a survey of sip peering
play

A survey of SIP Peering Lars Strand (presenter) and Wolfgang - PowerPoint PPT Presentation

Apr 13, 2023 •383 likes •741 views

A survey of SIP Peering Lars Strand (presenter) and Wolfgang Leister NATO ASI ARCHITECTS OF SECURE NETWORKS (ASIGE10) 17-22 May 2010 ASIGE10 - Lars Strand ASIGE10 - Lars Strand Switchboard operators ASIGE10 - Lars Strand ASIGE10 - Lars

  1. A survey of SIP Peering Lars Strand (presenter) and Wolfgang Leister NATO ASI ARCHITECTS OF SECURE NETWORKS (ASIGE10) 17-22 May 2010

  2. ASIGE10 - Lars Strand

  3. ASIGE10 - Lars Strand

  4. Switchboard operators ASIGE10 - Lars Strand

  5. ASIGE10 - Lars Strand

  6. ASIGE10 - Lars Strand

  7. Problem: Scalability the New York Telephone Exchange 1888 Salt Lake City, over 50 women, ca 1914 ASIGE10 - Lars Strand

  8. Automatic telephone exchange ASIGE10 - Lars Strand

  9. Public Switched Telephony Network (PSTN) ● Standardization body: • International Telecommunication Union Standardization (ITU-T) can be traced back to 1865. ● Historically: Big operators (only one for smaller • countries) Peering agreement between them • E.164 addresses (telephone numbers) • ASIGE10 - Lars Strand

  10. Plain Old Telephony Service (POTS) ➔ “Just works” ➔ 100+ year old technology ➔ PSTN 99.999% uptime (D.R. Kuhn, 1997) (<5 min/year) “Can call anyone, anytime, anywhere with a good-quality telephonic conversation” “This is an elusive, currently-unachievable goal for the VoIP-industry” (Minoli, 2006) ASIGE10 - Lars Strand

  11. Voice over IP (VoIP) ● VoIP is here to stay: ● Cheaper (both communication and operational costs) ● More functionality (video, presence, IM, …) ● High industry focus ● VoIP loaded with security issues ● Inherit (traditional) packet switched network security issues and introduces new ones (because of new technology). ASIGE10 - Lars Strand

  12. "It's appalling how much worse VoIP is compared to the PSTN. If these problems aren't fixed, VoIP is going nowhere." --- Philip Zimmerman on VoIP security in “SIP Security”, Sisalem et. al. (2009) ASIGE10 - Lars Strand

  13. ASIGE10 - Lars Strand

  14. VoIP – how does it work? ● Session Initiation Protocol (SIP) is the de facto standard signaling protocol for VoIP ● Application layer (TCP, UDP, SCTP) ● Setting up, modifying and tearing down multimedia sessions ● Not media transfer (voice/video) ● Establishing and negotiating the context of a call ● RTP transfer the actual multimedia ● SIP specified in RFC 3261 published by IETF 2002 ● First iteration in 1999 (RFC2543) – over ten years old ● Additional functionality specified in over 120 different RFCs(!) ● Even more pending drafts... ● Known to be complex and sometimes vague – difficult for software engineers to implement ● Interoperability conference - “SIPit” ASIGE10 - Lars Strand

  15. ASIGE10 - Lars Strand

  16. Excerpts from an email posted on IEFT RAI mailing list: I'm finally getting into SIP. I've got Speakeasy VoIP service, two sipphone accounts, a Cisco 7960 and a copy of x-ten on my Mac. And I still can't make it work. Voice flows in one direction only. I'm not even behind a NAT or firewall -- both machines have global addresses, with no port translations or firewalls. I've been working with Internet protocols for over 20 years. I've implemented and contributed to them. And if *I* can't figure out how to make this stuff work, how is the average grandmother expected to do so? SIP is unbelievably complex, with extraordinarily confusing terms. There must be half a dozen different "names" -- Display Name, User Name, Authorization User Name, etc -- and a dozen "proxies". Even the word "domain" is overloaded a half dozen different ways. This is ridiculous! Sorry. I just had to get this off my chest. Regards, Reference: http://www.ietf.org/mail-archive/web/rai/current/msg00082.html ASIGE10 - Lars Strand

  17. SIP message syntax - INVITE Start line INVITE sip:bob@NR SIP/2.0 (method) Via: SIP/2.0/UDP 156.116.8.106:5060;rport;branch=z9hG4bK2EACE3AF14BF466648A37D2E1B587744 From: Alice <sip:alice@NR>;tag=2093912507 To: <sip:bob@NR> Contact: <sip:alice@156.116.8.106:5060> Call-ID: 361D2F83-14D0-ABC6-0844-57A23F90C67E@156.116.8.106 Message CSeq: 41961 INVITE headers Max-Forwards: 70 Content-Type: application/sdp User-Agent: X-Lite release 1105d Content-Length: 312 v=0 o=alice 2060633878 2060633920 IN IP4 156.116.8.106 Message body s=SIP call (SDP content) c=IN IP4 156.116.8.106 t=0 0 m=audio 8000 RTP/AVP 0 8 3 98 97 101 ............. ASIGE10 - Lars Strand

  18. SIP example Direct call UA to UA ● Caller must know callee's IP or hostname ● No need for intermediate SIP nodes ● Problems: – Traversing firewalls / NAT – Must know IP/hostname of user – Mobility – change IP/hostname ASIGE10 - Lars Strand

  19. SIP example ASIGE10 - Lars Strand

  20. Global reachability? ● SIP has won the “signaling battle” (over H.323) ● (like SMTP won over X.400) ● SIP incorporates many elements from HTTP and SMTP ● Design goal: Global reachability like SMTP ● We call this the “email model” ● SIP has reached deployment worldwide ● VoIP has reached high penetration both in companies and for ISP customers ● But very few open SIP servers – like originally planned ● Why? ASIGE10 - Lars Strand

  21. SIP follows an “email alike model” 1) Email and SIP addresses are structured alike ● username@domain ● address-of-record (AoR): sip:alice@example.com 2) Both SIP and email rely on DNS ● Map domain name to a set of ingress points that handle the particular connection 3) The ingress points need to accept incoming request from the Internet 4) No distinction between end-users and providers ● Any end-user can do a DNS lookup and contact the SIP server directly 5) No need for a business relationship between providers ● Since anyone can connect 6) Clients (usually) do not talk directly to each other – often one or more intermediate SIP/SMTP nodes ● Read more: RFC 3261 and RFC3263 ASIGE10 - Lars Strand

  22. Why has the email model failed? 1) Business – “sender keeps all” → breaks tradition ● The traditional economic model is based on termination fee ● Since anybody can connect to anybody, no business relationship is needed ● No (economical) incentives for providers to deploy open SIP servers providers 2) Legal requirements → written for PSTN ● Operators must comply to a wide range of regulatory requirements ● Example: Wiretapping, caller-id, hidden number, emergency calls, etc 3) Security considerations A) Unwanted calls (SPIT) B) Identity C) Attack on availability (DoS) ASIGE10 - Lars Strand

  23. A) Unwanted calls (SPIT) ● Hard – unknown attack vector ● When there are enough open SIP servers, attackers will start to exploit them ● Low amount of SPIT today (because few open SIP servers) ● Worse than SPAM ● Content only available after the user picks up the phone = harder to filter and detect than email ● Users tend to pick up the phone when it rings = disruptive (users can choose when to check their email) ● A number of SPIT mitigation strategies has been proposed (active research) ● The research project “SPIDER” looked at SPIT ● Good informative deliverables ● Project finished “We're afraid of SPIT, so we don't have open SIP Servers” ASIGE10 - Lars Strand

  24. B) Identity ● PSTN ● Provide (reasonable) good caller-id ● Providers trust each others signaling ● SIP's email model breaks this ● Anyone can send ● SIP (INVITE) easily spoofed ● The SIP authentication is terrible ● Modeled (copied) after HTTP Digest authentication ● SIP also support TLS (and certificate authentication) but very limited deployment ● “SIP Identity” tries to fix this (RFC4474) ● Rely on certificates ● Not based on transitive trust between providers ● No one uses this “Since SIP has so poor identity handling, we don't want to expose our SIP servers to the Internet” ASIGE10 - Lars Strand

  25. C) Attack on availability (DoS) ● Denial of Service (DoS) attacks are HARD! ● Simple and effective: Send more bogus traffic than the recipient can handle ● No simple solution to prevent DoS ● Example: DDoS for sale - The ad scrolls through several messages, including ● "Will eliminate competition: high-quality, reliable, anonymous." ● "Flooding of stationary and mobile phones." ● "Pleasant prices: 24-hours start at $80. Regular clients receive significant discounts." ● "Complete paralysis of your competitor/foe." Reference: http://isc.sans.org/diary.html?storyid=5380 “We're terrified to become a victim of a DDoS attack” ASIGE10 - Lars Strand

  26. So, what is the result? Providers do NOT have open SIP servers All non-local calls are sent to the PSTN Why is that a bad thing? ASIGE10 - Lars Strand

  27. Disadvantages 1) Administrative overhead – more systems to keep track of ● IP-to-PSTN gateway 2) More expensive than “SIP only” ● Must pay a termination fee to the PSTN provider ● Must maintain the IP-to-PSTN gateway 3) Poor(er) voice quality ● Voice must be transcoded from G.711 to the PSTN (and back again) ● Can not use wide-band codecs, like G.722 that provides superior sound quality (“HD sound”) 4) Only applies to voice – miss out other functionality that SIP supports ● IM, presence, mobility, etc. ASIGE10 - Lars Strand

  28. SIP Peering ● Peering overcome these disadvantages ● Do not need an open SIP server on the Internet ● Industry has started to do this ad-hoc ● But not standardized in any way ASIGE10 - Lars Strand

Recommend

PEERING A very brief introduction Types of Peering Private Peering Bi-lateral Peering

PEERING A very brief introduction Types of Peering Private Peering Bi-lateral Peering

PEERING A very brief introduction Types of Peering Private Peering Bi-lateral Peering Multi-lateral Peering Private Peering Dedicated circuit between two peers Can use a cross connect within a data centre; Or via dark

608 views • 21 slides
Access Power Peering A historical perspective on The Evolution of the Internet Peering Ecosystem

Access Power Peering A historical perspective on The Evolution of the Internet Peering Ecosystem

Access Power Peering A historical perspective on The Evolution of the Internet Peering Ecosystem William B. Norton Executive Director DrPeering International The 2 nd Workshop on Internet Economics (WIE11) DR PEERING December 1-2, 2011

475 views • 26 slides
Practical VoIP Peering Klaus Darilion enum.at klaus.darilion@enum.at www.enum.at Practical

Practical VoIP Peering Klaus Darilion enum.at klaus.darilion@enum.at www.enum.at Practical

Practical VoIP Peering Klaus Darilion enum.at klaus.darilion@enum.at www.enum.at Practical VoIP Peering Peering* Peering: negotiation of reciprocal interconnection arrangements between service providers Layer 3 peering Layer 5

1.23k views • 37 slides
Remote Peering: More Peering without Internet Flattening Ignacio Castro Juan Camilo Cardona

Remote Peering: More Peering without Internet Flattening Ignacio Castro Juan Camilo Cardona

Remote Peering: More Peering without Internet Flattening Ignacio Castro Juan Camilo Cardona * Sergey Gorinsky Pierre Francois IMDEA Networks Institute Open University of Catalonia * Carlos III University of Madrid Madrid,

473 views • 25 slides
The Peering Simulation Game William B. Norton Co-Founder, Chief Technical Liaison Equinix Inc.

The Peering Simulation Game William B. Norton Co-Founder, Chief Technical Liaison Equinix Inc.

The Peering Simulation Game William B. Norton Co-Founder, Chief Technical Liaison Equinix Inc. APRICOT Bali 2007 3 minute Intro to Peering Transit $$ ISP A Peering provides routes only to each Upstream others customers Transit Provider

545 views • 21 slides
Internet Video: The Next Wave of Massive Disruption to the U.S. Peering Ecosystem IVTNWOMDTTUSPE

Internet Video: The Next Wave of Massive Disruption to the U.S. Peering Ecosystem IVTNWOMDTTUSPE

Internet Video: The Next Wave of Massive Disruption to the U.S. Peering Ecosystem IVTNWOMDTTUSPE Bill Norton Equinix Massive Disruption in U.S. Peering Ecosystem Full Episodes Desperate Housewives 210MB/hour For 320x240

539 views • 15 slides
INTERCONNECTING CDNS AKA PEERING PEER-TO- PEER Bruce Davie &amp; Francois le Faucheur

INTERCONNECTING CDNS AKA PEERING PEER-TO- PEER Bruce Davie &amp; Francois le Faucheur

INTERCONNECTING CDNS AKA PEERING PEER-TO- PEER Bruce Davie &amp; Francois le Faucheur Outline Background: peering peer-to-peer providers CDN Interconnect Motivation CDNI Technical Issues Discussion Why is this a

876 views • 19 slides
Peering vs. Transit Adnan Ahmed University of Iowa University of Iowa Introduction Transit

Peering vs. Transit Adnan Ahmed University of Iowa University of Iowa Introduction Transit

Peering vs. Transit Adnan Ahmed University of Iowa University of Iowa Introduction Transit Provides connectivity to the Internet Traffic volume based fees Peering Bilateral exchange Settlement-free (no fee) University

615 views • 38 slides
Deferred Peerings as Obstacles on the Internet Thomas Rieder HTTPS://PEERING.RIEDER.IO

Deferred Peerings as Obstacles on the Internet Thomas Rieder HTTPS://PEERING.RIEDER.IO

Deferred Peerings as Obstacles on the Internet Thomas Rieder HTTPS://PEERING.RIEDER.IO Discussion Motivation Fundamentals Design Methodology Conclusion Motivation Pe Peering : Direct connection between two networks on the Internet

419 views • 40 slides
PeeringDB Arnold Nipper arnold@peeringdb.com 2017-03-23 CEE Peering Days 2017, Ljubljana,

PeeringDB Arnold Nipper arnold@peeringdb.com 2017-03-23 CEE Peering Days 2017, Ljubljana,

PeeringDB Arnold Nipper arnold@peeringdb.com 2017-03-23 CEE Peering Days 2017, Ljubljana, Slovenia 1 Agenda PeeringDB 2.0 Membership and Governance Committees Sponsorship Information and Resources 2017-03-23 CEE Peering

376 views • 36 slides
PEPPERMINT BOF 70 th IETF Meeting Vancouver, British Columbia December 2-7, 2007 Evolving Peering

PEPPERMINT BOF 70 th IETF Meeting Vancouver, British Columbia December 2-7, 2007 Evolving Peering

Managing Client Voice Peering Provisioning draft-schwartz-speermint-provisioning-problem-00 PEPPERMINT BOF 70 th IETF Meeting Vancouver, British Columbia December 2-7, 2007 Evolving Peering Relationships Peppermint Problem Statement It is clear

208 views • 10 slides
SPPP Transport Session Peering Provisioning Protocol

SPPP Transport Session Peering Provisioning Protocol

SPPP Transport Session Peering Provisioning Protocol dra1-ie3-drinks-sppp-over-soap-04 Progress WGLC was issued in April Comments

407 views • 4 slides
HISTORY? Susan St John History matters When you are peering into the future to see where

HISTORY? Susan St John History matters When you are peering into the future to see where

WHAT ABOUT THE HISTORY? Susan St John History matters When you are peering into the future to see where you are going it is not at all a bad idea to remember where you have been Owen Woodhouse 1999 Workers Compensation Origins 1900

481 views • 24 slides
Detecting Peering Infrastructure Outages in the Wild Vasileios Giotsas , Christoph

Detecting Peering Infrastructure Outages in the Wild Vasileios Giotsas , Christoph

Detecting Peering Infrastructure Outages in the Wild Vasileios Giotsas , Christoph Dietzel , Georgios Smaragdakis , Anja Feldmann , Arthur Berger , Emile Aben # TU Berlin CAIDA DE-CIX MIT Akamai

1.07k views • 58 slides
VoIP Peering &amp; Interconnect BOF (voipeer) IETF 64 Vancouver, BC

VoIP Peering &amp; Interconnect BOF (voipeer) IETF 64 Vancouver, BC

VoIP Peering &amp; Interconnect BOF (voipeer) IETF 64 Vancouver, BC http://www.1-4-5.net/~dmm/IETF/IETF64/VOIPEER Administriva Mailing list: majordomo@lists.uoregon.edu subscribe voipeer or visit

335 views • 14 slides
Content may be King, but (Peering) Location Matters: A Progress Report on the Evolution of

Content may be King, but (Peering) Location Matters: A Progress Report on the Evolution of

Content may be King, but (Peering) Location Matters: A Progress Report on the Evolution of Content Delivery in the Internet Volker Stocker William Lehr University of Freiburg, Germany MIT Georgios Smaragdakis Steven Bauer TU Berlin/MIT

836 views • 14 slides
Develop an electronic survey system to allow consumers of mental health/addiction services to

Develop an electronic survey system to allow consumers of mental health/addiction services to

Public Policy Surveying Last 4 national health surveys NZ Health Survey, 20,000 houses pa 7 yrs NZ Transport Survey Previous: NZ Crime &amp; Safety Survey, Health &amp;Lifestyles Survey, Adult Nutrition Survey, Alcohol &amp; Drug

494 views • 23 slides
security Peering into Underground Economies Final exam Cumulative Wednesday May 18

security Peering into Underground Economies Final exam Cumulative Wednesday May 18

This time On top of the stack Application-layer security Peering into Underground Economies Final exam Cumulative Wednesday May 18 Software security Crypto 10:30 AM 12:30 PM Networking HERE (CSIC 2117) Teaching

1.03k views • 91 slides
security Peering into Underground Economies Final exam Cumulative Monday May 18

security Peering into Underground Economies Final exam Cumulative Monday May 18

This time On top of the stack Application-layer security Peering into Underground Economies Final exam Cumulative Monday May 18 Software security Crypto 10:30 AM 12:30 PM Networking HERE (CSIC 2117) Teaching

1.36k views • 91 slides
Remote Peering William B. Norton Execu6ve Director, DrPeering

Remote Peering William B. Norton Execu6ve Director, DrPeering

Remote Peering William B. Norton Execu6ve Director, DrPeering Interna6onal Chief Strategy Officer, Interna6onal Internet Exchange (IIX) wbn@iixPeering.net UK NOF

436 views • 15 slides
Anycast Anycast Peering and Peering and Sinkholes Sinkholes Greg Wallace Greg Wallace ICANN

Anycast Anycast Peering and Peering and Sinkholes Sinkholes Greg Wallace Greg Wallace ICANN

Anycast Anycast Peering and Peering and Sinkholes Sinkholes Greg Wallace Greg Wallace ICANN ICANN - 63, Barcelona 63, Barcelona ccNSO Tech Day ccNSO Tech Day Monday 21 October, 2018 Monday 21 October, 2018 netactuate.com @netactuate

496 views • 22 slides
Investigative Research for an IP Peering Service for NetherLight Assessor: Cees de Laat

Investigative Research for an IP Peering Service for NetherLight Assessor: Cees de Laat

Investigative Research for an IP Peering Service for NetherLight Assessor: Cees de Laat Supervisors: Research Project 2 #100 Gerben van Malenstein Arnold Buntsma Migiel de Vos Mar Badias Sim Max Mudde NetherLight: open lightpath

633 views • 25 slides
Peering into the physics of brown dwarfs: spectroscopy with JWST/ NIRSpec Catarina Alves de

Peering into the physics of brown dwarfs: spectroscopy with JWST/ NIRSpec Catarina Alves de

Peering into the physics of brown dwarfs: spectroscopy with JWST/ NIRSpec Catarina Alves de Oliveira, European Space Agency Understanding the Nearby Star-forming Universe with JWST 27 Aug 2019 ESA UNCLASSIFIED Releasable to the public The

468 views • 28 slides
Part 2: Peering into the Crystal Ball How the Market Decides Future Use Hosted b by EP

Part 2: Peering into the Crystal Ball How the Market Decides Future Use Hosted b by EP

Part 2: Peering into the Crystal Ball How the Market Decides Future Use Hosted b by EP EPAs s O Office ce o of B Brownfields &amp; &amp; Lan Land R Revital talizati zation n Oct ctober 1 18, 20 8, 2019 9 Land

904 views • 54 slides

More recommend