《Session Border Controller in IMS.ppt》由会员分享,可在线阅读,更多相关《Session Border Controller in IMS.ppt(33页珍藏版)》请在三一办公上搜索。
1、,Session Border Control in IMS,An analysis of the requirements for Session,Border Control in IMS networks,Jonathan Cumming,Director of VoIP Product M,Data Connection Limited100 Church StreetEnfield,EN2 6BQ,United Kingdom,http:/,Page i,Copyright 2005 Data Connection Limited.All Rights Reserved.http:/
2、,Executive SummaryThere is a lot of controversy and press coverage over both the role of Session BorderControllers(SBCs)and the design of the IP-Multimedia Subsystem(IMS).In thisenvironment it is difficult to determine what are the real issues for each technology,letalone how they need to work toget
3、her.This white paper is aimed at equipment manufacturers looking at building SBCfunctionality into their product range to target the IMS market,and carriers andconsultants looking to understand how an SBC fits into an IMS network.It explains why IMS networks need session border control and what alte
4、rnatives areavailable.It also looks at how these requirements are likely to evolve as services andaccess methods change,and discusses the function that products targeting this marketrequire.SBCs are described as both a cure-all for next generation telecommunications networksand an unnecessary attemp
5、t by carriers to stop their business becoming a simple bit-carrying commodity.This paper seeks to explain how these different views arise and thevaried roles that SBCs play in IMS.About the AuthorJonathan Cumming is Director of VoIP Product Management at Data Connection.During his 5 years at Data Co
6、nnection,he has held a range of development,marketingand product management roles.Jonathan has over 15 years experience in the communications software industry.Heholds an MBA from INSEAD and an Engineering degree from Cambridge University.First issued September 2005,First issued September 2005,Page
7、ii,Copyright 2005 Data Connection Limited.All Rights Reserved.http:/,Table of contents,1,Introduction.1,1.11.2,Overview of Session Border Control.2Overview of IMS.5,2,IMS Requirements for SBC.10,2.12.22.32.42.5,Security.11Monitoring.12Privacy.12VoIP Protocol Problems.12Summary.14,3,IMS architecture
8、for SBC.15,3.13.23.3,UNI.16NNI.17Reference Points.17,4,IMS SBC Products.19,4.14.24.3,Scope of function.19Management and Control.20Product Evolution.20,5,The Future.21,5.15.2,The Future of IMS.21SBC Function Evolution.22,67,Conclusion.25Further Information.26,7.17.27.3,Sources.26Reference material.26
9、Glossary of Acronyms.27,8,About Data Connection(DCL).28,8.18.28.38.48.5,Data Connection Network Protocols.28Data Connection Internet Applications.28Data Connection Enterprise Connectivity.29MetaSwitch.29About DC-SBC.29,Page 1,Copyright 2005 Data Connection Limited.All Rights Reserved.http:/,1,Introd
10、uctionThe IP-Multimedia Subsystem(IMS)defines the functional architecture for a managedIP-based network.It aims to provide a means for carriers to create an open,standards-based network that delivers integrated multimedia services to increase revenue,whilealso reducing network CapEx and OpEx.IMS was
11、 originally designed for third-generation mobile phones,but it has already beenextended to handle access from WiFi networks,and is continuing to be extended into anaccess-independent platform for service delivery,including broadband fixed-line access.It promises to provide seamless roaming between m
12、obile,public WiFi and privatenetworks for a wide range of services and devices.This move,from a centrally managed network with control over the core and accessnetworks to an open network with soft clients,represents a sea change in the applicabilityand deployment of IMS.Previously,it was aimed at ce
13、ntrally-managed networks withsignificant control over the core and access networks and the clients.Now it is moving toa much more open network model,where previous assumptions about the sorts ofconnecting networks and clients break down.This introduces the need for session bordercontrol at the netwo
14、rk boundary to provide security,interoperability and monitoring.This white paper examines these evolving requirements for IMS and where sessionborder control fits in the IMS functional architecture.It also assesses the market forequipment targeting this space;both the evolution of existing equipment
15、 to handle thesenew requirements and the likely future evolution as the market and technology mature.This chapter provides an overview of session border control and IMS.Chapters 2 and 3 cover the requirements for session border control in IMS and how thisfunction fits into the IMS architectureChapte
16、rs 4,5 and 6 discuss what products need to address these requirements,how thismarket is likely to change in the future,and what conclusions can be drawn from this.Chapter 7 provides a list of references to additional information and a glossary of theacronyms used throughout this document.Chapter 8 c
17、ontains information on Data Connection and its products.,SBC Protecting,Core,SBC Protecting,Enterprise,SBC Protecting,Core,SBC Protecting,Core,Page 2,Copyright 2005 Data Connection Limited.All Rights Reserved.http:/,1.1,Overview of Session Border ControlSession border control is not a standardized s
18、et of functions.Instead,Session BorderControllers(SBCs)have evolved to address the wide range of issues that arise whenvoice and multimedia services are overlaid on IP infrastructure.These include,security and prevention of service abuse to ensure Quality of Service(QoS)monitoring for regulatory and
19、 billing purposesmaintaining privacy of carrier and user informationresolution of VoIP protocol problems arising from the widespread use of,EnterpriseNetwork,PeerNetwork,Core Network,UNI,NNI,UE,firewalls and network address translation(NAT),and the vast array of differingprotocols and dialects used
20、in VoIP networks.These issues are relevant for access to both carrier and enterprise networks,and on bothUser-Network Interfaces(UNI)to end users and access networks,and Network-NetworkInterfaces(NNI)to peer networks.The following diagram shows where SBC function istypically required.SignalingMediaS
21、ervices,The diagram depicts a single device at the edge of each network(a traditional SBC),butthere is actually great flexibility in how this function is distributed.For example,a device in the access network might perform initial user authenticationan edge device might enforce access policy to limi
22、t Denial of Service(DoS)attacks and prevent bandwidth theftcore devices might limit the total usage for a particular group of users and detect,distributed DoS attacks.The location of each function will depend on the overall system design,including theavailability of processing resources and the leve
23、l of trust between the different devices.The following sections describe each of the SBC functions.For a more detaileddescription of Session Border Controllers,see our white paper:“Session BorderControllers:Enabling the VoIP revolution.”,Page 3,Copyright 2005 Data Connection Limited.All Rights Reser
24、ved.http:/,1.1.1,SecurityAn insecure network cannot charge for its use or provide a guaranteed QoS service,because unauthorized users cannot be prevented from overusing limited networkresources.SBCs can provide security and protection against,unauthorized access into the trusted networkinvalid or ma
25、licious calls,including Denial of Service(DoS)attacksbandwidth theft by authorized usersunusual network conditions,for example a major emergency.,Typical resources that require protection are bandwidth on access links and processingcapacity on network servers.In general,core network links can be che
26、aplyover-provisioned to help prevent them becoming bottlenecks.To provide this security,the SBC,identifies and authenticates each user and determines the priority of each calllimits call rates and resource usage to prevent overloadsauthorizes each media flow and classifies and routes the data to ens
27、ure suitableQoSprevents unauthorized access for both signaling and media traffic.,QoS across the core of the network is normally handled by an aggregated classificationmechanism,for example DiffServ,as this removes the overhead of reserving bandwidthfor each individual flow.The SBC may also be used
28、to enforce QoS in the access network by signaling to theaccess routers or instructing the endpoint to reserve necessary resources across the accessnetwork.Alternatively,an intelligent access network may independently determineappropriate QoS for the media streams by analyzing the call signaling mess
29、ages.,1.1.2,MonitoringNetwork usage may need to be monitored for regulatory reasons(such as wiretapping andQoS monitoring),as well as commercial reasons(such as billing and theft-detection).The monitoring devices need sufficient intelligence to understand the signaling andmedia protocols.They must a
30、lso be located at a point through which all media andsignaling flows.SBCs fulfill both these requirements as all traffic passes through an SBC to enter thenetwork.They provide a scalable,distributed solution to this processing-intensivefunction.,Page 4,Copyright 2005 Data Connection Limited.All Righ
31、ts Reserved.http:/,1.1.3,Maintaining PrivacyThe following two types of information need to be protected.,Information about the core network,which might provide commercially sensitiveinformation to a competitor or details that could aid an attack.Information about a user that the user does not wish t
32、o be made public.,An SBC can be used to remove confidential information from messages before they leavethe core network,including details of internal network topology and routing of signalingthrough the core network.It can also hide the real address of the user by acting as a relayfor both the media
33、 and the signaling.,1.1.4,Resolution of VoIP Protocol ProblemsSBCs can also act as gateways to heterogeneous networks;hiding any differencesbetween the protocols used in the core and access networks.This can include thefollowing.,Hiding access network topology,including the complexity of routing thr
34、oughNATs and firewall and to overlapping address spaces of VPNs or private IPaddress spaces.Interworking between devices and networks of different capabilities(such asconversion between SIP and H.323 signaling,or between IPv4 and IPv6,or evendifferent versions of H.323).Transcoding media flows betwe
35、en incompatible codecs.,Putting this function in the SBC,which is close to the access device,simplifies the corenetwork devices by limiting the range of protocol variations that they must support.,Page 5,Copyright 2005 Data Connection Limited.All Rights Reserved.http:/,1.2,Overview of IMSIMS is the
36、control plane of the 3rd Generation Partnership Project(3GPP)architecture forits next-generation telecommunications network.This architecture has been designed toenable operators to provide a wide range of real-time,packet-based services and to tracktheir use in a way that allows both traditional ti
37、me-based charging as well as packet andservice-based charging.IMS provides a framework for the deployment of both basic calling services andenhanced services,including,multimedia messagingweb integrationpresence-based servicespush-to-talk.,At the same time,it draws on the traditional telecommunicati
38、ons experience of,guaranteed QoSflexible charging mechanisms(time-based,call-collect,premium rates)lawful intercept legislation compliance.,Network operators also hope that IMS will cut their CapEx and OpEx through the use ofa converged IP backbone and the open IMS architecture.,The IMS architecture
39、 defines many common components(for example,callcontrol and configuration storage)so less development work is required to createa new service as this existing infrastructure can be reused.The use of standardized interfaces should increase competition between,suppliers;preventing operators from being
40、 locked into a single suppliersproprietary interfaces.As a result,IMS should enable new services to be rolled out more quickly and cheaply,compared with the traditional monolithic design of telephony services.,1.2.1,History and evolutionIMS was initially developed as a call control framework for pac
41、ket-based services over3G mobile networks as part of 3GPP Release 5(2003).It was then extended to includeWiFi roaming and additional services such as presence and instant messaging in Release6(2004/5).,Page 6,Copyright 2005 Data Connection Limited.All Rights Reserved.http:/,Although originally desig
42、ned for mobile networks,both ETSI TISPAN and theMulti-Service Switching Forum(MSF)have now also adopted the IMS architecture fortheir visions of fixed telecommunications networks.Discussions within these groups aredriving the IMS extensions to cover fixed networks in 3GPP Release 7(work-in-progress)
43、and many of the session border control requirements that fixed network accessintroduces.At this point,it should also be noted that the design of IMS Release 7 is not yet completeand there is ongoing disagreement over the scope and location of specific functions.However,although the names and details
44、 of the specification are likely to change,theprinciples and issues described in this document are unlikely to be significantly affected.,1.2.21.2.3,DriversAlthough originally developed for mobile operators,the main interest in IMS is fromfixed line operators,as the existing fixed-line network is ol
45、der and is due for replacement,whereas much of the mobile infrastructure has only recently been deployed.In particular,the current generation of fixed telephone networks is limited to narrowbandvoice services and is at great risk of being displaced by mobile and Internet telephonyservices.An IMS-bas
46、ed network would enable fixed line operators to offer a much widerrange of services,to help protect their market.Despite the widespread industry support for IMS,many uncertainties remain over itsvalue.The cost of providing such a QoS-enabled managed network is high comparedwith the Internets statele
47、ss model.Also,as the success of Vonage and Skype and manyother VoIP providers testifies,telephony services are easily provided over the publicInternet and the quality is sufficient for many situations.In order to justify the investment in IMS,the resulting service must be significantly betterthan th
48、at available over the Internet and people must be prepared to pay for it.WhetherIMS is a commercial success will be determined over the coming years,but competitionfrom Internet-based providers will make this a competitive market.ArchitectureIMS decomposes the networking infrastructure into separate
49、 functions with standardizedinterfaces between them.Each interface is specified as a“reference point”,whichdefines both the protocol over the interface and the functions between which it operates.The standards do not mandate which functions should be co-located,as this depends onthe scale of the app
50、lication,and a single device may contain several functions.,Page 7,Copyright 2005 Data Connection Limited.All Rights Reserved.http:/,PSTN,IPv6 Network,RACS,MRF,Control or,Signaling Plane,CSCF,R6:WiFi,R7:Broadband,MGCF,HSS,CoreNetwork,DSLAM,BAS/A=BGF,WAG,RAN,SGSN,PDG,GGSN,MRFP,MRFC,User or Transport
