Operator MMSC without a WAP Gateway (ICAP)

Posted by on Jul 24, 2015 in Support Blog

Topic Keywords: , , , ,

When implementing an MMSC for a mobile operator network, one of the most confusing concepts is how user authentication is usually performed in conjunction with a WAP Gateway.

MMS uses the MM1 Protocol (OMA MMS Encapsulation) for transactions between a mobile device and the MMSC. This protocol does not define how the MMSC identifies and authenticates the subscriber when the MMS client on a mobile device sends or receives a message.

The MMSC is expected to interface with other operator network components to identify and authenticate the subscriber.

When a mobile device connects to a mobile network for TCP/IP-based services, such as MMS, the mobile device is assigned an IP address when it connects to the GGSN. This IP address is dynamically assigned and usually changes between sessions.

When the MMSC receives an MMS request via TCP/IP, it needs to be able to identify the MSISDN associated with the requesting IP Address.

Traditionally, this identification has been facilitated by a WAP Gateway.  A mobile operator WAP gateway proxies MMS requests and inserts an HTTP header that contains MSISDN information.  This configuration is described in more detail in the following link: Operator MMSC Considerations – User Authentication

As mobile networks have evolved more toward providing direct internet access, there has been increased interest in deploying MMSC services without a WAP Gateway.

The NowSMS MMSC Edition facilitates this by implementing the ICAP protocol.  The Internet Content Adaptation Protocol (ICAP) is a lightweight HTTP-like protocol specified in RFC 3507 which is used to extend transparent proxy servers, and in some cases avoid the need for proxy servers.

The NowSMS MMSC Edition includes an ICAP client interface. This interface allows the MMSC to request HTTP header enrichment from an ICAP-based service.  The ICAP service inserts an HTTP header that contains MSISDN information, just as would be done if the request were proxied by a WAP Gateway.

The NowSMS MMSC Edition also includes a special license for the NowWAP Proxy to provide the ICAP server interface.  NowWAP must be configured to receive a RADIUS accounting feed from the GGSN.  Every time a device connects or disconnects from the GGSN, a RADIUS accounting packet reports this activity to NowWAP, so that NowWAP always knows which IP Address has been allocated to which MSISDN.

Details on configuring ICAP settings for user identification can be found in the following link: Operator MMSC Considerations – User Authentication.

Note that this ICAP interface is not limited  to user identification.  NowWAP can also forward information that is relevant to detecting roaming subscribers as detailed in the following link: Operator MMSC Accounting – Detecting Roaming Subscribers

To facilitate networks that are currently using a WAP gateway but wish to transition to ICAP, note the following considerations:

1.) The “MSISDNHeaderGateways” configuration setting specifies a list of one or more IP addresses from which the MMSC will accept the MSISDN HTTP Header.  These requests will be processed by the MMSC without ICAP.  Requests from any other IP address will use an ICAP lookup.  This means that devices configured with settings to use the WAP gateway will continue to do so, while new devices can be configured with gateway-less settings.

2.) For MMS only device APN settings which include a gateway IP address, it is possible at the network level to route that IP address and port directly to the MMSC.  The MMSC will reject any requests for other services, and process any MMS requests normally (assuming an ICAP interface is configured).

Please note that it is not necessary to use ICAP. For many customers, the WAP Gateway configuration is essential as it provides user identification and authentication for other services.


For comments and further discussion, please click here to visit the NowSMS Technical Forums (Discussion Board)...