ATIS 0300016-2011 Next Generation Interconnection Interoperability (NGIIF) Reference Document Part III Installation Testing and Maintenance Responsibilities for SS7 Links and Trunk.pdf

1、 ATIS-0300016 Next Generation Interconnection Interoperability (NGIIF) Reference Document Part III, Installation, Testing and Maintenance Responsibilities for SS7 Links and Trunks Attachment E SS7 Network Gateway Screening Version 12.0 ATIS is the leading technical planning and standards development

2、 organization committed to the rapid development of global, market-driven standards for the information, entertainment and communications industry. More than 200 companies actively formulate standards in ATIS Committees, covering issues including: IPTV, Cloud Services, Energy Efficiency, IP-Based an

3、d Wireless Technologies, Quality of Service, Billing and Operational Support, Emergency Services, Architectural Platforms and Emerging Networks. In addition, numerous Incubators, Focus and Exploratory Groups address evolving industry priorities including Smart Grid, Machine-to-Machine, Connected Veh

4、icle, IP Downloadable Security, Policy Management and Network Optimization. ATIS is the North American Organizational Partner for the 3rd Generation Partnership Project (3GPP), a member and major U.S. contributor to the International Telecommunication Union (ITU) Radio and Telecommunications Sectors

5、, and a member of the Inter-American Telecommunication Commission (CITEL). ATIS is accredited by the American National Standards Institute (ANSI). For more information, please visit www.atis.org. . Notice This document was developed by the Alliance for Telecommunications Industry Solutions (ATIS) sp

6、onsored Next Generation Interconnection Interoperability Forum (NGIIF). The NGIIF addresses next-generation network interconnection and interoperability issues associated with emerging technologies. Specifically, it develops operational procedures which involve the network aspects of architecture, d

7、isaster preparedness, installation, maintenance, management, reliability, routing, security, and testing between network operators. In addition, the NGIIF addresses issues which impact the interconnection of existing and next generation networks and facilitate the transition to emerging technologies

8、. All changes to this document shall be made through the NGIIF issue resolution process. Note Regarding Previous Versions The NIIF Reference Document was formerly known as the Network Operations Forum (NOF) Reference Document. The NOF Reference Document was published and maintained by Bellcore. The

9、last version of the NOF Reference Document is Issue 13. Disclaimer and Limitation of Liability The information provided in this document is directed solely to professionals who have the appropriate degree of experience to understand and interpret its contents in accordance with generally accepted en

10、gineering or other professional standards and applicable regulations. No recommendation as to products or vendors is made or should be implied. NO REPRESENTATION OR WARRANTY IS MADE THAT THE INFORMATION IS TECHNICALLY ACCURATE OR SUFFICIENT OR CONFORMS TO ANY STATUTE, GOVERNMENTAL RULE OR REGULATION

11、, AND FURTHER NO REPRESENTATION OR WARRANTY IS MADE OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR AGAINST INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS. ATIS SHALL NOT BE LIABLE, BEYOND THE AMOUNT OF ANY SUM RECEIVED IN PAYMENT BY ATIS FOR THIS DOCUMENT, WITH RESPECT TO ANY CLAIM, AND I

12、N NO EVENT SHALL ATIS BE LIABLE FOR LOST PROFITS OR OTHER INCIDENTAL OR CONSEQUENTIAL DAMAGES. ATIS EXPRESSLY ADVISES THAT ANY AND ALL USE OF OR RELIANCE UPON THE INFORMATION PROVIDED IN THIS DOCUMENT IS AT THE RISK OF THE USER. ATIS-0300016, NGIIF Reference Document, Part III, Installation and Main

13、tenance Responsibilities for SS7 Links and Trunks, Attachment E, SS7 Network Gateway Screening, Formerly NIIF 5011 The NGIIF Reference Document, Part III, Installation and Maintenance Responsibilities for SS7 Links and Trunks, Attachment E, SS7 Network Gateway Screening, is an ATIS standard develope

14、d by the NGIIF. Published by Alliance for Telecommunications Industry Solutions 1200 G Street, NW, Suite 500 Washington, DC 20005 Copyright 2011 by Alliance for Telecommunications Industry Solutions All rights reserved. 2 No part of this publication may be reproduced in any form, in an electronic re

15、trieval system or otherwise, without the prior written permission of the publisher. For information contact ATIS at 202.628.6380. ATIS is online at . Printed in the United States of America. 3 SS7 NETWORK GATEWAY SCREENING Table of Contents 1 GENERAL 4 1.1 SS7 NETWORK GATEWAY SCREENING . 4 1.2 ESSEN

16、TIAL MTP MANAGEMENT INHIBIT/UNINHIBIT/TEST 4 1.3 ESSENTIAL SIGNALING ROUTE MANAGEMENT MESSAGES . 4 1.4 ESSENTIAL SIGNALING TRAFFIC MANAGEMENT MESSAGES 4 1.5 ALLOWED SIGNALING NETWORK TESTING AND MAINTENANCE MESSAGE 5 1.6 ESSENTIAL ISUP MESSAGES 5 1.7 ESSENTIAL SCCP (TCAP) MESSAGES 5 1.8 ESSENTIAL SC

17、CP MANAGEMENT MESSAGES . 6 1.9 DESIRABLE SS7 MESSAGES 6 1.10 PROTOCOL AMBIGUITIES/ISSUES/CONCERNS . 6 1.11 HUBBING INTERCONNECT TEST 6 1.12 SS7 MESSAGE TYPE VALUES . 6 1.13 GATEWAY SCREENING POLICIES REFERENCE . 8 1.14 OPTIONAL BLANK GATEWAY SCREENING POLICY FORM . 15 1.15 GLOSSARY 16 4 1 General 1.

18、1 SS7 Network Gateway Screening SS7 messages will only be allowed to pass from one network to another, between network elements which have been identified by both networks as a supporting element of a jointly provided service or application. A network element will be specified by OPC, DPC, CgPA, CdP

19、A. Other message fields applicable to screening include, but are not limited to, SI, PRI, H0-H1, message type, internetwork translation types, APC, ASSN, and DF. Where applicable, appropriate values are specified/assigned in national standards. Network Gateway Screening tables are configured based o

20、n the requirements and security concerns of the screening network. At the time of network interconnection, both networks should share screening information, to ensure no network incompatibility has been introduced by the interaction of the screening functions. After interconnection is established, s

21、creening changes which affect the terms and conditions of the interconnection agreement require prior notification to the affected interconnected network provider. 1.2 Essential MTP Management Inhibit/Uninhibit/Test Link Inhibit (LIN) Link Inhibit Acknowledgement (LIA) Link Uninhibit (LUN) Link Unin

22、hibit Acknowledgment (LUA) Link Inhibit Denied (LID) Link Forced Uninhibit (LFU) Link Local Inhibit (LLI) Link Remote Inhibit Test (LRI) 1.3 Essential Signaling Route Management Messages Transfer Prohibited/Transfer Cluster Prohibited (TFP/TCP) Transfer Allowed/Transfer Cluster Allowed (TFA/TCA) Tra

23、nsfer Restricted/Transfer Cluster Restricted (TFR/TCR) Route Set Test (RSM) Transfer Controlled (TFC) Route Set Congestion Test (RCT) 1.4 Essential Signaling Traffic Management Messages Changeover (COO) Changeover Acknowledgement (COA) Emergency Changeover (ECO) Emergency Changeover Acknowledgement

24、(ECA) Changeback (CBO) Changeback Acknowledgement (CBA) 5 1.5 Allowed Signaling Network Testing and Maintenance Message Signaling Link Test Message (SLTM) Signaling Link Test Acknowledgement (SLTA) 1.6 Essential ISUP Messages Address Complete (ACM) Answer (ANM) Blocking (BLO) Blocking Acknowledgemen

25、t (BLA) Circuit Group Blocking (CGB) Circuit Group Blocking Acknowledgement (CGBA) Circuit Group Reset (GRS) Circuit Group Reset Acknowledgement (GRA) Circuit Group Unblocking (CGU) Circuit Group Unblocking Acknowledgement (CGUA) Circuit Query (CQM) Circuit Query Response (CQR) Circuit Reservation A

26、cknowledgement Message (CRA) Circuit Reservation Message (CRM) Circuit Validation Response (CVR) Circuit Validation Request (CVT) Continuity (COT) Continuity Check Request (CCR) Initial Address (IAM) Loop Back Acknowledgement (LPA) Release (REL) Release Complete (RLC) Reset Circuit (RSC) Resume (RES

27、) Suspend (SUS) Unblocking (UBL) Unblocking Acknowledgement (UBA) Unequipped Circuit Identification Code (UCIC) 1.7 Essential SCCP (TCAP) Messages Unit Data (UDT) 6 Unit Data Service (UDTS) 1.8 Essential SCCP Management Messages Subsystem Prohibited (SSP) Subsystem Allowed (SSA) Subsystem Test (SST)

28、 1.9 Desirable SS7 Messages MTP Routing Verification Test (MRVT) SCCP Routing Verification Test (SRVT) 1.10 Protocol Ambiguities/Issues/Concerns TFP response method is recommended at the STP gateways. TFR response method is recommended at the STP gateway. TCx - Some vendors do not support TCx messag

29、es. There are protocol ambiguities in the ANSI standards regarding the Transfer Cluster and Route Set Test (cluster) procedures that need to be clarified in T1 standards. TFC - There are only two methods currently available within the North American network to handle Signaling Message Congestion and

30、 Signaling Message Transmit Congestion. These methods are Message Discard and Transmit Congestion Control. Each of these methods has significant impact on messages attempting to cross a point of congestion and on the signaling end-nodes attempting to utilize that point of congestion. Message Discard

31、 alone will shed offered traffic at the point of congestion. Transmit Congestion Control will attempt to reduce offered traffic at its source, notifying the sending SP utilizing the TFC message and then shed traffic at the point of congestion using Discard if TFC alone does not relieve the congestio

32、n. It is important that network operators understand the consequences of each method. Determination of which method to utilize should be agreed to between interconnected network operators. 1.11 Hubbing Interconnect Test The NGIIF recommend that the Hubbing Interconnect MTP test be performed. This te

33、st can be found in Attachment A - MTP Compatibility Tests. 1.12 SS7 Message Type Values Table 1: SI Values SI Message Type Description Notes 0 Signaling Network Management Network Management Messages See SI 0 H0 H1 Table 1 Signaling Network Test (Regular) Link Test Messages (Regular) 7 2 Signaling N

34、etwork Test (Special) Link Test Messages (Special) 3 SCCP CLASS/LNP/CNAM/ Toll Free etc 4 TUP Telephone User Part Unused? 5 ISDNUP Call Setup/Trunk Maintenance 6 Banded Signaling Unused? Table 2: SI 0 H0 and H1 Values Message Type Acronym Service Information Octet H0 H1 Notes Level 2 Link Management

35、 LSSU Change Over Order COO 0 1 1 Change Over Acknowledgement COA 0 1 2 Change Back Declaration CBD 0 1 5 Change Back Acknowledgement CBA 0 1 6 Emergency Changeover Order ECO 0 2 1 Emergency Changeover Ack. ECA 0 2 2 Signaling Route Set Congestion Test RCT 0 3 1 Transfer Controlled TFC 0 3 2 Transfe

36、r Prohibited TFP 0 4 1 Transfer Cluster Prohibited TCP 0 4 2 Transfer Restricted TFR 0 4 3 Transfer Cluster Restricted TCR 0 4 4 Transfer Allowed TFA 0 4 5 Transfer Cluster Allowed TCA 0 4 6 Signaling Route Set Prohibited RSP 0 5 1 Signaling Route Set Restricted RSR 0 5 2 Signaling Route Set Prohibi

37、ted Cluster RCP 0 5 3 Signaling Route Set Restricted Cluster RCR 0 5 4 Link Inhibit LIN 0 6 1 Link Uninhibit LUN 0 6 2 8 Link Inhibit Acknowledgement LIA 0 6 3 Link Uninhibit Acknowledgement LUA 0 6 4 Link Inhibit Denial LID 0 6 5 Link Force Uninhibit LFU 0 6 6 Link Local Inhibit Test LLI 0 6 7 Link

38、 Remote Inhibit Test LRI 0 6 8 Traffic Restart Allowed TRA 0 7 1 Traffic Restart Waiting TRW 0 7 2 Signaling Data Link Connection Order DLC 0 8 1 Unused? Signaling Data Link Connection Successful 0 8 2 Unused? Signaling Data Link Connection Not Successful 0 8 3 Unused? 1.13 Gateway Screening Policie

39、s Reference SS7 networks may transport SS7 signaling messages between parties. A carrier (B) with an SS7 network, with SS7 connections to parties A and C, can, with appropriate permissions and translations, deliver SS7 messages received from Party A to Party C. A potential problem exists when an SS7

40、 network delivers messages from more than one sending party to a given receiving party. (The terms “sending” and “receiving” are used as opposed to “source” and “destination” to allow for the possibility that the “sending” party need not be the originator of the message, and the “receiving” party is

41、 not necessarily its ultimate destination.) The SS7 protocol has no mechanism for authenticating the identities of message originators contained in the Originating Point Code and/or the Calling Party Address parameters. These parameters, like all other SS7 parameters, are assumed to be populated cor

42、rectly by their originating network element. Messages that are generated by one node, but which improperly contain the point code of another node in either the Originating Point Code and / or Calling Party Address can be referred to as being “spoofed” messages. Spoofed messages are viewed as hazardo

43、us because they can cause receiving network elements to take measures in response to conditions that do not actually exist. Spoofed messages can enter a network either through a compromise in the integrity of targeted network (e.g., a compromised switch or facility), or from a directly or indirectly

44、 interconnected network which has mistakenly accepted it or improperly generated it. A C B 9 A network can perform screening on the messages that it receives from a prior SS7 network to insure that their Originating Point Code and/or Calling Party Address are consistent with the traffic expected fro

45、m the prior network. But each network must rely on the screening performed by the previous network that handles a message. The receiving network is unable to distinguish whether the received message actually came from the party identified in that parameter. If, for example, an intermediate SS7 netwo

46、rk delivers traffic from parties W, X and Y to network Z over a given interconnection, then network Z has no ability to determine whether messages having a point code from party W in the Originating Point Code or Calling Party Address were actually received (by the intermediate SS7 network) from par

47、ty W, as opposed to parties X or Y. Network Z can only be assured that the given message was sent by party W if the intermediate SS7 network (as well as any other intermediate networks) has performed originator screening at the point of its interconnection with party W. Each signaling network theref

48、ore relies on the authentications performed by preceding signaling networks, and may want to understand the screening policies employed by those networks. Similarly, a signaling network may pass signaling to many different receiving networks. As a result, intermediate networks may receive inquiries

49、from multiple networks about their screening policies. In order to facilitate discussions about screening and authentication that may occur among multiple networks, a common format for documenting screening practices has been developed. The tables below have been developed to describe the screening that is applied to each message type, covering OPC, DPC, CgPA and CdPA and other header parameters, as appropriate. These tables may also indicate the extent to which addr