This allows operators to screen some aspects of the session
information from competitors. For example, the operator may wish to ???hide??? the addresses
of other nodes within its network. This would prevent the other networks from
identifying the network topology.
Figure 2.3 The Breakout Gateway Control Function (BGCF)
MG MG
MGCF SIP call control
BGCF BGCF
IP network
MGCF
SIP
SIP SIP
SIP
Voice Voice
MG MG
MGCF
BGCF BGCF
IP network
MGCF
SIP
SIP SIP
SIP
Voice Voice
Network A
Network B
48 Chapter 2
The BGCF can also provide encryption for all outbound traffic. This is typically
achieved through the use of IPsec, where the message is encrypted and then placed
inside another packet for routing. The message is then sent from one network to the
destination network, encrypted and embedded within a normal signaling message. Also
referred to as tunneling, this prevents intermediary networks from discovering many
aspects of the network as well as the sessions themselves.
There is one caveat to tunneling: if you are monitoring traffic end-to-end within the
network, unless there is some means of capturing the cipher keys, you will be unable
to decrypt the message and monitor the traffic effectively.
In the IMS domain, it should be noted that the S-CSCF connects directly with the
BGCF for outbound signaling. If the S-CSCF has determined that a SIP message is to
be routed to another network, then the S-CSCF routes the SIP message directly to the
BGCF.
Pages:
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128