OpenCALEA
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
[OpenCALEA] Cisco SII tap agents
- From: Robert Blayzor
- Date: Mon Aug 13 21:14:57 2007
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws;s=beta; d=inoc.net;h=Received:Date:From:To:Subject;b=IW/bU/E0GVnKTfTvAxSpVAIFAaXmdPvnwBWKqLhHFnW76u9zFcWvZNA58ZJilm9Lc2kma6vn1PwM5xNZLeY3BnQduAlm1O79c/imipZmJ2xByTFWw4HQBHYZfay6N5OEN9DMkJ5D7TPMzmE8QlbtHUlLbjDmxxDvVbkH9p0JhIg=;
Hi list..
I've been following the OpenCALEA list for a couple of months now. It
seems things have stalled a bit due to everyone being busy; aren't we all!
Anyhow being a broadband service provider of course we're under the gun
to be CALEA compliant. The problem we've been finding is that current
mediation device implementations don't seem to be everything they claim
to be.
It seems to be the norm that if you just use Ethernet probes and
Ethernet taps that's all you need. However, if you're a service
provider that utilizes broadband aggregation routers, terminating lots
of PPPoX connections, the only real option to be 100% CALEA compliant is
either use something like Cisco SII or a very expensive passive optical
tap (or DS3, etc).
After having several proposals from the big Mediation Device vendors,
we've shot holes in every one of them. At least for us, they don't work
perfectly. So we're starting a new path that implements a multi-stage
approach of using a very simple, open provisioning interface, a
pluggable tap agent, a collector and a delivery method.
It seems that most of the approach is on collect and delivery, which
seems to be pretty much nailed down.
We have a couple of programmers (myself included) working on the tap
model for Cisco SII for starters. (only because we have so much of it
deployed). Cisco SII uses standard PCLI format for sending data to a
collector via UDP packets.
The initial goal is to have a trigger that will set the tap agent, ie:
manually or from a RADIUS server. The tap agent will then use SNMPv3 to
set the Cisco SII tap MIB to start an intercept. There is more that has
to happen, it gets complex when tracking and maintaining the taps
currently in progress.
The reason for this post is to see if anyone has actually been going
down the Cisco SII path as far as already having something developed
before we actually start recreating the wheel. If anyone else is
interested at some point when we have more, I can share here or you can
contact me off list.
onward....
--
Robert Blayzor
INOC
rblayzor@inoc.net
http://www.inoc.net/~rblayzor/
Earth is 98% full...please delete anyone you can.
|
