Study Program Master Telecommunications and Internet Technologies

Course Application Prototyping

LECTURE NOTE 3
Version: Datum: 2.2 23.02.2009

IP MULTIMEDIA SUBSYSTEM (IMS)

Network Architecture

Dipl.-Ing. Franz Edler

Part 3: IMS Network Architecture

CONTENTS:
1. Overview ...................................................................................................................................... 4 1.1. Content of the course ............................................................................................................ 4 1.2. Structure of the course .......................................................................................................... 4 1.3. Preconditions and further readings and exercises ................................................................ 4 1.4. Questions and exercises ........................................................................................................ 5 1.5. Target audience ..................................................................................................................... 5 2. Architecture Overview ................................................................................................................. 6 2.1. The IMS architecture of ETSI TISPAN ............................................................................... 6 2.2. The IMS architecture of 3GPP ............................................................................................. 9 2.3. A simple network example ................................................................................................. 10 2.4. The network trust model ..................................................................................................... 12 2.5. IPv4 and IPv6...................................................................................................................... 13 3. Core Routing Nodes................................................................................................................... 14 3.1. The Proxy-CSCF ................................................................................................................ 14 3.2. The Interrogating-CSCF ..................................................................................................... 16 3.3. The Serving-CSCF.............................................................................................................. 16 3.4. Emergency-CSCF ............................................................................................................... 17 4. Subscriber Database ................................................................................................................... 18 4.1. Home Subscriber Server ..................................................................................................... 18 4.2. Subscriber Location Function ............................................................................................. 18 5. User Equipment ......................................................................................................................... 19 6. PSTN Gateway Elements .......................................................................................................... 20 6.1. Breakout Gateway Control Function .................................................................................. 20 6.2. Media Gateway Control Function ...................................................................................... 20 6.3. Signalling Gateway ............................................................................................................. 20 6.4. Trunking Media Gateway Function .................................................................................... 20 7. Border Control Elements ........................................................................................................... 22 7.1. Interconnection Border Control Function .......................................................................... 22 7.2. Interconnection Border Gateway Function ........................................................................ 23 7.3. Interworking Function ........................................................................................................ 23 8. Application Server ..................................................................................................................... 24 9. Media Resources ........................................................................................................................ 25 10. Charging Functions .................................................................................................................. 26 11. Access and Transport network................................................................................................. 27 11.1. Network Attachment Subsystem ...................................................................................... 27 11.2. Resource and Admission Control Subsystem................................................................... 27 12. Exercises and Questions .......................................................................................................... 28

Author: Dipl.-Ing. Franz Edler

page: 2 / 31

Part 3: IMS Network Architecture 13. References ................................................................................................................................ 30 13.1. Books on Session Initiation Protocol ............................................................................... 30 13.2. Books on IP Multimedia Subsystem ................................................................................ 30 13.3. ETSI TISPAN standards ................................................................................................... 30 13.4. 3GPP standards ................................................................................................................. 31

Author: Dipl.-Ing. Franz Edler

page: 3 / 31

Part 3: IMS Network Architecture

1. OVERVIEW
1.1. CONTENT OF THE COURSE
The course offers in depth knowledge on the IP Multimedia Subsystem (IMS). IMS means the architecture and concepts of the new Internet based communications networks, which will replace the traditional TDM1 based fixed and mobile networks in the coming years. The IP Multimedia Subsystem is based on SIP2 and therefore will provide not only voice services (telephony) but also multimedia communications. The IMS further on enables the integration of all available internet protocols and services even if not known today.

1.2. STRUCTURE OF THE COURSE

The course actually comprises the following parts: 1. IMS Overview and Standards 2. Basic Technologies: SIP recap and new protocols and extensions 3. IMS network architecture 4. IMS Identities, Authentication and Registration 5. Basic Session Control 6. User Profile and Provision of Services 7. Charging and Security Architecture 8. Access networks and PCC 9. Presence and Push-to-Talk 10. PSTN Simulation and Emulation 11. IP-TV

1.3. PRECONDITIONS AND FURTHER READINGS AND EXERCISES

The students should have as precondition for this course a solid background in basic internet technologies, in SIP and some of the SIP protocol extensions. Part 2 of this course (Basic Technologies) covers some of the mentioned technologies more as a short recap without offering all details. The student is encouraged to recap the knowledge from other courses, other literature or the Internet3. The author also encourages the students to look up in the mentioned standards, because this is the only firm basis in case of some issues and discussions in your future professional career. There are also some books available, which give deep insight into IMS. Two of them (the yellow and the red book) are preferred by the author. But of course there are more books available meanwhile and further books will come up in the future (see chapter 13). For the best result of the course practical exercises should be done in parallel. The Open IMS Core project of Fraunhofer Fokus4 (an Open Source project) offers an ideal basis to challenge
1 2

TDM = Time Division Multiplex SIP = Session Initiation Protocol, RFC 3261 3 I strongly recommend the Tech-Invite portal http://www.tech-invite.com/ 4 Open IMS Core project of Fraunhofer Fokus http://www.openimscore.org/

Author: Dipl.-Ing. Franz Edler

page: 4 / 31

Part 3: IMS Network Architecture the theoretical knowledge. Due to the limited amount of time for the course the author can only give some hints and examples how to handle the Open IMS Core software on Linux. To overcome the barriers of installation a VMware image of Open IMS Core is also available for download including some How-To instructions. There is also an implementation of OpenIMSCore on a public server of the University available, which gives a more realistic environment for e.g. development of master theses of students.

1.4. QUESTIONS AND EXERCISES

At the end of each part the student can find some questions which should help to get feedback on the core points of the course. The student should be able to answer the questions and exercises at the end of the course.

1.5. TARGET AUDIENCE

The target audience of this course are students on bachelor degree in the upper classes on telecommunications systems and students for the master degree of Telecommunications und Internet-technology.

Author: Dipl.-Ing. Franz Edler

page: 5 / 31

Part 3: IMS Network Architecture

2. ARCHITECTURE OVERVIEW
The next two chapters briefly introduce the network architecture as seen by fixed networks operators (ETSI TISPAN) and mobile operators (3GPP). The other two networks where IMS is used (3GPP2 and CableLabs) are not further mentioned.

2.1. THE IMS ARCHITECTURE OF ETSI TISPAN

Figure 1 shows the architecture overview of the Next Generation Network (NGN) as it is defined by ETSI TISPAN Release 1. The architecture of NGN has a very wide perspective. The IMS (Core IMS) is only a part of the NGN. The Next Generation Network is a telecommunications network which is based on Internet technology. According to Figure 1 the Next Generation Network comprises horizontally a transport layer and a service layer. The Core IMS - and this is remarkable - is only one part of the service layer. But that is a realistic view. When a service provider has an Internet based transport network in place he will use it for different services which might be part of an IMS or not. A high speed internet access service for example, which is the most usual internet service today, is not part of IMS, because it is not a high value service in the view of the service provider. But of course it cant be offered via the same transport network. Therefore the notion of NGN means more than IMS. On the same level as the Core IMS there are other subsystems parts of the NGN: e.g the PSTN/ISDN Emulation subsystem and an IP-TV subsystem. In Figure 1 both are covered as by Other subsystems. All these different subsystems use one common transport layer.

Applicat ions Ot her subsyst ems Core IMS PSTN/ISDN Emulat ion subsyst em

Service Layer

User profiles

Figure 1: NGN architecture (ETSI TISPAN ES 282 007 [1])

Author: Dipl.-Ing. Franz Edler

Customer Premises Equipment

Ot her net works

Network Attachment Subsystem

Resource and Admission Control Subsystem

Transport Layer

Transfer Functions

page: 6 / 31

Part 3: IMS Network Architecture Figure 2 shows more details of the IMS architecture of TISPAN Release 1. The Core IMS consists of three types of CSCF (Call Session Control Function) - P-CSCF: Proxy CSCF - I-CSCF: Interrogating CSCF - S-CSCF: Service CSCF and the BGCF (Breakout Gateway Control Function), the MGCF (Media Gateway Control Function) and the MRFC (Media Resource Function Controller). The network nodes within the Core IMS only use SIP to communicate with each other. The three CSCF (P-, I- and S-CSCF) are responsible for basic routing of IMS messages. The IMS uses SIP as signalling protocol including generic protocol extensions and a bundle of IMS specific protocol extensions. All CSCFs are SIP-proxy servers with specific additional tasks and also UA capabilities. The main difference to basic SIP is that the P- and S-CSCF are dialog stateful servers. That means P- and S-CSCF always know which dialogs and session are actually active. But first of all the x-CSCF are responsible for proper routing of requests and correct dialog- and session handling.
Rf/Ro Ut Sh Dh

AS UPSF
ISC/Ma Cx Mw Dx

Charging Funct ions

SLF
Rf/Ro Ib Mx Iw

IWF

Network Attachment Subsystem Core IMS

e2

I/S-CSCF
Mi Mr Mw Mj

IBCF

Ic

BGCF

Mk

Mx

Other IP Networks

Gq' Ie

P-CSCF
Gq'

Mx

Mg

MRFC

MGCF

SGF

PSTN/ISDN

Gm

Mp

Mn

Resource and Admission Control Subsystem

MRFP

T-MGF I-BGF

UE

IP Transfer (Access and Core)

Figure 2: NGN - IMS architecture overview (ETSI TISPAN ES 282 007 [1]) The BGCF (Breakout Gateway Control Function) is used for routing of sessions towards the PSTN/ISDN in case the destination user is not part of the IMS but a subscriber of the PSTN/ISDN. The BGCF knows where to best deliver a call to the PSTN. Calls to the PSTN are always forwarded to an MGCF (Media Gateway Control Function). The BGCF may use an MGCF within the own network or forward a SIP request to another BGCF (in another IMS domain) depending on the routing tables within BGCF. The BGCF routing rules are based on business contracts between operators and the decision where to most economically breakout to PSTN.

Author: Dipl.-Ing. Franz Edler

page: 7 / 31

Part 3: IMS Network Architecture After the BGCF is selected it always forwards a request to a media gateway which is functionally split into three components: MGCF, SGF and T-MGF. The MGCF (Media Gateway Control Function) controls the Trunking Media Gateway Function (T-MGF) via H.248 protocol and translates the SIP messages into ISUP signalling messages (SIP/ISUP interworking). The SGF (signalling Gateway Function) translates ISUP messages which are encapsulated in IP into the SS7 transport protocols. The T-MGF (Trunking Media Gateway Function) processes the media data; it translates between RTP packets and TDM timeslots. The MRF (Media Resource Function) covers some tasks which require processing of mediastreams. Typical examples are provisioning of announcements or a conferencing service. The MRF is splitted into two parts a controller MRFC (Media Resource Function Controller) and a processor MRFP (Media Resource Function Processor). The MRFC controls the MRFP via H.248 protocol. The Core IMS components are completed by a UPSF (User Profile Server Function) which is the central repository of all subscriber related data (identity data, authentication data and user profile). In large networks with a huge subscriber database the UPSF may be split on different servers. In this case the SLF (Subscriber Location Function) helps to route requests to the correct UPSF. The UPSF and SLF only talk diameter protocol. The Charging Functions comprise two different functions: the off-line and the on-line charging system. The charging functions also communicate with diameter protocol. Value added services (the most interesting part of IMS from the business perspective) are offered by Application Servers (AS) on top of the architecture diagram. There are three different types of application servers defined (explained later). In case a service has to be offered an appropriate application server is included by the S-CSCF via normal SIP routing. The lower part of the diagram shows the IP-transfer functions. This is an abstract view of the IP based transport network, which is separated in an access part and a core part. The important aspect of the IP access network is that the IMS architecture is agnostic regarding the technology of the access network. In the beginning (3GPP release 5) the access network of IMS was focussed on cellular mobile access (GERAN5 and UTRAN6) but with release 6 and 7 WLAN7and xDSL8-technologies were added. To avoid mentioning specific access network technologies in the standards the notion of IP-CAN (IP Connectivity Access Network) is used wherever feasible. The complex situation of the fixed network access (e.g. other subsystems besides IMS use the same access lines and also different operators may be involved) caused the definition of two additional functions: NASS and RACS. The Network Attachment Subsystem (NASS) covers all mechanisms necessary to attach a user equipment (UE) to the network like providing an IP-address (DHCP server), location information and user profile. The Resource and Admission Control Subsystem (RACS) is responsible for controlling resources to ensure the Quality of Service if requested and e.g. rejecting an additional service request if sufficient resources are not available. In the left lower corner of the figure the User Equipment (UE) is attached to the network. The IMS capable user equipment is in principle a SIP User Agent with additional IMS specific functions.
5 6

GSM Edge Radio Access Network UMTS Terrestrial Radio Access Network 7 Wireless LAN 8 Digital Subscriber Line technologies of fixed networks

Author: Dipl.-Ing. Franz Edler

page: 8 / 31

Part 3: IMS Network Architecture On the right side of the architecture diagram the interconnection with other IP networks (IMS based or not) is shown. The Interconnection Breakout Control Function (IBCF), an Interconnection-Border Gateway Function (I-BGF) and eventually an Interworking Function (IWF) is used for interconnecting to IP based networks of other operators. The lines between some of the functional elements of the architecture are communication links. These links can be referenced as so called reference points which are denoted with specific letters (e.g. Mw, Ut, etc). Each of the reference points is covered by a specific protocol if the functions are implemented in different nodes.

2.2. THE IMS ARCHITECTURE OF 3GPP

Figure 3 shows the architecture of the IP Multimedia Subsystem as defined by 3GPP release 8. This is the same IMS architecture but presented in a slightly different way. There are some minor differences most notable the different naming of the user profile database (UPSF) which is called Home Subscriber Server (HSS) in mobile networks.

IP Multimedia Networks
CS Network
Mb Mb CS CS

Legacy mobile signalling Networks

Mm Ma

LCS Client
Le

BGCF
Mk Mg Mk

I-CSCF Cx Mw
C, D, Gc, Gr

AS
Sh

LRF
Mm

Mj

BGCF

HSS
Cx Dx

Mi

Ml

IMSMGW

MGCF Mn Mg Mr P-CSCF

S-CSCF

SLF
ISC

Dx

Dh

E-CSCF

Mb MRFP Mp Mb Mb Mb Rx MRFC

Mw Mw
Mx Mx Mx

Mi

IBCF Gm Ici Ix

BGCF

TrGW

UE

Izi Ut

Figure 3: Configuration of IM Subsystem entities (3GPP TS 23.002 [2])

Author: Dipl.-Ing. Franz Edler

page: 9 / 31

Part 3: IMS Network Architecture The above architecture diagram does not show the relevant components of the radio access network (SGSN9 and GGSN10), which are roughly speaking equivalent to NASS and RACS. KB: Ich wrde eher sagen SGSN+GGSN sind quivalent zu NASS, PDF/PEP (bis Rel.6, danach PCRF/PCEF) quivalent zu RACS. The architecture diagram Figure 3 is most recent regarding the evolution of IMS (Release 8) and therefore an additional CSCF element is already shown: the E-CSCF (Emergency-CSCF) for special handling of emergency sessions. The specific notion of CS-domain and PS-domain in mobile networks should be mentioned: CS-domain means the Circuit Switched network as it is used today (GSM) and up to the 3rd generation networks (UMTS). The PS-domain designates the Packet Switched network (usually IP based). This is the network where IMS comes into play.

The 3rd generation mobile networks (UMTS) will have a CS-network and a PS-network at least during some time in parallel. The next following architecture beyond the 3rd generation which is already under development today is also called LTE11 regarding the radio access and SAE12 regarding the core network architecture. This network will only be packet based.

2.3. A SIMPLE NETWORK EXAMPLE

Figure 4 gives a more simple view of IMS and also shows a roaming situation. It is not overloaded with too many details of the previous diagrams of the standards and should be sufficient for a Hello World level introduction into IMS. The main components of IMS involved in session handling are the three types of CSCF (P-, Iand S-), the user profile database (HSS13), the Application Server (AS) and of course the IMS terminals (UE). The basic registration and session setup works as follows: The UE is always attached to a P-CSCF which it gets assigned to during network attachment. Usually the P-CSCF is offered by the home network provider, but if the user is actually within the network area of another provider (he roams in a visited network) he uses the P-CSCF in this visited network. The P-CSCF remains assigned to the UE as long as it is attached to the network. When an IMS terminal initially registers to the IMS the P-CSCF forwards the REGISTER request (via an I-CSCF, not shown here) to an S-CSCF of the home network of the user. More specific, the S-CSCF is assigned to an UE during the registration with the help of an I-CSCF. The S-CSCF takes the role of a SIP registrar server and the HSS acts as location database. After successful registration the IMS network is ready to serve the user. After the registration an S-CSCF remains assigned to a UE as long as the UE is registered. Every SIP request sent from the UE to the network is always sent directly to the assigned S-CSCF in the home network. This is an important principle: Even if a user is roaming a SIP requests is first of all always sent the an S-CSCF of the home network. Therefore the signalling for session setup
9

SGSN =Serving GPRS Support Node GGSN = Gateway GPRS Support Node 11 LTE = UTRAN Long Term Evolution (http://www.3gpp.org/Highlights/LTE/LTE.htm) 12 SAE = 3GPP System Architecture Evolution (http://www.3gpp.org/Highlights/LTE/LTE.htm) 13 From now on only the 3GPP notion of HSS is used (equivalent to UPSF of TISPAN)
10

Author: Dipl.-Ing. Franz Edler

page: 10 / 31

Part 3: IMS Network Architecture always takes the short route via P-CSCF to the S-CSCF in the home network. The UE uses the addresses of the assigned P-CSCF and S-CSCF in a preloaded route header. The direct routing of all requests in the first step to the S-CSCF of the home network is a remarkable difference to GSM, where the call is handled by the visited network in case of roaming. The user therefore always has the same service environment (home environment) even when roaming, but a disadvantage is the problem of routing of emergency calls, which requires a special treatment. The I-CSCF is also the contact point for requests coming from other networks14. The I-CSCFs or eventually an IBCF are the only SIP server whose addresses are public and can be found in DNS. The addresses of all other network nodes need not to be known to other networks.

Home Network A

Home Network B

HSS

AS

HSS

AS

S-CSCF

I-CSCF

S-CSCF

P-CSCF

P-CSCF

Visited Network A Media UE A

Visited Network B

SIP based signalling Diameter queries UE B

Figure 4: The principle of network roaming The roaming model can also be applied in fixed networks but in a different meaning. There are business models where a wholesale operator will offer core IMS services to other retail operators. In this case the network of the wholesale operator corresponds to a home network and the network of the retail operator corresponds to a visited network.

14

This is only valid in case no Border Control Function applies. Otherwise an IBCF is additionally used as first entry element from other networks.

Author: Dipl.-Ing. Franz Edler

page: 11 / 31

Part 3: IMS Network Architecture The HSS is involved during the initial registration because the authentication data are stored there and also for downloading of the user profile into the S-CSCF. The application servers (the above diagram shows two AS) are involved if the users are subscribed to special services. If only simple session setup is required the AS are not involved. All signalling between the UE, x-CSCF and AS is based on the SIP protocol, but the HSS uses the diameter protocol. Only I-CSCF and S-CSCF of the home network are able to access the HSS (in some cases also the AS), but never a P-CSCF. The reason for that is because a P-CSCF may be located in a different (visited) network and therefore no access to user data is allowed to another service provider. When a request is sent to a user in a different domain (when UE A sends an INVITE request for UE B into the network) the I-CSCF of the destination domain is found in DNS and the request is always sent to an I-CSCF. The I-CSCF of the target domain asks the HSS which S-CSCF is assigned to the user and forwards the request to that S-CSCF. Again an application server may be involved in the destination network depending on the user profile of UE B. Finally the request is forwarded to the UE B via the P-CSCF assigned to UE B. The UE B may also roam in a visited network.

2.4. THE NETWORK TRUST MODEL

When carrier networks are interconnected some sensitive data are exchanged between operators during communication activities e.g. charging data and identity information of the communication partners. These data are exchanged between operators which are trusted partners, but these data never traverse the network boundary toward the subscriber which is usually regarded as being untrusted. The trust domain of IMS comprises the following elements: P-/I-/S-CSCF BGCF MGCF MRFC AS if not under 3rd party control In IMS the trusted network area is clearly separated from the untrusted area, where the users are located. The P-CSCF is typically the network node which has to care about adding or eliminating some of sensitive data. The main component of trust is the identity of communication partners. There is always a regulatory obligation for operators to be able to identify the communication partners. This might also be one reason why there is not spam problem in carrier networks, because a spammer can easily be identified. The correct identification of communication partners in carrier networks requires an additional header field in SIP requests an responses: P-Asserted-Identity. In case of privacy the P-Asserted-Identity header field must not traverse the trusted/untrusted boundary of the network. But there are other header fields too, which the P-CSCF keeps back in the trusted area. Details will follow later. Besides the P-Asserted-Identity header field there are other header fields which are subject to a trusted relationship and which therefore are not forwarded into an untrusted network. These are: P-Access-Network-Info History-Info P-Asserted-Service

Author: Dipl.-Ing. Franz Edler

page: 12 / 31

Part 3: IMS Network Architecture Resource-Priority

2.5. IPV4 AND IPV6

During the first years of standardisation of IMS the expectation was that the first rollouts of IMS networks will already use an IPv6 infrastructure. But this unfortunately did not happen. Due to wide spread NAT mechanism and some protocol extensions to SIP it was feasible to still stay with IPv4 any time longer. 3GPP therefore decided to allow IPv4 for early IMS deployments and added a specification 3GPP TR 23.981 [3] that deals with the support of IPv4 in IMS. Based on this standard dual stack (IPv4 and IPv6) implementations are now allowed and two additional network nodes have been defined: IMS-ALG: Application Layer Gateway for signalling interworking between IPv4 and IPv6 TrGW: Transition Gateway for media (RTP/RTCP) interworking between IPv4 and IPv6

The consequence of this fallback to IPv4 is an additional delay in deploying IPv6 because many people believed that IMS will be the main driver for IPv6 deployment. But of course IPv6 will come some day

Author: Dipl.-Ing. Franz Edler

page: 13 / 31

Part 3: IMS Network Architecture

3. CORE ROUTING NODES

The next chapters present the detailed roles of the three core routing nodes, the P-, I- and SCSCF. In addition the role of the recently added E-CSCF is also explained.

3.1. THE PROXY-CSCF

The Proxy-CSCF (P-CSCF) is a dialog stateful SIP proxy that is the first and only point of contact for the IMS terminal regarding the SIP signalling15. It can be located either in the visited network, in case a visited network operator has already installed an IMS and is willing to offer IMS roaming, or in the home network, when user is not roaming or when the visited network does not offer IMS architecture. When an IMS-terminal is attached to an access network (e.g. a mobile handset is switched on) it must first of all discover the address of a P-CSCF as an entry point into the IMS, otherwise it cannot communicate with the IMS. Two mechanisms are defined for P-CSCF discovery: a) Implicit assignment of a P-CSCF as part of the establishment of IP connectivity b) Explicit assignment after establishment of IP connectivity via DHCP and DNS. Figure 5 shows the explicit assignment mechanism. The DHCP query requests an IP-Address, the address of DNS-servers and also the DNS-name of the SIP-server (P-CSCF). For reliability reasons more than one P-CSCF may be offered as an entry point including priorities.
DHCPServer DNSServer

UE

IP-CAN

1. IP-CAN Bearer-Establishment

2. DHCP Query / Response

2. DHCP Relay

3. DNS Query / Response

Figure 5: P-CSCF discovery using DHCP and DNS The request and provision of IP-addresses and/or DNS names of SIP servers in DHCP query and response is covered by dedicated RFCs16.
15 16

Additional remark: the media data of sessions do not traverse the P-CSCF. RFC 3319: DHCPv6 options for SIP servers RFC 3361: DHCPv4 options for SIP servers

Author: Dipl.-Ing. Franz Edler

page: 14 / 31

Part 3: IMS Network Architecture The following statements comprise a summary view of the main tasks and characteristics of the P-CSCF. The detailed description of the tasks follows in further parts of the course. This chapter gives an overview of the role of a P-CSCF and can be used as a recap-exercise at the end of the course. The P-CSCF remains assigned to the IMS-terminal (UE) until the terminal detaches. The PCSF acts as a strict outbound and inbound proxy. Each request and response of the UE must be sent to the P-CSCF. For security reasons the UE should only accept requests and responses received from the assigned P-CSCF. The P-CSCF acts as a security gateway for all signalling massages towards the UE. During the IMS registration a secure channel (IPsec association) between UE and P-CSCF is setup and remains active as long as the UE is registered. This prevents spoofing and replay attacks and protects the privacy of the user. The P-CSCF is acting as a border gate for the UE. If in any case a user is no more allowed to access the network the P-CSCF eventually breaks an active session and rejects new registrations. The P-CSCF is positioned at the border between the trusted and untrusted network domain. The P-CSCF checks and asserts the identity of the calling or called party and adds a P-Asserted-Identity header field to requests and responses. Thus the P-CSCF vouches for the identity of the UE. Other nodes trust the P-CSCF and do not have to authenticate the user again. The P-CSCF works in this case as an inverse registrar because a registrar usually maps the physical (contact) address to an AoR. The P-CSCF in contrast takes the physical address and does an inverse lookup for valid public identities associated with the physical address. The P-CSCF adds a P-Visited-Network-ID header field in a REGISTER request of the UE. This header field enables the home-network to detect a roaming situation and to check if roaming with a specific network is allowed for the user. During registration of a UE the P-CSCF stores the following information: - the associated public identities for the UE (P-Associated-ID header field) - the Service-Route (Service-Route header-field) During dialog initiation the P-CSCF stores the following information: - the Record-Route header field - the dialog-ID The P-CSCF checks and enforces signalling policies for SIP Requests: - the service-route for initial and standalone requests - the dialog route for subsequent requests The P-CSCF checks and enforces signalling policies for SIP Reponses: - the Via header fields The P-CSCF can compress and decompress SIP messages using SigComp, which reduces the round-trip over slow radio links. The P-CSCF controls the transport network in respect of quality of service, policy (open/close gate) and NAT (in IPv4 networks). The P-CSCF generates charging records. page: 15 / 31

Author: Dipl.-Ing. Franz Edler

Part 3: IMS Network Architecture The P-CSCF does not have access to the user profile database (HSS) because it may reside in a visited network. To get the necessary data for executing the above mentioned tasks the PCSCF sniffs signalling messages and extracts the relevant data during registration In addition the P-CSCF remains synchronised regarding the registration data by subscribing to the reg event for all users (public identities) it cares for. The P-CSCF detects and handles emergency session (forwards emergency sessions to an E-CSCF). More than one P-CSCF may be installed in operator domain e.g. for load sharing purpose. The P-CSCF may be located in the visited domain or in the home domain of a user.

3.2. THE INTERROGATING-CSCF

The following statements comprise a summary of the main tasks and characteristics of the ICSCF. The detailed description of the tasks follows in further parts of the course. This chapter gives an overview on the role of an I-CSCF and can be used as a recap-exercise at the end of the course. The I-CSCF is the entry point into the home domain. The addresses of the I-CSCF are published in the DNS according to RFC 3263 so that SIP requests from another domain easily can find an I-CSCF17. The I-CSCF need not be dialog stateful (in contrast to P- and S-CSCF). The I-CSCF has access to the user profile database (HSS). It sends diameter queries to the HSS in two situations: a) during registration: to find an already assigned S-CSCF or to get necessary parameters data for this assignment. b) during routing of a dialog initiating or standalone request in the terminating network: to find which S-CSCF is responsible for the target user. The I-CSCF selects an S-CSCF for a user during registration based on the list of capabilities required for the user which it gets from HSS and on a list of S-CSCF it knows including their capability attributes which is provisioned by the operator. More than one I-CSCF may be installed in operator domain e.g. for load sharing purpose. The I-CSCF is always located in the home domain of a user.

3.3. THE SERVING-CSCF

The following statements comprise a summary of the main tasks and characteristics of the SCSCF. The detailed description of the tasks follows in further parts of the course. This chapter gives an overview on the role of an S-CSCF and can be used as a recap-exercise at the end of the course. The S-CSCF is responsible for registering users on an IMS. In this case it has the role of a SIP registrar server.

17

The I-CSCF is an entry point into an IMS domain only if no additional border control requirements apply, other wise the IBCF is the entry point.

Author: Dipl.-Ing. Franz Edler

page: 16 / 31

Part 3: IMS Network Architecture For authentication during the registration process the S-CSCF downloads one or more authentication vectors for a user from HSS. The S-CSCF acts as notifier for registration event. Sends NOTIFY requests to assigned P-CSCF, to UE and eventually to AS when those elements subscribe to the reg-event. If a user is roaming the S-CSCF checks during registration if the user is allowed to roam in the specific visited network. After successful registration (verification of the credentials of the user) the S-CSCF a) informs the HSS that it is now responsible for the user, and b) downloads the user profile including the iFCs (initial filter criteria) for the user. After downloading the user profile the S-CSCF activates the trigger points according to the iFCs The S-CSCF forwards initial requests to one or more application server if a trigger point matches. The S-CSCF is always18 involved when requests (and responses) are routed through an IMS network. Usually there are two S-CSCF involved: one for the originating user and one for the terminating user. The S-CSCF enforces an operator policy if required (e.g. it checks the contents of SDP and eventually denies the request). The S-CSCF is responsible for correct routing of sessions requests to the destination. More than one S-CSCF may be installed in operator domain e.g. for load sharing purpose or to support different capabilities.

3.4. EMERGENCY-CSCF
The Emergency-CSCF is an additional CSCF which is always bound to the P-CSCF and thus to the network where the user is actually roaming. In case of a roaming user the home network does not have the knowledge how to rout an emergency call to the correct PSAP (Public Safety Answering Point). Therefore with Release 7 this special Emergency-CSCF has been specified19. In Release 5 and 6 emergency session have been always redirected to the circuit switched part of the mobile networks with the redirect response 380 Use alternative service. The handling of emergency sessions uses an additional Emergency User Identifier in case a valid user registration does not exist. More details on emergency sessions are out of scope of the actual course.

18 19

The may be an exception to this rule: when a trusted AS is involved which ensures proper charging. See 3GPP TS 23.167

Author: Dipl.-Ing. Franz Edler

page: 17 / 31

Part 3: IMS Network Architecture

4. SUBSCRIBER DATABASE
4.1. HOME SUBSCRIBER SERVER
The Home Subscriber Server (HSS) is the central data repository of all subscriber and service data. In TISPAN networks this function is called UPSF (User Profile Server Function). The following data are stored in the HSS/UPSF: Provisioned: Authentication and security data User identities: Private and Public Identity, eventual additional Public Identities Service data (initial filter criteria) Charging information Roaming profile Additional data added during operation: Address of the allocated S-CSCF Location data In mobile networks the HSS typically provides the traditional Home Location Register (HLR) and Authentication Centre (AUC) functions. The HSS is connected to the I-CSCF and the S-CSCF of the own network only (Cx interface). In addition it offers also an Interface to application servers (Sh interface) if the AS is a trusted one. The amount of data offered on Sh interface is under control of the operator. The HSS only uses the diameter protocol for communication.

4.2. SUBSCRIBER LOCATION FUNCTION

In case of big networks with many subscribers it might be necessary to split the data repository onto more than one HSS. The SLF is used to retrieve the address of the HSS/UPSF which holds the subscription for a given user. The SLF also uses the diameter protocol for communication. From the protocol point of view the SLF acts as a diameter redirect server. The diameter clients (I-, S-CSCF and AS) send their requests instead to an HSS to the SLF and the SLF responds with a diameter redirect answer which contains the address of the HSS which cares for the user.

Author: Dipl.-Ing. Franz Edler

page: 18 / 31

Part 3: IMS Network Architecture

5. USER EQUIPMENT
The User Equipment (UE) is based on a SIP User Agent and implemented as a fixed or mobile device. Besides the SIP basic protocol the UE usually supports generic SIP protocol extensions like: - Reliability of Provisional Responses in SIP (PRACK Method) - UPDATE Method - Integration of Resource Management (SDP Preconditions) - Path header field - Service Route header field - Security agreement - etc In addition to the generic20 protocol extensions it also supports also IMS specific protocol extensions like - P-Asserted-Identity header field - P-Associated-URI header field - P-Called-Party-ID header field - P-Preferred-Identity header field - P-Access-Network-Info header field - P-Media-Authorization - Enhancements to authorization: AKAv1-MD5 algorithm - etc To allow also pure (not IMS specific) SIP User Agents to connect to the IMS the P-CSCF is eventually able to simulate (and add) the missing IMS specific extensions. For mobile networks IMS defines a stringent authentication algorithm which is used at registration. This algorithm is based on an ISIM application implemented on a tamper-proof integrated circuit card comparable to the well known SIM-card. During a migration phase also the SIM application might be used. The Ut interface in Figure 2 is an important additional interface. It enables the UE to directly connect to an application server. This interface is used for provisioning and controlling additional services by the user, e.g. activating/de-activating of a call diversion feature. The Ut interface is base on the XCAP21 protocol.

20

Generic SIP extensions means: extensions which are applicable also to standard SIP based user agents in contrast to IMS specific extension. 21 XCAP = XML Configuration Access Protocol

Author: Dipl.-Ing. Franz Edler

page: 19 / 31

Part 3: IMS Network Architecture

6. PSTN GATEWAY ELEMENTS

6.1. BREAKOUT GATEWAY CONTROL FUNCTION
The Breakout Gateway Control Function (BGCF) is used to route sessions to the PSTN if the destination user is not part of the IMS. The BGCF uses routing data provisioned by the operator to decide upon the best breakout location. There are two possibilities for the breakout: a) The breakout is done in the own network. In this case the BGCF forwards the session setup request to the MGCF in the same network b) The breakout should better be done a different network. In this case the BGCF forwards the session to a BGCF of another domain. Some background information on addressing methods used in IMS (details follow later): The main addressing method in IMS is based on SIP-URIs. But as long as there are traditional networks (PSTN) where E.164 addressing is used as the only method each IMS user has an additional E.164 number allocated. This E.164 number is used to be reachable from PSTN and it is used on outgoing calls to the PSTN to provide a valid CLI (Calling Line Identity).

6.2. MEDIA GATEWAY CONTROL FUNCTION

The three elements - MGCF Media Gateway Control Function - SGW Signalling Gateway - T-MGF Trunking Media Gateway Function comprise a media gateway according to a decomposition model. This decomposition model enables more scalability and flexibility on gateways instead of a monolithic gateway. Figure 6 shows the architecture and decomposition model of a PSTN Gateway. The Media Gateway Controller Function (MGCF) controls the Media Gateway Function (MGF22) through a standardized interface23. The control capabilities include allocation and deallocation of resources of the media gateway, as well as modification of the usage of these resources. The MGCF also performs protocol conversion between ISUP or BICC and SIP. ISUP and BICC are the SS7-based signalling protocols used in PSTN or PLMN.

6.3. SIGNALLING GATEWAY

In case the ISUP protocol port of the MGCF does not provide a TDM links there is a possibility to use IP transport. ISUP messages can be transported via SCTP24 through an IP network. A Signalling Gateway cares for interworking between IP- and TDM oriented transport used by the TDM switches (MTP).

6.4. TRUNKING MEDIA GATEWAY FUNCTION

The T-MGF is the media oriented part of the gateway. It uses DSP25-technology to transcode media data from RTP-payload to (usually) G.711 media format on the TDM side. Scalability and
22

In this case it is called T-MGF (Trunking Media Gateway Function) to distinguish the MGF from Access Media Gateways. 23 ITU-T H.248 24 SCTP = Stream Control Transmission Protocol (RFC 2960) 25 DSP = Digital Signal Processor

Author: Dipl.-Ing. Franz Edler

page: 20 / 31

Part 3: IMS Network Architecture topological flexibility are the main requirements of a MGF. In a typical network several T-MGF may be distributed to allow for most economic points of interworking. All T-MGF maybe controlled by a single MGCF.

SGW

IMS
SIP

ISU

Po

rB

ISUP or BICC over IP

ICC

o ve

rT DM

or

AT M

BGCF

SIP

MGCF
M TD er or M AT

PSTNSwitch

PSTN

H.248

d Me
RTP

ia

ov

T-MGF

ISUP: ISDN User Part BICC: Bearer Independent Call Control

Figure 6: PSTN Gateway architecture and decomposition model

Author: Dipl.-Ing. Franz Edler

page: 21 / 31

Part 3: IMS Network Architecture

7. BORDER CONTROL ELEMENTS

For QoS and policy control reasons the IMS architecture has specified additional network elements which might (should) be included whenever there is an interconnection between different operators. These are the IBCF, the IBGF and eventually an IWF. Figure 7 shows an example IMS interconnect scenario extracted from ETSI ES 282 007 [1]. The diagram corresponds to the principle architecture of Figure 2 on page 7 where a user roams in a visited network, but in this case with some more details. Visited and home network belong to different operators. An IBCF and at least on one side an I-BGF is included (further scenarios are specified in ETSI ES 182 006 [4].
Originating Visited Network IMS (visited) P-CSCF Mx IBCF IBCF Mx Originating Home Network IMS (home) S-CSCF To/from terminating home network

Ic RACS

RACS

C-BGF

I-BGF

Media Flows

Access Transport Network

Core Transport Networks

Figure 7: IMS interconnect scenario (example)

7.1. INTERCONNECTION BORDER CONTROL FUNCTION

There are three tasks an IBCF may care for: The IBCF provides for QoS on the interconnection link and eventually opens and closes the ports for the corresponding media flow. The execution of this task is delegated to the RACS (Resource and Admission Control Subsystem). That means that IBCF controls RACS in the same way as P-CSCF does. Details on RACS will be presented later in part 9 of the course. The IBCF may care for NAT (Network Address Translation) in case the interconnected networks use different IP addressing realms. The IBCF may hide the topology of the network. The critical information in SIP signalling messages are IP-addresses of S-CSCF and application server e.g. Record-Route, Route and Via header fields. This function is called THIG (Topology Hiding Gateway). If THIG is activated the critical addressing parameters are encrypted.

Figure 8 shows details of the Border Control Function. The remarkable point is that an IBCF may be used by all IMS core components (P-, I-, S-CSCF and ), whenever signalling traffic traverses a network boundary.

Author: Dipl.-Ing. Franz Edler

page: 22 / 31

Part 3: IMS Network Architecture

Signalling Bearer

DNS S-CSCF

UPSF

I-CSCF
Mx

BGCF
Mx

P-CSCF
Mx

Mx

IBCF
IMS-ALG THIG

IMS network

Gq'

IP-CAN
UE

RACS
Border Control Functions

Ia

Other IMS/SIP network

I-BGF

Figure 8: Border Control Functions

7.2. INTERCONNECTION BORDER GATEWAY FUNCTION

The I-BGF is responsible for opening/closing gates for the media stream. It is controlled by RACS.

7.3. INTERWORKING FUNCTION

The Interworking Function (IWF) is used whenever there is an interconnection with an IP based but not IMS based network. Examples might be an interconnection with a SIP provider or an operator which uses H.323 protocol.

Author: Dipl.-Ing. Franz Edler

page: 23 / 31

Part 3: IMS Network Architecture

8. APPLICATION SERVER
The application servers are perhaps the most important components of the IMS architecture, because the operators expect the new applications to enable additional revenues beyond the commodities (session connectivity). Figure 2 on page 7 only shows one AS element in the overall architecture, but the IMS architecture distinguishes between three different types of application servers as depicted in Figure 9.
OSA-AS gsmSCF

OSA APIs

CAP

OSASCS

SIP-AS

IM-SSF

ISC ISC ISC

HSS

S-CSCF

Figure 9: Application Server Architecture The three AS types are: SIP Application Server: This is a pure SIP based Application server. This type will be used for new IMS based applications OSA-SCS (Open Service Access Capability Server): This is a gateway element towards an existing OSA-based application server. Some operators request to re-use their existing OSA infrastructure via the OSA-SCS gateway IM-SSF (IP Multimedia Service Switching Function): This is a gateway element towards an existing CAMEL26-based application server. Some operators request to re-use their existing CAMEL infrastructure via the IM-SSF gateway.

Further on in the course we will only mention the pure SIP-AS as it is the future oriented AS, but in any case the three types can be regarded as equivalent from the IMS architecture point if view. Application servers are controlled by an S-CSCF and activated (included) on the basis of the user profile. The initial filter criterias (iFCs) determine if and which AS has to be included. The interface between S-CSCF and the AS is called IMS Service Control interface (ISC) and is based on SIP. In case the AS is part of the trusted network area (not a 3rd party AS) there is the possibility for an AS to have access to user data stored the HSS and eventually to store some data at the HSS.
26

CAMEL = Customised Application for Mobile network Enhanced Logic; IN based application server

Author: Dipl.-Ing. Franz Edler

page: 24 / 31

Part 3: IMS Network Architecture

9. MEDIA RESOURCES
An operator network usually needs network elements which provide various media processing functions. Examples are announcement server, conferencing server, IVR27 server etcThe common characteristic of these servers is the possibility to automatically provide or process media data. In IMS the media resource function is a separate functional element. Figure 10 shows the media resource function separated in a control unit MRFC (Media Resource Function Controller) and a media processing unit MRFP (Media Resource Function Processor). The MRFC is part of the IMS-core and is controlled via a SIP interface. The MRFC controls the MRFP (which is located in the transport layer) via H.248 protocol.

AS
SIP

HTTP

SIP

S-CSCF

MRFC
H.248

MRFP

Figure 10: Media Resource Function The separation (decomposition) of the media resource function is analogous to the separation of MGCF and T-MGF at the PSTN gateways. The media resource functions (also called media servers) are highly sophisticated platforms which are usually programmable via scripting languages. A typical scripting language is VoiceXML28 or simplified or proprietary versions like CallXML29 and CCXML30. When a specific media service is activated (e.g. in case of adding a participant to a conference) a script maybe downloaded from an application server via HTTP and invoked via a specific SIP URI.

27 28

IVR = Interactive Voice Response http://www.w3.org/TR/voicexml20/ 29 http://docs.voxeo.com/callxml/3.0/ 30 http://www.w3.org/TR/ccxml/

Author: Dipl.-Ing. Franz Edler

page: 25 / 31

Part 3: IMS Network Architecture

10. CHARGING FUNCTIONS

Flexible charging has been an important goal during design of the IMS architecture. The charging architecture should offer highest flexibility to charge the users for offered services. It should also enable the operator to quickly react on changing market conditions e.g. by offering new service bundles. The charging architecture in IMS is separated in two parts: Off-Line charging and On-Line charging. Off-Line charging is a slightly simpler function, because it only requires to record all chargeable events in a database and to offer the data for billing at the end of the month. On-Line charging requires real-time control of session handling. In case of a prepaid service which is the most prominent On-Line charging example an active session has eventually to be force-ended when credit runs out.

All charging elements are controlled via diameter protocol.

Author: Dipl.-Ing. Franz Edler

page: 26 / 31

Part 3: IMS Network Architecture

11. ACCESS AND TRANSPORT NETWORK

The access and transport network in IMS deserves special attention. Besides the aspects of application creation and charging the provision of QoS is the third major goal of IMS. For offering of quality of service (e.g. guaranteed bandwidth and delay) it is necessary to have subtle mechanisms to control the access and transport network. In 3GPP release 6 of IMS the access independence of the architecture has been defined. Therefore most of the complexities of different technologies in the access network (GPRS, WLAN, DSL ) are now hidden in two new functional blocks: NASS and RACS The architecture of both blocks has evolved to highly complex ones because of the additional requirement of flexibility of business models. Operators need the flexibility to use access networks of other operators. This leads to standardised protocols for the control of QoS and revenue sharing between operators.

11.1. NETWORK ATTACHMENT SUBSYSTEM

The Network Attachment Subsysten (NASS) roughly has to provide the following services: Provision of an IP Address to the UE Provision of transport oriented subscription data (e.g. download and upload bandwidth) to all involved transport network elements Provision of attachment location for emergency service

11.2. RESOURCE AND ADMISSION CONTROL SUBSYSTEM

The Resource and Admission Control Subsystem (RACS) roughly has to provide the following services: Enable different QoS reservation methods (guaranteed, relative) Prevent theft of service Enable QoS aware and not QoS aware UE to use the access network. In one case the UE is able to control QoS via signalling in the other case the network has to do that.

Within the IMS architecture two functional entities are defined which may use the RACS (see also Figure 7): the P-CSCF in case of user oriented traffic the IBCF in case of inter provider traffic.

Author: Dipl.-Ing. Franz Edler

page: 27 / 31

Part 3: IMS Network Architecture

12. EXERCISES AND QUESTIONS

After studying this part of the lecture you should be able to answer the following questions: Chapter 2:Architecture Overview: Explain the layer structure of ETSI NGN and the position of IMS within that architecture! Comment on the architecture of ETSI IMS. What are the main functional elements? Explain how different access technologies are handled in IMS! What are the main differences between the IMS architecture of ETSI and 3GPP? What does roaming mean? What is the main difference between session setup in IMS and call setup in GSM in case of roaming? What is the advantage and disadvantage of routing all session setup into the home network as a first step? Explain the network trust model of IMS! What is the story behind the IPv6/IPv4 issue for IMS? What are the main tasks of the P-CSCF? What are the main tasks of the I-CSCF? What are the main tasks of the S-CSCF? How can a P-CSCF be assigned to a UE? What is the role of the HSS/UPSF? What data are stored there? When is a Subscriber Location Function needed? What is the difference between a generic SIP user agent and an IMS terminal? What is the Ut interface used for? Explain the main components of a PSTN gateway (decomposition model)! Explain the components of border control in IMS! Where are the main tasks of border control in IMS? What is THIG?

Chapter 3: Core Routing Nodes

Chapter 4: Subscriber Database

Chapter 5: User Equipment

Chapter 6: PSTN Gateway Elements Chapter 7: Border Control Elements

Author: Dipl.-Ing. Franz Edler

page: 28 / 31

Part 3: IMS Network Architecture Chapter 8: Application Server Which are the three types of Application Server defined for IMS? Where is the ISC interface located? Does an AS have access to the HSS? Explain the structure of the Media Resource Function (MRF)! What are the two different parts of the charging architecture? Why does On-Line charging influence the session handling? Describe the architecture of the access network in ETSI TISPAN IMS! What is the main reason behind NASS and RACS? What are the principle tasks of NASS and RACS?

Chapter 9: Media Resources Chapter 10: Charging Functions

Chapter 11: Access and Transport network

Author: Dipl.-Ing. Franz Edler

page: 29 / 31

Part 3: IMS Network Architecture

13. REFERENCES
13.1. BOOKS ON SESSION INITIATION PROTOCOL
Henry Sinnreich und Alan B. Johnston: Internet Communcications Using SIP Wiley & Sons, ISBN-10: 0471776572 2nd edition: 2006 Alan B. Johnston: SIP Understanding the Session Initiation Protocol Artech House, ISBN 1-58053-168-7 2. Auflage November 2003

Henry Sinnreich, Alan B. Johnston und R. Sparks: SIP beyond VoIP VON Publishing LLC, www.vonmag.com ISBN: 0-9748130-0-1

13.2. BOOKS ON IP MULTIMEDIA SUBSYSTEM

The yellow book: G. Camarillo, M. Garcia-Martin: The 3G IP Multimedia Subsystem (IMS) Wiley & Sons, ISBN-10: 0470516623 ISBN-13: 978-0470516621 3rd Edition, Nov. 2008 The red book: M.Poikselka, G.Mayer, H. Khartabil: The IMS - IP Multimedia Concepts and Services Wiley & Sons, ISBN-10: 0470721960 ISBN-13: 978-0470721964 3rd Edition, March 2009

13.3. ETSI TISPAN STANDARDS

[1] [4] ETSI ES 282 007 V1.1.1 (2006-06): IP Multimedia Subsystem (IMS); Functional architecture; TISPAN Release 1 ETSI TS 182 006 V1.1.1 (2006-03): IP Multimedia Subsystem (IMS); Stage 2 description; TISPAN Release 1

Author: Dipl.-Ing. Franz Edler

page: 30 / 31

Part 3: IMS Network Architecture

13.4. 3GPP STANDARDS

[2] [3] 3GPP TS 23.002 V8.2.0 (2007-12): 3GPP; Network architecture (Release 8) 3GPP TR 23.981 V7.0.0 (2007-06): 3GPP, Interworking aspects and migration scenarios for IPv4 based IMS Implementations

Author: Dipl.-Ing. Franz Edler

page: 31 / 31