Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 A Review of the Architecture and the Underlying Protocols in the Telephone Network Dipak Ghosal Department of Computer Science University of California.

Similar presentations

Presentation on theme: "1 A Review of the Architecture and the Underlying Protocols in the Telephone Network Dipak Ghosal Department of Computer Science University of California."— Presentation transcript:

1 1 A Review of the Architecture and the Underlying Protocols in the Telephone Network Dipak Ghosal Department of Computer Science University of California at Davis

2 2 June 20142 Outline History Network Architecture SS7 Protocol Routing Media Stimulated Focused Overload Overview of Telephony Research Current Efforts

3 2 June 20143 History Pre-1984 AT&T 1980s saw rapid deployment of digital technology in the core network 1984 Breakup of AT&T into 7 RBOCs (Regional Bell Operating Companies), AT&T, and others Local area carriers (LECs) serving LATA were regulated Long distance carrier (IXC) service was opened

4 2 June 20144 History (2) Post 1984 New Telecom Act in 1996 Further deregulation of LECs (ILECs and CLECS) Local area and long distance markets opened Local Number Portability Break-up of AT&T AT&T Lucent (Bell-Labs) Mergers of RBOCs and CLECs

5 2 June 20145 Outline History Network Architecture SS7 Protocol Routing Media Stimulated Focused Overload Overview of Telephony Research Current Efforts

6 2 June 20146 A Typical Regional POTS Network

7 2 June 20147 Network Architecture

8 2 June 20148 Circuit Network Central Offices (End Offices) Local aggregation points for phone lines Wire-pair (local loop) to each telephone Tandems Hubs interconnecting Central Offices Connecting to IXCs

9 2 June 20149 Circuit Network (2) Hierarchical organization End office Toll Center Primary Center Sectional Center Regional Center

10 2 June 201410 End Office

11 2 June 201411 Signaling Network Signaling network is the brain Circuit network forms the the muscles All nodes in the signaling network are called signaling points SSP -> Service Switching Points STP -> Signaling Transfer Point SCP -> Service Control Point

12 2 June 201412 Service Switching Point This is the local exchange in the telephone network Interfaces both the circuit network and signaling network Generate SS7 messages from signals from the voice network Generate SS7 query messages for non-circuit related messages LNP has significantly altered the traffic mix

13 2 June 201413 Signaling Transfer Point Routers in the SS7 network Route messages between SSPs Support Global Title Translation for non-circuit related messages These can be separate stand alone nodes or adjuncts to a voice switch Many tandems used to act as STPs Deployed as a mated pair

14 2 June 201414 Signaling Transfer Point (2) Hierarchy of STPs Local and Regional STPs International STPs Gateway STPs Interconnect different networks including cellular networks Very important node in the SS7 network Many other functions including measurements and data mining

15 2 June 201415 Service Control Point Interfaces to databases 800/900 databases HLR/VLR databases LIDB (Line Information Databases) for calling cards Local Number Portability Database New Advanced Intelligent Network (AIN) services.

16 2 June 201416 Types of Signaling Links

17 2 June 201417 Types of Signaling Links (2) A-Links are access links between SSP and STP or SCP and STP B-Links are bridge links that connect mated STP pairs in the same hierarchy C-Links are cross links between an STP and its mat D-Links are diagonal links between STPs at different levels of the hierarchy E-Links a extended links to connect to remote STP pairs F-links are fully associated links

18 2 June 201418 Types of Signaling Links (3) Link sets are group of links with the same adjacent nodes Route is a collection of link sets required to reach a destination Route set is a collection of routes Routing is hop-by-hop A signaling point needs to know which linkset to use towards the destination

19 2 June 201419 Addressing Each signaling point has a address and it is referred to as the Point Code It is a 24-bit address 8 bits network identifier 8 bits cluster identifier 8 bits node identifier Full point code routing Partial point code routing Cluster routing or network routing

20 2 June 201420 Requirements Availability objective: an unavailability of no more than 10 minutes downtime between two SPs Lost message probability: 1 in 10**7 Message Out-of-sequence probability: 1 in 10**10 Performance objectives: Maximum link utilization must be less than 40% Various other requirements on various processing delay Maximum message processing delay at an SP is 200ms

21 2 June 201421 Outline History Network Architecture SS7 Protocol Routing Media Stimulated Focused Overload Overview of Telephony Research Current Efforts

22 2 June 201422 Protocol Stack

23 2 June 201423 ISDN User Part (ISUP)

24 2 June 201424 ISDN User Part (ISUP) IAM – Initial Address Message Message type, Called party number, calling party category, forward call indicators, nature of connection identifier, user service information ACM – Acknowledge Message ANM –Answer Message REL – Release Message RLC – Release Clear Message All these message have a associated circuit identification code (CIC)

25 2 June 201425 Database Query (TCAP)

26 2 June 201426 Signaling Connection Control Part (SCCP) Additional functions over MTP (network) layer to support connectionless and connection oriented services Very similar to transport layer Address Translations Dialed digits to destination point codes Particularly important for non-routable numbers such as 800/900. GTT functionality is supported in the STP to determine which database will provide the translation.

27 2 June 201427 Message Transfer Part (MTP) Layer 3 Network Management Link management Traffic management Route Management Message discrimination Message distribution Message routing

28 2 June 201428 MTP Layer 3 (2) Message discrimination Determine if the message is destined to the receiving node If yes apply message distribution to distributed it to the appropriate application Else, route it to the destination using the most direct route (I.e., fewest number of hops)

29 2 June 201429 MTP Layer 3 (3) Traffic management Link failures Route failures Congestion

30 2 June 201430 Transient A-Link Failure

31 2 June 201431 Link Failure Level-2 processor sends a link failure message to the Level-3 processor Level-3 processor updates its own routing table Level-3 processor sends out routing table update message to other Level-3 processors within the STP

32 2 June 201432 Link Failure (2) Send out Traffic Restricted (TFR) messages to all the SPs Send out Traffic Prohibited (TFP) message to the mate-STP via the C-link Send change-over message to the corresponding SP Sends changeover signal to the Level-2 processor to re-routes messages via the C-link

33 2 June 201433 Congestion

34 2 June 201434 STP Architecture

35 2 June 201435 Key Design Issue What is the best cluster size? Centralized architecture have few Level-3 processors Fewer number of routing tables hence quicker update of failue information within the STP Potential Level-3 processor overload Distributed architectures have large number of Level-3 processors Multiple failures can be processed in parallel Large number of routing tables and hence delays in updating all copies What is the priority structure for different message types in the Level-3 processor?

36 2 June 201436 Model of Level-3 Processor

37 2 June 201437 Network Model 1, 8, 16, 24 A-link failures All failures to a single STP Simultaneous recovery after 11 seconds

38 2 June 201438 Call Throughput

39 2 June 201439 Key Results A clustered architecture with 8/16 Level-2 processors per Level-3 processor performed the best Priority of tasks was a very important factor Dynamic priority inversion

40 2 June 201440 Outline History Network Architecture SS7 Protocol Routing Media Stimulated Focused Overload Overview of Telephony Research Current Efforts

41 2 June 201441 Routing in Circuit Network Dynamic Routing Some part of the routing changes over time Adaptive Routing Some part of the routing is a function of the network state at the time the decision is made

42 2 June 201442 Alternate Routing An ordered set of routes from which the choice is made Fixed alternate routing A small subset of fixed route is used The set of alternate route is scanned in some predetermined order and the call is connected on the first free path that is found There are different methods on how the routing control is propagated

43 2 June 201443 Alternate Routing (2) There are different methods on how the routing control is propagated Originating-office control Spill-forward control Crankback

44 2 June 201444 Fixed Hierarchical Routing Hierarchical organization of switches End office Toll Center Primary Center Sectional Center Regional Center There are specific hierarchical fan rules of how switches are connected

45 2 June 201445 Dynamic Nonhierarchical Routing Deployed in mid 1980s A day is divided in to 10 traffic periods All switches are same – no hierarchy Routing is alternate type with the provision that alternate paths are limited to atmost two links Long paths can result in knock-on effect and make the system highly sensitive to overloads Uses crankback

46 2 June 201446 Adpative Routing Residual capacity adaptive routing (RCAR) Uses occupancy information of all trunk groups periodically updated by measurements DCR – sends calls to paths with the largest expected number of free trunks Trunk Status Map Routing Adaptive DNHR

47 2 June 201447 Outline History Network Architecture SS7 Protocol Routing Media Stimulated Focused Overload Overview of Telephony Research Current Efforts

48 2 June 201448 The Problem Media events may stimulate a large number of calls to a single number in a very short time interval Mass Call-Ins cause focused overloads, denying service to customers trying to reach other numbers Outages may persist for long period Existing automated network controls protect the network, but deny service unnecessarily

49 2 June 201449 Example of Mass Callin

50 2 June 201450 Choke Network Special exchange which serves many clients (e.g., radio stations) that regularly generate call-ins Small number of trunk to this exchange Not suitable for clients that would like to have large number of calls completed (ticket sales)

51 2 June 201451 SSP STP Call Attempt SSP Call Gap Table Manual Call Gaps

52 2 June 201452 SSP STP Call Attempt SSP Block all calls to target DPC TFC Congestion Detected TFC Congestion Control

53 2 June 201453 Other Methods Automatic Congestion Control (ACC) Method by which a switch can protect itself if overloaded Curtails a percentage of call request on a per trunk-group basis Code Blocks Blocks a percentage of calls to specific numbers

54 2 June 201454 Caller Callee Normal Call Call to a Busy Number IAM ACM ANM RELRLC RELRLC Release-Busy IAM carries called number Conversation Call Processing and Signaling

55 2 June 201455 When a Mass Call-In occurs, a very large number of Release-Busies messages from the same target number are quickly generated Call gaps are an effective method for stopping traffic to a particular number Call gaps have almost no effect on traffic to other numbers, while squelching traffic to the target Key Ideas

56 2 June 201456 Example of Mass Callin

57 2 June 201457 Maintain information on called numbers during initial call processing Cache recent Release-Busies using hashing Detect multiple Release-Busies to the same target number over a short (2-3 second) interval Insert Call-Gaps into switches generating traffic to the busy number Remove Call-Gaps after a period of inactivity (5-10 minutes) Algorithm

58 2 June 201458 Current switch technology does not allow Call Gaps to be set quickly Fast Call Gaps assume switches engineering to allow Call Gaps to be set within one second Slow Call Gaps assume Call Gaps can be set with an 8 second delay plus 700 milliseconds per switch (achievable with current switches) Implementation Issues

59 2 June 201459 Simulation Results

60 2 June 201460 Simulation Results (Detail)

61 2 June 201461 Operator Utilization (10 Operators)

62 2 June 201462 Operator Utilization (100 Operators)

63 2 June 201463 Unanticipated Mass Call-In events can be effectively and efficiently controlled by a simple detection method Fast Call Gaps would reduce the effect of Call-In overloads to almost unnoticeable levels Slow Call Gaps would provide an effective method for controlling Call-In events without the necessity of modification of existing switches Summary

64 2 June 201464 Outline History Network Architecture SS7 Protocol Routing Media Stimulated Focused Overload Overview of Telephony Research Current Efforts

65 2 June 201465 Research Summary Security B. Reynolds and Dipak Ghosal. STEM: Secure Telephony Enabled Middlebox. IEEE Communications Magazine Special Issue on Security in Telecommunication Networks. October 2002. B. Reynolds and Dipak Ghosal, Secure IP Telephony Using Multi-Layer Protection, to appear in Network and Distributed Systems Security (NDSS03), San Diego, February 2003. Resource Management M. C. Caesar, D. Ghosal, and R. Katz, ``Resource Management for IP Telephony Networks,'' International Workshop of Quality of Service (IWQoS), Miami, May 2002. Node Architectures Dipak Ghosal, A Comparative Analysis of STP Architectures Under Transient Failure and Overload Conditions, IEEE International Conference on Perfromance and Dependable Systems, June 1999.

66 2 June 201466 Research Summary (2) Pricing Matthew Caesar, Sujatha Balaraman and Dipak Ghosal, "A Comparative Study of Pricing Strategies for IP Telephony", IEEE Globecom 2000, Global Internet Symposium, San Francisco, USA, -- I presented my work on Nov. 29, 2000. Traffic Issues J. Burns and D. Ghosal, ``Automatic Detection and Control of Media Stimulated Focused Overloads,'' Proceedings of the International Teletraffic Congress, Washington D.C., June 1997, pp.889-900. To appear in Telecommunication Systems A. Mukherjee and D. Ghosal, ``The Impact of Background Traffic on the Effectiveness of FEC for Audio over Internet,'' InternationalTeletraffic Congress, Edinburgh, UK 1999.

67 2 June 201467 Research Summary (3) Enhanced Signaling Network Architecture Abramson, Xiao-yan Fang, and D. Ghosal. Analysis of an Enhanced Signaling Network for Scalable Mobility Management in Next Generation Wireless Networks. IEEE Globecom. Taiwan, ROC, November 2002. T. Sinclair and D. Ghosal, An Enhanced Signaling Network Architecture for Replicated HLR – Prototype Implementation and Performance Analysis, ICC 1999, Vancouver J

68 2 June 201468 Outline History Network Architecture SS7 Protocol Routing Media Stimulated Focused Overload Overview of Telephony Research Current Efforts

69 2 June 201469 Overview Security Security architecture for IP Telephony Sensors to detect DoS attacks Detection algorithm Recovery algorithms Preliminary results from simulation analysis Future work Resource Management in IP Telephony Routing

70 2 June 201470 Enterprise Network

71 2 June 201471 SIP IP Phone Location Service SIP Proxy SIP Proxy/LS DNS Server Media Transport 1 2 3 4 5 6 A request is sent (SIP INVITE) to ESTABLISH a session DNS Query for the IP Address of the SIP Proxy of the Destination Domain The INVITE is forwarded The Location Service is queried to check that the destination IP address represents a valid registered device, and for its IP Address The request is forwarded to the End-Device Destination device returns its IP Address to the originating device and a media connection is opened Call Setup – Net-to-Net

72 2 June 201472 Call Setup – PSTN-to-Net

73 2 June 201473 Comparison of Solutions MethodAdvantageDisadvantage All AccessEvery application will work No perimeter security at all Traffic RedirectionNo issues with firewall or NAT Removes advantages of using IP telephony Application ProxyFirewall does not need to be modified Firewall cant provide protection for proxy Protocol TunnelingLimited additional filter rules required Large overhead and requires modifying IP telephony clients Secure Telephony Enabled Middleboxes (STEM) Provides high level of network security and allows dynamic apps Requires new firewall installed

74 2 June 201474 Vulnerability Analysis Property oriented approach Access control to use IP telephony service Integrity and authenticity of IP telephony signaling messages Resource availability and fairness in providing IP telephony service Confidentiality and accountability

75 2 June 201475 Access Control Deny unauthorized users access to IP telephony service Central authentication servers E.g.: RADIUS server Enable various network elements to query authentication server

76 2 June 201476 Integrity and Authenticity of Signaling Messages Call Based Denial of Service CANCEL messages, BYE message, Unavailable responses Call Redirection Re-registering with bogus terminal address, user moved to new address, redirect to additional proxy User Impersonation

77 2 June 201477 Payload Encryption Capture and decoding of voice stream Can be done in real-time very easily Capture of DTMF information Voice mail access code, credit card number, bank account Call profiling based on information in message headers

78 2 June 201478 Resource Fairness and Availability Flood based attacks Network bandwidth between enterprise and external network Server resources at control points SIP Proxy Server Voice ports in Media/Signaling Gateway Signaling link between Media/Signaling Gateway and PSTN End user

79 2 June 201479 Internet Originated Attack Enterprise network connection can be flooded using SYN flooding Resources in the SIP proxy server can be exhausted by a large flood of incoming call request End user can be targeted with a large number of SIP INVITE requests in a brief period of time

80 2 June 201480 PSTN Originated Attack Voice ports on the M/S gateway are completely allocated Signaling link between M/S gateway and PSTN STP becomes saturated with messages Large number of PSTN endpoints attempt to contact a single individual resulting in a high volume of INVITE messages

81 2 June 201481 Security Architecture

82 2 June 201482 Application Layer Attack Sensor (ALAS) Monitors the number of SIP INVITE requests and the SIP OK (call acceptance) responses URI level monitor Aggregate level monitor Detection Algorithm Response Algorithm Proxy or M/S gateway returns temporally busy messages

83 2 June 201483 Transport Layer Attack Sensor (TLAS) Monitors the number of TCP SYN and ACK packets Traffic is monitored at an aggregate level Upon detection of an attack, throttling is applied by perimeter devices (e.g. firewall) If attack persists, traceback technologies can be used to drop malicious traffic at an upstream point

84 2 June 201484 RTP Stream Attack Sensor (RSAS) To detect malicious RTP and RTCP streams Parameters of the RTP streams are known at connection setup time Police individual streams Statistical techniques to determine large flows Packets corresponding to the malicious streams are dropped at the firewall Need cooperation of upstream routers to mitigate link saturation

85 2 June 201485 Detection Algorithm for TLAS Monitoring the volume of connection attempts vs. volume of complete connection handshakes can be used to detect an attack Based on the sequential change point detection method proposed by Wang, Zhang and Shin (Infocom 2002) to detect TCP SYN attacks

86 2 June 201486 Algorithm All connection setup attempts and complete handshakes are counted during the observation period During each sampling period the difference is computed and normalized Under normal operation, the resulting value should be very close to 0 In the presence of an attack, the result is a large positive number Apply a cumulative sum method to detect short high volume attacks as well as longer low volume attacks

87 2 June 201487 Recovery Algorithm Linear Recovery This is the default behavior of the detection algorithm Exponential Recovery The cumulative sum decreases multiplicatively once the attack has ceased Reset after Timeout The cumulative sum decays linearly decays until a timer expires at which point it is reset to 0

88 2 June 201488 Preliminary Results Types of attack Limited DoS attack Single user targeted by one or more attackers Stealth DoS attack Multiple users targeted by one or more attackers each with a low volume of call requests Aggressive DoS attack Multiple users targeted with moderate call requests Ability to detect both aggregate level attacks as well as attack to individual URIs

89 2 June 201489 Preliminary Results

90 2 June 201490 Preliminary Results

91 2 June 201491 Preliminary Results

92 2 June 201492 Results

93 2 June 201493 Future Work Detailed analysis Tradeoff between detection time and false alarm rate Formal vulnerability analysis Additional vulnerabilities with ENUM Routing layer issues Vulnerabilities of multihomed networks

94 94 Resource Management in IP Telephony Networks Matthew Caesar, Dipak Ghosal, Randy H. Katz {mccaesar, randy}

95 2 June 201495 Motivation What is IP Telephony? Packetized voice over IP PSTN access through Internet Telephony Gateway (ITG) Benefits: Improved network utilization Next generation services (POTS PANS) Growth: Revenues $1.7 billion in 2001, 6% of international traffic was over IP, growing [Frost 2002] [Telegeography 2002] Standardized, deployed protocols (TRIP, SIP, H.323) Requires scalable architecture to limit congestion.

96 2 June 201496 Goals High quality, economically efficient telephony over the Internet. Low blocking probability Provide preferential treatment, high QoS Questions: How to perform call admission control? How best to route calls through converged network?

97 2 June 201497 Approach Mechanisms ITG selection Congestion sensitive call admission control Techniques Awareness of ITG congestion Path quality between important points in network Distance Utilization * * ** * **

98 2 June 201498 Overview IP Telephony Networks Pricing-based Admission Control Redirection Techniques Experimental Design Results Future Work

99 2 June 201499 System Architecture ITG LS Example Call Setup Example Advertisement Gateway (ITG) IP Terminal Location Server (LS) Internet Admin. Domain (AD) Example Call Session ITG LS 12 3 4 5 6

100 2 June 2014100 Scope of Study 1. All calls are net-to-phone 2. ADs cooperate to provide service. 3. Use IETFs TRIP architecture to support interoperability. 4. Disregard degradation in access network. 5. Prices determined at start of call. 6. ITGs offer equal PSTN reachability.

101 2 June 2014101 Pricing PSTN distance pricing time of day pricing IP Telephony richer user interface allows for more dynamic pricing schemes Baseline: Flat-rate Admission Control (FAC)

102 2 June 2014102 Congestion Sensitive Call Admission Control (CAC) Goal: prevent system overload and generate revenue Price of call function of number of voice ports in use rises when highly utilized More dynamic than PSTN

103 2 June 2014103 Price-Congestion Function Used M/M/m/m (m- server loss system) responsive server loss system discouraged arrivals Found price-congestion function that maximized revenue with respect to 0 1 2 m-1 m...... m-1 m

104 2 June 2014104 Congestion Pricing Analysis Exponential function generates most revenue Stepwise linear function almost as good Maximum system price charged early Approximation to function minimizes price fluctuations

105 2 June 2014105 Redirection Problem: finding the best ITG Approach: tradeoffs between quality and load Method: LS maintains Average measured path quality Number voice ports in use Algorithms: Random Redirection (RR) (baseline) QoS Sensitive Redirection (QR) Congestion Sensitive Redirection (CR) Hybrid Scheme (CQR)

106 2 June 2014106 Redirection Schemes QoS Sensitive Redirection (QR) Different paths provide different service Technique: Use RTCP RRs to monitor path congestion Route over best paths Congestion Sensitive Redirection (CR) Unbalanced load causes call blocks Technique: Use TRIP advertisements to estimate ITG utilization Route to least utilized ITG

107 2 June 2014107 Hybrid Redirection (CQR) Choosing nearby ITG improves call quality, but can unbalance load. Algorithm: Compute Rdm = *M i +(1- )*Q i M i is utilization, Q i is loss rate Select randomly from k ITGs with lowest Rdm Tradeoffs: Use to trade off call quality and load balance Use k to vary flash crowd protection Price Sensitive CQR (PCQR) Decrease for higher bids

108 2 June 2014108 Overview IP Telephony Networks Pricing-based Admission Control Redirection Techniques Experimental Design Results Future Work

109 2 June 2014109 Experimental Method Modified ns-2 Ran for 1.5 simulated hours Eliminated first half-hour User Model Bid uniformly distributed Voice traffic on-off Markov process Pareto cross-traffic Data points stable across several time scales

110 2 June 2014110 Evaluation: Metrics Blocking Probability Average call QoS Used Mean Opinion Score (MOS) based on RTP loss rate Economic efficiency Ratio of service tier to QoS achieved Stability: Variance in ITG utilization Over time Over the set of ITGs

111 2 June 2014111 Admission Control: Blocking Probability Flat pricing unnecessarily blocks many callers Congestion pricing changes system price dynamically with load

112 2 June 2014112 Redirection: Blocking Probability Congestion sensitivity decreases blocking probability Small k few blocked calls Congestion Sensitive Redirection (CR) improves balance over Random Redirection (RR)

113 2 June 2014113 Redirection: Load Balance More congestion sensitivity improves balance Load imbalance blocks calls

114 2 June 2014114 Redirection: Background Traffic Effects QoS sensitivity minimizes effects of cross traffic Small amount of sensitivity vastly improves call quality

115 2 June 2014115 Summary Admission Control Schemes: Congestion sensitive pricing decreases unnecessary call blocking, increases revenue, and improves economic efficiency Derived exponential price-congestion function that maximizes revenue Redirection Schemes: Hybrid scheme achieves best of both worlds Price sensitivity improves economic efficiency

116 2 June 2014116 Future Work Realistic workload Improve user model Develop price-congestion function for real users Study flash-crowd effects ITG Placement Competitive Network

117 117 Routing in IP Telephony Networks Brian Liao, Matthew Caesar, Dipak Ghosal

118 2 June 2014118 Problem: Finding suitable Gateway to balance resource, enhance QoS. Select best path to lower blocking probability, decrease delay.

119 2 June 2014119 Finding The Appropriate Gateway Performing matrix = βM i +(1-β)Q i M i : voice port in use in gateway i Q i : Audio Quality in gateway I

120 2 June 2014120 Finding Suitable Path (I) Blocking Probability & Delay are two keys selection criteria Multi-constraints shortest path problem is NP

121 2 June 2014121 Finding Suitable Path (II) Finding K-shortest paths for primary constraint. From the K-shortest paths, select the best path with respect to secondary constraint. Feasible in Polynomial Time.

122 2 June 2014122 Proposed solution Base on location, select the best gateway nearby. Using K shortest path to select path and fulfill multi-constraint.

123 2 June 2014123 Reference Canhui (Sam) Ou, Keyao Zhu, Hui Zang, Laxman H. Sahasrabuddhe, and Biswanath Mukherjee, Traffic Grooming for Survivable WDM Networks -- Shared Protection David Eppstein, Finding the K shortest paths.

Download ppt "1 A Review of the Architecture and the Underlying Protocols in the Telephone Network Dipak Ghosal Department of Computer Science University of California."

Similar presentations

Ads by Google