VoLTE - Delivering Reliable and Secure Mobile VoIP

Virtualization Reality

VoLTE - Delivering Reliable and Secure Mobile VoIP

By Frank Yue, Technical Marketing Manager  |  January 16, 2014

Mobile service providers have been building and deploying 4G LTE (News - Alert) networks at a rapid pace. Currently, there are more than 200 LTE networks worldwide, and the number continues to grow. Part of the LTE standard calls for a packet-based infrastructure using the IP protocol. Traditionally, mobile voice calls have been circuit switched. In the LTE architecture, it is expected for voice calls to be carried over the packet-based network.  Despite all that, there are less than a handful of providers delivering voice over LTE services today.

Communications service providers have taken a conservative approach toward delivering advanced voice services in the new LTE networks. They are primarily deploying circuit-switched fallback technologies to maintain their existing voice services as they work to design a resilient infrastructure to support VoLTE calls. This gives the CSPs time to properly architect and deploy the IP multimedia subsystem, which unifies and manages the delivery of multimedia content through the LTE network including voice services.

Reliability and Scalability

The IMS infrastructure depends on two key signaling protocols, Diameter and SIP, to connect and deliver multimedia content. In the IP network, the number of messages generated by these protocols is much larger than the earlier circuit-switched networks. A reliable and scalable network is needed to effectively process Diameter and SIP messages, which are essential for VoLTE and other multimedia services. Traditional data center technologies and architectures need to be implemented within the IMS network.  Load balancing, global availability through intelligent DNS, and service virtualization via SDN and NFV are all components key to a robust IMS network.

The network also needs to deliver the voice communications between the two or more peers. This real-time content needs to be delivered with the appropriate latency and QoS expectations subscribers have experienced with traditional circuit-switched voice calls.  The SGi portion of the LTE network must have the ability to manage the data and apply performance-based policies such as QoS marking. This needs to be based on the requirements of the application and subscribers associated with the session.

Security

Security becomes a critical concern in the IMS designs because of the all-IP nature of LTE networks. CSPs need to be concerned with the vulnerable nature of IP networks.  The CSP (News - Alert) is expected to deliver reliable voice services to customers. There is a potential for services to be affected by a DDoS attack since third-party applications can generate signaling messages in the IMS network. By overwhelming IMS services, a DDoS attack can disable the ability to connect VoLTE calls along with other multimedia services. The attack can be malicious in nature or the side effect of poorly written applications.

Diameter and SIP signaling message validation is necessary at key points in the network to protect against these attacks.

Another security threat is the potential for a malicious entity to access sensitive content.  Subscriber profiles including contact and billing information may be available from the HSS and PCRF with a properly formatted request. With the introduction of the IMS component of LTE networks and SIP messaging, it is now possible for a third-party application on a subscriber-controlled device, such as a mobile smartphone, to directly generate SIP messages that propagate through the IMS network. This is a new concern for the control plane portion of the mobile network, which has traditionally been private.  Proper security services will need to be deployed at key entry points in this new network architecture to screen messages and validate their content.

Reward at the end

As one can see with the discussed issues, it is easy to understand why the CSPs are taking their time to migrate to VoLTE. Eventually, all LTE networks will utilize VoLTE services because it makes sense. Circuit switching equipment can be eliminated. The entire mobile network will be packet-based IP. This means there will be a common unified architecture for CSPs to manage and maintain. The promise of LTE is an intelligent subscriber-aware and policy-aware network that delivers services in a consistent manner. VoLTE is the enablement of that vision for voice services.

Frank Yue is technical marketing manager with F5 Networks (News - Alert) (www.f5networks.com).


Frank Yue is the Technical Marketing Manager for the Service Provider vertical at F5 Networks. Mr. Yue has over 15 years of experience building large-scale networks and working with high performance application technologies, including deep packet inspection, network security, and application delivery. He is based in North Carolina and is a scuba diving instructor in his spare time.

Edited by Stefania Viscusi