People working at different locations need a fast, secure and reliable way to share information across computer networks . This is were a way to connect private networks over and top of public network becomes necessary and Virtual Private Network comes into picture .
SIP ( Session Initiation Protocol ) for VPN
VOIP across an SSL-based VPN is achieved in good quality by encapsulating the UDP VOIP packets ( SIP and RTP ) in TCP/IP .
Data used for defining a VPN like its Groups, its Members and the associated profiles is organized hierarchically.It includes information like who is the operator, subscriber of VPN, group ID and member ID.
Grouping :
Groups created to implement policies and restrictions common to a set of users.These include:
- Apply permissions to call between the Groups and to the outside world
- Apply pricing between distinct types of of PNP (Mobile, Fixed, Privileged list)
- Some numbers assigned a preferential tariff plan. These numbers are not part of the VPN ( Virtual On-Net) .
- privileged list within a VPN across multiple groups
performance issues
VPN has no negative influence on latency, jitter and packet loss
With enabling authentication, encryption, HMAC, anti-replay attack, and initialization vector, and use small RTP size for Codec, the vpn overhead is high
Counters
For developing a VPN application counters are employed , some of which could be as follows
- * Number of calls On-Net and Off-Net
- * Numbers of Calls VPN
- * Number of calls with Forced On-Net
Calls between endpoints like
- * MS to MS Normal (mobile)
- * MS to MS Privilege
- * MS toward PABX
Success Fail rate
- Number of calls successful without rerouting
- Number of calls with successful rerouting
- Number of calls with Failure (Failed = No answer, Busy, Not reachable, Congestion)
- Number of calls on non-response (No Answer)
- Number of calls on Not Reachable
- Number of calls Route Select Failure
- Number of calls on busy
- Number of calls barred by VPN service.
other parameters
- Total number of queries
- Number of States created/modified
- Number of change in the rights of calls
- Number of issuance of observation Reports
Service Overview
Lets see how would a SIP based VPN services over telecom application server with Service Broker works .
Leveraging the Service Broker to offer voice VPN service to existing Subscribers is an arduous task. The Subscriber shall benefit from reduced charging rates for VPN calls (ON-Net), improved employee connectivity (within the VPN scope) and a consistent user experience across fixed and mobile phones.
VPN services shall be integrated with the R-IM-SSF component of the service broker. R-IM-SSF shall provide mediation as well as session and state management capabilities that shall make VPN service available over multiple networks including SS7 and IMS networks.
note : R-IM-SSF = reverse IMS gateway to IN
The subscriber base can be interfaces via a SMP that might also be used to add groups and assign right and privilege to member
note : SMP is the Provisioning interface for VPN service subscriber
Features of VPN application
1.Private numbering plan for both mobile and fixed subscribers (Short number dialing).
2.Distribution of subscriber under a hierarchical Data Model :
- Subscriber VPN( Enterprise Level)
- Group of Users ( Group level. Can be either of type Mobile or PABX )
- State (End user of service)
3.Grouping of a short number on the basis of following types:
- Member of mobile VPN
- Privileged user
- PABX user
4. Forced On-Net call handling, which shall allow user to dial the public number of another On-Net user with On-Net call Features.
5.Virtual On-Net Call Handling which allocates On-Net extension to non VPN users( Privileged list)
6.Off-Net call Handling via exhaust code which shall allow vpn users to access non-vpn public numbers
7. Prohibit the call based on a set of rules like ( all off-net calls barred).
8.Allow calls based on destination numbers. For example allow off-net calls for numbers provisioned in the white list(allowed list)
9.Outgoing call screening on the basis of time( Time based barring)