A P2P SIP Architecture - Two Layer Approach - draft-sipping-shim-p2p-arch-00.txt



Similar documents
RELOAD Usages for P2P Data Storage and Discovery

ENUM: Migrating to VoIP. P2P Voice Applications

NAT and Firewall Traversal with STUN / TURN / ICE

Application Note. SIP Domain Management

Application Note Multiple SIParator Distribution

Session Initiation Protocol Deployment in Ad-Hoc Networks: a Decentralized Approach

Bridging the gap between peer-to-peer and conventional SIP networks

An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol

12. Firewalls Content

Mobile P2PSIP. Peer-to-Peer SIP Communication in Mobile Communities

Enhancements to Collaborative Media Streaming with IETF Protocols

NAT and Firewall Traversal with STUN / TURN / ICE

SIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University

Understand SIP trunk and registration in DWG gateway Version: 1.0 Dinstar Technologies Co., Ltd. Date:

VoIP and NAT/Firewalls: Issues, Traversal Techniques, and a Real-World Solution

IT Security Evaluation of Skype in Corporate Networks

Application Note. Onsight TeamLink And Firewall Detect v6.3

Application Note. Onsight Connect Network Requirements v6.3

EE4607 Session Initiation Protocol

Guidance Regarding Skype and Other P2P VoIP Solutions

A Comparative Study of Signalling Protocols Used In VoIP

Configuration Aid To Ingate Firewall/SIParator - Using Your Own SIP Domain. Lisa Hallingström Paul Donald

LifeSize Transit Deployment Guide June 2011

Using DNS SRV to Provide High Availability Scenarios

Multidomain Virtual Security Negotiation over the Session Initiation Protocol (SIP)

Managing (VoIP) Applications DYSWIS

NAT Traversal for VoIP. Ai-Chun Pang Graduate Institute of Networking and Multimedia Dept. of Comp. Sci. and Info. Engr. National Taiwan University

Basic Vulnerability Issues for SIP Security

SIP Proxy. SIP Proxy. Bicom SYSTEMS. SIP Proxy... Advanced Simplicity

Ram Dantu. VOIP: Are We Secured?

OVERVIEW OF ALL VOIP SOLUTIONS

Firewalls P+S Linux Router & Firewall 2013

How To Use A Phone Over Ip (Phyto) For A Phone Call

QuickSpecs. Models. Features and benefits Configuration. HP VCX x3250m2 IP Telecommuting Module. HP VCX x3250m2 IP Telecommuting Module Overview

SIP and ENUM. Overview DENIC. Introduction to SIP. Addresses and Address Resolution in SIP ENUM & SIP

Network Convergence and the NAT/Firewall Problems

nexvortex Setup Guide

Bit Chat: A Peer-to-Peer Instant Messenger

VoIP LAB. 陳 懷 恩 博 士 助 理 教 授 兼 所 長 國 立 宜 蘭 大 學 資 訊 工 程 研 究 所 TEL: # 255

Media Gateway Controller RTP

TLS and SRTP for Skype Connect. Technical Datasheet

Best Practices for Controlling Skype within the Enterprise. Whitepaper

Design of a SIP Outbound Edge Proxy (EPSIP)

Contents. Specialty Answering Service. All rights reserved.

Internet Communications Using SIP

SIP and VoIP 1 / 44. SIP and VoIP

ABC SBC: Mobile Subscriber Support. FRAFOS GmbH

NAT TCP SIP ALG Support

IPv4 and IPv6 Integration. Formation IPv6 Workshop Location, Date

Question 1. [7 points] Consider the following scenario and assume host H s routing table is the one given below:

Voice over IP Communications

Dissertation Title: SOCKS5-based Firewall Support For UDP-based Application. Author: Fung, King Pong

Sync Security and Privacy Brief

Research on P2P-SIP based VoIP system enhanced by UPnP technology

OSSIR, November /45

Cisco TelePresence Video Communication Server Basic Configuration (Control with Expressway)

Lawful Interception in P2Pbased

Proxy Server, Network Address Translator, Firewall. Proxy Server

Overview of VoIP Systems

Cisco TelePresence Video Communication Server (Cisco VCS) IP Port Usage for Firewall Traversal. Cisco VCS X8.5 December 2014

A Scalable Multi-Server Cluster VoIP System

THE GEOMORPHIC VIEW OF NETWORKING: A NETWORK MODEL AND ITS USES

NAT Traversal for VoIP

Configuration Notes 0215

Internet Security. Prof. Anja Feldmann, Ph.D.

A Self-Managing SIP-based IP Telephony System based on a P2P approach using Kademlia

Application Notes Rev. 1.0 Last Updated: January 9, 2015

Emergency Services Interconnection Forum (ESIF) Emergency Services Messaging Interface Task Force ( Task Force 34 )

SIP, Security and Session Border Controllers

Voice over IP (SIP) Milan Milinković

Application Notes for Configuring Broadvox SIP Trunking with Avaya IP Office - Issue 1.0

Cullen Jennings July 2015

This presentation discusses the new support for the session initiation protocol in WebSphere Application Server V6.1.

Setting up a reflector-reflector interconnection using Alkit Reflex RTP reflector/mixer

Deploying Secure Enterprise Wide IP Videoconferencing Across Virtual Private Networks

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

ABC SBC: Securing the PBX. FRAFOS GmbH

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Developing Higher Density Solutions with Dialogic Host Media Processing Software

Best Practices for SIP Security

Global Network. Whitepaper. September Page 1 of 9

IP Ports and Protocols used by H.323 Devices

NAT Traversal in SIP. Baruch Sterman, Ph.D. Chief Scientist David Schwartz Director, Telephony Research

Internet Working 15th lecture (last but one) Chair of Communication Systems Department of Applied Sciences University of Freiburg 2005

Overview. Tor Circuit Setup (1) Tor Anonymity Network

SIP OVER NAT. Pavel Segeč. University of Žilina, Faculty of Management Science and Informatics, Slovak Republic

Transcription:

A SIP Architecture - Two Layer Approach - draft-sipping-shim-p2p-arch-00.txt IETF65, Dallas March 25, 2006 Eunsoo Shim Sathya Narayanan Greg Daley Panasonic Digital Networking Laboratory

Two Layer Approach overlay layer provides the following functions overlay management function - peer initiation (join), leave service function placement and lookup of resources SIP is just an application over overlay layer. DHT lookup messages are generic ---- independent of SIP call semantics or resource types 6 7 SIP Layer SIP Layer SIP Layer 1 5 Overlay Layer 2 Overlay Layer 3 Overlay Layer Overlay Layer 4 INVITE message flow 2

Hierarchical Structure of Overlay Super Node (): Participate in DHT; reachable through predefined ports and protocols by any node (most likely to have a public IP address). Ordinary Node (): Not in DHT, associate with s and send service requests to them. A overlay network may have only s. - hierarchy is independent of SIP UA-Proxy hierarchy. Bootstrap Server: provides information of some of existing s to a new node. Login Server: authenticates user identity (passwordbased) and issues a certificate for user public key. Login Server Bootstrap Server 3

Federation of SIP Networks Multiple independent overlay networks are allowed. Overlay identifier domain name Single-domain overlay: A overlay network supporting only one domain. Multi-domain overlay: A overlay network supporting multiple domains. No lookup or placement across overlay network boundaries (?) Call routing to a peer in a remote overlay network --- via Proxies SIP Domain SIP Domain Overlay SIP Domain SIP Domain Overlay (?) DNS Overlay Overlay SIP Domain SIP Domain SIP Domain Overlay 4

Possible SIP Network Composition Scenarios UA Proxy Registrar Role of Overlay (a) Not Required Replace the registrar and DNS lookup for locations of local proxies (b) CS Replace the location database accessed by local proxies and the local registrar Register Registrar 1 INVITE Proxy 4 INVITE UA 2 Add 2 Get 3 UA2 Address Add UA 1 (CS) Overlay Layer Overlay Layer Overlay Layer 5 200 OK 5

Peer Initiation Any peer starts as an ordinary node (). 1. Bootstrap discovering peers in the overlay Service location (multicast) Cached addresses Last good addresses Preconfigured bootstrap server 2. - Association Contacting UDP, TCP, Fallback Transport Mutual return reachability test 3. Authentication If does not have a certificate, contact the login server and receives the certificate. - mutual authentication 4. NAT/FW Traversal Create address bindings for inbound SIP messages ICE (STUN, TURN) 6

Post Initiation Tasks Registration Publish contacts (tuples of transport protocol, IP address, port) in the overlay Becoming a Super Node Self-selected dynamically and automatically. MUST be able to receive overlay messages from other s on predetermined protocols and ports. SHOULD be online stably. SHOULD have sufficient physical resources. 7

Overlay API get(in overlay_id, in name, out records, out error) add(in overlay_id, in name, in record, in lifetime, in option, out error) update(in overlay_id, in name, in record, in lifetime, in option, out error) remove(in overlay_id, in name, out error) 8

Resource Record User Location <resource> ------ header of a resource <version>1.0</version> ------ resource format version <type>user location</type> ------ type of the resource <key>19873761ab24</key> ------ key for the resource <lifetime> 3600 </lifetime> ------ lifetime of the record <timestamp>19809832142</timestamp> ------ indicate which is more recent <user_uri> user@example.com </user_uri> <location> <node_ip>178.14.234.21</node_ip> --- the IP address at which the user can be reached <transport>tcp5060 UDP5060 TCP80 TCP443</transport> --- the list of ports the UA is listening to </location> <location> <node_ip>192.168.0.100</node_ip> --- the IP address at which the user can be reached <transport>tcp5060 UDP5060 TCP80 TCP443</transport> --- the list of ports the UA is listening to </location> </resource> Resource name: <type> + <user_uri> Resource key = hash(resource name) 9

Resource Record Proxy Location <resource> ------ header of a resource <version>1.0</version> ------ resource format version <type>proxy location</type> ------ type of the resource <key>19873761ab24</key> ------ key for the resource <lifetime> 36000 </lifetime> ------ lifetime of the record <timestamp>198023422</timestamp> ------ indicate which is more recent <domain> example.com </domain> <location> <node_ip>178.14.234.21</node_ip> --- the IP address at which the user can be reached <transport>tcp5060 UDP5060 TCP80 TCP443</transport> --- the list of ports the proxy is listening to </location> <location> <node_ip>192.168.0.100</node_ip> --- the IP address at which the user can be reached <transport>tcp5060 UDP5060 TCP80 TCP443</transport> --- the list of ports the proxy is listening to </location> </resource> Resource name: <type> + <domain> Resource key = hash(resource name) 10

Security Considerations Bootstrapping Security Mutual authentication is required. - Authentication Minimize reliance on the central login server. Peer Transport Security Message authentication is required. Firewalls Allow port 80, 443 as the last resort??? Relay for NAT Traversal Defend against compromised relays by end-to-end authentication Registration Signature for the location records Privacy issue Authentication when central servers are not reachable DoS attacks Defend excessive overlay traffic generation by rate limiting Ill behaviors of s Messing up DHT tables Free riders Refusing or avoiding to be a And so on. 11

Pros & Cons of the Two Layer Approach Pros Transparent interoperation with client server SIP Clarity No confusion with semantics of existing SIP messages Flexibility Easier to support different overlay algorithms with little change in SIP messages Sharing the overlay network --- common lookup mechanism for many things! No change in DHT operation required to support advanced features of SIP-based VoIP, IM, and Presence Can share the same overlay network with more applications beyond basic VoIP call or IM. For example, for -based conferencing later. Nodes without SIP entity can participate in the overlay network. Cons No optimization of search and overlay maintenance by using SIP call semantics Challenge Defining a new protocol Can we reuse any existing protocols? 12

What Needs To Be Specified? overlay protocol Overlay Algorithm Message syntax and state machines <->, <-> / <-> Login Server / <-> Bootstrap Server SIP entity behavior -UA Behavior -Proxy Behavior -Registrar Behavior Interface between SIP layer and overlay layer Resource records (types, formats) Overlay API (semantics) 13

Acknowledgements Henning Schulzrinne Salman Baset 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information