SIP: Advanced

advertisement
SIP: Advanced
Routing in SIP
•
Routing of session initiating requests
 Make the phone at the other side ring
•
Routing of responses
 Make the caller hear the ringing
•
Routing of subsequent request
 Proxies want to monitor the call progression ot termination
‘06 | 2
Tekelec Confidential
Routing of requests and responses
•Proxies maintain transaction state information that needs to be deleted at
some points
•Responses must follow the same path as the request
•Each traversed proxy adds a VIA header
INVITE sip:jiri@iptel.org
INVITE sip:jiri@iptel.org
Via: P1
Via: P1
Via: P2
INVITE sip:jiri@iptel.org
Via: P1
Via: P2
Via:P3
INVITE sip:jiri@iptel.org
‘06 | 3
Tekelec Confidential
Routing of requests and responses
•The responses follow the inversed VIA list
OK 200
Via: P2
Via: P1
OK 200
Via: P1
OK 200
Ok 200
Via: P3
Via: P
Via:P1
ACK
BYE
‘06 | 4
Tekelec Confidential
Routing of subsequent requests
•Proxies sometimes want to see all requests that belong to
some session (monitoring, billing, services)
•Requests in the same session must traverse these proxies
•Each interested proxy adds a record-route header
INVITE sip:jiri@iptel.org
INVITE sip:jiri@iptel.org
Via: P1
Via: P1
Via: P2
Record-Route: P1
Record-Route:P1
INVITE sip:jiri@iptel.org
Via: P1
Via: P2
Via:P3
Record-Route:P1
Record-Route: P3
INVITE sip:jiri@iptel.org
‘06 | 5
Tekelec Confidential
Routing of requests and responses
OK 200
Via: P1
Route:P1
Route:P3
OK 200
Via: P2
Via: P1
Route:P1
Route:P3
Ok 200
Via: P3
Via: P
Via:P1
Route:P1
Route:P3
OK 200
‘06 | 6
Tekelec Confidential
Routing of requests and responses
•Subsequent requests only traverse proxies that have added
a record-route previously
ACK
Via: P1
Via: P3
ACK
VIA:P1
Route:P3
ACK
Route:P1
Route:P3
‘06 | 7
Tekelec Confidential
Interworking with PSTN
Interoperability Issues
• Goal: Enable the communication between PSTN and
VoIP
• IP-PSTN Gateways make the conversion job
 convert both signaling and media
 may be split into media and signaling gateways (MGCP/Megaco)
 many pains: DTMF, IVRs, overlapped dialing, national signaling
dialects
 gateways act as UAs from SIP perspective
‘06 | 9
Tekelec Confidential
PSTN Gateways
•
Basic building block of PSTN interworking scenarios: gateways
convert signaling and media
•
The gateway can be split in media and signaling components and
connected through MGCP or Megaco
•
They need to be found on the Internet: problem similar to that of IP
routing. Methods include:
 Static configuration

Define which numbers belong should be routed to which gateway
 TRIP routing protocol

Discover dynamically which gateways are available and their characteristics
 ENUM -- used to map digits into SIP URIs
‘06 | 10
Tekelec Confidential
PSTN Gateways
IP world
SIP
RTP
PSTN
SIP
SS7/ISDN
Internal Logic
RTP/IP
TDM
‘06 | 11
Tekelec Confidential
Call Flow SIP to PSTN
•
Request-URI in the INVITE contains a
Telephone Number which is sent to
PSTN Gateway.
•
The Gateway maps the INVITE to a
SS7 ISUP IAM (Initial Address
Message)
•
183 Session Progress establishes
early media session so caller hears
Ring Tone.
•
Two way Speech path is established
after ANM (Answer Message) and 200
OK
Tekelec Confidential
Slide courtesy of Alan Johnston,
WorldCom. (See reference to Alan’s
SIP book.)
‘06 | 13
PSTN GW != SIP proxy
•
PSTN gateways are adapters
between two different
technologies.
•
From SIP perspective, PSTN
gateways are SIP termination
devices, i.e., SIP User Agents just
like IP phones.
•
•
jku@sipforfree.com.au
media
SIP
PSTN gateway functionality
separate from call processing
logic residing at a proxy.
Gateway operator != proxy
operator.
PSTN Gateway
na.pstn.com
call processing logic:
If ($destination in PSTN) then
route_to_least_cost_gateway();
elseif local(“sipforfree.com.au”) then
lookup_registry;
else proxy_to_foreign_domain();
Frequently
SIP Proxy & Registrar
Misunderstood
‘06 | 14
sipforfree.com.au
Issue
Tekelec Confidential
ENUM
RFC2916
•
Problem: caller is in PSTN (can use only digit keys) and would like to
reach a SIP callee
•
Answer: ENUM. Create a global directory with telephone numbers
that map to SIP addresses (or e-mail, etc.).
•
Lookup mechanism: DNS maps E.164 numbers to a set of userprovisioned URI
‘06 | 15
Tekelec Confidential
ENUM Call Flow
•A gateway is assigned a range of E.164 numbers
•DNS/ENUM helps ingress gateway to resolve SIP address from E.164
number
•Typically, owner of an ENUM entry can manipulate the address
association through a web provisioning interface
?...7.1.9.4.e164.arpa
PSTN: +4917…
DNS/
ENUM
! sip:jiri@iptel.org
INVITE sip:jiri@iptel.org
Gateway with
ENUM resolution
‘06 | 16
Tekelec Confidential
Trunking
•
Carry SS7 data over IP
 Cheaper transport costs
•
SIGTRAN
 Carry the SS7 protocols over IP

•
Use SCTP instead of TCP
BICC (Bearer Independent Call Control)
 An extension of SS7 protocols that allows to carry SS7 messages over any type of
transport
•
SIP-I:
 Transfer SIP messages between gateways
 Translate as far as possible between SIP messages and SS7 messages (Invite—
IAM ..)
 Add SS7 content as message body to SIP messages
 Advantage

Support trunking and SIP end devices
‘06 | 17
Tekelec Confidential
IP Multimedia SubSystem
(IMS)
SIP in 3GPP
Introduction
•
3GPP consortium consists of ETSI, ARIB, TTA, T1 and CWTS
•
UMTS R5 is an All-IP architecture with support for CS terminals
 We are in Rel4
 Rel 5, R6 frozen, currently working on Rel 7.
•
Architecture based on GPRS with multimedia enhancements
•
Support for integration of intelligent services (SIP based, OSA,
CAMEL)
•
Based on IETF protocols







•
SIP is used for establishing and terminating IP communication sessions
RTP/RTCP for media transport
SDP for capability negotiation
DIAMETER for AAA
COPS for policy based QoS control
IP-SEC for inter-domain trust relations
H.248 (MEGACO) is used for gateway control
First trials in labs of mobile providers
‘06 | 19
Tekelec Confidential
3GPP: Architecture
Alternative
Access
Network
Legacy mobile
signaling
Network
Applications &
Services *)
SCP
GGSN
R-SGW
Ms
Mh
SGSN
Mw
CAP
Gn
Other PLMN
Gp
CSCF
R
Um
Iu-ps'
TE
R
GGSN
Iu
T-SGW *)
Mc
Gi
Gn
UTRAN
MT
Gi
MGCF
Gi
Gc
SGSN
Iu
Mg
MRF
Gf
ERAN
MT
Mr
Gi
EIR
TE
Mm
Cx
HSS *)
Gr
Multimedia
IP Networks
CSCF
1
MGW
MGW
Uu
Iu 2
PSTN/
Legacy/External
Nb
Mc
Mc
1
Iu = Iucs (RTP, AAL2)
Nc
MSC server
2
Iu = Iu(RANAP)
GMSC server
MAP
MAP
Applications
& Services
Mh
HSS
Signalling Interface
Signalling and Data Transfer Interface
Tekelec Confidential
R-SGW
T-SGW
Requirements
•
Use IETF protocols (SIP, SDP) and request any additions to be
standardized by IETF
•
Efficient use of radio interface
 Signal compression
•
Minimum session setup time
 Higher registration overhead and session based security
•
IPv6 support
 Not so much now though
•
Network initiated de-registration and session termination
•
QoS support
 Correlation of session and bearer establishment
‘06 | 21
Tekelec Confidential
Requirements
•
Access and admission control
 Policy based control
•
Private/Public user identity
•
Hiding of network topology
 More components in the path
•
Emergency services
•
Remote identity presentation, hiding and assertion
•
Charging
 Support for pre- and post-paid
 Correlation between session and media
•
DTMF and early media
‘06 | 22
Tekelec Confidential
IMS and SIP
•
A few headers more
 P-Headers are used to convey information not included in standard
SIP
 PATH and Service-Route
•
Additions to some headers
 WWW-Authenticate and Authorize
 VIA, Route ..
•
Stricter routing paths (e.g., P-CSCF to S-CSCF to I-CSCF to SCSCF to P-CSCF)
•
XML body used for transporting information from HSS to the SIP
elements (emergency)
•
Specification of timer values (request retransmission ..)
•
More intensive use of some of SIP and SDP extensions
(PRACK, UPDATE, qos, offer-answer ...)
‘06 | 23
Tekelec Confidential
IMS Components
Sh
Foreign
Home
HSS
AS
I
B
I-CSCF
C
F
P-CSCF
Gm
Mw
Cx
S-CSCF
ISC
MRF
Mi
BGCF
UE
MGCF
Mj
‘06 | 25
Tekelec Confidential
User Equipment (UE)
•
Contains the SIP user agent
•
Establishes a GPRS PDP context for
 Signaling (either dedicated or a general one)
 Media transport
•
Contains ISIM for authentication




•
Public and private user id
User Network address
Security algorithms and keys
At least a USIM
Correlate between session control and QoS reservation
‘06 | 26
Tekelec Confidential
Proxy Call Session Control Function (P-CSCF)
•
First contact point for the UE (outbound proxy)
 Forward registration to I-CSCF
 Forward requests to S-CSCF (or I-CSCF)
 Forward replies and incoming requests to UE
•
Maintain security association with UE
•
Responsible for compression/decompression
•
Maintain session and registration information
 Can terminate registrations or sessions if deemed necessary
•
Correlation between SIP and QoS
•
Enforce local policies
•
Generate CDRs
•
Possibly support routing to local service infrastructure
 Emergency call handling
•
Discovered through DHCP or during GPRS PDP establishment
‘06 | 27
Tekelec Confidential
Interrogating Call Session Control Function (I-CSCF)
• Contact point within an operator
 Discovered through DNS
• Assign S-CSCF to a user by contacting the HSS
• May act as a THIG (Topology Hiding Inter-Network Gateway
 Always on the path (RR and Service-Route) of any message leaving the
network
 Encrypt all entries added by the hiding network in outgoing messages
Via: SIP/2.0/UDP icscf1_s.home1.net,
SIP/2.0/UDP Token( SIP/2.0/UDP scscf1.home1.net, SIP/2.0/UDP
pcscf1.home1.net)@home1.net;tokenized-by=home1.net, SIP/2.0/UDP
[5555::aaa:bbb:ccc:ddd]
 Starting with release 7 this functionality has moved to IBCF
• Generate CDRs
‘06 | 28
Tekelec Confidential
Serving Call Session Control Function (S-CSCF)
• Acts as a registrar
• Acts as a SIP proxy (forward messages ..)
• Allocated to a user during registration
• Always on the path of the user‘s SIP messages (use Service-Route
and RR)
• Enforces service policies based on the user‘s subscription profile
• Collects session information for billing
• Interacts with application service platform
 Chose the appropriate AS based on user profile (initial filter criteria –IFC)
 Forward to AS using ISC interface
• Acts as user agent when required (Notifications about de-registrations
and re-authentications, call termination)
‘06 | 29
Tekelec Confidential
Interconnect Border Control Function (IBCF)
• Optional component. If used then replaces
the I-CSCF as the entry point to the
network
Signalling
• Support
HSS
DNS
Bearer
 Topology hiding
 IMS ALG: Translation between IPv4 and
P-CSCF
IPv6
 Packet screening:
Is
source/destination address OKIP-CAN
Is
SIP content OK
 CDR generation
S-CSCF
I-CSCF
BGCF
Mx
Mx
Mx
IBCF
Mx
IMS-ALG
THIG
Ix
TrGW
UE
IMS network
Border Control
Functions
Other IMS/SIP
network
• Usually built as a B2BUA
‘06 | 30
Tekelec Confidential
Media Gateway Control Function (MGCF)
• Gateway to PSTN networks
 Translate SIP messages in appropriate PSTN signals and vice
versa
 Establish bearer with appropriate code
 Possibly translate codec
 Act as UA (but no registration required)
‘06 | 32
Tekelec Confidential
Application Server (AS)
•
Services include third party CC, personalized
routing, PTT, presence, ....
•
Services are offered by home, visited or third party
provider
•
S-CSCF forwards requests to AS base (possible
received from HSS)
•
Results of AS sent back to S-CSCF
•
AS can act as UA, redirect or proxy
•
CAMEL and OSA optional
•
ISC
AS
2
3
ISC
 SIP and SIMPLE
 S-CSCF could add charging information
 S-CSCF could add information to allow the distinction
between incoming and outgoing messages
1
S-CSCF
4
‘06 | 34
Tekelec Confidential
Home Subscription Server (HSS)
•
Contains user profile information indicating




Private and public identities of the user
Authentication information
Which services and medias the user is eligible for using
Filtering criteria for choosing appropriate AS
•
Assist I-CSCF in choosing the appropriate S-CSCF
•
Maintain subscription information about the user
•
Enforce provider policies
 De-register users with invalid subscription
•
Connected through Cx interface to S-CSCF and I-CSCF (DIAMETER)
•
Connected also to AS (Sh interface)
 Provide user service information
•
Allow multiple instances by using SLF (Subscription Location Function)
 I-CSCF asks over Dx the SLF which HSS is responsible for the user
‘06 | 35
Tekelec Confidential
Registration (1)
Status Query
Foreign
HSS
OK 200
Service-Route (S-CSCF)
P-CSCF
Reg
OK 200
Public,
Service Route Private ID
I-CSCF
Reg
Public,
Private ID
Path (P-CSCF)
Authorization
Request profile
OK 200
Service-Route (S-CSCF)
S-CSCF
(S-CSCF)
Home
UE
‘06 | 36
Tekelec Confidential
Access Security in IMS
• UE (ISIM) and HSS (AuC) share a secret K
• Based on AKA which provides
 Mutual authentication between user and network
 Temporary shared key between UE and P-CSCF
Used
for establishing an IPSEC tunnel between UE and P-CSCF
• In case of reregistration, the P-CSCF indicates whether the
registration was received in a secure manner.
• Besides AKA IMS supports:
 Early IMS with SIP like authentication
 Work on supporting TISPAN authentication is under work
‘06 | 39
Tekelec Confidential
Authentication and Security
•
Support two interfaces
 Za: IPSEC connection between different networks
 Zb: IPSEC connection between components of the same network
•
SEG: Security Gateway
 In TekCore it is planned to combine SEG with I-CSCF
Foreign
Zb
P-CSCF
Zb
Za
SEG
Zb
SEG
HSS
I-CSCF
Zb
S-CSCF
Home
UE
‘06 | 42
Tekelec Confidential
Session Establishment
Foreign
Home
Foreign
HSS Home
INV
INV
Prov.
OK 200
UE
UE
ACK
‘06 | 44
Tekelec Confidential
Further Reading
•
www.3gpp.org
•
TS23.228: General overview of IMS
•
TS24.229: Description of what each component does is different scenarios
•
TS24.228: All possible signaling flows
•
TS33.203: AKA and access control
•
TS33.210: Network Security
•
TS29.208: QoS signaling (P-CSCF-PDF-GGSN flows)
•
TR23.806: FMC
‘06 | 50
Tekelec Confidential
Download