ATIS 0100036-2013 Media Plane Performance Security Impairments for Evolving VoIP Multimedia Networks.pdf

1、 AMERICAN NATIONAL STANDARD FOR TELECOMMUNICATIONS ATIS-0100036.2013 MEDIA PLANE PERFORMANCE SECURITY IMPAIRMENTS FOR EVOLVING VOIP/MULTIMEDIA NETWORKS As a leading technology and solutions development organization, ATIS brings together the top global ICT companies to advance the industrys most-pres

2、sing business priorities. Through ATIS committees and forums, nearly 200 companies address cloud services, device solutions, emergency services, M2M communications, cyber security, ehealth, network evolution, quality of service, billing support, operations, and more. These priorities follow a fast-t

3、rack development lifecycle from design and innovation through solutions that include standards, specifications, requirements, business use cases, software toolkits, and interoperability testing. ATIS is accredited by the American National Standards Institute (ANSI). ATIS is the North American Organi

4、zational Partner for the 3rd Generation Partnership Project (3GPP), a founding Partner of oneM2M, a member and major U.S. contributor to the International Telecommunication Union (ITU) Radio and Telecommunications sectors, and a member of the Inter-American Telecommunication Commission (CITEL). For

5、more information, visit . AMERICAN NATIONAL STANDARD Approval of an American National Standard requires review by ANSI that the requirements for due process, consensus, and other criteria for approval have been met by the standards developer. Consensus is established when, in the judgment of the ANS

6、I Board of Standards Review, substantial agreement has been reached by directly and materially affected interests. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort

7、be made towards their resolution. The use of American National Standards is completely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not, from manufacturing, marketing, purchasing, or using products, processes, or procedures not conformi

8、ng to the standards. The American National Standards Institute does not develop standards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the na

9、me of the American National Standards Institute. Requests for interpretations should be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedures of the Americ

10、an National Standards Institute require that action be taken periodically to reaffirm, revise, or withdraw this standard. Purchasers of American National Standards may receive current information on all standards by calling or writing the American National Standards Institute. Notice of Disclaimer 2

11、) congestion at three times the baseline traffic; and 3) congestion at three times the baseline traffic while security services are used for calls. Mean Opinion Score (MOS) as estimated by the E-Model is used extensively to measure QoS throughout the modeling efforts for a select number of the model

12、ed calls in the system. MOS is a subjective measure of call quality while the E-Model is a numerical approximation of MOS. It was demonstrated that low-bandwidth codecs are more easily able to withstand the effects of congestion, as well as the security measures, at the cost of lower initial call qu

13、ality. In fact, the highest quality modeled codec, G.711, had the lowest final MOS when using security under congestion. Additional modeling showed that with increased priority weight at routers and priority queuing for IPSec cryptography engines, even G.711 could meet the Class 1 QoS requirements l

14、isted in ITU-T Y.1541. Class 1 QoS is defined as having an upper delay bound of no greater than 400 ms and packet loss no greater than 0.1%. While network security mechanisms are not always pertinent for VoIP users, they may be important for users such as those in the United States National Security

15、 and Emergency Preparedness (NS/EP) community. Providing mechanisms which may improve voice QoS for certain high-priority calls during national security events and other periods of high congestion is essential for ensuring that those calls complete successfully. Three solutions are identified that c

16、ould provide acceptable QoS to specific calls: 1. Increasing queuing priority at routers over the value held for public VoIP traffic. 2. Establishing priority queuing at both the IPSec ingress and egress. NOTE: This may require the copying of the Differentiated Services Code Point (DSCP) from the in

17、ner header to the IPSec header when entering an IPSec tunnel, so that the priority markings may be accessed by the egress cryptographic engine. 3. Adapting codec selection and the use of security services depending on the immediate conditions of the network. For instance, it may be worthwhile to swi

18、tch to a low-bandwidth codec when facing serious congestion. Implementing just the first two solutions in the modeling showed that packet loss could be reduiced from over 58% to 0.10%. .AMERICAN NATIONAL STANDARD ATIS-0100036.2013 American National Standard for Telecommunications on Media Plane Perf

19、ormance Security Impairments for Evolving VoIP/Multimedia Networks 1 1 Introduction Service quality in packet-based networks can be negatively affected by numerous conditions such as congestion, link bit error rates, or use of various security mechanisms. This document discusses the impacts of imple

20、menting security standards, including an evaluation by estimated mean opinion score (MOS) in a network model. An overview of the purpose of this document is given in section 2, while section 3 lists all references from standards and provides a table of acronyms. Section 4 provides light background o

21、n the role that Quality of Service (QoS) plays in media services. Section 5 highlights modeling results from a simulation involving MOS and cryptography services for a standard voice call both with and without congestion. Finally, section 6 discusses Next Generation Network (NGN) National Security a

22、nd Emergency Preparedness (NS/EP) services and highlights several proposed changes to support them. In addition, there are four annexes designed to provide a good set of background information on QoS and security services. 2 Scope, Purpose, this delay is caused by the time it takes for cryptographic

23、 processing and also the queuing for that processing at the cryptographic endpoints. In certain cases, packet loss and possible retransmission will occur due to overflows at buffers caused by congestion at cryptographic engines. There should be no artifacts formed due to cryptography since it does n

24、ot create packet loss like some compression methods. Modeling work was performed to produce a quantitative assessment of the impact on MOS that using security could have when dealing with voice calls. A sample network comprised of a simple core and two wireless access networks was produced along wit

25、h enough mixed discrete traffic to represent a standard busy hour load on each link in order to establish a baseline. Two additional scenarios show how public voice calls would perform during a congestion event (three times the amount of mixed traffic). For more information regarding modeling parame

26、ters, please refer to Annex E. Six codecs with various characteristics were evaluated in order to capture a wide range of varying performance. Using the E-Model in scenarios with and without security allows one to see how call quality is affected by the services. Up to date codec impairment values a

27、re pulled from ITU-T G.113 and all other codec parameters come from their respective standards. Codec impairment values, algorithmic delays, payload lengths, and packets per second are included in Table 1 for each of the six codecs. End-to-end delay and packet loss are the primary alterations when m

28、oving from no security to its inclusion in the model under congestive circumstances, since there are no other artifacts added by encryption and authentication unless traffic is dropped by the cryptography engine. The time to encrypt a packet is primarily a function of its cryptographic payload and c

29、ongestion present at the cryptographic engine. ATIS-0100036.2013 9 Codec impairment is not the only way that codecs differ amongst themselves. Delay is also introduced algorithmically by the sampling, compression, decompression, and reconstruction processes. For instance, the algorithmic delay diffe

30、rence between G.711 and G.723.1 is over 60 ms, which is a very large portion of end-to-end delay for voice. The effect of additional delay is more severe as total delay increases; therefore, codecs with high algorithmic delay may perform poorly for reasons other than their codec impairment. Encrypti

31、on involves a portion of processing that is independent from payload length; therefore, codecs which produce a large number of packets per second tend to be more easily impacted by cryptographic congestion. 5.1 Modeling Description this would allow meeting QoS goals in a larger variety of situations

32、 without dynamically altering priority weights according to present congestion. 6.3 Quality of Service Adaptation In order to meet established QoS goals, NGN networks may need to adjust portions of their operation depending on congestion. Despite many priority mechanisms which should allow for most

33、priority calls to obtain a desirable QoS, there may arise congestion conditions which result in calls performing worse than needed. In such cases, the network could enact several different policies, which could each lessen the severity of the degraded service. Apart from possible queuing or retrying

34、 until a QoS target is obtainable, media codecs and security services could be altered for one session or a group of sessions to facilitate the agreed upon QoS. 6.3.1 NGN NS/EP QoS Threshold Comparing the selected QoS threshold to the current conditions for a call requires a model for MOS, since it

35、is actually a subjective score. While the E-Model is a generally accepted method for calculating QoS, it is expensive to compute and requires information which is difficult to collect, such as the noise levels at the sending and receiving locations. An alternative to establishing an actual MOS for v

36、oice quality would be to have individual thresholds for such metrics as packet loss, end-to-end delay, and jitter, and then send alerts when one or more of those are breached. An additional benefit is that such a method could be expanded to suit video and data services as well and not just voice. Id

37、eally, MOS for a phone call should not drop below 4.0, which is the boundary between “satisfied” and “some users dissatisfied”, although it should be suitable to lower the threshold to 3.5 for cases of heavy network congestion. 3.5 is more practical since it would permit the use of the G.729, G.729a

38、, and G.723.1 codecs, all of which have codec impairments that would result in a MOS lower than 4.0 even in cases of no or light congestion. While an MOS of 3.5 is still in the range of “Most Users Dissatisfied”, it would be acceptable for priority users during periods of extreme congestion. While a

39、n E-Model QoS goal of 3.5 is desirable, it is impractical to derive such a figure in a deployed network as stated above, so for the purposes of this document, the target QoS goals for NGN NS/EP Statistic Statistic Y.1541 Class 1 Result without Result with ImprovementClassification Name QoS Threshold

40、 DSCP Copying DSCP Copying (%)Y.1541 QoS Packet Loss (%) 0.10% 8.69% (Over Threshold) 0.10% 98.85%Classificiation Maximum Delay (ms) 400.00 268.21 117.19 56.31%Statistic Average Jitter (ms) 50.00 13.38 3.78 71.75%Other Average Delay (ms) N/A 105.80 24.36 76.98%QoS Mean Opinion Score N/A 4.23 4.36 3.

41、14%Measurement MOS Grade N/A Satisfied Very Satisfied N/AATIS-0100036.2013 13 voice traffic are as follows: no more than a 400 ms maximum delay bound end-to-end, no more than 50 ms of jitter, and no more than 0.1% packet loss, which follow the requirements set by Y.1541 for Class 1 QoS. The delay bu

42、dget accounts for the delay within the transit networks, ignoring any delay that may reside within user networks or in their handset. User-specific delays are not taken into account, since service providers are unable to provide performance guarantees for network entities outside of their network an

43、d those networks that they have peering agreements with. In reality, handset and codec delays could add up to about forty milliseconds of delay, depending on the codec. For illustrative purposes, the following text assumes a 400 ms mouth-to-ear delay budget, which is the boundary for Y.1541 Class 1

44、QoS. When there is no congestion present in the network, the budget is primarily spent on propagation delay and codec delay, while other delays such as processing and emission delays are minimal. Using encryption will cause additional delay dependent on packet size and cryptography algorithms. Heavy

45、 cryptographic congestion will cause additional delays when using encryption. Heavy network packet congestion will cause processing and queuing delays to increase. All types of congestion may lead to packet loss, which can cause large drops in call quality even if delays remain low. The following ta

46、ble provides a notional representation of delay budget for a variety of scenarios. Table 4 - Example Delay Budget (400 ms budget) Delay Type No Encryption (Baseline Values) Encryption No Congestion Cryptographic Congestion Packet Congestion Overall Congestion Cryptographic 0 15 60 15 50 Queuing 20 n

47、o change no change 210 190 Propagation 100 no change no change no change no change Emission 10 no change no change no change no change Processing 10 no change no change 15 15 Remaining 260 245 200 50 35 The table shows representative results for a session over a relatively slow network. Even so, it

48、is difficult to approach the allotted 400 ms for Class 1 QoS. Delay is unlikely to increase too significantly under congestion unless queues are sized very large. It is recognized that under severe emergency conditions with the likelihood of significant loss of network resources and bandwidth, it ma

49、y not be possible to achieve the desired network performance for NS/EP services as defined in this section. Under such conditions, service completion is considered to be vital even under degraded network performance levels. 6.3.2 QoS Measurement QoS monitoring is generally the role of a Session Border Controller, and the various roles of an Session Border Controller are divided between several functional entities in the IMS architecture. Generally in the IMS, Session Border Controller roles are performed by the Call Session Control Functions (CSCF), Policy Decision Function (PDF), I