ETSI X1
Lawful Interception (LI) involves defined interfaces between Law Enforcement Agencies (LEAs) and Communication Service Providers (CSPs), commonly referred to as handover interfaces. Within the CSP domain, LI defines the following three interfaces:
-
X1 for interception management and administrative control
-
X2 for delivery of intercept-related information (IRI)
-
X3 for delivery of intercepted content (CC)
RBFS implements the X1 interface in compliance with ETSI TS 101 671. This interface is used for provisioning, modifying, and terminating interception sessions and forms the control plane between the LI management system and RBFS.
Refer to the “LIX1 Configuration” section below for details on configuring the LIX1 administration interface.
LIX1 Configuration
In this section, you will find the configurations related to the LIX1 interface.
Syntax:
set lawful-intercept protocol <protocol-name> <attribute> <value>
Attribute | Description | ||
---|---|---|---|
<protocol-name> |
Enables lawful intercept on the switch. Supported Value: x1. |
||
administrative-function-endpoint <administrative-function-endpoint> |
Specifies the ADMF endpoint URL for sending requests. |
||
administrative-function-id <administrative-function-id> |
Specifies the ADMF identifier. |
||
mediation-device-instance <mediation-device-instance> |
Specifies the routing instance that hosts the mediation devices. |
||
mutual-tls |
Global mutual TLS configuration. |
||
mutual-tls client authentication <certificate-name> |
(Optional) Name of the certificate. |
||
mutual-tls client authentication <certificate-name> certificate <certificate> |
(Optional) Specifies the certificate PEM data in base64 encoding. If this value is not specified, it defaults to the server certificate. |
||
mutual-tls client authentication <certificate-name> key-encrypted-text <key-encrypted-text> |
(Optional) Specifies the Certificate key in an encrypted format. |
||
mutual-tls client authentication <certificate-name> key-plain-text <key-plain-text> |
(Optional) Specifies the Certificate key in base64 encoding. If this value is not specified, it defaults to the server authentication key. |
||
mutual-tls client root-ca <root-ca> |
(Optional) Specifies the trusted CA in base64 encoding. This is mandatory for a self-signed certificate. |
||
mutual-tls server certificate <certificate> |
Specifies the certificate PEM data in base64 encoding. |
||
mutual-tls server client-ca <client-ca> |
Specifies the trusted client CAs in base64 encoding. |
||
mutual-tls server key <key-encrypted-text> |
Specifies the certificate key in base64 encoding. |
||
network-element-id <network-element-id> |
The network element ID of the network element in the ADMF. |
||
network-element-path <network-element-path> |
(Optional) The context-path for all incoming protocol requests. Default: /X1/NE. |
||
sync-timeout <5-60> |
(Optional) The maximum interval for completing protocol requests synchronously in seconds. Default: 5. |
||
async-timeout <10-120> |
(Optional) The maximum interval for completing protocol requests asynchronously in seconds. Default: 15 seconds. |
||
hold-time <60-86400> |
(Optional) Specifies the hold time in seconds for the LI tasks if no keepalive messages are seen from ADMF. Default: 3600 seconds.
|