VPN ( Virtual Public Network ) over SIP

People working at different locations need a fast, secure and reliable way to share information across computer networks . This is were a way to connect private networks over and top of public network becomes necessary and Virtual Private Network comes into picture .

vpn

SIP ( Session Initiation Protocol ) for VPN

VOIP across an SSL-based VPN is achieved in good quality by encapsulating the UDP VOIP packets ( SIP and RTP ) in TCP/IP .

Data used for defining a VPN like its Groups, its Members and the associated profiles is organized hierarchically.It includes information like who is the operator, subscriber of VPN, group ID and member ID.

vpn+ service broker

Grouping :

Groups created to implement policies and restrictions common to a set of users.These include:

  • Apply permissions to call between the Groups and to the outside world
  • Apply pricing between distinct types of of PNP (Mobile, Fixed, Privileged list)
  • Some numbers assigned a preferential tariff plan. These numbers are not part of the VPN ( Virtual On-Net) .
  • privileged list within a VPN across multiple groups

performance issues

VPN has no negative influence on latency, jitter and packet loss

With enabling authentication, encryption, HMAC, anti-replay attack, and initialization vector, and use small RTP size for Codec, the vpn overhead is high

Counters

For developing a VPN application counters are employed , some of which could be as follows

  • * Number of calls On-Net and Off-Net
  • * Numbers of Calls VPN
  • * Number of calls with Forced On-Net

Calls between endpoints like

  • * MS to MS Normal (mobile)
  • * MS to MS Privilege
  • * MS toward PABX

Success Fail rate

  • Number of calls successful without rerouting
  • Number of calls with successful rerouting
  • Number of calls with Failure (Failed = No answer, Busy, Not reachable, Congestion)
  • Number of calls on non-response (No Answer)
  • Number of calls on Not Reachable
  • Number of calls Route Select Failure
  • Number of calls on busy
  • Number of calls barred by VPN service.

other parameters

  • Total number of queries
  • Number of States created/modified
  • Number of change in the rights of calls
  • Number of issuance of observation Reports

Service Overview

Lets see how would a SIP based VPN services over telecom application server with Service Broker works .

Leveraging the Service Broker to offer voice VPN service to existing Subscribers is an arduous task. The Subscriber shall benefit from reduced charging rates for VPN calls (ON-Net), improved employee connectivity (within the VPN scope) and a consistent user experience across fixed and mobile phones.

VPN services shall be integrated with the R-IM-SSF component of the service broker. R-IM-SSF shall provide mediation as well as session and state management capabilities that shall make VPN service available over multiple networks including SS7 and IMS networks.

note : R-IM-SSF = reverse IMS gateway to IN

The subscriber base can be interfaces via a SMP that might also be used to add groups and assign right and privilege to member

note : SMP is the Provisioning interface for VPN service subscriber

Features of VPN application

1.Private numbering plan for both mobile and fixed subscribers (Short number dialing).

2.Distribution of subscriber under a hierarchical Data Model :

  1. Subscriber VPN( Enterprise Level)
  2. Group of Users ( Group level. Can be either of type Mobile or PABX )
  3. State (End user of service)

3.Grouping of a short number on the basis of following types:

  1. Member of mobile VPN
  2. Privileged user
  3. PABX user

4. Forced On-Net call handling, which shall allow user to dial the public number of another On-Net user with On-Net call Features.

5.Virtual On-Net Call Handling which allocates On-Net extension to non VPN users( Privileged list)

6.Off-Net call Handling via exhaust code which shall allow vpn users to access non-vpn public numbers

7. Prohibit the call based on a set of rules like ( all off-net calls barred).

8.Allow calls based on destination numbers. For example allow off-net calls for numbers provisioned in the white list(allowed list)

9.Outgoing call screening on the basis of time( Time based barring)


Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s