1 DOSA: An Architecture for IP Telephony Services Chuck Kalmanek AT&T Labs - Research Presentation at Opensig’99 Pittsburgh October 15, 1999 With grateful.

Slides:



Advertisements
Similar presentations
SIP and Instant Messaging. SIP Summit SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.
Advertisements

Early Media Authorization Under what conditions should negotiated media flow prior to 200 OK (INVITE)? Richard Ejzak.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
CCNA – Network Fundamentals
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Session Initiation Protocol (SIP) By: Zhixin Chen.
12/05/2000CS590F, Purdue University1 Sip Implementation Protocol Presented By: Sanjay Agrawal Sambhrama Mundkur.
Internet Telephony Helen J. Wang Network Reading Group, Jan 27, 99 Acknowledgement: Jimmy, Bhaskar.
1 Extending SIP Speaker: Hsuan-Ming Chen Adviser: Ho-Ting Wu Date: 2005/04/26.
Scott Hoffpauir BroadSoft, Inc. Vice President, Engineering OPENSIG October 15, 1999 The Enhanced Services Layer in a Distributed Packet Network.
1 SIP Extensions QoS, Authentication, Privacy, Billing,... Project Packetcable John R. Pickens, PhD VP Technology and CTO
Chapter 8 Web Security.
1 Relates to Lab 4. This module covers link state routing and the Open Shortest Path First (OSPF) routing protocol. Dynamic Routing Protocols II OSPF.
IT Expo SECURITY Scott Beer Director, Product Support Ingate
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Comparing modem and other technologies
IP Ports and Protocols used by H.323 Devices Liane Tarouco.
1 NGN Issues - Numbering and Addressing Peter Darling ACIF NGN FOG No. 3.
1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 8 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.
© 2006 Cisco Systems, Inc. All rights reserved. 3.3: Selecting an Appropriate QoS Policy Model.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 3: Introduction to IP QoS.
Chapter 13 – Network Security
National Institute of Science & Technology Voice Over Digital Subscriber Line (VoDSL) Vinay TibrewalEE [1] VoDSL: Next Generation Voice Solution.
Should SIP be modified to enforce per call billing? Christian Huitema Architect, Windows Networking Microsoft Corporation.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
TeraPaths TeraPaths: establishing end-to-end QoS paths - the user perspective Presented by Presented by Dimitrios Katramatos, BNL Dimitrios Katramatos,
B2BUA – A New Type of SIP Server Name: Stephen Cipolli Title: System Architect Date: Feb. 12, 2004.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.
Introduction to SIP Based ENUM IP Telephony Infrastructure 資策會 網路及通訊實驗室 Conference over IP Team 楊政遠 博士
IPCablecom - Network and Service Architecture Dipl.-Ing. Volker Leisse Institute for Communications Technology Braunschweig Technical University
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP.
Presented By Team Netgeeks SIP Session Initiation Protocol.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Voice over IP by Rahul varikuti course instructor: Vicky Hsu.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
7/6/20061 Speermint Use Case for Cable IETF 66 Yiu L. Lee JULY 2006.
1 SPEERMINT Use Cases for Cable IETF 66 Montreal 11 JULY 2006 Presented by Yiu L. Lee.
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
IMS 架構與話務分析 網路管理維運資源中心 日期 : 2013/07/25 網路管理維運資源中心 日期 : 2013/07/25 限閱.
ACHIEVING MULTIMEDIA QOS OVER HYBRID IP/PSTN INFRASTRUCTURES QOS Signalling and Media Gateway Control ITU-T SG13/SG16 Workshop on IP Networking and Mediacom.
RSVP Myungchul Kim From Ch 12 of book “ IPng and the TCP/IP protocols ” by Stephen A. Thomas, 1996, John Wiley & Sons. Resource Reservation.
IETF67 DIME WG Towards the specification of a Diameter Resource Control Application Dong Sun IETF 67, San Diego, Nov 2006 draft-sun-dime-diameter-resource-control-requirements-00.txt.
NETWORKING FUNDAMENTALS. Network+ Guide to Networks, 4e2.
SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.
17 February 2016 SIPPING - IEPREP Joint Meeting Fred Baker - IEPREP co-chair Rohan Mahy - SIPPING co-chair.
Voice Over IP in Cable Broadband Venture Seminar Doug Jones Chief Architect YAS Broadband Ventures, LLC September 7, 2001 Presented for.
1 Internet Telephony: Architecture and Protocols an IETF Perspective Authors:Henning Schulzrinne, Jonathan Rosenberg. Presenter: Sambhrama Mundkur.
Data Communication Networks Lec 13 and 14. Network Core- Packet Switching.
Bearer Control for VoIP and VoMPLS Control Plane Francois Le Faucheur Bruce Thompson Cisco Systems, Inc. Angela Chiu AT&T March 30, 2000.
1 Agenda for Meeting  Purpose of Meeting –Motivation is to minimize (hope for 0) the SIP extensions in DCS spec –Discussion of 2-stage Invite and alternatives.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Peer-to-Peer Solutions Between Service Providers David A. Bryan CTO, Jasomi Networks October 10, 2002 – Fall VON, Atlanta, GA.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Muhammad Waseem Iqbal Lecture # 20 Data Communication.
1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.
Chapter 9: Transport Layer
Instructor Materials Chapter 9: Transport Layer
CONNECTING TO THE INTERNET
Session Initiation Protocol (SIP)
Jean-François Mulé CableLabs
Overview of ETS in IPCablecom Networks
Transmission Quality of Service (QoS) in IPCablecom
Data collection methodology and NM paradigms
Data Communication Networks
Presentation transcript:

1 DOSA: An Architecture for IP Telephony Services Chuck Kalmanek AT&T Labs - Research Presentation at Opensig’99 Pittsburgh October 15, 1999 With grateful acknowledgement of the contributions of the PacketCable DQoS and DCS focus teams, Bill Marshall, Partho Mishra, Doug Nortz, and K.K. Ramakrishnan

2 DOSA Framework  Designed as an end-to-end signaling architecture for PacketCable –Philosophy: encourage features and services in intelligent end-points –DCS “proxy” designed to be scalable transaction server –Resource management protocol provides necessary semantics for telephony –“Gates” (packet classifiers) at network edge allow us to avoid theft of service PSTN MTACM PSTN G/W DCS- Proxy+GC DCS- Proxy+GC Managed IP Backbone Cable MTA = Media Terminal Adapter CM = Cable Modem ER = Edge Router CM TS ER CMMTA CM TS ER Announcement Server

3 Distributed Call Signaling  Distributed Call Signaling (DCS): SIP w/ carrier class features –takes advantage of SIP feature support in endpoints and proxies –adds resource management, privacy, authorization & billing, LNP  Motivation: service provider must meet user expectations –quality, privacy, existing services are critical needs  Coordination between call signaling and QoS control –authorize a call and allocate resources precisely when needed »prevent Call Defects: don’t ring the phone if resources are unavailable »ensure service quality requirements are met (e.g., don’t clip “Hello”) –provide the ability to bill for usage, without trusting end- points »prevent Theft Of Service: associate usage recording and resource allocation  Care taken to ensure untrusted end-points behave as desired –privacy mechanisms built into architecture

4 Perspective on Service Provider’s Needs  Need for differentiated quality-of-service is fundamental –must support resource reservation and admission control, where needed  Allow for authentication and authorization on a call-by-call basis  Can’t trust CPE to transmit accurate information or keep it private  Need to guarantee privacy and accuracy of feature information –e.g., Caller ID, Caller ID-block, Calling Name, Forwarding Number »privacy may also imply keeping IP addresses private  Protect the network from fraud and theft of service –critical, given the incentive to bypass network controls  Must operate in large scale, cost-effectively –SIP philosophy: don’t keep state for stable calls in proxies; end-points keep state associated with their calls

5 Transaction State Connection State Call State DCS Architecture PSTN MTACM PSTN G/W Local LD DCS- Proxy+GC DCS- Proxy+GC Managed IP Network Access MTA = Media Terminal Adapter CM = Cable Modem ER = Edge Router CM TS ER CMMTA CM TS ER Announcement Server

6 “Gates” and Edge Routers  “Gates” in edge routers opened for individual calls –call admission control and policing implemented in edge routers »gate is a packet filter in edge router: “allow flow from this source to this destination” ê for a particular range of traffic parameters, and a particular duration, etc. –however, policy is controlled by the gate controller  Gate controller manipulates a gate after call setup is authorized –setting up gate in advance of reservation request allows a proxy to be stateless  MTA makes a resource reservation request by signaling to edge router –edge router admits the reservation if consistent with gate parameters –edge router generates usage recording events based on reservation state  Accounting info stored at the edge router to generate usage events »opaque info sent to record keeping servers for tracking usage and billing

7 Example Call Flow  MTA issues an INVITE to destination E.164 (or other) address  Originating DCS-proxy performs authentication and authorization  Terminating DCS-proxy translates dest number to local IP address –no resources allocated yet; provider may choose to block a call if resources are unavailable »P(blocking)  P(call defect)  Initial INVITE starts call state machine at terminating MTA »but, does not alert the user Authentication, Authorization, Admission control Number -to- Addres s Translat ion INVITE (Stage1) MTACM DCS- Proxy+GC DCS- Proxy+GC Access CMMTA CMT S ER CMT S ER Announcement Server INVITE (no ring) INVITE (Stage1)

8 Example Call Flow (continued…)  200 OK conveys call parameters and “gate id” to originating MTA  Gate controllers setup “gates” at edge routers as part of call setup –gate is described as an “envelope” of possible reservations issued by MTA –gate permits reservation for this call to be admitted  Gate Controller acts as policy server in COPS framework –policy decisions provided to CMTS based on call signaling –CMTS acts as policy enforcement point 200 OK Setup Gate Setup Gate 200 OK MTA CM DCS- Proxy +GC DCS- Proxy +GC Access CM Announcement Server CM TSE R

9 Resource Management: 1 st Phase  MTA initiates resource reservation –access resources are “reserved” after an admission control check –backbone resources are “reserved” (e.g., explicit reservation or “packet marking”)  Originating MTA starts end-to-end handshake with terminating MTA –originating MTA sends 2nd INVITE, terminating MTA sends 180 RINGING, 200 OK »this ensures that resources are available when terminating MTA rings the phone MTACM DCS-proxy + GC DCS-proxy + GC Access Backbone Resource Management CM TSE R CMMTA PATH / Reserve Announcement Server

1010 Resource Management: 2 nd Phase  MTA knows voice path is established when it receives a 200 OK  MTAs initiate resource “commitment” –resources “committed” over access channel »CMTS starts sending unsolicited grants; usage recording is started –commitment deferred until far end pick up, to prevent theft of service; allow efficient use of constrained resources in access network  Commit opens the “gate” for this flow Commit/Commit Ack MTACM Gate- controller Gate- controller Access CM TS ER CMMTA INVITE Commit/Commit Ack Announcement Server 180 Ringing 200 OK CM TS ER

1 Privacy  Want to meet user expectations r.e. accuracy and privacy of info –Calling Identity Delivery allows called party to get info about caller –Calling Identity Delivery Blocking allows calling party to restrict presentation of info (e.g., calling number, calling name)  SIP supports some privacy mechanisms : From header can be anything chosen by MTA, e.g., “ anonymous ” –but, can’t be modified by proxies  DCS-Proxy acts a trusted intermediary –ensures calling identity provided by user agent is valid »user agents are CPE and can’t be trusted –proxy adds calling identity info when not provided by user agent to enable call trace  New header conveys caller identity Dcs-Caller: John Smith;

1212 Proxy to Proxy SIP extensions: Billing  Motivation: need to monitor and derive revenue from resource usage –proxies have access to customer info (user identity, services subscribed, payment method) –billing models can be complex, requiring billing info from multiple parties (split charging for call forwarding, etc.)  Header requirements –need a unique id to associate event records from multiple sources with the call –need a header to carry information about the billable account, record keeping system, etc. –need a header identifying the location where resource usage info is captured

1313 State Header  Motivation –proxies sometimes need state information about an active call »“return call” for a call where the caller wanted privacy »ability to bill correctly for call forwarding (e.g., international call) »“call trace” where the user wishes to have law enforcement trace a call –but, we want proxies to remain stateless  State Header –proxies stores call state at the endpoints during the initial INVITE exchange »state object is signed and encrypted by proxy; cannot be altered by endpoints –endpoint passes state information to proxies when needed

1414 OSPS Header (Operator Services Positioning System)  Motivation –PSTN based services like Busy Line Verify and Emergency Interrupt require special treatment –PSTN operator is unaware that the call is to a destination on the IP network –PSTN gateway initiates SIP INVITE to endpoint »this includes the OSPS header – an active endpoint receiving an INVITE containing OSPS : EI header does not return “Busy”  Header Format OSPS = “OSPS” “:” OSPS-Tag OSPS-Tag = “BLV” | “EI”

1515 Unique Contributions and Status  DOSA introduced the concept of integrating QoS with call signaling protocol  DCS call signaling allows use of end-point intelligence to support new services and integration with other applications  Dynamic QoS provides common underlying framework of QoS for call signaling protocols  Two phase Reserve/Commit for managing resources –provides semantics that resources are available when phone rings, without billing for ringing  Gates for each call: allows provider to manage access to resources –ensures that users who want toll quality go through network proxies –avoid theft of service with careful coordination between signaling and QoS  DCS proxies not required to be involved throughout call –simple transaction processor; less stringent reliability requirements;scalable