|
•
|
Cisco PID [ ASR5K-00-CSXXBLIS ] Blacklisting Integrated Service, or Starent part number [ 600-00-7801 ] Blacklisting Integrated Service.
Cisco PID [ ASR5K-00-CS01ICFS ] Integrated Content Filtering Service, 1k Sessions, or Starent part number [ 600-00-7586 ] Integrated Content Filtering Service, 1k Sessions
Cisco PID [ ASR5K-00-CS01ICFP ] Integrated Content Filtering Provisioned Svc, 1k Sess, or Starent part number [ 600-20-0109 ] Integrated Content Filtering Provisioned Service, 1k Sessions
Important: External Content Filtering Server support through Internet Content Adaptation Protocol (ICAP) interface is a licensed feature, requiring a separate license. For more information, see the ICAP Interface Support chapter of the Cisco ASR 5000 Series System Administration Guide.
Important: For information on obtaining and installing licenses, refer to the Managing License Keys section of the Software Management Operations chapter in the Cisco ASR 5000 Series System Administration Guide.
|
•
|
Session Controller (SessCtrl): The SessCtrl runs on the primary SPC/SMC and is responsible for managing ECS and URL Blacklisting services.
|
|
•
|
Session Manager (SessMgr): A single SessMgr treats ECS charging and URL Blacklisting that is applicable to common subscriber sessions.
|
Important: For information on WEM administration, refer to the Cisco Web Element Manager Installation and Administration Guide.|
•
|
Downloads the URL Blacklist database (cumulative.csv) from the specified source at configured schedule
|
|
•
|
Converts the URL Blacklist database (cumulative.csv) file to Starent Format Master Database (SFMDB) file
|
|
Step 2
|
The WEM pushes the optblk.bin file to the chassis (to the flash/pcmcia device) at pre-determined intervals. The optblk.bin file contains the full blacklist. If this file is verified to be correct it replaces the optblk.bin file on the chassis, and the last optblk.bin is rolled over.
|
Important: The URL Blacklisting feature is enabled only if the url-blacklisting action is set in any of the rulebases. Thus, the automatic detection of the Blacklist database, storing it in memory, and loading onto the SessMgrs will happen only if the url-blacklisting action is set in any of the rulebases.Content Filtering policy enforcement is the process of deciding if a subscriber should be able to receive some content. Typical options are to allow, block, or replace/redirect the content based on the rating of the content and the policy defined for that content. For the list of content categories, refer to the Category List appendix in this guide.
|
•
|
Reduced processing latency: In-line service processing eliminates unnecessary hand-offs and forwarding to external network elements.
|
|
•
|
Simplified policy provisioning: Enables all policies like Content Filtering, ECS and QoS to be retrieved from same AAA/Policy Manager signaling interface thus reducing total volume of control transactions and associated delay.
|
|
•
|
Simplified provisioning and complete service integration: Provisioning of separate resources like packet processing cards for processing subscriber data sessions and discrete services are eliminated. The same CPU can contain active Session Manager tasks for running Content Filtering and ECS charging.
|
|
•
|
Integration with Content Service Steering (CSS) architecture: Enables applicable sessions to be forwarded to the in-line content filtering subsystem while delay and time sensitive voice/multimedia services immediately forwarded to Internet.
|
|
•
|
Service control: Precise control over the interaction and service order handling of bearer flows with required applications like Content Filtering, ECS, Subscriber-aware Stateful Firewall, integrated Policy Charging and Rules Function (PCRF) for Service Based Bearer Control.
|
Important: Category-based Content Filtering can only work in static-only or in static-and-dynamic modes. Dynamic-only Content Filtering mode is not supported.The CF solution utilizes the services of TCP proxy to receive all the packets of a response and takes appropriate actions after rating the response. This functionality can be implemented for HTTP1.0 and HTTP1.1 protocols. For more information on the TCP Proxy feature and its implementation, refer to the Cisco ASR 5000 Series Enhanced Charging Services Administration Guide.
Important: For the dynamic CF to be functional, the TCP Proxy feature is required.TCP proxy must be enabled at rulebase level. When enabled in a rulebase, it is applied for subscribers using that rulebase. For information on how to configure TCP proxy, refer to the Configuring TCP Proxy for CF section in the Content Filtering Service Configuration chapter.
Important: In this release, the static CF rating works with both TCP proxy enabled and disabled, and the dynamic CF rating works only if TCP proxy is enabled. 
Important: Dynamic CF is performed only on those responses which are either rated DYNAM or UNKNOW during static rating.
Important: For more information on rulebases and rule definitions, refer to the Cisco ASR 5000 Series Enhanced Charging Services Administration Guide.|
•
|
Session Controller (SessCtrl): The SessCtrl runs on the primary SPC/SMC and is responsible for managing ECS and Content Filtering services.
|
|
•
|
Session Manager (SessMgr): A single SessMgr treats ECS charging and Content Filtering that is applicable to common subscriber sessions.
|
Important: To support dynamic rating, a minimum of three active packet processing cards are required, that will have one Dynamic SRDB. The number of Dynamic SRDBs may increase with an increase in the number of packet processing cards. The load for rating dynamic responses is distributed equally across all the Dynamic SRDBs created.
Important: For more information on External Storage Systems, refer to the Cisco ASR 5000 Series ESS Installation and Administration Guide.
Important: For information on WEM administration, refer to the Cisco Web Element Manager Installation and Administration Guide.For more information on the reports, refer to the Mobility Unified Reporting System Online Help documentation.
|
Step 4
|
AAA server processes the AAA Access Request from the Content Filtering subsystem to create the session, and the Policy Manager in AAA server uses subscriber identification parameters including NAI (username@domain), Calling Station ID (IMSI, MSID) and Framed IP Address (HoA) as the basis for subscriber lookup.
|
|
•
|
Filter ID or Access Control List Name: Applied to subscriber session. It typically contains the name of the Content Service Steering (CSS) ACL. The CSS ACL establishes the particular service treatments such as Content Filtering, ECS, Traffic Performance Optimization, Stateful Firewall, VPN, etc. to apply to a subscriber session and the service order sequence to use in the inbound or outbound directions. Real-time or delay sensitive flows are directly transmitted to the Internet with no further processing required. In this case, no CSS ACL or Filter ID is included in the Access Response.
|
|
•
|
SN-CF-Category-Policy: Applied to the subscriber content flow. Policy ID included in this attribute overrides the policy identifier applied to subscriber through rulebase or APN/Subscriber configuration. This content filtering policy determines the action to be taken on a content request from subscriber on the basis of its category. At anytime only one content filtering policy can be associated with a rulebase.
|
|
•
|
SN1-Rulebase Name: This custom attribute contain information such as consumer, business name, child/adult/teen, etc.). The rulebase name identifies the particular rule definitions to apply. Rulebase definitions are used in ECS as the basis for deriving charging actions such as prepaid/postpaid volume/duration/destination billing and charging data files (EDRs/UDRs). Rulebase definitions are also used in content filtering to determine whether a type of user class such as teenagers should be permitted to receive requested content belonging to a particular type of category such as adult entertainment, gambling or hate sites. Rulebase definitions are generated in the Active Charging Configuration Mode and can be applied to individual subscribers, to domains or on per-context basis.
|
For information on configuring the ICAP interface support for external ACF servers, refer to the ICAP Interface Support chapter of the Cisco ASR 5000 Series System Administration Guide.
ESS supports generation of EDR/UDR/FDR (xDR) files from the chassis. To store generated xDR files, on the ASR 5000 chassis, the system allocates 512 MB of memory on the packet processing card’s RAM. The generated xDRs are stored in CSV format in the /records directory on the packet processing card RAM. These generated xDRs can be used for billing as well as for generation of reports to analyze network usage and subscriber trends. As this temporary storage space (size configurable) reaches its limit, the system deletes older xDRs to make room for new xDRs. Setting gzip file compression extends the storage capacity by approximately 10:1.
For more information on the ESS, refer to the Cisco ASR 5000 Series ESS Installation and Administration Guide.
For more information, see the Configuring and Maintaining Bulk Statistics chapter of the Cisco ASR 5000 Series System Administration Guide.
Important: The hardware required for these components may vary, depending on the number of clients that require access, components managed, and other variables like EDR generation rate or CDR storage and processing requirements.Certain basic server requirements are recommended for WEM and MUR system to exploit the CF solution. For information on these system requirements, refer to Cisco Web Element Manager Installation and Administration Guide and Cisco Mobility Unified Reporting System Installation and Administration Guide.
Important: You must ensure that the minimum system requirements are met before proceeding with the MCRDBS installation.|
•
|
|
•
|
Important: For the MCRDBS 10.0 and earlier releases, it is recommended to use the hardware configurations of Dell PowerEdge 1950 server. 
Important: For the MCRDBS 11.0 and later versions, please use the hardware recommendations of X4270 server.