NEW IP QoS ARCHITECTURE FOR VOICE AND DATA CONVERGENCE OVER DSL LINES By Ala'a Abedel Rahman Al-Zo'bi Supervisor Dr. Sherif Gad This Thesis Was Submitted in Partial Fulfillment of the Requirements for the Master's Degree of Science in Computer Science Faculty of Graduate Studies Al-Balqa' Applied University May, 2007
DECLARATION OF AUTHORSHIP/ORIGINALITY I certify that the work in this thesis has not previously been submitted for a degree nor has it been submitted as part of requirements for a degree except as fully acknowledged within the text. I also certify that the thesis has been written by me. Any help that I have received in my research work and in the preparation of the thesis itself has been acknowledged. In addition, I certify that all information sources and literature used are indicated in the thesis. Signature of Candidate ------------------------------------------------- ii
This thesis (New IP QoS architecture for voice and data convergence over DSL lines) was successfully defended and approved on 20 th of May 2007. Examination Committee Signatures Dr. Sherif Gad, Chairman Associate Professor in Computer Engineering... Dr. Basem Al-Rifai Assistant Professor in Computer Engineering... Dr. Khalaf Khatatneh Assistant Professor in Computer Science... Dr. Ebrahim El-Omary Assistant Professor in Computer Engineering... iii
DEDICATION To my role models: My Father and Mother,,, My two loving Sisters,,, And my Beloved Brother,,, Thank You,,, iv
ACKNOWLEDGMENT As they said: "Success is a journey, not a destination". Well, I deeply believe that is true, my journey started long time ago and I will never know when it will stop. Two years of the journey in the university went just like eye blink, led me meanwhile the team of Professors and Doctors in the Al-Balqa' Applied University, who guide me to keep moving on the right track. My thanks must go first to the Great God, because this thesis will not meet any success without his help. God lightens up the hope candle in the middle of desperate nights. To my supervisor Dr. Sherif Gad, thanks for being there whenever I need a help, you always try to keep my spirit up... for this and more, thank you. To family, thank you for being patient with me in all the way, from the moment I was born till now and for ever. To my friends who supported me each day and gave strength I needed to carry on. At last but not least, it is my honor to have such a wonderful Examination committee. Many thanks to Dr. Basem Al-Rifai, Dr. Khalaf Khatatneh and Dr. Ebrahim El- Omary. Without you all I could not do it so far!! Thanks v
TABLE OF CONTENTS Subject Page Committee Decision... iii Dedication... iv Acknowledgement... v Table of Contents vi List of Tables.. x List of Figures... Xi List of Appendices... xv Abstract... xvi Chapter 1: Introduction... 1 1.1 VOIP (Voice over IP) 3 1.2 VoIP Benefits. 4 1.3 VoIP Protocols... 5 1.4 VoIP Isn t Just another Data Protocol 6 Chapter 2: Simulation Configuration and Features.. 9 2.1 The Functions of a Typical PBX Perform. 9 2.2 PBX Administration.. 12 2.3 Asterisk Gateway Interface 12 2.4 Asterisk Manager API... 12 2.5 Dial Plans... 13 2.6 Numbering Plans... 14 2.7 Choosing a Numbering Scale for Your Private Numbering Plan.. 16 2.8 Assigning Dialer Plan: A Case Study 17 2.9 Extensions Based on DID.. 18 2.10 Dialing Plan and Asterisk PBX 19 2.11 Billing.. 20 2.12 Billing Accounting with Asterisk PBX System... 20 2.13 Routing 22 2.14 Time-of-Day Routing. 22 2.15 Day-of-Week Routing.. 22 vi
2.16 Source Number Routing.. 22 2.17 Cost-Savings Routing. 23 2.18 Disaster Routing.. 23 2.19 Skill-Based Routing 23 2.20 DUNDi Routing Protocol 24 Chapter 3: The Hardware Infrastructure... 25 3.1 Traditional PBX Systems.. 26 3.2 PBX Lines. 27 3.3 PBX Trunks... 29 3.4 PBX Features. 30 3.5 PBX Adjunct Servers. 32 3.6 Voice Messaging 32 3.7 Interactive Voice Response Servers... 33 3.8 Wireless PBX Solutions. 33 3.9 Other PBX Solutions. 34 3.10 PBX Alternatives. 34 3.11 VoIP Telephony and Infrastructure.. 35 3.12 Media Servers... 35 3.13 Interactive Media Service: Media Servers... 36 3.14 Call or Resource Control: Media Servers 36 3.15 The H.323 Gatekeeper. 36 3.16 Registration Servers. 37 3.17 Redirect Servers... 38 3.18 Media Gateways..... 38 3.19 Firewalls and Application-Layer Gateways. 39 3.20 Application Proxies.. 39 3.21 Endpoints (User Agents). 40 3.22 Softphones.. 40 3.23 Authentication: 802.1x.... 41 3.24 Power-Supply Infrastructure 42 3.25 Power-over-Ethernet (IEEE 802.3af).. 43 vii
3.26 Energy and Heat Budget Considerations. 45 Chapter 4: The New Architecture Methodology... 46 4.1 The H.323 Protocol Specification. 46 4.2 The Primary H.323 VoIP-Related Protocols 48 4.3 H.225/Q.931 Call Signaling. 51 4.4 H.245 Call Control Messages... 54 4.5 Real-Time Transport Protocol.. 57 4.6 H.235 Security Mechanisms. 57 4.7 Other Protocols Used by SIP 63 4.8 Session Description Protocol 63 4.9 Real-Time Transport Protocol.. 64 4.10 Media Gateway Control Protocol 64 4.11 Real-Time Streaming Protocol 65 4.12 Understanding SIP s Architecture... 65 4.13 SIP Registration.. 65 4.14 Requests through Proxy Servers. 66 4.15 Requests through Redirect Servers 67 4.16 Peer to Peer. 68 4.17 Instant Messaging and SIMPLE. 69 4.18 Instant Messaging... 70 4.19 SIMPLE.. 72 Chapter 5: Performance Evaluation... 73 5.1 Architectural Overview. 75 5.2 Management Services... 77 5.2.1 Role-based Single Sign-on (SSO).. 77 5.2.2 Metering, Accounting, and Billing (MAB). 77 5.2.3 Software Deployment (SDS).. 78 5.2.3.1 Information Brokering (IB). 78 5.2.3.2 Feature Interaction Manager (FIM) 79 5.3 Basic VoIP Services.. 80 5.4 Supplementary Services 80 viii
5.5 Integrating Supplementary Services. 81 5.6 Accessing Supplementary Services.. 81 5.7 Consuming Supplementary Services. 82 Chapter 6: Conclusions... 83 6.1 Security Policies and Processes 84 6.2 Server Hardening.. 84 6.3 Combine Network Management Tools and Operations 85 6.4 Confirm User Identity... 86 References... 88 Appendices. 93 Abstract in Arabic.. 117 ix
LIST OF TABLES Table No. Title of the Table Page 2.1 Corporation XYZ s Number Scale........ 18 2.2 Billing Fields and Functions Recorded.. 20 4.1 H.323 VoIP Ports and Protocols 50 4.2 H.323 Ports. ٥٥ x
LIST OF FIGURES Figure No. Title of the Figure Page 1.1 Normal Message Flow... 7 1.2 Inbound VoIP Message Flow 7 2.1 manager.conf Configuration File. 13 2.2 Dial Plan Effect 14 2.3 ITU T Format for International Dial Plan over PSTN 15 2.4 NANP Format for Dial Plan 15 2.5 Corporation XYZ s Current Environment... 17 2.6 extensions.conf File and *78 Extension... 19 2.7 Modified Master.csv File and Its CDR Records.. 21 3.1 A Basic PBX Diagram. 26 3.2 A Basic 802.1x Implementation for a Wireless Network 42 4.1 H.323 Entities.. 47 4.2 VoIP-Related H.323 Protocol Stack 49 4.3 Typical H.323 Channels.. 51 4.4 H.225/Q.931 Signaling 53 4.5 H.225/Q.931 RAS 53 4.6 H.245 Call Control.. 56 4.7 RTP/RTCP Media Streams. 57 4.8 H.235 Scope 59 4.9 Baseline Security Profile Security Services (H.235.1) 60 4.10 Voice Encryption Profile with Native H.235/H.245 Key Management. 62 4.11 Registering with a SIP Registrar.. 66 4.12 Request and Response Made through Proxy Server 67 4.13 Request Made through Redirect Server... 68 4.14 Once SIP Has Initiated a Session, a Peer-to-Peer Architecture Is Used.. 69 4.15 Instant Messaging through Skype.. 71 xi
5.1 Architectural Overview 76 5.2 Supplementary Services for VoIP 79 6.1 Defense in Depth. 83 6.2 Security Framework. 87 xii
LIST OF APPENDICES Appendix Name Page Appendix (A) Glossary of Acronyms.. ٩٣ Appendix (B) Voice Decoders 109 Appendix (C) Suggested Hardware 112 xiii
New IP QoS Architecture for Voice and Data Convergence over DSL Lines By Ala'a Abedel Rahman Al-Zo'bi Supervisor Dr. Sherif Gad Abstract In this thesis, our approach is to build a new architecture for a next generation (Voice over IP) framework has been outlined and discussed. The main focus of the architecture is on interoperability between different Voice over IP providers as well as dependability and robustness. Although not many supplementary services are used on a regular basis during common telephone communication, the possibilities provided by the supplementary services based on Internet technology are much more extensive than in classical telephone communication. As a result the supplementary services have been an additional focus of the architecture described. The requirements of a suitable (VoIP) architecture are the basis of this approach. Starting with these requirements the different components of the architecture have been as the process of developing a prototype for the architecture described here comes to an end, and we focus on scalability, reliability and dependability of the prototype. These tests will prove that the requirements expressed in the beginning are met. Additionally the quality of the feature interaction management will be checked thoroughly in order to provide a large amount of possibilities to use supplementary services consecutively. xiv
Chapter 1 Introduction Telephone networks were designed for voice transmission. Data networks were not. Recently within the last three to five years PBX functionality has moved logically (and even physically) from the closet or fenced room in the basement into the data networking space, both from physical connectivity and management standpoints. Additionally, the components of the converged infrastructure (gateways, gatekeepers, media servers, IP PBXes, etc.) are no longer esoteric variants of VxWorks, Oryx-Pecos, or other proprietary UNIXs, whose operating systems are not well enough known or distributed to be common hacking targets; but instead run on well-known, commonly exploited Windows and Linux OSes. SS7, which hardly any data networking people understand, is slowly being replaced by SIGTRAN (which is basically SS7 over IP), H.323 (which no one understands ), and SIP (which is many things to many people), running over TCP/IP networks. By the way, hackers understand TCP/IP [19]. Most people, if they even think about it, consider the traditional public switched telephone network (PSTN) secure. On the PSTN the eavesdropper requires physical access to the telephone line or switch and an appropriate hardware bugging device. Note Whenever a telephone line is tapped, the privacy of the persons at both ends of the line is invaded, and all conversations between them upon any subject, and although proper, confidential, and privileged, may be overheard. Moreover, the tapping of one man s telephone line involves the tapping of the telephone of every other person whom he may call, or who may call him. As a means of espionage, writs of assistance and general warrants are but puny instruments of tyranny and oppression when compared with wire tapping. Justice Louis Brandeis, Olmstead v. United States, 1928 [24]. Toll fraud occurs more frequently than most people realize (one source estimates damages at $4 billion per year) primarily due to improperly configured remote access policies (DISA Direct Inward System Access) and voicemail; however, strong authentication codes and passwords, active call detail record accounting, and physical security controls reduce the risk of damage due to toll fraud to reasonable levels. Although it is theoretically possible to hack SS7, only sophisticated techniques and direct access to the signaling channel make this possible [43]. ١
Cisco Unified Voice Self-Service Products Cisco IP Interactive Voice Response Cisco Unified Customer Voice Portal Voice Self-Service Application Development Cisco Unified Call Services, Universal Edition Cisco Unified Call Studio, Universal Edition Cisco Unified Customer Interaction Analyzer IP Telephony Call Control Cisco BTS 10200 Softswitch Cisco Call Session Control Platform Cisco EGW 2200 Enterprise Gateway Cisco Gatekeeper External Interface Cisco Gatekeeper/Multimedia Conference Manager Cisco International Dial Plan Cisco Media Gateway Controller Software Cisco Network Route Director Cisco PGW 2200 Softswitch Cisco Service Node for Linksys One Cisco Signaling Controllers Cisco SIP Proxy Server Cisco Unified Communications 500 Series for Small Business Cisco Unified Communications Manager (CallManager) Cisco Unified Communications Manager Business Edition Cisco Unified Communications Manager Express Cisco Unified Mobility Cisco Unified Mobility Advantage Cisco Unified Presence Cisco Unified Survivable Remote Site Telephony IP Phones Cisco ATA 180 Series Analog Telephone Adaptors ١١٤
Cisco IP Communicator Cisco MGCP IP Phone Software Cisco SIP IP Phone Software Cisco Unified IP Phones 7900 Series Cisco Unified SIP Phones 3900 Series Cisco Unified Video Advantage Unified Communications Applications Application Development Cisco Unified Application Designer Cisco Unified Application Server Cisco Unified Media Engine Conferencing Cisco Conference Connection Cisco Unified MeetingPlace Cisco Unified MeetingPlace Express Cisco Unified Videoconferencing 3500 Series Products Cisco Unified Videoconferencing Manager Telephony Applications Cisco Billing and Measurements Server Cisco Conference Connection Cisco Emergency Responder Cisco Fax Server Cisco RSVP Agent Cisco Unified Attendant Consoles Cisco Unified CallConnectors Cisco Unified Communications Manager Assistant Cisco Unified Phone Application Suite Cisco Unified PhoneProxy Cisco Voice Provisioning Tool Cisco WebAttendant Unified Communications Clients ١١٥
Cisco IP Communicator Cisco Unified Mobile Communicator Cisco Unified Personal Communicator Cisco Unified Video Advantage Unified Communications Mobility Cisco IP Communicator Cisco Unified Mobile Communicator Cisco Unified Mobility Cisco Unified Personal Communicator Voice Mail and Unified Messaging Cisco Fax Server Cisco Personal Assistant Cisco Unity Cisco Unity Connection Cisco Unity Express Cisco Unified Presence Unified Communications Systems Cisco Unified Communications System Voice Network Management CiscoWorks QoS Policy Manager Cisco Extensible Provisioning and Operations Manager Cisco Media Gateway Control Node Manager Cisco Monitor Director Cisco Monitor Manager Cisco netmanager - Unified Communications Cisco Unified Operations Manager Cisco Unified Provisioning Manager Cisco Unified Service Monitor Cisco Unified Service Statistics Manager CiscoWorks Voice Manager Cisco Voice Services Provisioning Tool ١١٦