No Slide Title
Download
Report
Transcript No Slide Title
SIP Proxies
Jonathan Rosenberg
Chief Scientist
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
Presentation Agenda
SIP Overview
Functions of a Proxy
Features to Look for in Proxies
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
Session Initiation Protocol (SIP)
Developed in mmusic Group in IETF
Proposed standard RFC2543, February 1999
Work began 1995
Part of Internet Multimedia Conferencing Suite
Main Functions
Invite users to sessions
Find the user’s current location, match with their capabilities and preferences
in order to deliver invitation
Carry opaque session descriptions
Modification of sessions
Termination of sessions
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
Session Initiation Protocol (SIP) cont.
Main Features
Personal mobility services
Wide area operation
Session flexibility
Voice; video; games; chat; virtual reality; etc.
Leverages other Internet protocols
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
Protocol Components
User Agent Client (UAC)
End systems
Send SIP requests
User Agent Server (UAS)
Listens for call requests
Prompts user or executes program to determine response
User Agent
UAC plus UAS
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
Protocol Components cont.
Redirect Server
Network server - redirects users to try other server
Proxy Server
Network server - a proxy request to another server can “fork” request to
multiple servers, creating a search tree
Registrar
Receives registrations regarding current user locations
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
SIP Architecture
Request
Response
Media
SIP Redirect
Server
Location Service
2
3
5
4
6
1
7
11
12
13
SIP Client
SIP Proxy
10
SIP Proxy
8
14
9
SIP Client
(User Agent Server)
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
Main Functions of SIP Proxy Server
Routing Services
Authentication and Authorization
Logging/Billing
Firewall/NAT Traversal
Load Balancing
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
Routing
Problem Definition
To determine the next hop server(s) which can better handle a
SIP request
Next hop can be UAS, proxy or redirect
Type of next hop not known to server
Routing Can Be Based on Arbitrarily Complex Logic and Inputs
Primary Routing Techniques in Proxies
Registration database
Telephone routing prefixes
TRIP and TRIP-GW
Caller preferences
External databases
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
Registration Database
DB
On Startup, SIP UA Sends
REGISTER to Registrar
Registration Data Provides
Addresses to Reach User
Registrar
SQL/LDAP/?
Registration Database Forms a
Dynamic Routing Database of
Users
Proxy Farm
Centralized Store is Desired for
Scalability
VON Developers Conference -- July 2000
SIP Proxies
INVITE
www.dynamicsoft.com
Telephone Routing Prefixes
SIP INVITE Can Contain Phone Numbers
sip:[email protected]
tel:17325551212
Do Not Correspond to Users on IP Network, but
PSTN Terminals
tel:19735551212
sip:19735551212@
longdistance.com
Call Must Be Routed to Gateway
Gateways Often Arranged
1-732
regional.com
1
longdistance.com
Through Peering
Which One to Use Based on Prefixes
(Domestic = gw1, Europe = gw2)
international.com
Route Table is Mapping From Prefixes to Next
Hop IP address/port/transport
Plus URL Rewrite Rules
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
Telephony Routing Over IP (TRIP)
Inter-domain Protocol for
Gateways
Gateway Route Exchange
Completed February 2000
TRIP Supports Various Models
Bilateral agreements
Location
Server
Centralized settlements provider
Wholesaler service
ISP B
TRIP Based on Scalable IP
TRIP
Routing Technology
Uses BGP4 as a basis
Supports aggregation
Uses proven algorithms
Proxy = TRIP LS
Allows proxy to build routing table
dynamically
VON Developers Conference -- July 2000
SIP Proxies
End
Users
ISP A
Front
End
www.dynamicsoft.com
TRIP and Gateways
Normal TRIP Runs Interdomain
TRIP-GW: Lightweight Version
That Runs Between LS and
Local Gateways
Provides Gateway Information
INVITE
TRIP-GW
Exported to Other Domains Via
TRIP
Provides Gateway Management
Capabilities
Load balancing based on available
ports/codecs
Liveness detection
Failover
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
SIP Caller Preferences
SIP Extensions for Specifying
Caller Preferences and Callee
State
Presence
Proxy Server
Preferences Carried in INVITE
Setup Message
Preferences for
Preference
Video
Reaching callee at home or work
Fax, video, audio call
Mobile or landline
Secretary or voicemail
Priority locations
Caller Can Specify Proxy Routing
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
External Databases
Routing Information Can Also Be
Located in External Databases
LDAP
SQL
DB Query
whois++
Static or Dynamic
INVITE
Several Standards
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
Authentication and Authorization
Restrict/Grant User Access to
Proxy Services
Types of Services
Make incoming and outgoing calls
(careful!!)
Selection of routing tables
Ability to have CPL execution
Ability to register
Outgoing
proxy
Incoming
proxy
Inbound and Outbound
Directions
Nearly Impossible to
Authenticate Inbound Requests
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
SIP Authentication
Authentication Mechanisms
Basic
Digest
PGP
All are Challenge-Response
ACK
Basic and Digest Are Shared Secret -
Assume Trust Relationship Between
UA and Proxy
Only for outgoing requests
SIP Can Also Authenticate Responses
Not widely used
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
DoS Attack Protection
DoS Attacks
Flooding of packets
Malicious content
DMZ
Proxy Acts as DMZ Machine
Sole point of entry for calls to
network (requires firewall)
Filtering Functions
Absorbs bursts
Blocks large messages
Removes content with viruses
String parsing checks and
validations
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
Logging and Billing
Log Server
Importance of Logging
Customer care
Troubleshooting
Intrusion detection
Billing
Server
DoS attack detection
Remote
logging
Billing
Billing Issues
Must bill for a real service
Gateways
MCUs
Proxy “fronts” gateway
Need secure association to gateway
Session timer
SA
Logging to Remote Logging
Server is Key Benefit
VON Developers Conference -- July 2000
SIP Proxies
Gateways
www.dynamicsoft.com
Getting SIP Through Firewalls
Firewalls Typically Statically Configured to Let Traffic in/out of
Specific Ports/Addresses
SIP Itself Can Easily Be Let in/out
Static port 5060 opened
But SIP Signals Media Sessions, Usually RTP
RTP Difficult to Isolate
Uses dynamic UDP ports
Not its own protocol
No way to statelessly identify
Therefore, Media Sessions Will Not Flow Through Firewall
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
Getting SIP Through NATs
Network Address Translation (NAT)
Modifies IP Addresses/Ports in Packets
Benefits
Avoids network renumbering on change of provider
Allows multiplexing of multiple private addresses into a
single public address ($$ savings)
Maintains privacy of internal addresses
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
Getting SIP Through NATs cont.
Issues
If a host includes its IP address inside of an application packet, it
is wrong to the outside
SIP fundamentally handles this
Addresses inside of SIP must be rewritten
Where Can IP Addresses Be?
SDP
From field
To field
Contact
Record-route
Via
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
Continuing Challenges
Other Application Protocols Have Trouble With Firewalls
and NAT
ftp
H.323
Solution is to Embed Application Layer Gateway (ALG) into
Firewall/NAT
Actually goes into packet and modifies addresses
Requires understanding of protocol
Embedding ALG in NAT is Not Ideal Solution
Scaling
Separation of function
Expertise issue
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
Proposed Solution
Separate Application Layer
NAT/Firewall from IP Layer
NAT/Firewall
Similar to megaco decomposition
Decomposed Firewall/NAT
Proxy
Server/ALG
MG analagous to packet filter
Firewall/NAT
Packet Filter
Control
MGC analagous to ALG (proxy)
Same benefits
Better scaling
Faster
Lower Cost
Expertise problem solved
Deployment paths for new apps
Load balancing
VON Developers Conference -- July 2000
SIP Proxies
SIP
RTP
www.dynamicsoft.com
The Missing Piece
Control Protocol Between
INVITE
BIND REQ
SIP ALG and IP NAT/Firewall
BINDING
Main Requirements
INVITE
Binding request: give a private
address, obtain a public
address
200 OK
200 OK
OPEN
Binding release
Open hole (firewall)
Close hole (firewall)
Group bindings
ACK
ACK
Proxy Server
VON Developers Conference -- July 2000
SIP Proxies
Firewall
www.dynamicsoft.com
IETF Efforts on Firewall Traversal
SIP Working Group
Informational RFC will be developed
Summarizes SIP operations needed in firewall controlling proxy
Addresses problems and issues
Call flows and examples
FOGLAMPS BoF Session
Pre-Working Group
May develop protocol between firewall-controlling proxy and firewall
Currently working on protocol requirements
J. Kuthan, J. Rosenberg, “Firewall Control Protocol Framework and
Requirements”, draft-kuthan-fcp-01.txt
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
Load Balancing and Failover
Goal is To Deploy Clusters of Proxy
Servers
Scaling up the network
Any One Can Handle Request
Load Balancing
Goal is to balance work across cluster
Requests for same call to same server
Failover
Cease using machine in cluster upon
failure detection
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
Checklist of Other Desired Features
Configuration and Management
Command line interface
web
SNMP
Stateless and Stateful Modes
Performance vs. services
Record-routing
Needed for billing/logging
Separate Registration Database
Scaling, centralized management of subscribers
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
Checklist of Other Desired Features cont.
Subscriber Management
Add users to system
Define services and capabilities
CPL or not?
Authorize services against subscriber lists
Dynamic Reconfiguration
Change parameters/routing table entries on the fly
Customized Logging Outputs
XML, apache, etc.
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com
Information Resource
Jonathan Rosenberg
[email protected]
+1 973.952.5000
VON Developers Conference -- July 2000
SIP Proxies
www.dynamicsoft.com