SIP: Advanced
advertisement
SIP: Advanced Routing in SIP • Routing of session initiating requests Make the phone at the other side ring • Routing of responses Make the caller hear the ringing • Routing of subsequent request Proxies want to monitor the call progression ot termination ‘06 | 2 Tekelec Confidential Routing of requests and responses •Proxies maintain transaction state information that needs to be deleted at some points •Responses must follow the same path as the request •Each traversed proxy adds a VIA header INVITE sip:jiri@iptel.org INVITE sip:jiri@iptel.org Via: P1 Via: P1 Via: P2 INVITE sip:jiri@iptel.org Via: P1 Via: P2 Via:P3 INVITE sip:jiri@iptel.org ‘06 | 3 Tekelec Confidential Routing of requests and responses •The responses follow the inversed VIA list OK 200 Via: P2 Via: P1 OK 200 Via: P1 OK 200 Ok 200 Via: P3 Via: P Via:P1 ACK BYE ‘06 | 4 Tekelec Confidential Routing of subsequent requests •Proxies sometimes want to see all requests that belong to some session (monitoring, billing, services) •Requests in the same session must traverse these proxies •Each interested proxy adds a record-route header INVITE sip:jiri@iptel.org INVITE sip:jiri@iptel.org Via: P1 Via: P1 Via: P2 Record-Route: P1 Record-Route:P1 INVITE sip:jiri@iptel.org Via: P1 Via: P2 Via:P3 Record-Route:P1 Record-Route: P3 INVITE sip:jiri@iptel.org ‘06 | 5 Tekelec Confidential Routing of requests and responses OK 200 Via: P1 Route:P1 Route:P3 OK 200 Via: P2 Via: P1 Route:P1 Route:P3 Ok 200 Via: P3 Via: P Via:P1 Route:P1 Route:P3 OK 200 ‘06 | 6 Tekelec Confidential Routing of requests and responses •Subsequent requests only traverse proxies that have added a record-route previously ACK Via: P1 Via: P3 ACK VIA:P1 Route:P3 ACK Route:P1 Route:P3 ‘06 | 7 Tekelec Confidential Interworking with PSTN Interoperability Issues • Goal: Enable the communication between PSTN and VoIP • IP-PSTN Gateways make the conversion job convert both signaling and media may be split into media and signaling gateways (MGCP/Megaco) many pains: DTMF, IVRs, overlapped dialing, national signaling dialects gateways act as UAs from SIP perspective ‘06 | 9 Tekelec Confidential PSTN Gateways • Basic building block of PSTN interworking scenarios: gateways convert signaling and media • The gateway can be split in media and signaling components and connected through MGCP or Megaco • They need to be found on the Internet: problem similar to that of IP routing. Methods include: Static configuration Define which numbers belong should be routed to which gateway TRIP routing protocol Discover dynamically which gateways are available and their characteristics ENUM -- used to map digits into SIP URIs ‘06 | 10 Tekelec Confidential PSTN Gateways IP world SIP RTP PSTN SIP SS7/ISDN Internal Logic RTP/IP TDM ‘06 | 11 Tekelec Confidential Call Flow SIP to PSTN • Request-URI in the INVITE contains a Telephone Number which is sent to PSTN Gateway. • The Gateway maps the INVITE to a SS7 ISUP IAM (Initial Address Message) • 183 Session Progress establishes early media session so caller hears Ring Tone. • Two way Speech path is established after ANM (Answer Message) and 200 OK Tekelec Confidential Slide courtesy of Alan Johnston, WorldCom. (See reference to Alan’s SIP book.) ‘06 | 13 PSTN GW != SIP proxy • PSTN gateways are adapters between two different technologies. • From SIP perspective, PSTN gateways are SIP termination devices, i.e., SIP User Agents just like IP phones. • • jku@sipforfree.com.au media SIP PSTN gateway functionality separate from call processing logic residing at a proxy. Gateway operator != proxy operator. PSTN Gateway na.pstn.com call processing logic: If ($destination in PSTN) then route_to_least_cost_gateway(); elseif local(“sipforfree.com.au”) then lookup_registry; else proxy_to_foreign_domain(); Frequently SIP Proxy & Registrar Misunderstood ‘06 | 14 sipforfree.com.au Issue Tekelec Confidential ENUM RFC2916 • Problem: caller is in PSTN (can use only digit keys) and would like to reach a SIP callee • Answer: ENUM. Create a global directory with telephone numbers that map to SIP addresses (or e-mail, etc.). • Lookup mechanism: DNS maps E.164 numbers to a set of userprovisioned URI ‘06 | 15 Tekelec Confidential ENUM Call Flow •A gateway is assigned a range of E.164 numbers •DNS/ENUM helps ingress gateway to resolve SIP address from E.164 number •Typically, owner of an ENUM entry can manipulate the address association through a web provisioning interface ?...7.1.9.4.e164.arpa PSTN: +4917… DNS/ ENUM ! sip:jiri@iptel.org INVITE sip:jiri@iptel.org Gateway with ENUM resolution ‘06 | 16 Tekelec Confidential Trunking • Carry SS7 data over IP Cheaper transport costs • SIGTRAN Carry the SS7 protocols over IP • Use SCTP instead of TCP BICC (Bearer Independent Call Control) An extension of SS7 protocols that allows to carry SS7 messages over any type of transport • SIP-I: Transfer SIP messages between gateways Translate as far as possible between SIP messages and SS7 messages (Invite— IAM ..) Add SS7 content as message body to SIP messages Advantage Support trunking and SIP end devices ‘06 | 17 Tekelec Confidential IP Multimedia SubSystem (IMS) SIP in 3GPP Introduction • 3GPP consortium consists of ETSI, ARIB, TTA, T1 and CWTS • UMTS R5 is an All-IP architecture with support for CS terminals We are in Rel4 Rel 5, R6 frozen, currently working on Rel 7. • Architecture based on GPRS with multimedia enhancements • Support for integration of intelligent services (SIP based, OSA, CAMEL) • Based on IETF protocols • SIP is used for establishing and terminating IP communication sessions RTP/RTCP for media transport SDP for capability negotiation DIAMETER for AAA COPS for policy based QoS control IP-SEC for inter-domain trust relations H.248 (MEGACO) is used for gateway control First trials in labs of mobile providers ‘06 | 19 Tekelec Confidential 3GPP: Architecture Alternative Access Network Legacy mobile signaling Network Applications & Services *) SCP GGSN R-SGW Ms Mh SGSN Mw CAP Gn Other PLMN Gp CSCF R Um Iu-ps' TE R GGSN Iu T-SGW *) Mc Gi Gn UTRAN MT Gi MGCF Gi Gc SGSN Iu Mg MRF Gf ERAN MT Mr Gi EIR TE Mm Cx HSS *) Gr Multimedia IP Networks CSCF 1 MGW MGW Uu Iu 2 PSTN/ Legacy/External Nb Mc Mc 1 Iu = Iucs (RTP, AAL2) Nc MSC server 2 Iu = Iu(RANAP) GMSC server MAP MAP Applications & Services Mh HSS Signalling Interface Signalling and Data Transfer Interface Tekelec Confidential R-SGW T-SGW Requirements • Use IETF protocols (SIP, SDP) and request any additions to be standardized by IETF • Efficient use of radio interface Signal compression • Minimum session setup time Higher registration overhead and session based security • IPv6 support Not so much now though • Network initiated de-registration and session termination • QoS support Correlation of session and bearer establishment ‘06 | 21 Tekelec Confidential Requirements • Access and admission control Policy based control • Private/Public user identity • Hiding of network topology More components in the path • Emergency services • Remote identity presentation, hiding and assertion • Charging Support for pre- and post-paid Correlation between session and media • DTMF and early media ‘06 | 22 Tekelec Confidential IMS and SIP • A few headers more P-Headers are used to convey information not included in standard SIP PATH and Service-Route • Additions to some headers WWW-Authenticate and Authorize VIA, Route .. • Stricter routing paths (e.g., P-CSCF to S-CSCF to I-CSCF to SCSCF to P-CSCF) • XML body used for transporting information from HSS to the SIP elements (emergency) • Specification of timer values (request retransmission ..) • More intensive use of some of SIP and SDP extensions (PRACK, UPDATE, qos, offer-answer ...) ‘06 | 23 Tekelec Confidential IMS Components Sh Foreign Home HSS AS I B I-CSCF C F P-CSCF Gm Mw Cx S-CSCF ISC MRF Mi BGCF UE MGCF Mj ‘06 | 25 Tekelec Confidential User Equipment (UE) • Contains the SIP user agent • Establishes a GPRS PDP context for Signaling (either dedicated or a general one) Media transport • Contains ISIM for authentication • Public and private user id User Network address Security algorithms and keys At least a USIM Correlate between session control and QoS reservation ‘06 | 26 Tekelec Confidential Proxy Call Session Control Function (P-CSCF) • First contact point for the UE (outbound proxy) Forward registration to I-CSCF Forward requests to S-CSCF (or I-CSCF) Forward replies and incoming requests to UE • Maintain security association with UE • Responsible for compression/decompression • Maintain session and registration information Can terminate registrations or sessions if deemed necessary • Correlation between SIP and QoS • Enforce local policies • Generate CDRs • Possibly support routing to local service infrastructure Emergency call handling • Discovered through DHCP or during GPRS PDP establishment ‘06 | 27 Tekelec Confidential Interrogating Call Session Control Function (I-CSCF) • Contact point within an operator Discovered through DNS • Assign S-CSCF to a user by contacting the HSS • May act as a THIG (Topology Hiding Inter-Network Gateway Always on the path (RR and Service-Route) of any message leaving the network Encrypt all entries added by the hiding network in outgoing messages Via: SIP/2.0/UDP icscf1_s.home1.net, SIP/2.0/UDP Token( SIP/2.0/UDP scscf1.home1.net, SIP/2.0/UDP pcscf1.home1.net)@home1.net;tokenized-by=home1.net, SIP/2.0/UDP [5555::aaa:bbb:ccc:ddd] Starting with release 7 this functionality has moved to IBCF • Generate CDRs ‘06 | 28 Tekelec Confidential Serving Call Session Control Function (S-CSCF) • Acts as a registrar • Acts as a SIP proxy (forward messages ..) • Allocated to a user during registration • Always on the path of the user‘s SIP messages (use Service-Route and RR) • Enforces service policies based on the user‘s subscription profile • Collects session information for billing • Interacts with application service platform Chose the appropriate AS based on user profile (initial filter criteria –IFC) Forward to AS using ISC interface • Acts as user agent when required (Notifications about de-registrations and re-authentications, call termination) ‘06 | 29 Tekelec Confidential Interconnect Border Control Function (IBCF) • Optional component. If used then replaces the I-CSCF as the entry point to the network Signalling • Support HSS DNS Bearer Topology hiding IMS ALG: Translation between IPv4 and P-CSCF IPv6 Packet screening: Is source/destination address OKIP-CAN Is SIP content OK CDR generation S-CSCF I-CSCF BGCF Mx Mx Mx IBCF Mx IMS-ALG THIG Ix TrGW UE IMS network Border Control Functions Other IMS/SIP network • Usually built as a B2BUA ‘06 | 30 Tekelec Confidential Media Gateway Control Function (MGCF) • Gateway to PSTN networks Translate SIP messages in appropriate PSTN signals and vice versa Establish bearer with appropriate code Possibly translate codec Act as UA (but no registration required) ‘06 | 32 Tekelec Confidential Application Server (AS) • Services include third party CC, personalized routing, PTT, presence, .... • Services are offered by home, visited or third party provider • S-CSCF forwards requests to AS base (possible received from HSS) • Results of AS sent back to S-CSCF • AS can act as UA, redirect or proxy • CAMEL and OSA optional • ISC AS 2 3 ISC SIP and SIMPLE S-CSCF could add charging information S-CSCF could add information to allow the distinction between incoming and outgoing messages 1 S-CSCF 4 ‘06 | 34 Tekelec Confidential Home Subscription Server (HSS) • Contains user profile information indicating Private and public identities of the user Authentication information Which services and medias the user is eligible for using Filtering criteria for choosing appropriate AS • Assist I-CSCF in choosing the appropriate S-CSCF • Maintain subscription information about the user • Enforce provider policies De-register users with invalid subscription • Connected through Cx interface to S-CSCF and I-CSCF (DIAMETER) • Connected also to AS (Sh interface) Provide user service information • Allow multiple instances by using SLF (Subscription Location Function) I-CSCF asks over Dx the SLF which HSS is responsible for the user ‘06 | 35 Tekelec Confidential Registration (1) Status Query Foreign HSS OK 200 Service-Route (S-CSCF) P-CSCF Reg OK 200 Public, Service Route Private ID I-CSCF Reg Public, Private ID Path (P-CSCF) Authorization Request profile OK 200 Service-Route (S-CSCF) S-CSCF (S-CSCF) Home UE ‘06 | 36 Tekelec Confidential Access Security in IMS • UE (ISIM) and HSS (AuC) share a secret K • Based on AKA which provides Mutual authentication between user and network Temporary shared key between UE and P-CSCF Used for establishing an IPSEC tunnel between UE and P-CSCF • In case of reregistration, the P-CSCF indicates whether the registration was received in a secure manner. • Besides AKA IMS supports: Early IMS with SIP like authentication Work on supporting TISPAN authentication is under work ‘06 | 39 Tekelec Confidential Authentication and Security • Support two interfaces Za: IPSEC connection between different networks Zb: IPSEC connection between components of the same network • SEG: Security Gateway In TekCore it is planned to combine SEG with I-CSCF Foreign Zb P-CSCF Zb Za SEG Zb SEG HSS I-CSCF Zb S-CSCF Home UE ‘06 | 42 Tekelec Confidential Session Establishment Foreign Home Foreign HSS Home INV INV Prov. OK 200 UE UE ACK ‘06 | 44 Tekelec Confidential Further Reading • www.3gpp.org • TS23.228: General overview of IMS • TS24.229: Description of what each component does is different scenarios • TS24.228: All possible signaling flows • TS33.203: AKA and access control • TS33.210: Network Security • TS29.208: QoS signaling (P-CSCF-PDF-GGSN flows) • TR23.806: FMC ‘06 | 50 Tekelec Confidential
