2.16.1 Feature Overview
vSTP provides the IR.21 Utility to read and record the information present in GSMA IR.21 document.
The SCPVAL GTT Action addresses the SS7 CAT2 security checks. This GTT action ensures that the MSU details such as, CGPA and IMSI belongs to same operator after validating it with the newly generated table.
The CAT2 SS7 functionality is described as follows:
Note:
The information can also be populated using MMIs. However, it is not the preferred method.The GTT is configured to enforce CAT 2 validation on the received MSUs. The validation is performed based on the data available in IR21RoutingInfo and IR21NetworkElement tables.
CAT2 SS7 Security Workflow
The following flow chart provides an overview of the CAT2 SS7 Security functionality:
Figure 2-33 CAT2 SS7 Security Workflow
- Conversion of IR21 xml file
- vSTP provides the IR21 Utility on SOAM. The IR21 Utility accepts operator IR21 input file in XML format and generate error message in case of no or other than IR21 XML files.
- The output is generated in the form of two CSV files named
IR21NetworkElement.csvandIR21RoutingInfo.csv. - The enteries in the CSV files have length based validation for all fields. For example, sender TADIG code and TADIG code must be of 5 digits, IMSI must be of 6 digits, Node Type must be of 1 digit, GT Address range must be of 15 digits.
- The
IR21NetworkElementtable stores value 0 for HLR and 1 for MGT. Therefore, no validation is performed on this value.
Note:
The IR21 utility supports parsing of 1000 IR.21.xml input files in alphabetical order in an instance. For more details on IR21 Utility, see GUI Configurations for CAT2 SS7 Security Support. - Bulk upload after conversion
The generated CSV files are imported using the Import option under Diameter Common on SOAM.
The following data is extracted from IR21 file and stored on vSTP:- Sender TADIG code (RAEX IR.21 Information) : It is retrieved from the RAEX IR21 FileHeader tag and used to identify the operator. It consist of two fields, with a total length of five characters consisting of three-character country code and a two character operator or company idenfier. Sender TADIG code is stored against each entry.
- Routing Information Data (Section ID 4) : It is a mandatory
section in IR21 document of the operator. The vSTP
IR21RoutingInfotable stores the MCC-MNC (E.212) along with TADIG code from this section. The vSTPIR21NetworkElementstores the CC-NC (from E.214) along with TADIG code from this section. - Network Element Information Data (Section ID 13) – It is an
optional section in IR21 document of the operator. The vSTP
IR21NetworkElementtable stores the HLR Node type GT address or Address range along with the TADIG code from this section.
- Validation
The SCPVAL GTT action validates that the MSU details: CgPA and IMSI belongs to same operator. The validation is performed using the data available in
IR21RoutingInfoandIR21NetworkElementtables.The following OPCODES are applicable for CgPA and IMSI validation:- provideRoamingNumber (4)
- provideSubscriberInfo (70)
- provideSubscriberLocation (83)
- cancelLocation (3)
- insertSubscriberData (7)
- deleteSubscriberData (8)
- getPassword (18)
- reset (37)
- activateTraceMode (50)
- unstructuredSS-Request (60)
- unstructuredSS-Notify (61)
- informServiceCentre (63)
- alertServiceCentre (64)
- setReportingState (73)
- remoteUserFree (75)
- istCommand (88)
- Mobile Country Code (MCC): Consists of 3 digits
- Mobile Network Code (MNC): Consists of 2 or 3 digits
- Mobile Subscriber Identification Number (MSIN): 9 or 10 digits
The MCC and MNC parameters (first 5-6 digits) determine the Operator ID. Hence, these values are used during CAT2 validation.
At first, the match is performed with 6 digit, and if the match is not found, then it is performed with 5 digits. In case, the match is not found, the validation gets failed.