(Voice/Video over IP) standards
Download
Report
Transcript (Voice/Video over IP) standards
Real Time Communications
Protocols and Applications
Tyler Johnson
Acting Director
Telecommunications R&D
Full Service VVoIP
Architecture
Endpoints
H.323 FABRIC
Gatekeeper
Cluster
Management Server
(Directory Services)
Embedded, Distributed,
Load Balancing
NT / Unix / VxWorks
Unix
Win2000
Cluster
Messaging
Servers
Services
MCU
Farm
Gateway
Farm
Embedded, Distributed,
Load Balancing
NT / Unix / VxWorks
Embedded, Distributed,
Load Balancing
NT / Unix / VxWorks
PSTN
Trunks
What is RTC ?
•
•
•
•
•
•
Voice
Video
Instant Messaging
Presence
Data Collaboration
Any network, any device
H.323 Protocol Stack
Audio
Video
Terminal Control and Management
G.711
H.261
G.728
H.263
RTCP
RAS
H.225
H.245
RTP
TCP
UDP
Network Layer (IP)
Link Layer
Physical Layer
Data
T.120
Audio Codecs
• ITU G.7x series
– G.711 64 kbs PCM
(only required codec)
– G.723
– G.728
• Transcoded in
gateways
– but why ??
Audio
Video
G.711
H.261
G.728
H.263
Terminal Control and Management
RTCP
RAS
H.225
H.245
RTP
TCP
UDP
Network Layer (IP)
Link Layer
Physical Layer
Data
T.120
Video Codecs
• ITU H.26x series codecs
– H.261 (most common)
– H.263
• DCT-based algorithms
• Typical speeds (-64kbs
audio)
–
–
–
–
384 kbs
768 kbs
1536 kbs
1920 kbs
Audio
Video
G.711
H.261
G.728
H.263
Terminal Control and Management
RTCP
RAS
H.225
H.245
RTP
TCP
UDP
Network Layer (IP)
Link Layer
Physical Layer
Data
T.120
RTP / RTCP
• Real-time Transport
Protocol
– Time stamps in packets
allows stream reassembly
• Real-time Control
Protocol
– Feedback channel to RTP
server
• UDP for media streams
Audio
Video
G.711
H.261
G.728
H.263
Terminal Control and Management
RTCP
RAS
H.225
H.245
RTP
TCP
UDP
Network Layer (IP)
Link Layer
Physical Layer
Data
T.120
H.245
• Media Control
• Capabilities Exchange
– Handshake to determine supported codecs
Audio
Video
G.711
H.261
G.728
H.263
Terminal Control and Management
RTCP
RAS
H.225
H.245
RTP
TCP
UDP
Network Layer (IP)
Link Layer
Physical Layer
Data
T.120
RAS
• Registration, Admission and Status
• Registers endpoint with gatekeeper
• Version 2.0
–
–
–
–
–
–
–
h323-ID
dialedDigits
URL-ID
transportID
email-ID
partyNumber
mobileUIM
Audio
Video
G.711
H.261
G.728
H.263
Terminal Control and Management
RTCP
RAS
H.225
H.245
RTP
TCP
UDP
Network Layer (IP)
Link Layer
Physical Layer
Data
T.120
H.225
• Call control
– Initiate
– Setup
– Tear down
• Derived from Q.931
– ASN.1 coding in
payload
Audio
Video
G.711
H.261
G.728
H.263
Terminal Control and Management
RTCP
RAS
H.225
H.245
RTP
TCP
UDP
Network Layer (IP)
Link Layer
Physical Layer
Data
T.120
T.120
• Data Collaboration
– Screen scraping
(limited bit depth)
– Shared Mouse
• De facto NetMeeting
• T.120 server to scale
up
• Dissatisfaction
• Out of band D/C
Audio
Video
G.711
H.261
G.728
H.263
Terminal Control and Management
RTCP
RAS
H.225
H.245
RTP
TCP
UDP
Network Layer (IP)
Link Layer
Physical Layer
Data
T.120
For DecisionHin
. 32000
23
H.323 Annexes
• Annex C “H.323 on ATM”
• Annex D “FAX over H.323”
• Annex E “Multiplexed Call Signaling Transport”
• Annex F “Simple Endpoint Type”
• Annex G “Text Conversation and Text Set”
• Annex H “User and Service Mobility”
• Annex I “Terminal Mobility”
• Annex J “Security for SET”
• Annex K “HTTP based Service Control”
• Annex L “Stimulus Signaling”
• Annex M.1 and M.2 “Tunneling of QSIG and
ISUP“
• Annex O “H.323 URL”
H.450 Supplementary
Services
• H.450.1: ‘Creation
Environment’
• H.450.2
– Blind call transfer
– Consultation
• H.450.3
– Forward
– Activation /
Deactivation
– Interrogation
• H.450.4
– Call Hold
• H.450.5
– Call Park / Pickup
• H.450.6
– Call Waiting
• H.450.7
– Message Waiting
H.323 URL
•
•
•
•
•
•
Annex O
Editor: Orit Levin, RADVision
Form h323:[email protected]
Enables clickable dialing
Eliminates dial plan routing issues
Will be the primary served object for white
pages
Security
• H.235 Security and Encryption
– Annex D
• UserID / password pair
• Hop by hop authentication
– Annex E
• PKI
• Endpoint to endpoint authentication
– Requires both gatekeeper and endpoint
support
In-Zone Dialing
Call control flows through gatekeeper
GK1
EP2
EP1
2222
Media streams flow between endpoints
EP1 dials
GK1
establishes
3333 call to EP2
3333
Inter-Gatekeeper
Communication
GK1
EP1
2222
EP1 dials
GK1
GK2
LRQs
establishes
3333
to GK2
callfor
to EP2
GK2
EP2
3333
Dialing With DNS
GK1
GK2
EP2
EP1
2222
3333
DNS
DNS
GK1
GK2
EP1 dials
calls
connects
lookup
returns
[email protected]
GK2
on
IPEP2
of
for
gk2.domain
GK2
EP2
ENUM (IETF)
GK1
GK2
EP2
EP1
2222
3333
DNS w/ENUM
ENUM
DNS
GK1
GK2
EP1 dials
calls
connects
lookup
returns
lookup
returns
3333
GK2
on
IPEP2
3333
h323:[email protected]
of
for
gk2.domain
GK2
EP2
Location Services
• Location of endpoints is a general problem
• Not limited to RTC
• Each endpoint is a server, different than
client server model
• NAT issues
• P2P is another approach
How Does SIP Differ ?
• SIP handles only location, authentication
and call initiation
• Not only media neutral, but application
neutral
• Very extensible, but creates interoperability
problems
• Ratified by IETF
• Primary direction of RTC services
Network Analysis
What is the problem?
• Artifacts are often observed in video or voice applications,
but it is generally not clear whether the cause is in the
protocol (i.e. application) or in the network
• Artifacts are gone before network or protocol engineers
can examine problem
• Difficult to deploy test equipment to myriad geographically
disparate sites
• Will this link work for the application before I deploy
equipment?
• Most measurement tools are snapshots, and do not
emulate media streams, thus missing important events.
Testing Advanced Networks
10 minute 384kbs simulated conference
SURFNet (Netherlands)
CUDI (Mexico)
Scouting Out Problems
Public Health Outreach Project
• Remote Health Clinic
connected back to
Internet2 via xDSL
• Original diagnosis was
h.323 problem
• ISP refused problem
ownership until presented
with test results
Tulane <>LANet Simulation
Louisiana Statewide T1
Network
Security Issues for RTC
E2M Security
• Pros
• Cons
– Ensures nobody steals
service provider’s resources
– Ensures you pay your bill
Call Server
– Doesn’t all you to access
resources in other realms
– Doesn’t provide caller ID
– Doesn’t recognize true
people to people nature of
application
E2E Security
• Pros
• Cons
– Confirms your identity to
the called party
– Works across realms
Call Server
Incoming Call From:
Dr. Thomas Gray
Radiology
<OK> Duke University
<OK> Internet2
– Requires common
authentication across
reams
– Other applications don’t
use this approach
– Administrative cost to
identity verification
How Does Federation Help
• E2E security features
• Still implement your own authentication methods
• Recognizes the world is a messy place
Internet2
FCC
Call Server
Federation
Duke
UNC
Federation
Provider A
Incoming Call From:
Dr. Thomas Gray
Radiology
<OK> Duke University
<OK> Internet2
Provider B
This Changes Everything
• Access to many service providers
• Not necessarily required to pre-establish accounts
• Call signaling and networks can be un-secured
Federation
VoIP
Provider
MCU
Provider
UNC
Hospital
Duke
Hospital
VoIP
Provider
PTA
Fundraiser
FCC
Federation
Provider A
Incoming Call From:
Sarah McAllister
<OK> VISA 123456
<OK> Provider A
<OK> FCC
Provider B
Directory Enabled RTC
Using H.350
Directory Services
• Directories are a key enabler of video
teleconferencing. Essentially not useful without.
• Directories are a key management tool for
tracking and supporting users
• Directory can be a portal for related information
e.g. account requests, support, user information
updates, etc.
• Canonical data source is essential for scalability
H.350 Architecture
Components
Endpoints
What end user has
• H.323 Terminals:
– Desktop videoconferencing (VCON,
Viavideo, etc)
– Room videoconferencing (Polycom,
Tandberg, etc)
– Multi-point control unit (MCU)
• SIP User Agents:
– IP Telephony
– Desktop (Messenger, CGU client…)
Call Servers Management
• H.323 Gatekeeper
• SIP Proxy
• Both have lists of users, do call routing,
enforce usage policies, do logging for
any billing….
Enterprise Directory
• Central stores of information about people associated
with an institution
• Authoritative (eg: Human Resources, Registrar;
Telecommunications)
• ONE consolidated list – identities resolved (SSN!)
• Benefits:
– Correct and current
– Single location to disable account
– Single location to reset password
• Video/VoIP manager – reinvent this wheel?
H.350 Directory
• Standardized LDAP schema that represents
application-specific information for multimedia
including these protocols:
–
–
–
–
–
SIP
H.323
H.235
H.320
Non-standard (eg: Access Grid, VRVS, MPEG2).
• Designed to require minimal changes to the
enterprise directory.
H.350 Directory Organization
commObject
Enterprise Directory
inetOrgPerson
name (dn)
address
telephone
email
organization
organizational unit
commURI
RFC 1274
userPassword
commUniqueId
commOwner
commPrivate
h323Identity
h323IdentityGKDomain
h323Identityh323-ID
h323IdentitydialedDigits
h323Identityemail-ID
……
h323IdentityEndPointTyper
h323IdentityServiceLevel
h235Identity
h235IdentityUid
h323IdentityPassword
userCertificate
White Pages
• Look up person – find video/voip address
• Standardized – works with multiple vendors’
hardware and software
• Makes “Directory of Directories” searching
possible (a global multimedia directory)
• Supports ‘clickable’ dialing
• Prototype/Testbed H.350 directory
– https://videnet.unc.edu
Endpoints Implementing
H.350 can…
• Based on EndpointID, email address, etc.,
lookup correct configuration information and
load it. - Solves big user support issue!
• No matter what protocol or brand, necessary
data can be managed in an organized way.
• Do white pages search via LDAP protocol –
receive answers; ‘click to dial’ if supported.
Endpoints supporting
H.235 can…
• User/Endpoint Validation
– Do enterprise authentication
– Obtain videoconferencing credentials
– Use VC credentials to obtain CORRECT
configuration
– Logging now suitable for usage tracking/billing
Call Servers Implementing
H.350 can…
• Pull information from canonical store
– Solves manual data entry problems
– Can convert canonical to proprietary if needed
on the fly
• Use XIdentityServiceLevel attribute to
provide levels of authorization
• Scale up video/voip operations
What problems did we
want to solve?
• Use existing identity management (authoritative
enterprise directory) – avoid replicating into
proprietary directories
• Standardize storage for protocol-specific data to
ease updates/migrations; one central store for
multiple protocols
• Leverage identity management for reliable
multimedia authentication and authorization
Other drivers
• We wanted solution to be implemented by
vendors. Therefore, adoption as a standard was
necessary
• H.323/SIP already had existing security protocols
– use those, without requiring modifications
• Be useful for non-standards based conferencing
(MPEG2 / Access Grid / VRVS)
• Evaluate utility of federated administration model
for managing videoconferencing/voip
International
Telecommunication Union
• The ITU is an inter-governmental organization under the umbrella of
the United Nations (www.itu.int)
– currently has over 450 members from industry
– has more than 2800 Recommendations in force
• Study Group 16
– multimedia service definition and multimedia systems, including the
associated terminals, modems, protocols and signal processing.
– Multimedia Services, Systems and Terminals
– e-business and e-commerce
– Selected Recommendations
•
•
•
•
H.320
H.323
H.264
H.350
• US Representation through US State Department
Why Standardization Process
Was Helpful
•
Caused the academic community to be extremely thorough
–
–
–
–
In terms of accuracy, scope and scenario development
Forced examination of real world implementation hurdles
Important linking between researchers and technologists
Implementation not valued in the computer science community
• Leads to less rigour
• Higher education thus abandons its voice
• Private industry not shy to speak up, but may not deliver desired results
•
•
•
•
•
•
Diverse expert input
Thorough review by many eyes
Difficulty getting enterprise acceptance without standardization (i.e. we’ll
munge our own)
Difficulty getting vendor acceptance because each implementation
different
Educational community not a large enough market segment to drive
development
Paves the way for other vendor partnerships
– An interesting alternative to open source