Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 A Review of the Architecture and the Underlying Protocols in the Telephone Network Dipak Ghosal Department of Computer Science University of California.

Similar presentations

Presentation on theme: "1 A Review of the Architecture and the Underlying Protocols in the Telephone Network Dipak Ghosal Department of Computer Science University of California."— Presentation transcript:

1 1 A Review of the Architecture and the Underlying Protocols in the Telephone Network Dipak Ghosal Department of Computer Science University of California at Davis

2 2 June Outline History Network Architecture SS7 Protocol Routing Media Stimulated Focused Overload Overview of Telephony Research Current Efforts

3 2 June History Pre-1984 AT&T 1980s saw rapid deployment of digital technology in the core network 1984 Breakup of AT&T into 7 RBOCs (Regional Bell Operating Companies), AT&T, and others Local area carriers (LECs) serving LATA were regulated Long distance carrier (IXC) service was opened

4 2 June History (2) Post 1984 New Telecom Act in 1996 Further deregulation of LECs (ILECs and CLECS) Local area and long distance markets opened Local Number Portability Break-up of AT&T AT&T Lucent (Bell-Labs) Mergers of RBOCs and CLECs

5 2 June Outline History Network Architecture SS7 Protocol Routing Media Stimulated Focused Overload Overview of Telephony Research Current Efforts

6 2 June A Typical Regional POTS Network

7 2 June Network Architecture

8 2 June Circuit Network Central Offices (End Offices) Local aggregation points for phone lines Wire-pair (local loop) to each telephone Tandems Hubs interconnecting Central Offices Connecting to IXCs

9 2 June Circuit Network (2) Hierarchical organization End office Toll Center Primary Center Sectional Center Regional Center

10 2 June End Office

11 2 June Signaling Network Signaling network is the brain Circuit network forms the the muscles All nodes in the signaling network are called signaling points SSP -> Service Switching Points STP -> Signaling Transfer Point SCP -> Service Control Point

12 2 June Service Switching Point This is the local exchange in the telephone network Interfaces both the circuit network and signaling network Generate SS7 messages from signals from the voice network Generate SS7 query messages for non-circuit related messages LNP has significantly altered the traffic mix

13 2 June Signaling Transfer Point Routers in the SS7 network Route messages between SSPs Support Global Title Translation for non-circuit related messages These can be separate stand alone nodes or adjuncts to a voice switch Many tandems used to act as STPs Deployed as a mated pair

14 2 June Signaling Transfer Point (2) Hierarchy of STPs Local and Regional STPs International STPs Gateway STPs Interconnect different networks including cellular networks Very important node in the SS7 network Many other functions including measurements and data mining

15 2 June Service Control Point Interfaces to databases 800/900 databases HLR/VLR databases LIDB (Line Information Databases) for calling cards Local Number Portability Database New Advanced Intelligent Network (AIN) services.

16 2 June Types of Signaling Links

17 2 June Types of Signaling Links (2) A-Links are access links between SSP and STP or SCP and STP B-Links are bridge links that connect mated STP pairs in the same hierarchy C-Links are cross links between an STP and its mat D-Links are diagonal links between STPs at different levels of the hierarchy E-Links a extended links to connect to remote STP pairs F-links are fully associated links

18 2 June Types of Signaling Links (3) Link sets are group of links with the same adjacent nodes Route is a collection of link sets required to reach a destination Route set is a collection of routes Routing is hop-by-hop A signaling point needs to know which linkset to use towards the destination

19 2 June Addressing Each signaling point has a address and it is referred to as the Point Code It is a 24-bit address 8 bits network identifier 8 bits cluster identifier 8 bits node identifier Full point code routing Partial point code routing Cluster routing or network routing

20 2 June Requirements Availability objective: an unavailability of no more than 10 minutes downtime between two SPs Lost message probability: 1 in 10**7 Message Out-of-sequence probability: 1 in 10**10 Performance objectives: Maximum link utilization must be less than 40% Various other requirements on various processing delay Maximum message processing delay at an SP is 200ms

21 2 June Outline History Network Architecture SS7 Protocol Routing Media Stimulated Focused Overload Overview of Telephony Research Current Efforts

22 2 June Protocol Stack

23 2 June ISDN User Part (ISUP)

24 2 June ISDN User Part (ISUP) IAM – Initial Address Message Message type, Called party number, calling party category, forward call indicators, nature of connection identifier, user service information ACM – Acknowledge Message ANM –Answer Message REL – Release Message RLC – Release Clear Message All these message have a associated circuit identification code (CIC)

25 2 June Database Query (TCAP)

26 2 June Signaling Connection Control Part (SCCP) Additional functions over MTP (network) layer to support connectionless and connection oriented services Very similar to transport layer Address Translations Dialed digits to destination point codes Particularly important for non-routable numbers such as 800/900. GTT functionality is supported in the STP to determine which database will provide the translation.

27 2 June Message Transfer Part (MTP) Layer 3 Network Management Link management Traffic management Route Management Message discrimination Message distribution Message routing

28 2 June MTP Layer 3 (2) Message discrimination Determine if the message is destined to the receiving node If yes apply message distribution to distributed it to the appropriate application Else, route it to the destination using the most direct route (I.e., fewest number of hops)

29 2 June MTP Layer 3 (3) Traffic management Link failures Route failures Congestion

30 2 June Transient A-Link Failure

31 2 June Link Failure Level-2 processor sends a link failure message to the Level-3 processor Level-3 processor updates its own routing table Level-3 processor sends out routing table update message to other Level-3 processors within the STP

32 2 June Link Failure (2) Send out Traffic Restricted (TFR) messages to all the SPs Send out Traffic Prohibited (TFP) message to the mate-STP via the C-link Send change-over message to the corresponding SP Sends changeover signal to the Level-2 processor to re-routes messages via the C-link

33 2 June Congestion

34 2 June STP Architecture

35 2 June Key Design Issue What is the best cluster size? Centralized architecture have few Level-3 processors Fewer number of routing tables hence quicker update of failue information within the STP Potential Level-3 processor overload Distributed architectures have large number of Level-3 processors Multiple failures can be processed in parallel Large number of routing tables and hence delays in updating all copies What is the priority structure for different message types in the Level-3 processor?

36 2 June Model of Level-3 Processor

37 2 June Network Model 1, 8, 16, 24 A-link failures All failures to a single STP Simultaneous recovery after 11 seconds

38 2 June Call Throughput

39 2 June Key Results A clustered architecture with 8/16 Level-2 processors per Level-3 processor performed the best Priority of tasks was a very important factor Dynamic priority inversion

40 2 June Outline History Network Architecture SS7 Protocol Routing Media Stimulated Focused Overload Overview of Telephony Research Current Efforts

41 2 June Routing in Circuit Network Dynamic Routing Some part of the routing changes over time Adaptive Routing Some part of the routing is a function of the network state at the time the decision is made

42 2 June Alternate Routing An ordered set of routes from which the choice is made Fixed alternate routing A small subset of fixed route is used The set of alternate route is scanned in some predetermined order and the call is connected on the first free path that is found There are different methods on how the routing control is propagated

43 2 June Alternate Routing (2) There are different methods on how the routing control is propagated Originating-office control Spill-forward control Crankback

44 2 June Fixed Hierarchical Routing Hierarchical organization of switches End office Toll Center Primary Center Sectional Center Regional Center There are specific hierarchical fan rules of how switches are connected

45 2 June Dynamic Nonhierarchical Routing Deployed in mid 1980s A day is divided in to 10 traffic periods All switches are same – no hierarchy Routing is alternate type with the provision that alternate paths are limited to atmost two links Long paths can result in knock-on effect and make the system highly sensitive to overloads Uses crankback

46 2 June Adpative Routing Residual capacity adaptive routing (RCAR) Uses occupancy information of all trunk groups periodically updated by measurements DCR – sends calls to paths with the largest expected number of free trunks Trunk Status Map Routing Adaptive DNHR

47 2 June Outline History Network Architecture SS7 Protocol Routing Media Stimulated Focused Overload Overview of Telephony Research Current Efforts

48 2 June The Problem Media events may stimulate a large number of calls to a single number in a very short time interval Mass Call-Ins cause focused overloads, denying service to customers trying to reach other numbers Outages may persist for long period Existing automated network controls protect the network, but deny service unnecessarily

49 2 June Example of Mass Callin

50 2 June Choke Network Special exchange which serves many clients (e.g., radio stations) that regularly generate call-ins Small number of trunk to this exchange Not suitable for clients that would like to have large number of calls completed (ticket sales)

51 2 June SSP STP Call Attempt SSP Call Gap Table Manual Call Gaps

52 2 June SSP STP Call Attempt SSP Block all calls to target DPC TFC Congestion Detected TFC Congestion Control

53 2 June Other Methods Automatic Congestion Control (ACC) Method by which a switch can protect itself if overloaded Curtails a percentage of call request on a per trunk-group basis Code Blocks Blocks a percentage of calls to specific numbers

54 2 June Caller Callee Normal Call Call to a Busy Number IAM ACM ANM RELRLC RELRLC Release-Busy IAM carries called number Conversation Call Processing and Signaling

55 2 June When a Mass Call-In occurs, a very large number of Release-Busies messages from the same target number are quickly generated Call gaps are an effective method for stopping traffic to a particular number Call gaps have almost no effect on traffic to other numbers, while squelching traffic to the target Key Ideas

56 2 June Example of Mass Callin

57 2 June Maintain information on called numbers during initial call processing Cache recent Release-Busies using hashing Detect multiple Release-Busies to the same target number over a short (2-3 second) interval Insert Call-Gaps into switches generating traffic to the busy number Remove Call-Gaps after a period of inactivity (5-10 minutes) Algorithm

58 2 June Current switch technology does not allow Call Gaps to be set quickly Fast Call Gaps assume switches engineering to allow Call Gaps to be set within one second Slow Call Gaps assume Call Gaps can be set with an 8 second delay plus 700 milliseconds per switch (achievable with current switches) Implementation Issues

59 2 June Simulation Results

60 2 June Simulation Results (Detail)

61 2 June Operator Utilization (10 Operators)

62 2 June Operator Utilization (100 Operators)

63 2 June Unanticipated Mass Call-In events can be effectively and efficiently controlled by a simple detection method Fast Call Gaps would reduce the effect of Call-In overloads to almost unnoticeable levels Slow Call Gaps would provide an effective method for controlling Call-In events without the necessity of modification of existing switches Summary

64 2 June Outline History Network Architecture SS7 Protocol Routing Media Stimulated Focused Overload Overview of Telephony Research Current Efforts

65 2 June Research Summary Security B. Reynolds and Dipak Ghosal. STEM: Secure Telephony Enabled Middlebox. IEEE Communications Magazine Special Issue on Security in Telecommunication Networks. October B. Reynolds and Dipak Ghosal, Secure IP Telephony Using Multi-Layer Protection, to appear in Network and Distributed Systems Security (NDSS03), San Diego, February Resource Management M. C. Caesar, D. Ghosal, and R. Katz, ``Resource Management for IP Telephony Networks,'' International Workshop of Quality of Service (IWQoS), Miami, May Node Architectures Dipak Ghosal, A Comparative Analysis of STP Architectures Under Transient Failure and Overload Conditions, IEEE International Conference on Perfromance and Dependable Systems, June 1999.

66 2 June Research Summary (2) Pricing Matthew Caesar, Sujatha Balaraman and Dipak Ghosal, "A Comparative Study of Pricing Strategies for IP Telephony", IEEE Globecom 2000, Global Internet Symposium, San Francisco, USA, -- I presented my work on Nov. 29, Traffic Issues J. Burns and D. Ghosal, ``Automatic Detection and Control of Media Stimulated Focused Overloads,'' Proceedings of the International Teletraffic Congress, Washington D.C., June 1997, pp To appear in Telecommunication Systems A. Mukherjee and D. Ghosal, ``The Impact of Background Traffic on the Effectiveness of FEC for Audio over Internet,'' InternationalTeletraffic Congress, Edinburgh, UK 1999.

67 2 June Research Summary (3) Enhanced Signaling Network Architecture Abramson, Xiao-yan Fang, and D. Ghosal. Analysis of an Enhanced Signaling Network for Scalable Mobility Management in Next Generation Wireless Networks. IEEE Globecom. Taiwan, ROC, November T. Sinclair and D. Ghosal, An Enhanced Signaling Network Architecture for Replicated HLR – Prototype Implementation and Performance Analysis, ICC 1999, Vancouver J

68 2 June Outline History Network Architecture SS7 Protocol Routing Media Stimulated Focused Overload Overview of Telephony Research Current Efforts

69 2 June Overview Security Security architecture for IP Telephony Sensors to detect DoS attacks Detection algorithm Recovery algorithms Preliminary results from simulation analysis Future work Resource Management in IP Telephony Routing

70 2 June Enterprise Network

71 2 June SIP IP Phone Location Service SIP Proxy SIP Proxy/LS DNS Server Media Transport A request is sent (SIP INVITE) to ESTABLISH a session DNS Query for the IP Address of the SIP Proxy of the Destination Domain The INVITE is forwarded The Location Service is queried to check that the destination IP address represents a valid registered device, and for its IP Address The request is forwarded to the End-Device Destination device returns its IP Address to the originating device and a media connection is opened Call Setup – Net-to-Net

72 2 June Call Setup – PSTN-to-Net

73 2 June Comparison of Solutions MethodAdvantageDisadvantage All AccessEvery application will work No perimeter security at all Traffic RedirectionNo issues with firewall or NAT Removes advantages of using IP telephony Application ProxyFirewall does not need to be modified Firewall cant provide protection for proxy Protocol TunnelingLimited additional filter rules required Large overhead and requires modifying IP telephony clients Secure Telephony Enabled Middleboxes (STEM) Provides high level of network security and allows dynamic apps Requires new firewall installed

74 2 June Vulnerability Analysis Property oriented approach Access control to use IP telephony service Integrity and authenticity of IP telephony signaling messages Resource availability and fairness in providing IP telephony service Confidentiality and accountability

75 2 June Access Control Deny unauthorized users access to IP telephony service Central authentication servers E.g.: RADIUS server Enable various network elements to query authentication server

76 2 June Integrity and Authenticity of Signaling Messages Call Based Denial of Service CANCEL messages, BYE message, Unavailable responses Call Redirection Re-registering with bogus terminal address, user moved to new address, redirect to additional proxy User Impersonation

77 2 June Payload Encryption Capture and decoding of voice stream Can be done in real-time very easily Capture of DTMF information Voice mail access code, credit card number, bank account Call profiling based on information in message headers

78 2 June Resource Fairness and Availability Flood based attacks Network bandwidth between enterprise and external network Server resources at control points SIP Proxy Server Voice ports in Media/Signaling Gateway Signaling link between Media/Signaling Gateway and PSTN End user

79 2 June Internet Originated Attack Enterprise network connection can be flooded using SYN flooding Resources in the SIP proxy server can be exhausted by a large flood of incoming call request End user can be targeted with a large number of SIP INVITE requests in a brief period of time

80 2 June PSTN Originated Attack Voice ports on the M/S gateway are completely allocated Signaling link between M/S gateway and PSTN STP becomes saturated with messages Large number of PSTN endpoints attempt to contact a single individual resulting in a high volume of INVITE messages

81 2 June Security Architecture

82 2 June Application Layer Attack Sensor (ALAS) Monitors the number of SIP INVITE requests and the SIP OK (call acceptance) responses URI level monitor Aggregate level monitor Detection Algorithm Response Algorithm Proxy or M/S gateway returns temporally busy messages

83 2 June Transport Layer Attack Sensor (TLAS) Monitors the number of TCP SYN and ACK packets Traffic is monitored at an aggregate level Upon detection of an attack, throttling is applied by perimeter devices (e.g. firewall) If attack persists, traceback technologies can be used to drop malicious traffic at an upstream point

84 2 June RTP Stream Attack Sensor (RSAS) To detect malicious RTP and RTCP streams Parameters of the RTP streams are known at connection setup time Police individual streams Statistical techniques to determine large flows Packets corresponding to the malicious streams are dropped at the firewall Need cooperation of upstream routers to mitigate link saturation

85 2 June Detection Algorithm for TLAS Monitoring the volume of connection attempts vs. volume of complete connection handshakes can be used to detect an attack Based on the sequential change point detection method proposed by Wang, Zhang and Shin (Infocom 2002) to detect TCP SYN attacks

86 2 June Algorithm All connection setup attempts and complete handshakes are counted during the observation period During each sampling period the difference is computed and normalized Under normal operation, the resulting value should be very close to 0 In the presence of an attack, the result is a large positive number Apply a cumulative sum method to detect short high volume attacks as well as longer low volume attacks

87 2 June Recovery Algorithm Linear Recovery This is the default behavior of the detection algorithm Exponential Recovery The cumulative sum decreases multiplicatively once the attack has ceased Reset after Timeout The cumulative sum decays linearly decays until a timer expires at which point it is reset to 0

88 2 June Preliminary Results Types of attack Limited DoS attack Single user targeted by one or more attackers Stealth DoS attack Multiple users targeted by one or more attackers each with a low volume of call requests Aggressive DoS attack Multiple users targeted with moderate call requests Ability to detect both aggregate level attacks as well as attack to individual URIs

89 2 June Preliminary Results

90 2 June Preliminary Results

91 2 June Preliminary Results

92 2 June Results

93 2 June Future Work Detailed analysis Tradeoff between detection time and false alarm rate Formal vulnerability analysis Additional vulnerabilities with ENUM Routing layer issues Vulnerabilities of multihomed networks

94 94 Resource Management in IP Telephony Networks Matthew Caesar, Dipak Ghosal, Randy H. Katz {mccaesar,

95 2 June Motivation What is IP Telephony? Packetized voice over IP PSTN access through Internet Telephony Gateway (ITG) Benefits: Improved network utilization Next generation services (POTS PANS) Growth: Revenues $1.7 billion in 2001, 6% of international traffic was over IP, growing [Frost 2002] [Telegeography 2002] Standardized, deployed protocols (TRIP, SIP, H.323) Requires scalable architecture to limit congestion.

96 2 June Goals High quality, economically efficient telephony over the Internet. Low blocking probability Provide preferential treatment, high QoS Questions: How to perform call admission control? How best to route calls through converged network?

97 2 June Approach Mechanisms ITG selection Congestion sensitive call admission control Techniques Awareness of ITG congestion Path quality between important points in network Distance Utilization * * ** * **

98 2 June Overview IP Telephony Networks Pricing-based Admission Control Redirection Techniques Experimental Design Results Future Work

99 2 June System Architecture ITG LS Example Call Setup Example Advertisement Gateway (ITG) IP Terminal Location Server (LS) Internet Admin. Domain (AD) Example Call Session ITG LS

100 2 June Scope of Study 1. All calls are net-to-phone 2. ADs cooperate to provide service. 3. Use IETFs TRIP architecture to support interoperability. 4. Disregard degradation in access network. 5. Prices determined at start of call. 6. ITGs offer equal PSTN reachability.

101 2 June Pricing PSTN distance pricing time of day pricing IP Telephony richer user interface allows for more dynamic pricing schemes Baseline: Flat-rate Admission Control (FAC)

102 2 June Congestion Sensitive Call Admission Control (CAC) Goal: prevent system overload and generate revenue Price of call function of number of voice ports in use rises when highly utilized More dynamic than PSTN

103 2 June Price-Congestion Function Used M/M/m/m (m- server loss system) responsive server loss system discouraged arrivals Found price-congestion function that maximized revenue with respect to m-1 m m-1 m

104 2 June Congestion Pricing Analysis Exponential function generates most revenue Stepwise linear function almost as good Maximum system price charged early Approximation to function minimizes price fluctuations

105 2 June Redirection Problem: finding the best ITG Approach: tradeoffs between quality and load Method: LS maintains Average measured path quality Number voice ports in use Algorithms: Random Redirection (RR) (baseline) QoS Sensitive Redirection (QR) Congestion Sensitive Redirection (CR) Hybrid Scheme (CQR)

106 2 June Redirection Schemes QoS Sensitive Redirection (QR) Different paths provide different service Technique: Use RTCP RRs to monitor path congestion Route over best paths Congestion Sensitive Redirection (CR) Unbalanced load causes call blocks Technique: Use TRIP advertisements to estimate ITG utilization Route to least utilized ITG

107 2 June Hybrid Redirection (CQR) Choosing nearby ITG improves call quality, but can unbalance load. Algorithm: Compute Rdm = *M i +(1- )*Q i M i is utilization, Q i is loss rate Select randomly from k ITGs with lowest Rdm Tradeoffs: Use to trade off call quality and load balance Use k to vary flash crowd protection Price Sensitive CQR (PCQR) Decrease for higher bids

108 2 June Overview IP Telephony Networks Pricing-based Admission Control Redirection Techniques Experimental Design Results Future Work

109 2 June Experimental Method Modified ns-2 Ran for 1.5 simulated hours Eliminated first half-hour User Model Bid uniformly distributed Voice traffic on-off Markov process Pareto cross-traffic Data points stable across several time scales

110 2 June Evaluation: Metrics Blocking Probability Average call QoS Used Mean Opinion Score (MOS) based on RTP loss rate Economic efficiency Ratio of service tier to QoS achieved Stability: Variance in ITG utilization Over time Over the set of ITGs

111 2 June Admission Control: Blocking Probability Flat pricing unnecessarily blocks many callers Congestion pricing changes system price dynamically with load

112 2 June Redirection: Blocking Probability Congestion sensitivity decreases blocking probability Small k few blocked calls Congestion Sensitive Redirection (CR) improves balance over Random Redirection (RR)

113 2 June Redirection: Load Balance More congestion sensitivity improves balance Load imbalance blocks calls

114 2 June Redirection: Background Traffic Effects QoS sensitivity minimizes effects of cross traffic Small amount of sensitivity vastly improves call quality

115 2 June Summary Admission Control Schemes: Congestion sensitive pricing decreases unnecessary call blocking, increases revenue, and improves economic efficiency Derived exponential price-congestion function that maximizes revenue Redirection Schemes: Hybrid scheme achieves best of both worlds Price sensitivity improves economic efficiency

116 2 June Future Work Realistic workload Improve user model Develop price-congestion function for real users Study flash-crowd effects ITG Placement Competitive Network

117 117 Routing in IP Telephony Networks Brian Liao, Matthew Caesar, Dipak Ghosal

118 2 June Problem: Finding suitable Gateway to balance resource, enhance QoS. Select best path to lower blocking probability, decrease delay.

119 2 June Finding The Appropriate Gateway Performing matrix = βM i +(1-β)Q i M i : voice port in use in gateway i Q i : Audio Quality in gateway I

120 2 June Finding Suitable Path (I) Blocking Probability & Delay are two keys selection criteria Multi-constraints shortest path problem is NP

121 2 June Finding Suitable Path (II) Finding K-shortest paths for primary constraint. From the K-shortest paths, select the best path with respect to secondary constraint. Feasible in Polynomial Time.

122 2 June Proposed solution Base on location, select the best gateway nearby. Using K shortest path to select path and fulfill multi-constraint.

123 2 June Reference Canhui (Sam) Ou, Keyao Zhu, Hui Zang, Laxman H. Sahasrabuddhe, and Biswanath Mukherjee, Traffic Grooming for Survivable WDM Networks -- Shared Protection David Eppstein, Finding the K shortest paths.

Download ppt "1 A Review of the Architecture and the Underlying Protocols in the Telephone Network Dipak Ghosal Department of Computer Science University of California."

Similar presentations

Ads by Google