People working at different locations need a fast, secure and reliable way to share information across computer networks . This is were a way to connect private networks over and top of public network becomes necessary and Virtual Private Network comes into picture .
SIP ( Session Initiation Protocol ) for VPN
VOIP across an SSL-based VPN is achieved in good quality by encapsulating the UDP VOIP packets ( SIP and RTP ) in TCP/IP .
Data used for defining a VPN like its Groups, its Members and the associated profiles is organized hierarchically.It includes information like who is the operator, subscriber of VPN, group ID and member ID.
Groups created to implement policies and restrictions common to a set of users.These include:
- Apply permissions to call between the Groups and to the outside world
- Apply pricing between distinct types of of PNP (Mobile, Fixed, Privileged list)
- Some numbers assigned a preferential tariff plan. These numbers are not part of the VPN ( Virtual On-Net) .
- privileged list within a VPN across multiple groups
VPN has no negative influence on latency, jitter and packet loss
With enabling authentication, encryption, HMAC, anti-replay attack, and initialization vector, and use small RTP size for Codec, the vpn overhead is high
For developing a VPN application counters are employed , some of which could be as follows
- * Number of calls On-Net and Off-Net
- * Numbers of Calls VPN
- * Number of calls with Forced On-Net
Calls between endpoints like
- * MS to MS Normal (mobile)
- * MS to MS Privilege
- * MS toward PABX
Success Fail rate
- Number of calls successful without rerouting
- Number of calls with successful rerouting
- Number of calls with Failure (Failed = No answer, Busy, Not reachable, Congestion)
- Number of calls on non-response (No Answer)
- Number of calls on Not Reachable
- Number of calls Route Select Failure
- Number of calls on busy
- Number of calls barred by VPN service.
- Total number of queries
- Number of States created/modified
- Number of change in the rights of calls
- Number of issuance of observation Reports
Lets see how would a SIP based VPN services over telecom application server with Service Broker works .
Leveraging the Service Broker to offer voice VPN service to existing Subscribers is an arduous task. The Subscriber shall benefit from reduced charging rates for VPN calls (ON-Net), improved employee connectivity (within the VPN scope) and a consistent user experience across fixed and mobile phones.
VPN services shall be integrated with the R-IM-SSF component of the service broker. R-IM-SSF shall provide mediation as well as session and state management capabilities that shall make VPN service available over multiple networks including SS7 and IMS networks.
note : R-IM-SSF = reverse IMS gateway to IN
The subscriber base can be interfaces via a SMP that might also be used to add groups and assign right and privilege to member
note : SMP is the Provisioning interface for VPN service subscriber
Features of VPN application
1.Private numbering plan for both mobile and fixed subscribers (Short number dialing).
2.Distribution of subscriber under a hierarchical Data Model :
- Subscriber VPN( Enterprise Level)
- Group of Users ( Group level. Can be either of type Mobile or PABX )
- State (End user of service)
3.Grouping of a short number on the basis of following types:
- Member of mobile VPN
- Privileged user
- PABX user
4. Forced On-Net call handling, which shall allow user to dial the public number of another On-Net user with On-Net call Features.
5.Virtual On-Net Call Handling which allocates On-Net extension to non VPN users( Privileged list)
6.Off-Net call Handling via exhaust code which shall allow vpn users to access non-vpn public numbers
7. Prohibit the call based on a set of rules like ( all off-net calls barred).
8.Allow calls based on destination numbers. For example allow off-net calls for numbers provisioned in the white list(allowed list)
9.Outgoing call screening on the basis of time( Time based barring)