Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Phreaking Technical System Info :: ss7.txt

A Guide to the SS7 Telephony Protocol




              _________             _________   _________________________
            /          |          /          | |                         |
          /      __    |        /      __    :::                         |
        /      /   |   |      /      /   |   | |_______________          |
      /      /     |___|    /      /     |___|                /         /
    /      /____________  /      /____________              /         /
   |                    ::                    |           /         /
   |_____________       ||_____________       |         /         /
    ___          |      | ___          |      |       /         /
   |   |_________|      ||   |_________|      |     /         /
   |                    ::                    |   /          |
   |___________________/ |___________________/  /____________|

    Switching System Number 7 (SS7) 
    A Guide to the SS7 Telephony Protocol. April 1999.
    By Hybrid. (th0rn@coldmail.com) (hybrid_blue@hotmail.com)



Everyone is still talking about 5ESS, and 1AESS switch programing. Whatever
country you live in, Switching System 7 has been, or _will_ be implemented.
I have written a load of files on the various protocols of SS7, and it's
many applications. I have written this file as a guide to the SS7 system, and
it's network layout. This is _new_ information, not old 5ESS stuff. People
are still going on about 5ESS and how they can hack ESS switches. Bull Shit,
SS7 is the new system, it's time that phreaks started to look into this
massive new network instead of lingering in the past. Before my time, phreaks
could _phreak_ using just a phone, now if you want to take a CO, or switch,
you have to hack it. Since the advent of CCS (Common Channel Signaling), you
cannot interact with the phone network because the signaling and voice data
are handled on seperate networks. If phreaking is going anywhere, it is
heading towards SS7 and AIN Frame Relay. I have obtained some information on
the SS7 system from Bellcore and other majour telco players. After reading
the information (from books), I have decied to type it all up into a file for
everyone to read. The information I have on SS7 is all in paper format, so I
have mearly copied it all into digital format, the way in which it should be.
SS7 is a relatively complicated protocol to grasp, but if no one bothers with
it _real_ phreaking will die. I hope everyone enjoys reading this file as
much as I enjoyed typing it up, all the information in this file has been
taken from technical books and journals, apart from the asci diagrams which
I have made to make the info easier to understand.

Index: Signaling System 7 (SS7)

1.  What is Signaling?
2.  What is Out-of-Band Signaling? 
3.  Signaling Network Architecture.
4.  The North American Signaling Architecture
5.  Basic Signaling Architecture 
6.  SS7 Link Types 
7.  Basic Call Setup Example 
8.  Database Query Example 
9.  Layers of the SS7 Protocol
10. What Goes Over the Signaling Link
11. Addressing in the SS7 Network
12. Signal Unit Structure 
13. What are the Functions of the Different Signaling Units? 
14. Message Signal Unit Structure 
15. Acronym List


1. What is Signaling?

Signaling refers to the exchange of information between call components
required to provide and maintain service. 

As users of the public switched telephone network, we exchange signaling with
network elements all the time. Examples of signaling between a telephone user
and the telephone network include: dialing digits, providing dial tone,
accessing a voice mailbox, sending a call-waiting tone, dialing *66 (to retry
a busy number), etc.

Signaling System 7 is a means by which elements of the telephone network
exchange information. Information is conveyed in the form of messages.
Signaling System 7 messages can convey information such as: 

I am forwarding to you a call placed from 212-555-1234 to 718-555-5678. Look
for it on trunk 067.

Someone just dialed 800-555-1212. Where do I route the call? The called
subscriber for the call on trunk 11 is busy. Release the call and play a busy
tone.

The route to XXX is congested. Please don't send any messages to XXX unless
they are of priority 2 or higher. I am taking trunk 143 out of service for
maintenance.

SS7 is characterized by high-speed packet data, and out-of-band signaling.


2. What is Out-of-Band Signaling?

Out-of-band signaling is signaling that does not take place over the same
path as the conversation.

We are used to thinking of signaling as being in-band. We hear dial tone,
dial digits, and hear ringing over the same channel on the same pair of
wires. When the call completes, we talk over the same path that was used for
the signaling. Traditional telephony used to work in this way as well. The
signals to set up a call between one switch and another always took place
over the same trunk that would eventually carry the call. Signaling took the
form of a series of multifrequency (MF) tones, much like touch tone dialing
between switches.

Out-of-band signaling establishes a separate digital channel for the exchange
of signaling information. This channel is called a signaling link. Signaling
links are used to carry all the necessary signaling messages between nodes.
Thus, when a call is placed, the dialed digits, trunk selected, and other
pertinent information are sent between switches using their signaling links,
rather than the trunks which will ultimately carry the conversation. Today,
signaling links carry information at a rate of 56 or 64 kilobits per second
(kbps).

It is interesting to note that while SS7 is only used for signaling between
network elements, the ISDN D channel extends the concept of out-of-band
signaling to the interface between the subscriber and the switch. With ISDN
service, signaling that must be conveyed between the user station and the
local switch is carried on a separate digital channel called the D channel.
The voice or data which comprise the call is carried on one or more B
channels.

Why Out-of-Band Signaling? 

Out-of-band signaling has several advantages that make it more desirable than
traditional in-band signaling:

It allows for the transport of more data at higher speeds (56 kbps can carry
data much faster than MF outpulsing). It allows for signaling at any time in
the entire duration of the call, not only at the beginning. It enables
signaling to network elements to which there is no direct trunk connection.


3. Signaling Network Architecture

If signaling is to be carried on a different path than the voice and data
traffic it supports, then what should that path look like? 

The simplest design would be to allocate one of the paths between each
interconnected pair of switches as the signaling link. Subject to capacity
constraints, all signaling traffic between the two switches could traverse
this link. This type of signaling is known as associated signaling, and is
shown below in Figure 1.

Figure 1: Associated Signaling 

Associated signaling works well as long as a switches only signaling
requirements are between itself and other switches to which it has trunks. If
call setup and management was the only application of SS7, associated
signaling would meet that need simply and efficiently. In fact, much of the
out-of-band signaling deployed in Europe today uses associated mode. 

The North American implementers of Signaling System 7, however, wanted to
design a signaling network that would enable any node to exchange signaling
with any other SS7-capable node. Clearly, associated signaling becomes much
more complicated when it is used to exchange signaling between nodes which do
not have a direct connection. From this need, the North American Signaling
System 7 architecture was born.
        

4. The North American Signaling Architecture

The North American signaling architecture defines a completely new and
separate signaling network. The network is built out of three essential
components, interconnected by signaling links. These components are signal
switching points (SSPs), signal transfer points (STPs), and signal control
points (SCPs). They are outlined in Table 1 below.

Table 1: North American Signaling Architecture Components 


      Component         Function

      Signal switching
      points (SSPs)
                        SSPs are telephone switches (end offices or tandems)
                        equipped with SS7-capable software and terminating
                        signaling links. They generally originate, terminate,
                        or switch calls.
      Signal transfer
      points (STPs)
                        STPs are the packet switches of the SS7 network. They
                        receive and route incoming signaling messages towards
                        the proper destination. They also perform specialized
                        routing functions.
      Signal control
      points (SCPs)
                        SCPs are databases that provide information necessary
                        for advanced call-processing capabilities.


Once deployed, the availability of the SS7 network is critical to call
processing. Unless SSPs can exchange signaling, they cannot complete any
interswitch calls. For this reason, the SS7 network is built using a highly
redundant architecture. Each individual element must also meet exacting
requirements for availability. Finally, protocol has been defined between
interconnected elements to facilitate the routing of signaling traffic around
any difficulties that may arise in the signaling network. 

To enable signaling network architectures to be easily communicated and
understood, a standard set of symbols was adopted for depicting SS7 networks.
Figure 2 shows the symbols that are used to depict these three key elements
of any SS7 network.

STPs and SCPs are customarily deployed in pairs. While elements of a pair are
not generally co-located, they work redundantly to perform the same logical
function. When drawing complex network diagrams, these pairs may be depicted
as a single element for simplicity, as shown in Figure 3. 

Figure 3: STP and SCP Pairs 


5. Basic Signaling Architecture

Figure 4 shows a small example of how the basic elements of an SS7 network
are deployed to form two interconnected networks. 

Figure 4: Sample Network

Several points should be noted: 


1.STPs W and X perform identical functions. They are redundant. Together,
  they are referred to as a mated pair of STPs. Similarly, STPs Y and Z form
  a mated pair.

2.Each SSP has two links (or sets of links), one to each STP of a mated pair.
  All SS7 signaling to the rest of the world is sent out over these links.
  Because the STPs of a mated pair are redundant, messages sent over either
  link (to either STP) will be treated equivalently.

3.The STPs of a mated pair are joined by a link (or set of links).

4.Two mated pairs of STPs are interconnected by four links (or sets of links)
 These links are referred to as a quad.

5.SCPs are usually (though not always) deployed in pairs. As with STPs, the
  SCPs of a pair are intended to function identically. Pairs of SCPs are also
  referred to as mated pairs of SCPs. Note that they are not directly joined
  by a pair of links.

Signaling architectures such as this, which provide indirect signaling paths
between network elements, are referred to as providing quasi-associated
signaling.


6. SS7 Link Types

SS7 signaling links are characterized according to their use in the signaling
network. Virtually all links are identical in that they are 56-kbps or 64-
kbps bi-directional data links that support the same lower layers of the
protocol; what is different is their use within a signaling network. The
defined link types are shown in Figure 5 below and defined as follows: 

Figure 5: Link Types 

A Links 

A links are links that interconnect an STP and either an SSP or an SCP, which
are collectively referred to as signaling end points ("A" is intended to
stand for access). A links are used for the sole purpose of delivering
signaling to or from the signaling end points (they could just as well be
referred to as signaling beginning points). Examples of A links are 2-8, 3-7,
and 5-12 in Figure 5. 

Signaling that an SSP or SCP wishes to send to any other node is sent on
either of its A links to its "home" STP, which, in turn, processes or routes
the messages. Similarly, messages intended for an SSP or SCP will be routed
to one of its "home" STPs, which will forward them to the addressed node over
its A links. 

C Links 

C links are links that interconnect mated STPs. As will be seen later, they
are used to enhance the reliability of the signaling network in instances
where one or several links are unavailable. "C" stands for cross. (7-8, 9-10
and 11-12 are C links.) 

B Links, D Links, and B/D Links 

Links interconnecting two mated pairs of STPs are referred to as either B
links, D links, or B/D links. Regardless of their name, their function is to
carry signaling messages beyond their initial point of entry to the signaling
network towards their intended destination. The "B" stands for bridge and is
intended to describe the quad of links interconnecting peer pairs of STPs.
The "D" denotes diagonal and is intended to describe the quad of links
interconnecting mated pairs of STPs at different hierarchical levels. Because
there is no clear hierarchy associated with a connection between networks,
interconnecting links are referred to as either B, D, or B/D links. (7-11 and
7-12 are examples of B links; 8-9 and 7-10 are examples of D links; 10-13 and
9-14 are examples of interconnecting links and can be referred to as B, D, or
B/D links.)

E Links

While an SSP is connected to its "home" STP pair by a set of "A" links,
enhanced reliability can be provided by deploying an additional set of links
to a second STP pair. These links, called "E" (extended) links provide backup
connectivity to the SS7 network in the event that the "home" STPs cannot be
reached via the "A" links. While all SS7 networks include "A," "B/D," and "C"
links, "E" links may or may not be deployed at the discretion of the network
provider, The decision of whether or not to deploy "E" links can be made by
comparing the cost of deployment with the improvement in reliability. (1-11
and 1-12 are E links.)

F Links

"F" (for fully associated) links are links which directly connect two
signaling end points. F links allow associated signaling only. Because they
_bypass_ the security features provided by an STP, F links are not generally
deployed between networks. Their use within an individual network is at the
discretion of the network provider. (1-2 is an F link.) 


7. Basic Call Setup Example

Before going into much more detail, it might be helpful to look at several
basic calls and the way in which they use SS7 signaling (see Figure 6). 

Figure 6: Call Setup Example 

In this example, a subscriber on switch A places a call to a subscriber on
switch B: 

1.Switch A analyzes the dialed digits and determines that it needs to send
 the call to switch B.

2.Switch A selects an idle trunk between itself and switch B and formulates
  an initial address message (IAM), the basic message necessary to initiate a
  call. The IAM is addressed to switch B. It identifies the initiating switch
  (switch A), the destination switch (switch B), the trunk selected, the
  calling and called numbers, as well as other information beyond the scope
  of this example.

3.Switch A picks one of its A links (say AW) and transmits the message over
  the link for routing to switch B.

4.STP W receives a message, inspects its routing label, and determines that
  it is to be routed to switch B. It transmits the message on link BW. 

5.Switch B receives the message. On analyzing the message, it determines that
  it serves the called number and that the called number is idle. 

6.Switch B formulates an address complete message (ACM), which indicates that
  the IAM has reached its proper destination. The message identifies the
  recipient switch (A), the sending switch (B), and the selected trunk. 

7.Switch B picks one of its A links (say BX) and transmits the ACM over the
  link for routing to switch A. At the same time, it completes the call path
  in the backwards direction (towards switch A), sends a ringing tone over
  that trunk towards switch A, and rings the line of the called subscriber. 

8.STP X receives the message, inspects its routing label, and determines that
  it is to be routed to switch A. It transmits the message on link AX. 

9.On receiving the ACM, switch A connects the calling subscriber line to the
  selected trunk in the backwards direction (so that the caller can hear the
  ringing sent by switch B). 

10.When and/or if the called subscriber picks up the phone, switch B
   formulates an answer message (ANM), identifying the intended recipient
   switch (A), the sending switch (B), and the selected trunk. 

11.Switch B selects the same A link it used to transmit the ACM (link BX) and
   sends the ANM. By this time, the trunk must also be connected to the
   called line in both directions (to allow conversation). 

12.STP X recognizes that the ANM is addressed to switch A and forwards it
   over link AX. 

13.Switch A ensures that the calling subscriber is connected to the outgoing
   trunk (in both directions) and that conversation can take place. 

14.If the calling subscriber hangs up first (following the conversation),
   switch A will generate a release message (REL) addressed to switch B,
   identifying the trunk associated with the call. It sends the message on
   link AW. 

15.STP W receives the REL, determines that it is addressed to switch B, and
   forwards it using link WB. 

16.Switch B receives the REL, disconnects the trunk from the subscriber line,
   returns the trunk to idle status, generates a release complete message
   (RLC) addressed back to switch A, and transmits it on link BX. The RLC
   identifies the trunk used to carry the call. 

17.STP X receives the RLC, determines that it is addressed to switch A, and
   forwards it over link AX. 

18.On receiving the RLC, switch A idles the identified trunk. 


8. Database Query Example

People generally are familiar with the toll-free aspect of 800 (or 888)
numbers, but these numbers have significant additional capabilities made
possible by the SS7 network. 800 numbers are "virtual" telephone numbers.
Although they are used to point to "real" telephone numbers, they are not
assigned to the subscriber line itself.

When a subscriber dials an 800 number, it is a signal to the switch to
suspend the call and seek further instructions from a database. The database
will provide either a real phone number to which the call should be directed,
or it will identify another network (e.g., a long-distance carrier) to which
the call should be routed for further processing. While the response from the
database could be the same for every call (as, for example, if you have a
personal 800 number), it can be made to vary based on the calling number, the
time of day, the day of the week, or a number of other factors. 

The following example shows how an 800 call is routed (see Figure 7). 

Figure 7: Database Query Example 


1.A subscriber served by switch A wants to reserve a rental car at a
  company's nearest location. She dials the company's advertised 800 number.

2.When the subscriber has finished dialing, switch A recognizes that this is
  an 800 call and that it requires assistance to handle it properly. 

3.Switch A formulates an 800 query message including the calling and called
  number and forwards it to either of its STPs (e.g., X) over its A link to
  that STP (AX).

4.STP X determines that the received query is an 800 query and selects a
  database suitable to respond to the query (e.g., M). 

5.STP X forwards the query to SCP M over the appropriate A link (MX).

6.SCP M receives the query, extracts the passed information, and (based on
  its stored records) selects either a "real" telephone number or a network
  (or both) to which the call should be routed. 

7.SCP M formulates a response message with the information necessary to
  properly process the call, addresses it to switch A, picks an STP and an A
  link to use (e.g., MW), and routes the response. 

8.STP W receives the response message, recognizes that it is addressed to
  switch A, and routes it to A over AW. 

9.Switch A receives the response and uses the information to determine where
  the call should be routed. It then picks a trunk to that destination,
  generates an initial address message (IAM), and proceeds (as it did in the
  previous example) to set up the call. 


9. Layers of the SS7 Protocol

As the call-flow examples show, the SS7 network is an interconnected set of
network elements that is used to exchange messages in support of
telecommunications functions. The SS7 protocol is designed to both facilitate
these functions and to maintain the network over which they are provided.
Like most modern protocols, the SS7 protocol is layered.

The underlying layers of the SS7 protocol are as follows: 

Physical Layer 

This defines the physical and electrical characteristics of the signaling
links of the SS7 network. Signaling links utilize DS0 channels and carry raw
signaling data at a rate of 56 kbps or 64 kbps (56 kbps is the more common
implementation).

Message Transfer Part - Level 2 

The level 2 portion of the message transfer part (MTP Level 2) provides
link-layer functionality. It ensures that the two end points of a signaling
link can reliably exchange signaling messages. It incorporates such
capabilities as error checking, flow control, and sequence checking. 

Message Transfer Part - Level 3 

The level 3 portion of the message transfer part (MTP Level 3) extends the
functionality provided by MTP level 2 to provide network layer functionality.
It ensures that messages can be delivered between signaling points across the
SS7 network regardless of whether they are directly connected. It includes
such capabilities as node addressing, routing, alternate routing, and
congestion control.

Collectively, MTP levels 2 and 3 are referred to as the message transfer part
(MTP).

Signaling Connection Control Part 

The signaling connection control part (SCCP) provides two major functions
that are lacking in the MTP. The first of these is the capability to address
applications within a signaling point. The MTP can only receive and deliver
messages from a node "as a whole", it does not deal with software
applications within a node.

While MTP network management messages and basic call-setup messages are
addressed to a node as a whole, other messages are used by separate
applications (referred to as subsystems) within a node. Examples of
subsystems are 800 call processing, calling-card processing, advanced
intelligent network, and CLASS services (e.g., Repeat Dialing and Call
Return). The SCCP allows these subsystems to be addressed explicitly. 

Global Title Translation 

The second function provided by the SCCP is the ability to perform
incremental routing using a capability called global title translation.
Global title translation frees originating signaling points from the burden
of having to know every potential destination to which they might have to
route a message. A switch can originate a query, for example, and address it
to an STP along with a request for global title translation. The receiving
STP can then examine a portion of the message, make a determination as to
where the message should be routed, and then route it. 

For example, calling-card queries (used to verify that a call can be properly
billed to a calling card) must be routed to an SCP designated by the company
that issued the calling card. Rather than maintaining a nationwide database
of where such queries should be routed (based on the calling-card number),
switches generate queries addressed to their local STPs, which, using global
title translation, select the correct destination to which the message should
be routed. Note that there is no magic here; STPs must maintain a database
that enables them to determine to where a query should be routed. Global
title translation effectively centralizes the problem and places it in a node
(the STP) that has been designed to perform this function. 

In performing global title translation, an STP does not need to know the
exact final destination of a message. It can, instead, perform "intermediate
global title translation," in which it uses its tables to find another STP
further along the route to the destination. That STP, in turn, can perform
"final global title translation," routing the message to its actual
destination.

Intermediate global title translation minimizes the need for STPs to maintain
extensive information about nodes which are far removed from them. Global
Title Translation is also used at the STP to share load among mated SCPs in
both normal and failure scenarios. In these instances, when messages arrive
at an STP for final global title translation and routing to a database, the
STP can select from among available redundant SCPs. It can select an SCP on
either a priority basis (referred to as primary -- backup) or so as to
equalize the load across all available SCPs (referred to as load sharing). 

ISDN User Part (ISUP) 

The ISDN user part defines the messages and protocol used in the
establishment and tear down of voice and data calls over the public switched
network, and to manage the trunk network on which they rely. Despite its
name, ISUP is used for both ISDN and non-ISDN calls. In the North American
version of SS7, ISUP messages rely exclusively on MTP to transport messages
between concerned nodes.

Transaction Capabilities Application Part (TCAP) 

The transaction capabilities application part defines the messages and
protocol used to communicate between applications (deployed as subsystems) in
nodes. It is used for database services such as calling card, 800, and AIN as
well as switch-to-switch services including Repeat Dialing and Call Return.
Because TCAP messages must be delivered to individual applications within the
nodes they address, they use the SCCP for transport.

Operations, Maintenance and Administration Part (OMAP) 

The operations, maintenance, and administration part defines messages and
protocol designed to assist administrators of the SS7 network. To date, the
most fully developed and deployed of these capabilities are procedures for
validating network routing tables and for diagnosing link troubles. OMAP
includes messages that use both the MTP and SCCP for routing. 


10. What Goes Over the Signaling Link

Signaling information is passed over the signaling link in messages, which
are called signal units (SUs). Three types of signal units are defined in the
SS7 protocol:

Message signal units (MSUs) 

Link status signal units (LSSUs) 

Fill-in signal units (FISUs) 

Signal units are transmitted continuously in both directions on any link that
is in service. A signaling point that does not have MSUs or LSSUs to send
will send FISUs over the link. The FISUs perform the function suggested by
their name; they "fill up" the signaling link until there is a need to send
purposeful signaling. They also facilitate link transmission monitoring and
the acknowledgment of other SUs.

All transmission on the signaling link is broken up into 8-bit bytes,
referred to as octets. Signal units on a link are delimited by a unique 8-bit
pattern known as a flag. The flag is defined as the 8-bit pattern "01111110".
Because of the possibility that data within a signal unit would contain this
pattern, bit manipulation techniques are used to ensure that the pattern does
not occur within the message as it is transmitted over the link. (The signal
unit is reconstructed once it has been taken off the link, and any bit
manipulation is reversed.) Thus, any occurrence of the flag on the link
indicates the end of one signal unit and the beginning of another. While in
theory two flags could be placed between SUs (one to mark the end of the
current message and one to mark the start of the next message), in practice a
single flag is used for both purposes. 


11. Addressing in the SS7 Network

Every network must have an addressing scheme, and the SS7 network is no
different. Network addresses are required so that a node can exchange
signaling nodes to which it does not have a physical signaling link. In SS7,
addresses are assigned using a three level hierarchy. Individual signaling
points are identified as belonging to a "cluster" of signaling points. Within
that cluster, each signaling point is assigned a "member" number. Similarly,
a cluster is defined as being part of a "network." Any node in the American
SS7 network can be addressed by a three-level number defined by its network,
cluster, and member numbers. Each of these numbers is an 8-bit number and can
assume values from 0 to 255. This three-level address is known as the "point
code" of the signaling point.

Network numbers are assigned on a nationwide basis by a neutral party.
Regional Bell operating companies (RBOCs), major Independent telephone
companies and interexchange carriers already have network numbers assigned.
Since network numbers are a relatively scarce resource, companies' networks
are expected to meet certain size requirements in order to be assigned a
network number. Smaller networks can be assigned one or more cluster numbers
within network numbers 1, 2, 3, and 4. The smallest networks are assigned
"point codes" within "network number" 5. The cluster to which they are
assigned is determined by the state in which they are located. The network
number 0 is not available for assignment and network number 255 is reserved
for future use.

In short, "point code" is the term used to describe the three-level address
number created by combining the network, cluster, and member numbers. A point
code uniquely identifies a signaling point within the American SS7 network
and is used whenever it is necessary to address that signaling point. 


12. Signal Unit Structure

Signal units of each type follow a format unique to that type. A high-level
view of those formats is shown in Figure 8. 

Figure 8: Signaling Unit Formats 

All three SU types have a set of common fields that are used by MTP Level 2.
They are as follows: 

Flag 

Flags delimit SUs. A flag marks the end of one SU and the start of the next.

Checksum 

The checksum is an 8-bit sum intended to verify that the SU has passed across
the link error-free. The checksum is calculated from the transmitted message
by the transmitting signaling point and inserted in the message. On receipt,
it is recalculated by the receiving signaling point. If the calculated result
differs from the received checksum, the received SU has been corrupted. A
retransmission is requested.

Length Indicator 

The length indicator indicates the number of octets between itself and the
checksum. It serves both as a check on the integrity of the SU and as a means
of discriminating between different types of SUs at level 2. As can be
inferred from Figure 8, FISUs have a length indicator of 0; LSSUs have a
length indicator of 1 or 2 (currently all LSSUs have a length indicator of 1)
and MSUs have a length-indicator greater than 2. According to the protocol,
only 6 of the 8 bits in the length indicator field are actually used to store
this length; thus the largest value that can be accommodated in the length
indicator is 63. For MSUs with more than 63 octets following the length
indicator, the value of 63 is used.

BSN/BIB FSN/FIB 

These octets hold the backwards sequence number (BSN), the backwards
indicator bit (BIB), the forward sequence number (FSN), and the forward
indicator bit (FIB). These fields are used to confirm receipt of SUs and to
ensure that they are received in the order in which they were transmitted.
They are also used to provide flow control. MSUs and LSSUs, when transmitted,
are assigned a sequence number that is placed in the forward sequence number
field of the outgoing SU. This SU is stored by the transmitting signaling
point until it is acknowledged by the receiving signaling point.

Since the 7 bits allocated to the forward sequence number can store 128
distinct values, it follows that a signaling point is restricted to sending
128 unacknowledged SUs before it must await an acknowledgment. By
acknowledging an SU, the receiving node frees that SU's sequence number at
the transmitting node, making it available for a new outgoing SU. Signaling
points acknowledge receipt of SUs by placing the sequence number of the last
correctly received and in-sequence SU in the backwards sequence number of
every SU they transmit. In that way, they acknowledge all previously received
SUs as well. The forward and backwards indicator bits are used to indicate
sequencing or data-corruption errors and to request retransmission. 


13. What are the Functions of the Different Signaling Units?

FISUs themselves have no information payload. Their purpose is to occupy the
link at those times when there are no LSSUs or MSUs to send. Because they
undergo error checking, FISUs facilitate the constant monitoring of link
quality in the absence of signaling traffic. FISUs can also be used to
acknowledge the receipt of messages using the backwards sequence number and
backwards indicator bit.

LSSUs are used to communicate information about the signaling link between
the nodes on either end of the link. This information is contained in the
status field of the SU (see Figure 8). Because the two ends of a link are
controlled by independent processors, there is a need to provide a means for
them to communicate. LSSUs provide the means for performing this function.
LSSUs are used primarily to signal the initiation of link alignment, the
quality of received signaling traffic, and the status of the processors at
either end of the link. Because they are sent only between the signaling
points at either end of the link, LSSUs do not require any addressing
information.

MSUs are the workhorses of the SS7 network. All signaling associated with
call setup and tear down, database query and response, and SS7 network
management takes place using MSUs. MSUs are the basic envelope within which
all addressed signaling information is placed. As will be shown below, there
are several different types of MSUs. All MSUs have certain fields in common.
Other fields differ according to the type of message. The type of MSU is
indicated in the service-information octet shown in Figure 8; the addressing
and informational content of the MSU is contained in the signaling
information field. 


14. Message Signal Unit Structure

The functionality of the message signal unit lies in the actual content of
the service information octet and the signaling information field (see Figure
8).

The service information octet is an 8-bit field (as might be inferred from
its name) that contains three types of information as follows: 

1.Four bits are used to indicate the type of information contained in the
signaling information field. They are referred to as the service indicator.
The values most commonly used in American networks are outlined in Table 2. 

               Table 2: Common Signaling Indicator Values 

                       Value
                               Function
                       0
                               Signaling Network Management
                       1
                               Signaling Network Testing and Maintenance
                       3
                               Signaling Connection Control Part (SCCP)
                       5
                               ISDN User Part (ISUP)


2.Two bits are used to indicate whether the message is intended (and coded) f
  or use in a national or international network. They are generally coded
  with a value of 2, national network. 

3.The remaining 2 bits are used (in American networks) to identify a message
  priority, from 0 to 3, with 3 being the highest priority. Message
  priorities do not control the order in which messages are transmitted; they
  are only used in cases of signaling network congestion. In that case, they
  indicate whether a message has sufficient priority to merit transmission
  during an instance of congestion and/or whether it can be discarded en
  route to a destination.

The format of the contents of the signaling information field is determined
by the service ndicator. (Within user parts, there are further distinctions
in message formats, but the service indicator provides the first piece of
information necessary for routing and/or decoding the message.) 

The first portion of the signaling information field is identical for all
MSUs currently in use. It is referred to as the routing label. Simply stated,
the routing label identifies the message originator, the intended destination
of the message, and a field referred to as the signaling-link selection field
which is used to distribute message traffic over the set of possible links
and routes. The routing label consists of 7 octets that are outlined below in

Table 3 (in order of transmission): 
Table 3: Routing Label 


      Octet Group         Function                       Number of Octets
                                                         Involved
      Destination Point Code
      (DPC)
                          Contains the address of the node to
                          which the message is being sent
                                                         3 octets
      Originating Point Code
      (OPC)
                          Contains the address of message
                          originator
                                                         3 octets
      Signaling Link Selection
      (SLS)
                          Distributes load among redundant routes
                                                         1 octet


Point codes consist of the three-part identifier (network #, cluster #,
member #), which uniquely identifies a signaling point. 


16. Acronym List 


ACM             Address Complete Message
ANM             Answer Message
A Links         Access Links
BIB             Backward Indicator Bit
B Links         Bridge Links
BSN             Backward Sequence Number
D Links         Diagonal Links
DPC             Destination Point Code
E Link          Extended Link
F Link          Fully Associated Link
FIB             Forward Indicator Bit
FISU            Fill in Signal Unit
FSN             Forward Sequence Number
IAM             Initial Address Message
ISDN            Integrated Services Digital Network
ISUP            ISDN User Part
KPBS            Kilobits per Second
LSSU            Link Status Signal Unit
Mf              Multifrequency
MSU             Message Signal Unit
MTP             Message Transfer Part 
OMAP            Operations, Maintenance and Administration Part
OPC             Originating Point Code
PSTN            Public Switched Telephone Network
RBOC            Regional Bell Operating Company
REL             Release Message
RCL             Release Complete Message
RSP             Route Set Prohibited Test Message
RSR             Restricted Test Message
SS7             Signaling System 7
SCCP            Signaling Connection Control Part
SCP             Signal Control Point
SLS             Signaling Link Selection
SSP             Signal Switching Point
STP             Signal Transfer Point
SU              Signal Unit
TCAP            Transaction Capabilities Application Part
TFA             Transfer Allowed Message
TFP             Transfer Prohibited Message
TFR             Transfer Restricted Message

  
Well, thats it. Shouts to d4rkcyde, 9x, b4b0, eVolution, downt1me, elf,
substance, lowtek, digiphreak, gr1p, t1p, euk. darkcyde.8m.com.

        [----> ghost in the shell bbs <----]
        [----> o11 +44 (o)1xxx xxxxxx <----]
        [----> 24 hours. d4rkcyde (c) <----]

g1ts.login:


                    ___ ___ _____.___.____________________  ____________
hybrid@b4b0.org    /   |   \\__  |   |\______   \______   \/_   \______ \
hybrid@ninex.com  /    ~    \/   |   | |    |  _/|       _/ |   ||    |  \
hybrid.dtmf.org   \    Y    /\____   | |    |   \|    |   \ |   ||    `   \
----------------   \___|_  / / ______| |______  /|____|_  / |___/_______  /
                         \/  \/               \/        \/              \/
 
 
 
 






TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH