HTTP header enrichment

AA ISA supports modifications of the HTTP header for traffic going to specific user configured sites (URLs/IPs) to add network-based information, such as subscriber ID, to the HTTP header. These sites use this information to authenticate the user or present the user with user-specific information and services.

Figure: HTTP enrichment

In Figure: HTTP enrichment, the operator configures the AA ISA to insert the subscriber ID into the HTTP header for all the HTTP traffic destined for the operator portal (designated by server IP or HTTP hostname). Traffic going to other destinations, such as yahoo.com, does not get enriched. To support this, AA introduces a new AQP action called HTTP_enrich that allows the operator to enrich traffic that satisfies the AQP-matching conditions.

The operator can configure multiple HTTP enrichment policies that are applied to traffic going to different destinations. For example, HTTP traffic destined for xyz.com, gets the user's IP inserted into the header, while traffic going to billing.xyz.com gets enriched with the subscriber ID and the user's IP address.

The AA ISA supports the insertion of one or more fields listed in Table: HTTP header enrichment fields and formats into the HTTP header.

Note: If a field that is supported in Fixed Wireless Access (FWA) mode only is used in another deployment mode, AA either enriches the header with the default value or the enrichment is not performed.
Table: HTTP header enrichment fields and formats
Field Format Supported in all deployments Supported in FWA mode only

apn

Complete APN string

apn-ni

APN Network Identifier (APN-NI) or the complete APN if AA cannot decode the APN properly

billing-type

4-byte value IE: 0001

dynamic-acr

Dynamic Anonymous Customer Reference (ACR)1

imei-hyphenated2

Subscriber's IMEI with format AABBBBBB-CCCCCC-EE

imei-sv

Subscriber's IMEI with format AABBBBBBCCCCCCEE

imsi2

Subscriber’s IMSI

msisdn

Subscriber’s MSISDN

msisdn-ts

Subscriber's MSISDN appended with the UNIX timestamp

msisdn-without-cc

Subscriber's MSISDN without the country code

pgw_ggsn_address

PGW IP Address in IPv4 or IPv6 format, if the user is not in 5G

UPF IP Address, if the user is in 5G

plmin-id

MCC/MNC values as defined in 3GPP 24.301

rat-type

4-byte value as defined in 3GPP 29.212

static-acr

Static ACR1

static-string2

As configured by the operator

subscriber-id

Subscriber’s ID

subscriber-ip

Subscriber’s IP address in IPv4 or IPv6 format

timestamp

8-byte UNIX timestamp when enrichment took place

user-location

See Table: User-location encoding and enrichment examples

user-location-3gpp

ULI encoded as defined in 3GPP TS2.061

user-location-raw2

ULI in raw format: <uli-type1>[+<uli-type2>]= <ULI data in hex>

Example:

x-locinfo: TAI+ECGI= 1300622c46130062014adf16

Table: User-location encoding and enrichment examples lists user-location encoding and enrichment examples.

Table: User-location encoding and enrichment examples
Identity-type format Enrichment example3

CGI

mcc-mnc-lac-ci

x-user-loc: CellId=310-053-01a1-100a

SAI

mcc-mnc-lac-sac

x-user-loc: ServiceId=310-054-01a2-200b

RAI

mcc-mnc-lac-rac

x-user-loc: RoutingId=310-066-01a3-300c

TAI

mcc-mnc-tac

x-user-loc: TrackingId=310-220-01a4

ECGI

mcc-mnc-eci

x-user-loc: EutranCellId=623-01-1234567

LAI

mcc-mnc-lac

Not supported

Not-available

x-user-loc: User Location unavailable

Note:

The text preceding an inserted field is fully configurable. For example, sub-ID = 1243534666 or x-sub-ID = 1243534666.

AA supports enrichment of all HTTP methods, such as GET, POST, and so on. AA enriches HTTP traffic without having to terminate the TCP session (for example, it does not act as a proxy). In this way, the AA enrichment function does not intervene with other TCP acceleration functions or appliances that could be deployed by the operator.

For configured enriched fields, operators can optionally configure AA ISA to perform MD5 hashing, RC4 encryption, AES encryption, and anti-spoofing. When hashing is configured, the operator can optionally configure a string which is appended to the parameter before being hashed.

To perform encryption, the operator can configure an encryption key, which is used to encrypt the header values using the RC4 or AES algorithm, or install a certificate and configure the header enrichment to use that certificate. In the case of certificate-based header enrichment, the system uses the key contained in the HTTP header and performs encryption using the RSA algorithm. The system supports a maximum of 20 certificate profiles per group.

Anti-spoofing, if enabled, ensures that only the fields enriched by AA are valid. Anti-spoofing is applicable only to the subscriber ID field.

AA statistics reflect post header enrichment packet sizes.

1 See ACR HTTP enrichment for more information.
2 AA can insert two copies of this parameter in the same HTTP header (with a different header name).
3 In the enrichment examples, the header field name is configured as x-user-loc.