Signalling System No. 7
|SS7 protocols by OSI layer|
|Application||TCAP, CAP, ISUP, ...|
|Network||MTP Level 3 + SCCP|
|Data link||MTP Level 2|
|Physical||MTP Level 1|
Signalling System No. 7 (SS7) is a set of telephony signaling protocols which are being used to set up most of the world's public switched telephone network (PSTN) telephone calls. The main purpose is to set up and tear down telephone calls. Other uses include number translation, local number portability, prepaid billing mechanisms, short message service (SMS), and a variety of other mass market services.
It is usually referenced as Signalling System No. 7 or Signalling System #7, or simply abbreviated to SS7. In North America it is often referred to as CCSS7, an abbreviation for Common Channel Signalling System 7. In some European countries, specifically the United Kingdom, it is sometimes called C7 (CCITT number 7) and is also known as number 7 and CCIS7 (Common Channel Interoffice Signaling 7). In Germany it is often called N7 (Signalisierungssystem Nummer 7).
There is only one international SS7 protocol defined by ITU-T in its Q.700-series recommendations. There are however, many national variants of the SS7 protocols. Most national variants are based on two widely deployed national variants as standardized by ANSI and ETSI, which are in turn based on the international protocol defined by ITU-T. Each national variant has its own unique characteristics. Some national variants with rather striking characteristics are the Chinese and Japanese (TTC) national variants.
The Internet Engineering Task Force (IETF) has also defined level 2, 3, and 4 protocols that are compatible with SS7:
- Message Transfer Part (MTP) level 2 (M2UA and M2PA)
- Message Transfer Part (MTP) level 3 (M3UA)
- Signalling Connection Control Part (SCCP) (SUA)
Common Channel Signaling protocols have been developed by major telephone companies and the ITU-T since 1975; the first international Common Channel Signaling protocol was defined by the ITU-T as Signalling System No. 6 (SS6) in 1977. Signalling System No. 7 was defined as an international standard by ITU-T in its 1980 (Yellow Book) Q.7XX-series recommendations. SS7 was designed to replace SS6, which had a restricted 28-bit signal unit that was both limited in function and not amenable to digital systems. SS7 has substantially replaced Signaling System No. 6, Signalling System No. 5 (SS5), R1 and R2, with the exception that R1 and R2 variants are still used in numerous nations.
SS5 and earlier systems used in-band signaling, in which the call-setup information was sent by playing special multi-frequency tones into the telephone lines, known as bearer channels in the parlance of the telecom industry. This led to security problems with blue boxes. SS6 and SS7 implement out-of-band signaling protocols, carried in a separate signaling channel, explicitly keep the end-user's audio path—the so-called speech path—separate from the signaling phase to eliminate the possibility that end users may introduce tones that would be mistaken for those used for signaling. See falsing. SS6 and SS7 are referred to as so-called Common Channel Interoffice Signalling Systems (CCIS) or Common Channel Signaling (CCS) due to their hard separation of signaling and bearer channels. This required a separate channel dedicated solely to signaling, but the greater speed of signaling decreased the holding time of the bearer channels, and the number of available channels was rapidly increasing anyway at the time SS7 was implemented.
The common channel signaling paradigm was translated to IP via the SIGTRAN protocols as defined by the IETF. While running on a transport based upon IP, the SIGTRAN protocols are not an SS7 variant, but simply transport existing national and international variants of SS7.
The term signaling, when used in telephony, refers to the exchange of control information associated with the setup and release of a telephone call on a telecommunications circuit. An example of this control information is the digits dialed by the caller, the caller's billing number, and other call-related information.
When the signaling is performed on the same circuit that will ultimately carry the conversation of the call, it is termed channel associated signaling (CAS). This is the case for earlier analogue trunks, MF and R2 digital trunks, and DSS1/DASS PBX trunks.
In contrast, SS7 signaling is termed Common Channel Signaling (CCS) in that the path and facility used by the signaling is separate and distinct from the telecommunications channels that will ultimately carry the telephone conversation. With CCS, it becomes possible to exchange signaling without first seizing a voice channel, leading to significant savings and performance increases in both signaling and channel usage.
Because of the mechanisms used by signaling methods prior to SS7 (battery reversal, multi-frequency digit outpulsing, A- and B-bit signaling), these older methods could not communicate much signaling information. Usually only the dialed digits were signaled, and only during call setup. For charged calls, dialed digits and charge number digits were outpulsed. SS7, being a high-speed and high-performance packet-based communications protocol, can communicate significant amounts of information when setting up a call, during the call, and at the end of the call. This permits rich call-related services to be developed. Some of the first such services were call management related, call forwarding (busy and no answer), voice mail, call waiting, conference calling, calling name and number display, call screening, malicious caller identification, busy callback.
The earliest deployed upper layer protocols in the SS7 signaling suite were dedicated to the setup, maintenance, and release of telephone calls. The Telephone User Part (TUP) was adopted in Europe and the Integrated Services Digital Network (ISDN) User Part (ISUP) adapted for public switched telephone network (PSTN) calls was adopted in North America. ISUP was later used in Europe when the European networks upgraded to the ISDN. (North America never accomplished full upgrade to the ISDN and the predominant telephone service is still the older POTS). Due to its richness and the need for an out-of-band channel for its operation, SS7 signaling is mostly used for signaling between telephone switches and not for signaling between local exchanges and customer-premises equipment (CPE).
Because SS7 signaling does not require seizure of a channel for a conversation prior to the exchange of control information, non-facility associated signalling (NFAS) became possible. NFAS is signaling that is not directly associated with the path that a conversation will traverse and may concern other information located at a centralized database such as service subscription, feature activation, and service logic. This makes possible a set of network-based services that do not rely upon the call being routed to a particular subscription switch at which service logic would be executed, but permits service logic to be distributed throughout the telephone network and executed more expediently at originating switches far in advance of call routing. It also permits the subscriber increased mobility due to the decoupling of service logic from the subscription switch. Another characteristic of ISUP made possible by SS7 with NFAS is the exchange of signaling information during the middle of a call.
Also possible with SS7 is Non-Call-Associated Signaling, which is signaling that is not directly related to the establishment of a telephone call. An example of this is the exchange of the registration information used between a mobile telephone and a home location register (HLR) database: a database that tracks the location of the mobile. Other examples include Intelligent Network and local number portability databases.
As well as providing for signaling with these various degrees of association with call set up and the facilities used to carry calls, SS7 is designed to operate in two modes: associated mode and quasi-associated mode.
When operating in the associated mode, SS7 signaling progresses from switch to switch through the PSTN following the same path as the associated facilities that carry the telephone call. This mode is more economical for small networks. The associated mode of signaling is not the predominant choice of modes in North America.
When operating in the quasi-associated mode, SS7 signaling progresses from the originating switch to the terminating switch, following a path through a separate SS7 signaling network composed of signal transfer points. This mode is more economical for large networks with lightly loaded signaling links. The quasi-associated mode of signaling is the predominant choice of modes in North America.
SS7 separates signalling from the voice circuits. An SS7 network must be made up of SS7-capable equipment from end to end in order to provide its full functionality. The network can be made up of several link types (A, B, C, D, E, and F) and three signaling nodes - Service switching point (SSPs), signal transfer point (STPs), and service control point (SCPs). Each node is identified on the network by a number, a signalling point code. Extended services are provided by a database interface at the SCP level using the SS7 network.
The links between nodes are full-duplex 56, 64, 1,536, or 1,984 kbit/s graded communications channels. In Europe they are usually one (64 kbit/s) or all (1,984 kbit/s) timeslots (DS0s) within an E1 facility; in North America one (56 or 64 kbit/s) or all (1,536 kbit/s) timeslots (DS0As or DS0s) within a T1 facility. One or more signaling links can be connected to the same two endpoints that together form a signaling link set. Signaling links are added to link sets to increase the signaling capacity of the link set.
In Europe, SS7 links normally are directly connected between switching exchanges using F-links. This direct connection is called associated signaling. In North America, SS7 links are normally indirectly connected between switching exchanges using an intervening network of STPs. This indirect connection is called quasi-associated signaling. Quasi-associated signaling reduces the number of SS7 links necessary to interconnect all switching exchanges and SCPs in an SS7 signaling network.
SS7 links at higher signaling capacity (1.536 and 1.984 Mbit/s, simply referred to as the 1.5 Mbit/s and 2.0 Mbit/s rates) are called high speed links (HSL) in contrast to the low speed (56 and 64 kbit/s) links. High speed links are specified in ITU-T Recommendation Q.703 for the 1.5 Mbit/s and 2.0 Mbit/s rates, and ANSI Standard T1.111.3 for the 1.536 Mbit/s rate. There are differences between the specifications for the 1.5 Mbit/s rate. High speed links utilize the entire bandwidth of a T1 (1.536 Mbit/s) or E1 (1.984 Mbit/s) transmission facility for the transport of SS7 signaling messages.
SS7 protocol suite
|SS7 protocols by OSI layer|
|Application||TCAP, CAP, ISUP, ...|
|Network||MTP Level 3 + SCCP|
|Data link||MTP Level 2|
|Physical||MTP Level 1|
The SS7 protocol stack borrows partially from the OSI Model of a packetized digital protocol stack. OSI layers 1 to 3 are provided by the Message Transfer Part (MTP) and the Signalling Connection Control Part (SCCP) of the SS7 protocol (together referred to as the Network Service Part (NSP)); for circuit related signaling, such as the BT IUP, Telephone User Part (TUP), or the ISDN User Part (ISUP), the User Part provides layer 7. Currently there are no protocol components that provide OSI layers 4 through 6. The Transaction Capabilities Application Part (TCAP) is the primary SCCP User in the Core Network, using SCCP in connectionless mode. SCCP in connection oriented mode provides the transport layer for air interface protocols such as BSSAP and RANAP. TCAP provides transaction capabilities to its Users (TC-Users), such as the Mobile Application Part, the Intelligent Network Application Part and the CAMEL Application Part.
The Message Transfer Part (MTP) covers a portion of the functions of the OSI network layer including: network interface, information transfer, message handling and routing to the higher levels. Signalling Connection Control Part (SCCP) is at functional Level 4. Together with MTP Level 3 it is called the Network Service Part (NSP). SCCP completes the functions of the OSI network layer: end-to-end addressing and routing, connectionless messages (UDTs), and management services for users of the Network Service Part (NSP). Telephone User Part (TUP) is a link-by-link signaling system used to connect calls. ISDN User Part (ISUP) is the key user part, providing a circuit-based protocol to establish, maintain, and end the connections for calls. Transaction Capabilities Application Part (TCAP) is used to create database queries and invoke advanced network functionality, or links to Intelligent Network Application Part (INAP) for intelligent networks, or Mobile Application Part (MAP) for mobile services.
Inasmuch as SS7 was not designed with security in mind, surveillance technology within the capabilities of non-state actors can be used to track the movements of cell phone users from virtually anywhere in the world with a success rate of approximately 70%. 
- ITU-T Recommendation Q.700
- (Ronayne 1986, p. 145).
- (Ronayne 1986, p. 141).
- RFC 2719 - Framework Architecture for Signaling Transport
- (Russell 2002, p. 318).
- (Russell 2002, p. xx).
- ITU-T Recommendation Q.700, Section 3.2.1, p. 7.
- (Russell 2002, p. 319).
- (Russell 2002, p. 433).
- ITU-T Recommendation Q.700, p. 4.
- (Dryburgh 2004, pp. 22–23).
- (Dryburgh 2004, p. 23).
- ITU-T Recommendation Q.700, Section 2.2.3, "signalling modes", pp. 4-5.
- ITU-T Recommendation Q.703, Annex A, "Additions for a national option for high speed signalling links", pp 81-86.
- (Russell 2002, p. 456).
- ITU-T Recommendation Q.711, Section 1, "Scope and field of application", pp 1-2.
- Surveillance technology.
- Dryburgh, Lee; Jeff Hewitt (2004). Signalling System No. 7 (SS7/C7): Protocol, Architecture, and Services. Indianapolis: Cisco Press. ISBN 1-58705-040-4. Link to online version of text below.
- Ronayne, John P. (1986). "The Digital Network". Introduction to Digital Communications Switching (1st edition ed.). Indianapolis: Howard W. Sams & Co., Inc. ISBN 0-672-22498-4.
- Russell, Travis (2002). Signaling System #7 (4th Edition ed.). New York: McGraw-Hill. ISBN 978-0-07-138772-9.
- SS7 Protocol layer architecture overview, tutorials and discussion forum
- www.protocols.com: practical overview
- SS7 open source project
- Mobicents SS7 open source project
- Introduction to signaling. A tutorial about signaling.
- SS7 Tutorial by PT
- Yate open source for fixed and mobile SS7