Implementing DNO blocking in NSS
What is a DNO list?
While there are several definitions of a DNO list, we will use concept that a DNO list is a data set of originating numbers (ANIs) that can not originate calls. This list can come in the form of number blocks (e.g. 999XXXXXXX), and specific numbers (e.g. 8008291040, the IRS). Numbers in a DNO list may have different nature, some examples include:
- The number belongs to an unallocated numbering ranges (e.g. 999111XXXX) and it is not in service.
- The number is in-service numbers but is marked as inbound-only (e.g. inbound Call Centers)
- Billing numbers.
- Disconnected numbers that belong to allocated numbering ranges.
Calls from DNO numbers are a source of illegal, fraudulent or otherwise malicious traffic and the FCC has authorized blocking of calls with DNO nature.
NSS Implementation
In addition to regular STI-AS attestation policy rules, NSS supports an Extended policy list that can be used to implement DNO. Numbers included in the Extended policy are tagged with a letter aimed at describing the nature of DNO (e.g. Invalid NPA = I).
The value of the letter is solely informational and can be used to provide context when a call is rejected and/or for internal reporting purposes.
NSS supports the implementation of a DNO list in several ways:
- STI-AS and DNO combined dip. DNO match results in custom SIP Rejection Code (e.g. 603).
- STI-AS and DNO combined dip. DNO match results in a SIP 302 without an Identity Header for call blocking (i.e. calls without a signature get blocked in the network)
- Stand-alone DNO dip.
The response for queries that find a positive match against the DNO is customized using an SMC profile. The SMC profile is assigned as an Egress SMC profile to the originating device/switch as illustrated below.
The SMC profile can be generic for any DNO rejection or custom to specify the DNO reason. Two examples that can be used without any modifications are provided below:
Generic DNO Rejection Cause Code
This SMC profile is written to reject all calls with a 603 Network Blocked. It can be modified to provide a different SIP cause code and reason text.
{
"ProfileID": 16,
"ProfileName": "DNO Mode Generic",
"Rules": [
{
"MsgType": "RESPONSE",
"RspCodeList": "302",
"Conditions": [
{
"Header": "Identity",
"HeaderAttr": "HEADER_SECTION_ONLY",
"Operator": "NEQ",
"RightOperand": ""
}
],
"Action": "REPLACE_MSG",
"ReplaceDefs": [
{
"ReplaceType": "ADD_LINE",
"Header": "Contact:",
"HeaderAttr": "HEADER_SECTION_ONLY",
"Output": "Reason: SIP ;cause=302 ;text=\"Signed Call\""
}
],
"Break": 1
},
{
"MsgType": "RESPONSE",
"RspCodeList": "302",
"LogicalConjunction": "AND",
"Conditions": [
{
"Header": "Identity",
"HeaderAttr": "HEADER_SECTION_ONLY",
"Operator": "EQ",
"RightOperand": ""
},
{
"Header": "TOPLINE",
"HeaderAttr": "HEADER_SECTION_ONLY",
"RegEx1": "Bad",
"Operator": "NEQ",
"RightOperand": ""
}
],
"Action": "REPLACE_MSG",
"ReplaceDefs": [
{
"ReplaceType": "REWRITE_LINE",
"Header": "TOPLINE",
"HeaderAttr": "HEADER_SECTION_ONLY",
"RegEx1": "Normal",
"Output": "SIP/2.0 603 Network Blocked"
},
{
"ReplaceType": "ADD_LINE",
"Header": "Contact:",
"HeaderAttr": "HEADER_SECTION_ONLY",
"Output": "Reason: SIP ;cause=603 ;text=\"DNO List\""
}
]
}
]
}
Custom DNO Rejection Cause Code
This SMC Profile uses dno_response.csv file to customize the SIP cause code and reason text provided. The contents of dno_response.csv need to match the letter assigned to the DNO Extended policy entries. You can modify this list as you wish.
{
"ProfileID": 17,
"ProfileName": "DNO Mode",
"Rules": [
{
"MsgType": "RESPONSE",
"RspCodeList": "302",
"Conditions": [
{
"Header": "Identity",
"HeaderAttr": "HEADER_SECTION_ONLY",
"Operator": "NEQ",
"RightOperand": ""
}
],
"Action": "REPLACE_MSG",
"ReplaceDefs": [
{
"ReplaceType": "ADD_LINE",
"Header": "Contact:",
"HeaderAttr": "HEADER_SECTION_ONLY",
"Output": "Reason: SIP ;cause=302 ;text=\"Signed Call\""
}
],
"Break": 1
},
{
"MsgType": "RESPONSE",
"RspCodeList": "302",
"StoredVariables": [
{
"VariableName": "{$SIP.AttestAS}",
"Porting": "IMPORT"
}
],
"LogicalConjunction": "AND",
"Conditions": [
{
"Header": "Identity",
"HeaderAttr": "HEADER_SECTION_ONLY",
"Operator": "EQ",
"RightOperand": ""
},
{
"Header": "TOPLINE",
"HeaderAttr": "HEADER_SECTION_ONLY",
"RegEx1": "Bad",
"Operator": "NEQ",
"RightOperand": ""
}
],
"Action": "REPLACE_MSG",
"ReplaceDefs": [
{
"ReplaceType": "ADD_LINE",
"Header": "From:",
"HeaderAttr": "HEADER_SECTION_ONLY",
"Output": "X-Action: {$SIP.AttestAS}"
}
]
},
{
"MsgType": "RESPONSE",
"RspCodeList": "302",
"DataFile": "dno_response.csv",
"DataFileBSearchIndex": 1,
"Conditions": [
{
"Header": "X-Action:",
"HeaderAttr": "HEADER_SECTION_ONLY",
"RegEx1": "[D-Z]",
"Operator": "BSEARCH_EQ"
}
],
"Action": "REPLACE_MSG",
"ReplaceDefs": [
{
"ReplaceType": "REWRITE_LINE",
"Header": "TOPLINE",
"HeaderAttr": "HEADER_SECTION_ONLY",
"RegEx1": "Normal",
"Output": "SIP/2.0 {$DataFile.Field3} {$DataFile.Field2}"
},
{
"ReplaceType": "ADD_LINE",
"Header": "Contact:",
"HeaderAttr": "HEADER_SECTION_ONLY",
"Output": "Reason: SIP ;cause={$DataFile.Field3} ;text=\"{$DataFile.Field2}\""
},
{
"ReplaceType": "DELETE_LINES",
"Header": "X-Attest:",
"HeaderAttr": "HEADER_SECTION_ONLY"
}
]
}
]
}
Example dno_response.csv
I,Invalid NPA,603 M,Malformed NXX,603 S,Restricted NXX,603 P,Disconnected,603 O,DNO,603 U,Unallocated NXX,603
Updating the DNO List
Updating the DNO list ensures its accuracy and coverage. The DNO list can be updated via NSS GUI or REST API. DNO entries follow the same structure of STI-AS policies.
Updating DNO via GUI
Extended policies corresponding to DNO can be updated in bulk via GUI. The following formats are supported: CSV, XML, JSON. Actions include: Update, Delete and Replace.
Note: Please be extra cautious when using the Replace operation. This operation must also include your regular (STI-AS) policies.
Example CSV inside dno.zip:
SbcID, Otg, Ani, Attestation any,any,938511,S any,any,999,I
Updating DNO via API
curl -u xxx:xxx -X POST -k -T dno.zip "https://localhost:8888/ROME/webresources/nss/update/authorizedANI?&format=csv"
Example CSV inside dno.zip:
SbcID, Otg, Ani, Attestation any,any,938511,S any,any,999,I
For more information on NSS REST API please follow this link.
Configuration Summary
After having read the above information the steps to implement to DNO are as follows:
- Decide operating mode (SIP/603, SIP/302, other).
- Upload Extended policy list with DNO data set.
- Upload SMC profile.
- Attach SMC profile (Egress) to Switch/SBCs.
CNAM Overlay
In addition to call blocking it is possible to overlay information on a calling number instead of opting to block the call. This may be useful when integrating with analytics services where a calling number carries the likelihood of fraud or spam but does not have the same weight as DNO's authoritative accuracy for blocking.
CNAM overlay is switch/SBC implementation specific. We will be updating this document in the near future.
More Information
If you wish the DNO list on your NSS is maintained by Sansay please contact us (support@sansay.com)