Transcript Skype

Peer-to-Peer Networks - Skype
Hongli Luo
CEIT, IPFW
Skype
 Reference: An Analysis of the Skype Peer-to-peer
Internet Telephony Protocol, S. Baset, H.
Schulzrinne, 2004
 Use traffic analysis, shared library and system call
interception techniques to analyze the various
aspects of the Skype protocol
Voice over IP (VoIP)
 VoIP – transport of voice over IP-based networks
 Complexity ranges from


Hobbyists using Internet to get free phone calls on peer-to-peer basis to
Full scale PSTN replacement networks
 VoIP must address





Types of end user terminals - IP phones, PC clients
Quality of Service – ensure agreed quality
Security risks must be clearly identified
Last mile bandwidth – which affects codec, packetization period and
where to use compression to best meet service goals
Signaling protocol must support service set required
VoIP
 Quality of Service (Delay, Jitter, Packet loss)
 Use RSVP, DiffServ, MPLS, even ATM
 RTP is used for media traffic
 Signaling protocol: SIP
 Video on Skype
 Provide video calling on Skype
 Need a web camera
 Available on computer, mobile, TV
P2P Case study: Skype
 A peer-to-peer (P2P) overlay




network for VoIP and other
applications, developed by
founder of KaZaA
P2P (pc-to-pc, pc-to-phone,
Skype
phone-to-pc) Voice-Over-IP
login server
(VoIP) application
 also IM
SkypeOut and SkypeIn
servers – PC-to-PSTN and
PSTN-to-PC
proprietary application-layer
protocol (inferred via reverse
engineering)
Packet transmission (voice
and control packets) are
encrypted
Skype clients (SC)
Supernode
(SN)
The Skype Network
Skype login
server
Message exchange
with the login server
during login
ordinary host (SC)
super node (SN)
neighbor relationships in the
Skype network
hierarchical overlay
The Skype Network (contd…)
 Ordinary host (SC)
 A Skype client
 Super nodes (SN)
 A Skype client
 Has public IP address, ‘sufficient’ bandwidth, CPU and
memory
 Login server
 Stores Skype id’s, passwords, and buddy lists
 Used at login for authentication
 Version 1.4.0.84: 212.72.49.141 and 195.215.8.141
 Peer uses a variant of STUN protocol to determine the
type of NAT and firewall it is behind
The Skype Network (contd…)
 NAT and firewall traversal
 Public IP address
 Port-restricted NAT
• A port-restricted NAT allows an external host, with source IP
address X and source port P, to send a packet to the internal
host only if the internal host had previously sent a packet to IP
address X and port P.

UDP-restricted firewall
 Uses wideband codec to maintain reasonable call
quality at an available bandwidth of 32 kbps
 Uses TCP for signaling
 Uses both UDP and TCP for transporting media traffic
Skype: making a call
 User starts Skype
 SC registers with SN

list of bootstrap SNs
 SC logs in (authenticate)
Skype
login server
 Call: SC contacts SN with callee ID

SN contacts other SNs (unknown
protocol, maybe flooding) to find
addr of callee; returns addr to SC
 SC directly contacts callee, over TCP
Skype Components
 Client listens on particular ports for incoming





calls
Maintains a table of other Skype nodes called
host cache
Wide codec
Buddy list
Encrypts messages end-to-end
Determines whether it is behind a NAT or a
firewall
Skype Components
 Ports



No default listening port
Randomly chooses a port (P1) on installation
Also opens TCP listener sockets at port 80 (HTTP) for
incoming http requests and port 443 (HTTPS)
Skype Components (contd…)
 Host cache (HC)





IP address and port number of online Skype nodes (SNs)
Maximum size: 200 entries
Liang, Kumar and Ross. Understanding KaZaA
• 200 entries for ordinary nodes (ON)
Login server IP address and port number
If unable to establish a connection with any HC entry
• Connect with one of the seven bootstrap IP address and port
pairs hardcoded in the Skype executable

HC Windows location
C:\Documents and Settings\All Users\Application
Data\Skype\shared.xml
Skype HC
Skype Components (Contd…)
 Codecs (GlobalIPSound)
Wide band codecs (50-8,000 Hz)
 iLBC (packet size: 20 and 30 ms bitrate: 15.2 kbps and 13.3
kbps)
 iSAC (packet size: 30-60 ms bitrate: 10-32 kbps)
 G.729 for SkypeOut?
 Buddy list
 Stored in ‘config.xml’ file

• C:\Documents and Settings\<XP user>\Application
Data\Skype\<skype user id>
<CentralStorage>
<LastBackoff>0</LastBackoff>
<LastFailure>0</LastFailure>
<LastSync>1120325519</LastSync>
<NeedSync>0</NeedSync>
<SyncSet>
<u>
<skypebuddy1>f384d3a0:1</skypebuddy1>
<skypebuddy2>7d1dafc4:1</skypebuddy2>
Skype Functions
 Startup
 Login
 User search
 Call establishment
 Media transfer
 Keep-alive
 NAT and firewall traversal
 Conferencing
Skype Functions: STARTUP
 First time startup


Sent a HTTP 1.1 GET request to the Skype server (Skype.com)
GET /ui/0/97/en/installed HTTP/1.1
 Normal startup
To determine a newer version of Skype is available,
during login

• GET /ui/0/97/en/getlatestversion?ver=0.97.0.6 HTTP/1.1
Skype Functions: LOGIN





Establishes a TCP connection with SN
Authenticates with the login server and gets a certified public key
Bootstrap super nodes - Hard-coded in Skype
A SC must establish a TCP connection with a SN in order to connect to Skype
network
A SC is able to determine at login if it is behind a NAT and a firewall
•
Bootstrap sn IP address and hostnames obtained by a reverse lookup
IP address:port
Reverse lookup result
Authority section
66.235.180.9:33033
sss1.skype.net
ns1.hopone.net
66.235.181.9:33033
No PTR result
ns1.hopone.net
212.72.49.143:33033
No PTR result
ns07.customer.eu.level3.net
195.215.8.145:33033
No PTR result
ns3.DK.net
64.246.49.60:33033
rs-64-246-49-60.ev1.net
ns2.ev1.net
64.246.49.61:33033
rs-64-246-49-61.ev1.net
ns2.ev1.net
64.246.48.23:33033
ev1s-64-246-4823.ev1servers.net
ns1.ev1.net
Skype Functions: USER SEARCH
 Claimed by Skype
 Guaranteed to find a user if it exists and logged in the last 72 hours
 Search results are cached at intermediate nodes
 Unable to trace messages beyond SN
 Cannot force a node to become a SN
 Host cache is used for connection establishment and not for SN selection
 User does not exist. How does search terminate?
 Skype contacts login server for failed searches
 SN searches for a user behind UDP-restricted firewall
 Same wildcard (sal*) search query from two different machines initiated
at the same time gives different results
Skype Functions: CALL ESTABLISHMENT




Call signaling always carried over TCP and goes e2e
Calls to non buddies=search+call
Initial exchange checks for blocked users
Public-public call

Caller SC establishes a TCP connection with callee SC
 Public-NAT
 Caller SC is behind port-restricted NAT
 Caller---->Skype node (SN) ----> Callee
 TCP connection established between caller, callee, and more than one
Skype nodes
 Unknown: How a node is selected to route calls from caller to callee?
• Perhaps determined at login
 Firewall-firewall call
 Same as public-NAT but no in-UDP packets
Skype Functions: CALL ESTABLISHMENT
 Caller is behind port-restricted NAT and callee has a public IP address
Caller sent signaling to an online Skype node which forwarded it to callee
(both over TCP)
 Media flowed directly between caller and callee over UDP

Caller (NAT)
UDP
UDP
Callee No of messages
271B (5)
221B (7)
TCP
TCP
Callee
1554B (8)
1176B (9)
TCP
TCP
SN
184B (6)
1269B (6)
UDP
UDP
Other
748B (20)
3287B (20)
TCP
TCP
Other
265B (12)
77B (6)
Caller
Caller
Caller
Caller
Caller
Callee
Media: UDP
Voice packet size is between 70 and 100 bytes.
Skype Functions: CALL ESTABLISHMENT
 Caller and callee are behind port-restricted NAT and UDP-blocking
firewall
 Both caller and callee exchange signaling information over TCP with
another online Skype node.
Caller (NAT+firewall)
TCP
TCP
Caller
TCP
TCP
Caller
SN
713B (7)
3464B (8)
Relay
124B (4)
45B (4)
Callee (NAT+firewall)
TCP
51B (3)
TCP
117B (4)
Relay
Media:TCP
Caller
TCP
TCP
Callee
Media:TCP
N1, N2, N3
19B
19B
TCP
TCP
Callee
19B
19B
Caller and callee on the average exchange 3 msg/s
over TCP with N1, N2 and N3 after call has been
established.
Skype Functions: Summary
Public
Login
Search
Call establishment
Public
NAT
Firewall
10 KB
11 KB
7 KB
1-2 KB
1-2 KB
5-7 KB
6 KB
8 KB
8 KB
NAT
Firewall
Login
3-7 seconds
3-7 seconds
30-35 seconds
Search
3-4 seconds
5-6 seconds
10-15 seconds
Skype Functions: MEDIA TRANSFER
 10/100 Mbps Ethernet
 iSAC codec was used (adaptive bit-rate)
Public-public
NAT-public
Firewall-firewall
Packet size
40-120 bytes
40-110 bytes
30-90 bytes
Stream bw
5 kilobytes/s
5 kilobytes/s
5.5 kilobytes/s
Transport
UDP
UDP
TCP
Skype Functions: MEDIA TRANSFER
 No silence suppression
 Silence packets are used to



play background noise at the peer
maintain UDP NAT binding
avoid drop in the TCP congestion window
 Putting a call on hold


Send 1 packet/3 seconds to call-peer or Skype node
same reasons as above
 Codec frequency range

50-8,000 Hz (total bw of 3 kilobytes/s)
 Reasonable call quality at (4 kilobytes/s)
Skype Functions: KEEP ALIVE
 Send refresh message over TCP to SN every 120
seconds
 Refresh message size: 2 bytes
Skype Functions: CONFERENCING
 A, B, and C have public IP addresses
B and C were sending traffic over UDP to A
 A acts as a mixer

A: 1.6 GHz Pentium4, 512 MB
RAM
B
A+C
B: 3 GHz Pentium4, 1 GB
C
A+B
C: 3 GHz Pentium4, 1 GB
Skype, MSN, Yahoo and Talk
Application
version
Memory usage
before call
(caller, callee)
Memory usage
after call (caller,
callee)
Process
priority
before call
Process
priority
during call
Mouth-toear latency
Skype
1.4.0.84
19 MB, 19 MB
21 MB, 27 MB
Normal
High
96ms
MSN
7.5
25 MB, 22 MB
34 MB, 31 MB
Normal
Normal
184ms
Yahoo
7.0 beta
38 MB, 34 MB
43 MB, 42 MB
Normal
Normal
152ms
GTalk
1.0.0.80
9 MB, 9 MB
13 MB, 13 MB
Normal
Normal
109ms