ETSI TR 185 007 V2.0.0 (2008-03)

ETSI TR 185 007 V2.0.0 (2008-03)
Technical Report


Telecommunications and Internet converged Services and
Protocols for Advanced Networking (TISPAN);
Analysis of protocols for customer networks
connected to TISPAN NGN

---------------------- Page: 1 ----------------------
2 ETSI TR 185 007 V2.0.0 (2008-03)



Reference
DTR/TISPAN-05016-NGN-R2
Keywords
gateway, network, protocol
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2008.
All rights reserved.

TM TM TM TM
DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered
for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
ETSI

---------------------- Page: 2 ----------------------
3 ETSI TR 185 007 V2.0.0 (2008-03)
Contents
Intellectual Property Rights.4
Foreword.4
1 Scope.5
2 References.5
2.1 Normative references.5
2.2 Informative references.5
3 Definitions and abbreviations.6
3.1 Definitions.6
3.2 Abbreviations.7
4 Reference Architecture.8
5 Transport Layer.8
5.1 Attachment.8
'
5.1.1 Protocols on e Interface.8
1
5.1.1.1 Hardware identities exchange .9
5.1.1.2 Discovery of local SIP server within B2BUA.9
5.1.1.3 CND discovery.9
5.1.2 Protocols on a Interface.10
u
5.1.2.1 Local authentication protocol.11
5.2 Management.13
5.2.1 Protocols on e Interface .16
3
'
5.2.2 Protocols on e Interface.16
3
5.2.2.1 Provisioning on CND with parameters enabling NGN services usage .16
5.2.2.2 Provisioning Information Flow .17
5.2.3 Protocols on U Interface .18
5.2.3.1 Presentation (First page) .19
5.2.3.2 Configuration pages.19
5.2.3.2.1 Languages.19
5.2.3.2.2 Local administration.20
5.2.3.2.3 Remote administration.20
5.2.3.3 Examples for the GUI implementation .20
5.2.3.3.1 Presentation (First page).20
5.2.3.3.2 Configuration.21
5.3 Transfer Layer.22
6 Service Layer.22
6.1 Protocols on U Interface .22
t
6.2 Protocols on G Interface.22
m
6.3 Protocols on C Interface .22
'
6.4 Protocols on G Interface .22
m
6.4.1 Procedures for registering non-IMS SIP IETF devices in CNG over G '.22
m
6.4.1.1 Registration of local SIP URI.22
6.4.1.2 Registration of public SIP URI .23
History .24

ETSI

---------------------- Page: 3 ----------------------
4 ETSI TR 185 007 V2.0.0 (2008-03)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://webapp.etsi.org/IPR/home.asp).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This Technical Report (TR) has been produced by ETSI Technical Committee Telecommunications and Internet
converged Services and Protocols for Advanced Networking (TISPAN).
ETSI

---------------------- Page: 4 ----------------------
5 ETSI TR 185 007 V2.0.0 (2008-03)
1 Scope
The present document contains informative text for analysing the set of protocols that can be used in the Customer
Premises Networks (CPN) on the interfaces defined by stage 2 documents TS 185 003 [8] and TS 185 006 [7] related to
service and transport layers. It will constitute a basic document produced by WG5, with a strong collaboration with
WG3, to be used as the starting point for future technical specifications on that field.
2 References
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific.
• For a specific reference, subsequent revisions do not apply.
• Non-specific reference may be made only to a complete document or a part thereof and only in the following
cases:
- if it is accepted that it will be possible to use all future changes of the referenced document for the
purposes of the referring document;
- for informative references.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
For online referenced documents, information sufficient to identify and locate the source shall be provided. Preferably,
the primary source of the referenced document should be cited, in order to ensure traceability. Furthermore, the
reference should, as far as possible, remain valid for the expected life of the document. The reference shall include the
method of access to the referenced document and the full network address, with the same punctuation and use of upper
case and lower case letters.
NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee
their long term validity.
2.1 Normative references
The following referenced documents are indispensable for the application of the present document. For dated
references, only the edition cited applies. For non-specific references, the latest edition of the referenced document
(including any amendments) applies.
Not applicable.
2.2 Informative references
[1] DSL Forum TR-069 Amendment 1: "CPE WAN Management Protocol".
[2] HGI: "Home Gateway Technical Requirements Release 1".
[3] IETF RFC 3361: "Dynamic Host Configuration Protocol (DHCP-for-IPv4) Option for Session
Initiation Protocol (SIP) Servers".
[4] IETF RFC 1433: "Directed ARP".
[5] ETSI ES 283 003: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); IP Multimedia Call Control Protocol based on Session
Initiation Protocol (SIP) and Session Description Protocol (SDP) Stage 3".
ETSI

---------------------- Page: 5 ----------------------
6 ETSI TR 185 007 V2.0.0 (2008-03)
[6] ETSI TS 185 005: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); Services requirements and capabilities for customer networks
connected to TISPAN NGN".
[7] ETSI TS 185 006: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); TISPAN Customer Devices architecture and interfaces".
[8] ETSI TS 185 003: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); Customer Network Gateway Architecture and Reference
Points".
[9] ETSI TS 183 019: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); Network Attachment; User-Network Interface Protocol
Definitions".
[10] ETSI ES 282 001: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); NGN Functional Architecture".
[11] IETF RFC 1661: "The Point-to-Point Protocol (PPP)".
[12] IETF RFC 4058: "Protocol for Carrying Authentication for Network Access (PANA)
Requirements".
[13] IEEE 802.1x: "IEEE Standard for Local and metropolitan area networks - Port-Based Network
Access Control".
[14] IETF RFC 3748: "The Extensible Authentication Protocol (EAP) specification".
[15] ETSI TS 183 065: "Telecommunications and Internet converged Services and Protocols for
Advanced Networks(TISPAN); Customer Network Gateway Configuration Function; e Interface
3
based upon CWMP".
[16] DSL Forum TR-098: "DSLHomeTM Internet Gateway Device Version 1.1 Data Model for
TR-069".
[17] IEEE 802.11: "IEEE Standard for Information Technology - Telecommunications and Information
Exchange Between Systems - Local and Metropolitan Area Networks - Specific Requirements -
Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY)
Specifications".
[18] ETSI ES 282 004: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); NGN Functional Architecture; Network Attachment Sub-
System (NASS)".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply:
CPN Device: device physically installed in the CPN allowing user access to network services; this can be a Customer
Network Gateway with gateway functionalities towards the NGN, or a Customer Network Device being the end user
terminal
Customer Network Device (CND): CPN device enabling the final user to have direct access to services through a
specific user interface
NOTE: CNDs can be dedicated to the internet, conversational and audio-video services. But they could be also
Consumer Electronics equipment and other devices which may have nothing to do with these premium
services (e.g. services performing a content sharing within a CPN, typically between a PC and a music
system).
ETSI

---------------------- Page: 6 ----------------------
7 ETSI TR 185 007 V2.0.0 (2008-03)
Customer Network Gateway (CNG): CPN device acting as a gateway between the CPN and the NGN
NOTE: CNG is able to perform networking functions from physical connection to bridging and routing
capabilities (L1-L3), but also possibly implementing functions related to the service support (up to L7).
Customer Premises Network (CPN): in-house network composed by customer network gateway, customer network
devices, network segments, network adapters and nodes
NOTE: Network segments are physical wired or wireless connections between customer premises network
elements); network adapters are elements performing a L1/L2 conversion between different network
segments; nodes are network adapters with L3 routing capabilities.
"Multiple" Play Services (can be: double, triple, quadruple etc.): Delivery by a single service provider of different
types of concurrent services to one or multiple users within the same CPN. Services can be categorized in the following
way: data (e.g. Web browsing, best effort traffic etc.), person(s) to person(s) communication, entertainment.
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
ACS AutoConfiguration Server
ARF Access Relay Function
ARP Address Resolution Protocol
CND Customer Network Device
CND-A CND-Client Application
CND-AtF CND Attachment Function
CND-CMF CND Configuration and Maintenance Function
CND-CSMF CND-Communication Services Media Function
CND-LAF CND-Local Authentication Function
CND-NTF CND-NAPT Traversal Function
CND-SIP UA CND-SIP User Agent
CNG Customer Network Gateway
CNG-ACF CNG-Admission Control Function
CNG-AtF CNG-Attachment Function
CNG-AuF CNG-Authentication Function
CNGCF Customer Network Gateway Configuration Function
CNG-CMF CNG-Configuration and Maintenance Function
CNG-LF CNG-Location Function
CNG-NFF CNG-NAPT and Firewall Function
CNG-PCF CNG Policy Control Function
CNG-PPF CNG Plug and Play Function
CNG-UIF CNG User reference point Function
CPN Customer Premises Network
DB DataBase
DHCP Dynamic Host Configuration Protocol
EAP Extensible Authentication Protocol
GUI Graphic User Interface
HG Home Gateway
IMS IP Multimedia Subsystem
NAPT Network Address and Port Translation
NTF NAPT Traversal Function
PANA Protocol for carrying Authentication for Network Access
P-CSCF Proxy Call Session Control Function
PPP Point-to-Point Protocol
RM Remote Management
SIP Session Initiation Protocol
WAN Wide Area Network
ETSI

---------------------- Page: 7 ----------------------
8 ETSI TR 185 007 V2.0.0 (2008-03)
4 Reference Architecture
The present document is based on the architecture defined in TS 185 003 [8] and TS 185 006 [7]. Figure 4.1 shows all
the interfaces analysed in the present document.

Figure 4.1: IMS CND connected to the NGN-IMS network through a CNG
5 Transport Layer
5.1 Attachment
'
5.1.1 Protocols on e Interface
1
' '
The e interface is defined between the CND and the CNG-AtF. In comparison with e interface, the e may implement
1 1 1
'
only a subset of functionalities and due to the fact that e is inside the CPN some implementations can be excluded. In
1
'
the following clause some examples of e usage are given.
1
The CNG-AtF provides IP addresses (IPv4 or IPv6 format) to the CND through the CND-AtF, it may also send some
configuration information for the CND (typically through DHCP options).
The CNG-AtF gives private IP addresses to the CNDs if the CNG support NAT/NA(p)T function.
ETSI

---------------------- Page: 8 ----------------------
9 ETSI TR 185 007 V2.0.0 (2008-03)
5.1.1.1 Hardware identities exchange
In order to mutually exchange hardware identities between a CND and the CNG, it is strongly recommended to
implement the DSL Forum specification TR-069 Amendment-1 [1], Annex F (previously TR-111). This specification
indicates the usage of the DHCP option 125 to exchange identities. If the CND support the TR-069 that means the CND
implement the e reference point also, it is possible apply the following implementation.
3
As defined in TR-069 [1] (Table 36) the hardware identity of any device, either CNG or CND, is represented by
the DeviceId, that is composed by the following three parameters:
OUI Organizationally Unique Identifier of the device manufacturer. Represented as a six
hexdecimal-digit value.
ProductClass Identifier of the class of product for which the serial number applies. That is, for a given
manufacturer, this parameter is used to identify the product or class of product over which the
SerialNumber parameter is unique.
SerialNumber Identifier of the particular device that is unique for the indicated class of product and
manufacturer.
As specified in TR-069 (Annex-F Table 78):
- the CND provides its DeviceId to the CNG by using DHCP Option 125, Sub-Option codes 1 (OUI), 2
(SerialNumber), 3 (ProductClass);
- the CNG provides its DeviceId to the CND by using DHCP Option 125, Sub-Option codes 4 (OUI), 5
(SerialNumber), 6 (ProductClass).
5.1.1.2 Discovery of local SIP server within B2BUA
The CND device can discover the SIP server using DHCP option 120 "SIP Server DHCP Option" in case of IPv4 [3].
The CND device can discover the SIP server using DHCP option 21 "SIP Servers Domain Name List" or DHCP option
22 "SIP Servers IPv6 Address List" if using IPv6.
5.1.1.3 CND discovery
The CND discovery task is performed by the CNG and will discover CNDs in the CPN (for example through DHCP,
UPnP). This data should be accessible to the CNGCF.
The following introduction to the CND discovery is coherent with the general architectural approach to management
activities described in HGI Home Gateway Technical Requirements Release 1 [2] with some terminology modification
in coherence with TISPAN terminology.
The CNG discovers the ID from connected CNDs by retrieving and combining information from its ARP [4] cache,
DHCP repository, and UPnP Control Point cache. The ARP cache, DHCP repository and UPnP CP cache get their
information from the various devices connected to the CNG. To avoid conflicts (arising because a device can be
discovered by the ARP cache as well as the DHCP repository or the UPnP CP cache), a priority scheme is needed. HGI
gives priority to the information retrieved from the DHCP repository.
The discovered ID information is used by the CNG to fill a Managed Devices Data Base that can be read by the
CNGCF. In figure 5.1 the Managed Devices DB is given as a logically separate unit. However, it should be included in
the CNG as an extension of the data model, for example extending the DSL Forum data model defined in TR-098 [16]
specification as already proposed by HGI.
ETSI

---------------------- Page: 9 ----------------------
10 ETSI TR 185 007 V2.0.0 (2008-03)

Figure 5.1: From HGI R1 spec - Device management and Discovery
The Managed Devices DB defined in HGI can be mapped in the CNG-CMF defined in TS 185 003 [8]. Note that in
figure 5.1 HGI terminology is used. In this case ACS corresponds to CNGCF in TISPAN terminology and HG
corresponds to CNG.
5.1.2 Protocols on a Interface
u
The a reference point is defined between the Customer Network Device and the CNG-AuF. There may be two types of
u
authentication/authorization, according to:
- CPN pairing based on specific CPN technologies (e.g. Wifi SSID, PLC technology).
- Access rights for some LAN services like the CNG Configuration (through the CNG-UIF).
In both cases the authenticated entity is a customer network device, while the authenticator is the CNG.
The following details are referred to the CNDs pairing procedures.
A typical scenario for mutual local authentication is shown on figure 5.2.
ETSI

---------------------- Page: 10 ----------------------
11 ETSI TR 185 007 V2.0.0 (2008-03)

Client Server
Supplicant (CND) Authenticator (CNG)
Access request
Authentication request
+ Server credentials
server successfully authenticated
Client credentials
Authentication decision
client successfully authenticated

Figure 5.2: Mutual authentication scenario
The first couple of messages allows the server to be authenticated by the client, while the second pair is allowing the
supplicant authentication.
In the case of the a interface usage, the CND acts as supplicant while the CNG, acting as wireless Access Point, is the
u
authenticator (there is no involvement of any network server). The scenario applies mainly to the wireless CNDs but
can be theoretically valid for every possible CND.
There are two possible ways to authenticate the entity: using shared secrets (passwords or symmetric cryptography) or
PKI certificates (asymmetric cryptography).
5.1.2.1 Local authentication protocol
A Supplicant and Authenticator conversation uses PPP [11], PANA [12] or IEEE 802.1X [13] encapsulation for EAP.
The base authentication protocol is EAP [14].
EAP (Extensible Authentication Protocol) should be considered as the basic authentication protocol, but several
methods and variants may be used for authentication. In the table 1 some examples of EAP methods are indicated, with
reference to the type of credentials they utilize.
Table 5.1: Examples of EAP methods
Type of Client
Method Server authentication
method Authentication
EAP-TLS direct certificates certificates
certificates
EAP-TLS with TLS-PSK direct shared secret
shared secret
EAP-PSK direct shared secret shared secret
EAP-Double-TLS direct shared secret shared secret

The protocol stack for a Supplicant and Authenticator conversation is shown on the figure below. The lower layer with
respect to EAP could be PPP, PANA, IEEE 802.1X [13], IEEE 802.11 [17] and so on. The EAP method layer
implements authentication algorithm, sends and receives EAP messages and handles fragmentation if needed.
ETSI

---------------------- Page: 11 ----------------------
12 ETSI TR 185 007 V2.0.0 (2008-03)
Supplicant Authenticator
  EAP method (auth. algorithm)
method 1 method 2 method 1 method 2 Layer
 EAP Supplicant or EAP Athenticator
EAP Supplicant EAP Authenticator Layer
 EAP
EAP EAP Layer
 Lower
Layer
802.1x 802.1x


Figure 5.3: EAP entities layers
CNG is an Access Point (AP, IEEE 802.1X [13] authenticator) and Access Controller (AC), granting access to the
residential network based on an access list of authorized users.
• Authentication protocol: IEEE 802.1X [13] (EAP) (WPA (Wi-Fi Protected Access)).
• Authentication method: any EAP-compliant method.
An example of the packets exchange of EAP messages encapsulated in IEEE 802.1X [13] is shown on figure 5.4. This
diagram is referred to the Wi-Fi Alliance WPA Personal solution, which provides the usage of that protocol (802.1X
can be in any case used on its own, independently from WPA).
In the figure two "layers" of entities are shown: two that communicate using 802.1X protocol, that is the so-called
supplicant Port Access Entity (PAE, in wireless device) and the authenticator entity (PAE in Access Point), and another
two that are using EAP above 802.1X (EAP peer and EAP authentication server).
ETSI

---------------------- Page: 12 ----------------------
13 ETSI TR 185 007 V2.0.0 (2008-03)

EAP
802.1X
Supplicant Authenticator
PAE with PAE with
EAP peer EAP
(CND) authenticator
(CNG)
Port not authorized
Supplicant initiates the conversation
EAPOL-Start
EAP-Request
EAP-Response
EAP-Request
EAP-Response
Authenticator handles retransmissions of
the requests if needed

EAP-Request


Supplicant sends Response on
retransmitted Request without
processing it.
EAP-Response


EAP-Success |

EAP-Failure

Port authorized | not authorized
Supplicant initiates logoff

EAPOL-Logoff


Port not authorized

Figure 5.4: EAP messages encapsulated in 802.1X packets exchange
5.2 Management
The following introduction to the CND management is coherent with the general architectural approach to management
activities described in HGI Home Gateway Technical Requirements Release 1 [2] with some terminology modification
in coherence with TISPAN terminology.
ETSI

---------------------- Page: 13 ----------------------
14 ETSI TR 185 007 V2.0.0 (2008-03)
The CND configuration can be done in direct or indirect mode:
• If the supported mode of operation is the direct configuration of the CND by the CNGCF, therefore, the CNG
supports the pass-through mode (TR-69) and the managed CND needs to support the TR-069 CWMP protocol
as defined for the e interface in TS 183 065 [15].
3
• If the supported mode of operation is the indirect configuration of CND, a possible solution is given in
clause 4.2.2.1.
The CNG can also enable some remote management of simple CNDs that do not support TR-069 [1]. The service
provider can use this information to optimize the remote management of the (TR-069) managed devices and to optimize
customer service. It is assumed that the CNGCF only communicates with the CPN using TR-069 as defined for the e
3
interface in TS 183 065 [15], and therefore three remote management models can be distinguished. The models are
depicted in figures 5.5, 5.6 and 5.7. They are:
• the remote management model for a TR-069-enabled CND with the CNG operating in bridged mode;
• the remote management model for a TR-069-enabled CND with the CNG operating in routed mode;
• the remote management model for a CND that does not support TR-069, but is locally managed by the CNG
acting as remote management proxy.


RRMM ga gatetewwaayy i inntteerrffaacce:e: toto
mmaannaagege th the e ggaatteewwaayy
HGHGI GI Gaatteewwaayy
ununmmaananaggeed d
ddeevivicecess
RMRM
TRTR-9-988 + + TTRR-6-699
TRTR--009988 + + TTRR--006699
cliclieenntt
DHCPDHCP
seserrvveerr BrBriiddggee DHDHCCPP c clliieenntt
FuFunnccttiioonn
RRMM T TRR--069 069
RMRM T TRR--6699
TRTRTRTR----111100006666 + + + + TT TR TRRR--00-6-6669999
clcliieenntt
clcliieenntt
BBrriiddgeged Td TRR-0-06699 eend nd ddeevviiccee
brbriiddgegedd T TRR6969 eenndd ddeevviiccee
RRMM D Deevicevice IInntteerrffaaccee:: toto m maannaaggee ththee
bbrriiddgedged eennd d dedevv iiccee di dirreeccttllyy v viia a pupubblliicc IPIP
aadddrdresesss

Figure
...