|
Why Topology Hiding:
The SE2600 is deployed at the edge of the public network and private network to isolate the two networks. The deployment prevents the exposure of the core network topology to the UE and prevents the exposure of the UEs network topology to the core network device. Topology hiding is specific to the IP layer, UDP/TCP layer, and signaling layer. The SE2600 replaces the UE address with the core-side address (the server address) and the core network device address with the access-side address (the client address) to protect information about the core network.
Function Description:
At the IP layer and UDP/TCP layer, the SE2600 supports the network address port translation (NAPT) function. With this function, the SE2600 hides the IP address + port of the core network device from the UE and hides the IP address + port of the UE from the core network device. At the signaling layer, the SE2600 mainly hides the following information: - The basic topology hiding function enables the SE2600 to hide network topology information in the From, To, Via, Contact, Call-ID, Route, Record-Route, Refer-To, and Replaces headers and Request-URI of signaling packets. The enhanced topology hiding function enables the SE2600 to hide network topology information in the Call-ID, From-tag, To-tag, and Branch-ID parameters of signaling packets.
- The SE2600 can hide network topology information in c=, m=, o=, and s= lines of SDP information.
Information about an example INVITE message originating from a UE is as follows: INVITE sip:2018665106@190.17.12.56 SIP/2.0 From: <sip:6665106@190.17.12.56>;tag=1c3e5f2d To: <sip:2018665106@190.17.12.56> CSeq: 3 INVITE Call-ID: 3c1d9baaef46f010fbd483b191ed4ba3 Via: SIP/2.0/UDP 190.20.12.188:5060;branch=z9hG4bK0fbd26f01 Contact: <sip:6665106@190.20.12.188> Max-Forwards: 70 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REGISTER, PRACK, UPDATE, INFO Content-Length: 169 Content-Type:application/sdp v=0 o=Huawei 27464 01277215356 IN IP4 190.20.12.188 s=Sip Call c=IN IP4 190.20.12.188 t=0 0 m=audio 3334 RTP/AVP 8 0 a=rtpmap:8 PCMA/8000 a=rtpmap:0 PCMU/8000 -
-
After processing this packet, the SE2600 constructs a new INVITE message and hides the network topology information. See the IP address and port in the headers and those in SDP information, as shown below. INVITE sip:2018665106@190.17.254.10 SIP/2.0 Via: SIP/2.0/UDP 190.17.12.46:10033;branch=z9hG4bK0fbd26f01 Call-ID: asbc3c1d9baaef46f010fbd483b191ed4ba3 From: <sip:6665106@190.17.254.10>;tag=sbc05061c3e5f2d To: <sip:2018665106@190.17.254.10> CSeq: 3 INVITE Contact: <sip:6665106@190.17.12.46:10033> Max-Forwards: 70 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REGISTER, PRACK, UPDATE, INFO Content-Length: 165 Content-Type:application/sdp v=0 o=- 27464 01277215356 IN IP4 190.17.12.146 s=SBC call c=IN IP4 190.17.12.146 t=0 0 m=audio 10034 RTP/AVP 8 0 a=rtpmap:8 PCMA/8000 a=rtpmap:0 PCMU/8000 - The SE2600 can be configured to replace the IP addresses in the From, To, Referred-By, P-Preferred-ID, P-Called-Party-ID, Route, and P-Asserted-ID headers and Request-URI with a specified domain name.
Information about an example INVITE message originating from a UE is as follows: INVITE sip:2018665106@190.17.12.56 SIP/2.0 From: <sip:6665106@190.17.12.56>;tag=2a6bc27c To: <sip:2018665106@190.17.12.56> CSeq: 5 INVITE Call-ID: 483b191ed4ba33@190.20.12.188 Via: SIP/2.0/UDP 190.20.12.188:5060;branch=z9hG4bK6f010fbd2 Contact: <sip:6665106@190.20.12.188> Max-Forwards: 70 P-Asserted-Identity: <sip:6665106@190.17.12.56> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REGISTER, PRACK, UPDATE, INFO Content-Length: 169 Content-Type:application/sdp ...... The SE2600 replaces the IP address of this packet with domain name sbctest.com. The packet information is as follows: INVITE sip:2018665106@sbctest.com SIP/2.0 From: <sip:6665106@sbctest.com>;tag=sbc0507sbcthLNQaZHlxaAx To: <sip:2018665106@sbctest.com> CSeq: 5 INVITE Call-ID: sbcthLNQncLlBzB60nlZLL%40BzI_aI_Ba_Bcc Via: SIP/2.0/UDP 190.17.12.46:10033;branch=z9hG4bKsbcthLNQHpIBIpl0a Contact: <sip:6665106@190.17.12.46:10033> Max-Forwards: 70 P-Asserted-Identity: <sip:6665106@sbctest.com> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REGISTER, PRACK, UPDATE, INFO Content-Length: 163 Content-Type:application/sdp ...... |
Favorite (0)
Reply
