Admission Control in IP Multicast over Heterogeneous Access

Download Report

Transcript Admission Control in IP Multicast over Heterogeneous Access 

Admission Control in IP Multicast over
Heterogeneous Access Networks
Pedro Santos (PT Inovação)
António Pinto, Manuel Ricardo (INESC Porto)
Franscisco Fontes, Teresa Almeida (PT Inovação)
Portugal Telecom Inovação, S.A. / INESC Porto
Outline
• Introduction
• IP Multicast
• Reference Network Scenario
– UMTS / xDSL / WiMAX
• Proposed Solution
• Results
• Conclusions
March 16
NGMAST'08
2
Introduction
• The general goals of this project were:
– To design a solution capable of performing
• multicast receiver access control (e.g. TV channels)
• multicast sender access control (e.g. User generated content)
– ... in an heterogeneous access network scenario
– Implement a prototype for validation purposes
March 16
NGMAST'08
3
IP Multicast
• One data stream per group of receivers
– Packet replication done by network nodes
– Multicast groups represented by IP addresses
• (* ,G)  Any-Source Multicast (ASM)
• (S,G)  Source-Specific Multicast (SSM)
• Group management
– IPv4  Internet Group Management Protocol (IGMP)
– IPv6  Multicast Listener Discovery (MLD)
• Forwarding protocols
– Protocol Independent Multicast (PIM-SM/SSM/BiDir)
– Distance Vector Multicast Routing Protocol (DVMRP)
March 16
NGMAST'08
4
IP Multicast
March 16
NGMAST'08
5
IP Multicast
• IP Multicast  Open architecture
– Receivers are free to join any group
– Sources are free to transmit to any group
 Makes IP multicast-based commercial
services difficult to implement
• Solutions
– End-to-end encryption of data streams
– Control access to multicast sessions
March 16
NGMAST'08
6
Objectives
• IP multicast streaming over heterogeneous access
networks
– UMTS, xDSL, WiMAX
• Identify network nodes where to perform
– access control
– authorization
– resource management
• Support for multicast sources
– in the core network (known & authorized SP)
– in the access network (user generated content)
• Authentication, authorization and record of multicast
sessions
• Implement a prototype to validate the proposed solution
March 16
NGMAST'08
7
Reference Network Scenario
March 16
NGMAST'08
8
UMTS
• GGSN  Multicast router
• Native multicast support
– Multimedia Broadcast/Multicast Service (MBMS)
• New functional element (BM-SC)
• Inter-operable with IP Multicast (IGMP & IPv4 Class D)
• Only for downstream traffic
– The reference point from the content provider to the BMSC is not standardised by 3GPP in this release of the
specification.
“3GPP TS 23.246 v8.2.0”
March 16
NGMAST'08
9
xDSL
• BNG/BRAS  Multicast router
• DSL-Forum TR-101 – Two Connection types
– PPPoE
• Point-to-point connection CPE  BNG
• Packet replication done at the BNG
 Access control to multicast flows @ BNG
– IPoE
• Every network element performs packet replication
• L2 control over packet replication necessary at the DSLAM
 Access control to multicast flows @ BNG and DSLAM
March 16
NGMAST'08
10
WiMAX
• ASN-GW  Multicast router
• SS  ASN-GW connection
– Identified by a 16bit number (CID)
– Upstream unicast connections (exclusively)
– Downstream multicast connections possible (mCID) but...
• mCID are unidirectional in nature
• not fitted for power-conservative systems
• only efficient for large groups (nº of subscribed SSs)
 Access control to multicast flows @ ASN-GW
March 16
NGMAST'08
11
Proposed Solution
• User authentication
– Done at network attachment
• Access control done at the network access node
–
–
–
–
Members detection  IGMP messages
Sources detection  UDP multicast messages
Access Authorization  AAA server
Policy Enforcement  Access Control Lists (ACLs)
• Multicast profile per user/subscriber
• Multicast session id
– IP header  Source address (SA), destination address (DA)
– IGMP message  Group source address (GSA), group
destination address (GDA)
March 16
NGMAST'08
12
Multicast Control - MSC
March 16
NGMAST'08
13
Prototype (Multicast Controller)
March 16
NGMAST'08
14
Results
• Multicast controller basic functionalities
–
–
–
–
–
authenticated user detection/verification
detection of multicast join/leave messages
detection of multicast source transmissions
multicast authorization checks
multicast traffic filtering (according to authZ checks)
• Successful functional validation
– authorized/unauthorized group join request
– multicast transmission to an authorized/unauthorized group
– unauthorize a source/member after transmission/reception
has begun
• Processed up to 1250 IGMP requests/sec
March 16
NGMAST'08
15
Conclusions
• Multicast control done at access node
– GGSN (UMTS)
– BNG or BNG & DSLAM (xDSL)
– ASN-GW (WiMAX)
• Application & Network agnostic
–
–
–
–
No changes needed to applications or network protocols
Minimal user impact (only network elements are affected)
Access control done at network layer
... L2 control may be required (If L2 packet replication)
• Access control is subscriber “centric”
March 16
NGMAST'08
16
Questions
?
March 16
NGMAST'08
17