1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
|
High-Level intro IMS, VoLTE, VoWiFi
===================================
:author: Harald Welte <laforge@gnumonks.org>
:copyright: 2021 by Harald Welte (License: CC-BY-SA)
:backend: slidy
:max-width: 45em
== Overview
What this talk is about
* IMS basics
* How IMS is used in VoLTE
* How IMS is used in VoWiFi
== Evolution of telephone signaling
* circuit-switched
** PSTN
** ISDN Call Control (Q.931 + ISUP)
** GSM L3 CC Call Control (derived from Q.931)
** BICC in core networks
* packet-switched
** H.323
** IETF SIP
** ITU SIP-I as ISUP replacement in telco networks
** 3GPP IMS (based on SIP)
== IMS: IP Multimedia System
* predates LTE
* specified at 2G + 3G time
* idea was to
** do voice over packet switched GPRS/UMTS services
** use one shared telephony system for both cellular and wired (DSL, Cable) access
== IMS and VoLTE / VoWiFi
* VoLTE is a marketing term for IMS over a LTE access network
* VoWiFi is a marketing term for IMS access over untrusted networks
** *untrusted* basically means not operated by a commercial telecom operator
== Basic IMS Core Network
* primarily a set of SIP proxies / switches (P-CSCF, I-CSCF, S-CSCF)
* subscriber configuration stored in HSS (like in LTE)
* optionally augmented by media gateways
** for interworking with PSTN / ISDN circuit switched interfaces
** for interworking with 2G/3G circuit switched domain
.IMS Core Network
[graphviz]
----
digraph G {
rankdir=LR;
Sub_A [label="Subscriber\nA"];
Sub_B [label="Subscriber\nB"];
Sub_C [label="Subscriber\nC"];
Sub_D [label="Subscriber\nD"];
subgraph cluster_A {
label = "IMS core";
PCSCF [label="P-CSCF",shape="square"];
ICSCF [label="I-CSCF",shape="square"];
SCSCF [label="S-CSCF",shape="square"];
}
HSS [label="HSS",shape="square"];
Sub_A -> PCSCF [dir=none,label="SIP"];
Sub_B -> PCSCF [dir=none,label="SIP"];
Sub_C -> PCSCF [dir=none,label="SIP"];
Sub_D -> PCSCF [dir=none,label="SIP"];
PCSCF -> ICSCF [dir=none,label="SIP"];
ICSCF -> SCSCF [dir=none,label="SIP"];
ICSCF -> HSS [dir=none,label="DIAMETER"];
SCSCF -> HSS [dir=none,label="DIAMETER"];
}
----
== P-CSCF: Proxy Call Session Control Function
* IP address to which IMS clients sent SIP traffic
* also serves as IPsec endpoint in case of VoLTE
* forwards SIP to I-CSCF
== I-CSCF: Interrogating Call Session Control Function
* resolve which S-CSCF shall be used to serve the subscriber
** involves interrogation of HSS via DIAMETER
* forwards SIP to S-CSCF it has resolved
== S-CSCF: Service Call Session Control Function
* anchor to which the subscribers actually register
* confirms subscriber authorization with HSS (via DIAMETER)
* in charge of actual call control
== SIP dialect used in IMS
* don't assume it is just plain old SIP like you know it from VoIP
* various 3GPP specific additions and extensions
* for example, introduction of EAP-AKA for authentication via ISIM card
== IMS in VoWiFi
* Introduction of the `ePDG` network element
* resembles a bit the P-GW/GGSN in 3GPP use case, but with the public internet as "RAN"
* acts as IPsec tunnel endpoint from/to clients
* IPsec IKE has been extended by 3GPP
** to use USIM/ISIM (UMTS AKA) based authentication
** to derive IPsec encryption keys from UMTS AKA
[graphviz]
----
digraph G {
rankdir=LR;
Sub_A [label="Subscriber\nA"];
ePDG [label="ePDG",shape="square"];
subgraph cluster_A {
label = "IMS core";
PCSCF [label="P-CSCF",shape="square"];
ICSCF [label="I-CSCF",shape="square"];
SCSCF [label="S-CSCF",shape="square"];
}
HSS [label="HSS",shape="square"];
Sub_A -> ePDG [dir=none,label="SIP/TCP/IP/IPSEC"];
ePDG -> PCSCF [dir=none,label="SIP/TCP/IP"];
ePDG -> HSS [dir=none,label="DIAMETER"];
PCSCF -> ICSCF [dir=none,label="SIP"];
ICSCF -> SCSCF [dir=none,label="SIP"];
ICSCF -> HSS [dir=none,label="DIAMETER"];
SCSCF -> HSS [dir=none,label="DIAMETER"];
}
----
== IMS in VoWiFi
* ePDG IP address discovery
** hardcoded in UE, or
** configurable in UE, or
** DNS based resolution via epdg.epc.mncXXX.mccYYY.pub.3gppnetwork.org
Once ePDG is discovered, IKE Phase 1 is started to set up IPsec SA
* typically NAT-T (UDP encapsulated ESP) is used
* typically both encryption and integrity protection used
== IMS in VoLTE
* you would assume it's simply accessing the IMS core via E-UTRAN + EPC
** but...you underestimate the mind-boggling complexity that is required for 3GPP specs
* EPC supports QoS, so we must make use of that
** dedicated bearers wit different QoS for
*** default bearer (background IP, QCI=8/9)
*** IMS signaling (high reliability, QCI=5)
*** IMS user plane (low latency, QCI=1)
* IMS registration establishes QCI=5 bearer
* call setup establishes QCI=1 bearer
== dedicated bearers in LTE
* in 2G/3G, we know PDP contexts
** PDP context resembles IP tunnel between MS/UE and GGSN
** you can establish multiple concurrent PDP contexts to different GGSNs, each with its own IP
* LTE extends this with the notion of EPS bearers and TFTs
** think of those like sub-flows within a PDP context
** you connect to one APN but have multiple concurrent EPS bearers to that APN
** each EPS bearer comes with a set of packet filter rules that determine to which bearer a given packet gets mapped. Those packet filter rules are called TFTs.
== IMS in VoLTE
[graphviz]
----
digraph G {
rankdir=LR;
Sub_A [label="Subscriber\nA"];
EUTRAN [shape="square"];
PGW [label="P-GW for IMS APN",shape="square"];
PCRF [label="PCRF",shape="square"];
subgraph cluster_A {
label = "IMS core";
PCSCF [label="P-CSCF",shape="square"];
ICSCF [label="I-CSCF",shape="square"];
SCSCF [label="S-CSCF",shape="square"];
}
HSS [label="HSS",shape="square"];
Sub_A -> PGW [dir=none,label="EPS bearers for QCI=1/QCI=5"];
PGW -> PCSCF [dir=none,label="SIP/TCP/IP (opt. IPsec)"];
PGW -> HSS [dir=none,label="DIAMETER"];
PCRF -> HSS [dir=none,label="DIAMETER"];
PGW -> PCRF [dir=none,label="DIAMETER"];
PCSCF-> PCRF [dir=none,label="DIAMETER"];
PCSCF -> ICSCF [dir=none,label="SIP"];
ICSCF -> SCSCF [dir=none,label="SIP"];
ICSCF -> HSS [dir=none,label="DIAMETER"];
SCSCF -> HSS [dir=none,label="DIAMETER"];
}
----
== IMS Open Source Software
In case you want to play with this:
* https://github.com/fasferraz/SWu-IKEv2
* FHoSS: Fraunhofer HSS with IMS related features (Java)
* Kamailio: SIP softswitch that can serve as P/I/S-CSCF
* doubango: IMS library / framework for client side
* imsdroid: Android stand-alone IMS client application using doubango framework
== EOF
End of File
|
