TK620

IMS BASICS

1
 Contents

IMS Overview
Session management and routing functions
Databases functions
Services functions
Interworking functions
Support functions
Charging functions
IMS Identities
IMS features
IMS Basic Idea

3
IMS Basic Concept

4
 Access Support
• IMS supports different access types.
• IMS Access networks are called IP Connectivity Access Network (IP-CAN).
• IP-CAN provides the multimedia signaling connection as well as the bearer
connection.

2G/3G Core

LTE Core

5G Core

WLAN/WIMAX Core
IP Multimedia
IP-CAN Subsystem
Fix Core

xDSL Core

CDMA2000 Core
IMS Architecture

6
IMS Protocols

7
 IMS Functionalities

Session management and

e.g. CSCFs …
routing functions
Databases functions e.g. HSS,SLF …

Services functions e.g. AS, MRFC, MRFP …

e.g. BGCF, MGCF, IMS-
Interworking functions
MGW, SGW …
e.g. PCRF, SEG, IBCF,
Support functions
TrGW, LRF ...
Charging functions e.g. CGF, CDF, OCS, BS …
 Contents

IMS Overview
Session management and routing functions
Databases functions
Services functions
Interworking functions
Support functions
Charging functions
IMS Identities
IMS features
 Proxy-CSCF
• Statfull SIP proxy server.
• Entry point to IMS cloud from any Access network.
• All the signaling messages goes through it.
• contains the AF that is a logical element for the PCC concept
• Establishes a number of IPsec security associations toward the IMS terminal, and Perform the integrity protection
• Asserts the identity of the user to the rest of the nodes in the network.
• interacts with the border gateway to perform the session border capabilities such as NAT/PAT, IP version
interworking.
• Verifies the correctness of SIP requests
• Compression and decompression of SIP signaling messages.
• It includes a PDF that authorizes bearer resources. PDF
• Generates charging information
• Collocated with the BCF Rx
• Performs topology hiding
It acts as a SIP B2BUA Gm Mw
• P-CSCF I/S-CSCF
IMS Client IP-CAN Ia

BGF
 Policy Control on P-CSCF

P-CSCF

Home domains list

South.com
North.com
East.com
West.com I-CSCF
SIP: REGISTER (p-cscf@europe.com
FROM (user1@europe.com) If no match SIP: REGISTER
TO (user2@europe.com)

Foreign domains list

SIP: 403 Forbidden response Africa.com Allowed
(If the domain europe.com is
forbidden Asia.com Forbidden

America.com Forbidden Home Network:

Europe.com Allowed Europe.com
 P-CSCF discovery
• The mechanism by which the UE retrieves these addresses is called “P-CSCF discovery”.
• Different mechanisms for P-CSCF discovery have been standardized in 3GPP:
 the Dynamic Host Configuration Protocol’s (DHCP) DNS procedure.
 The GPRS procedure: UE includes the P-CSCF address request flag in the PDP context
activation request (or secondary PDP context activation request) and receives the IP
address(es) of the P-CSCF in the response.
 The EPC procedure: UE includes the P-CSCF address request flag in the Default Bearer
Create request (APN=IMS) and receives the IP address(es) of the P-CSCF in the
response.
 P-CSCF name or IP address can be stored in the UE (ISIM).
• It’s possible to use P-CSCF LB.
 AGCF

AS
• AGCF equals Access Gateway Control Function
• Implements the role of the PES access point Ut
– Concatenation of P-CSCF and UE entity
NASS e2
S-CSCF
– Plus dialtone management
– Specific aspects for registration and call control M Ro OCS
• Is part of the trusted domain w
Gq
• Encompasses the functionality of an H.248 media RACS ’
AGCF
gateway controller as defined in ITU-T OFC
recommendation H.248.1 and a SIP User Agent as P1 Rf
defined in RFC 3261
S
• Co-ordinates the MGC and SIP UA components AGW
• Appears to CSCF as if it was a P-CSCF
 Interface Description

Interface Description Protocol

P1 Analogue signaling interface towards MG’s H.248
Allows the communication and forwarding of signaling messages between
Mw CSCF’s and between AGCF and a CSCF, e.g during registration and session SIP
control
Enables the AGCF to manage information related to services provided to
Ut XCAP
the legacy equipment connected to the media gateways it controls
Supports information transfer between the P-CSCF or the AGCF and the
e2 Diameter
network attachment subsystem
Enables the P-CSCF or the AGCF to interact with the resource control
subsystem for the following purposes:
Gq’ - Authorization of QoS ressources Diameter
- Resource reservation
- Gate control
Rf Supports offline charging Diameter
Ro Supports online charging Diameter
 Interrogating-CSCF
• Statless SIP proxy server.
• First Contact Point in home network.
HSS AS
• Performs S-CSCF and AS selection.
• Performs network topology hiding (THIG).

ISC,
Ma
Cx

Mw Mw

P-CSCF I-CSCF S-CSCF

Dx

SLF
 Policy Control on I-CSCF

I-CSCF

Home Network ID
South.com

If no match
HSS
SIP: REGISTER (p-cscf@europe.com
FROM (user1@europe.com)
TO (user2@europe.com) Visited domains list UAR
P-visited-NetworkID (South.com)
South.com Allowed
SIP: 403 Forbidden response North.com Forbidden
(If the domain south.com is forbidden
East.com Forbidden

West.com Allowed

Home Network:
Europe.com
 S-CSCF Selection
HSS

UAA
UAR (S-CSCF
Capabilities)

SIP: Register SIP: Register

I-CSCF S-CSCF

S-CSCF Capability Priority Weight Random

Set Number
S-CSCF A 1;2;3 1 100 12
Example:
S-CSCF Capabilitites: S-CSCF B 2;3 2 50 45
2;3 S-CSCF C 1;3;4 1 70 98

S-CSCF D 1;2;3;5 2 100 23

 Serving-CSCF
• The S-CSCF is the central node of the IMS cloud.
• Statefull SIP proxy providing session control.
• SIP registrar. AS MRFC
• Performs subscriber authentication
• Download user profile from HSS.
• Allocated to IMS user during one registration.
• Invokes the AS using Initial filter criteria.
Mr
BGCF
ISC
HSS Cx

Mi

Mw Mj

P/I-CSCF S-CSCF
Mg
Dx
MGCF

SLF
 Initial Filter Criteria
• Filter criteria are among the most important pieces of user information stored in the network.
• They determine the services that will be provided to each user.
• Helps the S-CSCF to decide what will be the next hop.
• The S-CSCF evaluates initial filter criteria when it receives a first SUBSCRIBE request, INVITE,
OPTIONS… .
• iFCs are written in XML format.
• Shared iFCs are stored in S-CSCF.
• Each iFC is uniquely identified by an ID/
• There two types of iFCs:
 Conjunctive Normal Form (CNF): an ANDed set of ORed conditions
 Disjunctive Normal Form (DNF): an ORed set of ANDed conditions.

Shared
iFCs
DB

S-CSCF
 Initial Filter Criteria

iFCs example
1. Originating SIP methods where the SIP Header ctype shows the value "application/sdp".
2. Originating SUBSCRIBEs where the SIP Header event shows the value “dialog".
3. Terminating INVITEs where the SIP Header ctype shows the value “application/sdp“ and
where the body shows in the m-line the value “audio” or “video” or “image” and where
the SIP Header via does not show the value “vas.ims1.net:.
4. Originating SIP INVITEs
 where the SIP URI does not start with “sip:110”
 or does not start with “sip:112”
 or does not start with “tel:110”
 or does not start with tel:112”
 or does not start with “sip:911”
 or does not start with “tel:911” followed by none or any character
 and the SIP Header ctype shows the value "application/sdp“
 and in the where the body shows in the m-line the values “audio” or “video” or”
image”
Initial Filter Criteria
 iFC Special characters

Special
Meaning
characters
. any (exactly one) character
zero or more repetitions of the previous pattern, e. g. ".*" means no or any number of
* arbitrary characters .
^ the beginning of the string to be matched
$ the end of the string to be matched
+ one or more repetitions of the previous pattern
? zero or one repetition of the previous pattern
two extended regular expressions separated by the special character vertical line (|)
| indicate a string that is matched by one of them
 Emergency-CSCF
• Handles emergency calls
• Can be collocated with S-CSCF
• Always exist in the same network as the P-CSCF
LRF PSAP
• Retrieves user location from the LRF
• can perform offline charging
• Selects the PSAP according to the user location

Le
BGCF
Ml
Cx
HSS
Mi

Mw Mj

P-CSCF E-CSCF
Mg
Dx
MGCF

SLF
 Emergency call handling
LRF

P-CSCF User Location?

User Location
Emergency
Numbers E-CSCF
911
SIP: INVITE SIP: INVITE
112
(TO:911) 110 (TO:911, PANI: User Location)
197
…
SIP: INVITE

MGCF
User Location? User Location
SIP: INVITE
PSAP

CLF
 SPDF
SPDF: The Service-based Policy Decision Function
• Provides control over requesting resources from the SPM and when to open/close the gates to allow
the media through the SPM.
• The SPDF provides the capability to limit the bandwidth allowed for each offered session.
• There are configurable values to specify the bandwidth for type of media.
• The SPDF offers application control of IP bearer resources when required; the SPDF achieves the
following features:
 Call Admission Control (CAC).
 Resource Allocation/Bandwidth Reservation Control.
 QoS Byte Marking and other control capability to operate the BGF (gating, NAT, policing, and so
on).
 Contents

IMS Overview
Session management and routing functions
Databases functions
Services functions
Interworking functions
Support functions
Charging functions
IMS Identities
IMS features
HSS-IMS Environment

27
HSS Apperance

28
HSS Description

29
HSS Functionalities

30
Data in the HSS

31
HSS interfaces
 Subscription Locator Function
• The SLF is used as a DIAMETER redirect server. Thus the mechanism to use it is as follows.
• If a CSCF wants to send a DIAMETER request message to an unknown HSS of a subscriber it
simple directs the request to its local SLF. The SLF will analyze the routing information of the
DIAMETER request. This covers elements like HSS realm and possibly public and private user
identities. The SLF derives from these elements the HSS host name and/or address. But the SLF
will not forward the DIAMETER request, instead it will reject it and indicate a response code
'REDIRECTION INDICATION' with the HSS address or name. Then the CSCF can re-send the
request to the indicated destination.
• SLF support the Dx interface toward the I/S-CSCF, and Dh interface toward the AS.

SLF SLF

1. Dx: Request 1. Dh: Request

( HSS realm / ( HSS realm /
HSS host name) HSS host name)
2. Dx: Response 2. Dh: Response
( result= REDIRECT_INDICATION, ( result=
HSS address) REDIRECT_INDICATION,
HSS address)
HSS HSS
I/S-CSCF
3. Cx: Request 3. Sh: Request
( HSS realm / ( HSS realm /
HSS host name) AS HSS host name)
 Contents

IMS Overview
Session management and routing functions
Databases functions
Services functions
Interworking functions
Support functions
Charging functions
IMS Identities
IMS features
 MRFC
• The Media Resource Function Control (MRFC) controls the MRFP.
• The MRFC can reside in the AS or in S-CSCF.
• The MRFC communicate with MRFP over the Mp’ (H.248) interface, as defined by 3GPP TS
23.218.
• Over the Mr’ interface, MRFC connects to any Media Server, to provide advanced MRF
services, such as video conferencing. The Mr’ interface is compliant with 3GPP TS 24.880.
• MRFC is also connected to External Ringtone Servers (ERS) to provide Customized Alerting
Tone (CAT) services.
• Complying with GSMA PRD IR.92 and IR.94, MRFC provides the following functions:
• announcements
• tones
• transcoding and conference services

MRFC SIP/
Mr SIP-I

S-CSCF
ERS
Mr’ Mp’

MRFP
MS
35
 MRFP
• Media server architecture in IMS consists of two entities MRFC and MRFP. These two entities
are connected via the Mp reference point. Over this reference point the MRFC is able to ask
MRFP to do the following things:
 play tone to user or number of users;
 play announcement to user or number of users e.g. ‘person you try to reach is
currently out of coverage or not able to receive multimedia communication’;
 generate speech output from text or annotated text input;
 record audio or multimedia stream(s) and store it into a file. The function can be used
in some services, such as the voice mail box service, conference service, etc;
 collect and report dialed DTMF digits e.g. to get PIN code for voice mail box;
 perform automatic speech recognition and report the results;
 play synchronized audio and video media streams to the user. The function can be
used in the services, such as multimedia announcement, multimedia mail box service,
etc;
 provide conferencing transport plane capabilities for audio and multimedia
conferencing service;
 transcoding of audio and video streams.

Mp
H.248
MRFC MRFP
 Application Server
• The main IMS application server roles
 Multimedia Telephony Application Server (MMTEL-AS)
 Service Centralization and Continuity Application Server (SCC-AS)
 IP Short Message Gateway (IP-SM-GW)
 IP Multimedia Service Switching Function (IM-SSF)
 Media Resource Function Controller (MRFC)

HSS

Sh

ISC ISC,
Ma
S-CSCF AS I-CSCF
Ut

UAC
 MMTel AS Functions
• MMTel AS role manages IMS sessions for voice and video.
• MMTel AS is involved in executing a bundle of services, including supplementary services, network
services, and regulatory services.
• MMTel AS is also responsible for the management of subscriber data and subscriber services.
• MMTel AS triggers the integrated IM-SSF role to:
 communicate with the SCP to provide intelligent network (IN) services.
 generate session and event based online charging data.
• MMTel supports also offline charging.
• User controlled service management is also realized in the MMTel AS: the MMTel AS’s in-built XCAP Server
function allows subscriber service modification to centralized repository from Ut/XCAP capable terminals.

Supplementary services
•
•
Calling Line Identity Presentation & Restriction
Connected Line Identity Presentation & Restriction
MMTel AS
• Call Forwarding Unconditional
•
•
Call Forwarding on Not Reachable, No Reply, Busy
Call Deflection
SCC AS
• Subscriber Controlled Barring categories
• Operator Determined Barring categories IP-SM-GW
• Supplementary Service control with facility codes and Ut interface
• Anonymous Call Rejection
• Private Numbering Plan IM SSF
• Malicious Call Identifier
•
•
Call Hold, Call Resume and Call Switching
Call Transfer (Explicit, Attended) MRFC
•
Application Server
Call Waiting (client)
• Do not disturb (client)
• Multiparty/3-Party voice call
 MMTel AS Functions
Network services IN services from existing SCP
• Attribute analysis (charging, routing, end of selection, pre-analysis etc.) • Originating prepaid service
• Operator Controlled Call Forwarding (OCCF) • Terminating prepaid service
• Charging related functions including different tariffs that will be applied for the call • Group prepaid service
• Dynamic charging based on call detail records (CDRs) • Virtual private network service
• National and operator-specific numbering plans • A-validation service
• Freephone service
• Hunting group service
Supplementary services • Originating call screening service
• Originating call announcement service
• Calling Line Identity Presentation & Restriction • Premium rate service
• Connected Line Identity Presentation & Restriction
•
•
Call Forwarding Unconditional
Call Forwarding on Not Reachable, No Reply, Busy
Other services
• Call Deflection
• E.164 and SIP URI addressing
• Subscriber Controlled Barring categories
• Family number / Multi-SIM (Sequential/Parallel alert)
• Operator Determined Barring categories
• Single/Dual numbering
• Supplementary Service control with facility codes and Ut interface
• Mobility Management
• Anonymous Call Rejection
• Voice & Video Mail Interworking
• Private Numbering Plan
• Tones & Announcements
• Malicious Call Identifier
• Selective Ringback Tone
• Call Hold, Call Resume and Call Switching
• Missed Call Log
• Call Transfer (Explicit, Attended)
• Data/modem call
• Call Waiting (client)
• T.30 / T.38 FAX
• Do not disturb (client)
• DTMF
• Multiparty/3-Party voice call
• CNAP/CNAM
• Music on Hold
Regulatory services • Video Telephony
• HD Voice & Video
• Number portability • MMTel services
• Carrier Pre-selection  Voice (IR.92)
• Lawful Interception  Video (IR.94)
 Video & image share
 P-2-P chat, file transfer (MSRP)
 MMTel AS interfaces
• MMTel AS connects to the S-CSCF over ISC interface. ISC interface connectivity uses the SIP
protocol.
• Over the Lightweight Directory Access Protocol (LDAP) interface, the MMTel AS, as an LDAP
client, connects to any external LDAP Directory server, to access VoLTE subscriber profile.
• Ut interface used between UAC and XCAP Server. The XCAP server runs on the MMTel.
• Over the Sh interface The MMTel AS connects to the HSS-FEs.
• The MMTel AS role of the AS connects to the HLR over the MAP-D interface.
• Ma interface used between MMTel AS and I-CSCF.

HLR HSS
UDR

Sh
MAP-D LDAP

ISC,
MMTel AS Ut
Ma
I/S-CSCF Application Server UAC
 SCC AS
• 3GPP defined the Service Centralization and Continuity Application Server (SCC AS) role, in
order to :
- Manage continuous services across LTE and CS domain (SRVCC (R8) / eSRVCC (R10).
- Centralize service execution in the IMS (T-ADS/Homing).
• The SCC AS role follows and fulfills the principles to offer IMS Centralized Services (ICS), as
outlined in GSMA PRD IR.64, and enables service continuity and service centralization, as
specified respectively in 3GPP TS 24.237 and 3GPP TS 24.292.

MMTel AS
• Session Continuity
SCC AS
• Service Centralization
IP-SM-GW
IM SSF
MRFC
Application Server
41
 SCC AS interfaces
• The Bi interface used to connect SCC AS to IP billing domains in order to generate SIP
charging data for offline purposes, in a non-Diameter charging architecture. Bi uses FTP pull
or GTP (immediate CDR) push interfaces.
• The SCC AS uses the Bc interface to connect to CS billing domains in order to generate CS
charging data for online purposes, in a non-Diameter charging architecture.
• Over the Rf interface, the SCC AS as Charging Trigger Function (CTF), connects to Charging
Data Function (CDF), to provide diameter based IMS offline charging.
• Over the Ro interface, , the SCC AS as CTF, connects to Online Charging System, to provide
diameter based IMS online charging.

BC HSS CDF

Sh
Bi, Bc Rf
OCS
ISC,
SCC AS Ro
Ma
I/S-CSCF Application Server

42
 Session Continuity
• In order to cope with coverage issues, 3GPP developed the concept of Single Radio
Voice Call Continuity
• When a mobile with an active VoLTE call moves beyond E-UTRAN coverage, the
network will handover the call to the legacy (2G/3G) Network

eUTRAN
MME

Handover/
Relocation
Sv IMS

MSS
GERAN/UTRAN
43
 Session Continuity: SRVCC
• In Release 8 SRVCC, the SCC AS handles SRVCC handovers with the MSS enhanced
for SRVCC, where the SCC AS anchors both the control plane and the media sessions
in the home network, and, manages session transfers during SRVCC handovers
directly with the MSS enhanced for SRVCC.
• In Release 8 SRVCC, during session transfer, both the access and the remote call legs
are updated.

eUTRAN
MME

Handover/
Relocation
Sv IMS

MSS
GERAN/UTRAN
44
 Session Continuity: SRVCC
User plane
after SR-VCC
handover The SCC AS initiates a SIP
MGW The MSS reserves CS radio Re-Invite to the B-Party to
resources and initiates aswitch the User Plane from
SIP Invite towards the PDN-GW to the MGW
UE SCC-AS using the STN-SR.
(A-Party)

BSS/
RNS
S-CSCF
MME triggers
“PS to CS of B part
Hand-over MSS
Request” to UE
MSS (B-Party)

S-CSCF
eNb
initiates of A part
SR-VCC Triggered by the SIP Re-
Invite, the B-party switches
MME
the User Plane to the MGW

UE
(A-Party)
LTE Cell

2G/3G
eNB SAE-GW BGF BGF
Cell

User plane
before 45
SRVCC
 Session Continuity: eSRVCC
• SRVCC Release 8 was specified so that during a handover from LTE to 3G/2G, the
remote end is updated with the SDP message received from the CS network.
• If the geographical distance between the CS network of the calling party and the UE
of the called party is significant, the remote end update may take a considerable
time. This is a particular problem in roaming cases or in operator networks covering
a huge geographical area .

TAS
MGW
R10
MSS
RNS
SRVCC
ATCF IMS 3GPP Release 10 specifications
for SRVCC define new functional
UE UE entities, interfaces and protocol
New IMS changes to improve the
eNB MME Functions performance of domain transfer
by reducing latency and
enhancing subscriber experience
SGW ATGW
46
 Session Continuity: eSRVCC
• Release 10 SRVCC
• 3GPP specifies that the anchoring of both control and user planes happens in the
serving/visited network of the LTE subscriber.
• 3GPP defines :
• Control plane/SIP signaling anchoring to be performed in the Access Transfer
Control Function (ATCF)
• User plane/voice session anchoring to be performed by the Access Transfer
Gateway (ATGW).

• In Release 10 networks, the SCC AS is

only informed when the access
transfer from the LTE to the CS has
been completed by the ATCF / ATGW.
• In SRVCC handover with ATCF/ATGW,
only the access leg of the call is
updated while the remote leg
between the visited and the home
network remains the same.
47
 T-ADS Challenge
T-ADS

• Terminal can have simultaneous CS-

registration in IMS and MSS. Few CS
MGW
examples:
• IMS VoLTE and SMSoverSGs 2G/3G
MSS
MGCF GMSC Remote
end
• CS voice and RCS in 3G
• Terminal “drop” from LTE to CS, but
not de-register IMS subscription CSFB
MSS HLR/HSS

• There is a need for a mechanism to find

out which way terminated call is routed to MME
TAS
PCRF CSCF
the IMS VoLTE subscriber – via IMS (PS) or LTE
SCCAS
MSS (CS).
PS P/S-GW
• This procedure is called as Terminated
Access Domain Selection (T-ADS)
 Network Based T-ADS
SCCAS in TAS support sequential and Rel9 T-ADS

Sequential T-ADS (3GPP Release 8) Rel9 T-ADS (3GPP Release 9)

MGCF MGCF
MME MME
S- S-
SCCAS HSS SCCAS HSS
CSCF CSCF
SGSN SGSN
P- P-
CSCF CSCF

1.The terminating INVITE arrives at the S-CSCF 1.The terminating INVITE arrives at the S-CSCF
2.The SCC-AS terminate the call first LTE 2.The SCC-AS queries the HSS via Sh.
3.In case first access fails then SCCAS terminate call to 3.The HSS retrieves VoIP support indication and time of latest
another access. TAU/RAU
4.The HSS provides the collected information to SCC-AS.
5.The SCC-AS terminate the call using VoIP (ePC/PS) or via CS.

SCCAS makes T-ADS possible also without HSS/MME/SGSN support

 T-ADS according to 3GPP R9

3a. Request: VoIP

capability in 3G
SGSN 2. Request 1. INVITE (incoming bi-
directional speech)
4. Responses: VoIP HSS SCCAS
support, time stamp 6. Voice domain selection
5. Response:
VoIP support
6a) VoIP is supported 3G or LTE ->IMS
MME 3b. Request: VoIP
capability in LTE 6b) VoIP is not supported 3G or LTE ->MSS

HSS indicate to SCCAS weather VoIP is supported or not supported to this subscriber right now.
 Homing Challenge
Homing

CS-
MGW
• When terminated call is coming from
CS access via GMSC VoLTE subscriber, MSS GMSC Remote
there is a need to have a mechanism to 2G/3G
MGCF MGCF end
tell GMSC, that call need to be routed
to IMS for T-ADS. CSFB
HLR/HSS SIP
MSS
• One way to route MT calls for VoLTE
subscriber is to use functionality
MME
implemented in TAS which tells to PCRF CSCF TAS
SCCAS
GMSC call need to be routed to SCC AS. LTE

P/S-GW
• This procedure is called as a Homing.
 Terminated call from CS
VoLTE and SMSoverSGs
CS-
4b.
MGW
1.

2G/3G
MSS
GMSC Remote GMSC Is not able to make decision in which access
MGCF end
subscriber locate
2. Homing
CSFB
MSS HLR/HSS
Terminated calls are routed always to IMS/SCCAS.
SCCAS is managing the T-ADS for MT call.
MME
CSCF TAS
PCRF
SCCAS
LTE

4a. P/S-GW
3. T-ADS

Subscriber’s voice data in MSS and IMS

SCC-AS functionality makes a domain selection.

 VoLTE Call Flow
Homing and T-ADS
2. T-ADS

MME
• SCC-AS queries the HSS via Sh
9. • HSS retrieves VoIP support
HLR/
SGSN indication and time of latest
EPC-HSS
TAU/RAU from MME and SGSN.
• HSS provides the collected
information to SCC-AS.
• SCC-AS decides to terminate the
call using VoIP or via CS.
2. 8.

1.
ISUP IAM (B#) MSS 3. Initial_DP 4.
MGCF TAS/
SCCAS CS network UE-B
Connect (Homing Prefix + B#) 5. 10. MGCF
/MSS

SIP Invite
SIP Invite
1. Homing 6.
7.
IMS/LTE network
TAS decides to perform UE-B
CSCF 11.
Homing based on SIP
registration status of UE.
 EATF
• TS 23.237 describes EATF as:
– The Emergency Access Transfer Function (EATF) provides IMS-based mechanisms for enabling
service continuity of IMS emergency sessions. It is a function in the serving (visited if roaming) IMS
network, providing the procedures for:
• IMS emergency session anchoring and
• PS to CS Access Transfer.
– The EATF acts as a routing B2BUA which invokes third party call control (3pcc) for enablement of
Access Transfer.
– The EATF performs the session continuity when the Access Transfer request indicated by the E-STN-
SR is received
• E-STN-SR is the Emergency Session Transfer Number for Single Radio
• Prior to the introduction of EATF in standards, VCC AS / SCC AS did NOT support
domain transfer for emergency calls
– Note that the VCC AS procedures from 3GPP Rel 7 TS 24.206 do not support domain transfer for
emergency calls. Support of domain transfer for emergency calls is introduced with the SCC AS
definitions in standards.
 Network Architecture
Reference architecture in 3GPP R9

I4 is a reference point between an E-CSCF

and an EATF.
I5 is a reference point between an I-CSCF
and an EATF.

NOTE 1: P-CSCF, EATF and E-CSCF are always located in the same (serving) network; this is the visited network when the
UE is roaming.
NOTE 2: For simplicity, not all functional components, e.g. IBCF, MGCF and BGCF, are shown in this figure.

/
 Emergency Call Setup
From 3GPP TS 23.237 - Figure 6c.1-1
Serving (visited if roaming) IMS

UE P-CSCF E-CSCF EATF LRF/GMLC

1. INVITE (sos-urn-SR,
location reference)
2. INVITE (…)

3. INVITE (...)

4. Anchor
Emergency Session

5. INVITE (...)

6. Location and Routing Info Retrieval

7. INVITE directly to PSAP or via MGCF

Note: In later E2E calls flows in this slide package, the Location & Routing Info Retrieval messaging
between E-CSCF and LRF/GMLC are not shown as they are independent of the EATF functions
Emergency Call SRVCC/Domain Transfer
From 3GPP TS 23.237 - Figure 6c.2-1
Serving (visited if roaming) IMS

CS/IMS
I-CSCF EATF E-CSCF
Intermediate Nodes

1. INVITE (E-STN-SR, SDP-MGW)

2. INVITE (E-STN-SR,
SDP-MGW)

3. Remote Leg
Update

4. ReINVITE(…)

5. ReINVITE(…) direct to
PSAP or via MGCF

6. Source Access
Leg Release
 IP-SM-GW
• The IP-SM-GW role of the AS delivers the SMS over IP solution, as specified by
3GPP.
• This AS role enables centralized service execution by acting as a “router” for
homing terminating messages in a central location, which is the IP-SM-GW.
• It also functions as gateway for the purposes of handling terminating domain
selection, performing the hunting logic, and executing message delivery across the
various access domains.

SMSC
IP-SM-GW MAP-E or Gd
SMS-GMSC
SMS-IWMSC
58
 IM-SSF
• The AS implements the Call Control Function (CCF) and the Service Switching Function (SSF)
functional entities in the IM-SSF, which enable the IN service logic by connecting to the
Service Control (SCF) function of the Service Control Point (SCP).
• The AS IM-SSF supports connectivity to the SCP over the CAP and the vendor specific INAP
interfaces, and support the following protocols:
 CAMEL Phase 4 (including all previous CAMEL phases)
 INAP

IMS-SSF SCP
CAP or INAP

CCF SSF SCF

59
 AS interfaces summury
SCC AS – DNS
OCS
VMSC/GMSS
AS – HLR DNS P-LIG
CAP/
INAP X1; X2
SCC AS – MAP IMS HSS
HLR
Sh

IP-SM-GW
– HLR AS DIAMETER
Ro
OCS

IP-SM-GW OFCS
– SMSC
SIP Mp
Ut (H,248)
(XCAP) Mr Ma ISC
SCC AS – SCC AS – MRFP
UE MRFC
I-CSCF S-CSCF
60
 Contents

IMS Overview
Session management and routing functions
Databases functions
Services functions
Interworking functions
Support functions
Charging functions
IMS Identities
IMS feature
 Breakout Gateway Control
Function
• BGCF or Break Out Gateway Control Function
• The BGCF is necessary for the establishment of multimedia session between the IMS
and the CS domain.
• In case the S-CSCF is unable to route the SIP Invite message to a terminating I-CSCF, it
forwards it for a session setup to the BGCF. The BGCF than selects a media gateway
control function.
S-CSCF BGCF

BGCF Mx
Mi

Mg Mj

Mj

MGCF
 Breakout Gateway Control
Function
If the breakout happens in the same network, then the BGCF selects a Media Gateway
Control Function (MGCF) to handle the session further. If the breakout takes place in
another network, then the BGCF forwards the session to another BGCF in a selected
network.

S-CSCF ENUM

SIP INVITE (IMPU: sip:E.164@domain.com

Or IMPU: tel:E.164)

ENUM: SIP:Username@domain.com
 MGCF
• The MGCF provides the control plane for the interconnection point between the packet and
circuit switched networks. It is the signaling unit of the MGW to control this unit and to
convert signaling messages between circuit switched and packet switched networks.
• MGCF convert SIP signalling to ISUP/BICC signalling and control the IMS-MGW.
• The controlling of the MGW is done via MEGACO the media gateway control protocol.
• The MGCF acts as an end point for SIP signaling. so, it negotiates media parameters together
with the IMS UE and, similarly, negotiates media parameters together with the CS entity (e.g.,
with an MSC server)

BGCF
Mj
MGCF SGW MSS
S-CSCF
Mj
Mg
SIP, ISUP or BICC

Mn Mc
H.248 H.248

IMS-MGW MGW
 Signalling Gateway
When a SIP session request hits the MGCF it performs protocol conversion between SIP and ISUP,
or BICC and sends a converted request via the Signalling Gateway (SGW) to the CS CN. The SGW
performs signalling conversion (both ways) at the transport level between
the IP-based transport of signalling (SIGTRAN) and SS7 based transport of signalling.
The SGW does not interpret application layer (e.g., BICC, ISUP) messages.

SIP or ISUP over ISUP over TDM

SIGTRAN
MGCF MSS
SGW
Mj
SIP, ISUP or BICC

SIP ISUP ISUP

M3UA MTP3
TCP/UDP M3UA MTP3
SCTP MTP2
SCTP MTP2
IP IP IP L1 MTP1
MGCF SGW MSS
 IMS-MGW
• The IMS-MGW provides the user-plane link between CS CN networks and the IMS.
• It is controlled by a MGCF. MGW can also be used to connect IMS with ISDN/PSTN networks
• A MGW provides functionality and resources to perform:
 switching
 Routing
 transport layer conversion
 media stream processing (e.g. codec conversion)
BGCF

BCF Mj
MGCF SGW MSS
S-CSCF Mj
Mg
SIP, ISUP or BICC

Ia Mn Mc
H.248 H.248 H.248

BGF IMS-MGW MGW

 Contents

IMS Overview
Session management and routing functions
Databases functions
Services functions
Interworking functions
Support functions
Charging functions
IMS Identities
IMS features
 Session Border Controller

Decomposed SBC signaling and bearer control managed by separate products.

Decomposed SBC
combines signaling and media bearer control into a single
product
Converged SBC

Decomposed SBC
 Session Border Controller

P-CSCF

Media Firewall Signaling Firewall

SBC
Hosted
BGF Functions SPDF

BCF ATCF/ATGW
 SBC Functions
Routing

• Routing is based on external ENUM / LCR queries or on 3xx redirect

• Routing based on metrics such as cost, time-of-day …

• Use case: SBC to make routing decisions based on additional metrics or input from external

routing databases (i.e. ENUM or LCR)

 SBC Functions
IPv4/IPv6 interworking

• SBC allows both IPv4 and IPv6 packets to be received concurrently on the same physical interface.

• Thus, interworking between an IPv4 and IPv6 termination of an H.248-controlled IP-to-IP context is

supported.
 SBC Functions
Resource allocation/bandwidth reservation control

• SBC allocates bearer resources and reserves bandwidth associated with active

media sessions, especially:

 Sessions can flow through the BGF (opening and closing of gates).

 Apply NAPT, NAPT-PT to a particular session.

 Set up allowed bandwidth budget for a specific media session.

• The BGF can further police traffic on a per session basis. Set up QoS marking, for

media session, with IP header Differentiated Services Code Point marking.

 SBC Functions
Call Admission Control

• Call Admission Control (CAC) restricts the number of concurrent calls allowed by a subscriber
enterprise.
• SBC supports CAC based on the number of simultaneous calls and/or total bandwidth usage:
 Media Level CAC sets a limit for the maximum bandwidth established at realm, MGW or
carrier levels. Media level CAC rejects a new SIP session establishment request if
allowed bandwidth limit is reached.
 Session Level CAC sets a limit for the number of SIP sessions established by the SBC.
Session level CAC will reject a new SIP session establishment request if the SBC
allowed number of SIP sessions limit is reached. Session level CAC operates at SIP
trunk group/realm or at carrier levels.
 CAC per registered user: Concurrent sessions, bandwidth-based (inbound, outbound,
and total), calls per second (incoming).
 High priority calls are excluded from CAC and they are allowed even if this results in
exceeding maximum bandwidth and/or maximum allowed number of sessions.
 SBC Functions
QoS and CAC over 3GPP Rx interface to PCRF

• SBC supports the 3GPP Rx interface to the PCRF used for reserving resources from the

access network.

• The Rx interface to PCRF may be used for the same session that also utilizes the SPDF and

SPM for performing other functions (for example, NAT traversal, IPv4-IPv6 interworking).
 SBC Functions
Packet QoS marking for outgoing traffic
SBC supports diffserv code point marking for media traffic.
The SBC supports DSCP configuring for peer networks or realms. It also supports unique DSCP
marking for emergency calls.

QoSa QoSb

QoSd
SBC QoSc
 SBC Functions
Reporting of QoS statistics

SBC supports reporting of QoS statistics at the end of every call (for example, duration,
octets sent, octets received etc). The SBC records this information in the Call Detail Record
(CDR)
for the call. Data in the CDR"s can then be used to detect and monitor if the IP bearer network is
experiencing quality problems.
 SBC Functions
Firewall

• SBC makes use of same L2/L3 firewall.

• SBC supports firewalls at the both media and SIP signaling levels. The SIP firewall provides
features such as IP filter, SIP, header & message length check, topology hiding, source/method/
trust rate limiting, Anti-flooding detection / protection.
• The media firewall provides DoS/DDoS attacks protection at the bearer level, in addition to gating
capabilities described.
 SBC Functions
Topology hiding

Topology hiding is the ability to limit information that reveals network topology details (for example, IP
addresses, URIs) from being passed in SIP headers across network boundaries. Headers that might
reveal the topology of the network provider"s core network are concealed or encrypted in messages
sent to peers located on external networks. Any address is translated to the address of the SBC, so
that external networks can only communicate with this SBC. In addition, SIP headers that contain
routing information, such as SIP via and Record-Route headers, are encrypted/removed.
 SBC Functions
Network traffic management
• Network traffic management is the capability for the SBC to provide call gapping and code blocking for
the core network in manner consistent with the TDM network based approaches (based on GR-477
and ITU-T E.412 NTM).
• The SBC supports the following NTM functions:
 Matching criteria
– SIP INVITE, REGISTER
– Origination/Termination
– Digits, Host (FQDN/ IPv4), or User*
 Code Control Algorithm
– Rate based call gapping
– Percentage based code blocking
 Error Treatment for Blocked request
 Provisioned SIP error code, Reason Header, announcement and ACR event.
 Exemptions
– Same matching criteria as the controls
– Emergency Identifier Table in P-CSCF
 SBC Functions
Accounting

• SBC supports generating accounting information via ACR messages sent over the 3GPP Rf

interface to an external CCF.

• The SBC also supports an optional internal CCF for generating CDRs.
 SBC Functions
Message Session Relay Protocol
• MSRP is a protocol for transmitting a series of related instant messages in the context of a
communications session.
• It may be used within the context of a SIP session to do:
 Instant Messaging in a one-to-one or one-to-many mode
 Transfer file attachment
 Image Sharing based on prior exchange of capabilities between the user endpoints.
 interactive data intensive sessions (such as video chat).
• SIP Session establishment call flow for MSRP sessions is no different than those of voice calls.
• MSRP sessions are established between participants using SIP/SDP. Once an MSRP session is
established, messages (media) flows in the user plane. MSRP carries arbitrary data. Any type/size of
data can be exchanged over MSRP. The SBC supports MSRP sessions in agnostic mode as
transcoding is not applicable to MSRP call. Secure MSRP is supported.
• BCF has to take care for the corresponding control information in the SDP body (path:msrp://<A IP
addr>:<port>…/RFC4975) and the communication with the BGF.
 SBC Functions
Integrity protection and encryption of SIP signaling

SBC provides two alternatives for integrity protection and encryption of SIP signaling:
• SIP over TLS: SIP Signaling for access networks is carried via TLS (Transport Layer Security)
over TCP. TLS is a protocol that allows client/server applications to communicate across a
network in a way designed to prevent eavesdropping and tampering. The Signaling Firewall/
PCSCF acts as the TLS server and provides the certificate to the UE for authentication.
• IPsec: Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP)
communications by authenticating and encrypting each IP packet of a communication session.
The SBC supports IPSec Security Associations for the Gm interface IPSec key exchange,
encryption/decryption, integrity protection are all supported.
 SBC Functions
Registration suppression
When SIP signaling for the access network passes through a NAT/FW, then there is a need to
send frequent messages to keep the signaling path open. A typical way of keeping the path, also
known as a pinhole open is by using a short registration interval. The P-CSCF supports a registration
suppression feature whereby it uses a small configured registration interval for communication with the
UE and a larger registration interval assigned by the S-CSCF for communication with the S-CSCF.
When a re-REGISTER is received by the P-CSCF, where nothing is changed in the content and the
SCSCF interval is still valid, then the P-CSCF sends the 200 OK without contacting the S-CSCF. The
CSCF may be configured to selectively apply registration suppression only when P-CSCF detects
presence of NAT/FW in the signaling path, or it may be configured to always apply registration when it
is used a more general keep-alive mechanism by the UE.
Another choice is for UE to use OPTIONS method. P-CSCF supports an even more efficient technique
to keep the firewall pinhole open using a lighter weight protocol from the transport layer. STUN
Messages for UDP. CRLF messages for TCP. The P-CSCF supports a subset of a STUN server that
responds to the keep-alive requests. This technique requires the UE to support the STUN and CRLF
mechanisms.
 SBC Functions
Surrogate registration

This capability allows a P-CSCF to perform IMS registration on behalf of a SIP PBX or SIP IAD
(Integrated Access Device) based on provisioning data. It extends IMS SIP trunking service to
SIP PBXes or SIP IADs that do not support SIP registration.
For each PBX, the P-CSCF is provisioned with PBX attributes (for example, pbxPUID/AoR, pbxPRID,
PBX contact information, etc.) that the P-CSCF will use to perform explicit registration with S-CSCF.
The phones behind a PBX with individual Directory Numbers (DNs) will be implicitly registered
with IMS using either Implicit Registration Set (IRS) mechanism with wildcard PUID or Permanent
Registration Set (PRSET) mechanism. Upon successful registration, the PCSCF will build the registry
for the PBX (including the phones behind the PBX) and establish the necessary associations (for
example, IP association, Signaling Firewall policy, etc.) that will allow calls from/to the PBX to be
handled the same way as if the PBX had registered with IMS by itself.
 SBC Functions
SIP screening

The SIP message screening feature provides a means for an IMS network operator to program their
IMS network (using user defined filter rules) to add, remove and/or manipulate specified SIP message
information that is being exchanged between their IMS network and external hosts/networks.
The SIP screening solves inter-operability issues and accommodates exception situations. The SIP
screening feature is available on P-CSCF, IBCF, or Trunk Group. It applies to Messages, Headers,
and Message Bodies.
The SIP screening feature is managed by filter sets (up to 600 filter sets per SBC). Basic filters include
- Direction Rule, Message Rule, Header Rule, Parameter Rule, Body Rule, and Reference Rule. The
type of actions include - ADD, REMOVE, MODIFY, DISCARD, SAVE, and REJECT.
 SBC Functions
EVS transcoding support
SBC provides support for Enhanced Voice Services (EVS) codec. It implements parameter
parsing and matching logic to support OCL/GCL processing. It expects that Media Negotiation Support
is enabled in SBLP. Explicit fmtp parameter values may be included or default settings may be
implied, as defined per 3GPP TS 26.445 (v.13.0.0) A.3.
• Full transcoding and media format aware support:
• – Full EVS parameter parsing to support EVS multi-PT offer/answer matching.
– Utilize EVS AMR-WB IO mode for potential TrFO interworking of EVS AMR-WB.
– Implementation of intelligent transcoding to avoid transcoding EVS primary to narrowband
codec.
– Support GCL preferred offer configuration for EVS.
– Extension of BGC cross-mapping of Codec-Data across LD/RD for some EVS-EVS scenarios
• Extend EVS support to eSRVCC - Configurable triggering of EVS AMR-WB IO mode at HO to
allow TrFO bearer connection to AMR-WB or even to AMR-NB (for reduced cost transcoding –
both in DSP costs and licensing costs).
• Provide operator configurable EVS management controls:
– Min/Max br, bw settings for SDP validation.
– Enable/Disable EVS AMR-WB IO in SDP (that is, evs-mode-switch, cmr parameters).
– Potential calculation of BW for EVS PT for both resource reservation and in SDP validation
checking.
 SBC Functions
Optimal media path
SBC supports optimal media path. IMS and other SIP networks have the option to deploy border gateways between the
IP realms defined by each network. Within an IP realm every endpoint is reachable from any endpoint using a common
address space. Each border gateway typically provides a firewall or NAPT to limit access to endpoints within a realm.
An application Layer Gateway (ALG) controls each border gateway to allocate new IP addresses and ports as
necessary for each SDP media line and updates the SDP connection and port information in each forwarded SDP offer
and answer to effectively insert the border gateway into the end-to-end multimedia session path.
There can be an ALG/BGF associated with a P-CSCF/IBCF at each of the following network borders:
• Between the UE and its serving IMS network.
• Between the home and serving IMS networks for a UE.
• Between the home IMS networks for the originating and terminating UEs.
• Between the home IMS networks for the original terminating UE and the forwarded-to UE.
• Between any of the above IMS networks and a transit network used to interconnect them.
Each ALG/BGF can introduce additional bearer path delay due to:
• BG processing delay.
• Additional propagation delay due to anchoring of media path.
The cumulative effects of multiple ALG/BGFs may lead to unacceptably long end-to-end bear path
delays for a multimedia session. As such, it is desired to remove unneeded ALG/BGF from the path if
possible.
A multimedia session path may traverse an arbitrary number of IP realms between endpoints.
 SBC Functions
Transcoding support
• SBC supports multiple methods of transcoding.
• The SBC also supports a feature that can invoke resources in a centrally located MRF for
transcoding video codecs and additional audio codecs.
• Transcoding may be added at the start of call or added/removed mid-call due to endpoints
changing codecs (using new SDP in re-INVITE exchange), where this also includes the case
of handover from LTE access network to MSC (using ATCF/ATGW).
• The general approach for transcoding is to proactively modify SDP offer by including
additional codecs from a provisioned golden codec list. When the SDP answer is received, the
need for transcoding is determined by examining the selected codec to see if it matches the
original SDP offer from the UE (no transcoding needed) or if it was from the golden codec list
instead (transcoding needed).
 SBC Functions
Media inactivity detection

Media inactivity capability allows the SPDF to request the media gateway to detect that after a certain
period of time no IP application data has flowed on a particular termination/stream. The ability to
detect if IP application data flow has stopped or has not started is useful to detect hanging bearers.
If there is no application data for a set interval of time (configurable), the media layer will notify the
signaling. SBC either ignores the message, or starts a timer to drop the session, based on what
has been configured.
 SBC Functions
Single IP address and port number for Gm interface
• SBC supports a common IP address and port number that is shared among multiple IMS Services and
exposed as the Gm interface to end users. In other words, a single P-CSCF IP address can be exposed to
the UE that is shared by P-CSCF instances on multiple IMS Services. The SIP Firewall performs load
balancer/distribution function to select a P-CSCF instance Signaling Compression.
• SIP is a text-based protocol where SIP messages can range from a few hundred bytes to up to 2000 bytes
or more. When IMS is deployed over the access network where there is limited bandwidth, for example,
wireless access network, SIP message size can become significant in call setup and service invocation
delay.
• The SBC may be configured to use SigComp to reduce the size of the SIP messages, when the UE also
supports SigComp. framework (based on IETF RFC 3320) is a layer between application (for example,
SIP) and the underlying transport, for example, UDP, TCP, and SCTP. The service provided is that of the
underlying transport plus compression. SigComp framework includes the compressor, the Universal
Decompressor Virtual Machine (UDVM), dispatchers, and state handlers.
• UDVM is designed to decompress output of any well-known compressors, for example, Deflate. This
framework enables the sending side to compress the data using an algorithm of its choice and then sends
the compressed data together with a set of UDVM instructions that the receiving side UDVM can use to
extract the compressed data to its uncompressed form. The UDVM instructions can also be prearranged
(for example, provisioned) at the receiving side.
 SBC Functions
WebRTC Gateway

• Platform independent Real Time Communication set up by browser or app.

• Use case: Browser based audio and video calls.

 SBC Functions
Forking

• In case more than one called party answered the SIP INVITE with a provisional response no

additional H.248 commands are sent to the BGW.

• As soon as the first SIP 200OK for the INVITE is received, the forking condition is reset and the

final called party for the session is known. Now the pinhole is setup towards the final remote

party via a H.248 MODIFY command towards the BGW.

 SBC Functions
Secure RTP

• Secure RTP media encryption

• Use case: Unsecure Access networks e.g. WiFi

SBC IMS Cloud

 SBC Functions
Lawful Interception
• Lawful Interception is done in the BCF for the SIP signaling and the BGF for the Bearer stream.

• Provides interface to 3rd party LI platforms

• Use case: SBC needs to replicate and forward signaling and media to external LI platforms

SBC P-LIG
X1_1 ADMF

IRI: BCF
X2
DF/MF LEA

X3
CC: BGF DF/MF
 SBC Functions
Enterprise Connection

• Group of features useful for Enterprise connection

 IP PBX

 Transport Layer Security (TLS) over TCP

 Range and wildcard IP Multimedia Public Identity (IMPU)

 Surrogate registration

• Use case: Support of Enterprises connected to SBC

 SBC Functions
Notification Server Interface

• Interworking with Apple and Google Notification server to wake up sleeping clients.

• Use case: Wake up sleeping client to receive incoming call.

 SBC Functions
Hosted NAT traversal
If a UE is behind a non-SIP aware Network Address Translation (NAT) or Network Address and Port
Translation (NAPT) device in the access network, the IP addresses in the headers and the SDP bodyof
incoming SIP messages will not be usable. They will be addresses of internal network elements of
the access network (not reachable IP addresses for the P-CSCF) instead of the NAT/NAPT device
(reachable IP addresses for the P-CSCF). If far-end NAT is detected, the P-CSCF identifies that the
Far-end NAPT traversal support is needed when the source IP address at the IP layer is different from
the top-most Via header IP address.
The bearer element (C-BGF) must listen on the port it requested the UE to send bearer to until the
first packet is received. When the first packet arrives, the bearer element will associate the address
and port it came from (external address of the firewall) with this stream. From this point on the bearer
element will only accept bearer traffic from that address. This technique is called latching since the
initial bearer packet forces the bearer element to trigger and latch on to a specific stream from a
specific address and port.
 Far End and near End NAT
Problem: Request Traversing Residential NAT
10.1.2.3 SIP REGISTER … 139.3.2.1 84.23.15.19
Via: … 10.1.2.3:7600 SIP REGISTER …
UE Contact: 10.1.2.3:7600 NAT Via: … 10.1.2.3:7600
Contact: 10.1.2.3:7600
P-CSCF S-CSCF
UDP SRC Port 7600 SIP REGISTER …
:DST Port: 5060 UDP SRC Port: 15200 Via: … 84.23.15.19;
DST Port: 5060 Via: … 10.1.2.3:7600;
IP SRC Addr: 10.1.2.3
DST Addr: 84.23.15.19 IP SRC Addr: 139.3.2.1 received 139.3.2.1
DST Addr: 84.23.15.19 Contact: 10.1.2.3:7600
UDP ...
NAT Binding

Private 10.1.2.3:7600
Public 139.3.2.1:15200

SIP 200 OK …
Via: … 10.1.2.3:7600 SIP 200 OK …
Via: … 84.23.15.19; Via: … 84.23.15.19;
received 139.3.2.1 Via: … 10.1.2.3:7600;
Contact: 10.1.2.3:7600 received 139.3.2.1
Contact: 10.1.2.3:7600
UDP SRC Port: 9320
DST Port: 7600 UDP ...
No Binding for destination
139.3.2.1:7600 IP SRC Addr: 84.23.15.19
DST Addr: 139.3.2.1
 Far End and near End NAT
Solution: Symmetric Response Routing for SIP (UDP only)
10.1.2.3 139.3.2.1 84.23.15.19

UE NAT P-CSCF S-CSCF

SIP REGISTER … SIP REGISTER …

Via: 10.1.2.3:7600 …;rport Via: … 10.1.2.3:7600 …;rport SIP REGISTER …
Contact: 10.1.2.3:7600 Contact: 10.1.2.3:7600 Via: 84.23.15.19;
UDP SRC Port: 7600 UDP SRC Port: 15200 Via: 10.1.2.3:7600 …;
DST Port: 5060 DST Port: 5060 received=139.3.2.1;rport=15200;
Contact: 10.1.2.3:7600
IP SRC Addr : 10.1.2.3 IP SRC Addr : 139.3.2.1
DST Addr: 84.23.15.19 DST Addr: 84.23.15.19 UDP ...

NAT Binding

Private 10.1.2.3:7600
Public 139.3.2.1:15200

SIP 200 OK … SIP 200 OK …

Via: … 10.1.2.3:7600 …; Via: … 10.1.2.3:7600 …;
SIP 200 OK …
received=139.3.2.1;rport=15200 received=139.3.2.1;rport=15200
Via: 84.23.15.19;
Contact: 10.1.2.3:7600 Contact: 10.1.2.3:5060
Via: 10.1.2.3:7600 …;
UDP SRC Port: 5060 UDP SRC Port: 5060 received=139.3.2.1;rport=15200;
DST Port: 7600 DST Port: 15200 Contact: 10.1.2.3:5060
IP SRC Addr : 84.23.15.19 IP SRC Addr : 84.23.15.19 UDP ...
DST Addr: 10.1.2.3 DST Addr: 139.3.2.1
 Far End and near End NAT
Problem: Incoming SIP request
10.1.2.3 139.3.2.1 84.23.15.19

UE NAT P-CSCF S-CSCF

SIP REGISTER … SIP REGISTER …

Via: … 10.1.2.3: 7600 Via: … 10.1.2.3:7600 SIP REGISTER …
Contact: 10.1.2.3:7600 Contact: 10.1.2.3:7600 Via: … 84.23.15.19;
UDP SRC Port: 7600 UDP SRC Port: 15200 Via: … 10.1.2.3:7600;
DST Port: 5060 DST Port: 5060 received 139.3.2.1
Contact: 10.1.2.3:7600
IP SRC Addr: 10.1.2.3 IP SRC Addr: 139.3.2.1
DST Addr: 84.23.15.19 DST Addr: 84.23.15.19 UDP ...

NAT Binding
Private 10.1.2.3:7600 Not routable in
the Internet
Public 139.3.2.1:15200

SIP Invite 10.1.2.3:7600

Contact: 10.1.2.3:5060
Incoming
UDP SRC Port: 9320 SIP Invite 10.1.2.3:7600 Invite
DST Port: 7600 Via: …
IP SRC Addr: 84.23.15.19 Contact: …
? DST Addr: 10.1.2.3 UDP ...
 Far End and near End NAT
Solution: Symmetric response for SIP Incoming Invite
10.1.2.3 139.3.2.1 84.23.15.19

UE NAT P-CSCF S-CSCF

Register acc. To Symmetric response routing and NAT traversal

SIP Register...
Contact: 139.3.2.1:15200

NAT Binding
Private 10.1.2.3:7600
Public 139.3.2.1:15200 SIP 200 o.k.

SIP Register...
Contact: 139.3.2.1:15200

SIP Invite 139.3.2.1:15200 SIP Invite 139.3.2.1:15200

Contact: 10.1.2.3:5060 Contact: 10.1.2.3:5060
Incoming
UDP SRC Port: 5060 UDP SRC Port: 5060 SIP Invite 139.3.2.1:15200 Invite
DST Port: 7600 DST Port: 15200 Via: …
IP SRC Addr: 84.23.15.19 IP SRC Addr: 84.23.15.19 Contact: …
DST Addr: 10.1.2.3 DST Addr: 139.3.2.1 UDP ...
 Far End and near End NAT
Simple Traversal of UDP through NATs
10.1.2.3 139.3.2.1 84.23.15.19

UE STUN Binding Request

NAT P-CSCF S-CSCF
STUN Binding Request STUN Server

IP
SRC Addr 10.1.2.3
IP
DST Addr 84.23.15.19 SRC Addr 139.3.2.1
DST Addr 84.23.15.19

NAT Binding
STUN Mapped Address
Private 10.1.2.3:7600 (Port 15200,
Public 139.3.2.1:15200 IP 139.3.2.1
IP SRC Addr 84.23.15.19
STUN Mapped Address DST Addr 139.3.2.1
(Port 15200,
IP 139.3.2.1
IP SRC Addr 84.23.15.19
DST Addr 10.1.2.3

Register... Register...
SIP SIP
Via: 139.3.2.1:15200 Via: 139.3.2.1:15200 Register...
SIP
Contact: 139.3.2.1:15200 Contact: 139.3.2.1:15200 Via: 84.23.15.18
Via: 139.3.2.1:15200
Contact: 139.3.2.1:15200

SIP 200 o.k.

NAT Binding SIP
SIP
200 o.k
Via: 84.23.15.18
200Via:
o.k.139.3.2.1:15200 Via: 139.3.2.1:15200
Private 10.1.2.3:7600
Public 139.3.2.1:15200 IP SRC Addr 84.23.15.19 IP SRC Addr ...
DST Addr 139.3.2.1. DST Addr 84.23.15.19
 Far End and near End NAT
Simple Traversal of UDP through NATs

84.23.15.19
10.1.2.3 139.3.2.1

UE NAT P-CSCF S-CSCF

STUN Server
Successful
STUN Successful
REGISTER

Contact = 139.3.2.1
SIP Invite 139.3.2.1:15200 SIP Invite 139.3.2.1:15200
Contact: … Contact: …
Incoming
UDP SRC Port: 5060 UDP SRC Port: 5060 SIP Invite 139.3.2.1:15200 Invite
DST Port: 7600 DST Port: 15200 Via: …
IP SRC Addr: 84.23.15.19 IP SRC Addr: 84.23.15.19 Contact: …
DST Addr: 10.1.2.3 DST Addr: 139.3.2.1 UDP ...
 SBC Function
UE NAT P-CSCF
STUN Server S-CSCF
10.1.2.3 139.3.2.1 84.23.15.19
STUN Binding Request STUN Binding Request

IP SRC Addr 10.1.2.3 IP

SRC Addr 139.3.2.1
DST Addr 84.23.15.19 DST Addr 84.23.15.19

NAT Binding
Private 10.1.2.3:7600
Public 139.3.2.1:15200

STUN Mapped Address STUN Mapped Address

(Port 15200, (Port 15200,
IP 139.3.2.1 IP 139.3.2.1
IP SRC Addr 84.23.15.19 IP SRC Addr 84.23.15.19
DST Addr 10.1.2.3 DST Addr 139.3.2.1

Register... Register... Register...

SIP SIP SIP
Via: 139.3.2.1:15200 Via: 139.3.2.1:15200 Via: 84.23.15.18
Contact: 139.3.2.1:15200 Contact: 139.3.2.1:15200 Via: 139.3.2.1:15200
Contact: 139.3.2.1:15200

200 o.k.
NAT Binding SIP
SIP
200 o.k SIP
Via: 84.23.15.18
200Via:
o.k.139.3.2.1:15200 Via: 139.3.2.1:15200
Private 10.1.2.3:7600
Public 139.3.2.1:15200 IP SRC Addr 84.23.15.19 IP SRC Addr ...
DST Addr 139.3.2.1. DST Addr 84.23.15.19
 ENUM
ENUM (E.164 Number to URI Mapping) translates telephone numbers into Internet
addresses. You can dial a telephone number and reach a SIP, H.323 or any other
Internet Telephony user.
In IMS, ENUM translates an IMPU containing a telephone number into an IMPU that
don’t contain a telephone number.

ENUM: SIP:E164@domain.com ENUM: TEL:E164

ENUM: SIP:Username@domain.com ENUM: SIP:Username@domain.com

ENUM ENUM
 IBCF
The Interconnection Border Control Function (IBCF) provides application specific functions at the
SIP/SDP protocol layer to perform interconnection between two operator domains, e.g. it:
 enables communication between IPv6 and IPv4 SIP applications,
 network topology hiding
 controlls transport plane functions,
 screens of SIP signalling information,
 selecting the appropriate signaling interconnect (TrGW)
 generation of charging data records.

I-CSCF
IBCF
IBCF

P-CSCF
IBCF
S-CSCF
Visited network Home network Other network
 BGF

BGF is the media-handling part of a decomposed SBC

Splits SBC media functions into separate device at network edge
Can be used by all media types: VoIP, T.38, video telephony, VOD, IM…
Features
Controllable from the core via standard H.248 interface (Ia profile)  DoS/DDoS Protection
BGF is a transport-layer function defined by IMS and TISPAN  Media Pinholing
Layer-4/layer-5 media packet relay  Topology hiding / NAT/H-NAT
 Session Admission Control & QoS
An IP-to-IP network access or peering gateway  Lawful interception
BGF provides the VoIP media demarcation point between networks  Media inactivity detection
BGF has no signaling awareness  IPv4-IPv6 interworking
BGF is a slave device controlled by signaling-aware functions
But BGF functionality may also be applied to signaling flows
 BGF
QoS
Legend:
Prioritized flow
Unauthorized flow
CPE NATed flow
Security
Authorized flow AS
Rate-limited flow VPN flow

SPDF CSCF
Filter & Block
Unwanted calls BGF
IP
Network
BGF

Rate Limit calls Based BGF

BGF
on Bandwidth BGF BGF

Aggregate VPNs and

Prioritize calls across NAT private address
Enable NAT-traversal spaces
the core network without tromboning
 BGF
Signaling

SIP I/S- SIP

P-CSCF MGCF
SIP
BGCF
CSCF

Gm
SIP ISUP
IP-CAN
SIEMENS SIEMENS
SIEMENS SIEMENS

UA H248 H248

RTP PSTN/PLMN

TDM

BGF MGW

Bearer
 BGF
Signaling

SIP I/S- SIP I/S-

P-CSCF
SIP
P-CSCF
CSCF CSCF

Gm SIP
SIP
Gm IP-CAN
IP-CAN
UA H248 H248 UA
RTP
RTP

TDM

BGF BGF

Bearer
 LRF
The Location Retrieval Function (LRF) assists E-CSCF in handling IMS emergency
sessions by delivering location information of the UE that has initiated an IMS
emergency session and/or address of Public Safety Answering Point (PSAP) where the
session should be sent.
To provide location information the LRF may contain location server or have
interface towards external location server (e.g. GMLC). To resolve appropriate PSAP it
may contain Routing Determination Function (RDF) which is used to map the user’s
location to address of PSAP.
LRF
The LRF may provide other emergency
session parameters according to local
regulations: GMLC
 Emergency Service Query Key,
 Emergency Service Routing Number,
 Last Routing Option (in North America) Ml
 location number (in EU)
Cx
 PSAP SIP URI or Tel URI. HSS Le

Mw PSAP

P-CSCF E-CSCF
 TrGW

The Transition Gateway (TrGW) is located within the media path and controlled by an IBCF. It
provides functions like network address/port translation and IPv4/IPv6 protocol translation.
TrGW is controlled by the IBCF via the Ix reference point.

Ix
H.248
TrGW IBCF
 Diameter Routing Agent
• Diameter Routing Agent The DRA consists of 2 functions:
 the Edge Agent, which protects the operator’s NNI (Network-Network Interface) in case
of roaming subscribers
 the Diameter Load Balancer, which balances the Diameter traffic, e.g. between different
HSS-FEs according to their performance capabilities. It also simplifies the network
architecture (not requiring a fully meshed network) thus improving the scalability and
manageability of the network.
AS
AS

HSS
HSS I/S-CSCF
I/S-CSCF

Fully meshed
network
 DRA-Edge Agent
• The Edge Agent is used to secure the traffic between different peer networks. A common way
to connect peer networks makes use of the IPX (IP eXchange) network. IPX is an isolated
network offered by several IPX operators. The Edge Agent operates at the edge to the IPX and
supports the following functions:
 Network Security (IPsec, DoS Protection, Traffic separation, Topology Hiding,
 Roaming Agreement Support.
 Admission Control.
 Service Level Agreement (SLA)
 Accounting
I/S-CSCF
AS
HSS

I/S-CSCF
IPX Peering
DRA-LB
Operator
HSS DRA-EA

I/S-CSCF
PCRF
 DRA-Load Balancer
• The DRA can be used in the operator’s network as Diameter Load Balancer to simplify the
network topology. It improves the network scalability, availability and maintainability. For
example, HSS-FEs can be included and taken out of operation without impacting other network
components. In the geo-redundant mated pair configuration the DRA achieves > 99.999%
availability.
• Due to its flexibility to configure the protocols (IPv4v6 dual stack; TCP, SCTP) that are to be
applied on the link level, the DRA is able to simplify the multi-vendor deployments as well as
the network upgrades.

•Destination Realm
•Destination Host DRA-LB
•Origination Realm
•Origin Host Weighted
•Application ID Load-balancing
•IMSI range
•Session-ID
 Policy and Charging Rule
Function
SPR
• The PCRF hosts the following functions:
– Binding mechanism, associates a service data flow
Mailing
to the EPS bearer deemed to transport the service SMSC
Server Sp
data flow.

– Reporting PCRF
– Credit Management Gx or S7 Rx

– Event Trigger

– Policy Control PCEF SGi AF

– Service (data flow) prioritisation and conflict GGSN /PGW P-CSCF
handling

– Standardised QoS characteristics

– Termination Action

– Handling of packet filters.

116
 PCRF interfaces

• Provisioning and removal of PCC rules from PCRF to PCEF SPR

Gx • Transmission of traffic plane events from PCEF to PCRF
• Charging control, policy control or both by applying relevant AVPs
Mailing
SMSC
Server Sp
• Application level session information used as input by PCRF to
Rx
PCC
PCRF
Gx or S7 Rx

Gy • Allows online credit control for service data flow based charging
PCEF SGi AF
GGSN /PGW P-CSCF
• Allows PCRF to request subscription information related
Sp subscriber from SPR
• Allows SPR to notify PCRF when subscription information changes

117
 PCRF operation modes
Pull Mode Push Mode

PCRF PCRF

RAR/RAA
CCR/CCA

PCEF PCEF
GGSN /PGW GGSN /PGW

• Provisioning isn’t requested by PCEF

• Provisioning is requested by PCEF • PCRF doesn’t contact GW
• GW pulls rules from PCRF • Provisions in response to information from
• PCRF provisions PCC rules in CCA in AF through Rx or in response to internal or
response for PCC rules made by PCEF external trigger.
118
 PCRF PCC rules
PCRF

PCC Rule
• Actions
AF Information Policy Rule engine • QoS
Rx • Charging
• Quota
PCEF Information • …
Gx
SPR Information
Sp

119
Policy and Charging Control Actions
PCC Action
QoS Control
PCC Action
PCC Action
Service
Tethering
Bandwidth
Detection
Management

PCC Action PCC Action

PDN Usage
Switching Monitoring

PCC
Actions

PCC Action
PCC Action
Access
Gating
Awareness

PCC Action
PCC Action
L3/L4
Termination
Redirection
PCC Action
HTTP
Redirection
 Subscriber Profile Repository (SPR)
SPR Parameters
Customer Account ID Subscriber Maximum totalQuota Subscriber Plan Details
allowable QoS
Customer Account Type Subscription Active Date uplinkQuota • Services allowed
Subscription ID Subscription Inactive Date downlinkQuota • Service no allowed
Subscription MSISDN Subscription Inactive Date usedQuota • QoS allowed
Subscription IMSI number Subscriber Category usedUplinkQuota • Applicable period
Subscriber IMEI number Thresholds can be again (Daily, usedDownlinkQuota • Priority of service
Monthly)
Subscription Status QoS Profile email • Credit/Threshold Limits

Public ID User Notification (sms, email, Location Information (Home Subscriber Dynamic
redirection, sms and Zone) Category
Redirection, none)

Preferred Domain Pricing Plan Date of Birth Home Location

APN network identifier APN operator identifier …
 Contents

IMS Overview
Session management and routing functions
Databases functions
Services functions
Interworking functions
Support functions
Charging functions
IMS Identities
 Online Charging

• Online charging is used to perform IMS subscriber charging for the usage of IMS service, in
detail session and event charging are supported by the S-CSCF and in some way via the
Application Server.
• The IMS gateway function (IGWF) can physically be located on the online charging system (OCS)
or on the S-CSCF or even on a standalone system.
 Online Charging
Online
NE IGWF Ro
Diameter
Charging
System

Online
NE Ro
Diameter IGWF
Ro
Diameter
Charging
System

Online
NE Ro
Diameter IGWF Charging
System
 Offline Charging
• Those network element generate Charging Data records (CDRs).
• These CDRs are the forwarded to a billing mediation device (BMD) or to the billing system (BS).
These CDRs are used for IMS subscriber charging and IMS interoperator charging.
• Offline charging can be done by:
 P-CSCF
 E-CSCF
 S-CSCF
 AS
 MGCF
 BGCF
 Offline Charging Functions
• The Charging Trigger Function (CTF) is a functionality inside of the network
element and generates charging events based on the observation of the
network. It is made up of two functional blocks:
CTF  Accounting Metrics Collection
 Accounting Data Forwarding
• The CTF is connected to the CDF via the Reference point "Rf“. This interface is
based on the Diameter protocol acc. to RFC 3588.

• The Charging Data Function (CDF) receives charging events from the CTF via
the Rf interface. It uses the received information to construct CDRs. The
result of the CDF functions are CDR as defined for example in the 3GPP TS
CDF 32.260.
• The CDF is connected to the CGF via the Ga reference point. The Ga interface
is based on GTP’ (GTP prime).

The Charging Gateway Function (CGF) acts as a gateway between the 3GPP
network and the billing domain. Several CDF can feed one CGF.
The CGF can perform persistent storage and collection of CDRs from more than
CGF one CDF. CDR performs preprocessing like CDR error handling, validation,
consolidation and reformatting.
The CGF is connected to the billing domain (BD) via the Bi reference point. On
the Bi interface standard file transfer protocols like FTAM, FTP etc. are used.
 Offline Charging
CTF Rf
Diameter CDF Ga
GTP’ CGF Bi
FTP Billing
System
NE

Rf Ga Bi
CTF Diameter CDF GTP’ CGF FTP Billing
System
NE

Rf Ga
CTF Diameter CDF GTP’ CGF Bi
FTP Billing
System
NE
 Charging Triggers
• the P-CSCF is able to perform session- and event charging. This brings benefit when the P-CSCF
is located in a visited IMS (IMS roaming scenario).
• The P-CSCF/S-CSCF charging is triggered when
 the SIP session is successfully established and the users are able to exchange media.
 the SIP session is not established e. g. the P-CSCF gets an unsuccessful SIP response
upon the initial SIP:INVITE.
 the media used in a SIP session are successfully changed.
 the SIP session is normally released.
 the session unrelated SIP service is finalized.
 intermediate accounting is triggered by an Acct-Interim-Interval AVP.
 P-CSCF Charging Functions
• To provide data for the S-CSCF e. g. an IMS charging id (ICID) or GGSN data the P-CSCF
generates and handles SIP P-headers like for example the P-charging Vector:
• The handling of P-headers complies the following functionality:
 generation of a globally unique ICID
 storing the ICID for usage in multiple SIP-messages
 deleting the ICID from the storage when not used any more
 providing the ICID to be transferred via the Gq/Rx-I/F
 taking over bearer data (GGSN-address, GCID, flow identifiers) transferred via the
Gq-I/F
 taking over additional bearer data (User-Equipment-Info, 3GPP2-BSID, 3GPP-User-
Location-Info) transferred via the Rx-I/F
 taking over data evaluated by the P-CSCF Gq/Rx session manager (QoS-Information)
 inserting proprietary P-headers into SIP messages to transport the additional bearer
data towards the S-CSCF
 translating the bearer data into GPRS-charging-info syntax
 inserting the P-Charging-Vector into SIP messages
 removing the P-Charging-Vector from SIP messages
 hecking for and removing unexpected charging-related P-headers
 Taking the P-Charging-Function-Addresses header from the S-CSCF.
 CDRs and P-Header Handling
Extraction of relevant
Information

NE ASN.1 Encoding

Storage

FTP

• Collects Charging Info

• Extracts Charging relevant data from the messages
• Encodes CDRs
• Stores CDRs
• Supports file transfer protocol
• Handles P-Header
 CDRs Types
Originating Network Terminating Network

P-CSCF S-CSCF S-CSCF P-CSCF

O-CDRs O-CDRs T-CDRs T-CDRs

Originating Network Terminating Network

P-CSCF S-CSCF P-CSCF

O-CDRs O-CDRs T-CDRs
T-CDRs

MGCF S-CSCF MGCF

Transit-CDRs
 CDRs Fields

• CDR Types  Record-Type

 Session based CDRs  SIP-Method
 Event Based CDRs  Role-of-Node
 Node-Address
• Events  List-Of-Calling-Party-Address
 Subscribe Req./Resp.  Called-Party-Address
 Init Subscribe Req/Resp.  Service-Request-Time-Stamp,
 Notify Req/Resp.  Service-Delivery-Start-Time-Stamp
 Register Req  Service-Delivery-End-Time-Stamp
 Re-Register  Record-Sequence-Number
 De-Register  Record-Opening-Time
 Message Req/Resp.  Record-Closure-Time
 Publish Req.Resp.  Cause-For-Record-Closing
 Options Req/Resp  IMS-Charging-Identifier
 Refer Req./Resp  Service-Reason-Return-Code
 New Req/Resp.  List-Of_SDP-Media-Components
 Contents

IMS Overview
Session management and routing functions
Databases functions
Services functions
Interworking functions
Support functions
Charging functions
IMS Identities
IMS features
 IMS Identifiers

Private User ID Public User ID

•Two possible format, SIP URI or TEL
• unique global id according to RFC
URI
2486 (network access identifier NAI)
•SIP:URI acc to RFC 3261/2396
• not for routing, just for registration
•TEL:URI acc. to RFC 3966
(authentication)
•Used routing and for communication
• stored in the HSS and ISIM
between users.
• allocated to an ISIM application
•At least one private id allocated to
• allocated to the subscription
an ISIM application
• one ore more Private User ids
•Shall be registered explicitly or
per IMS subscription
implicitly before used.

username@domain sip:<user part>@<host/domain part>

telephonenumber@provider.net sip:<IMSI>@provider.net
IMSI@provider.net sip:<IMSI>@ ims.mnc<MNC>.mcc<MCC>.3gppnetwork.org
<IMSI>@ims.mnc<MNC>.mcc<MCC>.3gppnetwork.org tel:telephonenumber
 IMS Subscription
Implicit Registration Set 1
Public
User ID 1
Service
Profile 1
Private Public
User ID 1 User ID 2

Implicit Registration Set 2

IMS
Subscription Public Service
User ID 3 Profile 2

Private Public
User ID 2 User ID 4
Service
Profile 3
Public
User ID 5
135
 Implicit Registration Set
Implicit Registration Set 1

Public User ID 1
Public User ID 2
Public User ID 3

IMS Registration with Public User ID 2

S-CSCF
User

IMS User is now registered and

reachable with all public UIDs of the
Implicit Registration Set
 Relation between IMPIs
and IMPUs
• IMPUs may be shared across all Private User Identities within the same IMS subscription.
Therefore, a particular Public User Identity may be simultaneously registered from multiple
UEs that use different Private User Identities and different contact addresses.
• If a Public User Identity is shared among the Private User Identities of a subscription, then it is
assumed that all Private User Identities in the IMS subscription share the Public User Identity.
• The end user can finally use features (based on multiple registration and forking) which are
already supported by devices (e.g. parallel and serial ringing).
• The end user may subscribe to comprehensive service offers based on shared user identities
(e. g. selection of the UE which fits best to the current communication needs).
• Several Public User IDs can belong to one Implicit Registration Set. As soon as one Public User
ID registers, the other members of the same IRS are also registered.

137
Universal Integrated Circuit Card
2G SIM
ISIM
IMSI MSISDN
Security Keys
SMS Address Home Network Domain
Data Book Name URI

UMTS SIM (USIM) Administrative Data

Multimedia Private User Identity (s)

messaging
MSISDN P-CSCF Address
config data
Access Rule Reference
Auth Data IMSI Public User Identity (s)
and keys
 Contents

IMS Overview
Session management and routing functions
Databases functions
Services functions
Interworking functions
Support functions
Charging functions
IMS Identities
IMS features
 SIP Compression
• SIP signaling is a text oriented signaling, so it is very bandwidth
consuming.
• Therefore a static (RFC3320/3486) and dynamic (RFC 3321) SIP
signaling compression are provided.
• Both SIP clients and P-CSCF perform SIP compression and
decompression.

Compressed SIP
UAC P-CSCF

RFC Year Description

RFC3320 1999 Static Compression
RFC3486 2002 Static Compression
RFC3321 2002 Dynamic Compression
 Number Portability

• Number portability enables telephony subscriber to keep their telephone

number when they change service provider.
• Number portability is supported for SIP URIs and Tel URIs containing an E164
number.

1. Invite 1. Invite
(tel:E.164 number) (tel:E.164 number)
 IPsec support

• The Zb Interface adds IPSec security to all signaling interfaces within an operators
network: Mw, Cx, Sh, Mi, Mj, Mg, ISC …
• The Za Interface adds IPSec security to all signaling interfaces between the IMS
networks of different operators.

Zb Za Zb

IMS Network IMS Network

 TLS support
• TLS support in IMS significantly improves the access security.
• TLS is used in Gm interface.
• SIP signaling is protected by a TLS tunnel, which supports confidentially and
integrity protection.
• This results in a high availability of the services due to increased stability and
robustness against attacks. It enables the operator to offer new services and
attract new customers that require higher security.

SIP
TLS
TCP
IP
 Emergency Calls
• The IMS offers different possibilities for emergency handling depending on
the access technology.
• Emergency calls can be rejected totally for mobile access users, because no
location information is contained in the setup information.

PSAP
LRF

HSS
Le
BGCF
Ml
Cx
Mi

Mw Mj

P-CSCF E-CSCF
Mg
Dx

MGCF
SLF
 Ut Interface support
• Introduced in 3GPP Rel 6.
• Ut is based on XML Configuration Access Protocol (XCAP) protocol
• This interface enables the user to manage information related to his services.
Such as creation and assignment of Public Service Identities, management of
authorization policies that are used e.g. by Presence service, conference
policy management, etc.
• The AS may need to exhibit security related functions for the Ut interface, the
details of these security functions are described in TS 33.222.

XML
HTTP
TCP
IP
UAC AS

Ut
Thanks for your attention

149