ETSI TS 184 010-2011 Telecommunications and Internet Converged Services and Protocols for Advanced Networks (TISPAN) ENUM & DNS Principles for an Interoperator IP backbone network _1.pdf

1、 ETSI TS 184 010 V3.1.1 (2011-08) Telecommunications and Internet Converged Services and Protocols for Advanced Networks (TISPAN); ENUM Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available

2、 on the ETSI Web server (http:/ipr.etsi.org). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or m

3、ay be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN). ETSI ETSI TS 184 010 V3.1.1 (2011-08)61 Scope The prese

4、nt document captures a set of assumptions that would help to define a set of ETSI requirements and a possible architecture for an IPX and in particular the ENUM Universal Mobile Telecommunications System (UMTS); LTE; TISPAN; NGN Release 1; Endorsement of 3GPP TS 29.162 Interworking between IM CN Sub

5、-system and IP networks (3GPP TS 29.421)“. 8 ETSI TS 184 011: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Requirements and usage of E.164 numbers in NGN and NGCN“. 9 IETF RFC 3261: “SIP: Session Initiation Protocol“. 10 IETF RFC 3966: “The Tel

6、URI for Telephone Numbers“. 11 IETF RFC 4355: “IANA Registration for Enumservices email, fax, mms, ems, and sms“. 12 IETF RFC 3764: “enumservice registration for Session Initiation Protocol (SIP) Addresses-of-Record“. 13 IETF RFC 4769: “IANA registration for an ENUM service containing Public Switche

7、d Telephone Network (PSTN) Signalling Information“. 14 ETSI TS 187 001: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); NGN SECurity (SEC); Requirements“. 15 IETF RFC 2671: “Extension Mechanisms for DNS (EDNS0)“. 16 IETF RFC 5358: “Preventing Use o

8、f Recursive Nameservers in Reflector Attacks“. 17 IETF RFC 5452: “Measures for Making DNS More Resilient against Forged Answers“. 18 ETSI ES 282 001: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); NGN Functional Architecture“. 2.2 Informative refe

9、rences The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 IETF RFC 4282: “The Network Access Identifier“. i.2 GSMA IR67 version 3.1 (Jan 2009). i.3 ETSI TR 184 003: “Telecommunication

10、s and Internet converged Services and Protocols for Advanced Networking (TISPAN); Portability of telephone numbers between operators for Next Generation Networks (NGNs)“. i.4 IETF RFC 3824: “Using E.164 numbers with the Session Initiation Protocol (SIP)“. i.5 ETSI TR 184 005: “Telecommunications and

11、 Internet converged Services and Protocols for Advanced Networking (TISPAN); Types of numbers used in an NGN environment“. i.6 ETSI TR 184 008: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Infrastructure ENUM Options for a TISPAN IPX“. i.7 ETSI

12、TR 187 002: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); TISPAN NGN Security (NGN-SEC); Threat, Vulnerability and Risk Analysis“. i.8 ETSI TR 187 010: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TIS

13、PAN); NGN Security; Report on issues related to security in identity imanagement and their resolution in the NGN“. ETSI ETSI TS 184 010 V3.1.1 (2011-08)8i.9 ETSI TS 184 006: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Interconnection and Routei

14、ng requirements related to Numbering and Naming for NGNs; NAR Interconnect“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply: carrier of record: Service Provider to which the E.164 number was allocated for end user a

15、ssignment, by the National Regulatory Authority (NRA) or the International Telecommunication Union (ITU), for instance, a code under “International Networks“ (+882) or “Universal Personal Telecommunications (UPT)“ (+878) NOTE: In the case that the number is ported the carrier of record maybe changed

16、 due the national number portability (NP) policies. It is understood that the definition of carrier-of-record within a given jurisdiction is subject to modification by national authorities. Communications Provider (CP): any entity providing communications services to End Users and using a network to

17、 provide routeing capabilities delegation: when a part of a zone is maintained separately, it is delegated to a new nameserver that will have authority of that part of the domain namespace NOTE: The original zone will have the nameserver (NS) record for the delegated domain and the new sub-zone will

18、 have a new Start Of Authority (SOA) record. DNS Client: See “DNS Resolver“. DNS Resolver: also known as a “DNS Client“, this is an entity that is attempting to resolve a given domain name to an address or vice versa NOTE: Usually the DNS Resolver is connected to a local DNS caching server that perf

19、orms the DNS look-ups on behalf of the DNS Resolver. Application programs use function calls, such as gethostbyname, to find the IP address representing a domain name. The name may be specified either as a Fully Qualified Domain Name (FQDN) or only partially. In the latter case, the DNS Resolver app

20、ends (a) configured local domain name(s) at the end of the name. DNS Server: can be a Nameserver, a Local Caching DNS Server or both domain name: consists of two or more labels separated with a dot (.) character NOTE: It starts from the least significant domain on the left, and ends with the most si

21、gnificant domain (or top-level domain) on the right. This naming convention naturally defines a hierarchy. interoperator IP backbone provider: provider of a transit network or transit services that does not offer “services“ to end users, but offers pure IP connectivity or session-based service inter

22、connection to Communications Providers nameserver: takes care of DNS Queries sent by DNS Resolvers NOTE: The query is answered by using locally stored information (either configured locally or cached from a previous query result), by requesting the information from another DNS Server, or by providin

23、g the DNS Resolver with the details of another DNS Server to query. One Nameserver can serve (i.e. be authoritative for) several domains. There may also be several Nameservers serving one domain (Usually one Nameserver is the Primary and the other/rest are Secondaries. The Seconedary Namersever requ

24、est authoritative DNS data from the Primary Nameserver due to a configured DNS data update process.). ETSI ETSI TS 184 010 V3.1.1 (2011-08)9Shared ENUM Infrastructure: Inter-operator infrastructure according to ENUM technology as defined in RFC 6116 2, used by the originating or an intermediate netw

25、ork to map a specific E.164 number into a URI that identifies a specific entry point into the network actually serving that specific E.164 number NOTE: Carrier ENUM infrastructure is different from user ENUM infrastructure where the end-user may register his E.164 number to be associated with a URI

26、of his desire. zone: DNS is a distributed database that contains information of each domain name NOTE: Each DNS server maintains a part of the database called a zone. Usually a zone contains information of one domain. However, one zone may contain information about many (sub)domains. Each informatio

27、n element is stored in a record that contains at least a domain name and type (which includes type specific information). 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: 3GPP 3rdGeneration Partnership Project ATM Asynchronous Transfer Mode BGCF Border G

28、ateway Control Function BGF Border Gateway Function BGP Border Gateway Protocol CC Country Code CP Communications Provider CSCF Call Session Control Function DNS Domain Name System ENUM Telephone Number Mapping FQDN Fully Qualified Domain Name GSMA Global System for Mobile Communications (GSM) Assoc

29、iation GTP GPRS Tunnel Protocol HTTP Hyper Text Transfer Protocol IANA Internet Assigned Numbers Authority I-CSCF Interrogating - Call Server Control Function IDNA Internationalized Domain Names for Applications IMS IP Multimedia sub-system IP Internet Protocol IPSec Internet Protocol Security IPv4

30、Internet Protocol Version 4 IPv6 Internet Protocol Version 6 IPX IP Packet eXchange MGCF Media Gateway Control Function MMS Multimedia Messaging Service NAI Network Access Identifiers NAPTR Naming Authority PoinTeRNGN Next Generation Network NP Number Portability NS Name Server P-CSCF Proxy - Call S

31、ervice Control Function PLMN Public Land Mobile Network QoS Quality of Service RTP Real-Time Transport Protocol S-CSCF Server - Call Session Control Function SEG Security gateway SIP Session Initiation Protocol SIP(S) Session Initiation Protocol (Secure) SLA Service Level Agreement SMTP Simple Mail

32、Transfer Protocol SOA Start Of Authority TCP Transport Control Protocol UDP User Datagram Protocol UPSF User Profile Server Function ETSI ETSI TS 184 010 V3.1.1 (2011-08)10URI Uniform Resource Identifier VPN Virtual Private Network 4 Description and Assumptions 4.1 Introduction DNS/ENUM can be used

33、in an ETSI TISPAN compliant environment to support E.164 number resolution and number portability. Due to TR 184 003 i.3 DNS/ENUM can be used to support number portability between operators of NGNs by using a shared infrastructure or operator local infrastructure (non-root approach). The present doc

34、ument describes the usage of DNS/ENUM in a shared infrastructure. Nevertheless some general DNS/ENUM protocol requirements are also applicable in a provider local DNS/ENUM infrastructure. An inter-operator IP backbone network provides a method of supporting interconnectivity of IP based services and

35、 interconnection between different IMS based IP networks. Many, if not all, of these services rely upon DNS. Therefore, it is of utmost importance for the interworking and stability of such services that operators have all the necessary information to hand to ease configuration of their DNS servers

36、that are connected to the Interoperator IP backbone network for each IP based service provided. The present document consists of an overview of DNS in relation to the successful interworking of fixed network services, the configuration of DNS servers, and procedures that would assist in the configur

37、ation and usage of domain names and DNS Servers within an inter-operator IP backbone network. This network is viewed as a key enabler for the support of full interconnectivity between communications providers. Whilst competing, Communications Providers deploying Next Generation Networks have the com

38、mon objective of delivering traffic to each other in a profitable and cost effective manner. This will enable their customers to realise the full value of these services and comply with regulatory conditions that are applied to these services/networks. The common protocol for these networks is IP. T

39、wo basic possibilities exist for Interconnection between communication providers on the network layer as specified in ES 282 001 18: Direct connection between two NGN Communication Providers on a bilateral basis (e.g. often using leased lines and VPN connectivity). Indirect Connection via an Interop

40、erator IP backbone network which facilitates interconnectivity for Communication Provider networks. Such indirect interconnection is isolated from the Internet. Security rules are defined to prevent unintended access to it. These two options are not mutually exclusive and it is a commercial decision

41、 which method Communications Providers use. The benefits of connectivity via an IPX include the ability to reach different interworking partners across the globe via one connection. These two options are not mutually exclusive and it is a commercial decision which method Communications Providers use

42、. The benefits of connectivity or “session-based“ services via an Interoperator IP backbone provider include the ability to reach different communication providers using a single network connectivity agreement. To ensure interoperability of all Communications Providers connected to the Interoperator

43、 IP backbone network will need to adhere to a set of common rules. These include rules regarding architecture functionalities, protocols, numbering and IP addressing resolution mechanisms, routeing, security, QoS, etc. The Interoperator IP backbone provider does not offer “services“ to end users, bu

44、t offers pure IP connectivity or session-based service interconnection to Communications Providers, and may provide transport functions required to enhance that interconnection, for example ENUM in the case of using UDP as transport protocol the DNS/ENUM client must support RFC 2671 15 to extend DNS

45、 the limitation of 512 octets in size when DNS protocol messages are sent over UDP; ETSI ETSI TS 184 010 V3.1.1 (2011-08)15 to ensure a basic level of security the DNS/ENUM client must support RFC 5358 16 and RFC 5452 17. 4.4.7 Security Issues In order to maintain proper level of security within the

46、 Interoperator IP backbone network certain requirements for operators and backbone providers should be taken into account. It is strongly recommended that operators should implement firewalls adjacent to Border Gateways. Generally operators should allow only routing information (BGP), GTP traffic, s

47、ignalling, DNS, SMTP and SIP(S) traffic. However, also traffic related to IMS user plane (such as RTP and HTTP) should be allowed due to IMS interworking. Therefore, due to potentially numerous new protocols introduced by IMS interworking, there should not be any kind of restrictions on the used pro

48、tocols or port numbers with in the inter-operator IP backbone network. It is important to note that also firewalls must support IPv6 when IPv6 is used. Security gateways (SEGs) should be used at the border of an operator network. IPSec tunnels between CSCFs are not needed, if the Interoperator IP ba

49、ckbone network itself provides comparable level of security such as IPSec tunnel. SEG should be responsible for enforcing security policies for the inter-network traffic; all incoming an exact copy of the master. Tier-1: Delegates a particular E.164 number or a block of numbers to a network operator-defined Tier-2 server. “Where can I get information about a particular E.164 number or block of numbers?“ Tier-1 is basically country level i.e. every single country needs to have their own ENUM Tier-1 server. The ENUM Tier-1 server