Two key trends are driving development of modern communication technologies. The first is the broad migration to Voice over IP (VoIP), a technology that provides telephone communication services over Internet Protocol (IP) networks. The second is the transition to wireless mobile computing supported by wireless local area networks (WLANs). These trends are combined in the Voice over WLAN (VoWLAN) technology that delivers voice communication services over wireless local area networks.
Voice is a demanding application. It requires near-continuous network transmission and very low packet loss to avoid latencies (gaps in communication) and jitter which can impact clarity. Voice transmission over wireless networks is even more challenging technology because mobile usage introduces additional problems. As users move out of their offices or homes, they may need to interface with the network through several different access points.
The VoWLAN technology is based on a radio access technology such as WiFi (802.11). VoWLAN technology supports connection of a user's handset or other mobile terminal arranged in a WLAN to a wireless network that may be provided by a cellular telecommunications operator. The wireless network may include an IP service network such as IP Multimedia Subsystem (IMS) which is a services overlay on the existing radio access network (RAN) architecture to provide end-to-end IP transport for voice traffic. The IMS is defined by the 3GPP standard as a wireless network infrastructure that enables the convergence of data, voice and mobile network technology. 3GPP2 adopted the IMS framework from 3GPP, and in conjunction with the Packet Data Subsystem (PDS) is referred to as the ‘Multi-Media Domain’ (MMD).
The IMS framework allows integration of multiple access technologies, such as the cellular RAN and WLAN, e.g. for mobile stations that may have either or both of the cellular and WiFi transceiver capabilities. IMS is designed to provide a number of key functionalities to enable IP services via wireless networks. In particular, IMS uses Session Initiation Protocol (SIP) for multimedia session negotiation and session management. Any type of media sessions may be established, e.g. voice, video, text sessions. For example, IMS enables a mobile user to find another user in the network and to establish a session with that user. The user can connect to an IMS network using IP-based methods. Direct IMS terminals such as mobile phones, PDAs, computers can register directly into an IMS network, even when they are roaming in another network.
The key IMS components enabling mobility management are CSCF (Call Session Control Function) and HSS (Home Subscriber Service). The HSS may include a home location register (HLR) that stores data regarding the valid user's identification, the assigned telephone number, subscription service options terminal capabilities, etc. for each mobile user. The HSS is the master user database supporting the IMS network entities that are actually handling the calls or sessions. It may perform authentication and authorization of the user and can provide information about the physical location of user.
In regular 3GPP networks, user identities may be defined in the following forms: International Mobile Subscriber Identity (IMSI), Temporary Mobile Subscriber Identity (TMSI), International Mobile Equipment Identity (IMEI) and Mobile Subscriber ISDN Number (MSISDN). IMSI is a unique user identity stores in the HSS. To improve privacy, a TMSI is generated per geographic location. While IMSI and TMSI identify users, the IMEI is a unique device identity and is phone specific. The MSISDN is the telephone number of the user.
In addition, the IMS uses IP Multimedia Private Identity (IPMI) and IP Multimedia Public Identity (IMPU). Both are Uniform Resource Identifiers (URIs) that can be digits or alphanumeric identifiers. The IPMI is unique to the phone. Each user may have multiple IMPUs that can be shared with another phone, so both can be reached with the same identity (for example, a single phone number for an entire family).
CSCF servers that process SIP signaling packets in the IMS may include a P-CSCF (Proxy-CSCF) which is the first point of contact for a user's terminal. The P-CSCF may be assigned to a user's terminal during registration. It authenticates the user and establishes a security association with the terminal. P-CSCF can also compress and decompress SIP messages to reduce the round-trip over slow radio links.
The call/session control function also includes an S-CSCF (Serving-CSCF) that handles SIP registrations to allow bonding the user location (e.g. the IP address of the terminal) and the SIP address. It decides to which application server the SIP message will be forwarded in order to provide a required service. Also, S-CSCF provides routing services and enforces the policy of the network operator. An I-CSCF (Interrogating-CSCF) is another SIP function that queries the HSS to retrieve the user location and routes the SIP request to its assigned S-CSCF.
When operating in the WLAN environment, e.g. through a WiFi access point, a user's handset or other mobile terminal is connected to an IMS network via a public IP network, such as the Internet. However, a public IP network is inherently unsecured. Therefore, a secured tunnel is created over the public IP network to connect a user's terminal to a Security Gateway that provides secured access to the IMS. For example, the Security Gateway may be implemented using the security architecture called IPsec and may include protocols for securing IP communications by authenticating and/or encrypting each IP packet in a data stream. Also, the Security Gateway may include protocols for cryptographic key establishment. For example, the Security Gateway functions may be implemented using CSCF servers or using a separate Security Server in an IP service network.
Each Security Gateway provides a large number of connections. Conventionally, the connections established over the Security Gateway are kept active, even when a user is not making voice calls. In case of failure of one of the Security Gateways, network services would be disrupted unless a redundant Security Gateway is provided. In a typical deployment scenario, an additional redundant Security Gateway is provided for each active Security Gateway to maintain connections established via the respective main Security Gateway when it fails for any reason. The redundant Security Gateway is not active until the respective main Security Gateway fails. Such a redundancy arrangement substantially increases the network deployment cost.
Therefore, it would be desirable to develop a redundancy arrangement that does not require redundant Security Gateways.