You are on page 1of 6


Role of Session Border Control in todays networks Border Control test challenges and test tool requirements NGN and IMS SBC architectures and function overview Hammer test tools for Border Control devices and functions Test Scenarios: Autonomous SBC Testing Distributed SBC testing A-BGF, C-BGF, and I-BGF Testing I-BCF Testing IWF Testing RACF/PDF Testing Hammer testing solution features and specifications

Testing Session Border Control in NGN and IMS Environments with Hammer from Empirix
Session Border Controllers in Todays Networks
Session Border Controllers, or SBCs, play a critical role in a variety of VoIP network architectures. SBCs are commonly used to act as a VoIP-aware firewall to assist with network peering and NAT traversal. In NGN and IMS networks, SBCs are increasingly used for more advanced functionality, such as: Core network protection and security Access network resource and admission control Policy coordination and control VoIP protocol interworking SBCs are available in a variety of architectures and for different network sizes and needs. Several vendors offer stand-alone SBCs with specialized variants for different network sizes and/or Access or Peer-Interconnected networks. In addition, SBCs may be specialized for signaling and media control and manipulation. Several other vendors also incorporate SBC functionality into other gateway and switching devices. The IMS standards further decompose SBCs and border devices into several distinct elements. These functions may be integrated into a single SBC or located in several different physical devices in a Distributed SBC.

Hammer SBC Testing

Flexible test options for a wide variety of SBC architectures and test configurations Leverage the same tools for testing throughout the test lifecycle from early stage R&D testing to QA through to QA and pre-deployment trial testing. Test solution includes: Call Generation for simulation subscriber traffic and user behavior Device emulation for replicating the behavior of NGN and IMS infrastructure devices needed in SBC isolation and unit tests Network emulation for generating realistic WAN impairments and conditions Analysis and Diagnostics for quickly helping to find the root source of the problem

Typical Test Challenges and Requirements

SBCs have evolved into complex devices that fit into a wide variety of network architectures, interoperate with many different vendors, and offer of a diverse set of signaling and media manipulation and control functionality. These unique challenges result in many specific test requirements: Test Challenges Rapidly growing list of features and interfaces Advanced signaling manipulation Media Testing High levels of scalability Isolation/Unit Testing Multi-vendor interoperability Test Requirements Expandable and easily modifiable feature test tools with broad interface support Flexible and dynamic signaling architecture Voice quality test and measurement capability Performance testing tools capable of extremely high loads Device emulation tools to economically emulate infrastructure devices Tools that can accurate emulate specific vendor implementations and that are quickly modifiable to keep pace with changing implementations

SBC Architectures
SBCs may be deployed in a variety of physical architectures. As shown in Figure 1, the most basic SBC architecture involves a single, fully integrated SBC that operates independently and performs all border control functionality within the single device. As border control requirements became more sophisticated and VoIP networks grew more complex, the SBC evolved into a distributed form, with a controller that directs the activities of one or more Border Elements (SBE) or Border Gateway devices. As Figure 2 illustrates, the Border Elements/Gateways interface with the public/untrusted network and are controlled by a MGC or softswitch, typically via H.248. The Border Element/Gateway opens and closes pin-holes and passes VoIP Signaling information to the Controller for processing there. Media information is handled at the edge and may not be passed to the core, allowing for better resource utilization and scalability.

Figure 1- Autonomous SBC

SBCs may be further decomposed into additional elements in NextGeneration networks, giving them additional border control capabilities and allowing for a wider variety of physical-deployment options. IMS specifications define several distinct border control functions such as: Border Gateway Functions (BGF) Physical interfaces to other networks (including firewalling, NAT traverals, and other options like media transcoding) Access Border Gateway Functions (A-BGF) or Core Border Gateway Function (C-BGF) - specialzed BGFs for mediating connectivity between the core and the operators own fixed and wireless access networks Interconnect Border Gateway Function (I-BGF) specialized Figure 2- Distributed SBC BGFs for connecting to external peer IP networks Interconnect Border Control Functions (I-BCF) - Controllers of I-BGF devices Policy Decision Function (PDF) or Serving Policy Decision Function (SPDF) Control of network policies for bearer access Resource and Admission Control Function (RACF) Enforcing network access and controlling bandwith Interworking Function (IWF) - Network signaling and protocol interworking Call/session Control Functions (CSCF) Control of SIP session establishment and communication Proxy Call/Session Control Function (P-CSCF) SIP proxy and initial entry to/from the IMS core Interrogating Call/Session Control Function (I-CSCF) Toplogy hiding and to connect different internal and external domains Other standardization and industry groups, such as ETSI TISPAN and the Multi Service Forum (MSF) specifiy very similar architectures but may have different names and descriptions for some of these functions. In addition, there are significant differences in Border architecture across the various versions of 3GPP IMS, each of which may need to be tested. Vendors may choose to integrate all of these components into a single device, but many are developing several SBC products that can function in a disaggregated manner to comply with IMS. In addition, many other non-SBC vendors are also adapting their gateway, signaling, softswitch, policy server, and access network control products to comply with these functions.

Figure 3 Distributed Border Control architecture in an IMS Environment

Hammer for SBC Testing Solutions

Hammer for SBC Testing solutions are used by Network Equipment Manufactures, Service Providers, and System Integration teams in a wide variety of test scenarios. The Hammer for SBC Test Solution includes: Hammer Call Generation of SIP, IMS SIP, MGCP, NCS, H.323, RTP/RTCP traffic while accurately emulating end-user device implementations and simulating a wide variety of end-user calling patterns Hammer Device Emulation of a wide variety of NGN and IMS infrastructure devices to create a simple, controlled test environment Hammer Network Impairment to replicate real-world WAN network conditions including bit error rates, dropped packets, jitter, and packet reordering Hammer Call Analyzer for diagnosing call/session flows issues including full protocol decodes cross-domain, multi-protocol call correlation enabling easy tracing of calls/sessions through the network

Figure 4 - SBC Testing Tools

Common Test Scenarios

Integrated/Autonomous SBC Testing Hammer Call Generation can be used for isolation testing of an SBC or end-to-end testing through an SBC. The Hammer Call Generator can simulate calls while mimicking the media and signaling characteristics of the private and/or public network with the same tool. Test options range from simple functional tests to advanced negative testing and high-end stress testing for simulating large-scale network scenarios. Figure 5 - Integrated SBC Testing Hammer Network Emulation can also be used to simulate WAN network conditions on either end of the call.

Border Element/Gateway Isolation Testing Border Elements and Gateways require a border control device or softswitch to function. In cases where it is not practical or economical to obtain one of these control devices, Hammer Device Emulation can be used to emulate the signaling from a H.248-based Border Controller or from an integrated SIP/H.248 Softswitch. The Hammer Device Emulator supports: Signaling connections across IPv4, IPv6, UDP, TCP, and TLS Supports registrar and authentication functionality Can establish hundreds of sessions per second in load mode Offers basic CLASS 5 features, and Much more.

Figure 6 - Border Element/Gateway Testing

Used in conjunction with Hammer Call Generation, the DUT can be completely surrounded for a true isolation test. Hammer Device Emulation also supports advanced negative testing, remote control, and automation.

IMS Test Scenarios

Access and Interconnect Border Gateway Function (A-BGF and I-BGF) Testing Hammer Device Emulation can be used in a similar manner as described in the Border Gateway Isolation Testing section to emulate H.248-based IMS infrastructure devices that control BGFs including IBCF, RACF, and PDF. Hammer Call Generation platforms fully support the IMS P-header extensions and message flows to SIP allowing for realistic IMS tests. This test setup allows for a wide variety of call flows: Between the trusted and untrusted networks; With signaling-only or signaling and media; Between IMS-based, RFC 3261 SIP-based, MGCP/NCSbased, and even H.323 based domains; and From access network to interconnect network and viceversa. Figure 7 IMS BGF Testing

All the Hammer Call Generation scenarios can be run simultaneously from the same tool and same interface. The Hammer Device Emulation elements can also be collocated in the same chassis.

Interconnect Border Control Function (IBCF) Testing IBCF devices control BGF devices, may receive signaling from an Interworking Function and must interact with CSCFs in the IMS core. Hammer Device Emulation can be used to emulate H.248-based BGFs. The same Device Emulation platform can also emulate CSCF interaction over the Mw interface. Hammer Call Generation can then be used to general signaling messages as if they were coming directly from the interconnecting network, traversing the IWF, and/or coming from the IMS core itself. Figure 8 - IMS IBCF Testing

This signaling-only test setup can be used for functional testing, negative testing, or load testing of the IBCF.

Interworking Function (IWF) / Signaling Manipulation Testing The Interworking Function (IWF) converts and corrects signaling from a peer network coming into an operators core network. The same Hammer Call Generation tool can be used as both the original and terminating nodes to verify the proper signaling changes. Numerous profiles can be run simulatenously, including IMS SIP, RFC 3261 SIP, H.323, and even MGCP, NCS, or Cisco Skinny. Each protocol can also be run with modified protocol state-machines for negative tests and to simulate proprietary vendor implementations. Figure 9 - IMS IWF Testing

Policy Decision Function (PDF) and Resource and Admission Control Function (RACF) Testing The Policy Decision Function (PDF) and Resource Admission Control Functions (RACF) coordinate policy infromation via the Diameter protocol and may control a BGF via H.248. Hammer Device Emulation can be used to emulate both the Diameter and H.248 interfaces in and out of the DUT. The Hammer Device Emulation includes a Diameter state-machine that can be modified to fit specific Gq/Gq implementations.

Figure 10 IMS RACF/PDF Testing

Features and Specifications

Hammer Call Generation
Signaling Protocols o Supports SIP UA, IMS SIP UE, MGCP, NCS, H.323, Ciscos SCCP (Skinny), QSIG, and Clear Channel (No Call Control) o Transport over UDP and TCP, IPv4 and IPv6, and TLS for secure transport o Unique endpoint emulation using IP address, MAC address, and VLAN tagging o Mixed protocol configurations supported o Highly configurable message content and sequence IMS UE Call Flow Support UE-initiated registration, re-registration, de-registration Network-initiated re-registration, de-registration Subscribes to registration state Call setup using precondition and release Call hold and resume Call modification Blind call transfer Media Capability o G.711 A/-law, G.723.1, G.726, G.729A, GSMAMR/EFR/FR, EVRC0, RFC 2833, and user-defined codecs for voice and tones o H.263 and MPEG4 pt2 codecs for video o T.38 Fax o Silence suppression detection using RFC 3389, G.723.1A, and G.729B o Multiple true voice and video clips o Reference-based voice quality using ITU-T P.862 (PESQ) to BTs PAMS o Non-reference-based voice quality using E-model (Rfactor) o Advanced speech recognition o Full RTP, Secure RTP (SRTP), and RTCP metrics for every call o Narrowband and Wideband codecs for media Scalability o Delivered in 4 to 32,000 endpoints for a single server o Scales to over 200,000 endpoints with use of Master/Mega-Controller for single point of control o Manage 20+ Hammer systems with single point of control from Mega-Controller

Hammer Device Emulation

Signaling Protocols o Supports SIP, MGCP, NCS, H.248 (ASCII/Binary), Diameter, Sigtran IUA and M3UA, H.323, and Ciscos SCCP (Skinny) o Transport Protocols: UDP, TCP and SCTP over IPv4 and IPv6 o Mixed-protocol configurations supported o Highly configurable message content and sequence o Flexible Protocol Dictionary ensures support for changes in Diameter specifications and allows for support of proprietary AVPs/Commands Real-Time Monitoring and Reporting o Real-time monitoring and reporting of statistics on the emulation o Statistics to be monitored can be set on a per emulation basis o Export data to other applications for customized user report Device Templates o IMS device templates available: BGF/C-BGF/I-BGF IBCF RACF/PDF CSCF IBGF P-CSCF o NGN device templates available: Integrated Border Controller and SIPSoftswitch Border Element Controller Border Element MGCP and NCS Call Agent o All device templates work out of the box and can be customized for specific test needs o New device templates can be created for specific devices

Hammer Signaling Editor

Customize Template Behavior and Message Content Flexible state based architecture provides comprehensive template customization capability Develop state machines to handle call flows specific to your applications and device under test Customize existing messages/calls flows or create your own Import messages from Hammer Call Analyzer

Hammer Call Analyzer

Trace signaling and correlate calls through multiple protocols in real-time, including SS7, TDM, and IP Automatically associate all messages across multiple domains of a call (including TDM/IP) by clicking on a message Display RTP and RTCP streams and RFC 2833 digits in call flows View quality metrics including R-factor, jitter, packet loss on individual streams Playback, analyze, and listen to streams with emulated jitter buffer Analyze Fax over IP (T.38) Measure Talker Echo (TELR) Monitor network traffic for specific events that will trigger a capture session Compatible with other pCap-based sniffers

Hammer Network Impairment

Create network profiles based on defined impairment parameters Refine IP groups based on IP addresses, ports, packet types, or packet attributes (ex. TOS, Diffserv, VLAN, MPLS, Pause Frame, Packet size) Assign unique network profiles to up to 32 unique network clouds per chassis VLAN, IPv4, IPv6 and jumbo packet support Packet modification - change a single bit, a sequence of bits, or up to 4 bytes with optional Ethernet or TCP CRC correction

Empirix is the leading provider of voice and Web application testing and monitoring solutions. For a complete list of offices worldwide, or to find an authorized distributor in your area, please visit 2008 Empirix. All rights reserved. All descriptions, specifications and prices are intended for general information only and are subject to change without notice. Some mentioned features are optional. All names, products, services, trademarks are used for identification purposes only and are the property of their respective organizations. LAB:OT:ANSBC: 0708