1、 AMERICAN NATIONAL STANDARD FOR TELECOMMUNICATIONS ATIS-1000026.2008(R2013) Session Border Controller Functions and Requirements As a leading technology and solutions development organization, ATIS brings together the top global ICT companies to advance the industrys most-pressing business prioritie
2、s. Through ATIS committees and forums, nearly 200 companies address cloud services, device solutions, emergency services, M2M communications, cyber security, ehealth, network evolution, quality of service, billing support, operations, and more. These priorities follow a fast-track development lifecy
3、cle from design and innovation through solutions that include standards, specifications, requirements, business use cases, software toolkits, and interoperability testing. ATIS is accredited by the American National Standards Institute (ANSI). ATIS is the North American Organizational Partner for th
4、e 3rd Generation Partnership Project (3GPP), a founding Partner of oneM2M, a member and major U.S. contributor to the International Telecommunication Union (ITU) Radio and Telecommunications sectors, and a member of the Inter-American Telecommunication Commission (CITEL). For more information, visit
5、. AMERICAN NATIONAL STANDARD Approval of an American National Standard requires review by ANSI that the requirements for due process, consensus, and other criteria for approval have been met by the standards developer. Consensus is established when, in the judgment of the ANSI Board of Standards Rev
6、iew, substantial agreement has been reached by directly and materially affected interests. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort be made towards their re
7、solution. The use of American National Standards is completely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not, from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming to the standards. The
8、 American National Standards Institute does not develop standards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the name of the American Natio
9、nal Standards Institute. Requests for interpretations should be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedures of the American National Standards In
10、stitute require that action be taken periodically to reaffirm, revise, or withdraw this standard. Purchasers of American National Standards may receive current information on all standards by calling or writing the American National Standards Institute. Notice of Disclaimer and call/session control,
11、 bearer/media, and OAM To an Enterprise Network; To a Transit Network; To a Residential Customer Network; To an Access Network; To an Application Network. ATIS-1000026.2008 2 This Standard defines the SBC functions and requirements for the above interface types. The physical realization of the funct
12、ions will vary depending on implementations and deployments. The unification and/or distribution of the functions will depend on scale, operational and application needs. The SBC functions include (but are not limited to): Access admission and resource policy enforcement Firewall Topology hiding Tra
13、ffic monitoring and shaping QoS marking and mapping Priority marking and mapping Protocol normalization and or repair Protocol interworking (e.g., SIP and H.323) IPv4/IPv6 interworking Signaling transport protocol interworking NAT traversal Transcoding and DTMF interworking Media and/or call/session
14、 control signaling encryption and decryption Support of Lawful Intercept Support of Emergency Telecommunications Service (ETS) Authentication, Authorization and Accounting (AAA) Privacy and Identity control VPN bridging or mediation Protect against DoS attacks User/endpoint registration. The main se
15、ctions of the document are: Section 6, Deployment Area: defines logical relationships at the call/session control and bearer/media layers. Section 7, SBC Functions: defines the functions related to the call control signaling path and media path. ATIS-1000026.2008 3 Section 8, SBC Requirements: defin
16、e the requirements on the functions independent of the physical realization. Section 9, Composition of SBCs: provides the rationale for SBCs. Section 10, Mapping to ATIS NGN Architecture: identifies the architecture functional entities that perform SBC functions for the media and signaling paths. 3
17、NORMATIVE REFERENCES The following standards contain provisions which, through reference in this text, constitute provisions of this American National Standard. At the time of publication, the editions indicated were valid. All standards are subject to revision, and parties to agreements based on th
18、is American National Standard are encouraged to investigate the possibility of applying the most recent editions of the standards indicated below. 3.1 ATIS References1 ATIS-1000009.2006, IP Network-to-Network Interface (NNI) Standard for VOIP ATIS-1000018.2007, ATIS NGN Architecture. ATIS-1000020, E
19、TS Packet Priority for IP NNI Interfaces Requirements for a Separate Expedited Forwarding Mechanism. ATIS-1000678.2006, Lawfully Authorized Electronic Surveillance (LAES) for Voice over Packet Technologies in Wireline Telecommunications Networks, Version 2. 3.2 ITU References2 Supplement 1 to ITU-T
20、Recommendation Y.2012, Session/Border Control (S/BC) Functions. ITU-T Recommendation H.323, Packet-Based Multimedia Communications Systems. ITU-T Recommendation H.248, Gateway Control Protocol. 3.3 IETF References3 RFC 3261, SIP: Session Initiation Protocol. 1This document is available from the Alli
21、ance for Telecommunications Industry Solutions (ATIS), 1200 G Street N.W., Suite 500, Washington, DC 20005. 2This document is available from the International Telecommunications Union. 3This document is available from the Internet Engineering Task Force (IETF). ATIS-1000026.2008 4 RFC 3262, Reliabil
22、ity of Provisional Responses in the Session Initiation Protocol (SIP). 4 DEFINITIONS Border B2BUA: A border back-to-back user agent (B2BUA) is a SIP B2BUA that performs IP network border functions in its reformulation of SIP messages. These functions include NAT/NAPT editing of IP address, port numb
23、er of the call/session, and application content of SIP messages. They may also include media relay resource assignments with corresponding execution of control functions that establish NAPT building in the media relay. CAC (Connection/Call Admission Control): CAC is the set of actions taken by a net
24、work during the call/session set-up phase in order to determine whether a connection request should be accepted or rejected. DoS (Denial of Service): DoS is the prevention of authorized access to resources or the delaying of time-critical operations, or the result of any action or series of actions
25、that prevents any part of an information system (IS) from functioning. Firewall: A system designed to protect a network from unauthorized access. NAT: Network Address Translation (NAT) is a method of converting one IP address space to another IP address space. It is primarily used to interface the i
26、nternal (private) IP address space of a network with the global (public) address space of the Internet. NAPT: Network Address and Port Translation (NAPT) is a method of converting one IP address space and port number to another IP address space and port number. It is primarily used to interface the
27、internal (private) IP address space/port number of a network with the global (public) address space/port number of the internet. NNI (Network to Network Interface): NNI is the border interconnection between two carriers. UNI (User to Network Interface): UNI isthe border interconnection between the c
28、arrier and its customers. Session Border Controller (SBC) Functions: SBC functions is a set of functions that enables interactive communication across the borders or boundaries of disparate IP networks. It provides calls/sessions of real-time IP voice, video and other data across borders between IP
29、networks and provides control over security, quality of service, service level agreements and other functions using IP signaling protocols. SIP B2BUA: A SIP back-to-back user agent (B2BUA) is a concatenation of a SIP User Agent Client (UAC) and User Agent Server (UAS). The IETF defines the B2BUA in
30、RFC 3261 as “a logical entity that receives a request and processes it as a user agent server (UAS). In order to determine how the request should be answered, it acts as a user client (UAC) and generates requests. Unlike a proxy server, it maintains dialog state and must participate in all requests
31、sent on the dialogs it has established. Since it is a concatenation of a UAC and UAS, no explicit definitions are needed for its behavior”. (UAC and UAS behavior is defined in RFC 3261.) A B2BUA reformulates messages before sending them as new requests. ATIS-1000026.2008 5 Transcoding: Transcoding r
32、efers to the conversion of a data stream from one format to another. Examples include conversion from one codec standard (e.g., G.711, G.729) to another, or from one video compression standard (e.g., MPEG-1, H.264) to another. 5 ABBREVIATIONS This document uses the following abbreviations: AAA Authe
33、ntication, Authorization, and Accounting A-BGF Access Border Gateway Function ANI Application Network Interface AS Application Server ATIS Alliance for Telecommunications Industry Solutions B2BUA Back-to-Back User Agent BFE Bearer Functional Entity BGCF Breakout Gateway Control Function BGP Border G
34、ateway Protocol CAC Call (or Connection) Admission Control CC Call Content CCFE Call Control Functional Entity CCSP Call Control Signaling Path CDR Call Data Record DDoS Distributed Denial of Service DoS Denial of Service DSP Data Services Platform DTMF Dual Tone Multiple Frequency ETS Emergency Tel
35、ecommunication Service GW Gateway HSS Home Subscriber Server I-BGF Interconnection Border Gateway Function I-CSCF Interrogating Call Session Control Function IBCF Interconnection Border Control Function ID Identifier IETF Internet Engineering Task Force IMS Internet Protocol (IP) Multimedia core net
36、work Subsystem IP Internet Protocol IPSec Internet Protocol Security IPv4 Internet Protocol version 4 IPv6 Internet Protocol version 6 ISUP ISDN User Part IWF Interworking Function MGCF Media Gateway Control Function ATIS-1000026.2008 6 MIME Multipurpose Internet Mail Extension MP Media Path MRFC Mu
37、ltimedia Resource Function Controller MRFP Multimedia Resource Function Processor MS Media Server NAPT Network Address and Port Translation NAT Network Address Translation NGN Next Generation Network NNI Network to Network Interface OAM o Remove the ISUP MIME body on a per route/address basis. Routi
38、ng: The SBC shall support layer 4 routing based on call/session control information. Authentication and Authorization: The SBC shall support authentication and authorization functions. Call Detail Recording: The SBC shall be capable of producing CDRs based on call/session control information (e.g.,
39、SIP/SDP). These CDRs can be used to manage the network and for SLA auditing. IPv4/IPv6 Interworking: The SBC shall perform IPv4/IPv6 IP address translation. The IPv6 network is responsible for performing the address translation. Transcoding: The SBC shall support transcoding. Encryption: The SBC sha
40、ll support encryption. Security Control: The SBC shall enforce security policy for call/session control signaling across UNIs and NNIs. 8.1 Requirements related to the Media Path Access Admission Control and Resource Policy Enforcement: The SBC shall support access admission control and resource pol
41、icy enforcement for directly connected links, and optionally for networks that are not directly connected. ATIS-1000026.2008 14 Access Admission Control and Resource Policy Enforcement: The SBC shall support bandwidth allocation based on access admission control and resource policy enforcement. Acce
42、ss Admission Control and Resource Policy Enforcement: The SBC shall support Call Admission Control (CAC) functions and Session Admission Control (SAC) functions based on either bandwidth restriction and/or on maximum number of simultaneous calls/sessions restrictions and on either an interface or lo
43、gical group basis. o The SBC shall monitor the total rate of all incoming requests, from and to any endpoint. o Each SBC shall be configured with a maximum permissible rate and it shall reject additional requests that would cause it to exceed the rate limit, thereby preventing network congestion and
44、 DoS and DDoS attacks. o The SBC shall support configuration of rate limit of VoIP signaling messages (e.g., Notify messages), either per call/session/port/subscriber/group of subscriber/network/customer VPN or a global limit. o The SBC shall support configuration of rate limit per message type, eit
45、her per call/session/port/subscriber/group of subscriber/network/customer VPN or a global limit. o The SBC shall support configuration with maximum concurrent call/session limit to prevent total network resource use from exceeding the maximum capacity, and to prevent subscribers from exceeding their
46、 SLAs. The limit can be based on per call/session/port/subscriber/group of subscriber/network/customer VPN or a global limit. Access Admission Control and Resource Policy Enforcement: The SBC shall monitor bandwidth usage and availability and inform the Call/Session Admission Control (C/SAC) functio
47、n. Access Admission Control and Resource Policy Enforcement: At minimum, the SBC shall support access control based on IP address of the incoming packet. In addition, resource policy enforcement may be applied. Access Admission Control and Resource Policy Enforcement: The SBC shall always permit eme
48、rgency service calls/sessions to terminate. Topology Hiding: The SBC shall support topology hiding, performing NAT/NAPT function by rewriting the source/destination IP addresses in the case of NAT and as well as source/destination port numbers in the case of NAPT. Firewall: The SBC shall support the
49、 opening and closing of pinholes for media streams based on instructions from call/session control firewall function. Firewall: The SBC will support identification and call admission control of a target IP flow. The IP flow is identified by “5-tuples”, e.g., source/destination IP addresses, source/destination port number and protocol identifier. The corresponding pinhole is then opened to allow the pass through of the IP flow. ATIS-1000026.2008 15 Protection Against DoS