Sunteți pe pagina 1din 81

Access SBC, P-CSCF/AGW Architecture

James Ni
July.18th, 2012

IMS Architecture

Zoom In: Access SBC

Zoom In: P-CSCF

Zoom In: IMS AGW

P-CSCF/AGW Architecture

P-CSCF Function Summary


Proxies SIP user registration:

Validates registration
Multiple IMPU
Resolves home domain address
Establishes security associations

Proxies SIP session transactions

Validates and forwards SIP messages


Translates SDP and interacts with PCRF
Compress/de-compress SIP messages
NAT and session border controlling

Acts as SIP UA
3rd party registration on behalf of UE
Session control on behalf of UE
Subscriber information exchange with S-CSCF etc.

Maintains signaling integrity and security


IMS AKA, IPSec ESP
SIP message confidentiality
7

P-CSCF Function Summary


Subscribes to Registration event package
Subscriber public information
Network event notifications

Application Level Gateway (ALG) functions

SDP examination and handling


Media transcoding control
Media NAT/NAPT/NAPT-PT
Media security
AGW control
Optimal Media Routing (OMR)
Explicit Congestion Notification (ECN)
IMS Communication Enablers (ICE)

Supports PCRF/PDF
Interacts with external PCRF/PDF
Implements internal PDF
QoS/Advanced QoS Features

P-CSCF Function Summary


Charging
Interface with CRF/CDF
CDR

Handles Emergency sessions


Interface with external E-CSCF
E-CSCF functions

Mobility Support
Visited P-CSCF functions

Lawful Intercept
Access Transfer Control Function (ATCF)

IMS AGW Function Summary


Transcoding
Media NAT

Media Security
Media Access Transfer Gateway (ATGW)

10

P-CSCF Protocols Overview

11

P-CSCF: Basic Registration and Call Control

12

P-CSCF Registration & Authentication (AKA)

13

P-CSCF Registration & Authentication (TLS)

14

P-CSCF Call / Session Flow

15

P-CSCF: Event Package Subscription

16

UEs Reg-state event package subscription

17

UEs debug event package subscription

18

P-CSCF: Multiple IMPUI Registration

19

Multiple IMPUI Registration after Initial Registration

20

P-CSCF: ALG Functionality

21

IMS-ALG Functionality Overview


Foundation

SDP Examination
AGW control procedure
ECN
OMR

IP Interworking

Hosted NAT
NAT Traversal
Media Address Translation
NA(P)T and NA(P)T-PT
ICE

Security
Media Security

Transcoding

22

SDP Examination

23

AGW Control: Non-call related procedures

3GPP TS 23.334
24

AGW Control: Call related procedures

3GPP TS 23.334
25

AGW Control: OMR


Control signaling path
Media path after OMR

Home IMS network Y:


Realm Yb.operatorY.net

Intermediate IMS
CN subsystem entities

190.1.15.2

190.1.15.3

IBCF-2

IBCF-3

TrGW

TrGW

13.24.1.2

13.24.1.3

Realm: X.operatorX.net, Y.operatorY.net

13.24.1.1

UE-A

IBCF-1

13.24.1.4

UE-B

IBCF-4
P-CSCF B

P-CSCF A

TrGW

192.0.2.1

TrGW
PCRF

PCRF
192.0.2.2

192.0.2.3

PDNGW

PDNGW
Visited network X:
Realm Xa.operatorX.net

3GPP TS 29.079
26

192.0.2.4

AGW Control: OMR basic message flow

27

AGW Control: OMR transcoding flow no MR reservation

28

AGW Control: OMR transcoding flow no MR reservation

29

AGW Control: OMR bypass unused MR

30

AGW Control: ECN

3GPP TS 24.229 / 23.334


31

IP Interworking
NAT Traversal

RFC3581 rport not applicable to RTP/RTCP


RFC4961 Symmetric RTP/RTCP
RFC3489/RFC5389 STUN (client-server)
STUN, TURN & ICE
SBC

NA(P)T & NA(P)T-PT


For IMS-AGW in media path
IP version interworking (NA(P)T-PT)
IP address/port translation (NA(P)T)

Hosted NAT
Both signaling and media paths traverse a NA(P)T device located in the customer
premises domain
Modify IP and port based on IP and port received from (for?) AGW

ICE (Interactive Connectivity Establishment)


STUN: Session Traversal Utilities for NAT
TURN: Traversal Using Relay NAT
32

IP Interworking: Hosted NAT

On receiving initial SIP REGISTER without integrity protection:


Do hosted NAT only If address in top-most via header != IP level address,

For SIP REGISTER without integrity protection and responses


Makes use of received and rport headers (RFC3261, RFC3581)

For other protected SIP messages


Applies UDP tunnel mode encapsulation to IPSec packets (RFC3948, TS33.203)
33

IP Interworking: Hosted NAT: Unprotected REGISTER and Response

34

IP Interworking: Hosted NAT: Protected Traffic


Protected traffic are delivered through IPSec ESP tunnel between UE
and P-CSCF
UDP ESP tunnel mode is used between the hosted NAT device and PCSCF for NATing the IPSec ESP tunneled traffic

35

IP Interworking: Media Address Translation

36

IP Interworking: ICE
STUN/TURN Client function
STUN/TURN Server function
Transportation: UDP, TCP, TLS-TCP

37

Transcoding Control

If ALG is acting as ATCF


Before PS to CS transfer, no transcoding is added
MSC server selected codec takes priority during PS to CS transfer

38

Security
Signaling Security
AKA, IPSec ESP
TLS

Media Security

39

P-CSCF: Security

40

Signaling Security: Mechanism Summary


Mechanism

Authentication

Integrity
protection

Use of security
agreement in accordance
with RFC 3329 [48]

Support (as defined in


3GPP TS 33.203 [19])

IMS AKA plus IPsec ESP

IMS AKA

IPsec ESP

Yes

Mandatory for all P-CSCF, ICSCF, S-CSCF

SIP digest plus check of IP


association (note2)

SIP digest

None (note 3)

No

Optional for P-CSCF, I-CSCF, SCSCF

SIP digest plus Proxy


Authentication (note 2)

SIP digest

None (note 3)

No

Optional for P-CSCF, I-CSCF, SCSCF

SIP digest with TLS

SIP digest

TLS session

Yes

Optional for P-CSCF, I-CSCF, SCSCF

NASS-IMS bundled
authentication (notes 4, 5)

not applicable
(note 1)

None
(note 3)

No

Optional for P-CSCF, I-CSCF, SCSCF

GPRS-IMS-Bundled
authentication (note 5)

not applicable
(note 1)

None (note 3)

No

Optional for P-CSCF, I-CSCF, SCSCF

NOTE 1:
NOTE 2:
NOTE 3:
NOTE 4:
NOTE 5:
NOTE 6:

Authentication is not provided as part of the IM CN subsystem signalling.


The term "SIP digest without TLS" is used in this specification to refer to both "SIP digest plus check of IP
association" and "SIP digest plus Proxy Authentication".
This security mechanism does not allow SIP requests to be protected using an IPsec security association
because it does not perform a key agreement procedure.
A P-Access-Network-Info aware P-CSCF is required in order to provide NASS-IMS bundled authentication.
The P-CSCF is restricted to the home network when performing this security mechanism.
Trusted node authentication. For example the MSC server enhanced for IMS centralized services has
authenticated the UE and as a consequence S-CSCF will skip authentication.

3GPP TS24.229
41

Signaling Security: AKA

42

Signaling Security: IPSec ESP Transport Mode


TS33.203 required

43

Signaling Security: IPSec ESP Tunnel Mode


TS33.203 NOT
required

44

Signaling Security: TLS

45

Media Security: Mechanism Summary


Key Management
Mechanism

Applicable to media

Support required by UE

Support required by IM
CN subsystem entities

End-to-access-edge
media security using
SDES.

RTP based media only.

Support RFC 3329


additions specified in
draft-dawes-dispatchmediasecparameter [174] and
SDP extensions
specified in table
A.317, items
A.317/34, A.317/36
and A.317/37.

P-CSCF (IMS-ALG) is
required.
P-CSCF needs to support
RFC 3329 additions
specified in draft-dawesdispatch-mediasecparameter [174] and
SDP extensions specified
in table A.317, items
A.317/34, A.317/36 and
A.317/37.
(NOTE)

End-to-end media
security using SDES.

RTP based media only.

Support SDP extensions


specified in table A.317,
items A.317/34 and
A.317/36.

Not applicable.

Not applicable.

End-to-end media
security using KMS.

RTP based media only.

Support SDP extensions


specified in table A.317,
items A.317/34 and
A.317/35.

Not applicable.

GBA and KMS support


required.

NOTE:

Network support
outside IM CN
subsystem entities
Not applicable.

Support of end-to-access-edge security is determined entirely by the network operator of the P-CSCF, which need not be
the same network operator as that of the S-CSCF.
Irrespectively of key management solution used, SRTP is used as the security protocol to protect RTP based traffic.

3GPP TS24.229
46

Media Security: SDES e2ae Procedure

3GPP TS33.328
47

Media Security: SDES e2e Procedure

3GPP TS33.328
48

Media Security: KMS e2e Procedure

3GPP TS33.328
49

P-CSCF: Emergency Service

50

ECS Network Architecture


(1) Call delivered to
IP PSAP with
location

location is used to
determine PSAP

U
E

SIP

Access

DNS
ENUM

RTP
RTP

Customer
Access
Network

HSS
Diameter

SIP

Backbone
Packet
Network

LRF/RDF
AS
AS
SIP

SIP

P-CSCF

I-CSCF

SIP

S-CSCF

IP PSAP
P-CSCF

SIP

SIP
SIP

RTP

(2) Call delivered to


legacy network
without Location
(Query for location
needed)

MRFC

SIP
RTP

SIP

BGCF
Call enters IMS with
location info
RTP

MS

SIP
SIP

MGCF
ISUP

IMS Emergency
Services Network

H.248

MGW

TDM

CAMA
E-MF

51

SS7

CAMA
E-MF

Legacy
PSAP

ECS Call Flow

52

Emergency Call Service (ECS)


P-CSCF Responses to ECS request:
Reject (ECS not supported in IMS)
Routing to CS ECS
Accept

Functional Requirements to P-CSCF:


ECS for registered and unregistered users
ECS within non-ECS registration
Unprotected requests

P-CSCF shall
Store a configurable list of local ECS identifiers (ECS number, URN)
Store a configurable list of roaming partners ECS identifiers

Handling ECS in P-CSCF


Routing requests to E-CSCF
Implementing E-CSCF functions

53

P-CSCF: Charging

54

Network Charging Overview

3GPP TS22.115
55

Logical Charging Architecture and Information Flows


Billing Domain

CS - NE
Service - NE
SIP AS
MRFC

CGF

CDF

MGCF
BGCF
IBCF
P-CSCF
I-CSCF

OCS

IMSGWF

S-CSCF
WLAN
SGSN
ePDG
S-GW
MME
P-GW

PCEF

OFFLINE

CHARGING

PCRF

ONLINE

AF

3GPP TS32.240
56

CHARGING

IMS Offline Charging Architecture


Billing Domain

Bi

Rf

CGF

CDF
Ga

Rf

BGCF
SIP
AS
MGCF
MRFC

Rf
Rf

MRFC
MGCF
SIP AS

Rf
Rf

P-CSCF
I-CSCF

Rf
S-CSCF

Rf

IBCF

Rf
E-CSCF

3GPP TS32.260
57

IMS Charging Flow

3GPP TS32.260
58

P-CSCF: ATCF

59

Access Transfer Control Function


Transfer services between access networks for service continuity
Sessions are anchored at the SCC AS
Sessions may also be anchored at ATCF in visited network

Access Transfer cases


PS CS
PS PS

ATCF

Allocates STN-SR (Session Transfer Number for SRVCC)


Includes itself for the SIP session
Controls ATGW to anchor the media path
Tracks session states to perform access transfer
Performs access transfer and updates ATGW media path
Updates SCC AS on access transfer
Handles failure cases during access transfer
Cleans up ATGW media after access transfer

ATCF inclusion
For roaming UEs
Based on local configuration, registered service, media capabilities, access type
60

ATCF flow: PS-PS

61

ATCF flow: PC-CS

62

P-CSCF: Mobility
Roaming & Handover Capability

63

3GPP Roaming Model


UE Accessing IMS Services with P-GW/GGSN in the Home network

64

3GPP Roaming Model


UE Accessing IMS Services with P-GW/GGSN in the Visited network

65

3GPP Roaming Model


UE Accessing IMS Services with P-GW/GGSN in the Visited network
via Visited Network IMS

66

P-CSCF Mobility
Roaming Capability as a Visited P-CSCF
Optimal Media Routing (OMR)
Roaming charging
Home Routing

67

P-CSCF Mobility: OMR

68

P-CSCF Mobility: Home Routing

69

P-CSCF Mobility: Handin


Registration

re-INVITE

70

P-CSCF Mobility: Handout

71

P-CSCF: Policy & Rule Functions

72

P-CSCF PCRF Interactions (Registration & Subscribe


to Notifications)

73

P-CSCF PCRF Interactions (UE Originated Session/Call)

74

P-CSCF PCRF Interactions (UE Terminated Session/Call)

75

P-CSCF QoS Parameter Mapping


TS 29.213 section 6.2

76

P-CSCF: Lawful Intercept (LI)

77

LI Architecture and Interfaces


X-interfaces are proprietary
CLI/SNMP
RADIUS
DIAMETER

ICE: Intercept Control Element

78

P-CSCF and LI Interfaces


X2: Call control events delivery

X1_1: (Optional) LI provisioning

79

P-CSCF with ICE: LI Activation Flow

80

P-CSCF with ICE: LI Deactivation Flow

81

S-ar putea să vă placă și