IP bearer networks mark the inevitable transformation trend that all carriers must obey. However, not only has the deployment of NGN or 3G networks produced problems with reliability, QoS and security, but the evolution towards IMS has created even more challenges.

New Considerations for IP Bearer Networks

IMS can enable fixed and mobile network integration and bear both access modes within a single IP backbone network. Each IP bearer network, especially backbone networks, must fully consider service differentiation when carrying IMS services.

The requirements IMS places on the IP bearer network are similar to the demands that NGN/3G networks places on IP. Both require the IP bearer network to consider QoS, security, reliability, expandability, service strategy drive, operability and manageability.

However, IMS has additional content requirements and characteristics:

Expandability: As fixed and mobile services are unified in the IP bearer network, the IP bearer network must be ready for constructing large-scale networks.

Service strategy drive: IMS-based services adopt SIP P2P service control, including session creation, session closedown and media stream transfer. This IP bearer network must be able to receive control functions from the service control layer including S-CSCF or softswitch. The network must also be able to close a control layer connection at any time.

Operation management: control and bearing based on single sessions will be enabled, and this requires the network to provide session level operation and management capabilities.

Some key measures are to recommended in IP bearer networks during the evolution towards IMS. Construct ITU-T Y.RACF architecture. Ensure milliseconds protection switchover. Enable hierarchical QoS guarantees. Eliminate potential security risks.

Constructing ITU-T Y.RACF Architecture

A carrier-class multi-service IP bearer network combines IP network technologies and telecom operations. IMS-oriented ITU-T Y.RACF architecture can be adopted to construct IP telecom bearer networks and can fully satisfy the requirements of telecom operations.

ITU-T Y.RACF architecture can fully meet service requirements for bearing real-time services such as voice and video services, and it affords IP bearer networks an equivalent QoS to traditional telecom networks, i.e. guaranteed QoS (Hard QoS) that can support new IP services.

The architecture adopts a hierarchical network structure comprising of bearer, bearer control and service control layers. The bearer control layer implements unified resource management and carries both traditional and new telecom services. The CAC mechanism ensures resource application prior to use, resource guarantees during use, and resource release after use.

Existing IP networks can be upgraded to ITU-T Y.RACF networks through simple reconstruction, which in fact, is network optimization that can solve QoS, security and management problems present in existing IP networks.

Ensuring Milliseconds Protection Switchover

IMS real-time services require milliseconds switchover in terms of system reliability. Specifically, milliseconds protection switchover is required in the case of a single-spot failure in the network.

An IP bearer network's physical topography focuses on the redundancy backup of backbone nodes by, for example, providing link and node redundancy. To ensure a whole network's reliability, the redundant physical topology must be combined with reliability technology and traditional IP technologies can hardly fulfill this objective. However, MPLS TE FRR technology can provide link and node based protection and offer a solution to the problem.

One prerequisite for rapid protection switchover is a quick fault detection mechanism. High-end routers normally adopt multiple fault detection technologies such as Ethernet OAM, APS, physical port fault detection, L3-based BFD technology and MPLS-based OAM technology. In general, bottom-layer detection is much quicker than upper-layer detection. Therefore, bottom-layer fault detection technologies are preferentially selected for actual networking.

Enabling Hierarchical QoS Guarantees

IMS defines a hierarchical P2P QoS guarantee scheme, including an application control layer, a backbone network QoS control layer and a backbone QoS transfer guarantee layer.

In the 3GPP defined IMS QoS architecture, information is exchanged between the IP backbone network and application nodes such as GGSN and PDF. The purpose is to reserve the QoS resources for a given session and, based on specific network conditions, this process can be realized by excessive allocation, static reservation, resource agency, or application terminal exploration.

Adopting a resource centralized agency mode, the ITU-T Y.RACF architecture is fully compliable with IMS QoS architecture. It can control resource allocation in the network through the centralized resource management system. When setting up a session, the IMS control protocol (SIP) first requests for resources from the ITU-T Y.RACF resource manager, which saves resource topologies of the whole network. If there are sufficient resources from source to destination, the resource manager returns the "OK" to the IMS service control system to set up a session. Resources are then reserved for this in P2P mode in the backbone network. The specific resource reservation mode can employ MPLS TE or the ordinary Diffserv mode. When session traffic reaches the threshold of the backbone network, reserved resource entries will be forwarded, while data without corresponding entries will either be discarded or processed in the "Best Effort" mode.

Eliminating Potential Security Risks

IMS enables direct interworking between session IP service terminals and the backbone network, which increases security risks. The SIP protocol is not a security mechanism and terminals, such as the UE, have no security protection measures. The IMS core network or the IP bearer network is vulnerable to attack from IMS terminal users. Furthermore, the Internet can be the source of insecurity. Therefore, if the IP bearer network bears multiple services, potential security risks also exist among services.

To solve the above security problems, the following measures can be taken.

Network security edge and backbone network's edge equipment are the most important protection against security risks. It offers IMS authentication, SIP signaling access, illegal traffic screening and DDOS attack handling functions.

The security of IMS core control equipment can affect service operations of the whole network. One way to enhance its security is to require that all calls from the Internet must be filtered by a firewall.

Core network's internal security can be improved by using the MPLS VPN for security isolation. Various services or pieces of equipment in the IP bearer network can be isolated from the control and transfer planes to eliminate their mutual influences such as preventing the media from affecting the SIP signaling.

A number of leading vendors have integrated the user security authentication function (SBC agent) in multi-service control gateway products. This function can serve as an agent for SIP signaling and media, prevent illegal SIP calls and prevent attacks against SIP signaling. Some products enable the firewall function to form a safe barrier between users and each other, and between users and the IP bearer network. Firewalls can also be deployed in IMS session control equipment and the Internet gateway.

The resource manager in ITU-T Y.RACF architecture can directly control the creation and deletion of session representations in the multi-service control gateway. Session traffic without corresponding session representations will be regarded as illegal and will be immediately discarded. If the network administrator or the security department detects a security problem during a session, notification can be sent to the backbone network's edge equipment via the bearer control layer to terminate and remove the session.

At present, network transformation is at the eve of a breakthrough and many difficulties have been solved one after another. The ITU-T Y.RACF architecture has brought us more hopes and is expected to lead into a bright future for IP network construction.