muse winter school 2007 residential gateways for multi-play services alex de smedt - thomson muse...

MUSE Winter School 2007

Residential Gateways for Multi-play Services

Alex De Smedt - ThomsonMUSE Winter SchoolBB Europe AntwerpDecember 6th, 2006

RGW for Multi-play Services — 2 MUSE Winter School - Dec 2007 Antwerp

Contents

Triple play – multiplay – FMC

Reference modelling

Conceptual Block diagram

Data plane – Bridging, firewalling, QoS

Control communication – authentication, IP connectivity, IMS/SIP

User types and dedicated access

The co-located hotspot case

Management communication – remote and local management

Parental control use case

Conclusions

RGW for Multi-play Services — 3 MUSE Winter School - Dec 2007 Antwerp

Terminology

Residential gateway: First box in the ‘house’ connected to the fixed broadband network, and performing interfacing to the line and some kind of switching (on Ethernet or IP layer)

Triple play - Quad play – Multi-playTriple: 3 media of multimedia data + voice + videoQuad: add Fixed Mobile Convergence (Mobile, hotspot)Multi: add also IMS, multimedia storage, media stream

redirections, secure streams, internal adapters, enablers and extended management

RGW for Multi-play Services — 4 MUSE Winter School - Dec 2007 Antwerp

The triple play box

RGW

Devices – terminals – user equipment – consumer equipment

Data

Audio

Video

Ethernet/IPnetwork

Internet

VoIP Phone

RGW for Multi-play Services — 5 MUSE Winter School - Dec 2007 Antwerp

About multimedia

What media is a downloaded movie?

So why do you think audio and video are separated from data?

Name two more important types of ‘communicated’ information

RGW for Multi-play Services — 6 MUSE Winter School - Dec 2007 Antwerp

Bandwidths: what can we get through?

802.11g: 54Mbits/s (shared)

802.3: 100 MBits/s (shared)

Access line: e.g.ADSL2: 24 Mbit/s downstreamBottleneck

How much channels can we get through over the access line?• Voice (64kbit/s)• Standard TV channel (1,5 Mbits/s)• HDTV channel (10 Mbits/s)

RGW for Multi-play Services — 7 MUSE Winter School - Dec 2007 Antwerp

The multi-play box : much more Interfaces & enablers!

Broadband network

Network type

adapter

Wi-Fi DECT

PVR

Hard disk

Printer

Ethernet cabling

Residential

gateway

Internet

LAN WAN

PSTNnetwork

RGW for Multi-play Services — 8 MUSE Winter School - Dec 2007 Antwerp

Interface/ports to RGW

Look at previous figure and list the possible interfaces/ports

RGW for Multi-play Services — 9 MUSE Winter School - Dec 2007 Antwerp

The FMC aspect – Quad-play

ConnectivityNetwork Provider

Networks

Internet

Default connectivity provider for

home 1

Home

Mobile pr.

Hotspot pr.

Fixed pr.

Fixed pr.

Co-located hotspot

Home user

Relocateduser

Hotspotuser

Mobileuser

RGW for Multi-play Services — 10 MUSE Winter School - Dec 2007 Antwerp

Network Reference Model and ref. points

U: network border

Auto-Configuration Server: configuring and managing RGW and devices

Residential network

Residential network

Residential network

Residential network

Service provider

Management

U A10

M

Transport network

Internet

EvolutionEthernet IP based

NGN

Residential network ACS

TR-069 Protocol

TR-098 Data Model

RGW for Multi-play Services — 11 MUSE Winter School - Dec 2007 Antwerp

Residential Network Reference Model

Ethernet MAC compatible networks can be attached to T2 interface

• HomePlug, HomePNA, Bluetooth

Non-IP based Terminations can be attached at R interface

I-NT1I-NT2CPNI-ST

UT1T2SR

SubscriberLine

I-TAI-ST’

I-NT12

RGW for Multi-play Services — 12 MUSE Winter School - Dec 2007 Antwerp

Example

I have an analog television. Where does it fit into the model?

What equipment would I need to communicate with the NGN?

Give an example of interface on the R reference point

RGW for Multi-play Services — 13 MUSE Winter School - Dec 2007 Antwerp

A residential gateway

The NT2 is the core of the RGW

Modem and service functions can be integrated

NT2 NT1UST

T2

TAR

Residential gateway

Bridging -

Routing

Enablers

RGW for Multi-play Services — 14 MUSE Winter School - Dec 2007 Antwerp

NGN Protocol Reference Model = system

IP Layer (L3)

Ethernet MAC Layer (L2)

Higher Layers Higher Layers

PHY Layer

L2

L3

L4-L7

Map protocols into this structure

FirewallRTP

L1

ICMP

Control + Managementcommunication!!!

RGW for Multi-play Services — 15 MUSE Winter School - Dec 2007 Antwerp

Example

Where would the TR-069 protocol fit into the model?

RGW for Multi-play Services — 16 MUSE Winter School - Dec 2007 Antwerp

Combination of PRM and network ref models

IPETHPHY

Media SIP TR69

IPETHPHY

SIP TR69

IPETHPHY

Media SIP

IPETHPHY

SIP

IPETHPHY

TR69PHY

ST NT2

(Routing type)

NT1

SIP Server/Proxy

Media Server

ACS server

U

M

A10

RGW for Multi-play Services — 17 MUSE Winter School - Dec 2007 Antwerp

Time for a conceptual 2-D block diagram

HigherLayersWAN

HigherLayers

LAN

Management plane

HL inter-operabilty

Data

Control

Mgt

Terminal adaptors

PSTN adaptorEnablers

Peripheral interface(s)

(FXO)(FXS/SCART/HDMI)

(USB)

(xDSL/xPON)

(ETH/

PLC/…)

Public IP address(es)

Private IP address(es)

IP-Host functions

Switching blockLowerLayers

LowerLayersInterfaces

1-n

IP-Host functions

WANLAN

RGW for Multi-play Services — 18 MUSE Winter School - Dec 2007 Antwerp

Data Plane Data transfer and termination

NT1

Ethernet Relay

NT2

Bridging/switching

(NAPT) + IP Forwarding

Firewalling

QoS

ST

Coding

Application protocols

RGW for Multi-play Services — 19 MUSE Winter School - Dec 2007 Antwerp

Switching and services

NT1NT2CPNST

Service Switching Transmission

PHY Relay

User side Network side

1 1

PHY

ETH ETH

IP IP

ETH Bridging

IP forwarding

PHY PHY

NA(P)T

Data transfer between User side and Network side

1 n

User side Network side

RGW for Multi-play Services — 20 MUSE Winter School - Dec 2007 Antwerp

Network Address (and Port) Translation

Mapping of IPaddress/port between 2 address domains L3/L4

RGWPrivate address domain192.168.0.x

Public address domain

NAPT192.168.0.2

192.168.0.3

192.168.0.4

192.168.0.186.163.23.45

Port0546808078564500

Port5678 Appl 20500 Appl 3

Port0080 Appl 1

DHCP client

RGW for Multi-play Services — 21 MUSE Winter School - Dec 2007 Antwerp

Practice

Check your IP addresses)Hint: STARTRun cmd IPconfigPrivate or public?

Private address ranges:10.0.0.0 - 10.255.255.255172.16.0.0 - 172.31.255.255192.168.0.0 - 192.168.255.255

RGW for Multi-play Services — 22 MUSE Winter School - Dec 2007 Antwerp

Example of security: firewall in the mgt plane

IP

L4

Network side User side

Higher Layers

(control plane/ Management)

IP

L4

Higher Layers

(control plane/ Management)

Firewall

NT2

IP Host

RGW for Multi-play Services — 23 MUSE Winter School - Dec 2007 Antwerp

Quality of Service: Diffserv

Queues buffer according to QoS Class and get a priority

Q bits : 6 in IP message, 3 in Ethernet message

MUSE: 4-5 QoS classes

First MileEth 100M

Buffer

HighPrio

LowPrio

ServingPrio

1

2

3

4

Queues

RGW for Multi-play Services — 24 MUSE Winter School - Dec 2007 Antwerp

Control communication

Call ControlIMS/SIP AuthSIP – SDP

Multicast sessionIGMP

Authentication (EAP!)802.1X/ WPA2EAPoverDHCPI-WLAN (mobile)

IP Session controlDHCP (replace PPP)

Connectivity Call/session signalling

RGW for Multi-play Services — 25 MUSE Winter School - Dec 2007 Antwerp

Control issues: Access at network side

Internet

“Here are my credentials, please allow me”

OK“Please give me an IP address”

Here it is

Authentication - EAP

IP configuration - DHCP

RGW Default NSPAccess Network

Co

nn

ecti

vity

Internet

Video session

Video Server

Ser

vice

Sig

n.

(IMS/ SIP/ IGMP)

PP

P

RGW for Multi-play Services — 26 MUSE Winter School - Dec 2007 Antwerp

Considerations

Why is PPP not OK in the NGN network?Hints: PPP works at layer 2PPP is acting in data transfer

DHCP works in layer 7. It asks for an IP addressHow can it get an address back?

RGW for Multi-play Services — 27 MUSE Winter School - Dec 2007 Antwerp

Authentication

Supplicant Authenticator AAA server

NetworkDevice/RGW

EAP method

EAP method

Authentication E.g.EAP-AKA(Mutual!)

RADIUS/Diameter

EAP EAP pass-through EAP

TransportRADIUS RADIUSOther Other

Set of messages

Enforcement Point (EP)

Enforce access on confirmed authentication

RGW for Multi-play Services — 28 MUSE Winter School - Dec 2007 Antwerp

DHCP; extending it with EAP (Future!)

NetworkDevice/RGW

DHCPClient

DHCPServer

Set of messages

IP address and IP configuration

EAP suppl.EAP

Passthrough

EAP over DHCP AAA serverAuthenticator

Enforcement Point

EAP-message as a field in the DHCP messages (EAPoDHCP)

RGW for Multi-play Services — 29 MUSE Winter School - Dec 2007 Antwerp

EAPoverDHCP (EoD) flows

EoD client – EoD server=Authenticator – AAA server

EAP-Request

DHCPDISCOVER(Auth-Prot=EAP)

DHCPEAP(EAP-Message)messages

Device not authenticated

EoD client EoD server

EAPoDHCP

AAA server

RADIUS

DHCPOFFER Access-Accept

EAP-Success, IP-conf

Access-Request

Access-Challenge

EAP-Request/Identity

EAP-Response/Identity

EAP-Request/AKA-Challenge

EAP-Request/AKA-Challenge

EAP-Success

Authentication phase

DHCPREQUEST

DHCPACK

Device authenticated

IP configuration phase

Access phaseDHCPREQUEST

DHCPACKIP@ renewal

Termination phaseDHCPRELEASE

Access-Request

EAP-Response

EAP-Request

EAP-Response

RGW for Multi-play Services — 30 MUSE Winter School - Dec 2007 Antwerp

Consider

What happens if EAP is not successful?

Is renewal of authentication a good idea? Why (not)?

RGW for Multi-play Services — 31 MUSE Winter School - Dec 2007 Antwerp

The NAPT-RGW and connectivity

RGW

NA

PT

WPA2

DHCP

DHCP or EAPoDHCPAAA server

RADIUSEoD

RGW for Multi-play Services — 32 MUSE Winter School - Dec 2007 Antwerp

Control communication protocol stack

IP

PHY

Call/ session controlConnectivity

SIP DHCP

TCP

802.1x&WPA2

Multicast control

UDP

SDP

L2

L3

L7

L1

L4

RADIUS

IGMP

EAP

EAPMethod

ETH

RGW for Multi-play Services — 33 MUSE Winter School - Dec 2007 Antwerp

Dedicated access instead of authentication

SSID: on wireless Ethernet layer

RGW

Children home usersSubject to parental control

VisitorsNo access to home network

SSID 1

Adult home users

Home users

WPA2

SSID 2Travellers Open

RGW for Multi-play Services — 34 MUSE Winter School - Dec 2007 Antwerp

Practice in case you have a PC

Check your SSIDWireless application; wireless networks

Whom of the users in the previous slide could have another provider than the normal connectivity provider for the home?

Multi-provider!

RGW for Multi-play Services — 35 MUSE Winter School - Dec 2007 Antwerp

User types in the residential environment

HU

PCU

RV

RU

HSU

LA

N

WA

N

OR

WirelessWireline

WPA2 Pers.

Open

QoS

Normal

Minor

default

NetworkProvider

hotspot

selected

(normal) Home User

Parental Controlled User

Restricted Visitor

Relocated User

Hotspot User

FMC cases

Filtering

User Type

RGW for Multi-play Services — 36 MUSE Winter School - Dec 2007 Antwerp

The co-located hotspot

Add some functionality in the RGW so that it directs flows to a hotspot NSP (fixed or mobile) offering IP-based services

Network provider

AAA server

AN +

RNPResidential

Gateway (RGW)Residential

network

SSID_Home

Access line

Default BB NSP provider

Internet

The residential network

Aggregate(secure) tunnel

Fixed Hotspot NSP

SSID_Hotspot

3GPP Hotspot NSP

Co-located hotspot

Hotspot function in

RGW

Traveller’s terminal

Advantage

RGW for Multi-play Services — 37 MUSE Winter School - Dec 2007 Antwerp

Access restrictions for hotspot users

Principle: Hotspot traffic fills up the UNUSED bandwidthon the access line

The RGW assures:

Limitation of number of hotspot users

‘minor’ QoS settings for hotspot users

Limitation of the maximum bandwidth used by hotspot providers

Logging!

E.g. 2-3 maximum

E.g. Best Effort only *

E.g. H% of total BWHotspot traffic100

%

100%

Home user traffic

H%

(100-H) %

RGW for Multi-play Services — 38 MUSE Winter School - Dec 2007 Antwerp

Calculate

H = 50%; actual home user traffic = 20% and hotspot traffic = 30%Show this point in the bandwidth sharing diagram

H = 50% and actual home user traffic = 70%What is the maximum actual hotspot traffic?Show this point in the bandwidth sharing diagram

RGW for Multi-play Services — 39 MUSE Winter School - Dec 2007 Antwerp

Typical secured flow for hotspot

I-WLAN solution

UE AP AAA

Associate

RGW NetworkDevice

End session for IKEv2

EP/AC

IKEv2(EAP)

End session.

DHCPDIAMETER(EAP)

Data tunnelling!

Solution for mobile network

Data

Authenticator

Internet

Mobile provider

RGW for Multi-play Services — 40 MUSE Winter School - Dec 2007 Antwerp

Signalling for (real-time) multimedia -SIP/IMS

RGW

IETF SIP UE

IMS UESIP UA

SIP UA

SIP/IMS B2BUA

Non-SIP UE SIP UA

Sign Conv TA SIP/IMS Handling and Control (SIHC)

SIP UA SIP UA

ISIM

Insecurity Association

Security Association

ISIM

IMS UESIP UA

ISIM

LAN WAN

FXS

SIP UA

Sign Conv TASign Conv

SIP UATA

FXO

CAC, NAT, Firewall

IETF SIP

UE

SIP UA

PSTN

IMS proxy

RGW for Multi-play Services — 41 MUSE Winter School - Dec 2007 Antwerp

Setting up an IP phone call

SIP

IP Phone

SIP Back2Back User Agent

QOS CAC

Accept OK?

Switching

RGW for Multi-play Services — 42 MUSE Winter School - Dec 2007 Antwerp

Management communication

TR-069 Remote mgt Protocol

TR-098 Management Information Base

(TR-064 Local mgt)

(UPnP LAN control)

Home administrator management

Layer management

RGW for Multi-play Services — 43 MUSE Winter School - Dec 2007 Antwerp

Management protocol reference model

IP

TCP

Ethernet

DSL

ETH OAM

ICMP

DSL-EOC

Layer Management

Interfacing toNetwork side

User side

L7 HTTP

Simple home

administratorManagement

Port 80

[SSL/TLS]

SOAP

HTTP

XML RPC

TR-069

Port 7547

RGW for Multi-play Services — 44 MUSE Winter School - Dec 2007 Antwerp

L4 port exercises

Both Web services and TR-069 protocol are http basedHow does the RGW now how to direct a flow to the correct function?

Home work(Default http port for web server is 80Configure a RGW incoming tcp ports from the access line for following http traffic:- a web server in RGW (e.g for remote access)- a web server in an attached PC (via NAPT)- TR-069 protocol)

RGW for Multi-play Services — 45 MUSE Winter School - Dec 2007 Antwerp

TR-069 and TR-098

Remote procedure calls- Get or Set parameter values- add or delete objects- reboot, download, upload- an more

Management information baseInternetGatewayDevice:-Tree structured-Some objects:

RGW=IGD

WANDevice

LAN

LANhostIP-forw.

Bridging

QoS

WLANACS info

Device info

LAN

device

USB Device

PSTNDevice

Time info

RGW for Multi-play Services — 46 MUSE Winter School - Dec 2007 Antwerp

http based local management example

To be completed

RGW for Multi-play Services — 47 MUSE Winter School - Dec 2007 Antwerp

Global Case: Parental control – based on time period

NTP

NTP@

Time Server

Accept OK?

Access Control

Intercept

HTTP

User Auth. Server

IP-Forward

Danny: Not after 22.00h

RGW for Multi-play Services — 48 MUSE Winter School - Dec 2007 Antwerp

The RGW system platform

Hardware and firmware/software

Processor and memory; operating system

Possibility for underlying software platform• For flexible system/service upgrading and extension• For multi-provider support

OSGi platform and ability of multiple virtual RGWs and/or services in one system Next presentation

RGW for Multi-play Services — 49 MUSE Winter School - Dec 2007 Antwerp

Conclusions

Residential gateway is an important first entity in the customer premises, offering switching and services to both the network and the LAN devices

Evolution from triple play (basically modem + bridge/router) to multi-play (extended control, management, interfaces and adaptor

Fixed Mobile Convergence implies different user types and co-located hotspot support

Authentication, connectivity, multi-provider support, SIP/IMS signalling, and remote management are important enablers

The RGW is a very complex box for almost no money