Real-time Services over an IP/MPLS Network

S. Afshar and B. Goode
AT&T Labs

AT&T is migrating to a single IP/MPLS core network in support of a major initiative, the Concept of One, which will ensure optimum use of resources by maximizing commonality. All services will eventually be carried over this IP/MPLS network. The common infrastructure described in this paper is limited to the essential capabilities and components that will enable AT&T to develop and deploy real-time services, such as voice, interactive text, and video, and various multi-media collaboration services. We call this "Services over IP" or "SoIP".

The main goal of the AT&T SoIP Architecture is to provide a single, common, and shared infrastructure that facilitates the development of real-time services with the highest quality and availability, and the lowest cost of operations and maintenance feasible. To accomplish this, the architecture is divided into separate layers. Each layer has a well-defined role and provides a set of capabilities for the layer immediately above it by utilizing the set of capabilities provided to it by the layer immediately below it. The SoIP Infrastructure is built as a virtual network on top of AT&T's Converged IP/MPLS Network and is called the SoIP Infrastructure (or Connectivity) Layer. The IP/MPLS Network is surrounded by a Multi-Service Access/Multi-Service Edge network that supports all popular access technologies including TDM, ATM, Frame Relay (FR), and Ethernet. Thus, the SoIP Infrastructure can be reached via any of these access technologies.

The primary function of the IP/MPLS Network Layer is to provide high performance inter-site routing and transport of IP packets. The IP/MPLS Network Layer is a multi-AS network that provides IP connectivity for the SoIP Infrastructure. The IP/MPLS Network also has the added value of protecting the SoIP Infrastructure from unauthorized access. The IP/MPLS Network facilitates interworking among end-points using different access technologies. That is, AT&T services can extend to, and work across, many different access technologies (e.g., TDM, IP, ATM, Frame Relay, or remotely via a service partner like a cable company). The SoIP network elements such as border element (BE) or call control element (CCE) are connected to the Multi-Service Edge (MSE) components. An MSE terminates customer access into the IP/MPLS Converged Network and provides such features as QoS and (RFC 2547bis) VPN. Backbone Routers (BRs) form the MPLS core network and provide connectivity among the MSEs.

To address the performance needs of each of the typical traffic streams associated with the SoIP Architecture (bearer channels, signaling, management traffic, etc.), the IP/MPLS Converged Network supports tuning of per-hop behaviors within the network. These behaviors are consistent with the performance needs of various classes of traffic flows, including Real-Time, High Performance Data, Medium Performance Data, and Best-Effort. The network sets up priority queues, where appropriate, to support a class of traffic that has real-time characteristics (i.e., bearer channel traffic). The equipment marks IP precedence setting within the Type of Service (TOS) field of the IP Header to designate the appropriate queue for each of the four traffic classes. The IP/MPLS Converged Network will support Admission Control mechanisms.

By design, the SoIP Architecture is intended to be resilient to known forms of security attacks. This includes both simple attempts to steal service, as well as brute force Distributed Denial of Service (DDOS) attacks intended to dramatically reduce the Quality of Service (QoS) provided to customers. The AT&T IP/MPLS Network provides the necessary infrastructure to support secured communication among AT&T SoIP Infrastructure network elements.

The definition of a core trust domain where SoIP architectural elements participate is fundamental to this design. Also, the security design assumes that the BE will act as a gateway into that trust domain, from customers who are natively attached to networks outside of that trust domain (e.g., partner networks, customer premises networks, etc.). These trust domains will be implemented using RFC 2547bis BGP-MPLS VPNs. This will allow the components in the other layers of the SoIP Architecture to mark different traffic streams (via labels) that belong in different VPNs on the same physical interface.

The SoIP Connectivity Layer provides all network primitives needed for applications to implement services. This includes establishing simple signaling connectivity between endpoints by providing capabilities to create, join, remove (tear down), and report the status of call legs. The following services are also enabled in this layer: Basic media services, E-911, Lawfully Authorized Electronic Surveillance (LAES), and Call Detail Recording. The Connectivity Layer provides a unified, shared environment that supports the addition of new services and access technologies without changing the underlying infrastructure. This layer is comprised of a number of zones and a collection of network functions. A zone consists of a CCE and one or more BEs. Network functions and resources, as described in this section, may be shared by CCEs across many zones.

Border Elements interface with customer premises equipment such as IP PBXs, IP Phones, Terminal Adapters, H.323 gateways, TDM gateways, and IP-enabled TDM PBXs to route end user calls through the AT&T SoIP Infrastructure. Border Elements (BEs) are the point of demarcation for the Connectivity Layer. They define the Boundary of Trust for the AT&T SoIP Network and provide an entry point into the SoIP Infrastructure. The BEs are connected together in an MPLS VPN using special virtual routing and forwarding (VRF) tables in the MSE. For AT&T customers, BEs ensure security, reliability, and availability. BEs also participate in enforcing (local) call admission control, and in helping the network provide Emergency Telephone Services (ETS), E-911, and Lawfully Authorized Electronic Surveillance (LAES). A BE has four main functions: Signaling, Media Control, Security, and Call Admission Control. BEs also collect and forward "real-time" CDR records to the CCE. A BE provides a point of signaling control at the edge. BEs translate the access protocol (H.323, MGCP, MEGACO, SS7, ISUP, CAS, ISDN, etc.) to and from SIP. BEs examine media streams going in and out of the Connectivity Layer for security, media format conversion, and mid-call signaling detection.