Acme Packet GSM Association (GSMA) IP eXchange solution for mobile service providers

Building upon the growing trend of VoIP interconnects, the GSM Association (GSMA) has defined the IP eXchange (IPX) as a managed interconnect service for exchanging SIP-based communications between multiple service providers—mobile operators, fixed line providers and application service providers (ASPs).

The IPX is built by international wholesale and transit carriers using common technical specifications and consistent commercial models and reflects GSMA’s four principles of openness, quality, cascading payments and efficient connectivity. Leveraging the existing GPRS Roaming Exchange (GRX) layer 3 transport network, the IPX adds connectivity to non-GSM operators and supports new interactive IP communication services, new charging models, end-to-end QoS for roaming and interworking.

International wholesale and transit service providers providing IPX services can realize several benefits, including the ability to:

Increase revenue with seamless, high-quality, secure service interworking between all types of service providers
Differentiate from competition via value-added services such as transcoding and protocol interworking
Speed customer “time-to-service” using IP connections with faster provisioning times
Enable new services that require end-to-end IP connectivity such as interactive video, instant messaging and multimedia collaboration

As service providers continue their deployment of next-generation networks and services, interconnecting to IPX carriers can produce several benefits. These include lower capital and operational expenditures, extended service reach, improved call quality, new services and simplified operations.

Our IPX interconnect solution features our Net-Net session border controller (SBC) deployed at the IPX carrier. It acts as the IPX Proxy—a GSMA-defined function that satisfies requirements for security, service reach maximization, SLA assurance, and cost and revenue management. The Net-Net SBC is also used by fixed and mobile service providers at the interconnect border with IPX carriers to mediate between networks and solve the challenges associated with IP hand-offs between service providers.

Traffic exchanged between service providers over an IPX carrier includes VoIP, IP video telephony, push-to-talk, video share, presence/ messaging, multimedia collaboration and other interactive services using SIP signaling. The IPX offers highly efficient and commercially attractive methods of establishing bilateral and multilateral interworking and roaming interconnection arrangements for interactive IP communication services.

IPX carriers can offer a variety of revenue generating service offerings, including:

Off-net traffic termination or origination
Roaming traffic aggregation for all services—voice, PoC, video share, presence/messaging, video telephony
Hosted interworking services— transcoding, signaling normalization, encryption
Access to wholesale services and ASPs—directory, IVR, speech-to-text, etc.

The IPX is “service aware” and private—not part of the best-effort Internet. However, interconnecting to service provider customers using IP links does introduce challenges for meeting the GSMA IPX requirements:

Security—hide and protect network resources from attack
Service reach maximization—exchange routing information and session traffic across heterogeneous networks with conflicting network characteristics to ensure reachability and interoperability
SLA assurance—maintain service and network availability during abnormal busy periods
Cost and revenue management—protect against theft of service, minimize session routing costs and capture session data for accounting and billing

Security

Function	Features
SBC DoS/DDoS protection	Protect SBC in IPX Proxy role from DoS/DDoS and other malicious attacks using hardware-based packet filtering and access control Protect border elements from non-malicious overloads Allow access to trusted/authenticated customers while under DoS attack
Access control	Filter networks on a per application basis Permit access to known networks Accept media for authorized sessions
Topology hiding	Hide IP layer (layer 3) and signaling topologies (layer 5) to prevent directed attacks
Privacy	Anonymize session routing information for privacy and confidentiality Maintain separation between customer VPNs Support inter-VPN sessions
Service infrastructure DoS prevention	Prevent DoS attacks from reaching service provider customers or other signaling elements in the network Protect service provider customers from signaling overload attacks by enforcing call rate limiting, message rate limiting and code gapping policies
Fraud prevention	Perform signaling and media validation by authenticating and authorizing interconnect SBCs or session agents Enforce service contract per-SBC/session agent Deter bandwidth theft and fraud with per-session media bandwidth policing
Virus and worm protection	Protect network from malicious attachments, prevent malformed messages from overloading resources
Monitoring and reporting	Monitor and report on alarms for attacks and overloads Provide audit trails for attack response and fraud investigation Provide secure monitoring and management access to prevent unauthorized personnel access

Service reach maximization

IP networks may use different signaling protocols, codecs or overlapping IP address spaces. To enable calls to traverse multiple networks—from a mobile or fixed service provider across IPX carriers to another service provider—Acme Packet Net-Net SBCs mediate between heterogeneous networks and fix incompatibilities. These features allow IPX carriers to increase their addressable customer base and accelerate time to market. By mediating differences at ingress and egress of their networks, IPX carriers are able to change their core network quickly without disrupting the customer interface. IPX carriers can also leverage the GSMA’s PathFinder number resolution database to discover addresses for proper routing for SIP-based communications.

Function	Features
Address management	Bridge IP address spaces—private-public, private-private, VPN-VPN, IPv4-IPv6 Allow direct interfaces to multiple VPNs to minimize equipment costs
Telephone number and URI manipulation	Enable prefix, suffix, wildcard and other telephone number manipulations to enhance and control session routing
Protocol translations and fix-ups	Provide signaling protocol normalization, repair and interworking for SIP to SIP, H.323 to H.323 and SIP to H.323 Provide support and interworking for UDP, TCP, SCTP transport protocols Interwork unencrypted cleartext sessions with TLS, IPsec and SRTP encrypted sessions Correct SIP and H.323 response code formatting issues between service providers
Transcoding, transrating and DTMF translations	Translate, reorder or filter wireline and wireless codecs Mediate between variations in frame rates (e.g., 10ms to 30ms) Convert from in-band to out-of-band signaling
Route discovery	Query GSMA PathFinder database for addressing and route resolution using ENUM

SLA assurance

Oversubscribed networks and service infrastructure can negatively impact IPX carrier network availability and call quality of the service providers’ subscribers. Acme Packet’s SBCs provide session admission control, load balancing and QoS marking and reporting features that deliver assured service quality and network availability during periods of congestion or abnormal network events.

Function	Features
Session admission control	Admit sessions based upon signaling and bandwidth constraints per network or session agent to ensure resource availability Interface to external policy servers and bandwidth managers
Overload protection and control	Load balance traffic based upon maximum allowed sessions or rate of sessions Reject or divert traffic based upon destination number to control mass calling events
Failure detection, traffic re-route and recovery	Monitor performance and availability of router and session agent Re-route or re-distribute traffic based upon performance degradation or failure
SBC failure recovery	Mirror SIP signaling, media and configuration state from the primary SBC to the backup SBC to seamlessly maintain active sessions and accounting information
Transport control	Assign QoS marking and VLAN mapping (ToS, DiffServ, MPLS) based upon application, source address or destination address
Quality of experience (QoE) reporting & QoE-based routing	Measure observed Quality of Service (QoS)— jitter, loss, latency—and Answer Seizure Ratio (ASR) call completion percentages per-session Append QoS and ASR information to call detail records (CDRs) Route sessions based upon observed QoS or ASR

Cost and revenue management

Inefficient network utilization, improper accounting and fraud can reduce IPX service profitability. Proper settlement is essential due to the chain of IPX carriers and service providers involved in delivering end-to-end interactive IP communications. Acme Packet’s SBCs deliver call routing, bandwidth policing and accounting features to aid in revenue collection and ensure the most cost-effective usage of an IPX carrier’s network.

Function	Features
Accounting	Generate CDRs for billing or traffic engineering
Service theft protection	Police media bandwidth per-session, based upon authorized codec Terminate inactive sessions via session timers to free up network and service infrastructure resources Ensure only authorized sessions receive correct QoS and resource utilization
Cost-based routing	Least cost routing (LCR)—enable policy-based session control based on route cost ENUM-based routing—increase routing infrastructure scalability and eliminate PSTN termination costs Carrier code-based routing—enable policy-based session control based on prefix or carrier code Codec-based routing—eliminate costly transcoding
Service normalization	Normalize IP addresses; signaling, transport and encryption protocols; and codecs at the border to simplify core architecture and reduce costs