Transcript Skype
Peer-to-Peer Networks - Skype
Hongli Luo
CEIT, IPFW
Skype
Reference: An Analysis of the Skype Peer-to-peer
Internet Telephony Protocol, S. Baset, H.
Schulzrinne, 2004
Use traffic analysis, shared library and system call
interception techniques to analyze the various
aspects of the Skype protocol
Voice over IP (VoIP)
VoIP – transport of voice over IP-based networks
Complexity ranges from
Hobbyists using Internet to get free phone calls on peer-to-peer basis to
Full scale PSTN replacement networks
VoIP must address
Types of end user terminals - IP phones, PC clients
Quality of Service – ensure agreed quality
Security risks must be clearly identified
Last mile bandwidth – which affects codec, packetization period and
where to use compression to best meet service goals
Signaling protocol must support service set required
VoIP
Quality of Service (Delay, Jitter, Packet loss)
Use RSVP, DiffServ, MPLS, even ATM
RTP is used for media traffic
Signaling protocol: SIP
Video on Skype
Provide video calling on Skype
Need a web camera
Available on computer, mobile, TV
P2P Case study: Skype
A peer-to-peer (P2P) overlay
network for VoIP and other
applications, developed by
founder of KaZaA
P2P (pc-to-pc, pc-to-phone,
Skype
phone-to-pc) Voice-Over-IP
login server
(VoIP) application
also IM
SkypeOut and SkypeIn
servers – PC-to-PSTN and
PSTN-to-PC
proprietary application-layer
protocol (inferred via reverse
engineering)
Packet transmission (voice
and control packets) are
encrypted
Skype clients (SC)
Supernode
(SN)
The Skype Network
Skype login
server
Message exchange
with the login server
during login
ordinary host (SC)
super node (SN)
neighbor relationships in the
Skype network
hierarchical overlay
The Skype Network (contd…)
Ordinary host (SC)
A Skype client
Super nodes (SN)
A Skype client
Has public IP address, ‘sufficient’ bandwidth, CPU and
memory
Login server
Stores Skype id’s, passwords, and buddy lists
Used at login for authentication
Version 1.4.0.84: 212.72.49.141 and 195.215.8.141
Peer uses a variant of STUN protocol to determine the
type of NAT and firewall it is behind
The Skype Network (contd…)
NAT and firewall traversal
Public IP address
Port-restricted NAT
• A port-restricted NAT allows an external host, with source IP
address X and source port P, to send a packet to the internal
host only if the internal host had previously sent a packet to IP
address X and port P.
UDP-restricted firewall
Uses wideband codec to maintain reasonable call
quality at an available bandwidth of 32 kbps
Uses TCP for signaling
Uses both UDP and TCP for transporting media traffic
Skype: making a call
User starts Skype
SC registers with SN
list of bootstrap SNs
SC logs in (authenticate)
Skype
login server
Call: SC contacts SN with callee ID
SN contacts other SNs (unknown
protocol, maybe flooding) to find
addr of callee; returns addr to SC
SC directly contacts callee, over TCP
Skype Components
Client listens on particular ports for incoming
calls
Maintains a table of other Skype nodes called
host cache
Wide codec
Buddy list
Encrypts messages end-to-end
Determines whether it is behind a NAT or a
firewall
Skype Components
Ports
No default listening port
Randomly chooses a port (P1) on installation
Also opens TCP listener sockets at port 80 (HTTP) for
incoming http requests and port 443 (HTTPS)
Skype Components (contd…)
Host cache (HC)
IP address and port number of online Skype nodes (SNs)
Maximum size: 200 entries
Liang, Kumar and Ross. Understanding KaZaA
• 200 entries for ordinary nodes (ON)
Login server IP address and port number
If unable to establish a connection with any HC entry
• Connect with one of the seven bootstrap IP address and port
pairs hardcoded in the Skype executable
HC Windows location
C:\Documents and Settings\All Users\Application
Data\Skype\shared.xml
Skype HC
Skype Components (Contd…)
Codecs (GlobalIPSound)
Wide band codecs (50-8,000 Hz)
iLBC (packet size: 20 and 30 ms bitrate: 15.2 kbps and 13.3
kbps)
iSAC (packet size: 30-60 ms bitrate: 10-32 kbps)
G.729 for SkypeOut?
Buddy list
Stored in ‘config.xml’ file
• C:\Documents and Settings\<XP user>\Application
Data\Skype\<skype user id>
<CentralStorage>
<LastBackoff>0</LastBackoff>
<LastFailure>0</LastFailure>
<LastSync>1120325519</LastSync>
<NeedSync>0</NeedSync>
<SyncSet>
<u>
<skypebuddy1>f384d3a0:1</skypebuddy1>
<skypebuddy2>7d1dafc4:1</skypebuddy2>
Skype Functions
Startup
Login
User search
Call establishment
Media transfer
Keep-alive
NAT and firewall traversal
Conferencing
Skype Functions: STARTUP
First time startup
Sent a HTTP 1.1 GET request to the Skype server (Skype.com)
GET /ui/0/97/en/installed HTTP/1.1
Normal startup
To determine a newer version of Skype is available,
during login
• GET /ui/0/97/en/getlatestversion?ver=0.97.0.6 HTTP/1.1
Skype Functions: LOGIN
Establishes a TCP connection with SN
Authenticates with the login server and gets a certified public key
Bootstrap super nodes - Hard-coded in Skype
A SC must establish a TCP connection with a SN in order to connect to Skype
network
A SC is able to determine at login if it is behind a NAT and a firewall
•
Bootstrap sn IP address and hostnames obtained by a reverse lookup
IP address:port
Reverse lookup result
Authority section
66.235.180.9:33033
sss1.skype.net
ns1.hopone.net
66.235.181.9:33033
No PTR result
ns1.hopone.net
212.72.49.143:33033
No PTR result
ns07.customer.eu.level3.net
195.215.8.145:33033
No PTR result
ns3.DK.net
64.246.49.60:33033
rs-64-246-49-60.ev1.net
ns2.ev1.net
64.246.49.61:33033
rs-64-246-49-61.ev1.net
ns2.ev1.net
64.246.48.23:33033
ev1s-64-246-4823.ev1servers.net
ns1.ev1.net
Skype Functions: USER SEARCH
Claimed by Skype
Guaranteed to find a user if it exists and logged in the last 72 hours
Search results are cached at intermediate nodes
Unable to trace messages beyond SN
Cannot force a node to become a SN
Host cache is used for connection establishment and not for SN selection
User does not exist. How does search terminate?
Skype contacts login server for failed searches
SN searches for a user behind UDP-restricted firewall
Same wildcard (sal*) search query from two different machines initiated
at the same time gives different results
Skype Functions: CALL ESTABLISHMENT
Call signaling always carried over TCP and goes e2e
Calls to non buddies=search+call
Initial exchange checks for blocked users
Public-public call
Caller SC establishes a TCP connection with callee SC
Public-NAT
Caller SC is behind port-restricted NAT
Caller---->Skype node (SN) ----> Callee
TCP connection established between caller, callee, and more than one
Skype nodes
Unknown: How a node is selected to route calls from caller to callee?
• Perhaps determined at login
Firewall-firewall call
Same as public-NAT but no in-UDP packets
Skype Functions: CALL ESTABLISHMENT
Caller is behind port-restricted NAT and callee has a public IP address
Caller sent signaling to an online Skype node which forwarded it to callee
(both over TCP)
Media flowed directly between caller and callee over UDP
Caller (NAT)
UDP
UDP
Callee No of messages
271B (5)
221B (7)
TCP
TCP
Callee
1554B (8)
1176B (9)
TCP
TCP
SN
184B (6)
1269B (6)
UDP
UDP
Other
748B (20)
3287B (20)
TCP
TCP
Other
265B (12)
77B (6)
Caller
Caller
Caller
Caller
Caller
Callee
Media: UDP
Voice packet size is between 70 and 100 bytes.
Skype Functions: CALL ESTABLISHMENT
Caller and callee are behind port-restricted NAT and UDP-blocking
firewall
Both caller and callee exchange signaling information over TCP with
another online Skype node.
Caller (NAT+firewall)
TCP
TCP
Caller
TCP
TCP
Caller
SN
713B (7)
3464B (8)
Relay
124B (4)
45B (4)
Callee (NAT+firewall)
TCP
51B (3)
TCP
117B (4)
Relay
Media:TCP
Caller
TCP
TCP
Callee
Media:TCP
N1, N2, N3
19B
19B
TCP
TCP
Callee
19B
19B
Caller and callee on the average exchange 3 msg/s
over TCP with N1, N2 and N3 after call has been
established.
Skype Functions: Summary
Public
Login
Search
Call establishment
Public
NAT
Firewall
10 KB
11 KB
7 KB
1-2 KB
1-2 KB
5-7 KB
6 KB
8 KB
8 KB
NAT
Firewall
Login
3-7 seconds
3-7 seconds
30-35 seconds
Search
3-4 seconds
5-6 seconds
10-15 seconds
Skype Functions: MEDIA TRANSFER
10/100 Mbps Ethernet
iSAC codec was used (adaptive bit-rate)
Public-public
NAT-public
Firewall-firewall
Packet size
40-120 bytes
40-110 bytes
30-90 bytes
Stream bw
5 kilobytes/s
5 kilobytes/s
5.5 kilobytes/s
Transport
UDP
UDP
TCP
Skype Functions: MEDIA TRANSFER
No silence suppression
Silence packets are used to
play background noise at the peer
maintain UDP NAT binding
avoid drop in the TCP congestion window
Putting a call on hold
Send 1 packet/3 seconds to call-peer or Skype node
same reasons as above
Codec frequency range
50-8,000 Hz (total bw of 3 kilobytes/s)
Reasonable call quality at (4 kilobytes/s)
Skype Functions: KEEP ALIVE
Send refresh message over TCP to SN every 120
seconds
Refresh message size: 2 bytes
Skype Functions: CONFERENCING
A, B, and C have public IP addresses
B and C were sending traffic over UDP to A
A acts as a mixer
A: 1.6 GHz Pentium4, 512 MB
RAM
B
A+C
B: 3 GHz Pentium4, 1 GB
C
A+B
C: 3 GHz Pentium4, 1 GB
Skype, MSN, Yahoo and Talk
Application
version
Memory usage
before call
(caller, callee)
Memory usage
after call (caller,
callee)
Process
priority
before call
Process
priority
during call
Mouth-toear latency
Skype
1.4.0.84
19 MB, 19 MB
21 MB, 27 MB
Normal
High
96ms
MSN
7.5
25 MB, 22 MB
34 MB, 31 MB
Normal
Normal
184ms
Yahoo
7.0 beta
38 MB, 34 MB
43 MB, 42 MB
Normal
Normal
152ms
GTalk
1.0.0.80
9 MB, 9 MB
13 MB, 13 MB
Normal
Normal
109ms