💾 Archived View for gemini.spam.works › mirrors › textfiles › phreak › SWITCHES › ss7.txt captured on 2022-06-12 at 17:51:15.
-=-=-=-=-=-=-
Signalling System 7 (SS7)
Whether a call is made to the phone in the house next door or on another
continent, it becomes part of traffic on a network called Signalling System 7,
or SS7. Over the past five to ten years, telephone operating companies have
been upgrading their networks to use this standard communications protocol,
providing them with faster call setup times and the ability to expand their
service offerings. There is a proliferation of communications services ranging
from Caller ID to cellular service to ISDN and the forthcoming AIN or Advanced
Intelligent Network. SS7 plays a major part in many of these services
providing the means for transporting information between locations.
In-band vs. out-of-band
When a phone call is made, call-control information is sent to the locaal
telephone office. The digits dialed are the main routing components that
determine a call's destination. If the dialing is for a local call, the call
may be connected from the same office from which the originating line
terminates. The telephone switch at the local office that services a phone
line may have to route a call to another office connected by a trunk. Call-
control signals such as the number dialed and the answer indication from the
other end are information used for managing a call connection.
Using traditional signalling methods, the trunk between the two offices
carries information down the same set of wires that the voice signal travels.
This is called in-band signalling because the call-control signal is sent down
the same path as the voice signal. SS7 handles all these tasks on a separate
facility know as a signalling link. The signalling link can handle the call-
control information for many calls going on simultaneously. The actual voice
path between the two offices is still over the trunks, while the call-control
signalling is traveling on a separate communications channel. This is called
out-of-band signalling.
SS7 is essentially a packet switching network. Signalling information is
carried in data packets between the telephone offices in much the same manner
as X.25 or other packet switching protocols previously installed. This packet-
switching network is overlaid on top of the existing telephone network, adding
an entirely new diminsion. This gives the telephone network a number of
advantages over the traditional signalling system. The primary benefit is
increased bandwidth for call signalling. The voice trunk is limited since its
primary responsibility is to carry voice or data. SS7 provides additional
bandwidth, a standardized protocol for sending information between different
vendor equipment and increased data transmission speed.
Demand for network services
The greatest benefit for both the telephone operating companies and their
subscribers is the increased capability to provide network services. Prior to
using SS7, many telecommunications equipment vendors had proprietary means for
sending feature-related signalling between offices. This prevented true
networking of services. When Integrated Services Digital Network (ISDN) was
introduced into the marketplace a few years ago, one complaint was its limited
service across geographical locations. This created situations which came to
be known as "ISDN islands." SS7 eliminates this problem by encapsulating the
ISDN call information in packets and transporting them across the network,
bridging the islands.
SS7 enables or enhances a number or services including:
o Enhanced 800 service
o Custom Local Area Signalling Services (CLASS)
o Advanced Intelligent Network Services (AIN)
o ISDN Connectivity
o Cellular Service
Until recently, when you purchased 800 service, the number you were given
actually belonged to the local company that was the service provider. FCC
rulings in recent years haved changed this scheme. Now with an enhanced form
of 800 service, the 800 number can be retained by the subscriber even when he
switches service providers. However, this means that the telephone company can
no longer determine which service provider to route the call to just by the
800 number that's dialed. An SSP uses TCAP (Transaction Capabilities Part) to
query a database at an SCP to determine the service provider for routing the
call to as well as other information associated with the call. An SSP running
CLASS uses TCAP to exchage information on the availability of a called number
with another SSP.
Custom Local Area Signalling Services (CLASS) use SS7 capabilities to deliver
services such as caller ID, automatic redial, and call screening. Call
screening allows the consumer to selectively accept or reject calls from
selected numbers. The information for these services is transported between
offices via SS7 packets.
The standards
The ability to provide information between phone offices without regard for
which vendor's equipment is used requires global standards. Standards are
developed at different levels by different organizations. Global SS7 standards
are developed by the International Telecommunications Union Telecommunications
Standardization Sector (ITU-TS), formerly known as CCITT. Different countries
make their own refinements of the ITU standards as necessary. The discussion
here is limited primarily to North American networks. The American National
Standards Institute (ANSI) and Bellcore further refine the ITU standards for
North American and Regional Bell Operating Companies (RBOCS) respectively.
Virtually anyone in the communications field today will recognize the Open
Systems Interconnection (OSI) model. The OSI stack was developed by the
International Standards Organization (ISO) and contains seven layers
identifying communications functions between two nodes such as the physical
medium used for the connection, the error correction method, addressing
scheme and so on. SS7 is also a protocol and is based on the OSI protocol
stack.
The Protocol
The SS7 protocol (refer to Fig.3) is composed of:
o Message-transfer part
o Signalling connection control part
o ISDN user part
o Transaction capability application
The MTP (message-transfer part) provides the basic transport system for all
SS7 messages. It is responsible for getting information from one network node
to another in a reliable fashion. It makes up the first three levels of the
protocol stack: the physical, link and network layers.
Layer 1, the physical level, specifies the actual medium used for
transmission. It uses a four-wire connection and typically a bit-rate transfer
of 64 kilobits per second (kb/s) or 56 kb/s. V.35 connections may also be used
with incremental transmission rates up to 64 kb/s.
Layer 2, the link level, provides a number of functions to ensure that there
is a good connection between nodes for communicating. Error detecting, error
correction, signalling unit alignment and signalling link alignment are all
part of the link layer's responsibility. It is at this layer that the actual
signalling unit is formed. Signalling units are simply SS7's version of
packets. Signalling units are transmitted across the signalling link
continuously whether there is any information to transmit or not. When there
is actually a message to be sent, it is sent an MSU (message signalling unit).
During periods when there is no inoformation to send, FISU (fill-in signalling
units) are sent. This continuous stream of packets ensures that link problems
are detected immediately. There is a third type of signalling unit, an LSSU
(link-status signalling unit) which is used to convey changes in the status of
the link between the two ends.
The SCCP (signalling-connection control part), which is part of Layer 4,
provides additional routing and network management functions to the MTP. It
allows applications to talk to each other at different nodes and it provides
network management capabilities at the application level. For example, an
application may want to re-route a message in the event of an application
failure. You'll note from the SS7 protocol model (Fig.3) that there is a
connection between the ISUP and SCCP layers. SCCP contains connection-oriented
procedures that may be used by ISUP; however, ISUP doesn't use them today. It
can communicate directly with MTP which suffices for current ISUP needs. New
services may however make use of the SCCP connection-oriented capabilities.
The ISUP (ISDN user part) of Layer 4 provides connection-oriented signalling
between nodes. This type of signalling relates to setting up, taking down and
monitoring the connection of the actual voice path between offices. ISUP is
what provides the capability for phone calls to be completed. It also provides
services such as Caller ID. The name ISDN User Part can be a bit misleading,
however, because you don't need to have ISDN to use this capability. It was
however designed with ISDN capability in mind.
TCAP (transaction capabilities part), also part of Layer 4, allows
connectionless communications between two applications using a generic
language. It provides query and response capabilities allowing nodes to
request and respond to network and service information regardless of whether
there is an actual call established between offices. This opens up an entire
world of database interaction allowing centralized network intelligence in
handling calls.
As mentioned earlier, SS7 is essentially overlaid on the existing telephone
network. This introduces some new network elements as well as giving additonal
capabilities to previously exiting ones. The network is made up of a number
nodes called signalling points. Figure 4 shows a network example consisting of
connected nodes.
The SSP (service-switching point) is the telephone office with SS7
capabilities. It can originate and terminate messages but cannot transfer
them. The STP (signalling-transfer point) takes care of the transfer part. It
is the message-switching hub of the network, essentially a big packet switch.
Many of the routing decisions are made at the STP. Without this node, every
SSP would need to have a connection to every other SSP it was required to send
messages to. This would quickly grow into a complicated scene. STP's are
usually deployed in mated pairs to provide redundancy.
The SCP (service-control point) provides database services. Telephone offices
can send queries to the database requesting information regarding 800 numbers,
Private Virtual Network numbers and calling-card numbers, to name a few.
Network routing
We have seen that the physical connection between offices that provides the
signalling communications is called a signalling link. This link is actually a
part of a linkset. A linkset is simply a set of signalling links connecting
two offices. ANSI specifies that a linkset may contain up to 16 links. Many
offices may be able to handle all of their traffic on a single link per
linkset. However, the desire for additonal traffic capacity or just alternate
facilities in the case of a facility failure often merits additional links.
There can only be one linkset defined between two offices. While links define
physical connections between offices, a route describes the path between a
node and a destination.
A route may consist of multiple linksets. There may be several routes from one
node to another. Each route follows one or more linksets to its destination.
Just as there may be several links in a linkset, a routeset is a set of routes
which describes alternate paths from a node to a destination. When a node
needs to send a message to another node, it chooses a routeset which is
associated with a destination, then chooses a route within the routeset
(remember that a route really just describes a linkset), then chooses a link
within the linkset.
That brings us to the next topic of routing: how to determine which node to
send a message to. Every office is assigned a point code. This is the address
of the office, simply a number to uniquely identify it. Point codes vary in
format depending on the country and the standards they use. The ANSI standards
used by North America designate a 9-digit point code to identify each node in
the network. Each message contains both a destination and point code to
identify the office to send the message to and an origination point code to
identify the office sending the message. Within each office, translations are
done to map this address to a routeset for which outgoing messages are to be
sent. This means that each node must designate routesets for each pointcode it
wishes to directly send messages to.
The decisions about how routing will be done can vary from company to company
and are made by administrators of the network. This type of routing based on
the point codes is done at the network level of the MTP and its primary
responsibility is getting messages from one node to another.
The next level of routing to consider is routing to an application, or in SS7
terms, a subsystem. Subsystem routing is also based on a number designated for
a specific application. This number must be agreed on by different companies
so that a subsystem number identifying a particular subsystem can be
interpreted correctly. These are usually not defined in the more general
standards, but are usually defined by those involved in network
administration. For instance, Bellcore, the research and developement
organization for the regional Bell operating companies has defined a number of
subsystems for their clients in the US. One example is Custom Local Area
Signalling Service (CLASS), which has been defined as subsystem 251.
Therefore, two offices sending CLASS related messages would designate a
subsystem of 251 in the message. Subsystem routing is the responsibility of
the SCCP level of the protocol. At the beginning, we determined that the
digits of the telephone number played a major part in determining how your
call is routed through the network.
One of the popular buzzwords in SS7 terminology is something called global
title translations. A global title is simply a set of digits. These may be
digits dialed by a subscriber or provided by an application by some means.
Global title translations is the process of mapping those digits to an SS7
address, namely a point code and a subsystem. We've determined that a point
code can route a message to an office and a subsystem number can route to an
application. Once these two pieces of information are determined, we have the
means to get a message from our application to an application somewhere else
in the network. Traditional routing in the telephone network is based on
digits. You realize that fact every time you pick up the phone. However, the
SS7 network routes its messages based on the point code and subsystem.
Therefore global title translations are needed, which is also a function of
the SCCP layer of the protocol.
Let's summarize how messages are routed across the SS7 network. When a call
begins its routing process, the dialed digits are examined. For connection-
oriented calls using the ISUP layer of the protocol, the digits are mapped
internally to the appropriate point code by the sending the message to the
next node. The ISUP message also contains a circuit-identification code to
identify which trunk the message relates to. This is necessary because it will
be traveling on a different facility from the actual voice or data call. If
level 2 has determined that both ends of the signalling link are at a suitable
level of service, level 3, the network level, routes the message to the next
office based on the point code.
Now, assume that you're sending a TCAP message to a database to determine
information related to an 800 number. (Refer to Fig.5) The point code to send
the message to would still have to be determined, but a subsystem number would
be needed also. The protocol model shows that a TCAP message must ride on top
of the services of SCCP. Since TCAP is a connectionless message that's
normally related to an application, the subsystem routing service of SCCP are
needed. This is where global title translations comes into play. From the SSP,
the message might be sent to the STP to let it perform translation on the 800
number and determine how to route it to the database. In fact, this is what's
normally done.
It is not necessary for all of the offices to have knowledge of the database
locations. This can be taken care of at a centralized point, the STP. Routing
might occur through multiple STPs before reaching the SCP, but by the time it
arrives, the final point code and subsystem have been determined so that the
800 application software at the appropriate database can handle the message.
The self-healing network
The headlines citing major SS7 outages give insight into the importance of the
signalling network. If an office uses SS7 signalling, its loss means that the
office can't communicate with the rest of the world. It becomes isolated. The
network and protocol design take this into account, providing alternate
routing, compulsive restoration where possible, and internodal communications
to coordinate activities concerning degradation or loss of service. The
network management implemented by the MTP can be divided into three
categories: signalling-link management, signalling-route, and signalling-
traffic management.
Together, these management procedures attempt to maintain service by re-
routing or controlling traffic when there is congestion or a failure in the
network. Built-in recovery procedures attempt to restore network components to
service if possible.
Signalling-link management is responsible for maintaining the path between
nodes. If excessive errors are detected by the link layer, the link may be
deactivated. Siganlling link management will attempt to restore the link
through a process known as signalling link alignment. This involves an
exchange of signalling units (LSSUs) to bring the link back to the proper
state. Each end of the link uses a signalling-unit error-rate monitor to
monitor the number of errors at the link level and determine the stability of
the link. When signalling-link management has determined that the link is
suitable for use, it will report it to level 3 as being available.
Signalling-route management maintains and distributes information and
distributes information between nodes on the availability of signalling
routes. Much like a traffic reporter, it sends out messages about the loss or
degradation of routes causing other nodes to choose alternate routing or take
appropriate actions.
In Fig.6, for example, assume that the link between SSP A and STP 1 failed.
The STP would send a transfer-restricted (TFR) message to the other SSPs
informing them that it has limited routing capabilities to access node A. The
TFR message would contain the point code identifying node A as the subject of
the message. As long as the other nodes are able to route messages by another
route, they will not try to access node A through this STP. This helps to
minimize the traffic between the two STP unless it is absolutely necessary,
since STP 1 would have to route any messages it received destined for A
through STP 2. The other network nodes can still route through STP 2 with no
problem.
Since STP 2 will not be able to send messages to SSP A via STP 1 at all, STP 1
sends a transfer-prohibited (TFP) message to STP 2. This message contains the
point code for SSP A marking its route as unavailable for messages coming from
STP 2 in this direction. As you can see the only way STP 1 can get a message
to SSP A would be to route it through STP 2. It would have to send the message
right back, causing double traffic over the link joining the two STPs. The TFP
will prevent that situation.
When the route between STP 1 and SSP A is restored, STP 1 will send out
transfer-allowed (TFA) messages to its adjacent nodes, informing them that
routing is again available to SSP A. There are additional messages that are
used to accomplish all the tasks that need to be handled by routeset
management but this scenario gives you an idea of how nodes communicate the
availability of routes between each other.
The third area of network management is sigalling-traffic management, which is
responsible for routing the traffic in the network as the availability of
routes change. Let's take our previous example and look at how traffic
management handles this situation. At SSP A, all traffic destined for STP 1
must be stopped and re-routed to STP 2. Link-layer procedures exist to attempt
to account for all messages which might have been in transit between the nodes
when the failure occured to ensure that messages are not lost. This
communication is done using the route through STP 2. This coordination between
the two nodes terminating the faulty route is called a changeover and is one
example of how traffic management works in the SS7 network. Traffic which was
destined for the linkset to STP 1 will now be changed over to the linkset for
STP 2.
Again, there are a number of such procedures that make up signalling-traffic
management. Congestion procedures were not even mentioned. But network
management is a big subject - its hard to predict the future, especially with
the rate of change that's taking place in communications today. However, as
you read, a great deal of developement is being done in the area of
centralized services such as Advanced Intelligent Network (AIN). These
services rely heavily upon the SS7 protocol to communicate.
Glossary of Telephone Network Terms
AIN - Advanced Intelligent Network. A network concept in which services are
created and managed in a centralized location. This moves the service
intelligence from the telephone office to a service control point.
ANSI - American National Standards Institute. Refines the Global SS7 standards
specified by the ITU-TS for North American and regional Bell operating
companies.
Associated mode - Signalling mode in which a node is directly connected to the
destination node by a linkset.
CLASS - Custom Local Area Signalling Services. A set of services usually
targeted for residential and small business which provides the equivalent of
many business features such as caller identification and automatic recall.
Connection-oriented signalling - Signalling used to set up, monitor and take
down calls or pass information related to a call connection.
Connectionless signalling - Signalling used to transfer information not
associated to a particular connection. Often referred to as a Query/Response
method.
FISU - Fill-in signalling units. An SS7 packet sent when there are no MSUs to
be sent. Since SS7 links transmit a continuous stream of packets, these are
used as filler when there are no messages which need to be sent.
GTT - Global Title Translations. The process of converting digits to an SS7
address. SS7 uses point codes and subsystems to deliver messages.
ISDN - Integrated Services Digital Network. A network concept which provides
multiple integrated services from a single point of access. ISDN provides
access to voice, circuit-switched data and packet-switched data as well as
enhanced call control signalling from the end user to the telephone office.
ISUP - ISDN user part. Part of the SS7 protocol which provides connection-
oriented signalling used for setting up, monitoring and taking down trunks.
ITU-TS - International Telecommunications Union-Telecommunications
Standardization (Sector). Organization that Global SS7 Standards.
Link - A communication channel between two adjacent signalling points which
provides a path for messages to travel.
Linkset - A set of links between two adjacent signalling points.
LSSU - Link-Status Signalling Unit. An SS7 packet used to convey changes in
the link state between nodes.
MSU - Message-Signalling Unit. An SS7 packet used to send information across
the network.
MTP - Message-Transfer Part. Levels one through three of the SS7 protocol. MTP
provides reliable transfer of signalling units between network nodes. Its
responsibilities include point code routing and network management.
NSP - Network-Service Part. Refers to the combined services of MTP and SCCP.
Together, these provide end-to-end application routing.
OSI - Open System Interconnection. The telephone hook-up system commonly used
throughout the world.
Point Code - An address for an SS7 network node.
Quasi-Associated Mode - Signalling mode in which a message must travel over
two or more linksets to reach its destination. It is not directly connected to
the destination point.
Route - A path from a signalling point to a destination.
Routeset - A collection of routes used to access a destination.
SCCP - Signalling-Connection Control Part. Part of the SS7 protocol which
provides additional routing capabilities to the MTP, including subsystem
routing and global title translations.
SCP - Service Control Point. A database used to access information about calls
such as routing, billing and the selection of the service provider. The SCP
provides a centralized form of intelligence for handling calls.
SP - Signalling Point. A signalling point that can originate and terminate SS7
messages but does not have TCAP capability. The term signalling point is
sometimes used to refer to any network node with signalling capability;
however this should not be confused with the specific "Signalling Point" node
type.
SSP - Service-Switching Point. A node that can originate and terminate
messages but does not have the capability to transfer them. It also has the
ability to send TCAP messages.
SS7 - Signalling System 7. A system that specifies the signalling protocol for
the telephone network.
STP - Signalling-Transfer Point. A node used to transfer messages between
other switching nodes. Acts as a message switching center.
subsystem - An application at a node which uses the routing capabilities of
SCCP.
TCAP - Transcaction Capabilities Part. Part of the SS7 protocol which provides
a generic format for transferring applications-related information.
trunk - Facility which carries voice or data traffic between two telephone
offices.
Information:
Signalling System 7
Travis Russell
McGraw-Hill
Computer Telephony
Editorial/Business office
12 West 21 Street
New York, NY 10010
tel: 212 691 8215
fax: 212 691 1191
Subscriptions
(free to qualified requesters)
tel: 800 677 3435
tel: 215 355 2886
fax: 215 355 1068
Vendors:
Telesoft Design, Inc.
3475 Lenox Road NE Suite 400
Atlanta, GA 30326, USA
tel: 404 238 0528
fax: 404 235 0529
email: tsdusa@mindspring.com
Telesoft Design, Ltd.
Unit 1 Luccombe Business Park
Milton Abbas, Dorset, DT11 0BD, UK
tel: 44 0 1258 880358
fax: 44 0 1258 880206
email: telesoft@tsdesign.zynet.co.uk
DataKinetics Limited
Fordingbridge Hampsire England
tel: 44 0 1425 655050
fax: 44 0 1425 655075