sua - cse at unt | computer science and engineeringrdantu/fall_2005_wireess_networks/sua.pdf · sua...
TRANSCRIPT
ContentsIntroductionFeatures of SUASUA ArchitectureApplications Signalling Transport ArchitectureMessage Format in SUAServices provided by SUAInternal FunctionsProceduresPerformance IssuesSecurity issuesConclusionsReferences
IntroductionSUA is SCCP User Adaptation LayerProvides the services of SCCP in a peer-to-peer architectureReplaces the functionality of SCCP and M3UA over SCTP in IP n/w’sSUA is b/w SCTP and TCAP layers
N/w elements:MGC (Media Gateway Controller):
Responsible for mediating call controlControls access from IP world to/from PSTN
SG (Signaling Gateway):Responsible for interfacing to SS7 n/w Passes signaling msgs to IP nodes
MG (Media Gateway):Responsible for packetisation of voice trafficTransmitting traffic towards destination
N/w elements cont..IP SCP(IP enabled Service Control Protocol):Exists wholly within IP n/waddressable from SS7 n/wIP phone:IP phone is a terminal
Protocols b/w IP nodes
SIGTRAN (Signaling Transport):A working Group within IETF standardPurpose:To address the transport of PSTNsignaling over IP n/w’sTo interconnect with PSTN:IP n/ws need to transport signaling (SS7)messages b/w IP nodes.
SIGTRAN Protocol Architecture
Consists of 3 Components:
A Standard IPSCTPAdaptation protocol(M2PA,M2UA,M3UA,SUA& IUA)
SUAProvides means by which an application part (TCAP) may be reached via SG.Allows multiple IP SCPs to be reached via a single SGIP SCP(s) don't require their own S7 point codes
What is SCTP? Why SCTP?
SCTP is a new IETF standard transport protocol (RFC2960) Stream Control Transmission Protocol
An alternative to TCP and UDP
It came out of the "signaling transport" community...doing telephone switching over IP networks
.. but it emerged as a general-purpose transport protocol
SCTPWhy?
because TCP and UDP lacked some features that were needed
What was so special about sigtran?small message sizesneed for high availability, absolute minimum delay
Why talk about SCTP in this form? Because SCTP is coming soon to a Linux kernel near you (LK-SCTP)
SCTPAspects of signaling transport driving SCTP design
need for high availability failover between multiple redundant network interfacesmessage orientedsmall message sizesreal-time (need absolute minimum delay)upper layer timersneed for tunability (Big-I internet vs. engineered networks)
What SCTP can do?
Almost everything you can do with TCP and UDP(a very few minor exceptions we will note later but for instance:
Can do reliable, flow controlled, congestion controlled data exchange, like TCPCan also do unordered, unreliable data exchange, like UDP)
Plus the following features NOT available in UDP or TCP. (A quick list only; details follow!)
Multi-homingMulti-streamingMessage boundaries (with reliability*)
*UDP: msg boundaries, not reliableTCP reliable, no msg boundaries
SCTP Cont..Improved SYN-flood protection
Tunable parameters (Timeout, Retrans, etc.)
A range of reliability and order (full to partial to none) along with congestion control
TCAP OverviewTransaction Capabilities Application PartUses services of SCCPInvokes remote procedures of Intelligent Network for support of services such as freephone (800 numbers)Transaction basedTCAP has two sub-layers
- Transaction Sublayer (TSL)- Component Sublayer (CSL)
TCAPThe transaction portion contains:
The message type: begin, continue, end, ...a pair of network addresses: originating end-point and destination end-pointa pair of transaction id identifying the dialogue at each end-point
The dialogue portion contains:The application name
The component portion contains:operations to execute remotelyassociated parametersresults of previous operations execution
SUA cont..Provides mapping b/w SCCP addresses and IP addresses (at SG)Services of the individual databases are addressed via SSN (Sub System Number)Flexible to support Application parts b/w 2 n/w nodes within IP n/wAllows Service Databases in SS7 n/w to be accesses from the IP n/w
SUA supports:Transfer of SCCP user part messages (TCAP, RANAP, etc.) SCCP connectionless service SCCP connection oriented service. Management of SCTP transports associations between a SG and one or more IP–based signaling nodes Distributed IP–based signaling nodes Asynchronous reporting of status changes to management
PSTN-IP Protocol Internetworking:
SUA:
Used between signaling gateway and IP signaling end point and between IP signaling end points
Transports SS7 SCCP User Part Signaling Message over IP using SCTP
.
SUA Applicability:SUA can transport bigger SMS messages (characters>>160):This can be done with traditional SCCP but it requires adaptations to MAP protocol and raises internetworking issues
SUA can transport bigger messages for all its applications:particularly useful in all-IP, where segmenting/reassembly can be left to SCTP
Applicability cont..SUA is less complex than M3UA +SCCP,but has extended features SUA supports the basic IP addressing architecture and DNS naming:This advantage depends on applications using the extended addressing capabilities
Signaling TransportArchitecture
The framework architecture for switched circuit networks signaling transport over IP uses multiple components
IP transport protocolSignaling common transport protocol (SCTP)Adaptation module
SUA architecture can be modeled as peer-to peer architecture
Application Server (AS) - A logical entity serving a specific Routing Key. An example of an Application Server is a virtual IPdatabase element handling all requests for an SCCP-user.
Routing Key - The Routing Key describes a set of SS7 parameters and/or parameter ranges that uniquely defines the range of signalling traffic configured to be handled by a particular Application Server. These are mutually exclusive
Application Server Process (ASP) - An Application Server Process serves as an active or backup process of an Application Server
Signalling Gateway Process (SGP) - A process instance of a Signalling Gateway. It serves as an active, load-sharing or broadcast process of a Signalling Gateway.
Signalling Process - A process instance that uses SUA to communicate with other signalling process. An ASP, a SGP and an IPSP are all signalling processes.
Routing Context - An Application Server Process may be configured to process traffic within more than one Application server
SS7 to IP interworking architecture for connectionless transportconnection oriented transport
connectionless transportSCCP and SUA layers interface in SG Internetworking between SCCP and SUA layers is needed
Contd…..SG as end point
Connectionless SCCP messages are routed on point code (PC) and subsystem number (SSN)SCCP user is located at SG
SG as relay pointA Global Title translation is executed at the signalling gateway, before the destination of the message can be determined.
Contd……GT Translation yields an “SCCP entity set” for which an AS is derived
Selection is based on SCCP called party address (and possibly other SS7 parameters depending on implementation)
ASP is selected and CLDT (connectionless data transfer) is sent on appropriate SCTP association/stream
Routing contextRouting context parameter is exchanged betweenthe SGP and ASP (or between two ASP’s) identifying relevant application server
Protocol classDepending upon SCCP users supported , SUA supports the SCCP protocol classes transparently
ASP selection criterion
For TCAP messages load sharing is only possible for first message in a TCAP
SGP needs to know the TID allocation policy of the ASP’s in a single AS
state sharing fixed range of TID’s per ASP in the AS
Connection Oriented TransportFor connection-oriented transport, SCCP and SUA interface at the signaling gateway to associate the two connection sections needed for connection-oriented data transfer between an SS7 signaling end point and an IP endpoint
Routed on DPC in SS7 connection section
IP address in IP section
Resources are kept within SG to forward message from ine section to another
All IP ArchitectureTo carry a protocol that uses the transport services of SCCP within an IP networkThis architecture removes need for signalling gateway functionality
Services provided by SUA Support for transport of SCCP user messages
SCCP protocol supportProtocol class 0 provides unordered transfer of SCCP- user messages in a connectionless manner.
Protocol class 1 allows the SCCP-user to select the sequenced delivery of SCCP-user messages in a connectionless manner.
Protocol class 2 allows the bidirectional transfer of SCCP-user messages by setting up a temporary or permanent signalling connection.
Protocol class 3 allows the features of protocol class 2 with the inclusion of flow control. Detection of message loss or mis-sequencing is included.
Contd…..Network management functionsInterworking with SCCP network management functions
ASP management messages for ASP statusInterworking with SCCP management messages consists of
Destination Unavailable (DUNA) Destination Available (DAVA) Destination State Audit (DAUD) Signalling Congestion (SCON)Destination User Part Unavailable (DUPU)Destination restricted (DRST)
Contd…….Support for the management between SGP and ASP
Provide an indication to the SCCP-user at an ASP that a SS7 endpoint/peer is unreachable.
Provide an indication to the SCCP-user at an ASP that a SS7 endpoint/peer is reachable.
Provide congestion indication to SCCP-user at an ASP.
Provide the initiation of an audit of SS7 endpoints at the SG.
Relay FunctionSUA may be enhanced with relay functionality to determine next hop SCTP assosciation toward the destination SUA end point
Based on Global title information
Also based on Hostname information, IP address or pointcode contained in the called party address
Allows for greater scalability, reliability and flexibility in wide scale development of SUA
Internal functions provided by SUA layer
Address mapping function (AMF)
AMF is responsible for resolving the address presented in the incoming SCCP/SUA message to SCTP association to destinations within the IP network
AMF will select the appropriate SCTP association based upon routing context/routing key avialable
contd…..Address Mapping at the SG
Address Mapping at the ASP
Address Mapping function at a Relay node
SCTP stream mapping
Flow control
Congestion managemnet
Address mapping at SGThe SGP will buffer the message destined for this AS for a time T(r) or until an ASP becomes available.
If there is no address mapping match for an incoming message, a default treatment MAY be specified
Possible solutions are to provide a default Application Server to direct all unallocated traffic to a (set of) default ASP(s), or to drop the messages and provide a notification to management
Address mapping at ASPTo direct messages to the SS7 network, the ASP MAY perform an address mapping which is accomplished by observing the Destination Point Code and other elements of the outgoing message, SS7 network status, SGP availability, and Routing Context configuration tables.
No SUA messaging is available to manage the status of an SGP
An ASP routes responses to the SGP that it received messages from; within the routing context which it is currently active and receiving traffic.
Address Mapping function at Relay Node
The relay function is invoked when:Routing is on Global Title Routing is on Hostname Routing is on SSN and PC or SSN and IP Address and the address presented is not the one of the relay node
To prevent looping SS7 hop counter is used
Each time the relay function is invoked within an intermediate (relay) node, the SS7 hop counter is decremented. When the value reaches zero, the return or refusal procedures are invoked with reason "Hop counter violation".
SCTP Stream MappingStream selection based on protocol class:
Protocol class 0: SUA MAY select unordered delivery. The stream selected is based on traffic information available to the SGP or ASP.
Protocol class 1: SUA MUST select ordered delivery. The stream selected is based upon the sequence parameter given by the upper layer over the primitive interface and other traffic information available to the SGP or ASP
Protocol classes 2 and 3: SUA MUST select ordered delivery. The stream selected is based upon the source local reference of the connection and other traffic information available to the SGP or ASP.
SUA ProceduresASP : application server processAS : application server: An Application Server contain at least one ASP. The ASP within the Application server can be processing traffic or can be in standby. The way in which traffic is shared over the ASP of a AS is implementation dependent. However traffic that needs the same server (such as TCAP msgsbelonging to the same transaction) must be sent to the same ASP, if possible.An ASP can belong to different Application ServersIf a ASP would fail then internal mechanisms have to provide for the transfer of state (example state of TCAP/application transaction.) within the AS.
ASP state TransitionsASP-DOWN
Initial state when SUA peer communication is not available
ASP-INACTIVEThe SUA peer at ASP is available but application traffic is stopped
ASP- ACTIVEThe remote SUA peer
and traffic is also active
ASP EventsReception of messages from the peer SUA layer at the ASP/IPSP
Reception of some messages from the SUA layer at other ASP/IPSP`s in AS
Reception of indications from SCTP layer
Local Management intervention
SUA ProceduresSUA layer has respond to various local primitives
Receiving from other layersAnd messages that is received from SUA Layer
Receipt of primitives from : SCCPLayer management SUA Peer Management Messages
SUA ProceduresReceipt of primitives from SCCP
Verifies whether concerned Application sever interested status changeAnd then transforms to the applicable messages to the list of concerned ASPs using stream ID “0”Management indications are determined by SCCPSUA message determines the application based server requests from Routing key From the list of ASP's the active state is selected and a DATA message is sent
SUA ProceduresReceipt of primitives from Layer management
Gets the appropriate action by the local layer managementIt will establish SCTP associates with remote peer by sending an SCTP-ASSOCIATE primitive to the local SCTP layer The SCTP sends an SCTP-Communication UP primitive to SUA layerIt will also sends the M-SCTP_RELEASE request primitive for layer management
SUA ProceduresReceipt of SUA Peer Management Messages
Selection of the layer management is done upon the ASP Active and ASP IN ACTIVEInvokes the corresponding ASP this are also generated at SUA eventsThen message transfer is done accordingly
Issues with the existing network
Limited performance and capacity
Network overloaded with non signaling traffic
Network elements do not scale well
Network elements are too expensive
Applications may need to be shut down during upgrades
Performance IssuesThe SUA protocol should be flexible enough to allow different configurations and transport technology
Signaling messages (especially SS7) have a very stringent loss and delay requirements in the existing telephone networks that must to be adhered to one protocol layer less.
The elimination of SCCP reduces the complexity of the network node (implementation as well as management), therefore reducing costs.
Performance IssuesSignaling messages have very stringent loss and delay requirements in the existing telephone networks that need to be supported by SUAFor transmission of signaling information over internet, SIGTRAN recommends use of IPSEC, which provides following security services
AuthenticationIntegrityConfidentialityAvailability
PSTN – IP Protocol Interworking
IP-based NetworkPSTN
MSC (or SSP)
SignallingGateway
SUASCCP Interw.
SCTPIP
MTP1-3
HLR(or SCP)
MTP1-3
MAP/INAP
SCCPTCAP
SUASCTP
IP
MAP/INAP
TCAP
Services of TCAPTCAP (Transaction Capabilities Applications Part)
Capable of running with SCCP and SUA(SIGTRAN-IP) Supporting the exchange of non-circuit related information between signaling pointsQueries and responses sent between SSPs and SCPs are carried in TCAP messagesProvides services to
INAP (IN Application Part)MAP (Mobile Application Part)
MAPMAP (Mobile Application Protocol) is a family of standard protocols that is used on the various interfaces of the Reference ModelIncludes SS7-TCAP to perform Request-Response operations
error is returned when request cannot be grantedreject is returned if request cannot be understood
As for IN, this mechanism can be adapted to different functionalities by using different options and parameters for requests and responses.
ANSI-41 MAP
SS7 X.25MTP
TCP/IP
TCAP
level 3
level 1
Layer 7
ANSI-41 MAP protocol architecture
can support several underlying protocols.
Security IssuesSUA is designed to carry signaling messages for telephony services
So SUA involves the security needs of several parties of:
The end users of the services The network providers and the applications involved.
Additional security requirements may come from local regulation. While having some overlapping security needs, any security solution should fulfill all of the different parties needs.
ThreatsThere is no quick fix, one-size-fits-all solution for security
As a transport protocol, SUA has the following security objectives:
• Availability of reliable and timely user data transport.
• Integrity of user data transport. • Confidentiality of user data.
Security ContinuedSUA runs on top of SCTP. SCTP provides certain transport related security features, such as:
* Blind Denial of Service Attacks * Flooding * Masquerade
* Improper Monopolization of Services
Security ContinuedBut when network in which SUA runs in involves more than one party, so it is not reasonable to expect that all parties have implemented a security in a sufficient way. End-to-end security should be the goal(so as to achieve it IPSEC is used to ensure confidentiality of user pay load)(IP SECurity) A security protocol from the IETF that provides authentication and encryption over the Internet
Security ContinuedIANA (Internet Assigned Numbers Authority) has registered SCTP Port Number 14001 for SUA. This port number is the port that the SGPs listen to when receiving SCTP datagram's.
ConfidentialityParticularly for mobile users,
• Security includes the masking of IP addresses and ports
• As application level encryption is not sufficient, It is supported IPSEC ISAKMP service.
IPSEC ISAKMP is IPSEC internet security Association key management protocol :
Data integrity Data origin authentication Anti reply protection Confidentiality
Protocol ExtensionsIANA (Internet Assigned Numbers Authority) has proposed following extensions:
Through definition of additional message classes.Through definition of additional message types. Through definition of additional message parameters.
The above are the integral parts of SIGTRAN adaptation layersThe extensions don't disturb the present working protocol
Protocol ExtensionsDefinition of additional message classes
A long and short name for the message class A detailed description of the purpose of the message class
Definition of additional message typesA long and short name for the new message typeA detailed description of the structure of the message
Protocol ExtensionsA detailed definition and description of intended use of each field within the message.A detailed procedural description of the use of the new message type within the operation of the protocolA detailed description of error conditions when receiving this message type
Definition of additional message parametersName of the parameter type. Detailed description of the structure of the parameter field. This structure MUST conform to the general type-length-value format described earlier in the document.Detailed definition of each component of the parameter value.
ConclusionsNetwork Evolution to an All-IP NetworkBoth traditional Circuit switch and IP based services need to besupported by single network infrastructure simultaneously.Hybrid architecture may be the best solution.
ReferencesSUA Home Page: http://www.sctp.be/sua/index.html
SUA Material: http://www.ietf.org/html.charters/sigtran-charter.html
Web ProForum Tutorials : http:www.iec.org
Airslide Systems: http:www.iec.org
Artesyn Technologies: www.artesyncp.com
Questions:
What layers does SUA replace in IP networks?
Give any two differences between the M3UA/SCCP and SUA?
What are the performances provided by the SUA?
Answers:SUA replaces the functionality of SCCP and M3UA over SCTP in IP n/w’s.
SUA doesn’t require SCCP services as M3UA.SUA allows the IP network to route the messages using Global Title Information where as in M3UA messages are handled from point-code to point code.
Authentication,Integrity,Confidentiality,Availability