Access Session Border Controller (A-SBC)

• March 2017
Module 1

UAG A-SBC Overview

Mavenir Unified Access Gateway (UAG)
• Mavenir UAG provides secure access to operator services from a range of IP devices as IMS and Web service.
• It allows operators to leverage the IMS core as a single consolidated services core for all access domains and devices
of all types. Operators can provide ubiquitous access to their services which includes voice, video, and messaging from
anywhere and from any device.
• It is a network edge element which can provide secure access to various types of devices and peer networks
connecting into an operator’s network and manage their interoperability with the service assets within the network.
• It offers highest degree of protection to Core network by eradicating malicious traffic while maintaining a high
throughput, low latency fast path.
Mavenir UAG – Key Benefits (1/2)
• Unified Access Management:
• As a network edge element, the UAG can handle all of an operator’s service access needs; from managing IMS
clients to serving various Web devices.
• The UAG provides a single common integrated access and service management platform that handles a variety of
access network types and devices.
• Network Interconnect:
• UAG platform can be deployed to handle service interworking with various other networks.
• The UAG supports IMS interconnect while serving as an IBCF, and can also handle various SIP trunking and
peering networks.
• Strong Security and Authentication:
• The UAG platform is built with strong security features that not only protect the user session and media, but also
defend the operator network from external security threats.
• The various authentication options enable operators to easily deploy new services including web-based services.
Mavenir UAG – Key Benefits (2/2)
• Service Reliability:
• The UAG ensures reliable network access for all access devices it serves and enforces QoS as specified by the
operator. The UAG is capable of enforcing bandwidth and signalling rate limiting policies, thereby safe-guarding
service availability and protecting against network overload.
• Interoperability:
• The UAG is a multi-protocol, programmable platform that provides flexible interworking between SIP and HTTP
networks.
• Each SIP based network has its own signalling and media requirements and the UAG is able to handle
interoperability among such networks using the powerful and flexible SIP configuration and media adaption policies.
• The UAG readily provides interworking between IP4 and IPv6 protocols. Transcoding can be applied whenever
required, enabling operators to deliver consistent services across different types of networks.
• Service Reliability:
• The UAG ensures reliable network access for all access devices it serves and enforces QoS as specified by the
operator.
• The UAG is capable of enforcing bandwidth and signalling rate limiting policies, thereby safe-guarding service
availability and protecting against network overload.
Mavenir UAG - Block Diagram (1/2)

ATCF/ ePDG I-SBC

WebRTC PGW
ATGW
(5.6) (5.3) (5.1) (4.3) (4.5)
A-SBC
(4.6 Rel @ Cellcom)

Fault Performance
Unified Access Gateway
Accounting Security
Configuration
Mavenir UAG - Block Diagram (2/2)
• A-SBC/P-CSCF - The Proxy-CSCF is the first contact point within the IMS network. The P-CSCF accepts requests and
services them internally or forwards them on. The UAG P-CSCF also supports IMS-ALG and IMS-AGW function as
described in TS 23.334. P-CSCF along with IMS-ALG and IMS AGW is called Access-SBC (A-SBC).
• ePDG – The evolved Packet Data Gateway (ePDG) is a 3GPP compliant solution for enabling secure connection
between devices and the mobile operator’s Evolved Packet Core (EPC) over an untrusted non-3GPP access network.
• PGW – The Packet Data Network Gateway (PGW) is 3GPP compliant Evolved Packet Core (EPC) network element,
which anchors network mobility while functioning as the termination point of the packet data network interface towards
internal and external Packet Data Networks (PDNs).
• WebRTC GW – The WebRTC Gateway acts as a bridge between Web and mobile operator networks allowing mobile
operators to extend their communication services to the Internet. The Gateway provides interworking between IMS
services and WebRTC clients. It can also enable real time communication interworking between various Web based
communities and the mobile operator network.
• ATCF/ATGW – It provides functions of IMS ATCF/ATGW particularly used in the SR VCC implementation used in LTE
voice network.
Mavenir UAG - Block Diagram – Functionality Level

PGW/ PCSCF/ PCSCF/

PCSCF/ ATCF/IBCF/ ATCF/IBCF/ PCSCF/
PCSCF/
ATCF/IBCF/ TRF/ TRF/ IBCF/ IBCF (2.1)
TRF/ ECSCF/ ECSCF/
ECSCF/ LRF/EATF LRF ATCF (4.0)
IBCF (2.2)
PCSCF LRF (5.6) (4.5) (4.1)
(2.1)
(4.6 Rel @ Cellcom)

Fault Performance
Unified Access Gateway
Accounting Security
Configuration
General Purpose of UAG
• Mobility—UAG facilitates IMS capable mobile handset to register with IMS core including authentication procedures.

• Call control—UAG facilitates appropriate SIP signaling between mobile handsets and IMS core for call control
procedures. UAG(I-SBC) facilitates SIP interconnect functionality between VoIP (Voice over Internet Protocol) peers.

• Media management—UAG facilitates media managing capabilities to control the RTP (Real Time Protocol) media
transfers between the mobile devices or VoIP peers.

• Lawful Interception—UAG facilitates interception of signaling and media of intended targets.

IMS Network Architecture

CONTENT
mStore National XDMS
FTP
Voice/Video Script NPDB DND db (CAB)
AntiSpam
Mail AS
N FTP
CRBT Ut (XCAP)
MNP Script
E APPLICATION Diameter
(SMS)
T SIP/
ENUM XCAP Bi
W DND MRF Billing
O RMS
R REST RCS AS + CTAS
(RCS) MSML
IP-SM-GW) ISC
K
ISC PRS Ro
OCS
Sh/LDAP Ma
M
A DND Sh or Zh Ut (XCAP)
N IP SMSC LDAP,
CONTROL

MAP X1,X2
A SMS-GW Combo I/S-CSCF
HSS/HLR
G Cx BGCF AP/AG LI
E MAP Mw Mg
Diameter
M LI MLP MGCF
E MGCF/
UAG Interfaces
SIP or MGw
P-CSCF/A-SBC GMLC/
N GMSC/STP ENUM
I-SBC, IBCF,E-CSCF LRF
DRA
T ISUP/MAP PCRF
Rx
Partner Public Internet
Gm
S Legacy Using either Wifi or
Network MSC
Y MSC MAP BB Access
EIR SMSC SMSC
WiFi ISUP
ACCESS

S EPC HTTP
A/Iu EPC FTTx Ut
T S13 REST
2G/3G HSS
E Gm
RAN Gm
M Gm
Mingle CPS
IMS other
Native Client
Client PSTN UE
Native
UE UE UE
UE
Mavenir Components Existing or new Components provided by RIL, or
interconnecting mobile network
IMS Network Architecture
• User/Media Plane
• Provide routing for the User Traffic from Source to Destination.
• Provide Transcoding and Media Adaptation.
• Partially controlled by IMS Network through MGCF (Media Gateway Control Function) and AGCF (Access Gateway
Control Function).
• Control Plane
• Provide Session Routing
• Only Signaling Traffic go through
• Provide IMS Subscriber Registration
• Service Plane
• Add more services to the IMS Subscriber
• Provide the Logic for IMS Sessions
• Subscriber profile Storage
• Charging
IMS Network Issues
From IMS Network Architecture, we can notice that IMS Network has a number of issues
• Many Access Points
• Security Issues
• Connectivity issues
• Regulatory Issues
• Media Services Issues
• IP4/IP6
IMS Security Issues
• IMS is a network accessed by users from several access networks, hence the security is a very important issue.
• There are several Security threats to the IMS Network, such as
• Malicious attacks (DoS attack, DDoS)
• The IMS faces the threat of Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks from
several sources
• Numerous powerful UAs (User Agents) can flood the IMS with requests thereby denying service to
uncompromised customers
• Gateway attacks
• IMS gateways are arguably the most vulnerable hosts in the network due to their exposure to the public
• Network Topology is open Outside
• Several IMS Gateways are exposed to outside networks including their IP Addresses
• Toll Fraud
• As a Service over IP users may in several ways fraud the operator when they know the IP Addresses of each
other
• Encryption of Signalling an Media
IMS Connectivity Issues
Connectivity issues in IMS
•NAT (Network Address Translation)
• The difficulty to apply NAT on both Control Plane and User Plane IP addresses.
•SIP Normalization
• The possibility to manipulate the SIP Header and SIP body
•IPv4 to IPv6 Interworking
• UA can have an IPv6 while the IMS Network is operating on IPv4
•VPN Connectivity
• The UA may access the IMS from a VPN Connection
•Protocol Translation
• Different SIP versions
IMS Regulatory Issues
IMS Network has to be Regulated by the Government Organizations and therefore should provide some regulatory
functions
•Emergency call support
• User should be able to make an emergency call
• Emergency call should be prioritized over others
•Lawful Interception
• IMS Network should provide the possibility to Lawfully intercept the User Actions
• should be provided for both Signalling and Media
IMS Quality of Service (QoS) Issues
IMS serves a wide range of subscribers who access multiple different services of IMS that lacks QoS
•Traffic policing
• Assign to every user policy like bandwidth, service, and others and also verify that user is respecting that policy.
•Resource Allocation
• IMS user may use several services simultaneously and needs resources to be allocated according to the
requested service and QoS
•Call Admission Control (CAC)
• To prevent over subscription in IMS, CAC is used in session setup phase
• CAC Rejects SIP session depending on the load of the NE (Network Element) and the usage of Bandwidth
•Rate Limiting
• To control the rate of sessions open by the UA
How do we resolve the above mentioned issues?

Session Border Controller

A session border controller (SBC) is a dedicated hardware device or software application that governs the manner in
which phone calls are initiated, conducted and terminated on a Voice over Internet Protocol (VoIP) network.
 Peer network
Evolution of SBC Interconnect
IPX
Interconnect
SBC SBC

Interconnect
SBC

Trunking IMS ICS

SBC Core GW

Access WebRTC
Enterprise SBC GW
PBX
SBC
R4
Company network Subs
IMS Web
Subs Subs
Session Border Controller
In Order to resolve some of the issue in the IMS Network Session Border Controller (SBC) is introduced.
•Depending on its location in the network SBC can be:
• I-SBC (Interworking)/IBCF
• A-SBC (Access)
UNI NNI

Access Network Peer Network

UEs Service Providers

IMS Peer Service
Provider
UAG CN UAG UAG
A-SBC I-SBC I-SBC
NNI Architecture - Positioning of A-SBC

Clean Side
Dirty Side Dirty Side

UEs
Service Providers
IMS Peer Service
Provider
UAG CN UAG UAG
A-SBC I-SBC I-SBC

Virtual Routing Domain # 0 Virtual Routing Domain # 2

Virtual Routing Domain # 1
A-SBC in Mavenir UAG Network Architecture
Universal Access Gateway

Signaling/Control Plane Node

I-CSCF/S-CSCF Mw PROV
P-CSCF
SYS
Media/User Plane Node
IMS n/w IBCF Mx IBCF
Media Resource Allocation

eMSC IMS-ALG
I2 Transcoding
LRF ATCF
Ml STUN
NAT/ICE/STUN
BGCF SRV
Iq(H.248)/SIP-MSML
MGCF Mi E-CSCF
Mg RTP/SRTP

EATF
PSTN MSRP Handler Rf CCF
ADMF X1
LI
X2 LI X3 DF3
DF2
Charging
Rf
CCF

Rx QoS/Bandwidth
PCRF

NAT

TRF

LRF

Security – SIP/TLS, SIP,HTTP/WebSockets, MSRP/TLS, IP-Sec, SRTP, IMS AKA, Digest, DoS

3G WiFi Access/Internet LTE

Clients
UAG Network Architecture
• UAG either acts as A-SBC/P-CSCF or I-SBC/IBCF but not both the roles simultaneously. The ATCF/ATGW functionality
is integrated within A-SBC/P-CSCF and it is deployed as a standalone node, if required.
• The UAG network architecture has control and user planes as two different boxes but in reality it could be deployed in a
single node.
• The Control Plane/Signalling box shows all possible applications that can reside on UAG.
• The User Plane/Media Plane box shows the basic functionalities that are mainly related to resource management.
• The Interface Between the Control Plane and the User Plane is the Standards Based H.248 Protocol
UAG Network Architecture Elements
• A-SBC/P-CSCF: UAG can be configured to support the role of an A-SBC/P-CSCF node. It implements the P-CSCF
behaviour compliant to 3GPP TS 24.229. UAG, acting as P-CSCF, is the first contact point within the IM CN subsystem
whose address is discovered by standard procedures.
• I-SBC/IBCF: UAG can be configured to implement the role of an Interconnection Border Control Function (IBCF)
Session Initiation Protocol (SIP) border gateway, both handling requests across a network border between IP
Multimedia Subsystem (IMS) core networks.
• ATCF: The Access Transfer Control Function (ATCF) and the Access Transfer Gateway (ATGW) is a function in the
serving network. When SRVCC enhanced (eSRVCC) with ATCF is used, the ATCF is included in the session control
plane for the duration of the call that is, before and after Access Transfer.
• E-CSCF: E-CSCF network node is responsible for processing and routing emergency calls in the IMS network.
• EATF: The Emergency Access Transfer Function (EATF) provides IMS-based mechanisms for enabling service
continuity of IMS emergency sessions. It is a function in the serving (visited if roaming) IMS network, that provides the
procedures for IMS emergency session anchoring and PS to CS Access Transfer. The EATF acts as a routing B2BUA
which invokes third party call control (3pcc) for enablement of Access Transfer.
• LRF: The LRF functionality in UAG can be co-located with other entities like P-CSCF, ATCF, I-SBC, WebRTC, E-CSCF
etc, which can be controlled by configuration or standalone entity. The interface between LRF and other entity can be
optimized to in case it is co-located with others for node performance.
Note: These Network Elements/Nodes are explained in different modules, which can be opted as separate Trainings.
UAG Network Interface
STUN OAUTH
PROV SYS CCF BD PCRF
SERVER RES SRV

STUN Rf Bi Rx HTTP(S)
LIMS

HTTP/SIP X1 AMDF
WebSockets
Gm Universal Access Gateway
X2 DF2
(Mavenir Access Product - UAG)
UE NAT
X3 DF3
(S)RTP P-CSCF E-CSCF/EATF ATCF/ATGW WebRTC GW I-SBC
MSRP
ENUM ENUM

Mg Mi Ici I2 Mw Mw

MGCF BGCF IBCF ICS MSC S-CSCF I-CSCF

UAG Interfaces (1/2)
Network Node Interface Protocol

UE - UAG Gm SIP over UDP/TCP/TLS

UAG(A-SBC) - I/S-CSCF Mw SIP over UDP/TCP, SCTP, TLS/SCTP

RTP /SRTP over UDP
UE – UAG (Media) Gm
MSRP over TCP/TLS
UAG – MGM (Media)
Mb RTP over UDP
MGW<->I-SBC, I-SBC<->P-CSCF
UAG – RCS server (Media) NA MSRP over TCP

UAG - LIMS X1 SOAP over TCP

UAG - LIMS X2 TLS

UAG - LIMS X3 UDP

UAG Interfaces (2/2)

Interface Description
• The Mx interface is used between the UAG, acting as I-SBC, and I/S-CSCF. For terminating scenarios, the requests
can be routed by I-CSCF towards I-SBC over Mx interface.
Mx • The Mx interface is used between P-CSCF and I-SBC. Ideally, this interface is used when P-CSCF and
I-SBC are deployed separately, which is the case in all Mavenir UAG deployments. This interface is realized using
SIP protocol.
Rf Offline charging using DIAMETER protocol
The Rx interface is used to exchange application level session information between the Policy and Charging Rules
Rx
Function (PCRF) and the Application Function (AF).
The Mg interface is used between E-CSCF and MGCF. It allows the MGCF to forward incoming SIP/SDP messages
Mg that the MGCF has interworked from the CS Network to the E-CSCF. The protocols used on the Mg interface are SIP
and SDP.
UAG Functional Blocks
UAG is divided in two functional Blocks:
•UAG-Control Plane
•UAG-User Plane
• Data Plane
• Media Plane

Note: H.248 is shown as interface protocol between control and user plane as an illustration but is not mandated.
UAG-Control Plane
The UAG-CP include the following:
•A-SBC for Control Plane
• Provide all the control plane A-SBC functions like CAC, Policing, NAT traversal, Header Manipulation and others
• Placed on the border of the Network from the UA side
•I-SBC for Control Plane
• Provide all the security functions toward other Telecom Network
• Placed on the Border of IMS from the Network to Network Side
•P-CSCF
• It is the first contact point within the IMS CN subsystem. It behaves as an outbound proxy for the UE.
UAG-Control Plane
• ATCF
• Used with SRVCC
• Allow the access transfer
• Control the media led during access transfer
• WebRTC
• Provide the HTTP client initialization
• Translate HTTP session requests into SIP
• LRF
• Provide routing information during an emergency call
• EATF
• Provide the same service as ATCF for an emergency session

Note: These nodes are explained in detail in different modules.

UAG-User Plane
• UAG-UP includes the following:
• Data Plane
• The Data Plane verifies and filters media agnostic data traffic.
• Media Plane
• The media plane primarily deals with the media flowing through the UAG .
• It is important to maintain this separation because in distributed deployment, the data plane with control plane specific
traffic functions and will be co-located with the control plane.
UAG-User Plane Functional Diagram
User plane IP-to-IP pipelining
UAG-User Plane Functional Diagram
• The UAG-User Plane is responsible for all kind of packet traffic traversing through the UAG. The user plane data path
functions include both media related and media agnostic function.
• Any packet entering the system has to undergo packet filtering checks and packet inspections.
• After initial verification, the media packets take media processing path and non-media packets take media agnostic
path.
• The result of the processing is for another packet that has to go out of UAG on same or different side network.
• The egress side policy requires header processing and possibly filters such as rate limiting queues.
UAG-User Plane Interface
• CP Traffic: Traffic between control plane and data plane
• Control Channel: Communication channel between control plane and user plane
• In-Band Traffic: This is the collective traffic coming in and out of UAG
network interfaces in private and public network(s).
• Out of Band Redundancy: The out-of-band redundancy link will allow
UAG-UP to sync its state with the redundant UAG-UP such that in CP Traffic Control Channel
event of failure the redundant UAG-UP can seamlessly take over
the traffic maintaining session continuity for the existing sessions
and continuing ability to establish new sessions. In-Band Traffic In-Band Traffic
UAG-User Plane

OOB Redundancy
Mavenir UAG Deployment Models
The two deployments models for the UAG are:
•Unified UAG: It is all-in-one box solution. That is, all the functional elements of
Control plane and User plane are co-located.
There is one-to-one mapping between number of Control Planes and number of
User planes.
•Distributed UAG: In this model, Control plane and User plane are placed on
different boxes.
This helps to achieve higher capacity at lower hardware cost.
The Control Plane and the User plane are uniquely addressable network
elements.
This also opens up the possibility of single UAG-CP managing multiple UAG-UP.
Unified UAG with Redundancy
Distributed UAG with Redundancy
UAG Control Plane Features
The Control Plane features of UAG:
•Topology hiding
• UAG work as B2BUA hiding the IMS Network Topology from the external World
• UAG is the IMS Network for external and it is UA for Internal IMS
•Translations
• Enable to Create Translation Profiles for S-CSCF, I-CSCF and GM
•HMR (Header manipulation rules)
• Allow to Add, Remove, or Modify SIP Header
•Lawful Interception (LI)
• Give the possibility to configure the Lawful Interception and to Forward Intercepted Control Plane to the Regulator
•Charging
• The UAG acts as CTF (Charging Trigger Function) in the network by performing the role of accounting metric
collection point.
•IMS-ALG
• IPv4 to IPv6 translation on SIP and SDP (Session Description Protocol)
UAG User Plane Features
The User Plane features of UAG, to achieve a secure and efficient data path:
•DoS attack Prevention
•Session Admission Control (SAC)
•Pinhole Management
•NAT Traversal using Latching
•Media Plane Security
•Quality of Service (QoS)
•UAG-UP Protocol Translation
•Lawful Interception (X1, X2, X3)
•UAG-UP Redundancy