Upload
milton-hartle
View
220
Download
0
Tags:
Embed Size (px)
Citation preview
MUSE Winter School 2007
Residential Gateways for Multi-play Services
Alex De Smedt - ThomsonMUSE Winter SchoolBB Europe AntwerpDecember 6th, 2006
RGW for Multi-play Services — 2 MUSE Winter School - Dec 2007 Antwerp
Contents
Triple play – multiplay – FMC
Reference modelling
Conceptual Block diagram
Data plane – Bridging, firewalling, QoS
Control communication – authentication, IP connectivity, IMS/SIP
User types and dedicated access
The co-located hotspot case
Management communication – remote and local management
Parental control use case
Conclusions
RGW for Multi-play Services — 3 MUSE Winter School - Dec 2007 Antwerp
Terminology
Residential gateway: First box in the ‘house’ connected to the fixed broadband network, and performing interfacing to the line and some kind of switching (on Ethernet or IP layer)
Triple play - Quad play – Multi-playTriple: 3 media of multimedia data + voice + videoQuad: add Fixed Mobile Convergence (Mobile, hotspot)Multi: add also IMS, multimedia storage, media stream
redirections, secure streams, internal adapters, enablers and extended management
RGW for Multi-play Services — 4 MUSE Winter School - Dec 2007 Antwerp
The triple play box
RGW
Devices – terminals – user equipment – consumer equipment
Data
Audio
Video
Ethernet/IPnetwork
Internet
VoIP Phone
RGW for Multi-play Services — 5 MUSE Winter School - Dec 2007 Antwerp
About multimedia
What media is a downloaded movie?
So why do you think audio and video are separated from data?
Name two more important types of ‘communicated’ information
RGW for Multi-play Services — 6 MUSE Winter School - Dec 2007 Antwerp
Bandwidths: what can we get through?
802.11g: 54Mbits/s (shared)
802.3: 100 MBits/s (shared)
Access line: e.g.ADSL2: 24 Mbit/s downstreamBottleneck
How much channels can we get through over the access line?• Voice (64kbit/s)• Standard TV channel (1,5 Mbits/s)• HDTV channel (10 Mbits/s)
RGW for Multi-play Services — 7 MUSE Winter School - Dec 2007 Antwerp
The multi-play box : much more Interfaces & enablers!
Broadband network
Network type
adapter
Wi-Fi DECT
PVR
Hard disk
Printer
Ethernet cabling
Residential
gateway
Internet
LAN WAN
PSTNnetwork
RGW for Multi-play Services — 8 MUSE Winter School - Dec 2007 Antwerp
Interface/ports to RGW
Look at previous figure and list the possible interfaces/ports
RGW for Multi-play Services — 9 MUSE Winter School - Dec 2007 Antwerp
The FMC aspect – Quad-play
ConnectivityNetwork Provider
Networks
Internet
Default connectivity provider for
home 1
Home
Mobile pr.
Hotspot pr.
Fixed pr.
Fixed pr.
Co-located hotspot
Home user
Relocateduser
Hotspotuser
Mobileuser
RGW for Multi-play Services — 10 MUSE Winter School - Dec 2007 Antwerp
Network Reference Model and ref. points
U: network border
Auto-Configuration Server: configuring and managing RGW and devices
Residential network
Residential network
Residential network
Residential network
Service provider
Management
U A10
M
Transport network
Internet
EvolutionEthernet IP based
NGN
Residential network ACS
TR-069 Protocol
TR-098 Data Model
RGW for Multi-play Services — 11 MUSE Winter School - Dec 2007 Antwerp
Residential Network Reference Model
Ethernet MAC compatible networks can be attached to T2 interface
• HomePlug, HomePNA, Bluetooth
Non-IP based Terminations can be attached at R interface
I-NT1I-NT2CPNI-ST
UT1T2SR
SubscriberLine
I-TAI-ST’
I-NT12
RGW for Multi-play Services — 12 MUSE Winter School - Dec 2007 Antwerp
Example
I have an analog television. Where does it fit into the model?
What equipment would I need to communicate with the NGN?
Give an example of interface on the R reference point
RGW for Multi-play Services — 13 MUSE Winter School - Dec 2007 Antwerp
A residential gateway
The NT2 is the core of the RGW
Modem and service functions can be integrated
NT2 NT1UST
T2
TAR
Residential gateway
Bridging -
Routing
Enablers
RGW for Multi-play Services — 14 MUSE Winter School - Dec 2007 Antwerp
NGN Protocol Reference Model = system
IP Layer (L3)
Ethernet MAC Layer (L2)
Higher Layers Higher Layers
PHY Layer
L2
L3
L4-L7
Map protocols into this structure
FirewallRTP
L1
ICMP
Control + Managementcommunication!!!
RGW for Multi-play Services — 15 MUSE Winter School - Dec 2007 Antwerp
Example
Where would the TR-069 protocol fit into the model?
RGW for Multi-play Services — 16 MUSE Winter School - Dec 2007 Antwerp
Combination of PRM and network ref models
IPETHPHY
Media SIP TR69
IPETHPHY
SIP TR69
IPETHPHY
Media SIP
IPETHPHY
SIP
IPETHPHY
TR69PHY
ST NT2
(Routing type)
NT1
SIP Server/Proxy
Media Server
ACS server
U
M
A10
RGW for Multi-play Services — 17 MUSE Winter School - Dec 2007 Antwerp
Time for a conceptual 2-D block diagram
HigherLayersWAN
HigherLayers
LAN
Management plane
HL inter-operabilty
Data
Control
Mgt
Terminal adaptors
PSTN adaptorEnablers
Peripheral interface(s)
(FXO)(FXS/SCART/HDMI)
(USB)
(xDSL/xPON)
(ETH/
PLC/…)
Public IP address(es)
Private IP address(es)
IP-Host functions
Switching blockLowerLayers
LowerLayersInterfaces
1-n
IP-Host functions
WANLAN
RGW for Multi-play Services — 18 MUSE Winter School - Dec 2007 Antwerp
Data Plane Data transfer and termination
NT1
Ethernet Relay
NT2
Bridging/switching
(NAPT) + IP Forwarding
Firewalling
QoS
ST
Coding
Application protocols
RGW for Multi-play Services — 19 MUSE Winter School - Dec 2007 Antwerp
Switching and services
NT1NT2CPNST
Service Switching Transmission
PHY Relay
User side Network side
1 1
PHY
ETH ETH
IP IP
ETH Bridging
IP forwarding
PHY PHY
NA(P)T
Data transfer between User side and Network side
1 n
User side Network side
RGW for Multi-play Services — 20 MUSE Winter School - Dec 2007 Antwerp
Network Address (and Port) Translation
Mapping of IPaddress/port between 2 address domains L3/L4
RGWPrivate address domain192.168.0.x
Public address domain
NAPT192.168.0.2
192.168.0.3
192.168.0.4
192.168.0.186.163.23.45
Port0546808078564500
Port5678 Appl 20500 Appl 3
Port0080 Appl 1
DHCP client
RGW for Multi-play Services — 21 MUSE Winter School - Dec 2007 Antwerp
Practice
Check your IP addresses)Hint: STARTRun cmd IPconfigPrivate or public?
Private address ranges:10.0.0.0 - 10.255.255.255172.16.0.0 - 172.31.255.255192.168.0.0 - 192.168.255.255
RGW for Multi-play Services — 22 MUSE Winter School - Dec 2007 Antwerp
Example of security: firewall in the mgt plane
IP
L4
Network side User side
Higher Layers
(control plane/ Management)
IP
L4
Higher Layers
(control plane/ Management)
Firewall
NT2
IP Host
RGW for Multi-play Services — 23 MUSE Winter School - Dec 2007 Antwerp
Quality of Service: Diffserv
Queues buffer according to QoS Class and get a priority
Q bits : 6 in IP message, 3 in Ethernet message
MUSE: 4-5 QoS classes
First MileEth 100M
Buffer
HighPrio
LowPrio
ServingPrio
1
2
3
4
Queues
RGW for Multi-play Services — 24 MUSE Winter School - Dec 2007 Antwerp
Control communication
Call ControlIMS/SIP AuthSIP – SDP
Multicast sessionIGMP
Authentication (EAP!)802.1X/ WPA2EAPoverDHCPI-WLAN (mobile)
IP Session controlDHCP (replace PPP)
Connectivity Call/session signalling
RGW for Multi-play Services — 25 MUSE Winter School - Dec 2007 Antwerp
Control issues: Access at network side
Internet
“Here are my credentials, please allow me”
OK“Please give me an IP address”
Here it is
Authentication - EAP
IP configuration - DHCP
RGW Default NSPAccess Network
Co
nn
ecti
vity
Internet
Video session
Video Server
Ser
vice
Sig
n.
(IMS/ SIP/ IGMP)
PP
P
RGW for Multi-play Services — 26 MUSE Winter School - Dec 2007 Antwerp
Considerations
Why is PPP not OK in the NGN network?Hints: PPP works at layer 2PPP is acting in data transfer
DHCP works in layer 7. It asks for an IP addressHow can it get an address back?
RGW for Multi-play Services — 27 MUSE Winter School - Dec 2007 Antwerp
Authentication
Supplicant Authenticator AAA server
NetworkDevice/RGW
EAP method
EAP method
Authentication E.g.EAP-AKA(Mutual!)
RADIUS/Diameter
EAP EAP pass-through EAP
TransportRADIUS RADIUSOther Other
Set of messages
Enforcement Point (EP)
Enforce access on confirmed authentication
RGW for Multi-play Services — 28 MUSE Winter School - Dec 2007 Antwerp
DHCP; extending it with EAP (Future!)
NetworkDevice/RGW
DHCPClient
DHCPServer
Set of messages
IP address and IP configuration
EAP suppl.EAP
Passthrough
EAP over DHCP AAA serverAuthenticator
Enforcement Point
EAP-message as a field in the DHCP messages (EAPoDHCP)
RGW for Multi-play Services — 29 MUSE Winter School - Dec 2007 Antwerp
EAPoverDHCP (EoD) flows
EoD client – EoD server=Authenticator – AAA server
EAP-Request
DHCPDISCOVER(Auth-Prot=EAP)
DHCPEAP(EAP-Message)messages
Device not authenticated
EoD client EoD server
EAPoDHCP
AAA server
RADIUS
DHCPOFFER Access-Accept
EAP-Success, IP-conf
Access-Request
Access-Challenge
EAP-Request/Identity
EAP-Response/Identity
EAP-Request/AKA-Challenge
EAP-Request/AKA-Challenge
EAP-Success
Authentication phase
DHCPREQUEST
DHCPACK
Device authenticated
IP configuration phase
Access phaseDHCPREQUEST
DHCPACKIP@ renewal
Termination phaseDHCPRELEASE
Access-Request
EAP-Response
EAP-Request
EAP-Response
RGW for Multi-play Services — 30 MUSE Winter School - Dec 2007 Antwerp
Consider
What happens if EAP is not successful?
Is renewal of authentication a good idea? Why (not)?
RGW for Multi-play Services — 31 MUSE Winter School - Dec 2007 Antwerp
The NAPT-RGW and connectivity
RGW
NA
PT
WPA2
DHCP
DHCP or EAPoDHCPAAA server
RADIUSEoD
RGW for Multi-play Services — 32 MUSE Winter School - Dec 2007 Antwerp
Control communication protocol stack
IP
PHY
Call/ session controlConnectivity
SIP DHCP
TCP
802.1x&WPA2
Multicast control
UDP
SDP
L2
L3
L7
L1
L4
RADIUS
IGMP
EAP
EAPMethod
ETH
RGW for Multi-play Services — 33 MUSE Winter School - Dec 2007 Antwerp
Dedicated access instead of authentication
SSID: on wireless Ethernet layer
RGW
Children home usersSubject to parental control
VisitorsNo access to home network
SSID 1
Adult home users
Home users
WPA2
SSID 2Travellers Open
RGW for Multi-play Services — 34 MUSE Winter School - Dec 2007 Antwerp
Practice in case you have a PC
Check your SSIDWireless application; wireless networks
Whom of the users in the previous slide could have another provider than the normal connectivity provider for the home?
Multi-provider!
RGW for Multi-play Services — 35 MUSE Winter School - Dec 2007 Antwerp
User types in the residential environment
HU
PCU
RV
RU
HSU
LA
N
WA
N
OR
WirelessWireline
WPA2 Pers.
Open
QoS
Normal
Minor
default
NetworkProvider
hotspot
selected
(normal) Home User
Parental Controlled User
Restricted Visitor
Relocated User
Hotspot User
FMC cases
Filtering
User Type
RGW for Multi-play Services — 36 MUSE Winter School - Dec 2007 Antwerp
The co-located hotspot
Add some functionality in the RGW so that it directs flows to a hotspot NSP (fixed or mobile) offering IP-based services
Network provider
AAA server
AN +
RNPResidential
Gateway (RGW)Residential
network
SSID_Home
Access line
Default BB NSP provider
Internet
The residential network
Aggregate(secure) tunnel
Fixed Hotspot NSP
SSID_Hotspot
3GPP Hotspot NSP
Co-located hotspot
Hotspot function in
RGW
Traveller’s terminal
Advantage
RGW for Multi-play Services — 37 MUSE Winter School - Dec 2007 Antwerp
Access restrictions for hotspot users
Principle: Hotspot traffic fills up the UNUSED bandwidthon the access line
The RGW assures:
Limitation of number of hotspot users
‘minor’ QoS settings for hotspot users
Limitation of the maximum bandwidth used by hotspot providers
Logging!
E.g. 2-3 maximum
E.g. Best Effort only *
E.g. H% of total BWHotspot traffic100
%
100%
Home user traffic
H%
(100-H) %
RGW for Multi-play Services — 38 MUSE Winter School - Dec 2007 Antwerp
Calculate
H = 50%; actual home user traffic = 20% and hotspot traffic = 30%Show this point in the bandwidth sharing diagram
H = 50% and actual home user traffic = 70%What is the maximum actual hotspot traffic?Show this point in the bandwidth sharing diagram
RGW for Multi-play Services — 39 MUSE Winter School - Dec 2007 Antwerp
Typical secured flow for hotspot
I-WLAN solution
UE AP AAA
Associate
RGW NetworkDevice
End session for IKEv2
EP/AC
IKEv2(EAP)
End session.
DHCPDIAMETER(EAP)
Data tunnelling!
Solution for mobile network
Data
Authenticator
Internet
Mobile provider
RGW for Multi-play Services — 40 MUSE Winter School - Dec 2007 Antwerp
Signalling for (real-time) multimedia -SIP/IMS
RGW
IETF SIP UE
IMS UESIP UA
SIP UA
SIP/IMS B2BUA
Non-SIP UE SIP UA
Sign Conv TA SIP/IMS Handling and Control (SIHC)
SIP UA SIP UA
ISIM
Insecurity Association
Security Association
ISIM
IMS UESIP UA
ISIM
LAN WAN
FXS
SIP UA
Sign Conv TASign Conv
SIP UATA
FXO
CAC, NAT, Firewall
IETF SIP
UE
SIP UA
PSTN
IMS proxy
RGW for Multi-play Services — 41 MUSE Winter School - Dec 2007 Antwerp
Setting up an IP phone call
SIP
IP Phone
SIP Back2Back User Agent
QOS CAC
Accept OK?
Switching
RGW for Multi-play Services — 42 MUSE Winter School - Dec 2007 Antwerp
Management communication
TR-069 Remote mgt Protocol
TR-098 Management Information Base
(TR-064 Local mgt)
(UPnP LAN control)
Home administrator management
Layer management
RGW for Multi-play Services — 43 MUSE Winter School - Dec 2007 Antwerp
Management protocol reference model
IP
TCP
Ethernet
DSL
ETH OAM
ICMP
DSL-EOC
Layer Management
Interfacing toNetwork side
User side
L7 HTTP
Simple home
administratorManagement
Port 80
[SSL/TLS]
SOAP
HTTP
XML RPC
TR-069
Port 7547
RGW for Multi-play Services — 44 MUSE Winter School - Dec 2007 Antwerp
L4 port exercises
Both Web services and TR-069 protocol are http basedHow does the RGW now how to direct a flow to the correct function?
Home work(Default http port for web server is 80Configure a RGW incoming tcp ports from the access line for following http traffic:- a web server in RGW (e.g for remote access)- a web server in an attached PC (via NAPT)- TR-069 protocol)
RGW for Multi-play Services — 45 MUSE Winter School - Dec 2007 Antwerp
TR-069 and TR-098
Remote procedure calls- Get or Set parameter values- add or delete objects- reboot, download, upload- an more
Management information baseInternetGatewayDevice:-Tree structured-Some objects:
RGW=IGD
WANDevice
LAN
LANhostIP-forw.
Bridging
QoS
WLANACS info
Device info
LAN
device
USB Device
PSTNDevice
Time info
RGW for Multi-play Services — 46 MUSE Winter School - Dec 2007 Antwerp
http based local management example
To be completed
RGW for Multi-play Services — 47 MUSE Winter School - Dec 2007 Antwerp
Global Case: Parental control – based on time period
NTP
NTP@
Time Server
Accept OK?
Access Control
Intercept
HTTP
User Auth. Server
IP-Forward
Danny: Not after 22.00h
RGW for Multi-play Services — 48 MUSE Winter School - Dec 2007 Antwerp
The RGW system platform
Hardware and firmware/software
Processor and memory; operating system
Possibility for underlying software platform• For flexible system/service upgrading and extension• For multi-provider support
OSGi platform and ability of multiple virtual RGWs and/or services in one system Next presentation
RGW for Multi-play Services — 49 MUSE Winter School - Dec 2007 Antwerp
Conclusions
Residential gateway is an important first entity in the customer premises, offering switching and services to both the network and the LAN devices
Evolution from triple play (basically modem + bridge/router) to multi-play (extended control, management, interfaces and adaptor
Fixed Mobile Convergence implies different user types and co-located hotspot support
Authentication, connectivity, multi-provider support, SIP/IMS signalling, and remote management are important enablers
The RGW is a very complex box for almost no money