VOIP IN A BROAD BAND ACCESS NETWORK

Document Sample
VOIP IN A BROAD BAND ACCESS NETWORK Powered By Docstoc
					VOIP IN A BROADBAND ACCESS NETWORK

An analysis of the issues facing service providers deploying voice services in an IP access network

A MetaSwitch™ White Paper Document VWP-002-0102

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

EXECUTIVE SUMMARY
OVERVIEW The term “Voice over IP” (VoIP) describes the transport of voice over IP based networks – including the Internet. Voice can be transported reliably and securely using IP and higher-level protocols – RTP/RTCP (Real Time Protocol/Real Time Control Protocol) with UDP/IP to transport digitized voice, and MGCP, H.248/Megaco, SIP and H.323 for signaling and device control. VoIP is increasingly being deployed to provide next generation access network solutions in both hybrid legacy/VoIP and complete end-to-end carrier VoIP networks. However, there are a number of issues that a service provider must consider in order to provide a PSTN-quality service in this way. This White Paper outlines the architecture and benefits of VoIP in a carrier broadband access network as part of new service deployment or a PSTN evolution strategy. It then goes on to examine the main potential issues in such deployments and the key decisions a service provider must make in order to successfully use VoIP in this role. CONCLUSIONS VoIP, as provided over a broadband access network, has several advantages over traditional, timedivision-multiplexed service provided over the PSTN (Public Switched Telephone Network). It is particularly effective as a platform for rolling out new services or as a means to converge voice and data networks onto a single cost-reduced network. The key network design choices a carrier must make when utilizing VoIP in the broadband access network are as follows. • • What services need to be offered, for example full PSTN equivalence, or a more restricted “cheap second line” service. How much bandwidth is available in the last mile network, which will affect the choice of voice codec, packetization period, and where to use compression to best meet the service goals. Whether echo control is required to ensure that voice quality is not hampered by the inherent delay in IP-based access networks. Which signaling protocols support the service set required. PSTN-equivalence is more easily achieved by the use of device control protocols such as MGCP or H.248, rather than service protocols such as H.323 or SIP. However, SIP is maturing quickly and is rapidly achieving a dominant position in the VoIP market. The types of end user terminals supported – POTS phones, PC clients, IP Phones or PBXs. Whether the Quality of Service requirement for voice requires that packetized voice be prioritized over data traffic, typically using Diffserv or MPLS.

• •

• •

Copyright © 2002-2004 MetaSwitch, a division of Data Connection

Page i

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

•

The security risks must be clearly identified and appropriate techniques employed to ensure that the call agents, in particular, are protected from attack. This is a particular problem if direct SIP traffic is supported, as opposed to POTS phones connected to trusted edge devices. Lawful interception requirements in many countries will prevent a public carrier from allowing direct connection between IP phones. All calls must be routed via an access gateway that hides any intercepts in place. IP addressing becomes more complex if the service is to be offered wholesale to other carriers (e.g. in conjunction with several data ISPs). Typically, VoIP- aware NAT/firewall devices (for example, Session Border Controllers) must be deployed to allow voice and data traffic to flow between different IP address domains. Emergency and Operator Services support. The regulatory environment may require lifeline support (with emergency power arrangements) and provision of location information on emergency calls.

•

•

•

The best solution to these issues, which all interact to some degree, must be tailored to suit the particular service set a carrier wishes to offer – but the solutions do exist and VoIP can be successfully deployed in the carrier broadband access network with careful network design.

NOTICE
Copyright © 2002-2004 MetaSwitch, a division of Data Connection. This white paper is provided for informational purposes only. MetaSwitch and Data Connection make no warranties, express or implied, as to the accuracy of the content. MetaSwitch and Data Connection are registered trademarks of Data Connection Limited and Data Connection Corporation. All other brand and product names are trademarks or registered trademarks of their respective owners.

Copyright © 2002-2004 MetaSwitch, a division of Data Connection

Page ii

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

CONTENTS
1. Overview of Voice over IP ........................................................................................................ 1 1.1 Broadband Access Network............................................................................................... 1 Subscriber Gateway ................................................................................................... 2 Access Concentrator .................................................................................................. 2 Edge Router............................................................................................................... 2 BRAS (Broadband Remote Access Server) .................................................................. 2 Trunk Gateway ......................................................................................................... 2 Session Border Controller .......................................................................................... 3 Media Server ............................................................................................................. 3 Signaling Gateway ..................................................................................................... 3 Call Agent ................................................................................................................. 4 Application Server ..................................................................................................... 4 Networks .................................................................................................................. 4

1.1.1 1.1.2 1.1.3 1.1.4 1.1.5 1.1.6 1.1.7 1.1.8 1.1.9 1.1.10 1.1.11 2.

Benefits of Voice over IP ........................................................................................................... 5 2.1 2.2 2.3 2.4 2.5 Competition...................................................................................................................... 5 Regulation ........................................................................................................................ 5 Reduced Costs .................................................................................................................. 5 Improved Services and New Opportunities ........................................................................ 6 Summary .......................................................................................................................... 6

3.

Issues in a Broadband Access Network...................................................................................... 7 3.1 3.2 3.2.1 3.2.2 3.2.3 3.3 3.3.1 3.3.2 3.3.3 3.3.4 3.3.5 3.4 3.5 Service Set ......................................................................................................................... 7 Signaling Protocols............................................................................................................ 8 Device Control Protocols ........................................................................................... 8 Service Protocols........................................................................................................ 8 Conclusion ................................................................................................................ 9 Quality of Service (QoS).................................................................................................... 9 Diffserv ................................................................................................................... 10 RSVP....................................................................................................................... 10 MPLS ...................................................................................................................... 11 Packet Fragmentation .............................................................................................. 11 Conclusion .............................................................................................................. 12 Echo Control .................................................................................................................. 12 Bandwidth Utilization ..................................................................................................... 13
Page iii

Copyright © 2002-2004 MetaSwitch, a division of Data Connection

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

3.5.1 3.5.2 3.5.3 3.5.4 3.5.5 3.5.6 3.6 3.7 3.7.1 3.7.2 3.7.3 3.7.4 3.7.5 3.8 3.8.1 3.8.2 3.8.3 3.9 3.9.1 3.10 3.11 3.12 3.13 3.14 3.15 3.16 4.

Choice of codec ....................................................................................................... 13 Packetization ........................................................................................................... 13 Header Compression ............................................................................................... 14 Packetization Period vs. Latency............................................................................... 15 Silence Suppression .................................................................................................. 15 Conclusion .............................................................................................................. 15 Reliability and Scalability ................................................................................................ 15 Security........................................................................................................................... 16 Denial of Service ...................................................................................................... 16 Theft of Service........................................................................................................ 16 Invasion of Privacy................................................................................................... 17 Security Model......................................................................................................... 17 Conclusion .............................................................................................................. 19 IP and PC Phones ............................................................................................................ 19 Best Effort Service vs. Guaranteed Service................................................................. 20 Signaling.................................................................................................................. 20 Media Prioritization................................................................................................. 20 IP Address Domains ........................................................................................................ 20 Firewall and NAT Traversal .................................................................................... 20 Fax and Modem Support................................................................................................. 23 Auto-Configuration ........................................................................................................ 23 Cost of VoIP Endpoints ................................................................................................... 24 Loop Testing................................................................................................................... 24 Lawful Interception......................................................................................................... 25 Emergency Services ......................................................................................................... 26 Transmission of DTMF................................................................................................... 26

Application Examples............................................................................................................. 27 4.1 4.2 Example One – Broadband Loop Carrier Service ............................................................. 27 Example Two – SIP Smart-Phone Service......................................................................... 28

5. 6.

About MetaSwitch.................................................................................................................. 29 Conclusion ............................................................................................................................. 30

Copyright © 2002-2004 MetaSwitch, a division of Data Connection

Page iv

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

1.

OVERVIEW OF VOICE OVER IP

At its simplest, Voice over IP is the transport of voice using the Internet Protocol (IP). However, voice over IP doesn’t imply the use of the public Internet. Private, managed IP networks are required to guarantee security, quality and reliability. IP, by itself, merely provides an unreliable datagram service. Higher layer protocols are required to deliver a voice service. • • Real Time Protocol / Real Time Control Protocol (RTP/RTCP) using UDP/IP as a transport protocol is used to transport the digitized voice. One of a number of signaling or device control protocols is used to set up and tear down voice calls, including MGCP (Media Gateway Control Protocol), Megaco (also known as H.248), SIP (Session Initiation Protocol) and H.323. BROADBAND ACCESS NETWORK

1.1

VoIP can be deployed in many different network segments. Historically, it was mostly deployed in the backbone and enterprise networks. More recently carriers have started to deploy VoIP in their access networks – which introduces additional constraints and issues discussed in section 3. Figure 1 presents a generalized view of a broadband access network in a fully distributed functional form.
Media Server Call Agent Application Server

Last Mile Sub. Gwy Access Conc. Edge Router Session Carrier Border Backbone Controller

Signalling Gateway PSTN Trunk Gateway

ISUP/SCTP RTP MGCP or H.248 Internet SIP

BRAS

ISP

Figure 1: Fully Distributed Broadband Access Network In general, there is no single, agreed understanding of the functional elements in a broadband access network, and in a real deployment, many of the functions are likely to be combined. The following sections outline the function of each of the elements in Figure 1.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 1

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

1.1.1

Subscriber Gateway

This element, also known as the residential gateway, IAD, ATA or MTA, is one type of media gateway. It terminates the WAN (Wide Area Network) link (DSL, T1, fixed wireless, cable etc) at the customer premises and typically provides both voice ports and data connectivity. Usually, it uses a device control protocol, such as MGCP or Megaco, under the control of the call agent. An IAD (Integrated Access Device) typically provides eight or more voice ports via a single broadband link and is targeted at business users. An ATA (Analog Telephone Adaptor) normally provides only one or two analog phone connections and is targeted at residential users. An MTA (Multimedia Terminal Adaptor) is used in cable deployments and may provide a variable number of voice ports at the customer premises. In some scenarios, the subscriber gateway may be replaced by an edge router that forwards SIP and/or MGCP from the WAN link to IP phones and/or PC-based ‘soft’ phones, usually via a LAN connection. 1.1.2 Access Concentrator

This element terminates the WAN links used over the “last mile”, and concentrates voice and data traffic, typically at the service provider premises. For example, in a DSL network, this is a DSLAM; in a cable network, a CMTS. The access concentrator may absorb subscriber gateway functions in some architectures. For example, some DSLAMs or BLCs can support direct POTS connections and will packetize the analog voice under the control of the call agent. A BLC (Broadband Loop Carrier) is controlled directly via a device control protocol, such as MGCP or Megaco, and provides a large number (thousands) of direct POTS connections. Although it is analogous in function to a Subscriber Gateway, it is typically owned and managed by the service provider and deployed at the service provider premises. 1.1.3 Edge Router

The edge router routes IP traffic onto the carrier backbone network. It may also provide other functions, such as header (de)compression and multiplexing. This element may be combined with the access concentrator. 1.1.4 BRAS (Broadband Remote Access Server)

The key function of the Broadband Remote Access Server (BRAS) is to provide access from the carrier backbone network to an ISP’s (Internet Service Provider’s) network. Typically, it provides subscriber management and authentication functions. This element may be combined with the edge router. 1.1.5 Trunk Gateway

The trunk gateway sits between the carrier IP backbone and the TDM (Time Division Multiplexing)based PSTN. It provides transcoding from the packet-based voice, VoIP onto a TDM network. Typically, it uses a device control protocol, such as MGCP or Megaco, under the control of the call agent.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 2

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

1.1.6

Session Border Controller

The Session Border Controller acts as a signaling proxy for protocols such as MGCP and SIP. It has a number of important functions. • • It protects voice resources in the core network from misuse by providing access control and protecting against Denial-of-Service attacks. It can implement VoIP-compatible NAT (network address – and port – translation) between public and private domains, in which the IP addresses embedded in VoIP signaling messages are also translated. It can act as an Active Firewall, allowing external access to the core network on the basis of a dynamic binding established by a call set up. It can modify and/or enforce Diffserv markings on a per-session basis, to help to implement a guaranteed Quality of Service for VoIP calls.

• •

Inclusion of Session Border Controller(s) is one of the main differences between a carrier-class VoIP architecture and a less secure enterprise network. 1.1.7 Media Server

This element is also called an announcement server. For voice services, it uses a control protocol, such as MGCP or SIP, under the control of the call agent or application server. Some of the functions this device can provide are • • • • • • • 1.1.8 playing announcements mixing – providing support for 3-way calling etc codec transcoding tone detection and generation interactive voice response (IVR) processing fax processing voice activity detection. Signaling Gateway

This element acts as a gateway between the call agent signaling and the SS7-based PSTN. It can also be used as a signaling gateway between different packet-based carrier domains. It may provide signaling translation (between SIP and SS7) or simply signaling transport (i.e. transport of SS7 over IP). It has a protocol interface to the call agent.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 3

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

1.1.9

Call Agent

This element is also called a media gateway controller, or a softswitch. It provides the call logic and call control signaling for one or more media gateways, maintaining call state for every call on each media gateway. Many call agents include service logic for CLASS services (such as Caller ID and Call Transfer), and may interact with application servers to supply services that are not directly hosted on the call agent. 1.1.10 Application Server

This element provides the service logic and execution for one or more applications or services that are not directly hosted on the call agent. For example, it may provide • • • • voice mail and unified messaging conference calling facilities pre-pay or calling card applications call screening.

Typically the call agent will route calls to the appropriate application server when a service is invoked that the call agent cannot itself support. 1.1.11 Networks

The last mile network, carrier backbone, ISP and PSTN networks shown in Figure 1 may all be owned and operated by different companies. In many cases, the carrier backbone and ISP networks will be separate and will use separate IP addressing schemes. The implications of this for IP addressing and security trust models are highlighted in section 3.9.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 4

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

2.

BENEFITS OF VOICE OVER IP

There are many reasons for a service provider to consider migrating to Voice Over IP in the access network. These reasons include increased competition (from a variety of sources), the need to replace legacy equipment, the reduced cost of deploying and operating IP-based networks, and the new services and revenue opportunities that arise from VoIP deployments. 2.1 COMPETITION

VoIP is no longer a niche play. Practically every major carrier (including all the U.S. Regional Bell Operating Companies) now have VoIP deployments and plans to grow them. Telecommunications service providers – even rural independent telephone companies – are also facing increased competition from cable operators and “VoInternet” vendors (such as Vonage and AT&T) that offer innovative VoIP services. As a result, there is an increasing strategic imperative for all telecom service providers to develop their own VoIP service. 2.2 REGULATION

VoIP is a new service and it is not yet clear exactly how it will be regulated in many countries. Some regulators look likely to treat VoIP services exactly as for existing TDM telephony services but others are treating VoIP like less tightly regulated data services. For example, in the US there has been a lot of uncertainty and dispute about the regulation of VoIP services which has yet to be resolved. However, the FCC has made it clear it does not want to apply all existing regulations to VoIP services and just wants to apply the minimum sets of rules, such as providing legal interception and emergency services. Combined with the uncertain regulatory future of UNE-P (Unbundled Network Element – Platform) services in the US, the probable regulatory changes provide a powerful incentive to migrate to a facilities-based VoIP offering. 2.3 REDUCED COSTS

Existing TDM equipment and legacy switches are reaching the end of the road. Service providers must cap their investment in legacy equipment and start to migrate to next generation broadband networks. For service providers examining the business case for VoIP, it is clear that the consolidation of voice and data in one network provides an excellent migration strategy and significantly reduces cost, for a number of reasons. • • • IP is ubiquitous. Whatever the access network type, IP is invariably available for the transport of both data and packetized voice. IP leverages data network capacity. IP equipment is typically faster and cheaper than ATM or TDM equipment – a gap that is increasing rapidly every few months.
Page 5

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

• • •

Re-routing of IP networks (e.g. with MPLS) is much cheaper than, say, SDH protection switching. IP equipment has lower management and operating costs. The open standards on which VoIP is built foster increased vendor competition. The proof of this is that the number (and quality) of available VoIP endpoints is rapidly increasing and their cost is rapidly decreasing. IMPROVED SERVICES AND NEW OPPORTUNITIES

2.4

VoIP is also the key technology that will enable next generation networks to deliver innovative converged voice and data services that are difficult or impossible to implement with the current PSTN infrastructure. Integration with smart IP phones or PC-based soft-phones offers a much richer telephony interface to end-users. These endpoints are typically SIP-based, although there are also some MGCP and H.323 based IP phones. • • • IP-based internet applications, such as email and unified messaging, may be more easily integrated since the data and voice services are delivered on a single IP plane. There is a rapidly growing market for the provision of VoIP-based IP Centrex services to SMEs. The flexibility of next generation platforms allows for the development of new services. • • Development cycles are typically shorter than for TDM-based equipment. VoIP products, unlike legacy TDM switches, often support open service creation environments (such as SIP or Parlay) that allow third party developers to invent and deliver differentiated services. A growing range of “feature server” vendors are leveraging this aspect of VoIP to deliver advanced services platforms that extend the core capabilities of softswitches. In addition, many service providers are themselves using these interfaces to develop their own set of custom-built services.

VoIP technology also allows service providers to expand outside of their existing service area, leading to significant new revenue opportunities, without additional capital expenditure. The hype surrounding VoIP is also leading to significant venture capital money flowing to VoIP Service Providers. This provides additional opportunities for service providers that are able to develop and deploy VoIP services ahead of the curve. 2.5 SUMMARY

VoIP technology and deployments are rapidly developing an unstoppable momentum. Most service providers recognize that VoIP is the direction of the future for telecom access networks and that they must now rapidly identify how to migrate from today’s networks to reap the promised rewards. The remaining sections of this paper examine the challenges facing service providers starting out down this path.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 6

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

3.

ISSUES IN A BROADBAND ACCESS NETWORK

In order to deploy a carrier-grade VoIP service in a broadband access network, various issues need to be addressed. • • • • • • • • • • • • • • • Service set to be offered, and the types of end user terminal supported. Choice of signaling protocol. Quality of Service (QoS). Echo Control. Bandwidth utilization. Reliability and Scalability. Security. IP address domains and Network Address Translation (NAT) Fax support. Auto-configuration. Cost of VoIP endpoints Loop testing Lawful interception Emergency and Operator services Transmission of DTMF

The following sections give an outline of each of these issues, options for resolving them and recommended solutions 3.1 SERVICE SET

At the risk of stating the very obvious, the crucial first decision facing the designer of a VoIP network is the service set that needs to be supported. This could range from a minimal set of services for “teen line” offerings alongside data services, through to full PSTN equivalence and advanced services for carriers wishing to replace their current infrastructure with a new converged network for all subscribers. An important part of the service design is choosing the types of end user terminal that are to be supported. Possible choices include • • • • POTS “black phones” PBXs and key systems soft-clients (including PC, Web and WiFi PDA applications) IP phones (which may be wired Ethernet, WiFi, and hybrid WiFi/cellular).
Page 7

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

The choice of service and terminals is outside the scope of this paper, but does interact with many other network design decisions. Where this interaction is particularly important, we have highlighted it in the discussion of other issues below. 3.2 SIGNALING PROTOCOLS

Numerous different signaling protocols have been developed that are applicable to an access network. They fall into two classes. • • 3.2.1 Device control protocols e.g. MGCP and H.248 (Megaco). Service protocols, e.g. SIP and H.323. Device Control Protocols

Media Gateway Control Protocol (MGCP) and H.248 (Megaco) are access device control protocols. They deal with functions like on/off hook handling, detecting hook-flash and DTMF tones, and basic announcements and provide the same function as the existing PSTN interfaces today. They are effectively identical in purpose and very similar in syntax. Both are used by call-aware control entities to control call-unaware devices. MGCP has wide industry acceptance in North America, particularly in IADs, BLCs and ATAs. Network Call Signaling (NCS), which is based on MGCP, has been adopted by CableLabs (see www.cablelabs.com) as the basis of their PacketCable VoIP standards. H.248 has the blessing of formal industry standards bodies such as the ITU (International Telecommunications Union) and IETF (Internet Engineering Task Force) and has much wider industry acceptance in Europe. It is also now starting to gain traction in North America and in particular it is becoming the protocol of choice for control of trunk gateways owing to the ongoing work in the ITU, MSF and other bodies to ensure it scales sufficiently well to handle these larger boxes. 3.2.2 Service Protocols

Session Initiation Protocol (SIP) and H.323 are peer-to-peer service protocols for establishing sessions between communicating entities. The key difference from device control protocols is that the end-points, typically subscriber gateways or IP phones, are required to maintain call state and provide call services. In this respect they are similar to ISDN. SIP has now gained a lot of industry momentum and is widely regarded as the protocol of choice for all applications regardless of any drawbacks or limitations. H.323 still has a significant installed base, particularly in Asia, but is now viewed as a legacy protocol. It is important to note that, because of its “intelligent” nature, a SIP endpoint takes over a lot of processing that is traditionally handled by a centralized Class 5 switch – such as deciding how to handle an off-hook event, or performing call-transfer or three-way calling. This is clearly in many instances a strength – but it must be understood that it makes some services traditionally provided by Class 5 switches hard or impossible to deliver. For example, it is not possible to have a SIP endpoint set up as “off premise extension” in the way supported by many legacy switches.
Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection Page 8

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

3.2.3

Conclusion

Although SIP has generated a huge marketing bandwagon behind it and many people consider VoIP and SIP to be synonymous, it is still much harder to provide a full PSTN-equivalent service using SIP than with a device control protocol. Therefore service providers that are looking to deploy a replacement PSTN service are probably best to use one of the device control protocols.
SIP is much more suitable to service providers deploying a new service offering, either to their existing customer base or in new locations. Note that the above comments apply only to VoIP protocols in the access network. In the core, softswitch-to-softswitch signaling is typically via legacy protocols (such as SS7), or via SIP (or a variant such as SIP-T). Discussion of those protocol options is outside the scope of this white paper. In conclusion, both the device control protocols (MGCP and Megaco) and SIP have their place in a Next Generation VoIP Network and service providers should look for vendors able to offer both options. 3.3 QUALITY OF SERVICE (QOS)

Quality of Service (QoS) is one of the biggest issues facing the deployment of VoIP in a broadband access network. The PSTN provides a very high-quality service; the speech quality is high and no perceptible echoes, noticeable delays, or annoying noises are heard on the line. This is a tough standard to meet. Voice quality is very sensitive to three key performance criteria in a packet network. • • • Delay. Jitter. Packet loss.

Unfortunately, IP, by its nature, provides a best-effort service and does not provide guarantees about the key criteria. There are three solutions to the problem of providing guaranteed QoS. • • • Allocate more bandwidth. Implement a QoS protocol, such as Diffserv, RSVP or MPLS to guarantee prioritization of voice media streams over best-effort data. Carry voice media streams on a logically separate path from data.

Allocating more bandwidth in the access network (for example, running fiber to every subscriber) is not economically viable. Therefore, this section will discuss the remaining options for providing guaranteed QoS in the access network.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 9

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

3.3.1

Diffserv

Diffserv (Differentiated Services) is a relatively simple means of prioritizing different types of traffic – in particular, prioritizing voice traffic above data traffic. Basically, Diffserv makes use of the IPv4 Type of Service (TOS) field (and the equivalent IPv6 Traffic Class field) to specify the Differentiated Services Code Point (DCSP). Each DSCP is mapped to a particular forwarding type, known as PerHop Behavior (PHB), according to the policy set for the network. Diffserv defines two types of PHB; expedited forwarding (EF) and assured forwarding (AF). Expedited forwarding PHB can be used to build a low-loss, low-latency, low-jitter, assuredbandwidth, end-to-end service through Differential Service domains. Such a service appears to the endpoints like a point-to-point connection or a “virtual circuit”. EF is provided by ensuring that queuing delays at each transit node are removed. This is done by assigning to a given traffic stream a minimum departure rate from each transit node that is greater than the pre-agreed maximum arrival rate. Assured forwarding PHB is a service in which packets from a given source are forwarded with a given probability, provided that the traffic from that source does not exceed some pre-agreed maximum. There are four AF classes. Each class is allocated a certain amount of forwarding resources (buffer space and bandwidth) in each transit node. Within each AF class, IP packets are marked with one of three possible drop precedence values. In case of congestion, the drop precedence of a packet determines the relative importance of the packet within the class. A congested transit node tries to protect packets with a lower drop precedence value from being lost by preferably discarding packets with a higher drop precedence value. Diffserv is fairly straightforward to implement and has already been widely deployed. It requires the following. • • • Media gateways must set the DSCPs to differentiate high-priority traffic, such as voice, from lower-priority traffic, such as data. All transit nodes – including the subscriber gateway, access concentrator and edge router – need to implement an appropriate queuing mechanism, such as weighted fair queuing. If the VoIP Access Network includes untrusted IP phones or PC-based softphones, it may be advisable to disregard any DSCP markings received from these devices and to override them when the corresponding packets reach the first trusted node. RSVP

3.3.2

RSVP (Resource Reservation Protocol) is a more complicated protocol that enables resources to be reserved for a session before any attempt is made to send or receive traffic. Though more complicated than Diffserv, RSVP provides QoS guarantees equivalent to a circuit-based network.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 10

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

RSVP currently offers two levels of service. • • Guaranteed – which is equivalent to circuit emulation. Controlled load – which is equivalent to a best-effort network under no-load conditions.

RSVP sets up via an explicit path through the network, using a signaling protocol, and reserves resources for the flow at each transit node. These reservations are ‘soft’ and need to be refreshed periodically. RSVP is harder to implement than Diffserv. Subscriber gateways must implement the RSVP protocol and set up paths through the network for voice traffic. In addition, RSVP usually requires all routers and access concentrators to be upgraded. 3.3.3 MPLS

MPLS (Multi-Protocol Label Switching) is not primarily a QoS solution, although it can be used to support the QoS requirements. Instead, it is a new switching architecture, which is used instead of IP routing. Standard IP routing requires each router to examine the IP header and determine the next hop, normally based on the IP address. MPLS takes a different approach. It attaches a label to each packet at the ingress point of the network. The packet and its label are passed to the next node, which examines the label and determines next hop and label to use. The key difference from IP routing is that the label is determined at the point of ingress and can be chosen based on criteria such as destination and QoS requirements. It can then force a packet to take a specific route through the network, which can be important for ensuring QoS. For MPLS to work, the labels used need to be distributed to all the nodes. Several protocols have been defined to do this, including an extended version of RSVP and LDP (Label Distribution Protocol). The path a particular packet takes through the network is referred to as a Label Switched Path (LSP). MPLS is harder to implement than Diffserv. It can also be used in conjunction with Diffserv so that, for example, the subscriber gateways use only Diffserv in the last mile network, but the edge router maps the different DSCPs into traffic engineered LSPs across the backbone. Such a solution avoids the need for MPLS-awareness outside the core network equipment, and is typical of the QoS architecture envisaged for many carrier VoIP networks. 3.3.4 Packet Fragmentation

It is also necessary to minimize delay in the access network. One key issue is that packets are transported serially, and once a packet has started transmission, no other packets can overtake it. Data packets are much larger than voice packets and can take a significant time to transmit. For example, transmitting a 1500 byte packet over a 256 kbps upstream ADSL link takes approximately 45 milliseconds. This may introduce unacceptable delay and jitter to the voice service sharing that link.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 11

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

The solution if this is a problem is to fragment large data packets so that higher-priority voice traffic does not have to wait in a queue. There are two mechanisms available for fragmentation. • Use a Layer 2 protocol that provides fragmentation, such as ATM or Frame Relay. For example, service can be provided using two ATM Permanent Virtual Circuits (PVCs), one for the voice path and one for the data path. As ATM cells are always 53 bytes, the transmission delay is minimal. Note that using only a single PVC does not resolve the issue, as it is not possible to interleave voice and data packets on a single PVC. Fragment the data packets using IP fragmentation. This requires the subscriber gateway and access concentrator to fragment large data packets into small IP packets before transmitting them across the access network. However, this approach does impact performance within the network, either requiring the Broadband Remote Access Server (BRAS) to reassemble data packets before forwarding them into the network, or imposing a higher packet forwarding load on routers throughout the network. Conclusion

•

3.3.5

Diffserv is the most suitable QoS protocol for the access network. It is lightweight and straightforward to implement, yet provides adequate guarantees of QoS to provide high-quality voice services. RSVP and MPLS are much more complicated and the additional guarantees provided are not required in an access network, which typically shares a point-to-point non-routed link between data, voice and possibly video traffic. However MPLS can be usefully deployed in the core network and interoperates with Diffserv in the access network. In addition, one of the mechanisms for data fragmentation may be required. Using two PVCs is a good technical solution but negates some of the benefits of using VoIP. In particular, it increases the configuration and management requirements. However, IP fragmentation is undesirable, as it greatly increases the number of IP packets in the data network and could impact the service provided. The choice of solution is likely to be dependent upon the particular network architecture, and subscriber gateways need to be capable of implementing either. 3.4 ECHO CONTROL

This is a subject that could fill a complete white paper on its own, so we will restrict the discussion here to a short summary of the issues that will be familiar to many readers already. The current PSTN echoes a user’s own voice back into the earphone of their handset, caused by the 2-wire to 4-wire bridge in the far end central office. This echo is not noticeable provided that the total round-trip delay is kept below about 150ms. Much effort has been expended on the current TDM-based PSTN to ensure that this is achieved or, if it cannot be, that echo cancellation DSPs are provided to remove the echo and hence improve the voice quality. However many national networks assume very tight limits, sometimes less than 20ms, on the total delay that is permitted in the access network in order to optimize the number of locations where echo cancellers are deployed, for example only at international gateway switches.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 12

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

Unfortunately VoIP access networks using long packetization periods and low bit-rate codecs to maximize bandwidth efficiency cannot meet these tight delay budget restrictions. Hence echo cancellation should be deployed on all calls that are passed out to the PSTN via a trunk gateway. If this is not done, the voice quality will be perceived as patchy. For example, local calls may be fine owing to the short delay in the PSTN, but inter-state calls may be affected by echo problems. Most trunk gateways incorporate echo cancellation DSPs. However the carrier should check that sufficient DSP is provided for the mix of calls they envisage using or, ideally, for all calls so that there can never be any shortage of DSP to cause intermittent voice quality issues. If a carrier already implements echo cancellation on all calls, for example at the trunking layer in a mobile network, the VoIP trunk gateways may not need to include echo cancellation DSPs. 3.5 3.5.1 BANDWIDTH UTILIZATION Choice of codec

A key determinant of bandwidth utilization is the choice of codec. Typically, a service provider (or the subscriber) has to make a trade-off between • • a higher bandwidth codec such as G.711, which is used in legacy TDM networks and therefore delivers PSTN-equivalent (or “toll quality”) voice a low bandwidth codec such as G.729, which can encode at 8kbps, but delivers reduced (but generally better than cell-phone) call quality.

One consideration with lower bitrate codecs such as G.729 is that, as an increasing number of long distance and international carriers use compressed VoIP in the core of their networks, calls over those networks may be subject to multiple hidden decode/recode steps. Because of the quality degradation entailed by each of those steps, subscribers may experience very poor voice quality when their calls are routed over such networks. The moral is that service providers should tread carefully when selecting codecs as the situation is often more complex than it appears. 3.5.2 Packetization

Continuing the theme of hidden complexity with codecs, service providers need to be aware that the stated bitrate of a codec is not the same as the bandwidth taken up by a voice stream using that codec. To understand this, we need to look a little more closely at the way voice is carried in an IP network. In a VoIP network, digitized voice is transported using real-time protocol (RTP). A typical voice sample is less than 100 bytes, but the combined headers (routing information at the front of every packet) are at least 40 bytes. For example, using G.726-32 with a 15-millisecond packetization period generates 60-byte voice samples. Assuming IP is carried over ATM AAL5, the voice packet also requires • • • a layer 2 transport header – such as RFC 2684 (obsoletes RFC 1483) = 8 bytes the IP, UDP and RTP headers = 40 bytes an AAL5 trailer = 8 bytes.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 13

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

The full voice packet occupies 116 bytes (shown in Figure 2 below), which requires three ATM cells (each carrying up to 48 bytes), giving ~62kbps of bandwidth with a transmission efficiency of 37%. This eliminates the theoretical bandwidth saving from G.726-32 compared with using 64kbps G.711.

Figure 2: Uncompressed Voice Packet Given that the access network is of limited bandwidth and one of the advantages of using VoIP is that it should be possible to use lower bit codecs to save bandwidth, a mechanism for reducing the overhead may be required. The main approach is to implement IP header compression. 3.5.3 Header Compression

IP header compression is defined in IETF RFCs 2507, 2508 and 2509, and allows for compression of the RTP, UDP and IP headers. This reduces the RTP, UDP and IP header overhead from 40 bytes to an average of 4 bytes. For the same G.726-32 example discussed above, the compressed header voice packet now occupies 80 bytes (shown in Figure 3 below), which requires two ATM cells, giving ~42kbps of bandwidth with a transmission efficiency of ~75%. The full header still flows on the first packets so bandwidth must be allocated to allow for this, but subsequent packets just send the differences between the RTP/UDP/IP header and the previous header.

Figure 3: Compressed Voice Packet The downside is that header compression requires state information at each endpoint, and consumes additional CPU and storage on each endpoint. When using a Layer 2 protocol with a fixed cell size, such as ATM, header compression does not automatically reduce the bandwidth required: bandwidth saving only occurs if the number of cells necessary to send each voice sample is reduced, because the cells are zero-padded. In the example given above, the number of ATM cells required to transmit each voice sample is reduced from three to two, but the packetization interval does need to be selected carefully to maximize the bandwidth efficiency when traversing a cell-based network.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 14

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

3.5.4

Packetization Period vs. Latency

An alternative approach is to increase the packetization period. This increases the transmission efficiency as the payload is increased in size while the packet headers remain fixed. However, there is an obvious trade-off as this will also increase the latency in the voice path. 3.5.5 Silence Suppression

Silence suppression is a well-known bandwidth optimization technique employed by VoIP devices, whereby packets are only sent if the speaker is actually speaking (i.e. the voice sample is above a minimum “background noise” threshold). This can reduce the total bandwidth required by more than 50%, since most conversations are only one-way at any given time – the listener need not send any packets while the other party is speaking. The main drawback of this technique is that it often results in “clipping”, where the start of phrases do not get transmitted, interrupting natural speech flow. Service providers should also make sure that “comfort noise” is generated for the other party – as pure silence is generally interpreted by users as indication that the call has been dropped. 3.5.6 Conclusion

Carriers should choose the media codec and packetization period for the digitized voice path with care. Lower bandwidth codecs do not necessarily result in the bandwidth savings that might be expected. For best results, the packetization period for voice must be carefully chosen to match the cell boundaries of any cell-based network technology, such as the ATM layer underlying DSL. Header compression and silence suppression can also provide a useful bandwidth saving in a broadband access network at the expense of requiring some CPU overhead per endpoint (and in the case of silence suppression, issues with “clipping”). A key decision is where these endpoints should be located – with typical choices being the subscriber gateway at one end and either the access concentrator or edge router at the other. In general, it is not worth trying to use voice or header compression or silence suppression in the backbone network, where bandwidth is less scarce than in the access network. If a carrier is only supporting POTS lines from a combined access concentrator and subscriber gateway (for example, a voice-capable DSLAM or DSL-capable DLC), there may be no need to support compression anywhere in the network. 3.6 RELIABILITY AND SCALABILITY

The PSTN achieves five-nines reliability, equivalent to fewer than five minutes per year downtime, and it handles millions of simultaneous calls. A VoIP network needs to achieve similar levels of reliability and scalability.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 15

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

The required reliability and scalability can be achieved in a VoIP network by using redundant and load-sharing equipment and networks. The call agent, access gateway, trunk gateway, signaling gateway and media server need to be fault tolerant. Fault tolerance requires • • • • • 3.7 redundant hardware redundant network connections hot-swap capability no single point of failure software and firmware upgradeable without loss of service. SECURITY

The PSTN has been very resistant to security attacks and has not suffered from significant problems since the introduction of SS7 out-of-band signaling. A VoIP broadband access network must address three key security issues. • • • 3.7.1 Denial of service. Theft of service. Invasion of privacy. Denial of Service

A denial of service attack prevents legitimate users of a network from accessing the features and services offered by that network. Denial of service attacks are extremely difficult in the PSTN but all too common in packet networks. There have been several successful attacks on web servers on the Internet, even including the White House. In a complicated network, there are many possible denial of service attacks. Some examples include sending false signaling messages so that a call agent is fooled into believing that a party has gone onhook and bombarding a device with pings or other packets so frequently that it has no spare processing power to process legitimate requests. 3.7.2 Theft of Service

Theft of service attacks are aimed at the service provider, where the attacker simply wants to use a service without paying for it. The most common form in the current PSTN is called subscriber fraud, where a subscriber sets up an account with a service provider using false billing information, for example a stolen credit card. Other forms of theft are more technical, often utilizing “black boxes” or similar to fool the network into providing free service. In a VoIP access network, bandwidth is a key resource, and is important to billing for calls. Therefore, the network needs to be protected from subscribers stealing bandwidth.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 16

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

3.7.3

Invasion of Privacy

Subscribers to the PSTN expect that their calls are private, and that no third party can eavesdrop (with the exception of lawful interception). The PSTN achieves this privacy mainly by physical security mechanisms – the wire from a subscriber’s home is only connected to the local exchange or digital loop carrier and cannot easily be accessed. This is not the case with cordless phones or first-generation cell phones. It is easy to eavesdrop on these calls, using a radio receiver – as some celebrities have found out to their cost. 3.7.4 Security Model

A VoIP broadband access network must be designed to address security threats. For each interface, the following must be considered. • • • Authentication and Non-repudiation. Access control. Integrity and Confidentiality.

Another important consideration is the security of the network elements under the carrier’s control, particularly the Call Agent. A full discussion of the related security issues is beyond the scope of this document, but as a minimum the network elements should be physically secure, locked down, accessible only via secure logon methods and password protected. It may also be advisable to implement intrusion detection systems on sensitive network elements such as the Call Agent. NonAuthentication and Non-repudiation Fundamentally, the problem is that elements in a VoIP network are identified by an IP address, but it is quite possible to ‘spoof’ a source IP address and steal someone else’s identity. The various elements in the network must authenticate each other’s identity. In particular, this applies to the VoIP endpoint (subscriber gateway or IP phone) and the call agent. The call agent must authenticate the VoIP endpoints under its control to ensure that nobody is fraudulently using another subscriber’s identity to obtain service. This also provides non-repudiation as the subscriber cannot legitimately claim that another party has made a call or sent a particular fax. It is less important for VoIP endpoints to authenticate the call agent, but it is possible to imagine a scenario in which a hacker has compromised the security of a call agent and set up a dummy call agent in order to eavesdrop. Authentication of SIP and MGCP endpoints is provided via the HTTP digest mechanism. This algorithm is based on a shared password between the Call Agent and the VoIP endpoint. HTTP digest does not provide encryption or integrity protection – these concerns are addressed by TLS (see below).

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 17

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

An alternative approach to authentication in an IP network is provided by IPSec, where the IP authentication header (AH), using transport mode, provides the required level of authentication. Using IPSec requires the distribution of encryption keys. Keys may be distributed via periodic updates or manually – for example, by shipping subscriber gateways with a key already installed. The main disadvantage with IPSec is that it may prevent NAT traversal, as it encrypts UDP and TCP headers. Access Control Access control is required to ensure that only authorized subscribers are permitted to use the telephony services. For example, subscribers who have not paid their bills may have service disconnected or only be permitted to call emergency services. In addition, access control is required to prevent subscribers from exceeding their permitted media bandwidth allocations. Access control requires control of both the signaling and the media flows. The call agent is responsible for controlling the signaling flows. For example, it can take a VoIP endpoint out of service or reject all call attempts other than to emergency services. The media flows are typically controlled by the use of a Session Border Controller (this is one of the key differences between a carrier-class VoIP architecture and less secure enterprise networks). This device is responsible for policing all media flows to and from VoIP endpoints to ensure that only authorized flows are permitted. It silently drops any media flows that are not authorized, to prevent denial of service and theft of service attacks. With Diffserv, the policing involves checking (and possibly updating) the DSCP marking of each packet and routing or dropping the packet as required. Note that the Session Border Controller may also be responsible for implementing NAT and Active Firewall functionality, depending on the overall network design. Integrity and Confidentiality A subscriber expects calls and faxes to be private and unintercepted and not changed by a third party. A certain level of privacy and integrity protection can be provided by encrypting signaling flows throughout the broadband access network. This can be done with an IPSec encapsulation header, as in the packet cable standards. An alternative approach to encryption for SIP signaling is to deploy TLS (Transport Layer Security). TLS is the IETF standardized version of SSL (secure sockets later). It runs over TCP or SCTP and provides end-to-end encryption of the packet contents. For SIP, this means it encrypts all the SIP headers as well as the SIP body. It should be noted that encryption of media flows is extremely computationally expensive and will not be feasible in most scenarios. A more complete approach to privacy therefore requires protection of the access network, in addition to encryption of the signaling flows. It is easier to meet this requirement in a VoIP network using a point-to-point architecture for the last mile – DSL, for example – than in a VoIP network using shared media such as cable or fixed wireless for the last mile.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 18

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

In both cases, the carrier IP backbone must be protected from unauthorized access and denial of service attacks. This protection is most easily achieved using a private, managed IP network with strictly limited firewall access or no access to any public networks. Alternatively a VPN can be used to tie together a private IP address space across a (semi) public IP access network. VPN networks provide both integrity protection and authentication for traffic flowing in both directions. They also remove the requirement for NAT, which simplifies VoIP network design. If SIP or MGCP access to the network is supported using public IP addresses (or from a different IP address domain), it is strongly recommended that the call agent is not given a public IP address. Instead, Session Border Controllers at the network edge can gateway public access into the secure private network. These proxies can also act as “fuses” to limit damage to the service received by the carriers own customers during a concerted denial of service attack. 3.7.5 Conclusion

It requires significant effort to make a VoIP broadband access network secure. It is not possible to give a one-size-fits-all solution for the security model a carrier should employ in a VoIP broadband network. At a minimum a carrier must • • • determine the security domain boundaries in the network, which includes deciding whether subscriber gateways are trusted devices secure the backbone network, in particular the call agent, against attack using firewalls and Session Border Controllers at the network edge police media flows into the core network using a Session Border Controller (or an access control function in the edge router) to prevent high priority voice bandwidth being usurped for other purposes that have not been authorized implement authentication of VoIP endpoints and other non-trusted entities using HTTP digest, IPSec or similar.

•

Encryption may also be required to prevent eavesdropping. 3.8 IP AND PC PHONES

One of the key benefits of moving to a VoIP network is the ability to support PC soft-clients and other IP- telephony-capable devices that can offer a much richer interface, for example using webbased GUIs. These “soft IP phone” applications are typically attached to a subscriber gateway via local Ethernet or wireless (802.11). The PC-based nature of these devices places some additional requirements on the VoIP network, though some of what follows also applies to dedicated IP phones connected via a LAN.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 19

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

3.8.1

Best Effort Service vs. Guaranteed Service

It is perfectly possible to use an IP phone to connect to an ITSP (Internet Telephony Service Provider) using the Internet. Indeed, competition rules may require that the carrier allow their customers to do this even if they also subscribe to a voice service from that carrier. However, such calls receive only best effort service. This allows the carrier to compete with ITSPs by offering guaranteed high voice quality for calls placed using their own call agent and VoIP broadband access network versus the much more variable quality an ITSP can deliver over the public internet. Note that calls placed via ITSPs do not involve any of the elements in the VoIP broadband access network. In Figure 1 (in section 1.1), the traffic follows the Internet connection to a separate data network. 3.8.2 Signaling

IP and PC phones typically use one of the various service protocols described in section 3.2.2, such as SIP. 3.8.3 Media Prioritization

To provide guaranteed quality of service, the subscriber gateway must route the media packets from the locally attached IP phones onto the VoIP network. To prevent denial of service and theft of service attacks, each call needs to be authorized by the call agent, and only packets for authorized calls should be routed on to the VoIP network with the voice DSCP. Put another way, the subscriber gateway should not trust the DSCP marking given to it by LAN-connected IP phones. 3.9 3.9.1 IP ADDRESS DOMAINS Firewall and NAT Traversal

Both carrier and customer networks must provide firewall protection and network address translation between the locally administered IP domain and the public IP network. The firewall must prevent all packets except signaling messages and voice packets from recognized IP domains from entering the customer or carrier network. Network address translation (which is assumed here to also include port translation) allows a limited number of external IP addresses to be shared amongst many internal devices or network elements. The difficulty for VoIP is that the signaling messages contain embedded IP addresses and UDP/TCP ports that are used to establish RTP media streams. Standard NAT and firewall applications are unaware of this embedded information and therefore they are not translated. If this is not resolved, the media streams will fail to be established. There are essentially two approaches to firewall / NAT traversal for VoIP networks. • • Deploy a Session Border Controller. Use a protocol such as STUN or ICE.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 20

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

Session Border Controller (SBC) The most widely deployed solution is to use a Session Border Controller, which acts as a VoIPprotocol aware NAT device that will translate the embedded IP addresses and ports before forwarding the signaling messages on to the external network. The key advantage of this approach is that it will work with any VoIP device and any type of NAT. The main disadvantages are the cost of adding an additional network element and that it does not support end-to-end encryption. The Session Border Controller must decrypt the signaling messages, translate the embedded addresses and then re-encrypt. This increases the functional and computational burden and requires that the SBC has knowledge of the encryption key for each signaling flow. A Session Border Controllers typically operates as a firewall device. Alternatively, it can be deployed inside a firewall provided it is in the DMZ (that is, provided is has both public and private interfaces). Another possible configuration is to deploy a separate firewall that also implements NAT translation. In this scenario, the SBC does not need to be in the DMZ and must simply update the embedded IP addresses and ports in all VoIP signaling messages before passing them on to the Firewall/NAT. This approach requires a static NAT mapping for the SBC on the Firewall/NAT device. Session Border Controllers can be designed to reside in either the customer network or the carrier network. The main difference is one of scale. A customer premises SBC may also require the ability to link together the RTP media streams for a call between two local VoIP devices, to avoid the additional cost and latency of external media flows. However, it should be noted that this may break the requirements for lawful interception, if there is a requirement to transparently monitor media flows at the carrier’s premises. The following (simplified) diagram illustrates some typical SBC deployment scenarios.
172.19.8.3 172.19.8.2 Customer LAN 172.19.8.1 SBC (NAT / Firewall) 191.18.0.1 191.19.0.1 Last Mile / Public Internet NAT / Firewall Call Agent 10.0.0.2 10.0.0.1 Service Provider IP Network

Firewall

10.0.0.3 SBC

DMZ
172.19.7.1

191.20.0.1 SBC (NAT) Customer LAN 172.19.7.3
VoIP Flows Network Security Boundary

172.19.7.2

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 21

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

STUN protocol An alternative approach to NAT / firewall traversal is to use STUN (Simple Traversal of UDP through NAT). The VoIP device uses the STUN protocol to contact the STUN server to determine the external IP address and port number that it should use. The main advantages of this approach are that it does not require a separate SBC network element and supports end-to-end encryption. The main disadvantage is that it only works with VoIP devices that support the STUN protocol and does not work with symmetric NAT, although there is a similar solution known as TURN (Traversal Using Relay NAT) that does support symmetric NAT using a media relay.
STUN Server

NAT / Firewall

Last Mile / Public Internet

NAT / Firewall

Customer LAN VoIP Endpoint

Service Provider IP Network Call Agent

STUN Flows VoIP Flows Network Security Boundary

ICE Methodology There is a variation of this approach called Interactive Connectivity Establishment (ICE). ICE is not a new protocol, but is rather a methodology that makes use of existing protocols. It is more flexible than STUN, removes the requirement for a VoIP device to make any assumptions about how it is connected to any other VoIP device and facilitates the selection of an optimal media path when multiple options are available. ICE also supports the transition from IPv4 to IPv6. However, it does require that all the participating VoIP devices support certain extensions to the existing VoIP protocols and that they can respond to STUN requests and is not currently widely supported. The initiating VoIP device uses any available mechanisms (STUN, TURN, VPN, pre-configuration) to determine a list of IP address/port combinations that it can use to receive media from other VoIP devices. These IP addresses are prioritized and sent in the VoIP signaling request as a set of alternative media options (this requires a minor extension to the existing VoIP protocols). If the receiving VoIP device does not support ICE, it uses the default media IP address. Otherwise it sends STUN requests to all listed IP addresses and will use the highest-priority address from which it receives a response. This requires that the initiating VoIP device can reply to these STUN requests.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 22

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

3.10

FAX AND MODEM SUPPORT

The PSTN supports fax and modem calls, and is very reliable. Calls connect on almost every attempt and rarely fail. A VoIP network must provide a similarly reliable fax and modem service. However, fax and modem traffic imposes some additional constraints beyond voice traffic. Compared to voice traffic, fax and modem traffic is much more sensitive to packet loss but less sensitive to overall delay. In addition, lower bit-rate codecs are optimized for voice traffic and cannot transport fax or modem traffic. T.38 defines how fax can be sent in an IP network as pure data, independent of the voice traffic. However, it is a relatively recent standard and requires the use of either a T.38 capable Subscriber Gateway or fax machine. V.150 defines a similar mechanism for modem traffic and is even newer and less widely supported. Alternatively, fax and data can be supported successfully over an IP network by switching to a full bit-rate codec (such as G.711). The media gateways need to detect a fax or modem call by monitoring for a 2100 Hz answer tone and switch to G.711 without silence suppression for fax or modem calls. Echo cancellation may also need to be turned off according to the procedures described in G.168. Note that the detection and switch to G.711 needs to be performed in a timely manner, to allow the fax / modem to train at the highest possible data rate. 3.11 AUTO-CONFIGURATION

One significant difference between a POTS (plain old telephone service) network and a VoIP network is that intelligent subscriber gateways and IP phones now reside on the customer premises. These complex devices need to be configured, unlike a POTS phone, so auto-configuration becomes important as the network scales up. The configuration requirements for a VoIP endpoint vary depending upon the network architecture, but can include the following. • • • • • • • • • • IP address, subnet mask and default IP gateway. Name of primary and optionally secondary call agent. Call progress tones, including frequency, cadence and power. Analog line configuration, e.g. loop start/ground start, voltages on line. SNTP server address and time offset. Trivial File Transfer Protocol/ File Transfer Protocol (TFTP/FTP) server address. Virtual LAN ID if using Ethernet. ATM PVC parameters if using ATM. Frame Relay PVC parameters if using Frame Relay. FTP user ID and password.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 23

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

Some of these requirements can be addressed using DHCP, but others require some form of management interface such as SNMP, LDAP or UPnP (Universal Plug and Play). Considerable work has been done in the DSL Forum to address auto-configuration of DSL equipment, but to date the issue of auto-configuration in VoIP networks has not been addressed. 3.12 COST OF VOIP ENDPOINTS

While in its infancy the cost of VoIP endpoints was significantly greater than that of equivalent TDM or ATM equipment. However, the cost of the chipsets required to implement VoIP is falling rapidly and that combined with increasing sales volumes and competition in the VoIP endpoint market has driven down the cost to the point where VoIP endpoints, IADs, IP Phones and soft phones are now less than or equal to equivalent TDM or ATM equipment. 3.13 LOOP TESTING

The PSTN has extensive capabilities for remote line (loop) testing to minimize the necessity for technicians to attend street cabinets or customer premises. The testing capability includes both testing the line unit and the distribution wiring. A VoIP broadband access network must provide similar capabilities. The line unit comprises the electronics that drive the loop. For a POTS line, the line unit includes the codec, the line hybrid that converts from four-wire to two-wire operation, the ringing generator and the loop current detector, which detects on-hook and off-hook conditions on the line. The distribution wiring includes all wiring between the line unit and the customer’s phone equipment. If the line unit is located in the customer premises, then the distribution wiring comprises only the wiring within the customer premises. If the line unit is located in a remote terminal, such as a street cabinet or vault, then the distribution wiring includes also the loop between the remote terminal and the customer premises. PSTN remote testing capability addresses three distinct types of test. • • • Distribution wiring test. This tests the wiring from the line unit (such as the distribution frame or DSLAM) to the customer equipment for safety, shorts, off-hook phones etc. Channel media test. This tests the path that the path between the line quality and the customer equipment performs to an acceptable quality level. Channel signaling test. This tests that the line unit can apply ring voltage and detect off-hook correctly.

The loop test procedures developed for the existing PSTN may not be directly applicable to a VoIP broadband access network, depending on the nature of the access devices and technologies chosen. Many recent DSL and line driver chipsets include at least a subset of the test capabilities outlined above, thus avoiding the separate test heads that characterized early DSL deployments. However standards work is still required to make the management of this capability easy in operational networks, for example via standardized SNMP MIBs. This work is currently underway in several forums, but is not yet complete.
Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection Page 24

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

In the meantime, a carrier building a VoIP Access network should check what line test capabilities are available via the element management system of the subscriber and access gateways they have chosen. 3.14 LAWFUL INTERCEPTION

Historically, lawful interception (wiretapping) of telephone conversations has been a relatively welldefined and straightforward process. Typically, a law enforcement agency applied to a court for an order to tap a particular phone number. Once the agency had the order, it served that order on the provider of the telephone service for the number to be tapped. The service provider then put a tap on the circuit, extracted all the necessary information and passed it to the law enforcement agency. The introduction of VoIP complicates this process considerably. The law varies according to country. In the United States there has been much recent debate about whether lawful interception applies to VoIP traffic, but recent rulings from the FCC have determined that the Communications Assistance for Law Enforcement Act (CALEA) does apply to VoIP. Other countries such as the UK have also stated that lawful interception regulations apply to VoIP. The following requirements are typical. • • • No wiretap is permitted without a court order (although this is not true in all countries). Wiretaps apply to phone numbers, not particular suspects. Wiretaps fall into two categories. • Call detail – a tap in which the details of the calls made and received by a subscriber are passed to the law enforcement agency. (Referred to as pen register and trap and trace in the U.S.). Call content – a tap in which the actual contents of a call are passed to the law enforcement agency.

• •

The suspect must not detect the tap, so the tap must occur within the network and not at the subscriber gateway. Also, the tap may not be detectable by any change in timing, feature availability or operation. A suspect may be tapped by more than one agency. The taps are separate, and the various agencies are not aware of each other’s taps. The taps do not have to be of the same category. It is the responsibility of the telecommunications carrier to originate or terminate calls to provide lawful interception.

• •

As described in section 1.1, VoIP networks typically contain separate call agents and media gateways. The call agent is responsible for all call control and is the element that collects all the details of the calls required in a call detail tap. However the call agent does not see the call content, so call content must be collected elsewhere in the network.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 25

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

The requirement to be able to tap the content of calls leads to the conclusion that all calls, whether they remain within the carrier’s IP network or access another network (e.g. PSTN) must be routed via a device capable of duplicating the content and passing it to law enforcement. This function is not currently available in access concentrators and edge routers, which are normally unaware that the IP traffic is voice, and is typically done either in a media gateway or session border controller in the carrier’s IP network. 3.15 EMERGENCY SERVICES

The PSTN supports reliable and ubiquitous Emergency Services. Subscribers can dial 911 or the local equivalent and reach Emergency Services under almost any conditions, automatically providing their location. For regulatory reasons, many VoIP networks will have to provide similar support, leading to the following requirements: • • • Support for legacy Emergency and Operator Services interfaces, for example MF and SS7. Lifeline support – this often requires operation in the event of a power loss and can either be provided using battery backup or network power. Provision of location information so that a caller’s physical location can be determined. This is a particular problem for VoIP, as the user can just unplug their IP Phone and plug it in again in a different location. There are no universal solutions to this problem available today, a commonly deployed partial solution is for each user to register their location when they sign up for service and then notify the service provider if they move location. Longer term, more automatic solutions such as integrating GPS or obtaining location information from the local DHCP server are likely to be deployed. Prioritization of emergency calls in the event of a system overload. This requires the Call Agent to provide preferential treatment for emergency calls and drop non emergency calls when overloaded. TRANSMISSION OF DTMF

•

3.16

When using VoIP, there can be an issue with the transmission of DTMF and other tones and telephony events. These can flow transparently using a full rate codec such as G.711 but can’t be transported using lower rate codecs such as G.729. There are several solutions used for transporting these tones and events, but the most widespread are • • use RTP packets as specified by RFC 2833 (the ‘telephone-events’ codec) transport the tones out-of-band using the signaling protocol (SIP, MGCP or H.248).

Of these, RFC 2833 is the most widely deployed solution. The main problem with this approach is that the tones and events do not reach any application servers that are not in the media path. For this type of scenario, it may be necessary to send DTMF tones out-of-band, for example by using SIP INFO messages.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 26

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

4.

APPLICATION EXAMPLES

This section outlines two possible application scenarios for VoIP in the access network. 4.1 EXAMPLE ONE – BROADBAND LOOP CARRIER SERVICE

This example is aimed at replacing an existing PSTN access network. • The services supported are analog POTS phones, ISDN PRI and T1 CAS. All the analog lines and digital access trunks are connected to Broadband Loop Carriers that convert the analog and digital traffic to VoIP flows in the core. The Broadband Loop Carriers (also known as Access Gateways) are connected via a private IP network to the Call Agent and controlled using MGCP or H.248. Authentication is unnecessary as all the VoIP and IP transport elements are owned and controlled by the service provider. Trunk Gateways are deployed to provide access to PSTN trunks at suitable locations.

•

•

This is shown in Figure 4, below.
Application Server SIP SS7 Backhaul Call Agent Pair SIP/SIP-T

Packet Backbone

/H .24 8/S IP

t ke ac ice P o V

H.248

Analog Analog Phone Broadband Loop Carrier (Access Gateway)

MG CP

Pa c V o ke t ice

SS7/MF TDM

PSTN

t ke ac ice P o V

Media (Trunk) Gateways Analog Analog Phone Broadband Loop Carrier (Access Gateway) Signaling Media

Figure 4: POTS Service Delivered via Broadband Loop Carriers

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 27

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

4.2

EXAMPLE TWO – SIP SMART-PHONE SERVICE

This example is aimed at offering a new residential or business service package. • • • Services supported are a blend of SIP smart-phones and PC-based soft-phones. Legacy POTS phones can also be connected via SIP analog telephone adaptors. The SIP endpoints are attached to the customer’s edge router via local Ethernet or wireless (802.11). The last mile can either be a privately managed IP network (for greater security and more consistent QOS) or the public internet (for a VoIP service deployable to homes and small businesses anywhere in the world). A SIP-capable Session Border Controller is deployed at the edge of the carrier network, to provide NAT traversal and to protect the carrier network from denial of service attacks. HTTP digest authentication is used to authenticate each SIP endpoint.

• •

This is shown in Figure 5, below.
Small Business
LAN

PC Web Self-Care

IP Phone

Converged IP Voice & Data Service

VoIP (SIP/MGCP)

SS7/MF TDM

PSTN

Remote Worker

SBC

PC - Web Self-Care

VP3500 Series Class 5 Softswitch

DSL/Cable Modem IP Phone

DSL/ Cable

Public Internet

SmartFigure 5: SIP Smart-Phone Service

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 28

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

5.

ABOUT METASWITCH

As a division of Data Connection, MetaSwitch leverages over 23 years’ experience supplying communications technology and support to the leading service providers including Verizon, SBC and BT, and major equipment vendors. Our VoIP expertise is derived from success developing world-leading products including the core protocols (MGCP, Megaco/H.248, MPLS, IP Routing, SIP, …), applications (unified messaging, conferencing, …) and next generation switching technology (MetaSwitch VP3500 series). The MetaSwitch VP3500 series Class 5 softswitch is easy to deploy and enables carriers to deliver reliable, toll-quality VoIP services in the access and backbone networks, with a full range of Class 5 subscriber services and PSTN interoperability. Data Connection is a relentlessly profitable and stable private company, creating a basis for long-term investment and growth that ensures our ability to fund ongoing product investment and deliver first-class customer support. MetaSwitch has offices in Alameda (California), Dallas (Texas), Tampa (Florida), Reston (Virginia), and Enfield (North London), Chester and Edinburgh in the UK. For further information on how MetaSwitch can help service providers implement a successful VoIP migration strategy, visit www.metaswitch.com www.metaswitch.com.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 29

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

6.

CONCLUSION

IP is ubiquitous and cost-effective. As shown in this paper, it can be successfully utilized in broadband access networks even to offer full PSTN-equivalent services – provided that the network is designed carefully to match the needs of the target service set. By analyzing their needs against the network design choices described above, a carrier can • • • deploy new converged voice and data services remove the need to manage separate voice and data networks utilize cheaper IP-based backbone equipment to carry voice reap the benefits of a standards-based and highly flexible network architecture, giving a competitive market between equipment vendors and a wide range of equipment for different market niches.

•

A carrier wishing to migrate their current PSTN infrastructure away from TDM-based equipment that is rapidly becoming obsolete can choose from a number of different VoIP network designs that are ready to deploy today. We gave just two examples above, but there are many different options available – many of which can be combined. The VoIP standards and implementations are continuing to evolve, but they are rapidly reaching maturity. The industry need is evident, and the equipment to meet that need is ready. VoIP deployments are move from secondary to primary lines, and to carrier scale deployments. VoIP is set to take over the mantle of TDM in the long-term evolution of carrier voice networks.

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 30

VoIP In a Broadband Access Network: A MetaSwitch White Paper

VWP-002-0102

GLOSSARY
ATA BLC BRAS CALEA DLC DMZ DSCP DSL DSP FTP H.248 IAD ICE Megaco MF MGCP MIB MTA NAT NCS NEBS NGN POTS PSTN RTP SIP SS7 STUN TDM TFTP TLS VoB Analog Telephone Adaptor: customer premises equipment for connecting a small number of POTS phones to a VoIP network. Broadband Loop Carrier Broadband Remote Access Server Communications Assistance for Law Enforcement Act Digital Loop Carrier De-Militarized Zone: A firewall protected network zone that is externally addressable. Differential Services Code Points defined by Diffserv and used in QoS Digital Subscriber Line Digital Signal Processor or Processing File Transfer Protocol, an IETF defined IP file transfer protocol An ITU protocol for media gateway control, equivalent to Megaco Integrated Access Device, customer premises equipment providing DSL data and voice connectivity Interactive Connectivity Establishment An IETF protocol for media gateway control, equivalent to H.248 Multi-Frequency signaling Media Gateway Control Protocol SNMP management database, defined by the IETF Multimedia Terminal Adapter: customer premises equipment in a cable network Network Address Translation, an IP address translation technique used in firewalls Network Call Signaling, adopted by CableLabs as the basis of the PacketCable VoIP standard Network Equipment Building Standards Next Generation Network Plain Old Telephone System Public Switched Telephone Network Real Time Protocol, a media-bearing protocol for Voice over IP Session Initiation Protocol Signalling System 7 Simple Traversal of UDP through NAT Time Division Multiplexing Trivial File Transfer Protocol, an IETF defined IP file transfer protocol Transport Layer Security Voice over Broadband

Copyright © 2002 - 2004 MetaSwitch, a division of Data Connection

Page 31


				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:96
posted:8/12/2008
language:English
pages:36