [ secondary { encrypted-secondary-url <enc_sec_url> | url <sec_url> } ] } + | use-harddisk ]
end
IMPORTANT:
IMPORTANT:
configure
context test
edr-module
active-charging-service
file
name EDRFILE rotation
num-records 10000 storage-limit 268435456 headers
reset-indicator trap-on-file-delete compression gzip file-sequence-number
rulebase-seq-num
cdr
transfer-mode push primary url sftp://root:nulink@10.4.72.54/inpilot-local/Ash_Test/starbi/server/data
via local-context
cdr
push-interval 60
cdr
remove-file-after-transfer
cdr
use-harddisk
end
configure
context local
edr-module
active-charging-service
file
name EDRFILE1 rotation
time 300 rotation
num-records 10000 storage-limit 268435456 headers
reset-indicator trap-on-file-delete compression gzip file-sequence-number
rulebase-seq-num
cdr
remove-file-after-transfer
cdr
use-harddisk
end
Pushing EDR/UDR Files Manually
cdr-push { all | local-filename <file_name> }
Configuring EDR Download Permission
Configuring Bulkstats Schemas Using GUI
IMPORTANT:
IMPORTANT:
configure
context
local
ssh
generate key type v2-rsa
ssh
generate key type v2-dsa
end
configure
context
local
server
sshd
end
configure
context
local
administrator
staradmin password test ftp
end
IMPORTANT:
Supported Bulkstat Schemas
Supported SNMP Traps
IMPORTANT:
Script | Default Value of Tasklag Time (in sec/min) |
---|---|
Edr Normalization | 300 (5 min) |
Http Edr Normalization | 300 (5 min) |
CF Edr Normalization | 300 (5 min) |
Protocol Summary | 1800 (30 min) |
Port Aggregation | 1800 (30 min) |
Subscriber Aggregation (minutely) | 1800 (30 min) |
Subscriber Aggregation (hourly) | 3600 (60 min) |
Flow Count | 1800 (30 min) |
Http Host Aggregation (minutely) | 7200 (120 min) |
Http Content Summary | 7200 (120 min) |
Http Host Aggregation (hourly) | 7200 (120 min) |
IMPORTANT:
IMPORTANT:
IMPORTANT:
IMPORTANT:
IMPORTANT:
IMPORTANT: