Internetworking, Switching and Routing

About This Presentation

Title:

Internetworking, Switching and Routing

Description:

INVITE/ACK/BYE/CANCEL/UPDATE. Creates, negotiates and tears down a call ... SIP Methods - ACK ... ACK must contain the media information. SIP Methods - OPTIONS ... – PowerPoint PPT presentation

Number of Views:143

Avg rating:3.0/5.0

Slides: 95

Provided by: howar47

Category:

more less

Transcript and Presenter's Notes

Title: Internetworking, Switching and Routing

1
18th APAN MeetingsQUESTnet 2004Introduction
to SIPPatrick FerriterVice President of
Product Marketing
2
History and properties

SIP is an OSI Layer 7 protocol

3
SIP History

Internet Engineering Task Force (IETF) protocol
Inventors M. Handley, H. Schulzrinne, E.
Schooler, and J. Rosenberg
Became Proposed Standard and RFC 2543 in March
1999.
SIPPING (applications) and SIMPLE (presence and
instant messaging) WGs using SIP.
SIP is now specified in RFC 3261

4
SIP Properties, 1

Web Integrated
SIP is a close relative of HTTP 1.1
Similar spec outline
URIs and URLs
Error messages
Similar parser
Adapted for session initiation
Makes real time, interactive communications just
another web feature

5
SIP Properties, 2

State Aware
Periodically refreshed state
Robust against system crashes
Less state in the center
More state in periphery
State in client and server
Types of state
Transaction state
Dialogue state
Stateful or Stateless proxies

6
SIP Properties, 3

Transport Independent
SIP is transport neutral
UDP is most popular today
simple, quick, efficient
TCP can be used for more persistent connections
TLS on top of TCP for hop-by-hop security
SIP is also media neutral
VoIP
Fax
Gaming

7
SIP Properties, 4

SIP Authentication
Challenge/Response based on shared secret - SIP
Digest
Mechanism also used by HTTP
Used for client devices
Encryption using private/public keys
Used between servers

8
SIP Properties, 5

Privacy and security
SIP signaling can be encrypted
S/MIME (Secure/Multipurpose Internet Mail
Extensions)
Defined in RFC 2633
SIP can be transported over
IPSec
Defined in RFC 2401
TLS (Transport Layer Security)
Defined in RFC 2246

9
SIP Properties, 5

SIP can carry encryption key for media in SDP
Session Description Protocol (SDP)
Defined in RFC 2327
Anonymizer service can be used to conceal
identity

10
Session Description Protocol (SDP)

SIP carries (encapsulates) SDP messages
SDP specifies codecs and media termination points
Only one of many possible MIME attachments
carried by SIP

11
SDP Properties

Defined in RFC 2327
Is used to describe media session
Carried as a message body in SIP messages
Is a text-based protocol
Uses RTP/AVP Profiles for common media types
E.g. RFC 3551 RTP Profile for Audio and Video
Conferences with Minimal Control

12
SDP Structure

v0
oTesla 289084 289041 IN IP4 lab.high-voltage.org
s-
cIN IP4 100.101.102.103
t0 0
maudio 49170 RTP/AVP 0
artpmap0 PCMU/8000
v Version number (ignored by SIP)
o Origin (only 3rd field (version) used by SIP)
s Subject (ignored by SIP)
c Connection Data (IN internet, IP4 IPv4, IP
Address)
t Time (ignored by SIP)
m Media (type, port, RTP/AVP Profile)
a Attribute (profile, codec, sampling rate)
Specifies IP address and port that this device
would like to use to RECEIVE data

13
SIP Addressing

SIP Uses SIP URLs - Uniform Resource Locators
Can look like email address or contain phone
numbers
sipJohn_at_doe.com
sip14085551212_at_company.com

14
SIP Request Methods, 1

SIP used for Peer-to-Peer Communication though it
uses a Client-Server model
Requests are called methods
Six methods are defined in base RFC 3261
INVITE
ACK
OPTIONS
BYE
CANCEL
REGISTER

15
SIP Request Methods, 2

REGISTER
Register contact with Registrar
INVITE/ACK/BYE/CANCEL/UPDATE
Creates, negotiates and tears down a call
(dialogue)
MESSAGE
Creates an Instant Messaging session
SUBSCRIBE
Subscribe to a service (like message waiting
indication)
NOTIFY
Notify a change in service state (new Voicemail)

16
SIP Methods - INVITE, 1

INVITE requests the establishment of a session
Carried in Message Body (SDP)
Type of session
IP Address
Port
Codec

17
SIP Methods - INVITE, 2

An INVITE during an existing session (dialogue)
is called a re-INVITE
re-INVITEs can be used to
Place calls on or remove calls from hold
Change session parameters and codecs
The SIP UPDATE method is the proposed replacement
for this technique

18
SIP Methods - ACK

ACK completes the three way session setup
handshake (INVITE, final response, ACK)
Only used for INVITE
If INVITE did not contain media information
ACK must contain the media information

19
SIP Methods - OPTIONS

OPTIONS requests the capabilities of another User
Agent
Response lists supported methods, extensions,
codecs, etc.
User Agent responds to OPTIONS the same as if an
INVITE (e.g. if Busy, returns 486 Busy Here)

20
SIP Methods BYE and CANCEL

BYE terminates an established session
User Agents stop sending media packets (RTP)
CANCEL terminates a pending session.
INVITE sent but no final response (non-1xx) yet
received.
User Agents and Proxies stop processing INVITE

21
SIP Methods - REGISTER

Registration allows a User Agent to upload
current location and URLs to a Registrar
Registrar can upload into Location Service
Incoming requests can then be proxied or
redirected to that location
Built in SIP support of mobility
UAs do not need static IP addresses
Obtain IP address via DHCP, REGISTER indicating
new IP Address as contact

22
SIP Request URI

The Request-URI indicates the destination address
of the request
Proxies and other servers route requests based on
Request-URI.
The Request-URI is modified by proxies as the
address is resolved.

23
SIP From and To Tags

Tags are pseudo-random numbers inserted in To or
From headers to uniquely identify a call leg
INVITE request From header contains a tag
Any User Agent or Server generating a response
adds a tag to the To header in the response
To sipjohn_at_company.comtag123456

24
SIP Method - INFO

Used to transport mid-call signaling information
Only one pending INFO at a time
Typical use - PSTN signaling message carried as
MIME attachment
E.g. ISDN User-to-User information
Defined in RFC 2976

25
SIP Method - REFER

Indicates that recipient (identified by the
Request-URI) should contact a third party using
the contact information provided in the request
Typical Use Call Transfer features
Allowed outside an established dialogue

26
SIP Method - PRACK

Provisional Response ACKnowlegement
Used to acknowledge receipt of provisional
response
183 Session Progress
Does not apply to 100 Trying responses
Only provisional responses 101-199 may be sent
reliably and acknowledged with PRACK
If no PRACK sent, response retransmitted
Defined in RFC 3262

27
SIP Methods SUBSCRIBE and NOTIFY

SUBSCRIBE requests notification of when a
particular event occurs
Use Expires0 to unsubscribe
A NOTIFY message is sent to indicate the event
status
Sample Applications
Presence
Message waiting indication for voicemail
Defined in RFC 3265

28
SIP Method - MESSAGE

Extension to SIP for Instant Messaging (IM)
MESSAGE requests
carry the content in the form of MIME body parts
use the standard MIME headers to identify the
content

29
SIP Responses, 1

SIP Requests generate Responses with codes
borrowed from HTTP
Classes
1xx Informational
2xx Final
3xx Redirection
4xx Client Error
5xx Server Error
6xx Global Failure
Response example 404 Not Found

30
SIP Responses, 2

1xx-3xx

31
SIP Responses, 3

32
SIP Responses, 4

5xx-6xx

33
Headers

Extensible flags
From and To URLs
From John Smith ltsipjsmith_at_zultys.comgt
To Tony Warhurst ltsiptwarhurst_at_beerdrinkers.orggt
Contact URL
Contact Jane Doe ltsipjdoe_at_192.168.1.100gt
Via URL
Via SIP/2.0/UDP 192.168.1.1005060
Call-ID
Unique tag for this dialogue
CSeq
Track how many messages for this request

34
SIP Headers, 1

SIP Requests and Responses contain Headers
(similar to Email headers)
Required Headers
To
From
Via
Call-ID
CSeq
Max-Forwards
Optional Headers
Subject, Date, Authentication (and many others)

35
SIP Headers, 2

Required (mandatory) header descriptions

36
SIP Message Body

A SIP Message
can have a message body similar to attachment in
an email message
Message Body in an INVITE
contains a description of the media session in
another protocol
Usually SDP - Session Description Protocol (RFC
2327)

37
SIP Client and Server

SIP Elements are either
User Agents (end devices that initiate and
terminate media sessions)
Servers (that assist in session setup)
Proxies
Registrars
Redirect servers
A User Agent acts as a
Client when it initiates a request (UAC)
Server when it responds to a request (UAS)

38
SIP User Agents

Capable of sending and receiving SIP requests
SIP end-devices
SIP phone
PC or laptop with a soft phone
PDA
mobile phone
A Gateway is a User Agent which serves many users

39
SIP UAC and UAS

SIP UAC
UA component that sends requests and receives
responses
Example UAC initiates a call by sending an
INVITE
SIP UAS
Component of UA that receives requests and
responds to them
Example UAS receives a call request and rings
phone

40
SIP B2BUA versus Proxy

B2BUA versus Proxy
SIP Proxies route SIP messages unchanged
Back to Back User Agents appear as just another
SIP endpoint and can modify the message however
they like.
B2BUAs can act as gateway to the PSTN, a simple
SIP filter or even a SIP Proxy
B2BUAs can do whatever they want, only SIP
Proxies have to follow the rules Dean Willis,
SIP co-chair
Zultys provides a B2BUA that also has elements of
the SIP Proxy and Registrar

41
SIP B2BUA Example

Defined as a virtual UAS/UAC connected back to
back
Acts as a UAS on one call leg and a UAC on the
other call leg
It may or may not terminate and bridge the RTP
streams

42
SIP Registrar, 1

SIP server that can receive and process REGISTER
requests
A user has an account created which allows them
to REGISTER contacts with a particular server
The account specifies a SIP Address of Record
(AOR)

43
SIP Registrar, 2

SIP Registrars store the location of SIP
endpoints
Each SIP endpoint Registers
with a Registrar using its Address of Record and
Contact address
Address of Record for John Smith in From header
From John Smith ltsipjsmith_at_zultys.com
Contact header tells Registrar where to send
messages
Contact John Smith ltsipjsmith_at_192.168.1.100gt

44
SIP Registrar, 3

SIP Proxies
query SIP Registrars for routing information
Incoming calls addressed to sipjsmith_at_zultys.com
now routed by the Proxy to the Contact header
URL sipjsmith_at_192.168.1.100
SIP Registrars
typically hold the list of devices registered for
a particular domain

45
Proxy Server

SIP Proxy servers route SIP messages
Stateless Proxies use stateless protocols like
UDP to talk to endpoints
Low Proxy overhead
Ephemeral connections, dropped as soon as message
is forwarded
Stateful Proxies use TCP or other stateful
protocols to set up a permanent connection
High Proxy overhead
Endpoint connection must be set up, maintained
and torn down for the duration of the session

46
SIP Proxy Server

SIP Server which acts on behalf of User Agents
Receives a SIP request
Adds some headers
Modifies some of the headers
Forwards request to next hop server or client

47
Stateless Proxy

Forwards every request downstream
Forward every response upstream
Keeps no state
does not have any notion of a transaction
Never performs message retransmissions
Stateless proxies scale very well
can be very fast
good for network cores

48
Stateful Proxy

Maintains state information for the duration of
either the
Transaction (request)
Transaction Stateful
Dialogue (from INVITE to BYE)
Dialogue Stateful
Performs message retransmission

49
SIP Redirect Server

Receives a request and returns a redirection
response (3xx)
Contact header in response indicates where
request should be retried
Similar to database query
All Server types are logical NOT Physical

50
Protocol and media

SIP can carry many protocols using MIME standard
SDP
XML
JPEG/GIF
Tunnel your favourite protocol
SIP takes care of signalling on behalf of media
RTP
RTCP

51
Locating SIP Servers

Manual provisioning
DHCP SIP Option 120
RFC 3361
Multicast (deprecated)
DNS SRV method
Get local domain name automatically from DHCP
server
Perform SRV record query through DNS on that
domain for _sip._udp.ltdomain namegt
Send SIP REGISTER message to resolved server
phone is up and running without user intervention

52
Simple Provisioning
53
Enterprise SIP Solutions

SIP enables the convergence revolution
truly open standards based
Presence Instant Messaging and 3rd party call
control
create a wealth of new services for enterprise
end users
telephony-enabled address and buddy lists
Advanced service creation using SIP
ad hoc video conferencing
user-customizable find me and follow me
user profiling and here I am

54
Presence and Instant Messaging, 1

SIP for Instant Messaging and Presence Leveraging
Extensions (SIMPLE)
several vendors who intend to implement SIMPLE
provides for presence and buddy lists
Instant Messaging in the enterprise
telephony enabled user lists

55
Presence and Instant Messaging, 2
56
SIP for Presence Subscribe and Notify
Presentity
WATCHER
200 OK presentity-gtwatcher SIP/2.0 202
Accepted Via SIP/2.0/UDP
watcherhost.example.com5060 From User
To Resource Call-ID
3248543_at_watcherhost.example.com Cseq 1
SUBSCRIBE Expires 600
Content-Type application/xpidfxml
Content-Length 351 NOTIFY Presentity-gtwatcher
NOTIFY sipuser_at_watcherhost.example.com
SIP/2.0 Via SIP/2.0/UDP
pres.example.com5060 From Resource
To User Call-ID 3248543_at_watcherhost
.example.com CSeq 1 NOTIFY
Content-Type application/xpidfxml
Content-Length 352
Subscribe
202 Accepted
Notify
200 OK
SUBSCRIBE watcher -presentity SUBSCRIBE
sippresentity_at_pres.example.com SIP/2.0
Via SIP/2.0/UDP watcherhost.example.com5060
From User To Resource
Call-ID 3248543_at_watcherhost.example.com
CSeq 1 SUBSCRIBE Expires 600
Accept application/xpidfxml, text/lpidf
Contact sipuser_at_watcherhost.example.com
57
SIP for Instant Message Message

MESSAGE sipuser1_at_user1pc.domain.com SIP/2.0
Via SIP/2.0/UDP user2pc.domain.com
To sipuser1_at_domain.com
Fromsipuser2_at_domain.comtagab8asdasd9
Contact sipuser2_at_user2pc.domain.com
Call-ID asd88asd77a_at_1.2.3.4
CSeq 1 MESSAGE
Content-Type text/plain
Content-Length 29
My name is User1

User 1
User 2
Message
200 OK

SIP/2.0 200 OK
Via SIP/2.0/UDP user2pc.domain.com
To sipuser1_at_domain.com
From sipuser2_at_domain.comtagab8asdasd9
Call-ID asd88asd77a_at_1.2.3.4
CSeq 1 MESSAGE
Content-Length 0

58
3rd Party Call Control Basic
Controller
User A SIP Phone
Agent B PC
59
Example of 3pcc Click-to-Dial
60
Ad Hoc Conferencing

SIP enables ad-hoc conferencing of any media
audio
video
white board (T.120)
chat
media or applications yet to be defined
(extensible)
Invite people and add media at any time

61
Ad Hoc Conferencing
62
Record-Route

Proxies insert Record-Route headers
When they want to be included in the return
signaling path
Used by carriers to keep track of calls

63
Making a SIP call to the PSTN

PSTN signalling does not map one-to-one to SIP
signalling
B2BUAs can signal SIP endpoint on the PSTNs
behalf and signal the PSTN on the SIP endpoints
behalf
Call cant be set up until both sides are
connected
Early media is sent from the PSTN side to the SIP
side to indicate call progress tones
Delayed media exchange may be required to
negotiate codecs not supported by the
intermediate B2BUA

64
Mobility, 1

Covered under the SIP-based 3GPP proposal
SIP with minor extensions to better work with
low-bandwidth, high-latency wireless networks
SIP compression specifications
Additional codecs used like GSM

65
Mobility, 2

Move your SIP phone anywhere in network
no additional administrative work
Register from anywhere
SIP Server becomes virtual PBX for
for both local and remote users
Address belongs to the user, not to devices
using one address, users..
register multiple contacts
reached at preferred devices

66
Find Me Follow Me

Allows users to define
Who can reach them
Where they can be reached
When they can be reached
How calls are routed
unconditionally or
based on a caller receiving
no answer or
a busy signal
What greetings are played for different callers

67
Here I Am

Find me follow me
based on predefined rules
Here I Am works on an ad-hoc basis
user logs in from any location
indicates presence and manage calls from that
location
all communication now directed to that location
IM, chat, voice calls

68
Unified Messaging

Not actually a part of SIP, but easy to implement
in concert with SIP
Can be as simple as
emailing all incoming faxes and voice mail
Can be as complex as
sending Instant Messages with speech to text
encoding
paging user when someones Presence indicates
theyre accessible

69
Digest Authentication

SIP uses standard HTTP Digest Authentication with
minor revisions
Simple Challenge/Response scheme
REGISTER -gt
lt- 407 Challenge
nonce
REGISTER MD-5 hash (pw nonce) -gt
lt- 200 OK
Password is never sent in the clear, just the
MD-5 hash generated with the password and nonce
Defeats Man-in-the-middle attacks since source
address cant be spoofed or second REGISTER will
never arrive

70
Authorization

Required by many Internet Telephony Service
Providers (ITSPs)
Service Provider supplies Username and password
SIP leverages Digest Authentication features to
do this

71
NAT Basics, 1

Network Address Translator (NAT)
Defined in RFC 3022
Standard application
map private IP address range
10.0.0.0 10.255.255.255
172.16.0.0 172.31.255.255
192.168.0.0-192.168.255.255
to public IP address range

72
NAT Basics, 2

Problem NATs modify IP addresses (Layer 3)
SIP/SDP are Layer 7 protocols transparent to
NAT
SIP Via, From and Contact headers use
not-routable private addresses
SDP states that originator wishes to receive
media at not-routable private addresses
If destination on the public internet tries to
send SIP or RTP traffic to those private address
Traffic will be dumped by first router

73
NAT Basics, 3

Network Address Translator (NAT) - Packets Dropped

74
NAT Traversal, 1

Solutions to NAT traversal
Application level gateway (ALG)
STUN
Universal Plug and Pray (UPnP)

75
NAT Traversal, 2

Solutions to NAT Traversal (commonalities)
Rewrite all SIP/SDP source addresses
SIP Via, From and Contact headers use public
NAT address
SDP addresses use NAT public address
Use SIP over TCP

76
NAT Traversal, 3

Solutions to NAT Traversal (commonalities)
Use draft-ietf-sip-symmetric-response-00
Use Symmetric SIP/RTP
Use same UDP port number for incoming/outgoing
Hold ports open for call duration
Send UDP packet typically every 30 seconds
SIP over UDP uses 30 second re-INVITE, REGISTER
or OPTIONs
RTP sends at much higher frequency by default

77
NAPT

Network Address Port Translator (NAPT) - Packets
Dropped

78
NAT Traversal

Address rewrite symmetric SIP/RTP

79
NAPT Basics

Network Address Port Translator
Can map multiple private IP addresses and ports
to one public IP address and ports

80
NAPT Basics

Same problem as NATs only worse
SIP Via, From and Contact headers use
not-routable private addresses AND private UDP
port number
SDP states that originator wishes to receive RTP
media at not-routable private addresses AND
private port number
If destination on the public internet tries to
send SIP or RTP traffic to those private
addresses and ports
Traffic will be dumped by first router
Rewritten addresses with private ports will get
dumped NAPT

81
NAPT Traversal

NAPT passthru

82
Firewall Basics, 1

Firewalls work by blocking services
Packets can typically leave
Only associated packets may return
Stateful packet inspection
TCP makes this easy (duration of connection)
UDP based on reply timeout
Packet filtering

83
Firewall Basics,2

Stateful Inspection
Pioneered by Checkpoint software
Outgoing packets are bound to incoming packets at
IP/Layer 3 to establish a virtual session between
two endpoints, though Layer 4 and above are used
to determine binding
Bound incoming packets are allowed through, all
others are dropped

84
SIP ALG for Firewall Traversal, 1

SIP or RTP proxy that is trusted by the firewall
Typically connected to Demilitarized Zone (DMZ)
All SIP and RTP packets directed to the ALG
ALG enforces security policy
ALG works with NAT
Internal SDP modified as SIP message is proxied
Two separate media sessions established, bridged
by ALG

85
SIP ALG for Firewall Traversal, 2
86
SIP Firewall Control Proxy, 1

Another approach
SIP Firewall Proxy that communicates with
Firewall and NAT
Firewall Proxy parses SDP and requests Firewall
to open pin-holes to let RTP packets pass
Firewall Proxy maintains NAT address binding and
modifies SDP accordingly

87
SIP Firewall Control Proxy, 2

Middlebox Communications (MIDCOM)
Group in IETF working on protocol that would be
used between Firewall Control Proxy and
Firewall/NAT
Have also proposed STUN as a temporary
improvement
STUN - Simple Traversal of UDP Through Network
Address Translators
Simple client/server protocol
Allows applications to
Discover presence and types of NATs and firewalls
between them and public Internet
Modify outgoing messages according to findings
STUN works with most NATs but falls apart when
there is a Firewall preventing UDP

88
Traversing a NAT STUN, 1

Supports auto-discovery of the public IP address
and port number
SIP UA then rewrites all addresses to masquerade
as originating from the NAT public address.
Requires a STUN server on the outside
Requires symmetric use of ports
Not supported if NAT/Firewall is blocking
outgoing ports too

89
STUN, 2

STUN
Client on IP Phone uses STUN protocol
To communicate with a STUN server at ISP
Learns external IP address
Uses that in SDP

90
Traversing a NAT - UPnP

Simple protocol used to query Firewalls and NATs
directly for external public addresses and port
numbers unlike STUN
SIP UA rewrites private addresses as usual
Supported by almost all home Firewall/NAT
appliance vendors.
Implemented in Microsoft Messenger by default
Not compatible with VPNs in this case since you
really do want to use the private address here
Unplug and play program will turn it off on PCs

91
UPnP, 2