FreeCalypso > hg > themwi-smsc

comparison doc/Arch-design @ 0:9e364c18e0e8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
beginning of architectural design spec
author Mychaela Falconia <falcon@freecalypso.org>
date Wed, 20 Dec 2023 03:50:06 +0000
parents
children c4f8a32af088
comparison
equal deleted inserted replaced
-1:000000000000 0:9e364c18e0e8
1 Themyscira Wireless SMSC implementation
2 Architectural design specification
3
4 1. Purpose and scope of the software
5
6 The purpose of the present software project is to facilitate store-and-forward
7 SMS exchange among the following parties:
8
9 * Locally owned mobile telephone numbers (LOMTNs) that belong to Themyscira
10 Wireless, with Short Message Service accessed either via the local GSM network
11 (Osmocom-based) or via direct command line access to the SMSC;
12
13 * The outside world: the total set of all SMS-capable E.164 telephone numbers
14 in the world, with whom our users must be able to freely exchange SMS just
15 like users of any other cellular phone carrier in USA;
16
17 * USA-specific 5-digit and 6-digit short codes: these services aren't accessible
18 from anywhere in the world, only from USA (each country has its own services
19 of this type), but because we are located in USA, we must provide the same
20 access to public services as any other cellular phone carrier;
21
22 * Any downstream parties who enter into an interconnection agreement with ThemWi
23 for the purpose of sharing our SMS uplink to the outside world.
24
25 1.1. NANP specifics
26
27 The design of our SMSC makes the following assumptions that are specific to
28 North American Numbering Plan:
29
30 * All LOMTNs and all downstream peer MTNs are expected to be NANP numbers;
31 any/all SMS source or destination numbers in country codes other than +1 are
32 treated as belonging in the Outside World, accessible only via the SMPP
33 "uplink" connection to our upstream SMS connectivity provider.
34
35 * The set of SMS destination numbers that can be sent to the upstream includes
36 not only non-NANP and not-locally-known NANP E.164 numbers, but also any/all
37 SMS short codes in USA-specific NXXXX or NXXXXX format.
38
39 * In the case of Mobile-Originated SMS from the local GSM network, if the
40 user-entered destination number is not explicitly international (TON=1) and
41 does not fit the format of a USA SMS short code, other USA-customary dialing
42 formats are supported, as in 10-digit NPANXXXXXX or 11-digit 1NPANXXXXXX
43 without '+' prefix.
44
45 themwi-nanp software package is a strict dependency for themwi-smsc: themwi-nanp
46 utilities must be used to manage the database of locally owned NANP numbers,
47 and the present software uses themwi-nanp libraries to access that database.
48
49 1.2. Hierarchical arrangement of upstream and downstream peers
50
51 The telecom landscape in USA is such that anyone can obtain 10-digit telephone
52 numbers (TNs) very easily and very cheaply, but making them SMS-capable (able
53 to function as Mobile Telephone Numbers or MTNs) is much more difficult.
54 Suitably equipped providers such as Bandwidth.com are generally unwilling to
55 provide service directly to small customers, and we (Themyscira Wireless team)
56 were able to find only one company (Sopranica Telecom) who buys P2P SMS
57 interconnection service from Bandwidth and was willing to resell to us.
58
59 Suppose that many different ultra-small parties wish to set up their own indie
60 GSM networks in different parts of USA. Each of these tiny fiefdoms can serve
61 as its own administration and get its own TNs from a provider such as BulkVS.
62 How would all of these tiny fiefdoms then add SMS capability? The feedback we
63 got from Sopranica is that asking them to set up a sub-account on their
64 Bandwidth service for each microfiefdom would be too much work - hence San Diego
65 2G Association (the primary instance of Themyscira Wireless) will need to serve
66 as a third-level reseller, getting Bandwidth SMS interconnection service from
67 Sopranica and then further subletting it to other microfiefdoms.
68
69 Vertical hierarchy support in ThemWi-SMSC is designed to support the just-
70 described use case. Each SMSC instance has a set of locally owned mobile TNs
71 (LOMTNs, owned by the local fiefdom operating this SMSC instance), a single
72 upstream SMPP link pointing up the hierarchy tree (toward the Outside World)
73 and any number of downstream SMPP links to downstream peers. The total set of
74 phone numbers known to each SMSC instance is its own local set (themwi-nanp
75 database of locally owned TNs) plus the set of numbers assigned to downstream
76 peers - all other E.164 numbers everywhere in the world (plus all non-E.164 USA
77 SMS short codes) belong in the Outside World and are sent to the "uplink"
78 connection. Messages are then routed as follows:
79
80 * Any SM originating from a local GSM subscriber can go to another GSM
81 subscriber, to a known downstream peer or to the Outside World.
82
83 * Any SM that are injected directly into the SMSC from local shell access are
84 treated the same way as Mobile-Originated SMS from local GSM users - hence
85 this mechanism can be used to send SMS to the local GSM network or to the
86 Outside World.
87
88 * Any SM coming from the uplink connection can be addressing a local GSM
89 subscriber or a downstream peer - but either way it must be a number known
90 to this SMSC, otherwise something is badly misconfigured somewhere.
91
92 * Any SM coming from a downlink connection can go to a local GSM subscriber, to
93 a different downstream peer or to the Outside World.
94
95 1.2.1. Direction of SMPP connections
96
97 Despite the name "Short Message Peer to Peer", SMPP is an asymmetric client-
98 server protocol, not symmetric peer-to-peer. Our primary, above-all-else
99 requirement when it comes to SMPP is to connect to the "big daddy" SMSC of
100 Bandwidth.com, the one that allows us to receive SMS from and send SMS to
101 anywhere in the Outside World. BW requires that we connect to their SMSC server
102 in the role of an SMPP client and bind as a bidirectional transceiver - both
103 message directions then flow over this single long-lived TCP connection from our
104 client to their server.
105
106 This externally imposed requirement dictates the entire architectural design of
107 ThemWi-SMSC with respect to SMPP. Each instance of ThemWi-SMSC can have a
108 single upstream peer to whom we connect in the role of an SMPP client, and it
109 can optionally act as an SMPP server accepting TCP connections from downstream
110 peers. The master instance of ThemWi-SMSC at smsc.sandiego2g.org will point
111 its "upstream" link at Bandwidth.com SMPP server, using credentials given to us
112 by Sopranica, whereas other small fiefdoms who wish to join our service resale
113 tree will point the "upstream" link of their ThemWi-SMSC instances to
114 smsc.sandiego2g.org, and we (SD2G) will assign them authentication credentials
115 and manage their downstream number pools.
116
117 1.3. Possible use outside of originally intended North American use case
118
119 If your situation and/or interests do not match the very specific use case for
120 which the present software is designed (if you are located outside of North
121 America, and/or you have no interest in attaining SMS interconnection with the
122 national mobile telephony environment of whichever country you call home), you
123 can still play with the present implementation of GSM-oriented SMSC: the uplink
124 connection to the Outside World can be omitted, and if you don't have real TNs
125 (telephone numbers) in North American Numbering Plan (either because you are
126 outside of North America or because you are in NA but not interested in official
127 phone network interconnection), you can operate ThemWi-SMSC (plus the attached
128 Osmocom GSM network) with fake NANP numbers instead.
129
130 To be clear, this support for modes of usage outside of the primary design goals
131 of ThemWi-SMSC is intended only to facilitate "play" and evaluation (getting a
132 feel for what may be the first SMSC implementation connecting to Osmocom CNI
133 via GSUP), not for serious long-term usage. If your actual desired use case is
134 an isolated GSM network with a totally ad hoc or "free" numbering plan (the
135 default which one gets with a "vanilla" installation of Osmocom CNI), or a GSM
136 network that is interconnected with the national mobile telephony environment
137 of some country other than USA, you need a different SMSC design that is
138 tailored for your numbering plan (free-form or non-USA national) that will be
139 different from NANP, and for local telecom environment quirks that will almost
140 certainly be different from those in USA.
141
142 If you like the general idea and overall design of ThemWi-SMSC, but require an
143 adaptation to a different numbering plan or a different telecom environment
144 (isolated or a national interconnect in some other country), you should be able
145 to take the present code base and modify just the numbering plan aspects,
146 producing a derivative-work SMSC for your different needs.
147
148 2. ThemWi-SMSC software architecture
149
150 2.1. Modularity of components
151
152 A complete deployment of ThemWi-SMSC, as in our own use case at Themyscira
153 Wireless, includes a local GSM network (Osmocom-based) and a connection to the
154 hierarchical SMPP tree that eventually leads to the Outside World SMS
155 connectivity provider at the top. However, our software implementation will be
156 modular, divided into separate software components for:
157
158 * The internal core of the SMSC (one daemon process and some command line
159 utilities);
160
161 * A pair of daemon processes devoted to the task of connecting the SMSC to the
162 local Osmocom-based GSM network, to be omitted if you don't have one;
163
164 * A dedicated daemon process serving the SMPP link to the upstream peer, to be
165 omitted if you have no upstream link;
166
167 * Another dedicated sw component serving downstream peer SMPP connections, one
168 process instance per downstream peer, or none if you have no such peers.
169
170 This modularity allows the software to be used and (hopefully) appreciated
171 outside of its primary intended use case. At one extreme, someone could have
172 an isolated Osmocom GSM network, modify it slightly to use MSISDNs that look
173 like (fake) NANP numbers, hook up ThemWi-SMSC and use this SMSC as a replacement
174 for the Osmocom-default one, paving the way for factoring the SMSC function out
175 of OsmoMSC. At the other extreme, if someone is located in USA and wishes to
176 interconnect to the world of SMS through the chain of 3 resellers (Bandwidth
177 followed by Sopranica followed by San Diego 2G Association), they can run an
178 instance of ThemWi-SMSC without any GSM network at all. (You will still need
179 Osmocom libraries, but no Osmocom processes and no hardware.) In such a
180 deployment, all incoming SMS to your number(s) will be written into the
181 persistent store which you can read, and you can send outgoing SMS with a
182 command line utility.
183
184 2.2. Persistent message store
185
186 Every SM that passes through ThemWi-SMSC gets written into an append-only
187 persistent message store (PMS). Because this store is append-only, no messages
188 are ever deleted - however, each message in PMS can be in one of two states:
189 active or historical. An active SM is one for which the SMSC still needs to
190 make delivery attempts, either attempts at GSM MT delivery or attempts at
191 delivery to the appropriate upstream or downstream SMPP peer. A historical SM
192 is one for which no further action will be taken by any component of our SMSC.
193 An SM can enter "historical" state in several ways:
194
195 * For some LOMTNs the act of writing incoming messages into PMS constitutes
196 final delivery in itself, and no other delivery actions are needed. In this
197 case a newly entered SM is directly written into PMS in the "historical"
198 state, without ever going through "active".
199
200 * For messages that need to be delivered to a GSM MS or to an SMPP peer, once
201 that delivery has been made successfully, the message transitions from active
202 to historical.
203
204 * In the case of failed deliveries (permament error, or expiration time reached
205 after repeated temporary failures), the failed message also transitions from
206 active to historical.
207
208 The persistent message store is a simple binary file (/var/sms/pms.bin)
209 consisting of directly abutted 'struct sm_record' records. Each message record
210 is exactly 256 bytes (see struct definition - we were able to fit everything we
211 needed under the 256 byte mark, and then padded the struct to perfect round
212 size), and this perfect power-of-2 record size makes it very easy to perform
213 operations such as binary search via mmap or stripping initial megabytes of
214 historical records - see subsequent sections for more detailed description.
215
216 PMS is append-only as already stated, but already-written records do not become
217 fully immutable until they become historical. For as long as a given SM is in
218 the active state, themwi-smsc-core daemon can and will update that record in
219 pms.bin:
220
221 * For messages addressed to local GSM subscribers, dest_imsi will be filled
222 when the MSISDN-to-IMSI lookup operation on the destination number succeeds;
223
224 * Upon discharge (successful delivery, permanent error or validity period
225 expiration after temporary failures), themwi-smsc-core will transition the
226 sm_record into historical state by filling disposition and time_disch struct
227 members;
228
229 * Additional info may be written into dest_extra_info upon discharge, depending
230 on the destination type and thus the mode of final delivery.
231
232 Once an sm_record transitions into historical state, it is then immutable for
233 archival purposes; archives of historical messages can be kept for years or even
234 decades, depending on local administration policy.
235
236 2.2.1. Historical megabyte count
237
238 Given the simple binary structure of the main PMS file, each megabyte (2**20
239 bytes) holds exactly 4096 messages. It is envisioned that as a busy SMSC runs
240 for a long time, a significant number of historical messages will accumulate,
241 and the content of PMS may become many megabytes of historical messages followed
242 by some active SMs at the end. When themwi-smsc-core daemon restarts, it has
243 to read the entire PMS in order to collect all still-active SMs. Having to
244 read through many megabytes of historical SMs to get to active ones at the end
245 becomes unacceptable at large archive sizes, hence a mechanism is needed for
246 marking where the historical-only portion ends and the possibly-active portion
247 begins.
248
249 There will be an auxiliary file named historical-mb, containing a single ASCII
250 line giving the number of historical megabytes in pms.bin. If this file reads
251 1, the first 4096 SM records are historical, if the auxiliary file reads 2, the
252 first 8192 SM records are historical, and so forth. This auxiliary file will be
253 used as follows:
254
255 * Upon startup, themwi-smsc-core will read this historical-mb file and skip that
256 many initial megabytes of pms.bin;
257
258 * At run time, themwi-smsc-core will track the index of the oldest still-active
259 SM in PMS. Whenever this index crosses a megabyte boundary, historical-mb
260 will be updated.
261
262 2.2.2. Offline storage
263
264 Even with the historical-mb mechanism of the previous section, the fact remains
265 that disk space on live servers is not infinite. If the archive of historical
266 messages grows so big that it needs to be removed from the SMSC server to free
267 up disk space, one can carry out the following procedure:
268
269 * Temporarily stop themwi-smsc-core daemon at the level of runit or systemctl
270 or whatever you are using - this operation will bring down the entire SMSC,
271 so do it during a scheduled maintenance window;
272
273 * Use dd to split pms.bin into historical and active portions:
274
275 dd if=pms.bin of=pms-hist.bin bs=1048576 count=N
276 dd if=pms.bin of=pms-new.bin bs=1048576 skip=N
277
278 * Move pms-hist.bin to offline storage;
279
280 * Replace the long file with the shortened one:
281
282 mv pms-new.bin pms.bin
283 echo 0 > historical-mb
284
285 * Re-enable themwi-smsc-core and restart all other SMSC daemons.
286
287 2.2.3. themwi-smsc-dump reading tool
288
289 The program named themwi-smsc-dump will be a standalone command line utility
290 (fully static in its operation, not talking to any daemons or services) for
291 reading and parsing (decoding) pms.bin. It will open pms.bin with O_RDONLY, do
292 a read-only mmap on it, and then access this PMS as a memory-mapped file.
293 Several different modes of operation will be provided:
294
295 * It will be possible to dump and decode the entire PMS, as needed during early
296 debugging.
297
298 * It will be possible to specify a starting date/time at which the dump should
299 begin. As records are added in strict forward chronological order, it is
300 possible to find a record nearest (by time_entry timestamp) to a given time
301 point by binary search, very efficient on a memory-mapped file.
302
303 * Once the dump has a starting point (beginning of the file or a time point
304 found by binary search), the tool can be told to dump till the end, display
305 some count of messages, or run until a certain ending date/time is crossed.
306
307 * The tool can dump all message records in the selected range, or only those
308 matching specific filters such as a particular source or destination type, or
309 a specific phone number.
310
311 The complexity described above is needed for the following reasons:
312
313 * One radical idea is to grant limited access (by way of a very strict wrapper)
314 to themwi-smsc-dump to unprivileged users of the network served by the SMSC,
315 i.e., to end users. The idea is that each individual user should be able to
316 give their ssh public key to the administrator of the community network, and
317 then ssh into a special restricted service on the SMSC that does not grant
318 any system shell access, but allows them to access services under their own
319 phone number. Such an empowered end user should be able to submit SMS from
320 their own phone number using the power of a full-size computer (as opposed to
321 very painful text entry on the numeric keypad of a traditional GSM phone),
322 and to see a full log of all messages received by or sent from their own
323 phone number.
324
325 * By the nature of her job, the administrator of the SMSC (and of the community
326 GSM network to which this SMSC belongs) necessarily has access to every
327 message that passes through the system, all metadata and actual content.
328 While this access is technically necessary, an administrator who is worthy of
329 her trusted position must not abuse this trust, and must do everything
330 possible to avoid looking at users' private message content when it is not
331 necessary to do so for technical troubleshooting reasons. Toward this
332 objective, themwi-smsc-dump must make it easy to look at only technically
333 necessary information, without throwing unnecessary private info into the
334 operator's eyeballs.