Efficient Telecommunication Infrastructure with Internet Telephony (VoIP)

1

Thomas SiegersSongfuli Co., Ltd.

3 July 2007

Efficient Telecommunication Infrastructure with Internet Telephony (VoIP)

2

Information

Hosted by:American Chamber of Commerce TaiwanCommunications Technology Workshop

This presentation is publicly available at:http://www.slideshare.net/thomasjs

This presentation is published under theCreative Commons Attribution Share Alike License.For more information, see http://creativecommons.org/about/licenses/

http://www.slideshare.net/thomasjs

http://creativecommons.org/about/licenses/

3

Agenda

Introduction Basics of telephony and networking Skype SIP protocol

Hardware Service providers Integration into network

and telephone system Scenarios and examples

2 hours30 minutes

4

Hype Cycle

www.gartner.com –2006

5

Introduction Internet Telephony

VoIP – Voice over IP (IP – Internet Protocol)

Pro: more economicno telephone charge for computer-to-computer calls*charge of local call for computer-to-telephone call*) except of charge for network access

Con: more complicated and less reliablerelies on electric poweremergency calls cannot be mapped to locationnetwork: connection interruptions, packet losssecurity: easier to trace calls over the Internetconfiguration: firewall traversal

6

Return of Investment

0

20

40

60

80

100

120

140

1 2 3 4 5 6

months

NTD

CHTVoIP

Accumulated cost over 6 months

60 min calls per day to Germany,20 days per month

CHT 16 NTD/min VoIP 1 €¢/min

Investment for VoIP 100,000 NTD

ROI after 5 months, after that savings of >18,500 NTD/month

7

How does it work?

Computer+ sound card+ headset+ software

Network

Telephone adapter+ analog telephone

Computer converts voice into digital signals.

Network transports digital signals as data packets.

Telephone adapter converts digital signals into voice.

8

Telephony PSTN

Public Switched Telephone Network

POTSPlain Old Telephone Service

ISDNIntegrated Services Digital Network

PBXPrivate Branch Exchange

FXOForeign Exchange Office

FXSForeign Exchange Station

9

PSTN

PSTN–Public Switched Telephone Network

Circuit-Switching

TXTX

TX

TX

TX

TXTX

TX TXTX

TX

TX - Telephone Exchange

10

PBX

Extensions

FXSFXOPSTN

Trunk

PBX = PABX–Private Automatic Branch Exchange

FXO–goes on-hock and off-hook

FXS–provides power, ring signal, dial tone

11

Network

Packet-Switching

RR

R

R

R

RR

R RR

R

R–Router

ServerClients

12

Layer Concept

Address

SENDER

Network

Transport

Service

Delivery

Message

Registered

13

Protocol StackISO/OSI* Internet Examples

7 Application Application www : HTTP, FTP, DNS

6 Presentation mail : SMTP, POP, IMAP

5 Session p2p : SIP, eD2k, XMPP

4 Transport Transport TCP, UDP, NetBEUI, WAP

3 Network Internet IP, IGMP, ICMP, IPsec, ARP

2 Data Link NetworkAccess**

PPP, L2TP, GPRS, ATM, FR

1 Physical Ethernet, USB, Wi-Fi, ISDN

*) ISO –International Organization for Standardization, OSI –Open Systems Interconnection**) original TCP/IP model, recently 5-layer model with data link and physical layer

14

TCP/IP Packet

IP-packet

TCP-packet

source addressdestination address

TCP-packet

header data

source portdestination port

application data(HTTP, FTP, SMPT)

dataheader

15

Request – Response

ClientServer

Request

Response

HTTP

Source 10.0.0.100:1234Destin. 203.66.88.89:80

Source 203.66.88.89:80 Destin. 10.0.0.100:1234

IP-address:10.0.0.100

TCP-port: >1024

IP-address:203.66.88.89

TCP-port: 80

16

Network Address Translation NAT, IP masquerading Address shortage of IP ver. 4

32 bit => 4 G ~ 4 billion addresses

Address ranges only for private useclass A : 10.x.x.x, class B : 172.16.x.x – 172.31.x.x, class C : 192.168.x.x

Internet gateway (firewall) translatesbetween private and public addresses.

Firewall rules:request LAN Internet : allowresponse Internet LAN : allowrequest Internet LAN : deny

Internet can only connect to the LAN,when the LAN had sent a request before.

LAN

Internet

NAT

17

Peer-to-Peer Communication Peer-to-Peer (P2P)

VoIP, file sharing, instant messaging

VoIP Protocolstwo protocols involved: SIP and RTPSIP - session initiation protocol: signalling, UDP port 5060RTP - real-time transport protocol: voice communication, UDP port range 10000-20000

NAT Traversal- different kinds of NAT: symmetric, asymmetric- UDP hole punching- STUN - Simple Traversal of UDP through NATs necessary when both clients are behind NAT doesn’t work with symmetric NAT

18

UDP Hole Punching

Before Process After

19

UDP Hole Punching Process

20

Firewall Application Filter

21

Skype Peer-to-peer Internet telephony (VoIP) network

Software is free, but not open source

Proprietary protocol, traffic encrypted

Founded by the founders of the file sharing application Kazaa

Acquired by eBay in October 2005

Easy to deploy even behind firewall and NAT

Heavy use of network bandwidth and other resources

Difficult to integrate into organization’s security strategy

22

Getting Granular on Skype 2004 – Columbia University, New York, USA

An Analysis of the Skype Peer-to-Peer Internet Telephony Protocolhttp://www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf

Analysis of network structure and traffic 2006 - EADS Corporate Research Center, France

Silver Needle in the Skypehttp://www.secdev.org/conf/skype_BHEU06.handout.pdf

Developers of Skype made immense effort to prevent reverse engineering, i.e. getting an inside view. The Skype client detects, when it is running within a debugger and then changes its behavior. Parts of its code are ciphered and will be decrypted during runtime.

23

Problems with SkypeFrom a network security administrator point of view Almost everything is obfuscated

Peer to peer architecture

Traffic even when the software is not used

From a system security administrator point of view Many protections, anti-debugging tricks, ciphered code

A product that works well for free from a company not involved on Open Source ?!

The Chief Security Officer point of view Is Skype a backdoor ?

Can I distinguish Skype’s traffic from real data exfiltration ?

Is Skype a risky program for my sensitive business ?

24

ConclusionGood points Skype was made by clever people

Good use of cryptography

Bad points Hard to enforce a security policy with Skype

Jams traffic, can’t be distinguished from data exfiltration

Incompatible with traffic monitoring, IDS

Impossible to protect from attacks (which would be obfuscated)

Total blackbox. Lack of transparency.No way to know if there is/will be a backdoor

Fully trusts anyone who speaks Skype.

25

SIP Protocol SIP – session initiation protocol

- application layer protocol used for Internet telephone calls, multimedia distribution, and multimedia conferences- standardized by the Internet Engineering Task Force (IETF)- open specification: RFC 3261 (like all Internet standards)

SIP - The De-facto VoIP Standardhttp://en.wikipedia.org/wiki/SIP_Telephony#SIP_-_The_De-facto__VoIP_Standard

SIP – signalling, UDP port 5060RTP – real-time transport protocolvoice communication, UDP port range 10000-20000

Codec – audio data compression algorithm for voiceG.729a – 8kbps, G.711 – 64kbps,G.723 obsolete, superseded by G.726 – 16-40kbps

26

SIP – open protocol => everyone can offer services for it

VoIP provider is connected to both Internet and PSTN. Over 2000 SIP VoIP providers

Dialing between providerse.g. FreeWorldDialup no. 740218 => *393 740218http://www.sipbroker.com/sipbroker/action/providerWhitePages

Advanced Features- monthly rate, flat rate- unlimited local and distance calling- voicemail, call forwarding, caller ID- dial-in number with home area code- direct inward dialing (DID)- fax receipt with e-mail notification

VoIP Provider

27

VoIP Services

PSTN Internet

Gateway

Computer, Soft Phone &

Headset

IP Telephone

Analog Telephone

VoIP Provider

1) VoIP call–free2) dial-out–charged3) dial-in–charged

28

SIP – open protocol => everyone can build devices for it

Router

Analog Telephony Adapter (ATA)

SIP-Phone

Wireless Phone

USB-Devices

Integrated Systems

Large Systems Hardware bundled by VoIP providers

http://www.voipbuster.com/en/hardware.htmlhttp://www.sipgate.de/voipshop

VoIP Hardware

29

Router ADSL Internet access

VoIP (SIP)

FXS, (FXO)

Packet filter

VPN (virtual private network)

WLAN (wireless LAN)

30

Analog Telephony Adapter ATA

connects standard analog telephones to a VoIP network

31

SIP-Phone Connected to LAN

or directly to the Internet

Bridge to PCto share network cable

32

Wireless Phone Wireless USB phones

USB Bluetooth phones

Wi-Fi phones

33

USB-Devices Headsets

USP-Phones

Wireless USB-Phones

34

Integrated Systems Multiple analog ports

FXS, FXO

PBX

Firewall

VPN-gateway

WLAN

ISDN

35

Large SystemUsed by VoIP Providers

SIP Proxy Server

T1/E1 Gateway

RTP Resource Server

Session Border Controller

Voice Mail, Auto-Attendant

Application Server

Conference Server

IP Recorder

Billing server

Universal SIP/H.323 Signal Converter

36

IP PBX Software PBX

Can be installed on standard hardwarefrom PC to Unix-server

Additional hardware requiredconnection to POTS (FXO/FXS) or ISDN

Embedded appliances available Asterisk

popular open source software, another is sipXLinux distributions: Trixbox, AstLinux, AsteriskNOWused as basis for embedded appliancesused by leading VoIP providers, e.g. iotum**) iotum was named “Cool Vendor” in Enterprise Communications by Gartner in 2007http://www.asterisk.org

37

Asterisk Analog cards

PCI bus, half or full length1-8 FXO/FXS interfaces

Digital cardsPRI E1/T1, ISDN

ApplianceIP-PBX embedded in device with analog interfaces

Developer kitsversion ITSPs, OEMs, resellers, and integrators

38

IP-PBX Software PBX

embedded in robust hardwaremostly based on Asteriskconfigurable via web browser

Primary rate interface23 (T1) or 30 (E1) channels

Multiple extensionsFXS or ISDN

39

Application Examples Integration with PBX

VoIP gateway without PBX

VoIP gateway with PBX connected via FXS

VoIP gateway with PBX connected via FXO

Integration with Network VoIP gateway as Firewall

VoIP gateway in LAN with private IP address

VoIP gateway in DMZ with private IP address

VoIP gateway in DMZ with public IP address

IP-PBX SIP only / SIP and Skype

40

VoIP Gateway without PBX

PSTN Internet

LAN

FXS

FXOVoIP

41

VoIP Gateway

42

VoIP Gateway with PBX (FXS)

PSTN Internet

PBX

FXS

FXO

FXS

VoIP

43

VoIP Gateway with PBX (FXO)

PSTN Internet

PBX

FXS

FXO FXO

FXS

VoIP

44










45

VoIP Gateway in LAN

Internet

FW

LAN

VoIPProvider

STUN

NAT

public IP address

private IP address

FW–firewall

LAN–localareanetwork

VoIP

46

VoIP Gateway in DMZ

Internet

FW

LAN

DMZ

DMZ–demilitarized zone

NAT

public IP address

private IP address

VoIP

47

VoIP Gateway with public IP

Internet

FW

LAN

DMZ

NAT

public IP address

private IP address

FW

outer firewall

inner firewallVoIP

48










49

IP-PBX

PSTN Internet

FW

LAN

analogtelephone digital (IP)

telephoneIP-PBX

FXS

FXO

50

SIP and Skype

PSTN Internet

PBX

FXS

FXO

FXS

LAN

FXS

PC, FXS-card,Skype software

VoIP

51

VoIP Scenarios Transfer call between two VoIP Providers

dial via caller’s VoIP providertransfer call to company’s VoIP providertransfer call to company’s internal extension

Transfer incoming call to teleworkerteleworker is registered to company’s PBX (no provider)customer calls in via PSTNcompany’s operator transfers call to teleworker*

Setup multi-location corporate infrastructureheadquarter serve as central registrar (no provider)branch offices register to headquarter

*) http://en.wikipedia.org/wiki/Teleworker

52

Two VoIP Providers

PSTN Internet

PBX

FXS

FXO

FXS

VoIP provider A

VoIP provider B

Operator Extension

Caller

VoIP

53

Teleworker

PSTN Internet

PBX

FXS

FXO FXO

Customer

Teleworker

Operator

Mobile Worker

Wi-Fi

VoIP

54

Corporate Infrastructure

PSTN Internet

PBX

FXS

FXO FXO

Customer

Sales Office

Factory

VoIP

55

Q & A

Thomas SiegersSongfuli Co., Ltd.

Taipei, Taiwan松福禮股份有限公司

http://[email protected]


http://www.songfuli.com/

mailto:[email protected]


Date post:	08-May-2015
Category:	Technology
Upload:	thomas-siegers
View:	3,251 times
Download:	1 times