ZTE´s Solution for Commercially Implementing Multicast Services

ZTE´s solution fully supports the multicast routing protocols and the multicast management protocols, and solves the problems of user management, service management, service security, QoS and billing management in the commercial operation of multicast services.

The access and service authentication equipment plays a key role in multicast service operation. UAS, ZTE´s broadband access server, serves as the access and service authentication equipment, achieving user access management, service bearing and service control simultaneously.

More information at:
http://www.zte.com.cn/English/03product/open1.jsp?ID=528

The IP multicast technology helps achieve efficient point-to-multipoint data transmission on IP networks, save network bandwidth and reduce traffic loads. With the growth of multimedia services, the multicast technology, which enables lots of broadband value-added services, has a great market potential. Moreover, after years of development, xDSL network platforms have been implemented on a considerable scale.

1 Problems with Commercial Operation of

   Multicast Services
Although multicast encompasses a robust set of protocols, but the protocol set cannot handle multicast service operation and management yet. So the commercial operation of multicast service is still facing some technical problems. Solutions to these problems will perfect multicast service functions and promote service popularization. The main problems are as follows:

• Multicast service authentication
• Multicast service billing
• Multicast source management
• Smooth convergence with existing access authentication and billing systems
• QoS guarantee
• Multicast service operation security
  

2 ZTE´s Solution for Multicast  Services
ZTE´s solution fully supports the multicast routing protocols and multicast management protocols, and solves the problems of user management, service management, service security, QoS and billing management in the commercial operation of multicast services.

2.1 Networking Model
For network operators and content providers to implement and operate multicast services on an xDSL network, the network should not only support the multicast routing protocol, member management protocol, multicast address distribution functionality and multicast forwarding function, but also require effective user management and service management functions. ZTE´s typical networking model for multicast services includes the following equipment:

• Access components: ADSL equipment, Lay-2 Ethernet exchange
• Convergence and access authentication components: Lay-3 Ethernet exchange, Broadband Remote Access Server (BRAS)
• Core routing components: routers
• Service authentication control components: Service Selection Gateway (SSG) (Optional)
• Authentication and accounting server: RADIUS system
• Portal system
• Network management and monitoring equipment
• Multicast source content server
  

  As shown in Figure 1, access and service authentication equipment plays a key role in multicast service operation. The Universal Access Server (UAS), ZTE´s broadband access server, serves as the access and service authentication equipment, achieving user access management, service bearing and service control simultaneously.

2.2 Multicast Service Authentication
UAS supports both integrated and separate modes of service authentication according to the independence of user access authentication and multicast service authentication.

  With the integrated mode, service authentication is integrated into access authentication, and UAS serves as both access and service authentication equipment. Once an access is successfully authenticated, a user´s value-added service attributes, including multicast service attributes, are downloaded to UAS that accordingly makes corresponding service control strategies. Service authentication will be locally carried out when a multicast service is used.

  On the other hand, the separate mode keeps user access authentication and service authentication separate. Here access and service authentication equipment can be UAS only, or UAS and SSG. Users can make service customization, selection and cancellation on personal portal Webpages. With this mode, UAS doesn´t keep service attributes any more. When a multicast service is used, UAS will send the user´s information, as well as service information, to SSG to handle service authentication, and then, according to the feedback of SSG, decide whether to accept the Internet Group Management Protocol (IGMP) JOIN packets or not.

2.3 Multicast Service Billing
For the commercial operation of multicast services, billing modes are very important. Charge by time, charge by traffic and mixed charge can be adopted. The time mode includes charge by fixed time and by served time.

  In the first one or two years of commercial operation, billing by a fixed time limit is recommended to avoid charge disputes caused by disagreement on service usage statistics because of unstable network QoS. Users can use all the multicast services with a fixed charge monthly, weekly or daily, and can also customize their services through portal Webpages.

  When the services becomes matured, the mixed billing mode can be used to provide users with flexible charge options and bring network operators and content providers more profits. Besides increased charges by a fixed time limit, operators can offer various billing solutions such as charge by actual served time, prepayment and charge by combination of served time and traffic and charge by access times.

  The accounting function is implemented by UAS and the billing system. UAS collects accounting information and provides interfaces for the billing system. The RADIUS protocol is commonly used as the main interface protocol. UAS also solves the problem of user´s abnormal leave (i.e. quitting multicast services without sending IGMP LEAVE packet), which ensures the billing accuracy and users´ benefits. Besides,  ZTE´s portal service platform can provide users with charge inquiry, allowing them to check service history and relevant charges via portal Webpages.

2.4 Multicast Packet Replication
Packet replication is required between multicast service users. Multicast services need to converge with the existing access authentication and accounting systems, and the Point-to-Point Protocol over Ethernet (PPPoE) is the main access authentication technology. Therefore, the multicast packet replication has to be realized under  PPPoE. Meanwhile, packet replication should be combined with multicast service authentication and authorization.

  According to the result of service authentication and authorization, a packet replication port table is made to ensure that only authenticated multicast service users can receive the packet. UAS adopts a special dynamic multi-target connection technology based on hardware to implement packet replication on demands. On the premise of not impairing the network performance, UAS is able to fulfill the multicast packet replication function under PPPoE.

2.5 Multicast Service Management
Multicast service management function realizes content release, service termination, and blockout of illegal multicast sources. For content providers, it´s very simple to release service contents. They can just sign relevant agreements with network operators, and then release their service contents on ZTE´s service management platform. Service-associated information is presented on the portal Webpage. Fixed multicast addresses are assigned to the content provider after his release of service contents, but an address will be reclaimed once a user terminates the service. All multicast addresses are managed by the local operator to avoid address collision.

  When contents are released, the source IP address is recorded. UAS implements service authentication according to information about multicast group users, including the group address and source IP address, and refuses illegal users. Simultaneously, UAS will drop multicast data packets from the user side to prevent user hosts sending multicast data to occupy network bandwidth.

2.6 Multicast Service Security
The security functionality includes security guard and logging, tracing and positioning of security problems.

  Network security problems keep rising with network expansion. With the growth of multicast services, security problems are hardly avoided. Effective solutions for security can not only weaken the impact of multicast services on existing networks, but also strengthen service attraction and users´ loyalty to operators. Possible security problems are listed here:

• Illegal multicast sources
• Service embezzlement
• Attack upon multicast service authentication equipment by illegal users
• Attack upon multicast sources by illegal users
  

  The security function of UAS can greatly reduce, even avoid, hidden security troubles of the network, which can ensure the commercial operation of multicast services. Illegal multicast sources can be refused in two ways. Firstly, all the legal multicast sources are thought to release contents on operators´ service management platforms, and their multicast addresses and IP addresses are available to UAS. Users can join multicast groups only when UAS considers they are legal. Secondly, all multicast packets from the user side are considered illegal to prevent user hosts sending illegal multicast data to the network. UAS will drop such illegal packets.

  To avoid service embezzlement, multicast information should be filtered at the user side. Only authenticated users can receive multicast packets. UAS sets up a port replication table according to authentication results, cutting off physical channels that illegal users may use to intercept multicast packets. To avoid service embezzlement with counterfeit identity, UAS identifies service users by binding multicast service requests with users´ physical identifier dynamically. It only accepts requests from legal user links to prevent illegal users.

  UAS takes control of multicast service requests to prevent illegal users waging a DOS attack upon multicast authentication facilities. It´s possible that users ceaselessly change packet source addresses (including IP addresses and media access control addresses) when they continuously send IGMP JOIN requests. So UAS needs to confirm the source address by checking the source address and users´ legal link information (such as user ports, Virtual LAN Identifier, Permanent Virtual Circuit), and drops illegal multicast packets to protect service authentication facilities. UAS can also limit the number of acceptable multicast requests on one user link per unit time to avoid DOS attacks.

  UAS implements functions of source address confirmation and access control list to prevent illegal users attacking multicast sources and protect multicast source servers.

  UAS has a perfect security log, which records not only the detected security information, but also details users´ information of joining and leaving multicast groups, to trace and position illegal users.

2.7 Service Quality Guarantee
ZTE´s UAS supports flow classification from Layer 2 to Layer 7, implementing multiple traffic priority services, traffic control strategies and various congestion management/prevention mechanisms such as WFQ (Weighted Fair Queuing) and WRED (Weighted Random Early Detection). The high priority service and guaranteed bandwidth ensure the QoS of multicast services.

3 Conclusion
ZTE´s Solution has solved a series of problems for the commercial operation of multicast services on the xDSL network platform. It is a sharp weapon for broadband service operation and management.

Manuscript received: 2004-02-15