This document discusses Cubro's IMSI filtering solution implemented by a European mobile operator to filter signaling and user plane traffic for specific IMSIs, MSISDNs, or IMEIs while addressing challenges of high traffic volumes, mixed 3G and 4G technologies, and scalability. The solution uses Cubro tapping, aggregation, and filtering devices to separate, filter, load balance, and correlate signaling and user plane traffic across multiple sites and send matched traffic to monitoring tools. Key components are the EXA32100 for filtering, load balancing, and distributing traffic to EXA24160 Sessionmasters for IMSI filtering and output to analyzers.
LTE Location Management and Mobility Managementaliirfan04
Provides an overview of power management (connected and idle mode) and mobility management (both idle-mode mobility (cell selection and re-selection) and active mode (handovers).
It is a handbook of UMTS/WCDMA call flows for Handovers.
This document is originally edited by Justin MA and it is free to share to everyone who are interested.
All reference/resource are from internet. If there is any copy-right issue, please kindly inform Justin by majachang@gmail.com.
Thanks for your reading!
What are LPWA networks and what are their advantages ?
What are their characateristics in comparison with other telecom technologies ?
What are the differences between LPWA technologies, especially Sigfox and LoRa ?
Vision ONE enables security tools to gain reliable and efficient access to relevant data with minimal effort, ensuring that security solutions don't contain hidden blind spots.
LTE Location Management and Mobility Managementaliirfan04
Provides an overview of power management (connected and idle mode) and mobility management (both idle-mode mobility (cell selection and re-selection) and active mode (handovers).
It is a handbook of UMTS/WCDMA call flows for Handovers.
This document is originally edited by Justin MA and it is free to share to everyone who are interested.
All reference/resource are from internet. If there is any copy-right issue, please kindly inform Justin by majachang@gmail.com.
Thanks for your reading!
What are LPWA networks and what are their advantages ?
What are their characateristics in comparison with other telecom technologies ?
What are the differences between LPWA technologies, especially Sigfox and LoRa ?
Vision ONE enables security tools to gain reliable and efficient access to relevant data with minimal effort, ensuring that security solutions don't contain hidden blind spots.
Squire Technologies: Signal Transfer Point Presentation.
The SVI_STP provides a comprehensive future proof STP supporting legacy SS7 TDM, Next Generation IP SIGTRAN and IMS / LTE / 4G support. A mature, proven, carrier grade technology packed with feature rich capabilities derived from a decade of global deployments.
TADSummit, The MONEH Innovation Showcase chaired by James Body, Telet ResearchAlan Quayle
The MONEH Innovation Showcase chaired by James Body, Telet Research
The MONEH Innovation Showcase is aimed at fundamentally changing what it means to be a mobile network operator. James and the Telet Research team have been beavering away to implement a cloud based cellular core that supports Multi Operator Neutral Host (MONEH) operation. This means that any privately owned Radio Access Network with embedded Evolved Packet Core (EPC) will be able to accept inbound roaming traffic from other mobile network users. The demo will include production ready Acceleran radios with an embedded EPC from Quortus providing an LTE service, so members of the audience will have the opportunity to join the demo with their own mobiles! We’ll have voice and SMS services running live, and a host of other network and end user services. It will support inter-carrier signaling and a few other surprises. Programmable Telecoms is changing every aspect of our industry.
Some of the partners making this live demonstration possible include: Telet Research, Accelleran, Quortus, Simwood, Telestax, NG Voice, and Flowroute.
Intelligent Network Services through Active Flow ManipulationTal Lavian Ph.D.
Active Flow Manipulation Abstractions:
Aggregate data into traffic flows
Flows whose characteristics can be identified in real-time
E.g., “all UDP packets to a particular service”, “all TCP packets from a particular machine”.
Actions to be performed in the traffic flows
Actions that can be performed in real-time
E.g., “Change the priority of all traffic destined to a particular service on a particular machine”, “Stop all traffic out of a particular link of a router”.
WiFi 6, 802.11ax, 5G, LTE & How They'll Coexist: A discussion of current and future mobile technologies, how they're alike, how they'll complement one another and coexist, and how they'll enable the future IoT Network and the Network of Everything.
FS S5800 Series 48xGigabit SFP with 4x10GbE SFP+ Switch Katherine Wang
FS S5800 Series is high performance Ethernet switches to meet next generation Metro, Data Center and Enterprise Ethernet network requirements designed based on highend scalable chipset with integration of Layer 2 to Layer 4 packet processing engine, traffic management and fabric interface.
IEI has for decades been dedicated to industrial automation. IEI smart transportation solutions focus on railway, vehicle, and marine intelligent solutions. Smart transportation helps enterprise and people to improve efficiency during the journey from varied data acquisition, analysis, and precise prediction. Furthermore, with real-time streaming NVR (Network Video Recorder) logs, critical moments can be recorded when accident happens, therefore enhancing safety of drivers and passengers on the move.
IEI has a complete line of transportation products which are fanless and designed to resist vibration, shock, and extreme temperatures. IEI's transportation products support iRIS solution which is an easy way to remotely control and manage all your devices.
PLNOG 17 - Artur Kane - DDoS? You shall not pass!PROIDEA
From zero to hero. The story of technology startup from national academic network of the Czech Republic to world leader in Netflow/IPFIX. Flowmon is developing artificial inteligence that detects and responds to volumetric attacks. Flowmon DDoS Defender is an example how DDoS protection can be easy, efficient and flexible.
Monitor and manage everything Cisco using OpManagerManageEngine
Cisco, The leader in enterprise networking and communication technology exposes lot of proprietary and standard protocols/ technologies to monitor and manage its devices. To name few SNMP, CDP, NetFlow, NBAR, CBQoS, IP SLA, & much more… Know how to monitor and manage everything Cisco using ManageEngine OpManager.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
1. IMSI, MS-ISDN & IMEI Filtering with
Cubro EXA24160 Sessionmaster
EXA24160 Deployment example at a European
Mobile Operator
May 2018
www.cubro.com
2. Purpose of this presentation
This presentation explains the concept of IMSI
Filtering using Cubro products.
It describes the entire Cubro solution from layer 1
tapping, aggregation, load-balancing to traffic
correlation as implemented by a European mobile
operator.
3. Project Goals
• Due to high traffic volume the monitoring
of all user plane traffic does not make
sense.
– And by law it is not allowed without specific
order from authority or agreement of the
user.
• However, for trouble-shooting a full call
monitoring/tracing is vital. Requires
both, signalling and user data of a
specific customer.
• Therefore, the customer requires an on-
demand IMSI filtering solution that
correlates signalling and user plane.
4. Challenges
• Find all signalling and user-
plane traffic of a specific IMSI,
MSISDN or IMEI.
– Total traffic volume several
hundred Gbps
– Mixed technology (3G & 4G)
• Security
– Highly sensitive information –
strict rules to access data
– User agreement to activate
monitoring (user support portal)
• Scalability
– Due to massive traffic growth
scalability is a must
5. Terms
• IMSI … International Mobile Subscriber Identity
– The IMSI is used to identify the user of a cellular network and
is a unique identification associated with all cellular networks.
The IMSI is usually provisioned in the SIM card.
• MSISDN … Mobile Station International Subscriber
Directory Number (=Telephone Number)
– MSISDN is a unique number identifying a subscriber in a
mobile network. Simply put, it is the mapping of the telephone
number to the SIM card in a mobile/cellular phone. The
MSISDN together with IMSI are two important numbers used
for identifying a mobile subscriber. A SIM has a unique IMSI
that does not change, while the MSISDN can change in time,
i.e. different MSISDNs can be associated with the SIM.
• IMEI … International Mobile Equipment Identity
– The IMEI is a unique number that identifies mobile devices
(=hardware identification). The IMEI number is used by a
mobile network to identify valid devices and therefore can be
used for stopping a stolen phone from accessing that network.
6. IMSI Filtering
• Throughout this presentation the term IMSI
Filtering means filtering out signalling plane and
user plane traffic of a specific user/call.
• This specific user can be identified by:
– IMSI
– MSISDN
– IMEI
7. Deployment Overview
vEPC
Site 1
vEPC
Site 2
vEPC
Central Site
Tapping
Aggregation
Tapping
Aggregation
Tapping
Aggregation
Filtering
Load-Balancing
IMSI Filtering
Traffic
Distribution
Monitoring Tools
8. Layer 1 Tapping at Site 1 and 2
• Cubro MTP TAP
– 4 MTP Links in 1/3 U 19”
– supports 40G and 100G
– totally passive and secure
Monitoring outputs
8 x 40G
4 x 40G live traffic
to Packetmaster EX20400
for Aggregation
9. Aggregation at Site 1 and 2
• Cubro Packetmaster EX20400
– 20 x 40G plus 4 x 40G/100G ports via QSFP/QSFP28
– 2,4Tbps throughput!
– Aggregation, Filtering, Load-balancing
– Managed via WebGUI and Cubro Vitrum
8 x 40G inputs
from MTP TAPs
4 x 100G
Load-balanced outputs
total traffic load about 240Gbps
• EX20400 aggregates all incoming
vEPC traffic of site 1 and 2 (user and
signaling) and load-balances it by
means of five tuple hashing.
– Filtering is not used have all traffic
available at Central Site.
Transport Network to Central Site
10. Central Site – Concept Overview
• Incoming interfaces (as per May 2018)
– 4 x 100G from Site 1 (vEPC 1)
– 4 x 100G from Site 2 (vEPC 2)
– 8 x 100G from Central Site (vEPC C)
• Total incoming traffic is approx. 400Gbps.
– Signalling (S11, GN-c, …) and User (GN-u and S1-U).
• Requirements
– Aggregate, Filter (Forward & Drop) and Load-balance
• Forward all signalling traffic to more than one output port for different
analysing systems including Cubro IMSI Filtering system.
– Total signalling is about 50Mbit/s
• Drop non-required user traffic (e.g. drop all traffic with DSCP=0)
– After drop filtering approx. 180Gbps remains (400Gbps incoming in total)
» All DSCP=0 packets are dropped
• Load-balance remaining user traffic to Cubro IMSI Filtering system
– Each IMSI Filter unit gets approx. 45Gbps user traffic
11. Drop (DSCP=0)
Signalling plane filters
(VLAN IDs, IP Addresses,
UDP Port 2123)
User plane filters (VLAN IDs, IP
Addresses, UDP Port 2152)
Load-balancing by means of
inner (user IP)
Cubro IMSI Filtering System
Cubro Mobile Probe
Multiplication and Distribution
Other Probes Other Probe Wireshark Server
Multiplication and Distribution
Central Site – Concept Overview
EXA24160
EXA32100
EX20400
EX20400
Signalling
User
12. Central Site – Connection Diagram
16 x 100G
4 x 100G from Site 1
4 x 100G from Site 2
8 x 100G local traffic
400Gbps in total • Filtering = Separation
signalling and user plane
• Drop non-required traffic
(DSCP=0)
• Load-balance user traffic
by means of GTP inner IP
4 x 40G user plane
load-balanced
4 x 40G user plane
load-balanced
Distribution
1 x 40G signalling plane
Break-out Box
converts MTP to LC
10G LC outputs to Monitoring Tools
IMSI Filtering (Signalling & User)
13. Central Site – Filtering & load-
balancing
• Core element is the Cubro EXA32100
– 32 x 40G/100G ports (can also be used as 128 x 10G solution)
– Filtering including GTP Layer; separates signalling
and user traffic.
– GTP Load-balancing based on inner (user) IP
address; distribute user traffic evenly to the
IMSI filtering solution.
• Load-balancing S1-U traffic by means of GTP
inner IP is the only feasible way to share user
traffic between the different IMSI Filter boxes!
14. Sessionmaster EXA32100
Filtering including GTP layer –
e.g. filter a full range if user IPs
Up to 8000 parallel filter rules
Aggregation
GTP Load-balancing by inner
(user IP)
All ports activated
All software activated
Low power design
Jumbo Frames 16000 Bytes
24MB Buffer for overload
protection
Packet load 6,4 Tbps
Ports 40 Gbit 32 QSFP
Ports 100 Gbit 32 QSFP28
GUI WEB/CLI/GUI
Packet buffer YES 24 MB
Delay < 700 ns
Dual Power YES
128 x 10 Gbit (with breakout)
All ports activated, no extra charge
15. IMSI Filtering Overview
• IMSI Filtering = ALL signalling and user packets of a
call.
• Requires to find signalling message that contains
the IMSI.
– Certain messages only include the IMSI information
• PDP Context Request (3G)
• Session Create Request (4G)
• After finding these messages a correlation
mechanism is required.
– Find ALL signalling and ALL user traffic data that
belong to this call
• Send all correlated packets to an external
analyser/probe.
16. Example - Session Create
Message
• Cubro EXA24160 Sessionmaster finds the message and
ALL other packets that belong to this call
17. IMSI Filtering Concept
• Every EXA24160 gets full signalling.
– Reason: It is unknown which EXA24160 will receive the user traffic
of a specific call
• User data packets are distributed (load-balanced) among the
EXA24160s by adding EXA24160s the solution is extremely
flexible in terms of traffic growth!!! Scalability.
Signalling
broadcast
User Load-balanced (GTP
inner IP)
Signalling User
18. Sessionmaster EXA24160
2 x Octeon III CN7890 CPU (48 cores each) consider as
two independent units
4 x 40G ports and 24 x 10G ports per EXA24160
1U 19” dual power supply
Up to 120Gbps L4 filtering performance
Up to 120Gbps GTP inner IP filtering performance
Up to 120Gbps GTP inner IP Load-balancing
Up to 100G mobile data correlation (=IMSI Filtering)
Up to 100000 IMSIs in parallel
Up to 80Gbps keyword search performance
Up to 30 Gbps flow-aware REGEX performance
GTP, Correlation and REGEX in one unit
19. Current traffic volume
• Every EXA24160 needs to run the same configuration.
– Unknown which EXA24160 gets the traffic. Thus it is also
unknown where the traffic is sent out.
• Keep the EXA24160 synchronized!
User-plane: approx. 23Gbps per port(about 180Gbps in total)
Signalling-plane: approx. 50Mbps per port
Filtered outputs - connected to distribution layer (Cubro EX20400)
to multiply traffic when needed and to connect
parallel monitoring systems. Output bandwidth
depends on the number of IMSIs filtered (up to 100000)
20. Why traffic distribution layer?
• Full flexibility – just add new probes/analyzers
– Straight forward way to multiply traffic.
• Scalable – Cubro solution can easily grow when
traffic increases; just add new EXA24160 when
traffic goes beyond 200Gbps.
21. System Management
• Central software that controls all units.
– Keep configurations consistent.
– Management of filter rules
– Highly protected to avoid misuse
– Security logs
Output bandwidth monitoring IMSI filter setup
22. Summary
• Future-proof (investment protected).
– Just add EXA24160s when traffic grows.
• Easy to use and straight forward to
implement.
• Flexible – add/remove probes/analyzers
without affecting others.
• Full solution from Layer 1 tapping to traffic
correlation from a single vendor.
23. Thank you
EMEA
Cubro Network Visibility
Ghegastraße 1030 Vienna,
Austria
Tel.: +43 1 29826660
Fax: +43 1 2982666399
Email: support@cubro.com
Cubro US
337 West Chocolate Ave
Hershey, PA 17033
Tel.:717-576-9050
Fax.: 866-735-9232
Email: support@cubro.com
Cubro Asia Pacific
8, Ubi Road 2 #04-12 Zervex
Singapore 408538
Tel.: +65-97255386
Email: jl@cubro.com
North America APAC Japan
Cubro Japan
8-11-10-3F, Nishi-Shinjuku,
Shinjuku,
Tokyo, 160-0023 Japan
Email: japan@cubro.com