Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Using COTS Routers for Lawful Intercept Annual Member Meeting.

Similar presentations


Presentation on theme: "Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Using COTS Routers for Lawful Intercept Annual Member Meeting."— Presentation transcript:

1 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Using COTS Routers for Lawful Intercept Annual Member Meeting February 8, 2006

2 2 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net ETSI Reference Model Law Enforcement Agency Service Provider HI1: Warrant Related Information HI2: Intercept Related Information HI3: Content of communication LEA Monitoring System Intercept Related Mediation System Content Mediation System Administration system Access Network Juniper Experiences From the Field  In-band versus out-of-band approaches  Features used to support LI  Mediation device control interface

3 Out-of-band (Passive Monitoring)  Implement an out-of- band infrastructure with signal splitters  User proximity improves selectivity Dynamic address changes Asymmetric routing Multicast  Sometimes preferred for operational isolation 3 Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Storage and Analysis Data handler (multiple) Signal Splitter

4 4 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net In-band (Active Monitoring)  Use existing network elements  Independent of network access technology Supports POTS, ISDN, xDSL, Cable, Wireless  Provides cost reduction, implementation speed Preferred for this reason where feasable Storage and Analysis User Data Replicated Data

5 5 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Feature: Selection  Useful for both in-band and out-of-band  Channelization Select among TDM’d, DLCI, ATM VC, or 802.1q VLANs  Mature packet filtering capability required for security and features Very high performance Highly flexible and proven IPv6 ready  Can be combined arbitrarily  Dynamic Flow Capture (DFC): Identify flows that match one or more dynamic filter criteria and forward to one or more destinations. Passive monitoring Filter criteria are dynamically added (not in configuration) Activate filter within 50ms of criterion add request IP TCP Ver IHL ToS Total Len ID Fragmentation TTL Proto Hdr Checksum Source Address Destination Address Source Port Dest Port Sequence Number Acknowledgement Number Offset Flags Window Checksum Urgent Pointer Select Selected Packets All packets on aggregated link Intercept with external splitter or in-band packet replication Sample Filterable fields

6 6 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Feature: Replicatoin  Useful for both in-band and out-of-band  Up to 16 copies of the same packet Each copy can be encapsulated and forwarded independently  No performance impact Ideally suited shared memory architecture One or more copies Selected Packets Replication

7 7 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Feature: Distribution  Useful for both in-band and out-of-band Enables reuse of data network for distribution  Multiple encapsulations supported GRE IPSec (3DES/AES) Layer 2 VPNs Selected packets and/or flow records Tunnel Packet tunneled to LEMF Packet New Header

8 8 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Example 1 Signal Splitter Juniper Router To Law Enforcement Facilities Separate Distribution Network Service Network Decapsulate 1. Choose sub- interface Select Circuit Select Packets Replicate 2. Remove link layer header 3. Filter on src/dest address 4. Create 3 copies of the packets 5. Send each copy to diferent LEMF in GRE tunnel Distribute

9 9 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Example 2 To Law Enforcement Monitoring Facilities Service Network Every M-series router can act as an IAP To Law Enforcement Monitoring Facilities DecapsulateSelectReplicate Summarize Distribute 1. Remove MPLS headers 2. Select based on IP address and port 3. Create extra copy of packet 4. Create flow records from one copy 5. Encrypt packets and flow records in IPSec 3DES tunnels and send to LEMF

10 10 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Mediation Device Control Interface  JUNOScript is already there  Layered Interface Design TCP/IP based SSL or plain text (for troubleshooting) Easy-to-use XML-based data format / RPC invocation readily adapts to new complex data structures  Mature standards-based solution Juniper supported for over 6 years See: prot-01.txt

11 11 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Included API  Object-oriented PERL  Easy library for retrieving data and manipulating results  Numerous examples my $res = $jnx->$query( %queryargs ); unless ( ref $res ) { die “FAIL CMD[$deviceinfo{hostname}] $query.\n";}

12 12 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Example Exchange M10iMediation Server 7.3I0 [sisyphus]. at-1/2/1 up ATM-PVC I0 [sisyphus]. at-1/2/1 up ATM-PVC 4482

13 13 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Summary  Router based lawful intercept provides numerous advantages over dedicated hardware Higher flexibility Less time to implement and manage Lower costs  Juniper E, M, and T series routers provide a set of functional building blocks to support any LI application  JUNOScript is well suited for a mediation interface

14 Ben Eater


Download ppt "Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Using COTS Routers for Lawful Intercept Annual Member Meeting."

Similar presentations


Ads by Google