Implementation Of Aes Encryption - Cisco ASR 5000 Series Administration Manual
Enhanced charging services
Hide thumbs
Also See for ASR 5000 Series:
- Product overview (992 pages) ,
- Administration manual (509 pages) ,
- Installation manual (317 pages)
Table of Contents
Advertisement
Enhanced Charging Service Overview
The following configuration is currently used for hundreds of URLs:
ruledef HTTP://AB-WAP.YZ
www url starts-with HTTP://CDAB-SUBS.OPERA-MINI.NET/HTTP://AB-WAP.YZ
www url starts-with HTTP://AB-WAP.YZ
multi-line-or all-lines
exit
In the above ruledef:
The HTTP request for the URL "http://ab-wap.yz" is first sent to a proxy "http://cdab-subs.opera-mini.net/".
The URL "http://cdab-subs.opera-mini.net/" will be configured as a prefixed URL.
Prefixed URLs are URLs of the proxies. A packet can have a URL of the proxy and the actual URL contiguously. First
a packet is searched for the presence of proxy URL. If the proxy URL is found, it is truncated from the parsed
information and only the actual URL (that immediately follows it) is used for rule matching and EDR generation.
The group-of-ruledefs can have rules for URLs that need to be actually searched (URLs that immediately follow the
proxy URLs). That is, the group-of-prefixed-URLs will have URLs that need to be truncated from the packet
information for further ECS processing, whereas, the group-of-ruledefs will have rules that need to be actually searched
for in the packet.
URLs that you expect to be prefixed to the actual URL can be grouped together in a group-of-prefixed-URLs. A
maximum of 64 such groups can be configured. In each such group, URLs that need to be truncated from the URL
contained in the packet are specified. Each group can have a maximum of 10 such prefixed URLs. By default, all group-
of-prefixed-URLs are disabled.
In the ECS rulebase, you can enable/disable the group-of-prefixed-URLs to filter for prefixed URLs.
Important:
"http://www.xyz.com/http://www.abc.com". Here, "http://www.xyz.com" will be stripped off. But in
"http://www.xyz.com/www.abc.com", it cannot detect and strip off "http://www.xyz.com" as it looks for occurrence of
"http" or "https" within the URL.
Implementation of AES Encryption
URL redirection is used for user equipment (UE) self-activation, along with pre-paid mobile broadband and other
projects.
In the current implementation, when a URL redirection occurs, additional dynamic fields such as MSISDN, IMEI, and
username can be appended to the redirection URL for use by the IT portal during the account activation process. StarOS
currently supports URL encryption of attributes within the redirection by using Blowfish (64 and 128 bit keys)
encryption. It also provides the ability to encrypt either single or multiple concatenated plain text fields. However,
Blowfish is no longer considered robust and thus operator now has the option to augment the security of these
redirection parameters with a more robust encryption based on AES Encryption.
For URL encryption, AES is an additional option along with Blowfish. The operator has flexibility of choosing the
encryption mechanism— Blowfish or AES. This is achieved using CLI and there are no changes done to the dynamic
fields. The operator can have different encryption for different rules configurable using CLI.
A prefixed URL can be detected and stripped if it is of the type
Cisco ASR 5x00 Enhanced Charging Services Administration Guide ▄
Enhanced Features and Functionality ▀
53
Advertisement
Table of Contents
