SUA

Kalpana Uppalapati Swathi Paladugu Atmaram Palakodety

ContentsIntroductionFeatures of SUASUA ArchitectureApplications Signalling Transport ArchitectureMessage Format in SUAServices provided by SUAInternal FunctionsProceduresPerformance IssuesSecurity issuesConclusionsReferences

IntroductionSUA is SCCP User Adaptation LayerProvides the services of SCCP in a peer-to-peer architectureReplaces the functionality of SCCP and M3UA over SCTP in IP n/w’sSUA is b/w SCTP and TCAP layers

Integrated N/w Architecture

N/w elements:MGC (Media Gateway Controller):

Responsible for mediating call controlControls access from IP world to/from PSTN

SG (Signaling Gateway):Responsible for interfacing to SS7 n/w Passes signaling msgs to IP nodes

MG (Media Gateway):Responsible for packetisation of voice trafficTransmitting traffic towards destination

N/w elements cont..IP SCP(IP enabled Service Control Protocol):Exists wholly within IP n/waddressable from SS7 n/wIP phone:IP phone is a terminal

Protocols b/w IP nodes

SIGTRAN (Signaling Transport):A working Group within IETF standardPurpose:To address the transport of PSTNsignaling over IP n/w’sTo interconnect with PSTN:IP n/ws need to transport signaling (SS7)messages b/w IP nodes.

SIGTRAN Protocol Architecture

Consists of 3 Components:

A Standard IPSCTPAdaptation protocol(M2PA,M2UA,M3UA,SUA& IUA)

Architecture Cont..

Comparison of M3UA and SUA

SUAProvides means by which an application part (TCAP) may be reached via SG.Allows multiple IP SCPs to be reached via a single SGIP SCP(s) don't require their own S7 point codes

What is SCTP? Why SCTP?

SCTP is a new IETF standard transport protocol (RFC2960) Stream Control Transmission Protocol

An alternative to TCP and UDP

It came out of the "signaling transport" community...doing telephone switching over IP networks

.. but it emerged as a general-purpose transport protocol

SCTPWhy?

because TCP and UDP lacked some features that were needed

What was so special about sigtran?small message sizesneed for high availability, absolute minimum delay

Why talk about SCTP in this form? Because SCTP is coming soon to a Linux kernel near you (LK-SCTP)

SCTPAspects of signaling transport driving SCTP design

need for high availability failover between multiple redundant network interfacesmessage orientedsmall message sizesreal-time (need absolute minimum delay)upper layer timersneed for tunability (Big-I internet vs. engineered networks)

What SCTP can do?

Almost everything you can do with TCP and UDP(a very few minor exceptions we will note later but for instance:

Can do reliable, flow controlled, congestion controlled data exchange, like TCPCan also do unordered, unreliable data exchange, like UDP)

Plus the following features NOT available in UDP or TCP. (A quick list only; details follow!)

Multi-homingMulti-streamingMessage boundaries (with reliability*)

*UDP: msg boundaries, not reliableTCP reliable, no msg boundaries

SCTP Cont..Improved SYN-flood protection

Tunable parameters (Timeout, Retrans, etc.)

A range of reliability and order (full to partial to none) along with congestion control

TCAP OverviewTransaction Capabilities Application PartUses services of SCCPInvokes remote procedures of Intelligent Network for support of services such as freephone (800 numbers)Transaction basedTCAP has two sub-layers

- Transaction Sublayer (TSL)- Component Sublayer (CSL)

TCAPThe transaction portion contains:

The message type: begin, continue, end, ...a pair of network addresses: originating end-point and destination end-pointa pair of transaction id identifying the dialogue at each end-point

The dialogue portion contains:The application name

The component portion contains:operations to execute remotelyassociated parametersresults of previous operations execution

SUA cont..Provides mapping b/w SCCP addresses and IP addresses (at SG)Services of the individual databases are addressed via SSN (Sub System Number)Flexible to support Application parts b/w 2 n/w nodes within IP n/wAllows Service Databases in SS7 n/w to be accesses from the IP n/w

SUA cont..Allows multiple IP SCPs to be reached via a single SG

SUA supports:Transfer of SCCP user part messages (TCAP, RANAP, etc.) SCCP connectionless service SCCP connection oriented service. Management of SCTP transports associations between a SG and one or more IP–based signaling nodes Distributed IP–based signaling nodes Asynchronous reporting of status changes to management

SUA ArchitecturePSTN-IP internetworkingAll IP network

PSTN-IP Protocol Internetworking:

SUA:

Used between signaling gateway and IP signaling end point and between IP signaling end points

Transports SS7 SCCP User Part Signaling Message over IP using SCTP

.

All IP network:

All IP Architecture Example

SUA Applicability:SUA can transport bigger SMS messages (characters>>160):This can be done with traditional SCCP but it requires adaptations to MAP protocol and raises internetworking issues

SUA can transport bigger messages for all its applications:particularly useful in all-IP, where segmenting/reassembly can be left to SCTP

Applicability cont..SUA is less complex than M3UA +SCCP,but has extended features SUA supports the basic IP addressing architecture and DNS naming:This advantage depends on applications using the extended addressing capabilities

Signaling TransportArchitecture

The framework architecture for switched circuit networks signaling transport over IP uses multiple components

IP transport protocolSignaling common transport protocol (SCTP)Adaptation module

SUA architecture can be modeled as peer-to peer architecture

Application Server (AS) - A logical entity serving a specific Routing Key. An example of an Application Server is a virtual IPdatabase element handling all requests for an SCCP-user.

Routing Key - The Routing Key describes a set of SS7 parameters and/or parameter ranges that uniquely defines the range of signalling traffic configured to be handled by a particular Application Server. These are mutually exclusive

Application Server Process (ASP) - An Application Server Process serves as an active or backup process of an Application Server

Signalling Gateway Process (SGP) - A process instance of a Signalling Gateway. It serves as an active, load-sharing or broadcast process of a Signalling Gateway.

Signalling Process - A process instance that uses SUA to communicate with other signalling process. An ASP, a SGP and an IPSP are all signalling processes.

Routing Context - An Application Server Process may be configured to process traffic within more than one Application server

SS7 to IP interworking architecture for connectionless transportconnection oriented transport

connectionless transportSCCP and SUA layers interface in SG Internetworking between SCCP and SUA layers is needed

protocol architecture for connectionless transport

Contd…..SG as end point

Connectionless SCCP messages are routed on point code (PC) and subsystem number (SSN)SCCP user is located at SG

SG as relay pointA Global Title translation is executed at the signalling gateway, before the destination of the message can be determined.

Contd……GT Translation yields an “SCCP entity set” for which an AS is derived

Selection is based on SCCP called party address (and possibly other SS7 parameters depending on implementation)

ASP is selected and CLDT (connectionless data transfer) is sent on appropriate SCTP association/stream

Routing contextRouting context parameter is exchanged betweenthe SGP and ASP (or between two ASP’s) identifying relevant application server

Protocol classDepending upon SCCP users supported , SUA supports the SCCP protocol classes transparently

ASP selection criterion

For TCAP messages load sharing is only possible for first message in a TCAP

SGP needs to know the TID allocation policy of the ASP’s in a single AS

state sharing fixed range of TID’s per ASP in the AS

Connection Oriented TransportFor connection-oriented transport, SCCP and SUA interface at the signaling gateway to associate the two connection sections needed for connection-oriented data transfer between an SS7 signaling end point and an IP endpoint

Routed on DPC in SS7 connection section

IP address in IP section

Resources are kept within SG to forward message from ine section to another

All IP ArchitectureTo carry a protocol that uses the transport services of SCCP within an IP networkThis architecture removes need for signalling gateway functionality

Common Message Header

Services provided by SUA Support for transport of SCCP user messages

SCCP protocol supportProtocol class 0 provides unordered transfer of SCCP- user messages in a connectionless manner.

Protocol class 1 allows the SCCP-user to select the sequenced delivery of SCCP-user messages in a connectionless manner.

Protocol class 2 allows the bidirectional transfer of SCCP-user messages by setting up a temporary or permanent signalling connection.

Protocol class 3 allows the features of protocol class 2 with the inclusion of flow control. Detection of message loss or mis-sequencing is included.

Contd…..Network management functionsInterworking with SCCP network management functions

ASP management messages for ASP statusInterworking with SCCP management messages consists of

Destination Unavailable (DUNA) Destination Available (DAVA) Destination State Audit (DAUD) Signalling Congestion (SCON)Destination User Part Unavailable (DUPU)Destination restricted (DRST)

Contd…….Support for the management between SGP and ASP

Provide an indication to the SCCP-user at an ASP that a SS7 endpoint/peer is unreachable.

Provide an indication to the SCCP-user at an ASP that a SS7 endpoint/peer is reachable.

Provide congestion indication to SCCP-user at an ASP.

Provide the initiation of an audit of SS7 endpoints at the SG.

Relay FunctionSUA may be enhanced with relay functionality to determine next hop SCTP assosciation toward the destination SUA end point

Based on Global title information

Also based on Hostname information, IP address or pointcode contained in the called party address

Allows for greater scalability, reliability and flexibility in wide scale development of SUA

Internal functions provided by SUA layer

Address mapping function (AMF)

AMF is responsible for resolving the address presented in the incoming SCCP/SUA message to SCTP association to destinations within the IP network

AMF will select the appropriate SCTP association based upon routing context/routing key avialable

contd…..Address Mapping at the SG

Address Mapping at the ASP

Address Mapping function at a Relay node

SCTP stream mapping

Flow control

Congestion managemnet

Address mapping at SGThe SGP will buffer the message destined for this AS for a time T(r) or until an ASP becomes available.

If there is no address mapping match for an incoming message, a default treatment MAY be specified

Possible solutions are to provide a default Application Server to direct all unallocated traffic to a (set of) default ASP(s), or to drop the messages and provide a notification to management

Address mapping at ASPTo direct messages to the SS7 network, the ASP MAY perform an address mapping which is accomplished by observing the Destination Point Code and other elements of the outgoing message, SS7 network status, SGP availability, and Routing Context configuration tables.

No SUA messaging is available to manage the status of an SGP

An ASP routes responses to the SGP that it received messages from; within the routing context which it is currently active and receiving traffic.

Address Mapping function at Relay Node

The relay function is invoked when:Routing is on Global Title Routing is on Hostname Routing is on SSN and PC or SSN and IP Address and the address presented is not the one of the relay node

To prevent looping SS7 hop counter is used

Each time the relay function is invoked within an intermediate (relay) node, the SS7 hop counter is decremented. When the value reaches zero, the return or refusal procedures are invoked with reason "Hop counter violation".

SCTP Stream MappingStream selection based on protocol class:

Protocol class 0: SUA MAY select unordered delivery. The stream selected is based on traffic information available to the SGP or ASP.

Protocol class 1: SUA MUST select ordered delivery. The stream selected is based upon the sequence parameter given by the upper layer over the primitive interface and other traffic information available to the SGP or ASP

Protocol classes 2 and 3: SUA MUST select ordered delivery. The stream selected is based upon the source local reference of the connection and other traffic information available to the SGP or ASP.

Flow control

Congestion Management

SUA ProceduresASP : application server processAS : application server: An Application Server contain at least one ASP. The ASP within the Application server can be processing traffic or can be in standby. The way in which traffic is shared over the ASP of a AS is implementation dependent. However traffic that needs the same server (such as TCAP msgsbelonging to the same transaction) must be sent to the same ASP, if possible.An ASP can belong to different Application ServersIf a ASP would fail then internal mechanisms have to provide for the transfer of state (example state of TCAP/application transaction.) within the AS.

ASP state TransitionsASP-DOWN

Initial state when SUA peer communication is not available

ASP-INACTIVEThe SUA peer at ASP is available but application traffic is stopped

ASP- ACTIVEThe remote SUA peer

and traffic is also active

ASP EventsReception of messages from the peer SUA layer at the ASP/IPSP

Reception of some messages from the SUA layer at other ASP/IPSP`s in AS

Reception of indications from SCTP layer

Local Management intervention

SUA ProceduresSUA layer has respond to various local primitives

Receiving from other layersAnd messages that is received from SUA Layer

Receipt of primitives from : SCCPLayer management SUA Peer Management Messages

SUA ProceduresReceipt of primitives from SCCP

Verifies whether concerned Application sever interested status changeAnd then transforms to the applicable messages to the list of concerned ASPs using stream ID “0”Management indications are determined by SCCPSUA message determines the application based server requests from Routing key From the list of ASP's the active state is selected and a DATA message is sent

SUA ProceduresReceipt of primitives from Layer management

Gets the appropriate action by the local layer managementIt will establish SCTP associates with remote peer by sending an SCTP-ASSOCIATE primitive to the local SCTP layer The SCTP sends an SCTP-Communication UP primitive to SUA layerIt will also sends the M-SCTP_RELEASE request primitive for layer management

SUA ProceduresReceipt of SUA Peer Management Messages

Selection of the layer management is done upon the ASP Active and ASP IN ACTIVEInvokes the corresponding ASP this are also generated at SUA eventsThen message transfer is done accordingly

Issues with the existing network

Limited performance and capacity

Network overloaded with non signaling traffic

Network elements do not scale well

Network elements are too expensive

Applications may need to be shut down during upgrades

Performance IssuesThe SUA protocol should be flexible enough to allow different configurations and transport technology

Signaling messages (especially SS7) have a very stringent loss and delay requirements in the existing telephone networks that must to be adhered to one protocol layer less.

The elimination of SCCP reduces the complexity of the network node (implementation as well as management), therefore reducing costs.

Performance IssuesSignaling messages have very stringent loss and delay requirements in the existing telephone networks that need to be supported by SUAFor transmission of signaling information over internet, SIGTRAN recommends use of IPSEC, which provides following security services

AuthenticationIntegrityConfidentialityAvailability

PSTN – IP Protocol Interworking

IP-based NetworkPSTN

MSC (or SSP)

SignallingGateway

SUASCCP Interw.

SCTPIP

MTP1-3

HLR(or SCP)

MTP1-3

MAP/INAP

SCCPTCAP

SUASCTP

IP

MAP/INAP

TCAP

Services of TCAPTCAP (Transaction Capabilities Applications Part)

Capable of running with SCCP and SUA(SIGTRAN-IP) Supporting the exchange of non-circuit related information between signaling pointsQueries and responses sent between SSPs and SCPs are carried in TCAP messagesProvides services to

INAP (IN Application Part)MAP (Mobile Application Part)

MAPMAP (Mobile Application Protocol) is a family of standard protocols that is used on the various interfaces of the Reference ModelIncludes SS7-TCAP to perform Request-Response operations

error is returned when request cannot be grantedreject is returned if request cannot be understood

As for IN, this mechanism can be adapted to different functionalities by using different options and parameters for requests and responses.

ANSI-41 MAP

SS7 X.25MTP

TCP/IP

TCAP

level 3

level 1

Layer 7

ANSI-41 MAP protocol architecture

can support several underlying protocols.

Security IssuesSUA is designed to carry signaling messages for telephony services

So SUA involves the security needs of several parties of:

The end users of the services The network providers and the applications involved.

Additional security requirements may come from local regulation. While having some overlapping security needs, any security solution should fulfill all of the different parties needs.

ThreatsThere is no quick fix, one-size-fits-all solution for security

As a transport protocol, SUA has the following security objectives:

• Availability of reliable and timely user data transport.

• Integrity of user data transport. • Confidentiality of user data.

Security ContinuedSUA runs on top of SCTP. SCTP provides certain transport related security features, such as:

* Blind Denial of Service Attacks * Flooding * Masquerade

* Improper Monopolization of Services

Security ContinuedBut when network in which SUA runs in involves more than one party, so it is not reasonable to expect that all parties have implemented a security in a sufficient way. End-to-end security should be the goal(so as to achieve it IPSEC is used to ensure confidentiality of user pay load)(IP SECurity) A security protocol from the IETF that provides authentication and encryption over the Internet

Security ContinuedIANA (Internet Assigned Numbers Authority) has registered SCTP Port Number 14001 for SUA. This port number is the port that the SGPs listen to when receiving SCTP datagram's.

ConfidentialityParticularly for mobile users,

• Security includes the masking of IP addresses and ports

• As application level encryption is not sufficient, It is supported IPSEC ISAKMP service.

IPSEC ISAKMP is IPSEC internet security Association key management protocol :

Data integrity Data origin authentication Anti reply protection Confidentiality

Protocol ExtensionsIANA (Internet Assigned Numbers Authority) has proposed following extensions:

Through definition of additional message classes.Through definition of additional message types. Through definition of additional message parameters.

The above are the integral parts of SIGTRAN adaptation layersThe extensions don't disturb the present working protocol

Protocol ExtensionsDefinition of additional message classes

A long and short name for the message class A detailed description of the purpose of the message class

Definition of additional message typesA long and short name for the new message typeA detailed description of the structure of the message

Protocol ExtensionsA detailed definition and description of intended use of each field within the message.A detailed procedural description of the use of the new message type within the operation of the protocolA detailed description of error conditions when receiving this message type

Definition of additional message parametersName of the parameter type. Detailed description of the structure of the parameter field. This structure MUST conform to the general type-length-value format described earlier in the document.Detailed definition of each component of the parameter value.

ConclusionsNetwork Evolution to an All-IP NetworkBoth traditional Circuit switch and IP based services need to besupported by single network infrastructure simultaneously.Hybrid architecture may be the best solution.

ReferencesSUA Home Page: http://www.sctp.be/sua/index.html

SUA Material: http://www.ietf.org/html.charters/sigtran-charter.html

Web ProForum Tutorials : http:www.iec.org

Airslide Systems: http:www.iec.org

Artesyn Technologies: www.artesyncp.com

Questions ???

Questions:

What layers does SUA replace in IP networks?

Give any two differences between the M3UA/SCCP and SUA?

What are the performances provided by the SUA?

Answers:SUA replaces the functionality of SCCP and M3UA over SCTP in IP n/w’s.

SUA doesn’t require SCCP services as M3UA.SUA allows the IP network to route the messages using Global Title Information where as in M3UA messages are handled from point-code to point code.

Authentication,Integrity,Confidentiality,Availability

Thank YOU