In recent years, communication technology has widely spread in terms of number of users and amount of use of the telecommunication services by the users. This also led to an increase in the number of different technologies and technological concepts in use.
A communication between two communication units is therefore not easy to accomplish, in particular when the communication units are of different technologies or belong to different parts of the overall communication system. The ISO/OSI (International Standards Organization's Open System Interconnect) reference model defines seven layers with respective tasks and interfaces for facilitating a universal communication between any two communication units supporting the reference model. A suite of protocols to be used in multiple layers of the model is usually called a protocol stack, such as e.g. the Internet Protocol (IP) stack. The ISO/OSI reference model has become a generally accepted standard model.
For example, the task of the highest layer, i.e. the application layer, is the provision of application-oriented basic services with respective data structures and protocols. Such basic services of the application layer are creation, establishment, modification, and termination of so-called sessions between communication units. A session in this sense is a logical association between communicating units, which builds a basis for an exchange of data. Examples for such sessions in present-day communication systems may include Internet telephony calls by means of a voice-over-IP (VoIP) service, wherein IP stands for any version of an Internet Protocol, multimedia distribution, and multimedia conferences.
A protocol of the application layer, which is designed for performing signaling tasks concerning the creation, establishment, modification, and termination of sessions, is the Session Initiation Protocol (SIP), for example. As aspects of the SIP protocol a determination of a user location, a determination of a user availability, a determination of user capabilities, a session setup, and a session management can be mentioned. SIP is defined in RFC 3261 of the Internet Engineering Task Force (IETF), and has been selected by the Third-Generation Partnership Project (3GPP) as the signaling protocol for IP multimedia subsystems (IMS). An IMS is a multimedia-oriented extension of the functionality of existing communication systems such as, for example, the Global System for Mobile communication (GSM), the General Packet Radio Service (GPRS), or the Universal Mobile Telecommunication System (UMTS).
When applied in a mobile communication environment, a session setup time will have to be reduced as compared with fixed networks in order to be acceptable to mobile users. For this purpose, a technique called SigComp (Signaling Compression) has been developed, which is defined in RFCs 3320 and 3321 of the IETF. SigComp thus is a known solution for compressing signaling messages generated by application layer protocols such as the Session Initiation Protocol (SIP) or the Real-Time Streaming Protocol (RTSP). When applied to SIP, for example the transmission latency of SIP messages over bandwidth-limited links such as (cellular) radio links can be reduced. A support for SigComp has also been required in the Third-Generation Partnership Project (3GPP).
A further aspect in modern and future communication systems resides in the provision of security both for single users and their individual communications as well as for entire subsystems.
For this purpose, intermediary nodes are usually used as network elements for building a single and secure access interface between certain parts of the system. For example, between a private and/or local area network and the rest of the Internet. Such an intermediary node is normally referred to as a firewall (FW). An intermediary node or firewall is thus located on the communication path from a transmitting side to a receiving side when the two sides reside in distinct subsystems. The communication on the path is analyzed by the intermediary node or firewall with respect to security aspects such as user integrity and/or authorization. If the communication from the transmitting side (i.e. single messages) is determined to be permissible/secure, it is relayed to the receiving side, otherwise it is rejected/dropped.
A specific type of firewall is a protocol-aware firewall. Such a protocol-aware firewall “has” a certain knowledge about the protocol for which it is designed. Therefore, it is particularly suitable for analyzing messages according to such a specific protocol. As an example in accordance with the above-mentioned SIP protocol, there exist SIP-aware firewalls. Such SIP-aware firewalls can filter and/or parse as well as analyze SIP messages—mainly the SDP (Session Description Protocol, specified in RFC 2327 of IETF) protocol data carried in a payload section of the SIP message—to retrieve the transport information for a session between the transmitting side and the receiving side. This allows the firewall to dynamically perform configurations, e.g. to set up so-called pinholes, so that the data packets (e.g. VoIP RTP packets) for the session are enabled to pass through the firewall.
However, there arises a problem when the protocol messages to be transmitted via a protocol-aware intermediary node are compressed in some way, for example by SigComp.
As described above, the protocol-aware firewall needs to parse incoming protocol messages e.g. in order to find the transport information for a SIP session and to configure pinholes accordingly. However, when protocol messages such as SIP messages are compressed, the firewall will not have access to the original message. This will prevent the firewall from opening/configuring pinholes for the session, and thus leads to a rejection of the message, and therewith a rejection of media and/or data packets, by the firewall.
In prior art, there has not yet been proposed a feasible solution for this problem, in particular in a mobile communication environment.
A possible solution would, for example, be not to apply a compression of protocol messages. However, this is not feasible for a low-bandwidth air interface like in present mobile communication systems. Without a compression, the transmission delay will be too large to be acceptable to mobile end users.
Another conceivable solution is to add decompression functionality to the protocol-aware firewall. The firewall would then decompress each compressed protocol message and then extract the transport information, if it is carried in the protocol message. However, this will add significant complexity to the firewall. First, it would need to implement decompression functionality such as Sigcomp functionality. Second, it would also require some functions of the application layer and the SIP protocol itself as well as, in case of SIP over TCP (Transmission Control Protocol), almost the entire TCP stack. Another problematic question in this regard concerns scalability issues.
A further type of solution is not to use a protocol-aware firewall. However, that means that the firewall has to rely on some other means to acquire the necessary transport information of a session. For example, by explicit signaling sent to the firewall from an application entity (e.g. SIP client, SIP proxy, or a third party entity). Such a solution is currently being studied by the IETF. However, there are two problems with this solution. First, though already needed today, it is not yet available or even ready for implementation, and presumably a lot of time will still pass for development and standardization of such a mechanism. Second and mainly, such a solution requires changes to the overall system architecture. This will result in high costs and efforts for its implementation.
Thus, a solution to the above problems and drawbacks is needed for providing for an efficient protocol message transfer via a protocol-aware intermediary node.