The OSP Module adds OSP support to SER for secure, multi-lateral peering. Multi-lateral peering uses Public Key Infrastructure (PKI) services for secure, direct peering among an anonymous group of SIP peers. In a multi-lateral peering architecture, each peer trusts a common peering authority that enforces routing and access policies on behalf of each peer. The benefits of multi-lateral peering are increased peering security and the elimination of burdensome bilateral peering agreements and access control lists which are difficult to administer in a large peering network.
The
OSP standard is a peering protocol for IP network applications such as VoIP, video,
short message services (SMS) and content brokering. OSP is an open standard defined by ETSI – the
European Telecommunications Standards Institute. OSP has been widely deployed by VoIP carriers to enforce secure access control for peer to
peer inter-domain VoIP routing and Call Detail Record
(CDR) collection. For more information see
www.etsi.org and search for ETSI TS 101 321.
A peering server is a simple and efficient solution for managing routing, access control and CDR collection for VoIP calls among a network of SER devices. OSP can be used to securely manage wholesale VoIP peering among independent SIP networks, or by an enterprise to create a secure VoIP virtual private network for calling among branch offices using SIP PBXs. The diagram below illustrates a call scenario between SER networks using OSP peering. Each SER proxy manages calls within its own domain. However, when a call must be completed outside its own network, a SER proxy can query a peering server for routing and access information to a destination peer that can complete the call.
1. The calling
party makes a call.
2. The source SER
cannot complete the call within its domain.
3. Peering Request. The source SER queries the peering server for
the IP addresses of other peers that can complete the call to the dialed
number.
4. Peering Response. The peering server returns a list of IP
addresses of destination peers and digitally signed peering tokens authorizing
access to each destination peer.
5. The source SER
routes the call to the destination SER returned by the peering server. Included in the SIP Invite message is the
peering access token signed by the peering server.
6. The
destination SER receives the call and validates the peering token. If the token is valid, the destination SER
routes the call to the called telephone number.
7. The call is
completed to calling party.
When the call is over, both the source and destination peers send call detail records to the peering server as shown in steps 8 and 9 below.
