Understanding the Role of Internet Connection Records (ICRs) in Modern ISP Operations

Category: News
Published: 25th July 2024

< Back to Media
A well dressed man and woman smiling as they as they walk down steps of a courthouse building. Could be business or legal professionals.

Internet Connection Records (ICRs) are essential for how Internet Service Providers (ISPs) manage and enhance their services. Regardless of whether an ISP receives a request for ICRs from a legal body, the ability to capture this data is crucial for both compliance and network optimisation. From ensuring efficient network management and security to meeting legal requirements and providing customer support, ICRs are integral to the functioning of contemporary ISPs. To generate ICRs, ISPs must be adept at creating, storing, and managing access to the necessary metadata. 

At Red Helix, we design, provision, and implement solutions for metadata and ICR generation. We can do this by creating copies of traffic at various points across the network and sending them to a network packet broker which will use the traffic to generate metadata and then discard the traffic itself. This metadata will contain all the required information for an Internet Connection Record, such as IP addresses, connection timestamps, destination addresses, web URLs, and connection durations.  

Think of the metadata like an envelope from a letter. The packet broker would scan the envelope and the content of the letter, to extract the detail required to build an ICR record. It would collect the date and time it was franked and who was sending the letter to whom, but not the contents of the letter.  

The information generated by the packet broker is then sent and stored in a data lake for analysis by the departments with the relevant authority e.g. intelligence authorities and blue light organisations. Whilst further detail is yet to be published, we anticipate that strict storage security and robust access controls (such as Zero Trust Network Access (ZTNA)) will be mandated.  

The generation of metadata is not in the standards of network equipment. Therefore, operators and ISPs are turning to companies, such as Red Helix, to enable them to generate ICRs in the form of metadata (IPFIX, KAFKA, etc.) in order to prepare for compliance.  

Contact us today to discuss your needs and here how we are already helping operators to get ready.