SS7 Signaling in PSTN

Signaling in Switched Circuit Networks

Switched circuit telephone networks use a signaling protocol called Common Channel Signaling System 7 (more commonly called SS7 or C7). For more information, refer to the SS7 tutorial on this site. In the public switched telephone network, signaling end points send and receive SS7 signaling messages. There are three kinds of signaling end points (see diagram below):

• Service Switching Point (SSP or central office switch)
• Signal Transfer Point (STP)
• Service Control Point (SCP)

In SS7 networks, ISUP (Integrated Services Digital Network (ISDN) User Part) signaling messages are used to setup, manage and release trunk circuits that carry voice calls between central office switches. ISUP messages also carry caller ID information, such as the calling party's telephone number and name. ISUP is used for both ISDN and non-ISDN calls between central office switches.

TCAP (Transaction Capabilities Application Part) signaling messages support telephony services, such as toll-free (freephone), calling card, local number portability and mobile (wireless) roaming and authentication services. Mobile services are enabled by information carried in the Mobile Application Part (MAP) of a TCAP message. TCAP supports non-circuit related information exchange between signaling points using the Signaling Connection Control Part (SCCP) connectionless service.

SS7 Signaling end points in a switched circuit network

Signaling in VoIP Networks

VoIP networks carry SS7-over-IP using protocols defined by Signaling Transport (sigtran) working group of the Internet Engineering Task Force (IETF), the international organization responsible for recommending Internet standards. The sigtran protocols support the stringent requirements for SS7/C7 signaling as defined by International Telecommunication Union (ITU) Telecommunication Standardization Sector.

In IP telephony networks, signaling information is exchanged between the following functional elements:

• Media Gateway: A media gateway terminates voice calls on inter-switch trunks from the public switched telephone network, compresses and packetizes the voice data, and delivers compressed voice packets to the IP network. For voice calls originating in an IP network, the media gateway performs these functions in reverse order. For ISDN calls from the PSTN, Q.931 signaling information is transported from the media gateway to the media gateway controller (described below) for call processing.
• Media Gateway Controller: A media gateway controller handles the registration and management of resources at the media gateway(s). A media gateway controller exchanges ISUP messages with central office switches via a signaling gateway (described below). Because vendors of media gateway controllers often use off-the-shelf computer platforms, a media gateway controller is sometimes called a softswitch.
• Signaling Gateway: A signaling gateway provides transparent interworking of signaling between switched circuit and IP networks. The signaling gateway may terminate SS7 signaling or translate and relay messages over an IP network to a media gateway controller or another signaling gateway. Because of its critical role in integrated voice networks, signaling gateways are often deployed in groups of two or more to ensure high availability.

A media gateway, signaling gateway or media gateway controller (softswitch) may be separate physical devices or integrated in any combination.

Example of a VoIP network configuration

Sigtran Protocols

The sigtran protocols specify the means by which SS7 messages can be reliably transported over IP networks. The architecture identifies two components: a common transport protocol for the SS7 protocol layer being carried and an adaptation module to emulate lower layers of the protocol. For example, if the native protocol is MTP (Message Transport Layer) Level 3, the sigtran protocols provide the equivalent functionality of MTP Level 2. If the native protocol is ISUP or SCCP, the sigtran protocols provide the same functionality as MTP Levels 2 and 3. If the native protocol is TCAP, the sigtran protocols provide the functionality of SCCP (connectionless classes) and MTP Levels 2 and 3.

The sigtran protocols provide all functionality needed to support SS7 signaling over IP networks, including:

• flow control
• in-sequence delivery of signaling messages within a single control stream
• identification of the originating and terminating signaling points
• identification of voice circuits
• error detection, retransmission and other error correcting procedures
• recovery from outages of components in the transit path
• controls to avoid congestion on the Internet
• detection of the status of peer entities (e.g., in service, out-of-service, etc.)
• support for security mechanisms to protect the integrity of the signaling information
• extensions to support security and future requirements

Restrictions imposed by narrowband SS7 networks, such as the need to segment and reassemble messages greater than 272 bytes, are not applicable to IP networks and therefore not supported by the sigtran protocols.
Performance Considerations for SS7 over IP

SS7 messages transported over IP networks must meet the stringent performance requirements imposed by both the ITU SS7/C7 standards and user expectations. For example, while the ITU standard specifies that the end-to-end call setup delay cannot exceed 20 to 30 seconds after the ISUP Initial Address Message (IAM) is transmitted, users have generally come to expect much faster response times. For this reason, VoIP networks must be engineered to satisfy user expectations and ITU standards for performance.
Security Requirements for SS7 over IP

If signaling messages are transported over a private intranet, security measures can be applied as deemed necessary by the network operator. For signaling messages transported over the public Internet, the use of security measures is mandatory.

Several security mechanisms are currently available for use in IP networks. For transmission of signaling information over the Internet, sigtran recommends the use of IPSEC (see RFC2401). IPSEC provides the following security services:

• Authentication: to ensure information is sent to/from a known and trusted partner
• Integrity: to ensure that the signaling information has not been modified in-transit
• Confidentiality: to ensure that the transported information is encrypted to avoid illegal use or violation of privacy laws
• Availability: to ensure communicating endpoints under attack remain in service for authorized use

The sigtran protocols do not define new security mechanisms as the currently available security protocols provide the necessary mechanisms for secure transmission of SS7 messages over IP networks.