Post on 05-Apr-2018
transcript
8/2/2019 Intro to SIP Draft Final
1/122
SIP TutorialIntroduction to SIP
Original Slides by Alan Johnston and Henry Sinnreich, MCI (atVON03)
8/2/2019 Intro to SIP Draft Final
2/122
2
Contents
SIP OverviewSIP in detail
SIP Call Flow Scenarios
SIP SecuritySIP Programming
Some Related Works
8/2/2019 Intro to SIP Draft Final
3/122
SIP Overview
What SIP is, Multimedia ProtocolStack, Short Historyand Related
Protocolsare included.
8/2/2019 Intro to SIP Draft Final
4/122
4
Why packet switching? Why SIP?
0
10
20
30
40
50
60
70
80
90100
1980 1985 1987 1990 1995 2000 2001
electromech
analog
digital
Technology evolution of PSTN
8/2/2019 Intro to SIP Draft Final
5/122
5
Session Initiation Protocol Overview
Application Layer Signaling Protocol
Used to establish, modify, and terminatemultimedia sessions
Part of Internet Multimedia Architecture
Can use UDP, TCP, TLS, SCTP, etc.Based on HTTP (Web) Similar text-based structure
Uses URIs (Uniform Resource Indicators)
Applications include (but not limited to): Voice, video, gaming, instant messaging,
presence, call control, etc.
8/2/2019 Intro to SIP Draft Final
6/122
6
Security & Privacy
SIP Authentication Challenge/Response based on shared secret - SIP Digest Mechanism also used by HTTP
Used for client devices
Encryption using private/public keys Used between servers
Privacy and security SIP signaling can be encrypted
S/MIME (Secure/Multipurpose Internet Mail Extensions) Defined in RFC 2633
SIP can be transported over IPSec
Defined in RFC 2401
TLS (Transport Layer Security) Defined in RFC 2246
8/2/2019 Intro to SIP Draft Final
7/122
7
Internet Multimedia Protocols
RTSP
8/2/2019 Intro to SIP Draft Final
8/122
8
A Short History of SIP
Internet Engineering Task Force (IETF) protocol
Inventors: M. Handley, H. Schulzrinne, E. Schooler,and J. Rosenberg
Became Proposed Standard and RFC 2543 in March1999 in MMUSIC WG.
Separate SIP WG established in September 1999.Now new SIPPING (applications) and SIMPLE(presence and instant messaging) WGs using SIP.
RFC2543bis-09 I-D became RFC 3261 in June 2002
Added four new authors: G. Camarillo, A. Johnston, J.Peterson, and R. Sparks.
Entire spec rewritten for clarity, but some new features
Mostly backwards compatible with RFC 2543
8/2/2019 Intro to SIP Draft Final
9/122
9
SIP Requests and Responses
SIP Responses use anumerical code and a
reason phrase
Classes:
1xx Informational
2xx Final
3xx Redirection
4xx Client Error5xx Server Error
6xx Global Failure
Example: 404 Not Found
SIP Request types arecalled methods
Methods in base spec:
INVITE
ACK
OPTIONS
CANCELBYE
REGISTER
8/2/2019 Intro to SIP Draft Final
10/122
10
Related Protocols: SDP
SIP carries (encapsulates) SDP messages
SDP specifies codecs and media terminationpoints
Only one of many possible MIME attachments
carried by SIPSDP Session Description Protocol Used to describe media session.
Carried as a message body in SIP messages.
Is a text-based protocol Uses RTP/AVP Profiles for common media types
Defined by RFC 2327 E.g. RFC 3551 RTP Profile for Audio and Video Conferences
with Minimal Control
8/2/2019 Intro to SIP Draft Final
11/122
11
Related Protocol: RTP
RTP Real-time Transport ProtocolUsed to transport media packets over IP
RTP adds a bit-oriented header containing:name of media source
timestampcodec type
sequence number
Defined by H. Schulzrinne et al, RFC 1889.
Profiles defined by RFC 1890. RTCP for exchange of participant and quality
reports.
8/2/2019 Intro to SIP Draft Final
12/122
12
SIP Uniform Resource Indicators (URIs)
Same form as email addresses: user@domain
Two URI schemes: sip:henry@siptest.mci.com is a SIP URI
Most common form introduced in RFC 2543
sips:henry@siptest.mci.com is a Secure SIP URI New scheme introduced in RFC 3261
Requires TLS over TCP as transport for security
Two types of SIP URIs: Address of Record (AOR) (identifies a user)
sip:henry@mci.com (Needs DNS SRV records to locate SIP Serversfor mci.com domain)
Contact (identifies a device and is usually a Fully Qualified DomainName, FQDN) sip:henry@127.24.45.4 or sip:henry@cube43.lab.mci.com
(Which needs no resolution for routing)
8/2/2019 Intro to SIP Draft Final
13/122
13
SIP Trapezoid
OutboundProxy Server
User Agent B
Inbound
Proxy Server
User Agent A
SIP
SIP
SIP
Media (RTP)
DNS Server
DNS
Location
Server
SIP
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
14/122
14
SIP Elements User Agents
OutboundProxy Server
Inbound
Proxy Server
Capable of sending
and receiving SIPrequests.
UAC User Agent Client
UAS User Agent Server
End Devices
SIP phone
PC/laptop withSIP Client
PDA
mobile phone
PSTN Gateways
are a type of UserAgent
SIP
SIP
SIP
DNS Server
DNS
Location
Server
User Agent BUser Agent A
Media (RTP)
SIP
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
15/122
15
SIP Elements Proxy Servers
OutboundProxy Server
Inbound
Proxy Server
Forward or proxyrequests on behalf ofUser Agents
Consult databases:
DNS
Location ServerTypes:
Stateless
Transaction Stateful
Call Stateful
No media capabilities Ignore SDP.
Normally bypassed oncedialog established, butcan Record-Route to
stay in path.
SIP
SIP
SIP
DNS Server
DNS
Location
Server
User Agent BUser Agent A
Media (RTP)
SIP
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
16/122
16
SIP Elements Other Servers
OutboundProxy Server
Inbound
Proxy Server
Location Server
Database of locations ofSIP User Agents
Queried by Proxies in
routingUpdated by User Agents
by Registration
DNS Server
SRV (Service) Recordsused to locateInbound Proxy
Servers
SIP
SIP
SIP
DNS Server
DNS
Location
Server
User Agent BUser Agent A
Media (RTP)
SIP
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
17/122
17
SIP Client and Server
SIP Elements are either
User Agents (end devices that initiate and terminatemedia sessions)
Servers (that assist in session setup)
Proxies
Registrars
Redirect servers
A User Agent acts as a
Client when it initiates a request (UAC) Server when it responds to a request (UAS)
8/2/2019 Intro to SIP Draft Final
18/122
18
SIP Registrar, 1
SIP server that can receive and process REGISTER requests
A user has an account created which allows them to REGISTERcontacts with a particular server
The account specifies a SIP Address of Record (AOR)
8/2/2019 Intro to SIP Draft Final
19/122
19
SIP Registrar, 2
SIP Registrars store the location of SIPendpoints Each SIP endpoint Registers
with a Registrar using its Address of Record and Contactaddress
Address of Record for John Smith in From: headerFrom: John Smith
8/2/2019 Intro to SIP Draft Final
20/122
20
Proxy Server
SIP Proxy servers route SIP messages
Stateless Proxies use stateless protocols like UDP to
talk to endpoints
Low Proxy overhead
Ephemeral connections, dropped as soon as message isforwarded
Stateful Proxies use TCP or other stateful protocols
to set up a permanent connection
High Proxy overhead Endpoint connection must be set up, maintained and torn
down for the duration of the session
8/2/2019 Intro to SIP Draft Final
21/122
21
SIP Proxy Server
SIP Server which acts on behalf of User Agents
Receives a SIP request
Adds some headers
Modifies some of the headers
Forwards request to next hop server or client
8/2/2019 Intro to SIP Draft Final
22/122
22
Stateless vs. Stateful Proxy
Stateless Proxy
Forwards every request downstream and response upstream
Keeps no state (does not have any notion of a transaction)
Never performs message retransmissions
Stateless proxies scale very well
can be very fast good for network cores
Stateful Proxy
Maintains state information for the duration of either the:
Transaction (request)
Transaction Stateful
Dialogue (from INVITE to BYE)
Dialogue Stateful
Performs message retransmission
8/2/2019 Intro to SIP Draft Final
23/122
23
SIP Redirect Server
Receives a request and returns a redirection response(3xx)
Contact header in response indicates where requestshould be retried
Similar to database query
All Server types are logical NOT Physical
8/2/2019 Intro to SIP Draft Final
24/122
24
Locating SIP Servers
Manual provisioning
DHCP SIP Option 120
RFC 3361
Multicast (deprecated)
DNS SRV method
Get local domain name automatically from DHCP server
Perform SRV record query through DNS on that domain for_sip._udp.
Send SIP REGISTER message to resolved server
phone is up and running without user intervention
8/2/2019 Intro to SIP Draft Final
25/122
SIP in detail
Now, we are going to study SIP indetail including SIP Request, SIPResponse and SIP Header
8/2/2019 Intro to SIP Draft Final
26/122
26
SIP Request Methods, 1
SIP used for Peer-to-Peer Communicationthough it uses a Client-Server model
Requests are called methods
Six methods are defined in base RFC 3261: INVITEACK
OPTIONS
BYE
CANCEL
REGISTER
8/2/2019 Intro to SIP Draft Final
27/122
27
SIP Request Methods, 2
REGISTER
Register contact with RegistrarINVITE/ACK/BYE/CANCEL/UPDATE
Creates, negotiates and tears down a call (dialogue)
MESSAGE
Creates an Instant Messaging sessionSUBSCRIBE
Subscribe to a service (like message waiting indication)
NOTIFY
Notify a change in service state (new Voicemail)
8/2/2019 Intro to SIP Draft Final
28/122
28
SIP Methods - INVITE, 1
INVITE requests the establishment of asession
Carried in Message Body (SDP)
Type of session
IP Address
Port
Codec
8/2/2019 Intro to SIP Draft Final
29/122
29
SIP Methods - INVITE, 2
An INVITE during an existing session(dialogue) is called a re-INVITE
re-INVITEs can be used to
Place calls on or remove calls from hold
Change session parameters and codecs
The SIP UPDATE method is the proposedreplacement for this technique
8/2/2019 Intro to SIP Draft Final
30/122
30
SIP Methods - ACK
ACK completes the three way session setuphandshake (INVITE, final response, ACK)
Only used for INVITE
If INVITE did not contain media information
ACK must contain the media information
8/2/2019 Intro to SIP Draft Final
31/122
31
SIP Methods - OPTIONS
OPTIONS requests the capabilities of anotherUser Agent
Response lists supported methods,extensions, codecs, etc.
User Agent responds to OPTIONS the sameas if an INVITE (e.g. if Busy, returns 486Busy Here)
Very basic presence information
8/2/2019 Intro to SIP Draft Final
32/122
32
SIP Methods BYE and CANCEL
BYE terminates an established session
User Agents stop sending media packets (RTP)
CANCEL terminates a pending session.
INVITE sent but no final response (non-1xx) yet
received. User Agents and Proxies stop processing INVITE
Can be sent by a proxy or User Agent
Useful for forking proxy
Parallel search using multiple registration Contacts. First successful wins, rest are cancelled.
8/2/2019 Intro to SIP Draft Final
33/122
33
SIP Methods - REGISTER
Registration allows a User Agent to uploadcurrent location and URLs to a Registrar
Registrar can upload into Location Service
Incoming requests can then be proxied or
redirected to that locationBuilt in SIP support of mobility
UAs do not need static IP addresses
Obtain IP address via DHCP, REGISTER indicatingnew IP Address as contact
8/2/2019 Intro to SIP Draft Final
34/122
34
SIP Request URI
The Request-URI indicates the destination address of the
requestProxies and other servers route requests based onRequest-URI.
The Request-URI is modified by proxies as the address isresolved.
INVITE sip:bob@biloxi.com SIP/2.0Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bK776asdhdsMax-Forwards: 70To: Bob From: Alice ;tag=1928301774Call-ID: a84b4c76e66710@pc33.atlanta.com
CSeq: 314159 INVITEContact: Content-Type: application/sdpContent-Length: 142
(Alice's SDP not shown)
Request-URI
8/2/2019 Intro to SIP Draft Final
35/122
35
SIP From and To Tags
Tags are pseudo-random numbers inserted inTo or From headers to uniquely identify a callleg
INVITE request From header contains a tag
Any User Agent or Server generating aresponse adds a tag to the To header in theresponse
To: sip:john@company.com;tag=123456
8/2/2019 Intro to SIP Draft Final
36/122
36
SIP Method - INFO
Used to transport mid-call signaling
information
Only one pending INFO at a time
Typical use - PSTN signaling message carried
as MIME attachment E.g. ISDN User-to-User information
Defined in RFC 2976
8/2/2019 Intro to SIP Draft Final
37/122
37
SIP Method - REFER
Indicates that recipient (identified by theRequest-URI) should contact a third partyusing the contact information provided in therequest
Typical Use: Call Transfer featuresAllowed outside an established dialogue
8/2/2019 Intro to SIP Draft Final
38/122
38
SIP Method - PRACK
Provisional Response ACKnowlegement
Used to acknowledge receipt of provisionalresponse
183 Session Progress
Does not apply to 100 Trying responses Only provisional responses 101-199 may be sent
reliably and acknowledged with PRACK
If no PRACK sent, response retransmitted
Defined in RFC 3262
8/2/2019 Intro to SIP Draft Final
39/122
39
SIP Methods SUBSCRIBE and NOTIFY
SUBSCRIBE requests notification of when a
particular event occurs Use Expires=0 to unsubscribe
A NOTIFY message is sent to indicate the event
statusSample Applications
Presence
Message waiting indication for voicemail
Defined in RFC 3265
8/2/2019 Intro to SIP Draft Final
40/122
40
SIP Method - MESSAGE
Extension to SIP for Instant Messaging (IM)MESSAGE requests
carry the content in the form of MIME body parts
use the standard MIME headers to identify the
content
8/2/2019 Intro to SIP Draft Final
41/122
41
SIP Responses
SIP Requests generate Responses with codes
borrowed from HTTP
Classes:
1xx Informational
2xx Final 3xx Redirection
4xx Client Error
5xx Server Error
6xx Global Failure
Response example 404 Not Found
8/2/2019 Intro to SIP Draft Final
42/122
42
SIP Responses: 1xx-3xx
SIP Response Code Brief Description100 Trying Request received and action is being taken
180 Ringing UA received INVITE and is alerting user
181 Call Is Being Forwarded Used by proxy to indicate call is being forwarded
182 Queued Called party unavailable, call queued
183 Session Progress Used in early media and QoS setup
200 OK Request successful
300 Multiple Choices Address resolved to several choices
301 Moved Permanently User can no longer be found at Req-URI address
302 Moved Temporarily Temporarily cannot find user at Req-URI address
305 Use Proxy Resource MUST be accessed through proxy.
380 Alternative Service Call not successful. Alternatives possible.
8/2/2019 Intro to SIP Draft Final
43/122
43
SIP Responses: 4xxSIP Response Code Brief Description
400 Bad Request Request not understood due to malformed syntax
401 Unauthorized Request requires user authentication
402 Payment Required Reserved for future use
403 Forbidden UAS understood request and refuses to fulfill it
404 Not Found UAS finds that user doesn't exist in the domain
405 Method Not Allowed Method is understood but not allowed
406 Not Acceptable Response content not allowed by Accept header
407 Proxy Authentication Required Client must first authenticate itself with proxy
408 Request Timeout UAS could not produce response in time
410 Gone UAS resource unavailable; no forwarding addr.
413 Request Entity Too Large Request contains body longer than UAS accepts
414 Request-URI Too Long Req-URI longer than server is willing to interpret
415 Unsupported Media Type Format of the body not supported by UAS
416 Unsupported URI Scheme Scheme of URI unknown to server
420 Bad Extension UAS not understand protocol extension
421 Extension Required UAS needs particular extension process request
423 Registration Too Brief Contact header field expiration time too small
480 Temporarily Unavailable UAS contacted successfully but user unavailable
481 Call/Transaction Does Not Exist UAS Rx request not matching any exist ing dialog
482 Loop Detected UAS has detected a loop
483 Too Many Hops UAS received request containing Max-Forwards=0
484 Address Incomplete UAS Rx request with incomplete Request-URI
485 Ambiguous The Request-URI was ambiguous
486 Busy Here UAS contacted successfully but user busy
487 Request Terminated Request terminated by a BYE or CANCEL request
488 Not Acceptable Here Same as 606 but only applies to addressed entity
491 Request Pending UAS Rx req. & have pending req. for same dialog
493 Undecipherable UAS Rx request with encrypted MIME body & not have decryption key
8/2/2019 Intro to SIP Draft Final
44/122
44
SIP Responses: 5xx-6xx
SIP Reponse Code Brief Description500 Server Internal Error UAS unexpected condition & cannot fulfill request
501 Not Implemented UAS not support functionality to fulfill the request
502 Bad Gateway UAS Rx invalid response from a downstream server
503 Service Unavailable UAS can't process due to overload or maintenance
504 Server Time-out UAS not Rx response from external server
505 Version Not Supported UAS not support SIP version in request
513 Message Too Large Message length exceeded UAS capabilities
600 Busy Everywhere End systems contacted, user busy at all of them
603 Decline End systems contacted, user explicitly decline604 Does Not Exist Anywhere UAS has information Req-URI user not exist
606 Not Acceptable Some aspects of Session Desc. not acceptable
8/2/2019 Intro to SIP Draft Final
45/122
45
SIP Message Details
INVITE sip:wh@200.201.202.203 SIP/2.0Via: SIP/2.0/UDP proxy.munich.de:5060;branch=z9hG4bK8542.1
Via: SIP/2.0/UDP 100.101.102.103:5060;branch=z9hG4bK45a35h76Max-Forwards: 69
To: Heisenberg
From: E. Schroedinger ;tag=312345
Call-ID: 105637921@100.101.102.103
CSeq: 1 INVITE
Contact: sip:schroed5244@100.101.102.103
Content-Type: application/sdpContent-Length: 159
First line of a SIP message is Start Line which contains:
the method or Request type: INVITE (session setup request).
the Request-URI which indicates who the request is forsip:wh@200.201.202.203
Note: Request-URI can be either an AOR or Contact (FQDN)
This Request-URI is a FQDN, but the initial Request-URI was an AOR(same as To URI)
the SIP version number SIP/2.0
8/2/2019 Intro to SIP Draft Final
46/122
46
SIP Headers
SIP Requests and Responses contain Headers (similar
to Email headers) Required Headers
To
From
Via
Call-ID
CSeq
Max-Forwards
Optional Headers:
Subject, Date, Authentication (and many others)
8/2/2019 Intro to SIP Draft Final
47/122
47
SIP Message Details
INVITE sip:w.h@200.201.202.203 SIP/2.0
Via: SIP/2.0/UDP proxy.munich.de:5060;branch=z9hG4bK8542.1
Via: SIP/2.0/UDP 100.101.102.103:5060;branch=z9hG4bK45a35h76Max-Forwards: 69To: Heisenberg
From: E. Schroedinger ;tag=312345
Call-ID: 105637921@100.101.102.103
CSeq: 1 INVITE
Contact: sip:schroed5244@100.101.102.103
Content-Type: application/sdpContent-Length: 159
Via headers show the path the request has taken
The bottom Viaheader is inserted by the User Agent which initiated
the request Additional Via headers are inserted by each proxy in the path
The Via headers are used to route responses back the same way
Required branchparameter contains a cookie (z9hG4bK) then a
transaction-ID.
8/2/2019 Intro to SIP Draft Final
48/122
48
SIP Message Details
INVITE sip:w.h@200.201.202.203 SIP/2.0
Via: SIP/2.0/UDP proxy.munich.de:5060;branch=z9hG4bK8542.1
Via: SIP/2.0/UDP 100.101.102.103:5060;branch=z9hG4bK45a35h76Max-Forwards: 69To: Heisenberg
From: E. Schroedinger ;tag=312345
Call-ID: 105637921@100.101.102.103
CSeq: 1 INVITE
Contact: sip:schroed5244@100.101.102.103
Content-Type: application/sdpContent-Length: 159
Max-Forwards is a count decremented by each proxy
that forwards the request.
When count goes to zero, request is discarded and 483Too Many Hops response is sent.
Used for stateless loop detection.
l
8/2/2019 Intro to SIP Draft Final
49/122
49
SIP Message Details
INVITE sip:w.h@200.201.202.203 SIP/2.0
Via: SIP/2.0/UDP proxy.munich.de:5060;branch=z9hG4bK8542.1
Via: SIP/2.0/UDP 100.101.102.103:5060;branch=z9hG4bK45a35h76
Max-Forwards: 69
To: Heisenberg From: E. Schroedinger ;tag=312345Call-ID: 105637921@100.101.102.103CSeq: 1 INVITE
Contact: sip:schroed5244@100.101.102.103
Content-Type: application/sdp
Content-Length: 159
Dialog (formerly called call leg) information is in headers:
To tag, From tag, and Call-ID (Note: Not URIs)
To and From URIs usually contain AOR URIs.All requests and responses in this call will use this same Dialoginformation.
Call-ID is unique identifier usually composed of
pseudo-random string @ hostname or IP Address
S l
8/2/2019 Intro to SIP Draft Final
50/122
50
SIP Message Details
CSeq Command Sequence Number
Initialized at start of call (1 in this example)
Incremented for each subsequent request Used to distinguish a retransmission from a new request
Also contains the request type (method) - INVITE
INVITE sip:w.h@200.201.202.203 SIP/2.0
Via: SIP/2.0/UDP proxy.munich.de:5060;branch=z9hG4bK8542.1
Via: SIP/2.0/UDP 100.101.102.103:5060;branch=z9hG4bK45a35h76
Max-Forwards: 69
To: Heisenberg
From: E. Schroedinger ;tag=312345Call-ID: 105637921@100.101.102.103
CSeq: 1 INVITEContact: sip:schroed5244@100.101.102.103
Content-Type: application/sdp
Content-Length: 159
SIP M D il
8/2/2019 Intro to SIP Draft Final
51/122
51
SIP Message Details
Contact header contains a SIP FQDN URI for direct
communication between User Agents
If Proxies do not Record-Route, they can be bypassed IfRecord-Route is present in 200OK, then a Route
header is present in all future requests in this dialog.
Contact header is also present in 200OK response
INVITE sip:w.h@200.201.202.203 SIP/2.0
Via: SIP/2.0/UDP proxy.munich.de:5060;branch=z9hG4bK8542.1
Via: SIP/2.0/UDP 100.101.102.103:5060;branch=z9hG4bK45a35h76
Max-Forwards: 69
To: Heisenberg
From: E. Schroedinger ;tag=312345Call-ID: 105637921@100.101.102.103
CSeq: 1 INVITE
Contact: sip:schroed5244@100.101.102.103Content-Type: application/sdp
Content-Length: 159
SIP M D t il
8/2/2019 Intro to SIP Draft Final
52/122
52
SIP Message Details
Content-Typeindicates the type of message bodyattachment (others could be text/plain,
application/cpl+xml, etc.)Content-Lengthindicates the octet (byte) count of
the message body.
Message body is separated from SIP header fields by ablank line (CRLF).
INVITE sip:w.h@200.201.202.203 SIP/2.0
Via: SIP/2.0/UDP proxy.munich.de:5060;branch=z9hG4bK8542.1
Via: SIP/2.0/UDP 100.101.102.103:5060;branch=z9hG4bK45a35h76
Max-Forwards: 69
To: Heisenberg
From: E. Schroedinger ;tag=312345Call-ID: 105637921@100.101.102.103
CSeq: 1 INVITE
Contact: sip:schroed5244@100.101.102.103
Content-Type: application/sdpContent-Length: 159
SDP M B d D t il
8/2/2019 Intro to SIP Draft Final
53/122
53
SDP Message Body Details
v=0
o=Tesla 289084526 28904529 IN IP4 lab.high-voltage.org
s=-
c=IN IP4 100.101.102.103
t=0 0
m=audio 49170 RTP/AVP 0
a=rtpmap:0 PCMU/8000
Version number (ignored by SIP)
Origin (onlyversion used by SIP -28904529)
Subject (ignored by SIP)
Connection Data (IP Address for media - 100.101.102.103)
Time (ignored by SIP) Media (type - audio, port - 49170, RTP/AVP Profile - 0)
Attribute (profile - 0, codec - PCMU, sampling rate8000 Hz)
SIP R D t il
8/2/2019 Intro to SIP Draft Final
54/122
54
SIP Response Details
Via, To, From, Call-ID, &CSeq are all copied from request.
Tonow has a tag inserted by UAS
Contact and Message Body contain UAS information.
SIP/2.0 200 OKVia: SIP/2.0/UDP proxy.munich.de:5060;branch=z9hG4bK8542.1
Via: SIP/2.0/UDP 100.101.102.103:5060;branch=z9hG4bK45a35h76
To: Heisenberg ;tag=24019385From: E. Schroedinger ;tag=312345Call-ID: 105637921@100.101.102.103
CSeq: 1 INVITE
Contact: sip:wh@200.201.202.203Content-Type: application/sdp
Content-Length: 173
v=0o=Heisenberg 2452772446 2452772446 IN IP4 200.201.202.203s=SIP Callc=IN IP4 200.201.202.203t=0 0
m=audio 56321 RTP/AVP 0a=rtpmap:0 PCMU/8000
8/2/2019 Intro to SIP Draft Final
55/122
SIP Call Flow Scenarios
As followings
SIP C ll Fl S i
8/2/2019 Intro to SIP Draft Final
56/122
56
SIP Call Flow Scenarios
Call Attempt - Unsuccessful
Presence Subscription Registration
Presence Notification
Instant Message Exchange
Call Setup Successful
Call Hold
Call Transfer
Call Flows and full message details:
SIP Basic Call Flow Examples I-D by A. Johnston et al.
SIP Service Examples I-D by A. Johnston et al.
SIP C ll S A S i
8/2/2019 Intro to SIP Draft Final
57/122
57
SIP Call Setup Attempt Scenario
Outbound
Proxy Server
Inbound
Proxy Server
1. INVITEContact: ASDP A
DNS Server LocationServer
1. A dials SIP AORURI sip:B@mci.com.User Agent A sends
INVITE to outboundProxy Server.
2. Outbound Proxysends 100 Trying
response.
2. 100 Trying
User Agent B(Not Signed In)
User Agent A
SIP C ll S t Att t S i
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
58/122
58
SIP Call Setup Attempt Scenario
Outbound
Proxy Server
Inbound
Proxy Server
1. INVITEContact: ASDP A
DNS Server LocationServer
3. Outbound Proxy doesDNS query to findproxy server for
mci.comdomain4. DNS responds with
IP address ofmci.com Proxy
Server
3. DNS Query:mci.com?
2. 100 Trying
4. Response: 1.2.3.4
User Agent B(Not Signed In)
User Agent A
SIP C ll S t Att t S i
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
59/122
59
SIP Call Setup Attempt Scenario
Outbound
Proxy Server
Inbound
Proxy Server
DNS Server LocationServer
5. Outbound Proxysends INVITE to
Inbound Proxy
Server.6. Inbound Proxy sends
100Trying
response.
3. DNS Query: mci.com?
2. 100 Trying
4. Response:1.2.3.4
6. 100 Trying
User Agent B(Not Signed In)
User Agent A
1. INVITEContact: ASDP A
5. INVITEContact: ASDP A
SIP C ll S t Att t S i
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
60/122
60
SIP Call Setup Attempt Scenario
Outbound
Proxy Server
Inbound
Proxy Server
DNS Server LocationServer
7. Inbound Proxyconsults LocationServer.
8. Location Serverresponds with NotSigned In.
3. DNS Query: mci.com?
2. 100 Trying
4. Response:1.2.3.4
6. 100 Trying
7. LS Query: B? 8. Response: NotSigned In
User Agent B(Not Signed In)
User Agent A
1. INVITEContact: ASDP A
5. INVITEContact: ASDP A
SIP C ll S t Att t S i
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
61/122
61
SIP Call Setup Attempt Scenario
Outbound
Proxy Server
Inbound
Proxy Server
DNS Server LocationServer
9. Inbound Proxy sends480TemporarilyUnavailable
response.10. Outbound Proxy sends
ACK response.
3. DNS Query:mci.com?
2. 100 Trying
4. Response:1.2.3.4
6. 100 Trying
7. LS Query: B? 8. Response:Not Signed
In
9. 480 Temporarily Unavailable
10. ACK
User Agent B(Not Signed In)
User Agent A
1. INVITEContact: ASDP A
5. INVITEContact: ASDP A
SIP C ll S t Att t S i
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
62/122
62
SIP Call Setup Attempt Scenario
Outbound
Proxy Server
Inbound
Proxy Server
DNS Server LocationServer
11. Outbound Proxyforwards 480 response
to A.12. A sends ACK response.
3. DNS Query:mci.com?
2. 100 Trying
4. Response:1.2.3.4
6. 100 Trying
7. LS Query: B? 8. Response:Not Signed
In
9. 480 Temporarily Unavailable
11. 480 Temporarily Unavailable
10. ACK
12. ACK
User Agent B(Not Signed In)
User Agent A
1. INVITEContact: ASDP A
5. INVITEContact: ASDP A
SIP P esence E ample
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
63/122
63
SIP Presence Example
Outbound
Proxy Server
InboundProxy Server
1. SUBSCRIBE
DNS ServerPresence
Server
1. A wants to be informedwhen B signs on, sosends a SUBSCRIBE
2. Outbound Proxyforwards to InboundProxy
3. Inbound Proxy forwardsto Bs Presence Server
2. SUBSCRIBE
3. SUBSCRIBE
User Agent B(Not Signed In)
User Agent A
SIP Presence Example
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
64/122
64
SIP Presence Example
Outbound
Proxy Server
InboundProxy Server
1. SUBSCRIBE
DNS ServerPresence
Server
4. Presence Serverauthorizes subscription
by sending a 200OK.5. & 6. 200OK proxied
back to A.6. 200 OK
2. SUBSCRIBE
5. 200 OK
3. SUBSCRIBE 4. 200 OK
User Agent B(Not Signed In)
User Agent A
SIP Presence Example
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
65/122
65
SIP Presence Example
Outbound
Proxy Server
InboundProxy Server
DNS ServerPresence
Server
7. Presence Server sendsNOTIFY containing
current presence status
of B (Not Signed In).8. and 9. NOTIFY is
proxied back to A.
10. A acknowledges receiptof notification with
200OK.11. & 12. 200OK is
proxied back to BsPresence Server.
10. 200 OK
11. 200 OK
7. NOTIFY
12. 200 OK
User Agent B(Not Signed In)
User Agent A
8. NOTIFY
9. NOTIFY
SIP Registration Example
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
66/122
66
SIP Registration Example
Outbound
Proxy Server
OutboundProxy Server
DNS ServerLocation
Server
2. Update database:B = B@2.3.4.5
1. REGISTER
Contact: B@2.3.4.5
1. B signs on to his SIPPhone which sends aREGISTER message
containing the FQDNURI of Bs User Agent.
2. Database update is sentto the Location Server
User Agent BUser Agent A
SIP Registration Example
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
67/122
67
SIP Registration Example
Outbound
Proxy Server
OutboundProxy Server
DNS ServerLocation
Server
2. Update database:B = B@2.3.4.5 3. OK
1. REGISTER
Contact: B@2.3.4.5
4. 200 OK
Contact: B@2.3.4.5
3. Location Serverdatabase update isconfirmed.
4. Registration is confirmedwith a 200OK
response.
User Agent BUser Agent A
SIP Presence Example
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
68/122
68
SIP Presence Example
Outbound
Proxy Server
InboundProxy Server
DNS ServerPresence
Server
13. Presence Server learnsof Bs new status fromthe Location Server andsends a NOTIFY
containing new status
of B (Signed In).14. & 15. NOTIFY is
proxied back to A.
16. A acknowledges receiptof notification with 200OK.
17. & 18. 200OK is
proxied back toPresence Server.
16. 200 OK
17. 200 OK
18. 200 OK
User Agent BUser Agent A
13. NOTIFY
14. NOTIFY
15. NOTIFY
SIP Instant Message Scenario
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
69/122
69
SIP Instant Message Scenario
Outbound
Proxy Server
InboundProxy Server
1. MESSAGE
DNS Server LocationServer
1. A sends an InstantMessage to B saying
Can you talk now?in a MESSAGE
request.
2., 3. & 4. MESSAGE
request is proxied,
Location Serverqueried.
5. Inbound Proxyforwards MESSAGE to
B.
6. User Agent B respondswith 200OK.
7. & 8. 200OK is proxied
back to A.
8. 200 OK
7. 200 OK
3. LS Query: B? 4. Response:sip:B@2.3.4.5
6. 200 OK
User Agent BUser Agent A
2. MESSAGE
5. MESSAGE
SIP Instant Message Scenario
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
70/122
70
SIP Instant Message Scenario
Inbound
Proxy Server
OutboundProxy Server
LocationServer
DNS Server1. B sends an Instant
Message to A saying
Sure. in aMESSAGEsent to As
AOR URI.
2. & 3. DNS Server isqueried.
4. Outbound Proxyforwards MESSAGE to
Inbound Server.
5. & 6. Location Server isqueried.
7. Inbound Proxyforwards to A.
8. User Agent A respondswith 200OK.
9. & 10. 200OK is proxied
back to B.
8. 200 OK
9. 200 OK
10. 200 OK
5. LS Query: A? 6. Response:sip:A@4.5.3.2
2. DNS Query:globalipcom.com?
3. Response: 5.6.7.8
User Agent BUser Agent A
7. MESSAGE
4. MESSAGE
1. MESSAGE
SIP Call Setup Attempt Scenario
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
71/122
71
SIP Call Setup Attempt Scenario
Outbound
Proxy Server
InboundProxy Server
DNS Server LocationServer
1. to 5. A retriesINVITE to B which
routes through twoProxy Servers.
6. Location Server
responds with theFQDN SIP URI of BsSIP Phone.
7. Inbound Proxy Serverforwards INVITE to
Bs SIP Phone.
2. 100 Trying
4. 100 Trying
5. LS Query: B 6. Response:sip:B@2.3.4.5
User Agent BUser Agent A
1. INVITEContact: ASDP A
3. INVITEContact: ASDP A
7. INVITEContact: ASDP A
SIP Call Setup Scenario
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
72/122
72
SIP Call Setup Scenario
Outbound
Proxy Server
InboundProxy Server
10. 180 Ringing
DNS Server LocationServer
8. User Agent B alerts Band sends 180Ringing response.
9. & 10. 180Ringing
is proxied back to A.
9. 180 Ringing
8. 180 Ringing
User Agent BUser Agent A
SIP Call Setup Scenario
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
73/122
73
SIP Call Setup Scenario
Outbound
Proxy Server
InboundProxy Server
10. 180 Ringing
DNS Server LocationServer
11. B accepts call andUser Agent B sends
200OK response.12. & 13. 200OK is
proxied back to A.
9. 180 Ringing
8. 180 Ringing
User Agent BUser Agent A
11. 200 OKContact: BSDP B
12. 200 OKContact: BSDP B
13. 200 OKContact: BSDP B
SIP Call Setup Scenario
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
74/122
74
SIP Call Setup Scenario
Outbound
Proxy Server
InboundProxy Server
10. 180 Ringing
DNS Server LocationServer
14. ACK is sent by A to
confirm setup callbypassing proxies.
Media session beginsbetween A and B!
9. 180 Ringing
8. 180 Ringing
14. ACK
Media (RTP)
User Agent BUser Agent A
11. 200 OKContact: BSDP B
12. 200 OKContact: BSDP B
13. 200 OKContact: BSDP B
SIP Call Hold (re-INVITE)
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
75/122
75
SIP Call Hold (re INVITE)
Outbound
Proxy Server
InboundProxy Server
DNS Server LocationServer
15. B places A on holdby sending a re-INVITE.
16. A accepts with a200OK.
17. B sends ACK to A.
No media between Aand B.
15. INVITE
SDP a=sendonly
17. ACKUser Agent BUser Agent A
16. 200 OKSDP A
SIP Call Transfer Scenario
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
76/122
76
20. NOTIFY
21. 200 OK
SIP Call Transfer Scenario
Outbound
Proxy Server
InboundProxy Server
DNS Server LocationServer
18. B transfers A to Cusing REFER.
19. Transfer is acceptedby A with 202Accepted response.
20. Notification oftrying transfer issent to B in NOTIFY.
21. B sends 200OKresponse to NOTIFY
18 REFER Refer-To: sip:C@mci.com
19. 202 Accepted
User Agent BUser Agent A
SIP Call Transfer Scenario
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
77/122
77
SIP Call Transfer Scenario
Outbound
Proxy Server
InboundProxy Server
DNS Server LocationServer
1. to 5. A sends newINVITE to C which
routes through twoProxy Servers.
6. Location Serverresponds with theFQDN SIP URI of CsSIP Phone.
7. Inbound Proxy Serverforwards INVITE to
Cs SIP Phone.
2. 100 Trying
4. 100 Trying
5. LS Query: C? 6. Response:sip:C@6.7.8.9
User Agent BUser Agent A
User Agent C
1. INVITEContact: ARef-By: BSDP A
3. INVITEContact: ARef-By: BSDP A
7. INVITEContact: ARef-By: BSDP A
SIP Call Transfer Scenario
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
78/122
78
SIP Call Transfer Scenario
Outbound
Proxy Server
InboundProxy Server
10. 180 Ringing
DNS Server LocationServer
8. User Agent C alerts Cand sends 180Ringing response.
9. & 10. 180Ringing
is proxied back to A.
11. C accepts call andsends 200OK
response.
12. & 13. 200OK is
proxied back to A.
14. ACK is sent by A toconfirm setup call.
Media session betweenA and C begins.
9. 180 Ringing
8. 180 Ringing
14. ACK
User Agent C
Media (RTP)
User Agent B
User Agent A
11. 200 OKContact: CSDP C
12. 200 OKContact: CSDP C
13. 200 OKContact: CSDP C
SIP Call Transfer Scenario
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
79/122
79
SIP Call Transfer Scenario
Outbound
Proxy Server
InboundProxy Server
DNS Server LocationServer
20. Notification ofsuccessful transfer issent to B in NOTIFY.
21. B sends 200OK
response to NOTIFY22. B hangs up by
sending a BYE.
23. 200OK response toBYE is sent.20. NOTIFY
21. 200 OK
22. BYE
23. 200 OK User Agent BUser Agent A
http://www.omnisky.com/products/index.htmlhttp://commerce.www.ibm.com/cgi-bin/ncommerce/CategoryDisplay?cgrfnbr=2059075&cntrfnbr=1&cgmenbr=1&cntry=840&lang=en_US8/2/2019 Intro to SIP Draft Final
80/122
SIP Security
Authorization
8/2/2019 Intro to SIP Draft Final
81/122
81
Authorization
SIP uses standard HTTP Digest Authentication with minorrevisions
Simple Challenge/Response schemeREGISTER ->
8/2/2019 Intro to SIP Draft Final
82/122
82
TLS and sips:
Implementation of TLS is mandatory for proxies, redirect
servers and registrars
The ;transport=tls URI parameter value is deprecated
A sips: URI scheme (otherwise identical to the sip: scheme)
indicates that all hops between the requestor and the resource
identified by the URI must be encrypted with TLS.
If the request is retargeted once the resource is reached, it
must use secured transports.
S/MIME
8/2/2019 Intro to SIP Draft Final
83/122
83
S/MIME
Provides end-to-end security of message body and/or headers.
Certificate identified by end user addressPublic key can be transported in SIP
Entire message can be protected by tunneling the message in
an S/MIME body
Header Fields
Header Fields
Body
Signature
Attacks
8/2/2019 Intro to SIP Draft Final
84/122
84
Attacks
IPhreakers
IP knowledge Known weaknesses
Evolution 2600Hz -> voicemail/intl GWs -> IP telephony
Internal or external threat ?
Targets: home user, enterprise, government, etc ?
Protocol implementations
PROTOS
The human element
Attacks : denial of service
8/2/2019 Intro to SIP Draft Final
85/122
85
a s de a o se e
Denial of service
Network Protocol (SIP INVITE)
Systems / Applications
Phone
Availability (BC/DR)
Requires: power
Alternatives (Business Continuity/Disaster Recovery) ?
E911 (laws and technical aspect) GSM
PSTN-to-GSM
Attacks : fraud
8/2/2019 Intro to SIP Draft Final
86/122
86
Call-ID spoofing
User rights takeover
Fake authentication server
Effects
Access to voicemail
Value added numbers Social engineering
Replay
Attacks: interception
8/2/2019 Intro to SIP Draft Final
87/122
87
p
Interception
Who talks with who (Network sniffing, Servers (SIP, CDR, etc)LAN
Physical access to the LAN
ARP attacks
Unauthenticated devices (phones and servers)
Different layers (MAC address, user, physical port, etc)Where to intercept ?
Where is the user located ?
Networks crossed ?
Lawful Intercept
CALEA
ETSI standard
Architecture and risks
Attacks : systems
8/2/2019 Intro to SIP Draft Final
88/122
88
y
Systems
Mostly none is hardened by default
Worms, exploits, Trojan horses
Attacks : phone
(S)IP phone Startup
DHCP, TFTP, etc.
Physical access
Hidden configuration tabs TCP/IP stacks
Firmware/configuration
Trojan horse/rootkit
Defense
8/2/2019 Intro to SIP Draft Final
89/122
89
Signaling: SIP
Secure SIP vs SS7 (physical security)
Transport: Secure RTP (with MiKEY)
Network: QoS [LLQ] (and rate-limit)
Firewall: application level filteringPhone: signed firmware
Identification: TLS
Clients by the server
Servers by the client
3P: project, security processes and policies
8/2/2019 Intro to SIP Draft Final
90/122
SIP Programming
SIP based Application Interfaces
8/2/2019 Intro to SIP Draft Final
91/122
91
pp
These include :
JAIN SIP Low level and very complex API
CNRSIP API is one of available reference implementations.
SIP Servlets
proposed within JAIN
SIP API for J2ME
intermediate level API (minimal SIP knowledge required)
SIP CGI
CPL ( Call Processing Language)
XML based
HTTP Servlets
8/2/2019 Intro to SIP Draft Final
92/122
92
HTTP Java Servlets Widely Used in Web
Application Development
Applications Consist of Sets of HTTP
Servlets, Each of Which Processes a
Single Web Request in the Application
HTTP Servlets Return Web Pages to
Display
HTTP Servlets Can Create Session Data
e.g., shopping cart, that spans multiple
requests
Container Manages HTTP Servlet
Lifecycles, Fault Tolerance, Session State
HTTP Servlets Collected into a War File
Web Archive
HTTP Servlets
Web Server
Developer
Deployer
War File
SIP Servlet API
8/2/2019 Intro to SIP Draft Final
93/122
93
SIP Servlet API
Java extension API for SIP servers
Similar in spirit to HTTP servlet API
Server matches incoming messages against local rules in order to
decide which servlet to pass message to
The API gives full control to servlets to handle SIP messages, e.g.
has full access to headers and body
proxy or redirect requests
respond to or reject requests
forward responses upstream
initiate requestsServers may choose to provide constrained environment to
selected servlets (e.g. using sandbox security model)
Basic SIP Servlet Model
8/2/2019 Intro to SIP Draft Final
94/122
94
Servlet Engine
SIP Server
requests
responses
requests
responses
servletservlet
Location of SIP Server and servlet
engine: in same Java Virtual Machine
different process, same host
different hosts: 1:1, 1:n, n:1, n:m
Example: Routing Services
8/2/2019 Intro to SIP Draft Final
95/122
95
Server
servletUAC UAS
SIP SIP
RTP
Servlet proxies request to one or more destinations- forwards response to caller
Example: Servlet as UAS
8/2/2019 Intro to SIP Draft Final
96/122
96
Server
servlet
UAC
SIP
RTP
Servlets can reject (screen) calls
Can accept and set up media streams
Benefits of Servlet Model
8/2/2019 Intro to SIP Draft Final
97/122
97
Powerful:
Full access to SIP signaling
Performance:
No need to fork new process for each request
The same servlet can handle many requests simultaneously
Safety: type checked; no pointers; exception handling
Convenience: high level abstractions.
Tight integration with server: logging, security, location database
Lifecycle model allows servlets to
maintain state, e.g. database connections manage timers
Access to wide range of APIs
An Example: RejectServlet
8/2/2019 Intro to SIP Draft Final
98/122
98
import org.ietf.sip.*;
public class RejectServlet extends SipServletAdapter {protected int statusCode, reasonPhrase;
public void init(ServletConfig config) {
super.init(config);
try {
statusCode = Integer.parseInt(getInitParameter("status-code"));
reasonPhrase = getInitParameter("reason-phrase");} catch (Exception _) {
statusCode = SC_INTERNAL_SERVER_ERROR;
}
}
public boolean doInvite(SipRequest req) {
SipResponse res = req.createResponse();
res.setStatus(statusCode, reasonPhrase);res.send();
return true;
}
}
Relationship to JAIN SIP
8/2/2019 Intro to SIP Draft Final
99/122
99
JAIN SIP is a generic, low-level
interface for accessing SIPservices
Can be used in
Clients
Servers
Gateways
Focuses purely on the protocol
Complete access to SIP
capabilities
Supports transactions only
SIP Servlet Container is a
particular application of JAIN
SIP
SIP Protocol
SIP Servlet
Container
Servlet
JAIN SIP
SIP Servlet API
Servlet
Relationship to JAIN SIP
8/2/2019 Intro to SIP Draft Final
100/122
100
Servlets focus on highvolume carrier grade servers
Add significant, non-SIPprotocol functions
Lifecycle management
Domain objects
Context and configuration
Deployment descriptors
Archive files
Synchronization primitives
Security
Add significant SIP protocolfunctions
Construction of requestsand responses from domainobjects
Hide many parts of JAIN SIP
Direct access to many
headers is not provided
Write access to most
everything is often
restricted
Servlets should be defined to
allow a SIP container to be
built using JAIN SIP
SIP Objects in Servlet API
defined with interfaces that
match JAIN SIP signatures Cannot directly expose JAIN
SIP objects, though
SIP CGI
8/2/2019 Intro to SIP Draft Final
101/122
101
Almost identical to HTTP CGI
Language independent ( Perl, Tcl, C, C++, ... )
Any binary may be executed as a separate program
Suitable for services that contains substantial web content
Passes message parameters through environmental variables to
a separate program.
More flexible but more risky
Feb. 1, 2001: RFC 3050 (Common Gateway Interface for SIP)
published
Call Processing Language (CPL)
8/2/2019 Intro to SIP Draft Final
102/122
102
Designed by the IETF to support sophisticated telephony
servicesMay be used by both SIP or H.323.
XML based scripting language for describing controlling call
services
Simple SyntaxExtendible
Easily edited by GUI tools
Scripts runs on network SIP signaling server to create end user
services
Lightweight CPL interpreter is need to parser & validate scripts
CPL Example
8/2/2019 Intro to SIP Draft Final
103/122
103
A simple script that blocks anonymous callers
8/2/2019 Intro to SIP Draft Final
104/122
Some Related Works
Parlay
IMS
IPv6
Why Parlay is Important to Galaxy
8/2/2019 Intro to SIP Draft Final
105/122
105
Open standard
Range of services
Many levels of sophistication and complexity
Secure framework for discovery of and access toservices by third party applications
Registration of non-Parlay service APIs
Independent of specific network and software
environment
Why Unified Communications?
8/2/2019 Intro to SIP Draft Final
106/122
106
MPEG
Private PrivateJob
Messages
Fax
V-mail
SMS
Fixed
Job
Calls
Mobile
VoIP
IM
Architecture I:
8/2/2019 Intro to SIP Draft Final
107/122
107
S
IP
IN
AP
M
AP
IS
UP
Parlay
Application
Parlay as a Unifying Technology
Architecture II:
8/2/2019 Intro to SIP Draft Final
108/122
108
Gate
wayto
OtherNetworks
IPnetwork
SIP
ApplicationServlet/CGI/CPL Script
SIP as a Unifying Technology
Key Questions
8/2/2019 Intro to SIP Draft Final
109/122
109
Which of these two models is correct, or are there
opportunities for both approaches to co-exist?How well can a generic network API sit on top ofSIP? For example, would it severely limit a developer,and what advantages would it offer?
Which aspects of network functionality will actuallybe useful in practice to developers?
Parlay within Galaxy
8/2/2019 Intro to SIP Draft Final
110/122
110
SIP clients
PSTNPlatform
BT VBApps
Parlay Gateway
DCOM
BT C++Apps
CORBA
SIP Proxy VOIP gateway
Appium
UnifiedComms
Application
3rd PartyApplications
Feasibility: A proof of concept prototype
8/2/2019 Intro to SIP Draft Final
111/122
111
Feasibility: A proof of concept prototype ...
Player 2
Player 1
Game serverParlay
MRFC MRFP
Player 3
RTPSIP
Game eventsXML over JXTA
Some Challenges for Parlay
8/2/2019 Intro to SIP Draft Final
112/122
112
Which technologies should Parlay support?
How can interoperability testing be encouraged?How can Parlay get feedback from developers?
Sizeable specifications with complex interfaces and data typesgive long learning curve for developers?
Although specifications are maturing, still few Parlay productscommercially available. Why?
How does Parlay keep pace with new protocols?
Parlay on a SIP Network ?
8/2/2019 Intro to SIP Draft Final
113/122
113
Parlay adds security to SIP
Parlay provides many features not available in SIP APIs
Parlay provides a network independent model
BUT...
SIP APIs can make some simpler solutions for some applicationsenvisaged by Parlay group
Parlay could support SIP better
SO...
SIP will have a significant impact on the future of Parlay
SIP and Parlay can already work well together and are apowerful combination
Global SIP/IMS deployment needs IPv6
8/2/2019 Intro to SIP Draft Final
114/122
114
Introduction of SIP-based peer-to-peer services is an importantstep after current client-server based services.
IP Multimedia Subsystem (IMS) is a service infrastructure basedon the use of Session Initiation Protocol (SIP).
3GPP Release 5 and 6 specifications
3GPP2 specifications
In order to make peer-to-peer services work between differentoperators' networks, IPv6 is needed - peer-to-peer services workwell only with public IP addresses.
Small scale IMS deployment / piloting can be started with IPv4.
IPv6 is vital for wider scale, global IMS deployment.
Example of peer-to-peer IP connectivity
8/2/2019 Intro to SIP Draft Final
115/122
115
CSCFUMS
IPv6SIP
Inviteplayer
Peter acceptedthe challenge!
ThomasPeter
Thomaschallenges
you to agame of
checkers!
Accept DeclineAccept
IP Connection
Game data
Quit
Chat
Push toStream
Peter: 00:00:00Thomas: 00:00:00
Example of peer-to-peer IP connectivity
8/2/2019 Intro to SIP Draft Final
116/122
116
CSCFUMS
SIP
Inviteplayer
Peter: 00:00:00Thomas: 00:00:00
Chat> Peter: I amgoing to winthis time!>Thomas:Yeah right, inyour dreams!
ThomasPeter
IP Connection
Game data
Chat
Push toStream
Quit
Chat
Peter: 00:00:00Thomas: 00:00:00
> Peter: I amgoing to win
this time!>Thomas:Yeah right, inyour dreams!
IPv6
Example of peer-to-peer IP connectivity
8/2/2019 Intro to SIP Draft Final
117/122
117
CSCFUMS
SIP
Inviteplayer
Peter: 00:00:00Thomas: 00:00:00
Chat> Peter: hey,look whatjust passedby!
ThomasPeter
IP Connection
Game data
Streaming video
Push toStream
Quit
Peter chooses toadd a streamingcomponent to sharewhat he is seeing
Streaming video from Peter:
IPv6
Future mobile services = serverless media
8/2/2019 Intro to SIP Draft Final
118/122
118
CSCFUMS
SIP
ThomasPeter
IP Connection
Game data
Chat
Peter: 00:00:00Thomas: 00:00:00
No NATs in between, public IP addressesare needed
Example services: gaming, chat,streaming, Voice/video over IP, etc.
The SIP/IMS user plane is peer-to-peer innature - SIP/IMS sessions between mobiles indifferent Private IPv4 address spaces becomehighly complicated. This is why public IPaddresses are required. The only future proofsolution is provided by IPv6.
IPv6
Standardized technology enablers fornew mobile services are here today
8/2/2019 Intro to SIP Draft Final
119/122
119
e ob e se ces a e e e today
MMS
Java
XHTML andTCP/IP
Colordisplays
Imagingand cameraintegration
MultimediaStreaming
Presence
Positioning
DRM
GPRSEDGEWCDMA
CDMA2000Multimode
Video
MIDISymbian
IPv6 SIP
BluetoothWLAN
Technology and Application Trends
8/2/2019 Intro to SIP Draft Final
120/122
120
2G radio
interface(GSM / EDGE)
IPv4
Client-serverconnectivity
SMS textmessaging,WAP browsing,MMSmultimedia
messaging
2G and 3G radio interfaces
(WCDMA / CDMA2000)IPv4/IPv6 dual stack
Peer-to-peer connectivity
Richer, IP-based Applications
HTTP/TCP/IP browsing
Presence
Instant Messaging
Multimedia streaming
Gaming
Voice and video telephony
Sharing
Etc.
Multi-access IMS
8/2/2019 Intro to SIP Draft Final
121/122
121
Common IPversion (=IPv6)
makes the multi-access casemuch easier
GGSN
P-CSCF
S-CSCF
IMS(IPv6)3GPPaccessnw
PDSN 3GPP2accessnwWLAN
access nw
P-CSCF
SIP Signaling for building up the session
User IP data
SIP
P-CSCF
References
8/2/2019 Intro to SIP Draft Final
122/122
Anders Kristensen, Hewlett-Packard
Laboratories, Bristol, U.K
Nicolas FISCHBACH, Senior Manager, IPEngineering/Security - COLT Telecom
Jonathan Rosenberg, Dynamicsoft
Ed Luff, Newport Networks
Patrick Ferriter, ZULTYS