[c-nsp] What are other SPs doing about CALEA?
Robert Blayzor
rblayzor at inoc.net
Wed Feb 7 07:18:10 EST 2007
Justin Shore wrote:
> Right, that what I was getting at. All our telephony services are
> either traditional POTS, voice over cable, or voice along side DSL and
> punted to the class-4 switches using SIP. Other voice traffic is not
> our specific concern. A CALEA request for the data would cover
> everything but our telephony and a request for the voice wouldn't matter
> in what we connect to the customer. It still gets picked up on one of
> our soft switches.
Your switch, no problem. But if you're a facilities based broadband
provider, even if you do not provide VoIP it's now your responsibility
to intercept the voice at your expense for the government. Thanks
Vonage and the like! ;-)
> That's rather the point though. CALEA will cover all data on May 14th.
> CALEA is no longer only voice. That's why the mailing lists are buzzing
> with CALEA discussions.
If thats true then all of the Cisco LI code is non-compliant as the last
thing I read it was VoIP only and did not currently support data.
Perhaps that's changed but that's what I just recently found right off CCO.
> As far as communication within a non-LI router, we're still trying to
> figure out what to do. We won't spend a couple hundred-thousand dollars
> to replace everything that won't do LI. Neither will anyone else.
Look on the bright side, if for some reason they make a request, and you
can't fill it, the fine can be up to $10k a day until you do.
> It's not a problem for cable systems. By their very nature for one CPE
> to talk to another CPE it must first pass through the upstream interface
> on the CMTS and be switched back out the appropriate downstream
> interface. There is no direct CPE to CPE communication. Fortunately
> our Arris CMTSs are LI-capable.
Good to know. I don't do a lot with DOCSIS or CMTSs, all of the
broadband we do is PPPoX, so they all come back to one point.
> That seems to be ideal way of doing it. The classic LI example is that
> someone commands the MD to get Joe Blow's voice or data or both. The MD
> learns where Joe Blow is currently connect to the network via the AAA
> server. The MD issues the LI request to the edge device via SNMPv3 and
> tell it to copy the MD on Joe Blow's traffic. The MD then punts that
> off to the appropriate LEA. Of course few devices actually support LI
> so this is in all practicality simple not possible. It sure does sound
> good on paper though.
Right. I'm getting more info on this myself. I believe the LEA will
make the request, and in that request, they should probably have the
connection/VPN info on where to send the data too. (one would think) I
think overall there is just a lot of concern on the costs to become
fully compliant... we're spending quite a bit of money for LI licenses
and replacing network processors and such that will support it.
> We're not terribly large either. Initially the cost of bringing an
> outside vendor appeared to be the same as buying a MD ourselves. Now
> the MD appears to be cheaper. We still don't have the underlying design
> ready though. So much to do...
Check out Verint's Star-Gate Lite. That seems to be geared for the
tier2/3 provider.
--
Robert Blayzor, BOFH
INOC, LLC
rblayzor\@(inoc.net|gmail.com)
PGP: 0x66F90BFC @ http://pgp.mit.edu
Key fingerprint = 6296 F715 038B 44C1 2720 292A 8580 500E 66F9 0BFC
Memory dump: Amnesia...
More information about the cisco-nsp
mailing list