Embed Size (px)
Citation preview
SIP and IMS Enabled Residential Gateway
Sergio Romero Telefónica I+DJan Önnegren Ericsson ABAlex De Smedt Thomson Telecom
2
www.ist-muse.eu
Index
Introduction
Existing issues SIP & the CPN 3GPP vs IETF SIP
Proposed architecture SIP B2BUA Auxiliary file and DBs Complete architecture
Functional examples
Conclusions
3
www.ist-muse.eu
Introduction
IP multimedia services are becoming more and more demanded by residential users. Within this scenario: SIP protocol has been designed for controlling IP multimedia
sessions and is talented to replace previous signalling protocols like H.323 or the aged SS7
IMS has been presented as the framework able to provide a better service provisioning and control for IP multimedia services in a NGN architecture
the CPN needs to be “SIP&IMS-friendly”
4
www.ist-muse.eu
Existing issues – SIP & the CPN
Legacy terminals do not support SIP Legacy terminals (e.g. POTS or DECT phones) need a terminal adapter to
translate dated signalling protocols and to act as SIP UA
Private IP addressing at the CPN NA(P)T binding mechanisms at the RGW do not take into account that
SIP messages take transport address information in their payload. To provide an effective NA(P)T traversal solution other techniques must be applied (e.g. STUN, ICE, or ALG)
Traffic blocking at the RGW Firewall at the RGW needs to be configured to open signalling and media
ports (e.g. 5060/UDP for SIP signalling and 8000/UDP for RTP media)
5
www.ist-muse.eu
Existing issues – 3GPP vs IETF SIP
SIP profile 3GPP specifies a greater number of
compulsory messages 3GPP requires a greater number of
compulsory headers and has its own private headers (P-Headers)
SIP UA 1 IMS Core SIP UA 2
INVITE
INVITE100 Trying
100 Trying
183 Session Progress
183 Session Progress
PRACKPRACK
200 OK200 OK
200 OK200 OK
UPDATEUPDATE
180 Ringing180 Ringing
ACKACK
200 OK200 OK
INVITE tel:+1-212-555-2222 SIP/2.0Via: SIP/2.0/UDP [5555::aaa:bbb:ccc:ddd]:1357;comp=sigcomp;branch=z9hG4bKnashds7Max-Forwards: 70Route: <sip:pcscf1.visited1.net:7531;lr;comp=sigcomp>, <sip:scscf1.home1.net;lr>P-Preferred-Identity: "John Doe" <sip:[email protected]>P-Access-Network-Info: 3GPP-UTRAN-TDD; utran-cell-id-3gpp=234151D0FCE11Privacy: noneFrom: <sip:[email protected]>;tag=171828To: <tel:+1-212-555-2222>Call-ID: cb03a0s09a2sdfglkj490333 Cseq: 127 INVITERequire: sec-agreeSupported: precondition, 100rel Proxy-Require: sec-agreeSecurity-Verify: ipsec-3gpp; q=0.1; alg=hmac-sha-1-96; ealg=aes-cbc; spi-c=98765432; spi-s=87654321; port-c=8642; port-s=7531Contact: <sip:[5555::aaa:bbb:ccc:ddd]:1357;comp=sigcomp>Allow: INVITE, ACK, CANCEL, BYE, PRACK, UPDATE, REFER, MESSAGEContent-Type: application/sdp Content-Length: (…)
6
www.ist-muse.eu
Existing issues – 3GPP vs IETF SIP
Identities and security mechanisms 3GPP terminals require an ISIM application that stores public
identities (IMPUs), but also the private identity (IMPI) and the authentication key that are used during the complex Digest AKA mechanism. IETF RFCs only provides an HTTP Digest based authentication mechanism
3GPP uses IPsec ESP to provide integrity and confidentiality between the terminal and the IMS core . IETF RFCs do not cover the establishment of any kind of SAs
IMS Subscription
IMPI
Default IMPU#1
IMPU#2
IMPU#5
IMPU#4
Service Profile B
Service Profile A
Service Profile D
IMPU#3
Service Profile C
7
www.ist-muse.eu
Proposed architecture – SIP B2BUA
Definition A B2BUA is a signalling control and handling entity that after
receiving a SIP request/response can reformulate and send it out as a new request/response according to some given rules
A SIP B2BUA is able to manage and monitor the entire session state and parameters
Signalling handling and control
SIP UA SIP UA
Dialog #1
SIP UA SIP UA SIP UE SIP UE SIP UA
Dialog #2
SIP B2BUA
8
www.ist-muse.eu
Proposed architecture – SIP B2BUA
NA(P)T and firewall support For signalling flows, a B2BUA can change when necessary the IP
addresses and ports in the incoming or outgoing SIP messages For media streams, a B2BUA can interact with the NA(P)T
mechanism to provide the required bindings In both cases, a B2BUA can ask the firewall to open the required
ports
QoS assurance The B2BUA can obtain from the SDP payload what codecs are
going to be used in a multimedia session and interact with the CAC to check if there are enough resources to support the session
9
www.ist-muse.eu
Proposed architecture – SIP B2BUA
SIP interworking The B2BUA can generate, drop or modify different SIP messages
in order to provide the required interoperability between a 3GPP network and those SIP UAs located at the CPN that only can understand the simpler IETF SIP profile
The B2BUA is able to use the information stored in an ISIM to be authenticated against the IMS network and it also can establish the required SAs
Multimedia PBX The B2BUA can forward any SIP message at any time according
to some rules. Hence, it is able to route all the incoming and outgoing SIP calls as a traditional PBX
10
www.ist-muse.eu
Proposed architecture – Routing File
Routing File Rules to control the multimedia sessions that are managed by the
RGW. According to them, the B2BUA decides how outgoing or incoming sessions must be routed
<cpl> <incoming> <time-switch> <time dtstart=“20070703T090000” duration”PT8H”> <location url="sip:[email protected]"> <proxy/> </location> </time> </time-switch> </incoming></cpl>
11
www.ist-muse.eu
Proposed architecture – Auxiliary Databases
Credentials DB Local credentials that must be used
at the registration to authenticate home users against the B2BUA
Location DB Location information (bindings of
contact addresses and SIP URIs) used by the B2BUA to route the messages
Local Credentials: Users’ credentials for
SIP services [AoR, Username,
Password]
Location Info: Addresses of registered SIP
devices [Contact Address,
AoR]
Location DB
Credentials DB
12
www.ist-muse.eu
Proposed architecture – Auxiliary Databases
Service DBA. General B2BUA parameters
like status, supported SIP methods, etc.
B. SIP and IMS services parameters like servers addresses, listening ports, global credentials, etc.
This DB can be remotely managed via TR-069 by extending TR-098 data model
InternetGatewayDevice.B2BUA.SIPService.{i}.
Service parameters required for accessing a concrete SIP service
GlobalAoR User's identity for the corresponding SIP network. This address will be included in the location database of the service provider.
AuthenticationMethod HTTP Digest authentication or none authentication required for accessing the service provider network.Values: “None”, “Digest”Default: “Digest”
DigestUsername Username for digest authentication.
DigestPassword Password for digest authentication.
RegistrationPeriod Period over which the registration must be refreshed, in seconds.
RegisterExpires Register request Expires header value, in seconds.
ProxyServer Host name or IP address of the SIP proxy server.
ProxyServerPort Destination port when connecting to the SIP proxy server.Values: [0,65535]Default: 5060
13
www.ist-muse.eu
Proposed architecture – Signalling handling
SIP/IMS Handling and Control Routing & Control module modifies the
SIP signalling (according to the routing rules), and can interact with the CAC, the NA(P)T and the Firewall
SIP/IMS Interworking module adapts different SIP profiles and uses the IMS identities (IMPI and IMPUs) and the key stored in the ISIM
SIP/IMS Interworking
Routing & Control
IMS B2BUA
SIP UA SIP UA
ISIM
Credentials DB
Routing File
CAC, NAT, Firewall
IMS-Enabled RGW
SIP signalling
Other interactions
SIP/IMS Handling and Control
Service DB
Admin Service Provider
Location DB
TR-069
14
www.ist-muse.eu
Proposed architecture – General scenario
RGW
IETF SIP UE
IMS UE SIP UA
SIP UA
IMS B2BUA
Non-SIP UE SIP UA
Sign Conv TA SIP/IMS Handling and Control
No Security Association
Security Association
ISIM
IMS server(s)
P/I/S-CSCF
IMS UE SIP UA
ISIM
LAN WAN
FXS POTs or DECT BS
SIP UA
Sign Conv TA Sign Conv
SIP UA TA
FXO
CAC, NAT, Firewall
IETF SIP server(s)
SIP Server
IETF SIP UE
SIP UA
PSTN
Credentials DB
Routing File
Service DB
Location DB
SIP UA SIP UA
ISIM
15
www.ist-muse.eu
Functional examples – IMS registration
REGISTER
401 Unauthorized
REGISTER
REGISTERREGISTER
IMPIAuthentication
DIAMETER
401 Unauthorized401 Unauthorized
REGISTERREGISTER
200 OK200 OK
Waiting for firstlocal registration
Step 1
Step 2
Step 3
IETF SIP Profile 3GPP SIP Profile
S-CSCF AssignationDIAMETER
REGISTER
401 Unauthorized
Locate S-CSCFDIAMETER
REGISTER
User ProfileIMPU Registration
DIAMETER
200 OK
200 OK
SIP TerminalIMS RGW
B2BUA P-CSCF I-CSCF HSS S-CSCF
16
www.ist-muse.eu
Functional examples – IMS session
INVITE
200 OK
3GPP SIP ProfileIETF
SIP Profile
INVITE
100 Trying
100 TryingINVITE
INVITEINVITE
100 Trying100 Trying
100 Trying
183 Session Progress
183 Session Progress
183 Session Progress
PRACK
QoS Reservation
PRACKPRACK
PRACK
200 OK200 OK
200 OK
UPDATEUPDATE
UPDATEUPDATE
200 OK200 OK
200 OK200 OK 180 Ringing
180 Ringing180 Ringing
180 Ringing
PRACKPRACK
PRACKPRACK
200 OK (PRACK)
200 OK (INVITE)200 OK (PRACK)
200 OK (PRACK)200 OK (PRACK)
200 OK (INVITE)200 OK (INVITE)
200 OK (INVITE)
200 OK (INVITE)
ACKACK
ACKACK
ACK
Authorize QoS
Authorize QoS
183 Session Progress
QoS Reservation
180 Ringing
RTP
SIP Terminal
IMS RGWB2BUA P-CSCF S-CSCF I/S/P-CSCF IMS Terminal
IMS network #1 IMS network #2
17
www.ist-muse.eu
Conclusions
The proposed architecture pushes the incorporation of the CPN to the IMS/NGN...
It contributes to ensure the viability of the multimedia sessions interacting automatically with other blocks of the RGW
It provides a total control of the ongoing multimedia sessions to the RGW administrator
It is able to adapt the signalling and the security mechanisms to fulfil 3GPP requirements
