White Paper Managing SIP traffic with Zeus Traffic Manager Zeus. Why wait
Contents High-Availability and Scalable Voice-over-IP Services... 3 What is SIP?... 3 Architecture of a SIP-based Service... 4 High Availability SIP Services... 5 Load Balancing... 5 Session Persistence... 5 Health Monitoring... 5 Gatewaying between SIP networks... 6 Internal SIP networks... 6 SIP Service - Capacity Scaling... 7 Removing SIP proxies... 7 Differentiated Services and SIP Solutions... 7 Request Inspection... 7 Request Routing... 7 Issuing Redirects... 8 Rectifying Application Errors... 8 Adding Information to SIP Calls... 8 REGISTER Storms... 9 Rewriting SIP Data...10 Conclusion... 10 Appendix: SIP processing functions in TrafficScript TM... 11 Copyright... Error! Bookmark not defined. P A G E 2 O F 14
High-Availability and Scalable Voice-over-IP Services Voice-over-IP (VoIP) services are converging on SIP and RTP for signaling and real-time media delivery respectively. This paper will introduce the key elements of a SIP network, and describe the scalability and high-availability services provided by Zeus Application Delivery Controller, Zeus Traffic Manager. Although SIP is an IETF standard, many implementations and extensions exist and mutual compatibility between different user agents cannot always be assured. Furthermore, organizations who wish to deploy advanced, differentiated SIP services need deep visibility and management of SIP traffic. Zeus Traffic Manager s full application-level inspection, driven by the TrafficScript TM programming language, makes it possible to compensate for any differences in behavior between applications and to rapidly prototype and deploy differentiated SIP services. What is SIP? SIP (Session Initiation Protocol) is a signaling protocol used to support VoIP and other rich media services. It provides several capabilities: User Registration: When a user device such as a smart phone is activated or moves, it communicates with a SIP proxy to register its location and capabilities. User Availability: When a remote device wishes to communicate with a local user, it locates and communicates with the local SIP proxy to check the availability of the user. User Capabilities: A remote device may use SIP to query the capabilities of the local user, for example, to determine if the user is able to take video calls, or use a shared whiteboard resource. Session Setup: The SIP protocol is used to set up a rich media session between two endpoints (a remote and local user). Session Management: Once a session is established, media data is exchanged using a protocol such as RTP, but the SIP connection is maintained and used to control the various media sessions. SIP allows for session transfer from one device to another, creation of new media sessions on-the-fly and the ultimate termination of media sessions. SIP is an HTTP-like protocol, but it runs over either UDP or TCP. SIP sessions are typically much more long-lived than HTTP. P A G E 3 O F 14
Architecture of a SIP-based Service A SIP-based service will contain several components that work together to ensure successful delivery of the service: SIP User Agents: A SIP User Agent is the connection endpoint that initiates or receives a SIP connection. User agents include SIP-enabled VoIP telephones, client software (a softphone ) and other end user devices. SIP Proxy Servers: SIP Proxy Servers route SIP messages from endpoint to endpoint and manage core services such as user registration. For example, the widely used OpenSER SIP Proxy Server (www.openser.org) provides registration services (accepting SIP REGISTER requests), location services (managing and forwarding INVITE requests), request proxying (to forward SIP messages or tunnel through local firewalls) and redirect services (directing a user agent to an alternate location). SIP proxy servers may also route and proxy the RTP media data, or a separate RTP proxy application may be used. PBX Gateways: A gateway may be used to interface a VoIP network with other telephony systems such as PSTN (Public Switched Telephone Network). For example, a VoIP deployment may use the Asterix (www.asterix.org) server for this purpose. Telephony Provider Customer SIP Proxy server SIP traffic SIP User Agent RTP Proxy Location Server RTP traffic SIP User Agent SIP User Agent PSTN/Internet gateway PSTN gateway PSTN Sample SIP deployment: Telephony Provider and Customer SIP services registration, location, SIP traffic management - are commonly provided by an external telephony provider. End user organizations manage the user agent devices, minimizing their capital investment and cost of management. Successful provision of a SIP service requires very high availability, scalability as the client base and call volumes grow, and the ability to create differentiated services for client groups. Organizations typically use a SIP-aware Application Delivery Controller such as Zeus Traffic Manager to achieve this. P A G E 4 O F 14
High Availability SIP Services The Zeus Traffic Manager Application Delivery Controller fully understands SIP traffic, including the requirement to maintain and update the Via field in the SIP traffic before load-balancing the message to a proxy. Zeus Traffic Manager is used in SIP traffic management mode to load-balance SIP requests across a cluster of redundant SIP proxy servers for high availability: Telephony Provider Customer SIP Proxy servers SIP traffic SIP User Agent Location Server SIP User Agent Internet gateway PSTN gateway PSTN SIP deployment with Application Delivery Controller Load Balancing Load balancing, based on least connections effectively distributes new SIP connections to the least utilized SIP proxy servers and ensures even distribution of connections across the cluster. Session Persistence Although SIP is a stateful, connection-based protocol, it is based on UDP which does not provide connection semantics. Zeus Traffic Manager automatically applies session persistence, honoring the Call-ID field and routing SIP messages in the same session to the same proxy server to ensure that SIP sessions are handled as efficiently as possible and to facilitate logging and diagnostics. Session persistence is necessary for session continuity when handling SIP message retransmits. Nevertheless, the SIP protocol is robust, and if an individual SIP server were to fail, Zeus Traffic Manager s health checking and routing would ensure that the failover would occur without interruption. Health Monitoring Built-in health monitors regularly probe each SIP Proxy Server to verify correct operation and apply failover when required. P A G E 5 O F 14
Gatewaying between SIP networks As organizations roll out IPv6 infrastructures, communications between disparate IPv4 and IPv6 networks require special management. IPv4 clients will be unable to contact IPv6 proxies and clients directly, so an intermediate gateway that can translate addresses and locations is required. fred@somewhere.else INVITE mary@example.com INVITE joe@example.com SIP Proxy servers @example.com REGISTER joe@example.com IPv4 / IPv6 gateway mary@example.com joe@example.com Public IPv4 network example.com IPv6 network Using Zeus Traffic Manager to gateway between internal IPv6 network and external IPv4 network Without a SIP-aware IPv4/IPv6 gateway like Zeus Traffic Manager, IPv4 SIP clients would be unable to communicate with IPv6 SIP proxies. Internal SIP networks Zeus Traffic Manager s built-in RTP proxy can be used to manage and make fault-tolerant both the SIP and RTP traffic in an environment where all clients are local: VPN gateway PSTN gateway SIP Proxy servers SIP User Agent PSTN SIP User Agent Using Zeus Traffic Manager s built-in RTP proxy when all clients are local In more complex environments, a specialized RTP proxy is required. P A G E 6 O F 14
SIP Service - Capacity Scaling SIP Proxies can be added to a SIP cluster as required, without incurring any downtime or significant reconfiguration. This way, service capacity can be easily scaled. Removing SIP proxies When a SIP proxy needs to be removed, for maintenance purposes for example, Zeus Traffic Manager can be instructed to drain the proxy, ensuring that no new connections or sessions are routed to that proxy. Once existing sessions time out and inactivity is verified with the visualization tools in Zeus Traffic Manager itself, it is safe to remove the SIP proxy server without interrupting any user sessions. Differentiated Services and SIP Solutions Zeus Traffic Manager s powerful TrafficScript TM -based inspection engine can be used to inspect, modify and route SIP traffic. This allows the telephony provider to rapidly create differentiated services for their customers. Request Inspection A TrafficScript rule can discriminate between different types of SIP requests, and can inspect data within each request: if( sip.getmethod() == "REGISTER" ) { log.info( "Client ". request.getremoteip(). " calling from ". sip.getrequestheader( "From" ). " to ". sip.getrequestheader( "To" ). " using ". sip.getrequestheader( "User Agent" ) ); Request Routing A telephony provider may wish to operate a single shared SIP proxy service for customers with smaller call volumes, and one or more dedicated proxy services for larger customers with many SIP clients who would otherwise dominate a shared service. TrafficScript can be used to distinguish between users based on the domain part of SIP addresses, and route traffic accordingly to different clusters of SIP proxy servers: $user = sip.getrequesturi(); if( string.endswith( $user, "@example.com" ) ) { pool.use( "Example.com SIP Servers" ); P A G E 7 O F 14
Issuing Redirects SIP calls can be explicitly redirected based on logic in TrafficScript rules: $user = sip.getrequesturi(); # Customer service team are not available outside 9am to 5pm, or on weekends if( string.endswith( $user, "@custservice.example.com" ) ) { if( sys.time.hour() < 9 sys.time.hour() >= 17 sys.time.weekday() == 1 sys.time.weekday() == 7 ) { sip.redirect( "voicemail@example.com" ); Rectifying Application Errors When an intermediate device such as a proxy or firewall processes, forwards or NATs SIP traffic, the device is required to update the Via field in the SIP message so that return messages are correctly routed. During extensive testing, engineers determined that a particular family of firewall applications did not correctly update SIP traffic; when proxying and NAT-ing traffic, they would prepend incorrectly formatted Via lines to SIP messages. Strict user agents and proxies subsequently rejected the message. Zeus Traffic Manager was configured using TrafficScript to correct the formatting of the Via line and resolve the problem: $via = sip.getrequestheader( "Via" ); $via = string.replaceall( $via, ";,", "," ); sip.setrequestheader( "Via", $via ); Adding Information to SIP Calls Various SIP user agents can recognize and act on additional information in a SIP call. For example, icons and caller information can be provided using the Call-Info header in a SIP message: # Add a reference to an information page about # a known company when a call is received from # them, and an icon to help identify them. if( sip.getrequestheader( "Organization" ) == "Zeus" ) { sip.setrequestheader( "Call-Info", "<http://www.zeus.com/assets/img/logo.gif> ;purpose=icon,". "<http://www.zeus.com/about/> ;purpose=info" ); P A G E 8 O F 14
REGISTER Storms SIP user agents send frequent REGISTER messages to their local SIP proxy in order to keep firewall tunnels open and prevent them from timing out. However, proxies do not require such frequent updates, and storms of REGISTER messages can overwhelm a proxy. Zeus Traffic Manager can be configured to inspect and filter the REGISTER messages, only sending a small number through to the proxies and responding directly to the large majority in order to maintain the firewall tunnels. Request rule: # Process SIP requests $interval = 600; if( sip.getmethod() == "REGISTER" ) { $user = sip.getrequestheader( "To" ); $contact = sip.getrequestheader( "Contact" ); $key = $user.$contact; $data = data.get( $key ); if( $data && sys.time() < $data + $interval ) { # We've seen the user less than $interval seconds ago. Respond directly sip.sendresponse( "200", "OK" ); # Otherwise, update our timing and pass the message through to the proxy data.set( $key, sys.time() ); sip.setrequestheader( "Expires", "0" ); Response rule: The Response rule needs to cater for the possibility that the registration failed, returned an Authorization Required response, or any other situation that requires the SIP User Agent to repeat the registration action: # Process SIP responses if( sip.getmethod() == "REGISTER" ) { if( sip.getresponsecode()!= "200" ) { $user = sip.getrequestheader( "To" ); $contact = sip.getrequestheader ( "Contact" ); $key = $user.$contact; data.set( $key, 0 ); P A G E 9 O F 14
Rewriting SIP Data Zeus Traffic Manager provides full read and write access to all SIP data, through specialized helper functions and through functions that return or set the raw message data. For example, Zeus Traffic Manager can transparently rewrite usernames to avoid callers receiving an unknown user error in the case that a user s SIP address has changed: if( sip.getrequesturi() == "sip:jane.doe@example.com" ) { # Jane got married last month congratulations! sip.setrequesturi( "sip:jane.jones@example.com" ); Conclusion Zeus Traffic Manager is a sophisticated, proven application delivery controller that provides for high availability, improved service performance and faster service creation. Zeus Traffic Manager s native understanding of the SIP protocol (as opposed to less intelligent IP sprayer solutions), coupled with full transaction inspection and management using TrafficScript TM makes Zeus Traffic Manager a powerful tool for the creation of highlyavailable, standards-compliant and innovative SIP services. P A G E 10 O F 14
Appendix: SIP processing functions in TrafficScript TM sip.addrequestheader( name, value, at_top ) sip.addrequestheader() modifies the current SIP request, adding a SIP header with the supplied value. If the header already exists, then this value will be appended to the existing value. If at_top is set then the value will be prepended to the header. The header name is automatically translated to the correct case before it is added. sip.addresponseheader( name, value, at_top ) sip.addresponseheader() adds a header to the SIP response that will be sent back to the client. If the header already exists in the response, then this value will be appended to the existing value. If at_top is set then the value will be prepended to the existing value. The header name is automatically translated to the correct case before it is added. sip.getmethod() sip.getmethod() returns the SIP method that was used to make the request, such as INVITE or REGISTER. sip.getrequest() sip.getrequest() returns the full SIP request and headers, but does not include any body data. sip.getrequestbody() sip.getrequestbody() returns the data contained in the body of the request. sip.getrequestheader( name ) sip.getrequestheader() returns the value of a named SIP header in the SIP request, or the empty string if the header does not exist or has an empty value. The header name is automatically translated into the proper case for the lookup. sip.getrequestheadernames() sip.getrequestheadernames() returns a list of all the headers that are present in the request. The headers are returned as a single string, separated by spaces. sip.getrequesturi() sip.getrequesturi() returns the target of the SIP request. sip.getresponse() sip.getrequest() returns the full SIP response and headers, but does not include any body data. sip.getresponsebody() sip.getresponsebody() returns the session description of the SIP response. sip.getresponsecode() sip.getresponsecode() returns the status code from the first line of the SIP response. P A G E 11 O F 14
sip.getresponseheader( name ) sip.getresponseheader() returns the value of a named SIP header in the SIP response, or the empty string if the header does not exist or has an empty value. The header name is automatically translated into the proper case for the lookup. sip.getresponseheadernames() sip.getresponseheadernames() returns a list of all the headers that are present in the response. The headers are returned as a single string, separated by spaces. sip.getversion() sip.getversion() returns the version of the SIP protocol being used. It returns the version string in the SIP/version specifier in the first line of the SIP request, such as 'SIP/2.0'. sip.redirect( contact ) sip.redirect( contact ) sends back a 302 Moved Temporarily response. This response instructs the client to retry the request at the new address(es) given in the 'contact' parameter. This is equivalent to sip.sendresponse( "302", "Moved Temporarily", "Contact: ". $uri, "" ); sip.removerequestheader( name ) sip.removerequestheader() removes a named header if it exists in the request. The header name is automatically translated to the correct case. sip.removeresponseheader( name ) sip.removeresponseheader() removes the named SIP header from the SIP response. The header name is automatically translated to the correct case. sip.requestheaderexists( name ) sip.requestheaderexists() determines if a named header exists or not. It is similar to sip.getrequestheader(), but makes it possible to distinguish between a header not being present and a header having no value. The header name is automatically translated into the proper case for the lookup. It returns 1 if the header exists, and 0 if it does not. sip.responseheaderexists( name ) sip.responseheaderexists() determines if a named header exists in the SIP response. It is similar to sip.getresponseheader(), but makes it possible to distinguish between a header not being present and a header having no value. The header name is automatically translated into the proper case for the lookup. It returns 1 if the header exists, and 0 if it does not. sip.sendresponse( code, reason, [headers], [body] ) sip.sendresponse() sends back a SIP response to the client instead of balancing the request via a pool onto a node. The Statue-Line of the response has the form: SIP/2.0 code reason Via, Record-Route, From, To, CSeq, Call-ID and Content-Length headers are automatically added to the response. Any headers supplied in the headers parameter will also be added to the response. Multiple headers must be separated by \r\n. Any body data specified is appended to the response. P A G E 12 O F 14
sip.setmethod( method ) sip.setmethod() sets the SIP method to use when forwarding the request via a pool to a node. sip.setrequestbody( body ) sip.setrequestbody() sets the request body for this SIP request to the supplied string, replacing any request body already present. This also updates the 'Content-Length' header in the request to the length of the new body data. sip.setrequestheader( name, value ) sip.setrequestheader() sets the value of the named SIP header, replacing any existing value if the header already exists. sip.setrequesturi( uri ) sip.setrequesturi() sets the target of the SIP request. sip.setresponsebody( body ) sip.setresponsebody() sets the response body for this SIP response to the supplied string, replacing any response body already present. This also updates the 'Content-Length' header in the response to the length of the new body data. If the server is still sending the original response body when this function is called, the connection to the server will be harmlessly dropped. The optional transfer-encoding parameter indicates the encoding of the body data (for example, 'chunked'). sip.setresponsecode( code, message ) sip.setresponsecode() sets the status code and message in the first line of the SIP response. sip.setresponseheader( name, value ) sip.setresponseheader() sets a header in the SIP response that will be sent back to the client. If the header already exists in the response, then it will be replaced with this new value. The header name is automatically translated to the correct case before it is added. P A G E 13 O F 14
For further information, please email: info@zeus.com or visit www.zeus.com Stay in touch with Zeus by following: blog.zeus.com or twitter.com/zeustechnology Try before you buy. Simply visit our website: www.zeus.com/downloads Technical support is also available during your evaluation. Zeus Technology Limited (UK) Sales: +44 (0)1223 568555 Zeus Technology, Inc. (U.S.) Phone: 1-888-ZEUS-INC The Jeffreys Building Main: +44 (0)1223 525000 1875 South Grant Street Fax: 1-866-628-7884 Cowley Road Fax: +44 (0)1223 525100 Suite 720 Email: info@zeus.com Cambridge CB4 0WS Email: info@zeus.com San Mateo, California 94402 Web: www.zeus.com United Kingdom Web: www.zeus.com United States of America. Zeus Technology Limited 2009. All rights reserved. Zeus, Zeus Technology, the Zeus logo, Zeus Web Server, TrafficScript, Zeus Traffic Manager and Cloud Traffic Manager are trademarks of Zeus Technology. All other brands and product names may be trademarks or registered trademarks of their respective owners.