IP Multimedia Subsystem
The IP Multimedia Subsystem or IP Multimedia Core Network Subsystem is an architectural framework for delivering IP multimedia services. Historically, mobile phones have provided voice call services over a circuit-switched-style network, rather than strictly over an IP packet-switched network. Alternative methods of delivering voice or other multimedia services have become available on smartphones, but they have not become standardized across the industry. IMS is an architectural framework to provide such standardization.
IMS was originally designed by the wireless standards body 3rd Generation Partnership Project, as a part of the vision for evolving mobile networks beyond GSM. Its original formulation represented an approach for delivering Internet services over GPRS. This vision was later updated by 3GPP, 3GPP2 and ETSI TISPAN by requiring support of networks other than GPRS, such as Wireless LAN, CDMA2000 and fixed lines.
IMS uses IETF protocols wherever possible, e.g., the Session Initiation Protocol. According to the 3GPP, IMS is not intended to standardize applications, but rather to aid the access of multimedia and voice applications from wireless and wireline terminals, i.e., to create a form of fixed-mobile convergence. This is done by having a horizontal control layer that isolates the access network from the service layer. From a logical architecture perspective, services need not have their own control functions, as the control layer is a common horizontal layer. However, in implementation this does not necessarily map into greater reduced cost and complexity.
Alternative and overlapping technologies for access and provisioning of services across wired and wireless networks include combinations of Generic Access Network, softswitches and "naked" SIP.
Since it is becoming increasingly easier to access content and contacts using mechanisms outside the control of traditional wireless/fixed operators, the interest of IMS is being challenged.
Examples of global standards based on IMS are MMTel which is the basis for Voice over LTE, Wi-Fi Calling and Rich Communication Services which is also known as joyn or Advanced Messaging.
History
- IMS defined by an industry forum called 3G.IP, formed in 1999. 3G.IP developed the initial IMS architecture, which was brought to the 3rd Generation Partnership Project, as part of their standardization work for 3G mobile phone systems in UMTS networks. It first appeared in Release 5, when SIP-based multimedia was added. Support for the older GSM and GPRS networks was also provided.
- 3GPP2 based their CDMA2000 Multimedia Domain on 3GPP IMS, adding support for CDMA2000.
- 3GPP release 6 added interworking with WLAN, inter-operability between IMS using different IP-connectivity networks, routing group identities, multiple registration and forking, presence, speech recognition and speech-enabled services.
- 3GPP release 7 added support for fixed networks by working together with TISPAN release R1.1, the function of AGCF and PES are introduced to the wire-line network for the sake of inheritance of services which can be provided in PSTN network. AGCF works as a bridge interconnecting the IMS networks and the Megaco/H.248 networks. Megaco/H.248 networks offers the possibility to connect terminals of the old legacy networks to the new generation of networks based on IP networks. AGCF acts a SIP User agent towards the IMS and performs the role of P-CSCF. SIP User Agent functionality is included in the AGCF, and not on the customer device but in the network itself. Also added voice call continuity between circuit switching and packet switching domain, fixed broadband connection to the IMS, interworking with non-IMS networks, policy and charging control, emergency sessions.
- 3GPP release 8 added support for LTE / SAE, multimedia session continuity, enhanced emergency sessions and IMS centralized services.
- 3GPP release 9 added support for IMS emergency calls over GPRS and EPS, enhancements to multimedia telephony, IMS media plane security, enhancements to services centralization and continuity.
- 3GPP release 10 added support for inter device transfer, enhancements to the single radio voice call continuity, enhancements to IMS emergency sessions.
- 3GPP release 11 added USSD simulation service, network-provided location information for IMS, SMS submit and delivery without MSISDN in IMS, and overload control.
In response, a cut-down version of IMS -- enough of IMS to support voice and SMS over the LTE network -- was defined and standardized in 2010 as Voice over LTE.
Architecture
Each of the functions in the diagram is explained below.The IP multimedia core network subsystem is a collection of different functions, linked by standardized interfaces, which grouped form one IMS administrative network. A function is not a node : An implementer is free to combine two functions in one node, or to split a single function into two or more nodes. Each node can also be present multiple times in a single network, for dimensioning, load balancing or organizational issues.
Access network
The user can connect to IMS in various ways, most of which use the standard IP. IMS terminals can register directly on IMS, even when they are roaming in another network or country. The only requirement is that they can use IP and run SIP user agents. Fixed access, mobile access and wireless access are all supported. Other phone systems like plain old telephone service, H.323 and non IMS-compatible systems, are supported through gateways.Core network
HSS – Home subscriber server:The home subscriber server, or user profile server function, is a master user database that supports the IMS network entities that actually handle calls. It contains the subscription-related information, performs authentication and authorization of the user, and can provide information about the subscriber's location and IP information. It is similar to the GSM home location register and Authentication centre.
A subscriber location function is needed to map user addresses when multiple HSSs are used.
User identities:
Various identities may be associated with IMS: IP multimedia private identity, IP multimedia public identity, globally routable user agent URI, wildcarded public user identity. Both IMPI and IMPU are not phone numbers or other series of digits, but uniform resource identifier, that can be digits or alphanumeric identifiers.
IP Multimedia Private Identity:
The IP Multimedia Private Identity is a unique permanently allocated global identity assigned by the home network operator, it has the form of an Network Access Identifier i.e. user.name@domain, and is used, for example, for Registration, Authorization, Administration, and Accounting purposes. Every IMS user shall have one IMPI.
IP Multimedia Public Identity:
The IP Multimedia Public Identity is used by any user for requesting communications to other users. Also known as Address of Record. There can be multiple IMPU per IMPI. The IMPU can also be shared with another phone, so that both can be reached with the same identity.
Globally Routable User Agent URI:
Globally Routable User Agent URI is an identity that identifies a unique combination of IMPU and UE instance.
There are two types of GRUU: Public-GRUU and Temporary GRUU.
- P-GRUU reveal the IMPU and are very long lived.
- T-GRUU do not reveal the IMPU and are valid until the contact is explicitly de-registered or the current registration expires
A wildcarded Public User Identity expresses a set of IMPU grouped together.
The HSS subscriber database contains the IMPU, IMPI, IMSI, MSISDN, subscriber service profiles, service triggers, and other information.
Call Session Control Function (CSCF)
Several role of SIP servers or proxies, collectively called Call Session Control Function, are used to process SIP signaling packets in the IMS.- A Proxy-CSCF is a SIP proxy that is the first point of contact for the IMS terminal. It can be located either in the visited network or in the home network. Some networks may use a Session Border Controller for this function. The P-CSCF is at its core a specialized SBC for the User–network interface which not only protects the network, but also the IMS terminal. The use of an additional SBC between the IMS terminal and the P-CSCF is unnecessary and infeasible due to the signaling being encrypted on this leg. The terminal discovers its P-CSCF with either DHCP, or it may be configured or in the ISIM or assigned in the PDP Context.
- * It is assigned to an IMS terminal before registration, and does not change for the duration of the registration.
- * It sits on the path of all signaling, and can inspect every signal; the IMS terminal must ignore any other unencrypted signaling.
- * It provides subscriber authentication and may establish an IPsec or TLS security association with the IMS terminal. This prevents spoofing attacks and replay attacks and protects the privacy of the subscriber.
- * It inspects the signaling and ensures that the IMS terminals do not misbehave.
- * It can compress and decompress SIP messages using SigComp, which reduces the round-trip over slow radio links.
- * It may include a Policy Decision Function, which authorizes media plane resources e.g., quality of service over the media plane. It is used for policy control, bandwidth management, etc. The PDF can also be a separate function.
- * It also generates charging records.
- An Interrogating-CSCF is another SIP function located at the edge of an administrative domain. Its IP address is published in the Domain Name System of the domain, so that remote servers can find it, and use it as a forwarding point for SIP packets to this domain.
- * it queries the HSS to retrieve the address of the S-CSCF and assign it to a user performing SIP registration
- * it also forwards SIP request or response to the S-CSCF
- * Up to Release 6 it can also be used to hide the internal network from the outside world, in which case it's called a Topology Hiding Inter-network Gateway. From Release 7 onwards this "entry point" function is removed from the I-CSCF and is now part of the Interconnection Border Control Function. The IBCF is used as gateway to external networks, and provides NAT and firewall functions. The IBCF is a session border controller specialized for the network-to-network interface.
- A Serving-CSCF is the central node of the signaling plane. It is a SIP server, but performs session control too. It is always located in the home network. It uses Diameter Cx and Dx interfaces to the HSS to download user profiles and upload user-to-S-CSCF associations. All necessary subscriber profile information is loaded from the HSS.
- * it handles SIP registrations, which allows it to bind the user location and the SIP address
- * it sits on the path of all signaling messages of the locally registered users, and can inspect every message
- * it decides to which application server the SIP message will be forwarded, in order to provide their services
- * it provides routing services, typically using Electronic Numbering lookups
- * it enforces the policy of the network operator
- * there can be multiple S-CSCFs in the network for load distribution and high availability reasons. It's the HSS that assigns the S-CSCF to a user, when it's queried by the I-CSCF. There are multiple options for this purpose, including a mandatory/optional capabilities to be matched between subscribers and S-CSCFs.
Application servers
- SIP AS: Host and execute IMS specific services
- IP Multimedia Service Switching Function : Interfaces SIP to CAP to communicate with CAMEL Application Servers
- OSA service capability server : Interfaces SIP to the OSA framework;
Functional model
The AS-ILCM interfaces to the S-CSCF for an incoming leg and the AS-OLCM interfaces to the S-CSCF for an outgoing leg.
Application Logic provides the service and interacts between the AS-ILCM and AS-OLCM.
Public Service Identity
Public Service Identities are identities that identify services, which are hosted by application servers. As user identities, PSI takes the form of either a SIP or Tel URI. PSIs are stored in the HSS either as a distinct PSI or as a wildcarded PSI:- a distinct PSI contains the PSI that is used in routing
- a wildcarded PSI represents a collection of PSIs.
Media servers
Each MRF is further divided into a media resource function controller and a media resource function processor.
- The MRFC is a signalling plane node that interprets information coming from an AS and S-CSCF to control the MRFP
- The MRFP is a media plane node used to mix, source or process media streams. It can also manage access right to shared resources.
- Query mode: AS queries the MRB for media and sets up the call using the response of MRB
- In-Line Mode: AS sends a SIP INVITE to the MRB. The MRB sets up the call
Breakout gateway
PSTN gateways
A PSTN/CS gateway interfaces with PSTN circuit switched networks. For signalling, CS networks use ISDN User Part over Message Transfer Part, while IMS uses SIP over IP. For media, CS networks use Pulse-code modulation, while IMS uses Real-time Transport Protocol.- A signalling gateway interfaces with the signalling plane of the CS. It transforms lower layer protocols as Stream Control Transmission Protocol into Message Transfer Part, to pass ISDN User Part from the MGCF to the CS network.
- A media gateway controller function is a SIP endpoint that does call control protocol conversion between SIP and ISUP/BICC and interfaces with the SGW over SCTP. It also controls the resources in a Media Gateway across an H.248 interface.
- A media gateway interfaces with the media plane of the CS network, by converting between RTP and PCM. It can also transcode when the codecs don't match.
Media resources
NGN interconnection
There are two types of next-generation networking interconnection:- Service-oriented interconnection : The physical and logical linking of NGN domains that allows carriers and service providers to offer services over NGN platforms with control, signalling, which provides defined levels of interoperability. For instance, this is the case of "carrier grade" voice and/or multimedia services over IP interconnection. "Defined levels of interoperability" are dependent upon the service or the QoS or the Security, etc.
- Connectivity-oriented interconnection : The physical and logical linking of carriers and service providers based on simple IP connectivity irrespective of the levels of interoperability. For example, an IP interconnection of this type is not aware of the specific end to end service and, as a consequence, service specific network performance, QoS and security requirements are not necessarily assured. This definition does not exclude that some services may provide a defined level of interoperability. However, only SoIx fully satisfies NGN interoperability requirements.
Charging
Offline charging is applied to users who pay for their services periodically. Online charging, also known as credit-based charging, is used for prepaid services, or real-time credit control of postpaid services. Both may be applied to the same session.Charging function addresses are addresses distributed to each IMS entities and provide a common location for each entity to send charging information. charging data function addresses are used for offline billing and Online Charging Function for online billing.
- Offline Charging : All the SIP network entities involved in the session use the Diameter Rf interface to send accounting information to a CDF located in the same domain. The CDF will collect all this information, and build a call detail record, which is sent to the billing system of the domain.
Each session carries an IMS Charging Identifier as a unique identifier generated by the first IMS entity involved in a SIP transaction and used for the correlation with CDRs. Inter Operator Identifier is a globally unique identifier shared between sending and receiving networks. Each domain has its own charging network. Billing systems in different domains will also exchange information, so that roaming charges can be applied. - Online charging : The S-CSCF talks to a IMS gateway function which looks like a regular SIP application server. The IMS-GWF can signal the S-CSCF to terminate the session when the user runs out of credits during a session. The AS and MRFC use the Diameter Ro interface towards an OCF.
- * When immediate event charging is used, a number of credit units is immediately deducted from the user's account by the ECF and the MRFC or AS is then authorized to provide the service. The service is not authorized when not enough credit units are available.
- * When event charging with unit reservation is used, the ECF first reserves a number of credit units in the user's account and then authorizes the MRFC or the AS. After the service is over, the number of spent credit units is reported and deducted from the account; the reserved credit units are then cleared.
IMS-based PES architecture
- Via A-MGW that is linked and controlled by AGCF. AGCF is placed within the Operators network and controls multiple A-MGW. A-MGW and AGCF communicate using H.248.1 over the P1 reference point. POTS phone connect to A-MGW over the z interface. The signalling is converted to H.248 in the A-MGW and passed to AGCF. AGCF interprets the H.248 signal and other inputs from the A-MGW to format H.248 messages into appropriate SIP messages. AGCF presents itself as P-CSCF to the S-CSCF and passes generated SIP messages to S-CSCF or to IP border via IBCF. Service presented to S-CSCF in SIP messages trigger PES AS. AGCF has also certain service independent logic, for example on receipt of off-hook event from A-MGW, the AGCF requests the A-MGW to play dial tone.
- Via VGW or SIP Gateway/Adapter on customer premises. POTS phones via VOIP Gateway connect to P-CSCF directly. Operators mostly use session border controllers between VoIP gateways and P-CSCFs for security and to hide network topology. VoIP gateway link to IMS using SIP over Gm reference point. The conversion from POTS service over the z interface to SIP occurs in the customer premises VoIP gateway. POTS signaling is converted to SIP and passed on to P-CSCF. VGW acts as SIP user agent and appears to P-CSCF as SIP terminal.
Interfaces description
| Interface name | IMS entities | Description | Protocol | Technical specification |
| Cr | MRFC, AS | Used by MRFC to fetch documents from an AS. Also used for media control related commands. | TCP/SCTP channels | - |
| Cx | , HSS | Used to send subscriber data to the S-CSCF; including filter criteria and their priority. Also used to furnish CDF and/or OCF addresses. | Diameter | TS29.229, TS29.212 |
| Dh | AS <-> SLF | Used by AS to find the HSS holding the user profile information in a multi-HSS environment. DH_SLF_QUERY indicates an IMPU and DX_SLF_RESP return the HSS name. | Diameter | - |
| Dx | <-> SLF | Used by I-CSCF or S-CSCF to find a correct HSS in a multi-HSS environment. DX_SLF_QUERY indicates an IMPU and DX_SLF_RESP return the HSS name. | Diameter | TS29.229, TS29.212 |
| Gm | UE, P-CSCF | Used to exchange messages between SIP user equipment or Voip gateway and P-CSCF | SIP | - |
| Go | PDF, GGSN | Allows operators to control QoS in a user plane and exchange charging correlation information between IMS and GPRS network | COPS, diameter | - |
| Gq | P-CSCF, PDF | Used to exchange policy decisions-related information between P-CSCF and PDF | Diameter | - |
| Gx | PCEF, PCRF | Used to exchange policy decisions-related information between PCEF and PCRF | Diameter | TS29.211, TS29.212 |
| Gy | PCEF, OCS | Used for online flow-based bearer charging. Functionally equivalent to Ro interface | Diameter | TS23.203, TS32.299 |
| ISC | S-CSCF <-> AS | Reference point between S-CSCF and AS. Main functions are to :
| SIP | - |
| Ici | IBCFs | Used to exchange messages between an IBCF and another IBCF belonging to a different IMS network. | SIP | - |
| Izi | TrGWs | Used to forward media streams from a TrGW to another TrGW belonging to a different IMS network. | RTP | - |
| Ma | I-CSCF <-> AS | Main functions are to: | SIP | - |
| Mg | MGCF -> I,S-CSCF | ISUP signalling to SIP signalling and forwards SIP signalling to I-CSCF | SIP | - |
| Mi | S-CSCF -> BGCF | Used to exchange messages between S-CSCF and BGCF | SIP | - |
| Mj | BGCF -> MGCF | Used for the interworking with the PSTN/CS domain, when the BGCF has determined that a breakout should occur in the same IMS network to send SIP message from BGCF to MGCF | SIP | - |
| Mk | BGCF -> BGCF | Used for the interworking with the PSTN/CS domain, when the BGCF has determined that a breakout should occur in another IMS network to send SIP message from BGCF to the BGCF in the other network | SIP | - |
| Mm | I-CSCF, S-CSCF, external IP network | Used for exchanging messages between IMS and external IP networks | SIP | - |
| Mn | MGCF, IM-MGW | Allows control of user-plane resources | H.248 | - |
| Mp | MRFC, MRFP | Allows an MRFC to control media stream resources provided by an MRFP. | H.248 | - |
| MrMr' | S-CSCF, MRFC AS, MRFC | Used to exchange information between S-CSCF and MRFC Used to exchange session controls between AS and MRFC | Application server sends SIP message to MRFC to play tone and announcement. This SIP message contains sufficient information to play tone and announcement or provide information to MRFC, so that it can ask more information from application server through Cr Interface. | SIP |
| Mw | P-CSCF, I-CSCF, S-CSCF, AGCF | Used to exchange messages between CSCFs. AGCF appears as a P-CSCF to the other CSCFs | SIP | - |
| Mx | BGCF/CSCF, IBCF | Used for the interworking with another IMS network, when the BGCF has determined that a breakout should occur in the other IMS network to send SIP message from BGCF to the IBCF in the other network | SIP | - |
| P1 | AGCF, A-MGW | Used for call control services by AGCF to control H.248 A-MGW and residential gateways | H.248 | - |
| P2 | AGCF, CSCF | Reference point between AGCF and CSCF. | SIP | - |
| Rc | MRB, AS | Used by the AS to request that media resources be assigned to a call when using MRB in-line mode or in query mode | SIP, in query mode | - |
| Rf | P-CSCF, I-CSCF, S-CSCF, BGCF, MRFC, MGCF, AS | Used to exchange offline charging information with CDF | Diameter | TS32.299 |
| Ro | AS, MRFC, S-CSCF | Used to exchange online charging information with OCF | Diameter | TS32.299 |
| Rx | P-CSCF, PCRF | Used to exchange policy and charging related information between P-CSCF and PCRF Replacement for the Gq reference point. | Diameter | TS29.214 |
| Sh | AS, HSS | Used to exchange User Profile information between an AS and HSS. Also allow AS to activate/deactivate filter criteria stored in the HSS on a per-subscriber basis | Diameter | - |
| Si | IM-SSF, HSS | Transports CAMEL subscription information, including triggers for use by CAMEL-based application services information. | MAP | - |
| Sr | MRFC, AS | Used by MRFC to fetch documents from an AS | HTTP | - |
| Ut | UE and SIP AS PES AS and AGCF | Facilitates the management of subscriber information related to services and settings | HTTP, XCAP | - |
| z | POTS, Analog phones and VoIP gateways | Conversion of POTS services to SIP messages | - |
Session handling
One of the most important features of IMS, that of allowing for a SIP application to be dynamically and differentially triggered, is implemented as a filter-and-redirect signalling mechanism in the S-CSCF.The S-CSCF might apply filter criteria to determine the need to forward SIP requests to AS. It is important to note that services for the originating party will be applied in the originating network, while the services for the terminating party will be applied in the terminating network, all in the respective S-CSCFs.
Initial filter criteria
An initial filter criteria is an XML-based format used for describing control logic. iFCs represent a provisioned subscription of a user to an application. They are stored in the HSS as part of the IMS Subscription Profile and are downloaded to the S-CSCF upon user registration or on processing demand. iFCs are valid throughout the registration lifetime or until the User Profile is changed.The iFC is composed of:
- Priority - determines the order of checking the trigger.
- Trigger point - logical condition which is verified against initial dialog creating SIP requests or stand-alone SIP requests.
- Application server URI - specifies the application server to be forwarded to when the trigger point matches.
- Shared - When provisioning, only a reference number is assigned to the subscriber. During registration, only the number is sent to the CSCF, not the entire XML description. The complete XML will have previously been stored on the CSCF.
- Non-shared - when provisioning, the entire XML description of the iFC is assigned to the subscriber. During registration, the entire XML description is sent to the CSCF.
Security aspects of early IMS and non-3GPP systems
CableLabs in PacketCable 2.0, which adopted also the IMS architecture but has no USIM/ISIM capabilities in their terminals, published deltas to the 3GPP specifications where the Digest-MD5 is a valid authentication option. Later on, TISPAN also did a similar effort given their fixed networks scopes, although the procedures are different. To compensate for the lack of IPsec capabilities, TLS has been added as an option for securing the Gm interface. Later 3GPP Releases have included the Digest-MD5 method, towards a Common-IMS platform, yet in its own and again different approach. Although all 3 variants of Digest-MD5 authentication have the same functionality and are the same from the IMS terminal's perspective, the implementations on the Cx interface between the S-CSCF and the HSS are different.