VoIPpresentation
Download
Report
Transcript VoIPpresentation
Setup and Evaluate Quality of
Service of VoIP on SCOLD Systems
Sherry Adair
Hakan Evecek
Elizabeth Gates
GOALS
1. Monitor a staged SCOLD attack.
2. Analyze the VoIP related protocols including
SIP, H.323, and RTP.
3. Discuss the applications used: SJphone,
NetMeeting, MSN, and HMP conferencing.
4. Use the Agilent SW Edition Advisor J1955A
5. Show the configurations used for the
experiments.
6. Provide network errors encountered.
7. Conclusions.
SCOLD
The SCOLD project
explores the use of
alternate routes
when internet
security is
threatened with an
attack on the primary
route.
WHAT IS VoIP?
Voice-over-IP technology transfers voice signals in data
packets over IP networks in real-time. It uses some other
protocols like TCP, Internet Protocol (IP), User Datagram
Protocol (UDP), Real-Time Transport Protocol (RTP),
RTCP or RTCP-XR.
Some of the benefits using VoIP:
• Cost Savings.
• Open standards and multivendor interoperability.
• Integrated voice and data networks.
PROTOCOLS
Call Control Protocols: They setup and tear down a call across
a data network. Each have different rules.
Gateway Control Protocols: Uses central coordinators to
control events and manage connections.
Media Control Protocols: They manage the traffic that requires
playback at the receiving application in a time sensitive mode.
VoIP MODES OF OPERATION
PC to PC.
PC-to-Telephone calls.
Telephone-to-PC calls.
Telephone-to-Telephone calls via the Internet.
Premises to Premises.
Premises to Network.
Network to Network.
H.323
Used for multimedia over LAN. It provides component
description, signaling procedures, call control, system
control, audio/video codec and data protocols.
Components are terminal, gateway, multimedia control
unit to decide the media stream path and gatekeeper.
Supports G.711, G722, G723 audio and G728, G729
video codecs, H.225 packet and message format,
H.245 channel negotiation and exchange and T.120
data sharing protocols.
SESSION INITIAL PROTOCOL
Used for multimedia sessions like H.323.
SIP is a simple, text based request, open, and welldefined interface encouraging application Level
signaling protocol.
Allows setting up, modifying terminating sessions
with one or more participants.
Supports user location, call setup, call transfers,
mobility by proxy, multi point control unit for different
connections .
Carries session description and setup. It supports
session management.
HOW SIP OPERATES?
Call establishment is straightforward and flexible.
Syntax is very similar to HTTP. It can be Multiple
Purpose internet mail (MIME) or extensible markup
language (XML)
Sip components are redirect server, proxy server,
user agent, registrar, SIP Server and location server.
Protocols used to transfer packets.
UDP, small packet size.
TCP, there will be multiple signal flow due to the
TCP structure.
SCTP, In the order with respect to the other
messages within the same stream.
RTP (REAL-TIME PROTOCOL)
Real-Time Protocol
Delivery of real-time information
Services
Payload type ID
Sequencing
Timestamping
PayLoad Types:
Audio
Video
Telephony signals
Text conversation
H.323 vs. SIP
Below are call samples from SIP and H.323.
Easy syntax, support mobile users and assign the transactions to
command sequence makes SIP preferable to the other protocols.
H.323
SIP
Q.931 SETUP
Q.931 CONNECT
Destination address
([email protected])
200 OK
Terminal Capabilities
Terminal Capabilities
Media capabilities
ACK
Open Logical Channel
Open Logical Channel
INVITE
Media transport address
(RTP/RTCP receive)
VoIP APPLICATIONS
SJphone: PC voice client to speak over
internet uses SIP and H.323 protocols
NetMeeting: Allows point to point audio
communication using H.323
MSN: Allows you to make phone calls over the
internet using SIP
Intel NetStructure Host Media Processing (HMP):
Conference host for up to120 H.323 and SIP
clients
AGILENT ADVISOR SW
Software protocol analyzer
Designed to troubleshoot and analyzer Ethernet
and Fast Ethernet networks
Decodes major protocols for all 7 layers
Runs on Windows 98/2000/NT 4.0 with NIC or
PCMCIA network adapter but not on UNIX.
%Utilization, total # of frames, packet sizes
IP low time to live, broadcasts, and multicasts
DATA FROM ANALYZER
HOW BUSY IS THE
NETWORK?
The network is running slowly and you want
to know why.
• How many stations are active?
• How many connections are there between
stations?
• What protocols are being used?
• Are errors being generated?
View: Connection Statistics Measurement
WHO ARE THE TOP
NETWORK TALKERS ?
You want to know if the majority of the traffic
is coming from a few stations.
Who are the top talkers on the network?
Who are the active stations?
Which connections are transmitting the most
traffic?
What protocols are being used?
View: Expert Analyzer View
WHAT ARE THE NETWORK
PROBLEMS?
Are alert, warning, or normal protocol events
occurring?
What protocols are having problems?
Who is causing the problems?
View: Connection Statistics Measurement
TESTBEDS
Simple two way communication using the network
then the internet.
Conferencing using NetMeeting then
Intel’s Netstructure Host Media Processing Demo.
Simple SCOLD attack on a two way communication
then on a conferencing call.
A simple two-way phone
conversation over the network.
Wait.uccs.edu
sjphone
analyzer
Wind.uccs.ecu
sjphone
Through SJphone, Wind calls Wait using Wait’s IP address.
Wait responds through SJphone.
Using microphones and speakers, we converse on Wait and
Wind.
A NetMeeting call over
the network
dilbert.uccs.edu
laptop
NetMeeting
Sherry
NetMeeting
Adem
NetMeeting
Hakan
Wind.uccs.edu
Adem calls Hakan, Hakan accepts.
Sherry calls both Adem and Hakan, both accept.
Using microphones and speakers a three-way
conversation is held.
A SCOLD ROUTE
wait.uccs.edu
Indirect Route
sjphone
analyzer
vinci.uccs.edu
SCOLD proxy
Ethereal
Indirect Route
Direct Route
wind.uccs.edu
sjphone
An attack on the direct route causes SCOLD to find an
indirect route.
In the lab, this was performed by hand using Public IP
addresses for the Direct Route and Private IP addresses
for the Direct Route.
NETWORK ERRORS
CONCLUSIONS
Manual test
In the real world this setup will be automatic, not manual.
IP indirect routing tunnel
The voice connection was blocked on the indirect route
but was easily reestablished when the physical connection
was reestablished.
SCOLD delay
Network connection delay was not measurable with this
experiment because the primary and secondary paths
were manually switched and there was only one extra hop.
References
Chow C.E., Cai Y., Wilkinson D., Secure Collective Defense (SCOLD)
Network http://cs.uccs.edu/~scold
Network World, November 17th Volume 20 page: 31, RTCP XR measures
VoIP performance.
Improving QoS of VoIP over WLAN :
http://cs.uccs.edu/~msoliman/cs522/docs/QoS%20of%20VoIP%20over%20wlan.pdf
Daniel Collins: Carrier Grade Voice over IP, 2nd Edition.
Daniel Minoli, Emma Minoli : Delivering Voice Over IP Networks, 2nd Edition.
Igor Faynberg, Lawrence Gabuzda, Hui-Lan Lu : Converged Network and
Services.
RFC 2543 SIP : Session Initiation Protocol : http://www.faqs.org/rfcs/rfc2543.htm
Uyless Black, Voice Over IP – 2nd Edition
H.323 Protocol Suite: http://www.protocols.com/pbook/h323.htm
Please refer to the report for rest of the references from the link below:
http://cs.uccs.edu/~cs522/studentproj/projF2003/hevecek/