2 MIN READ | Industry

VoLTE QoE — Coping with IPSec

Michael Carlberg Lax
Mar. 16 2016

90% of all VoLTE drive testing today is done without encryption.

For the other 10% (or perhaps a reason to the frequent disabling of encryption) testing VoLTE from a subscriber perspective, i.e. with a real phone, has proven to be a challenge in VoLTE deployment as soon as security becomes relevant and IPSec is enabled in the network. The majority of the KPIs of interest to anyone looking to evaluate the performance of the VoLTE service rely on access to the SIP/RTP signaling between the IMS client and server.

This traffic should, for natural reasons, be encrypted and while running without encryption might be an option for some in the test phase, many operators no longer allow this, even for test purposes.

Encryption is disabled in two ways: either by disabling IPSec entirely or by setting the IPSec encryption algorithm to “null” or “none”. Oh, tomayto, tomahto you say? It is important, however, to distinguish these two as there are cases where simply disabling IPSec entirely results in the network responding with a Reject to the call setup. In those cases IPSec must be enabled but with the selected encryption algorithm set to “null”.

The Workaround

One solution to access encrypted SIP/RTP signaling has been to manually retrieve and input the correct keys needed to decrypt the signaling required to generate the KPIs. This manual task is time consuming since the keys can change frequently. The interval can vary between operators and we've seen everything from keys hard-coded to a specific device model to keys that change every time a VoLTE call is initiated or whenever the device registers to the network.

Streamlining with TEMS Investigation

In TEMS Investigation 18.0, encrypted SIP/RTP traffic is decoded automatically for the majority of VoLTE capable devices, completely removing the need to manually input the keys while enabling operators worldwide to test their network with IPSec enabled, an important step towards either pre-launch testing of a commercial VoLTE service or troubleshooting and optimizing an already existing one.

Written By