1、UNIT22 NGN network 22-1 Technical Part22-2 Reading Material 22-1 Technical Part 22-1-1 Definition Next-generation network(NGN)is a broad term used to describe key architectural evolutions in telecommunication core and access networks.The general idea behind the NGN is that one network transports all
2、 information and services(voice,data,and all sorts of media such as video)by encapsulating these into packets,similar to those used on the Internet.NGNs are commonly built around the Internet Protocol,and therefore the term all IP is also sometimes used to describe the transformation toward NGN.22-1
3、-2 Introductions Next-generation network(NGN)is a packet-based network which can provide services including Telecommunication Services and able to make use of multiple broadband,quality of Service-enabled transport technologies and in which service-related functions are independent from underlying t
4、ransport-related technologies.It offers unrestricted access by users to different service providers.It supports generalized mobility which will allow consistent and ubiquitous provision of services to users.From a practical perspective,NGN involves three main architectural changes that need to be lo
5、oked at separately:1.Core networkIn the core network,NGN implies a consolidation of several(dedicated or overlay)transport networks each historically built for a different service into one core transport network(often based on IP and Ethernet).It implies amongst others the migration of voice from a
6、circuit-switched architecture(PSTN)to VoIP,and also migration of legacy services such as X.25,frame relay(either commercial migration of the customer to a new service like IP VPN,or technical emigration by emulation of the“legacy service”on the NGN).2.Access networkIn the wired access network,NGN im
7、plies the migration from the dual system of legacy voice next to xDSL setup in local exchanges to a converged setup in which the DSLAMs integrate voice ports or VoIP,making it possible to remove the voice switching infrastructure from the exchange.In the cable access network,NGN convergence implies
8、migration of constant bit rate voice to CableLabs PacketCable standards that provide VoIP and SIP services.Both services ride over DOCSIS as the cable data layer standard.In an NGN,there is a more defined separation between the transport(connectivity)portion of the network and the services that run
9、on top of that transport.This means that whenever a provider wants to enable a new service,they can do so by defining it directly at the service layer without considering the transport layer i.e.services are independent of transport details.Increasingly applications,including voice,tend to be indepe
10、ndent of the access network and will reside more on end-user devices(phone,PC,set-top box).3.H.323Next-generation networks are based on Internet technologies including Internet Protocol(IP)and multiprotocol label switching(MPLS).At the application level,Session Initiation Protocol(SIP)seems to be ta
11、king over from ITU-T H.323.Initially H.323 was the most popular protocol,though its popularity decreased in the“local loop”due to its original poor traversal of network address translation(NAT)and firewalls.For this reason as domestic VoIP services have been developed,SIP has been more widely adopte
12、d.However in voice networks where everything is under the control of the network operator or telco,many of the largest carriers use H.323 as the protocol of choice in their core backbones.So really SIP is a useful tool for the“local loop”and H.323 is like the“fiber backbone”.With the most recent cha
13、nges introduced for H.323,it is now possible for H.323 devices to easily and consistently traverse NAT and firewall devices,opening up the possibility that H.323 may again be looked upon more favorably in cases where such devices encumbered its use previously.Nonetheless,most of the telcos are exten
14、sively researching and supporting IP Multimedia Subsystem(IMS),which gives SIP a major chance of being the most widely adopted protocol.4.VoIPFor voice applications one of the most important devices in NGN is a Softswitch a programmable device that controls Voice over IP(VoIP)calls.It enables correc
15、t integration of different protocols within NGN.The most important function of the Softswitch is creating the interface to the existing telephone network,PSTN,through Signalling Gateways and Media Gateways.However,the Softswitch as a term may be defined differently by the different equipment manufac
16、turers and have somewhat different functions.Below Figure 22-1 shows the IMS network solution for PSTN service.One may quite often find the term Gatekeeper in NGN literature.This was originally a VoIP device,which converted(using gateways)voice and data from their analog or digital switched-circuit
17、form(PSTN,SS7)to the packet-based one(IP).It controlled one or more gateways.As soon as this kind of device started using the Media Gateway Control Protocol,the name was changed to Media Gateway Controller(MGC).A Call Agent is a general name for devices/systems controlling calls.Figure 22-1 IMS netw
18、ork solution for PSTN service5.IP MultimediaThe IP Multimedia Subsystem(IMS)is a standardised NGN architecture for an Internet media-services capability defined by the European Telecommunications Standards Institute(ETSI)and the 3rd Generation Partnership Project(3GPP).Below Figure 22-2 shows commun
19、ication application of web 2.0 style.Figure 22-2 Web 2.0 style communication and community network22-1-3 Application Case or Example 1.CASE 1:Application in IPV6IPV6 is one of applications of NGN,which is revision of the Internet Protocol(IP)developed by the Internet Engineering Task Force(IETF).IPv
20、6 is intended to succeed IPv4,which is the dominant communications protocol for most Internet traffic as of 2012.IPv6 was developed to deal with the long-anticipated problem of IPv4 running out of addresses.IPv6 implements a new addressing system that allows for far more addresses to be assigned tha
21、n with IPv4.Each device on the Internet,such as a computer or mobile telephone,must be assigned an IP address in order to communicate with other devices.With the ever-increasing number of new devices being connected to the Internet,there is a need for more addresses than IPv4 can accommodate.IPv6 us
22、es 128-bit addresses,allowing for 2128,or approximately 3.41038 addresses.IPv4 uses 32-bit addresses,allowing for only 4,294,967,296 unique addresses worldwide.IPv6 addresses,as commonly displayed to users,consist of eight groups of four hexadecimal digits separated by colons,for example 2001:0db8:8
23、5a3:0042:0000:8a2e:0370:7334.The deployment of IPv6 is accelerating,with a World IPv6 Launch having taken place on 6 June 2012,in which major internet service providers,especially in countries that had been lagging in IPv6 adoption,deployed IPv6 addresses to portions of their users.Data from Arbor N
24、etworks showed a peak of 0.2%of Internet traffic on IPv6 during the launch.2.CASE 2:Application in VOIPIf youve never heard of VoIP,get ready to change the way you think about long-distance phone calls.VoIP,or Voice over Internet Protocol,is a method for taking analog audio signals,like the kind you
25、 hear when you talk on the phone,and turning them into digital data that can be transmitted over the Internet.VoIP is a revolutionary technology that has the potential to completely rework the worlds phone systems.VoIP providers like Vonage have already been around for a while and are growing steadi
26、ly.The interesting thing about VoIP is that there is not just one way to place a call.There are three different“flavors”of VoIP service in common use today:ATA:The simplest and most common way is through the use of a device called an ATA(analog telephone adaptor).The ATA allows you to connect a stan
27、dard phone to your computer or your Internet connection for use with VoIP.The ATA is an analog-to-digital converter.It takes the analog signal from your traditional phone and converts it into digital data for transmission over the Internet.Providers like Vonage and AT&T CallVantage are bundling ATAs
28、 free with their service.You simply crack the ATA out of the box,plug the cable from your phone that would normally go in the wall socket into the ATA,and youre ready to make VoIP calls.IP Phones:These specialized phones look just like normal phones with a handset,cradle and buttons.But instead of h
29、aving the standard RJ-11 phone connectors,IP phones have an RJ-45 Ethernet connector.IP phones connect directly to your router and have all the hardware and software necessary right onboard to handle the IP call.Wi-Fi phones allow subscribing callers to make VoIP calls from any Wi-Fi hot spot.Comput
30、er-to-computer:This is certainly the easiest way to use VoIP.You dont even have to pay for long-distance calls.There are several companies offering free or very low-cost software that you can use for this type of VoIP.All you need is the software,a microphone,speakers,a sound card and an Internet co
31、nnection,preferably a fast one like you would get through a cable or DSL modem.Except for your normal monthly ISP fee,there is usually no charge for computer-to-computer calls,no matter the distance.The below Figure 22-3 is the VOIP network architecture.Figure 22-3 VOIP network architecture 22-2 Rea
32、ding Material 22-2-1 Reading Comprehension Securing VoIPVoIP telephone systems are susceptible to attacks as any other Internet-connected devices.This means that hackers who know about these vulnerabilities(such as insecure passwords)can institute denial-of-service attacks,harvest customer data,reco
33、rd conversations and break into voice mailboxes.Another challenge is routing VoIP traffic through firewalls and network address translators.Private Session Border Controllers are used along with firewalls to enable VoIP calls to and from protected networks.For example,Skype uses a proprietary protoc
34、ol to route calls through other Skype peers on the network,allowing it to traverse symmetric NATs and firewalls.Other methods to traverse NATs involve using protocols such as STUN or Interactive Connectivity Establishment(ICE).Many consumer VoIP solutions do not support encryption,although having a
35、secure phone is much easier to implement with VoIP than traditional phone lines.As a result,it is relatively easy to eavesdrop on VoIP calls and even change their content.An attacker with a packet sniffer could intercept your VoIP calls if you are not on a secure VLAN.However,physical security of th
36、e switches within an enterprise and the facility security provided by ISPs make packet capture less of a problem than originally foreseen.Further research has shown that tapping into a fiber optic network without detection is difficult if not impossible.This means that once a voice packet is within
37、the Internet backbone it is relatively safe from interception.There are open source solutions,such as Wireshark,that facilitate sniffing of VoIP conversations.Securing the content of conversations from malicious observers requires encryption and cryptographic authentication which is sometimes diffic
38、ult to find at a consumer level.The existing security standard Secure Real-time Transport Protocol(SRTP)and the new ZRTP protocol are available on Analog Telephone Adapters(ATAs)as well as various softphones.It is possible to use IPsec to secure P2P VoIP by using opportunistic encryption.In 2005,Sky
39、pe invited a researcher,Dr Tom Berson,to assess the security of the Skype software,and his conclusions are available in a published report.To prevent the above security concerns government and military organizations are using voice over secure IP(VoSIP),secure voice over IP(SVoIP),and secure voice o
40、ver secure IP(SVoSIP)to protect confidential and classified VoIP communications.Secure voice over secure IP is accomplished by encrypting VoIP with protocols such as SRTP or ZRTP.Secure voice over IP is accomplished by using Type 1 encryption on a classified network,like SIPRNet.Public Secure VoIP i
41、s also available with free GNU programs and in many popular commercial VoIP programs via libraries such as ZRTP.Words&Expressionssecuring adj.固定住的;作为固定用的 v.保卫;弄牢固(secure的ing形式)susceptible adj.易受影响的;易感动的;容许的vulnerabilities n.易损性;弱点insecure adj.不安全的;不稳定的;不牢靠的institute vt.开始(调查);制定;创立;提起(诉讼)firewall n.
42、防火墙skype n.网络电话(一个网络语音沟通工具)proprietary adj.所有的;专利的;私人拥有的symmetric adj.对称的;匀称的encryption n.加密;加密术implement vt.实施,执行;实现,使生效eavesdrop vi.偷听,窃听sniffer n.嗅探器;嗅探犬;以鼻吸毒者intercept vt.拦截;截断;窃听enterprise n.企业;事业;进取心;事业心facility n.设施;设备;容易;灵巧capture vt.俘获;夺得 n.捕获;战利品,俘虏backbone n.支柱;计主干网;决心,毅力;脊椎malicious adj.
43、恶意的;恶毒的;蓄意的;怀恨的cryptographic adj.关于暗号的,用密码写的authenticate vt.鉴定;证明是真实的protocol n.协议;草案;礼仪opportunistic adj.机会主义的;投机取巧的22-2-2 Exercises I.Multiple Choices.1.Hackers who know about these vulnerabilities(such asinsecure passwords)can _.A.institute denial-of-service attacksB.harvest customer dataC.record
44、 conversationsD.break into voice mailboxes2.If you are not on a secure VLAN,an attacker with a packet sniffer could intercept your _.A.VoIP callsB.SkypeC.EmailsD.VoIP calls and Skype3.To protect confidential and classified VoIP communications,military organizations use _.A.SRTP or ZRTPB.voice over s
45、ecure IP(VoSIP)C.secure voice over IP(SVoIP)D.secure voice over secure IP(SVoSIP)4.Which of the below description of securing VoIP is NOT CORRECT according the passage?A.VoIP telephone systems are susceptible to attacksas are any Internet-connected devices.B.Private Session Border Controllers are us
46、ed along with firewalls to disenable VoIP calls to and from protected networks.C.Many consumer VoIP solutions do not support encryption,although having a secure phone is much easier to implement with VoIP than traditional phone lines.D.it is relatively easy to eavesdrop on VoIP callsand even change
47、their content.5.Which of the below description is NOT CORRECT according the passage?A.Further research has shown that tapping into a fiber optic network without detection is difficult if not impossible.B.Securing the content of conversations from malicious observers requires encryption and cryptogra
48、phic authentication which is sometimes difficult to find at a consumer level.C.It is impossible to use IPsec to secure P2PVoIP by using opportunistic encryption.D.Secure voice over IP is accomplished by using Type 1 encryption on a classified network like SIPRNet.II.Read&Translate.1.This means that
49、hackers who know about these vulnerabilities(such as insecure passwords)can institute denial-of-service attacks,harvest customer data,record conversations and break into voice mailboxes.2.For example,Skype uses a proprietary protocol to route calls through other Skype peers on the network,allowing i
50、t to traverse symmetric NATs and firewalls.3.There are open source solutions,such as Wireshark,that facilitate sniffing of VoIP conversation.4.Securing the content of conversations from malicious observers requires encryption and cryptographic authentication which is sometimes difficult to find at a
