High-Level intro IMS, VoLTE, VoWFi ================================== :author: Harald Welte :copyright: 2021 by Harald Welte (License: CC-BY-SA) :backend: slidy :max-width: 45em == Overview What this talk is about * IMS basics * How IMS is used in VoLTE * How IMS is used in VoWiFi == Evolution of telephone signaling * circuit-switched ** PSTN ** ISDN Call Control (Q.931 + ISUP) ** GSM L3 CC Call Control (derived from Q.931) ** BICC in core networks * packet-switched ** H.323 ** IETF SIP ** ITU SIP-I as ISUP replacement in telco networks ** 3GPP IMS (based on SIP) == IMS: IP Multimedia System * predates LTE * specified at 2G + 3G time * idea was to ** do voice over packet switched GPRS/UMTS services ** use one shared telephony system for both cellular and wired (DSL, Cable) access == IMS and VoLTE / VoWiFi * VoLTE is a marketing term for IMS over a LTE access network * VoWiFi is a marketing term for IMS accesss over untrusted networks ** *untrusted* basically means not operated by a commercial telecom operator == Basic IMS Core Network * primarily a set of SIP proxies / switches (P-CSCF, I-CSCF, S-CSCF) * subscriber configuratoin stored in HSS (like in LTE) * optionally augmented by media gateways ** for interworking with PSTN / ISDN circuit switched interfaces ** for interworking with 2G/3G circuit switched domain .IMS Core Network [graphviz] ---- digraph G { rankdir=LR; Sub_A [label="Subscriber\nA"]; Sub_B [label="Subscriber\nB"]; Sub_C [label="Subscriber\nC"]; Sub_D [label="Subscriber\nD"]; subgraph cluster_A { label = "IMS core"; PCSCF [label="P-CSCF",shape="square"]; ICSCF [label="I-CSCF",shape="square"]; SCSCF [label="S-CSCF",shape="square"]; } HSS [label="HSS",shape="square"]; Sub_A -> PCSCF [dir=none,label="SIP"]; Sub_B -> PCSCF [dir=none,label="SIP"]; Sub_C -> PCSCF [dir=none,label="SIP"]; Sub_D -> PCSCF [dir=none,label="SIP"]; PCSCF -> ICSCF [dir=none,label="SIP"]; ICSCF -> SCSCF [dir=none,label="SIP"]; ICSCF -> HSS [dir=none,label="DIAMETER"]; SCSCF -> HSS [dir=none,label="DIAMETER"]; } ---- == P-CSCF: Proxy Call Session Control Function * IP address to which IMS clients sent SIP traffic * also serves as IPsec endpoint in case of VoLTE * forwards SIP to I-CSCF == I-CSCF: Interrogating Call Session Control Function * resolve which S-CSCF shall be used to serve the subscriber ** involves interrogation of HSS via DIAMETER * forwards SIP to S-CSCF it has resolved == S-CSCF: Service Call Session Control Function * anchor to which the subscribers actually register * confirms subscriber authorization with HSS (via DIAMETER) * in charge of actual call control == SIP dialect used in IMS * don't assume it is just plain old SIP like you know it from VoIP * various 3GPP specific additions and extensions * for example, introduction of EAP-AKA for authentication via ISIM card == IMS in VoWiFi * Introduction of the `ePDG` network element * resembles a bit the P-GW/GGSN in 3GPP use case, but with the public internet as "RAN" * acts as IPsec tunnel endpoint from/to clients * IPsec IKE has been extended by 3GPP ** to use USIM/ISIM (UMTS AKA) based authentication ** to derive IPsec encryption keys from UMTS AKA [graphviz] ---- digraph G { rankdir=LR; Sub_A [label="Subscriber\nA"]; ePDG [label="ePDG",shape="square"]; subgraph cluster_A { label = "IMS core"; PCSCF [label="P-CSCF",shape="square"]; ICSCF [label="I-CSCF",shape="square"]; SCSCF [label="S-CSCF",shape="square"]; } HSS [label="HSS",shape="square"]; Sub_A -> ePDG [dir=none,label="SIP/TCP/IP/IPSEC"]; ePDG -> PCSCF [dir=none,label="SIP/TCP/IP"]; ePDG -> HSS [dir=none,label="DIAMETER"]; PCSCF -> ICSCF [dir=none,label="SIP"]; ICSCF -> SCSCF [dir=none,label="SIP"]; ICSCF -> HSS [dir=none,label="DIAMETER"]; SCSCF -> HSS [dir=none,label="DIAMETER"]; } ---- == IMS in VoWiFi * ePDG IP address discovery ** hardcoded in UE, or ** configurable in UE, or ** DNS based resolution via epdg.epc.mncXXX.mccYYY.pub.3gppnetwork.org Once ePDG is discovered, IKE Phase 1 is started to set up IPsec SA * typically NAT-T (UDP encapsulated ESP) is used * typically both encryption and integrity protection used == IMS in VoLTE * you would assume it's simply accessing the IMS core via E-UTRAN + EPC ** but...you underestimate the mind-boggling complexity that is required for 3GPP specs * EPC supports QoS, so we must make use of that ** dedicated bearers wit different QoS for *** default bearer (background IP, QCI=8/9) *** IMS signaling (high reliability, QCI=5) *** IMS user plane (low latency, QCI=1) * IMS registration establishes QCI=5 bearer * call setup establishes QCI=1 bearer == dedicated bearers in LTE * in 2G/3G, we know PDP contexts ** PDP context resembles IP tunnel between MS/UE and GGSN ** you can establish multiple concurrent PDP contexts to different GGSNs, each with its own IP * LTE extends this with the notion of EPS bearers and TFTs ** think of those like sub-flows within a PDP context ** you connect to one APN but have multiple concurrent EPS bearers to that APN ** each EPS bearer comes with a set of packet filter rules that determie to which bearer a given packet gets mapped. Those packet filter rules are called TFTs. == IMS in VoLTE [graphviz] ---- digraph G { rankdir=LR; Sub_A [label="Subscriber\nA"]; EUTRAN [shape="square"]; PGW [label="P-GW for IMS APN",shape="square"]; PCRF [label="PCRF",shape="square"]; subgraph cluster_A { label = "IMS core"; PCSCF [label="P-CSCF",shape="square"]; ICSCF [label="I-CSCF",shape="square"]; SCSCF [label="S-CSCF",shape="square"]; } HSS [label="HSS",shape="square"]; Sub_A -> PGW [dir=none,label="EPS bearers for QCI=1/QCI=5"]; PGW -> PCSCF [dir=none,label="SIP/TCP/IP (opt. IPsec)"]; PGW -> HSS [dir=none,label="DIAMETER"]; PCRF -> HSS [dir=none,label="DIAMETER"]; PGW -> PCRF [dir=none,label="DIAMETER"]; PCSCF-> PCRF [dir=none,label="DIAMETER"]; PCSCF -> ICSCF [dir=none,label="SIP"]; ICSCF -> SCSCF [dir=none,label="SIP"]; ICSCF -> HSS [dir=none,label="DIAMETER"]; SCSCF -> HSS [dir=none,label="DIAMETER"]; } ---- == IMS Open Source Software In case you want to play with this: * https://github.com/fasferraz/SWu-IKEv2 * FHoSS: Fraunhofer HSS with IMS related features (Java) * Kamailio: SIP softswitch that can serve as P/I/S-CSCF * doubango: IMS library / framework for client side * imsdroid: Android stand-alone IMS client application using doubango framework == EOF End of File