IMS Forum: The Voice of IP Convergence

IMS Plugfest 4: I would like to congratulate the participants in our IMS Plugfest 4 event. As announced at Spring VON, we saw the first successful IMS call between mobile UE (user equipment) devices and core network elements P-CSCF servers, S-CSCF, and HSS, all from separate vendors. Also,our Plugfest 4 was expanded to include billing interfaces for charging for IMS services. Tests included an IMS-compliant charging/billing system working with multiple network configurations, a major milestone for deployment-readiness.

IMS/NGN M-Play Plugfest 5: The Interoperability and Test Group started discussing the plans for Plugfest 5 which will take place on June 2-6, 2008 at the IMS Lab at UNH-IOL. During the next weeks will be sharing with you the details plans for Plugfest 5, which will be our first event addressing the IMS/NGN M-Play applications and services.

* The IMS/NGN Forum Plugfests, conducted every 3 to 4 months, bring together dozens of industry-leading vendors.

* Service Providers are using the IMS network to deliver customer-tailored secure NGN services anytime, anywhere.

* M-play enables personalized services for consumers using mobile and fixed Internet access to maintain constant connectivity.

Plugfest 4, which took place Feb. 25-29, 2008, took the IMS Forum's interoperability efforts to a new level of technological sophistication and immediate usefulness for service providers. Focusing for the first time on charging and billing interfaces-not to mention running two larger-scale networks simultaneously-the event continued the expansion of the scope of these important interoperability activities.

A milestone for this plugfest, held at the University of New Hampshire InterOperability Lab, was to provide multivendor, interoperable systems for rating and charging for network services by establishing interoperability among operation support systems (OSS) and business support systems (BSS). "The approach that we took for looking into OSS and BSS was that to examine the interfaces that are used to collect charging data about sessions and events from the network," says Lincoln Lavoie, vice-chair, Technical Working Group, IMS Forum. Unlike interoperability among applications, which the plugfests already have tested to some extent, "charging is a function where you collect data about what is going on in the network and generate billing records from that data. So, when referring to charging as a IMS application, I would caution that it is not like an [end-user] application that is using the network to deliver a specific service."

With interoperability established for many OSS and BSS systems, which are the keystones for producing revenue immediately from a network, IMS is truly "open for business," says Michael Khalilian, chairman and president, IMS Forum.

The operation of two large networks in the test environment significantly ramped up the scale of these activities. "In Plugfests 2 and 3 we started running multiple versions of [smaller] IMS networks in parallel focusing on multivendor interoperability in the core network and one application (service) at a time," said Lavoie. "In Plugfest 4, rather than running several smaller networks in parallel, we brought everything back together and ran two larger-scale networks in parallel testing the delivery of multiple services and features at the same time."

The effort to run two large networks simultaneously was a prelude to future, more ambitious, activities. "The biggest difference between these two networks was how they implemented authentication schemes," said Lavoie. "And we also were looking into the possibility of those two networks connecting."

One purpose of testing is to uncover interoperability issues among components of a network, saving network operators countless hours finding and solving nagging compatibility problems. This plugfest was no exception, highlighting compatibility issues for SIP user agents (UAs) and IMS UE (user equipment). "A SIP UA is not an IMS UE," says Lavoie, "and you can't take a straight SIP UA and plug it directly into an IMS network and expect it to work consistently."

What is needed, Lavoie suggests, is more education about the differences. "What is wrong is the UE providers' perspective of what IMS is and how SIP is used within the network. We have not done a good job of making people aware that there are key differences in the SIP requirements. The issue that we run into is not unclear documentation or standards. It is just lack of knowledge."

The forum already is working on Plugfest 5, tentatively scheduled for early June, and the date will be announced within the next couple of weeks.

IMS Forum Newsletter: What are some areas of IMS where you have found challenges for operators?

Adam P. Stein: For one of our Tier 1 service-provider customers, a cable operator, we worked with them to qualify a number of IMS products about to be deployed in their IMS core. One of them was SIP gateway using the DIAMETER protocol. With the gateway vendor's DIAMETER implementation the customer found numerous problems that would cause both costly downtime and customer churn. The gateway, when subjected to unanticipated input from the protocol-fuzzing engine, rolled over and the OSS billing database was completely exposed.

The issues Mu discovers are not just services going down or latency, but the core security of the service of the network behind it. If network elements and information are no longer protected, you probably want to know about it.

Mu offers more than 50 different protocol modules including a SIP-mutation module. Our SIP suite subjects a product under analysis to everything from buffer overflows to memory leaks to CPU utilization spikes to performance degradation and ultimately latency issues. Each incorrect response is monitored by the Mu appliance and documented, so they can be quickly fixed.

IMS: Are there any special IMS challenges or advantages?

AS: Yes. We see operators using IMS to provision a large number of services centrally that in the past have been deployed separately. That is a huge advantage for service providers to deploy multiple services over one architecture. IMS lowers operation costs and allows them to offer more services using less capital. IMS is a platform for provisioning many services concurrently at a lower cost.

The challenge that goes with that is how to make sure that it is practicable to avoid any downtime issues because of the reliability and security of those services. That's because now, it is not just one service that might be going down with IMS, but many.

IMS: I have heard of situations, such as codec incompatibilities, that can be very sensitive

AS: Yes. An operator may have tested something during purchase, but every network's fingerprint is unique. Operators using a Mu system for service-assurance testing may find a particular codec's latency is unacceptable compared to specifications promised by a vendor's data sheet. Until the operator tests a vendor-specific implementation against their network setting, they simply won't know.

With Mu you can analyze structured communication schema using the protocol-fuzzing engine. It provides an automated and repeatable process to ensure maximum IMS service availability.

It is even more applicable to operators and their network vendors. Codecs are one type of application, but, where Mu really shines is on the protocol side. Whether an operator is working on products in the IMS core or service layers, our approach offers comprehensive analysis. For example, in an IMS core operators can ensure the reliability of their SIP servers or in the service layer make sure their application servers are secure. Mu helps operators detail the interconnected and dependent layers of their IMS architecture.

IMS: Will service providers offer multiple services themselves or just enable them?

AS: What we are seeing is that IMS offers application options. In the Bay Area where I live, there are many wireless service provider choices, but there are only two providers that offer triple-play services. In Europe or Asia, in contrast, it is a horn of plenty of triple- or quad-play services from multiple providers. When there are more than two, the duopoly is gone, and pricing and the variety of applications multiply. You can get all your services from one operator or you can pick what think are the best of breed from different vendors and aggregate them yourself. But, the service provider ultimately gets more choice of applications with real-time IP services.

IMS: Tell me about your products, especially what is Mu's "Security Analyzer and integrated fuzzer engine" system?

AS: Mu today offers an appliance that includes a protocol-fuzzing engine. It generates so-called "unanticipated input." When vendors develop a product for IMS networks, their network-operator customers want to know how it responds to unanticipated input to minimize revenue loss from downtime and customer churn. Any unexpected weaknesses, not only to malicious input, but also if some product feature malfunctions might cause the operator's network to go down.

Many operator network outages, whether caused by misconfigured products or even power failures, can be discovered in an IMS environment. If a product is going to be fragile, you want to identify the root cause behind it going down hard, or, in latency-sensitive applications such as VoIP, what is affecting user quality. The Mu system automates the ability to pinpoint and document these issues ahead of time.

IMS: How are you different from a session border controller?

AS: Mu has SBC vendors as customers. SBC vendors use Mu to validate that they are reliable and secure against malicious and unexpected traffic. For example, dropping a SIP phone and flooding the network with SIP INVITEs. One Mu product module covers protocol mutations, a second contains more than 1,000 known vulnerabilities, another focuses on software as a service and others will deal with issues, such as denial-of-service (DoS) attacks. Operators and their suppliers use Mu to protect their assets from the unexpected traffic, a perfect storm. Understanding how your network and unique product setting respond is critical, because measuring sheer performance or throughput is increasingly meaningless.

Having the opportunity to work with IMS vendors is a primary reason behind Mu's continued involvement in IMS plugfests. Moving beyond interconnectivity and interoperability is critical for IMS deployment success.

To this end, we just finished working with the IMS Forum on publishing a new white paper ("Building Reliable, Available and Secure Service Provider IMS Networks") to discuss the baseline required for reliable and secure service-provider networks. How should IMS product deployment and development life cycle be made more secure? What factors should operators and vendors consider and what things they have to reference, such as SBCs, when thinking about reliability.

IMS: Many operators and vendors are concerned about whether malware would overwhelm their networks.

AS: We look at everything from layer 2 to layer 7 with our stateful and dynamic analysis, as well as the IMS control plane and also the transport layer. This is important as many vendors, when building high-quality products, don't adequately separate out the control plane, the data (application) plane and the transport plane. This makes malformed traffic, intentional or innocent, extremely damaging to product resiliency and network uptime.

AT&T and Verizon offer quad plays in the United States and so does Comcast. So actually we are seeing the start of more competition opportunities, and all can be provisioned off an IMS architecture. It has to be reliable, though, or the potential for revenue loss also multiplies. Rather than running three networks, operators use one and realize lower operation costs - but offer the same reliability or better. Mu is valuable here to ensure the operator's network is not adversely affected due to reliability, availability or security weaknesses that often arrive in unexpected traffic. We can measure their service assurance risks and baseline it. When we baseline it, operators compare real life bench marking in their labs. They can also compare product A to C before purchasing - we have a few customers doing that today.

We work with more than one-third of major service providers today. And that is unique, for a company this size--just 52 people--to serve this many customers in just two years time. And we serve numerous IP service product vendor customers too in Asia, Europe and North America.

Using Mu, a service provider accurately works with a vendor to "trust, but verify" products before deployment in their network. Operators use a security analysis system eliminating the need for vendors to recreate their problems in QA two months later. Mu documents the problem so vendors have an actionable set of information about what went wrong, and what needs be fixed.

Manufacturers use Mu products throughout their secure development life cycle (SDLC) and integrate it into their field development schedule. This is far more cost effective than fixing a reported problem in the middle of a deployment (NIST and NSP Partners state such changes can be 10 times more expensive). A customer might buy another session border controller because it costs too much to get yours fixed and the competitor's product is higher quality.

If a service provider is deploying multiple services on an IMS platform, they want to be sure, like the mainframes in the 1970s, that it has the highest reliability, availability and security. That is what we call service assurance.

IMS: Service assurance is the key?

AS: Yes. With new technology, like IMS, operators want to know costly downtime or customer churn is avoided. The NSP study on TCO/ROI of Security Analysis details this issue. An outage can cost hundreds of thousands per hour, not to mention the customer churn issue. IMS is a great technology, but it is also a service that has to run at the highest possible availability. If that architecture is down or there are latency issues, operators have, not only the cost of the downtime, but there is the cost of customer churn. Mu helps prevent unforeseen issues from adversely impacting the operator.

Adam Stein, vice president of marketing at Mu Security Inc., has more than 20 years of marketing expertise focused on hardware for networking and security, software and silicon. He previously led global marketing programs at UTM network security innovator Fortinet. Stein also has led outbound marketing for Cisco Systems Inc., Juniper Networks Inc., Broadcom Corp. and Foundry Networks Inc. Stein has a M.A. in Marketing from Emerson College and B.A. in Sciences from the University of Colorado at Boulder.

Mobile operators are poised to reap a $300 billion windfall by deploying IMS services, according to a study, ""IMS Core Networks: A Dynamic Service-Based Architecture," just announced by ABI Research.

According to ABI, operators, such as Sprint Corp., Verizon Communications Inc. and BT Group, will deploy IMS "in a quickening tempo" starting this 2008.

IMS will break out of the fixed-line network arena, which until recently have dominated deployments, and into the mobile arena because operators, both fixed and wireless, are beginning to lose revenue from traditional sources, the report says, pointing out that several major wireless providers, such as AT&T Inc. and Sprint, have had to offer flat-rate services because of customer churn.

"Now [IMS] is essential to the success of mobile and fixed operators," because "IMS enables rapid development and deployment of new services," the study offers.

An interesting sideline to these developments is that some service providers, specifically Verizon and BT, are encouraging service development by offering "an open IMS interface" that allows third-party developers an easy way to access their networks, thus encouraging the creation of new applications. "This means faster testing and deployment of services, which will be critical to their success," the study says.

IMS had "a good year" for equipment sales, according to Infonetics Research Inc., the market research firm known for its reliable number crunching. The market for IMS core equipment nearly doubled in 2007 over 2006. Infonetics did not release absolute numbers, which likely remain relatively low.

Infonetics' IMS core equipment category is narrowly defined and includes home location registers (HLRs) and devices performing the call session control function (CSCFs). Stephane Teral, principal analyst for VoIP and IMS, Infonetics Research, said the narrow definition used by the research firm for IMS equipment does not include devices, such as session border controllers, because are not included in IMS interfaces. "They are very specific because it is a standard."

The overall market trends appear positive, with Infonetics predicting growth of more than 25 percent annually through 2011 for the segment, which, besides IMS core equipment, includes session border controllers, softswitches and voice application servers.

Beijing Netcom, a branch of China Netcom and the official fixed-telecom service partner for the Beijing 2008 Olympic Games, will use an IMS (IP Multimedia Subsystem) platform by Ericsson to enable personal multimedia communication at the games.

Called the Command Supporting System (CSS), the Ericsson system includes video conferencing, call center operations and a click-to-dial function. The CSS helps Beijing Netcom optimize its current operation and will strengthen its existing telecom command system to perform in the highly demanding environment of an ongoing Olympic Games.

This agreement with Ericsson is an extension of a contract signed earlier between Ericsson and Beijing Netcom to build the first commercial IMS network in China.

The system, which will span the six Olympic Games cities in China, will support the transmission of voice, text, pictures and video over an IP network for attendees, competitors, officials and press at the games. Beijing Netcom has begun deployment already and is planning to complete it this month.

The IMS Forum's active pace of speaking at and participating in several upcoming industry events worldwide continues.

• March 17- 20: Spring VON.x, San Jose, CA
  
  • Plugfest IV participants and the IMS Forum will announce results from Plugfest IV
• March 17-21: VoiceCon, Orlando, FL
  
  • Global Multimedia Services: Unified Communications, IMS and SIP
• Mar. 31 - Apr. 3: CTIA Wireless 2008, Las Vegas Convention Center, Las Vegas, Nevada
  • Service Platforms - how IMS and SDP Underpin Converged Services
• Apr. 22 - 24: IMS 2.0 World Forum, Convention Centre, Paris, France
  
  • Pre-conference workshop, led by Scott Poretsky, on Apr. 21, 10:30 a.m. - 6:30 p.m., on "Policy Decision and Enforcement to Deliver IMS Services"
  • Session presenters include: Ron Gruia, Frost and Sullivan; Hila Dahan, IP Gallery; Anantha Ramu, Acision; Adi Paz, Radvision; John DiPietro, Starent Networks; Bruce Perlmutter, Sonus Networks; Travis Russell, Tekelec; Kushanava Laha, Aricent; Deepak Wadhwa, Continuous Computing; Ranjith Mukundan, Wipro; Jerome Sicard, Hewlett-Packard; Brian Foskett, Mavenir
  • Keynote session on Apr. 24, "Exploring the Imperative to Invest in NGNs and Challenging Perceptions About the Extent to Which IMS is Central to NGN Architecture Strategies"
• May 13 - 15, 2008: ISPCON, Chicago, IL
• May 13 - 15: Informa Telecoms and Media IMS Asia 2008, Singapore, Speaker TBD
• May 18 - 20, NCTA Cable Show ‘08, New Orleans
• May 18 -22: TM Forum Management World 2008, Acropolis Congress and Exposition Center, Nice, France
• Jun. 16 - 19: NXTcomm, Las Vegas, Nevada (IMSF member meetings & election)
• Sep. 9 - 12: Internet Telephony Fall, Los Angeles, CA
• Sep. 10 - 12: CTIA Wireless IT and Entertainment , San Francisco
• Sep. 30 - Oct. 2: WiMAX World Series, Chicago, IL
• Oct. 21 - 23: Mobile Internet World, Boston, MA
• Oct. 27 - 30: Fall VON, Boston, MA
• Nov. 10 - 13: TelcoTV, Anaheim Convention Center, Orange County, Calif.

SPONSORED EVENTS

Paris, Marriott Rive Gauche Hotel & Conference Center 22-24 April 2008

The IMS/NGN Forum provides the following services:

• Interoperability testing; the fastest industry events, IMS/NGN plugfest are conducted every 3-4 months allowing companies to develop, test and launch IMS products at the speed of the Internet.
• M-Play, our new marketing initiative pushing IMS/NGN services and applications in the mass media. We are currently developing this initiative to help IMS/NGN Forum members with branding their IMS products.
• Best practices, architecture and technical documents enable our members to become thought leaders and contribute to the industry.
• The IMS forum operates an unique community of over 650 people from wireless, wireline and cable service providers, OEMs, system integrators, consultants and marketing people.
• The forum and its members participated in over 100 press and media events in 2007, and in 15 major IMS conferences sponsored by the IMS/NGN Forum.

Please contact us at info(at)imsforum.org for more info.