The State of SIP

Download Report

Transcript The State of SIP

The State of SIP
Simon Millard
Professional Services
Manager
Aculab – booth 402
The state of SIP
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• Agenda
–
–
–
–
–
SIP concepts
Media
SIP signalling
NAT traversal
Security
www.ITEXPO.com
SIP concepts
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• SIP is the Session Initiation Protocol
– Its job is to set up a session (maybe a phone call)
between two or more users
www.ITEXPO.com
SIP concepts
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• SIP’s view of the network is the same as the
Internet’s
– Intelligence at the edge
– Re-use of proven devices and concepts
• There is the ability to negotiate supported features
– Can set up any type of media
• SIP separates media from signalling
www.ITEXPO.com
Media
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
For IP telephony we are concerned with RTP
RTP
CODECs
RTCP
UDP
IP
Ethernet, optical, radio, …
www.ITEXPO.com
Media
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• More data is sent than in a TDM call
ETH
IP
UDP RTP
AUDIO
CHK
• Silence elimination
– CNG
– VAD
www.ITEXPO.com
Media compression
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• The rain in Spain falls mainly on the plain
– Lossless
• $ r# in Sp# falls m#ly on $ pl#
– $ = the #=ain
– Lossy
• Th rn n Spn flls mnly n th pln
www.ITEXPO.com
SIP signalling
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• Coded in ASCII
• Verbs (methods) and responses
– INVITE
– ACK
– BYE
– CANCEL
– REGISTER
– ++
initiate a session
confirm session established
terminate a session
cancel a pending INVITE
bind an address to a location
www.ITEXPO.com
SIP signalling
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• Responses – as per HTTP
• 1xx information
– 100 trying, 180 ringing
• 2xx success
– 200 OK
• 3xx redirection
– 300 multiple choices
• 4xx client error
– 404 not found
• 5xx server failure
• 6xx global failure
www.ITEXPO.com
SIP signalling
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• Media for the session is described by the SDP
(session description protocol)
www.ITEXPO.com
Signalling – UAs
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• SIP based on UAs (User Agents)
– UAC initiates requests
– UAS responds to requests
sip:[email protected]
response
UAC
UAS
www.ITEXPO.com
Signalling – Proxies
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• Route signalling
– Do not initiate requests or responses
– Pass through unknown messages unchanged
– Stateless or stateful
sip:simon@work
Aculab Proxy
www.ITEXPO.com
Signalling – Registrars
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• Allow a SIP device to dynamically register a
location
– This allows them to be contactable when mobile
REGISTER
sip:[email protected]
192.168.0.102
Aculab Registrar
Location database
www.ITEXPO.com
Signalling – Redirect Servers
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• Respond to a request by redirecting it to another
device
request for
sip:[email protected]
Aculab
Redirect Server
moved to
sip:[email protected]
192.168.0.102
request for
sip:[email protected]
sip:[email protected]
registered from xx.xx.xx.xx
www.ITEXPO.com
Signalling – B2BUA
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• A back-to-back User Agent is somewhat similar to a
Proxy, but terminates and initiates SIP signalling
UA
B2BUA
UA
www.ITEXPO.com
Putting it all together
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
location
server
DNS
server
simon?
SIP SRV
b.com
[email protected]:5060
proxy.b.com
INVITE
INVITE
proxy.b.com
proxy.a.com
INVITE
RTP
BYE
www.ITEXPO.com
NAT traversal
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• Network Address Translation
– IP-Masquerading
• Source and/or destination addresses
re-written
• Most widely used to allow multiple hosts on a
private network to access the Internet from a
single public IP address
• Solved the IP address shortage of IPv4
www.ITEXPO.com
NAT traversal
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• NAT binding is created by the NAT to map a private
to a public address
• Binding lifetime
– Period of time for which the binding remains open
– Binding will be closed if there is no traffic for a period of
time
www.ITEXPO.com
NAT traversal
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• Full cone
Server A
Client
NAT
Server B
• Internal IP address and port mapped one-to-one to
external IP address and port
• External host can reach internal by sending to IP:port
www.ITEXPO.com
NAT traversal
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• Restricted cone
Server A
Client
NAT
Server B
• Internal IP:port mapped one-to-one to external IP:port
• External host can reach internal client only if traffic has
already been sent to it
www.ITEXPO.com
NAT traversal
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• Port restricted
Server A
Client
NAT
Server B
• External host can reach internal port only if traffic has
already been sent to it from that port
www.ITEXPO.com
NAT traversal
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• Symmetric
Server A
Client
NAT
Server B
• Requests from an internal IP:port are mapped to a
unique external IP:port
• Only a host which receives a packet can send
packets back
www.ITEXPO.com
NAT traversal
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• STUN
STUN server
Client
NAT
• STUN is a client/server protocol
• Client sends request to STUN server which responds
with the IP address of the NAT and the port which
was opened for the request
www.ITEXPO.com
NAT traversal
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• STUN works with full cone, restricted cone and
port restricted NATs
• Will not work with symmetric NAT
– IP address of the STUN server is different to that of the
destination endpoint
• Peers communicate discovered IP:port information
– In a full cone, any endpoint can initiate the session
www.ITEXPO.com
Security
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• SIP signalling
– Digest authentication, based on knowledge of a shared secret
Callee
Proxy
Caller
INVITE w/o credentials
407 proxy authentication required
INVITE w/ credentials
100 trying
INVITE w/ credentials
www.ITEXPO.com
Security
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• SIP signalling
– TLS – Transport Layer Security
– Based on public key cryptography
•
•
•
•
•
Client requests TLS session
Server responds with public certificate
Client verifies certificate
Mutual exchange of session keys
Send/receive application data using keys
– Can be used hop-by-hop
– SIPS requires TLS used end-to-end
www.ITEXPO.com
Security
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• Media
– Uses SRTP (secure RTP)
– AES encryption typically using 128 bit keys
– Assumes secure key exchange prior to the session
running
• Most commonly used are Mikey and SDES (SDES within SDP
so need to secure the SIP session)
www.ITEXPO.com
Summary
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
• Session Initiation Protocol leverages Internet
technologies
• Signalling and media paths
• Other devices
• NAT traversal issues
• Security
www.ITEXPO.com
Thank you
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
[email protected]
Visit Aculab on booth 402
www.ITEXPO.com