SIP over an Identifier/Locator splittedNext Generation Internet architecture

Christian Esteve Rothenberg, Walter Wong, Fábio L. Verdi, Maurício F. Magalhães

School of Electrical and Computer Engineering (FEEC)State University of Campinas (UNICAMP), Brazil

ICACT08Phoenix Park, South Korea, 18/02/2008

Introduction

• Current Internet architecture presents some limitations to the natural deployment of new services:– Mobility/Multi-homing– Network heterogeneity– Embedded Security

• Existing applications like SIP demand security, mobility support, and operation over IPv4 and IPv6.

Many SIP add-ons: ALG, SBC, TLS , SRTP, S/MIME,etc.

“Patches” approach: NAT, IPSec, Mobile IP,etc.

18/02/2008 2ICACT08

Introduction• Main issue: IP semantic overload

– Transport layer: IP is an identifier (naming)– Network layer: IP is a locator (addressing)

• Consequences– Lack of a stable identifier for

end-to-end communication– Mobility/Multihoming– Heterogeneity– Security

• Solution – Identifier/locator separation

• HIP, IETF RRG LISP, NodeID

Host Identifier

IPv4 IPv6

ID

TCP

UDP

SCTP

RTPRTP

SIPSIP SDPSDPDNSDNSHTTPHTTP

EthernetEthernet

ATMATM

SONETSONETWLANWLAN

Network locator

Network technology

Legacyapplications

……

……

IP

18/02/20083

ICACT08

IP

Introduction

Identifier/locator separation• Introduction of an identification layer between the network

and transport layers (as in HIP)• Identifiers are 32-bit (128-bit in IPv6) flat (topology-free),

persistent and unique node IDs

IdentifierIdentifier

locator

ApplicationApplication

Dynamic binding

socketsocket

ApplicationApplication

locator

socketsocket

locatorlocatorlocatorlocatorlocator

Static binding

<IP:port>src

<IP:port>des

Protocol

<ID:port>src

<ID:port>dest

Protocol

IP = 10.1.1.1IP = 10.1.1.2 IP = 10.1.1.1IP = 10.1.1.2IP = 10.1.2.318/02/2008 4ICACT08

Next Generation Internet Architecture Proposal• Originally inspired by the NodeID architecture

– Global, flat, cryptographic node Identifiers (as in HIP)– Host FQDN assumed

• Extended with Domain IDs (DID)– Scalability (!)

• Routing on flat IDs (DID/NID)– Different to HIP (!)

Background

18/02/2008 5ICACT08

Contribution

Functionalities of our NGI Framework 1:• Name Resolution• Mobility• Multi-homing• Flat Routing• Security• Heterogeneity• Legacy Applications Support

Internal modules

Network

Routing PeerCache

Flat routing

Filter DNSHandler

Legacy appl. support

DHCPDNSDHT RVSExternal Modules

Mobility

RVS ClientGw Msg Srv

DHT Client

DHCP Client

Control plane

Security Mgr

SecurityPacketHandler

IDMapper

Identification layerSecurity

DB

How can an existing application like e.g., SIP operate with and benefit from our NGI Architecture?

How can an existing application like e.g., SIP operate with and benefit from our NGI Architecture?

1 W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, "A Framework for Mobility and Flat Addressing in Heterogeneous Domains", In 25º Brazilian Symposium of Computer Networks and Distributed Systems, SBRC 2007.

18/02/2008 6ICACT08

Scenario under evaluation

18/02/2008 7ICACT08

DR

DR

(1)(2)

RVS

RVS

DHT

DHT

DHTInternet

Core (IPv4)

Domain1atlanta.com

(3)

(4)

(5)

P1

DNS

Domain2biloxi.com

P2

FQDN1 (hostname1.sth.atlanta.com)NID1 (32-bit)UA1 (sip:alice@atlanta.com)

FQDN1 (hostname1.sth.atlanta.com)NID1 (32-bit)UA1 (sip:alice@atlanta.com)

UA2 (sip:bob@biloxi.com)NID2 (32-bit)FQDN2 (hostname2.sth.biloxi.com)

UA2 (sip:bob@biloxi.com)NID2 (32-bit)FQDN2 (hostname2.sth.biloxi.com)

INVITE sip:bob@biloxi.comTo: sip:bob@biloxi.comFrom: sip:alice@atlanta.comContact: FQDN1o= FQDN1c= NID1 …

INVITE sip:bob@biloxi.comTo: sip:bob@biloxi.comFrom: sip:alice@atlanta.comContact: FQDN1o= FQDN1c= NID1 …

sip_proxy1.atlanta.com

sip_proxy2.biloxi.com

DNS

NID (32 / 128 bits) Locator

PublicKey

Node Identity

FQDN

Hash()Network Address(IPv4 / IPv6)

localglobal, unique

user

domain

@

Resolution()

PrivateKey

SIP URI

Transparent namingHostnames• FQDN can be assumed as global

name space for all hosts– Enabled by the unique and

global-scope NIDs• SIP RFC 3261 RECOMMENDS

use of FQDN form names Name resolution• SIP UA DNS requests (gethostbyname(), SIP SRV) intercepted • NIDs returned to the SIP application as typical IP addreses.Transparent architecture features• The architecture handles the dynamic locator binding,

security associations, flat routing, etc.

Filter DNSHandler

Legacy appl. support

SecurityPacketHandler

IDMapper

Identification layerSecurity

DB

Routing PeerCache

Flat routing

18/02/2008 8ICACT08

Transparency

IPIP UDPUDP PayloadPayloadIPIP UDP Payload

PayloadNIHNIH

UDPIP

PayloadNIHNIH

PayloadNetwork

Legacy SIP & RTP packets

NID Header

Source address = source NIDDestination address = dest NID

Source address = source NIDDestination address = dest NID

Src <NID, DID>Dst <NID, DID>Src <NID, DID>Dst <NID, DID>

18/02/2008 9ICACT08

Security

• Embedded on the identification layer (HIP-like)– NIDs are cryptographic hashes of public keys– Enables nodes to self-claim their identities– Authentication based on public key infrastructure (PKI)

• Provides single secure channel between peers– For all communications, all applications

A B

HDR, CERT, nonce

HDR, {CERT, DHB, nonce}, sig

HDR, {DHA}, sig.

18/02/2008 10ICACT08

• Periodic locator updates in the Rendezvous Server• Mobility event transparent to applications (SIP clients)• TCP connections survived network reconfigurations• RTP stream “seamless” recovered

Mobility

10 experiments, with RVS Update every 3s and G.729 (20ms) coded RTP payload.

W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, “An Architecture for Mobility Support in a Next Generation Internet”, In IEEE 22nd International Conference on Advanced Information Networking and Applications (AINA), Japan, March 2008

W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, “An Architecture for Mobility Support in a Next Generation Internet”, In IEEE 22nd International Conference on Advanced Information Networking and Applications (AINA), Japan, March 2008

18/02/2008 11ICACT08

Performance

• Signaling overhead– Extra interactions required– SIP session establishment

time difference negligible in our testbed environment

• VoIP bandwidth overhead– Comparable to other

security schemes– Header compression

possible

18/02/2008 12ICACT08

ID H

E S P /A H

ID H

E S P /A H

ID HID H

E S P /A H

Related Work

• Next Generation Internet architectures– FARA, i3, TRIAD, ROFL, DONA– Node Identity Internetworking Architecture (NodeID),

draft-schuetz-nid-arch-00, Sep. 07 • ID/Loc separation

– HIP, IETF RRG (LISP, NERD, etc.)– ITU-T, “Separation of IP into identifier and locator in NGN”,

Draft Recommendation Y.ipsplit, Jan. 07• Interactions of HIP with SIP

– P2PSIP, SHIP, draft-tschofenig-hiprg-host-identities, Jun. 07

18/02/2008 13ICACT08

Future Work• DID/NID flat routing approach

– Scalability – Domain mobility (Submitted paper)

• Security model (HIP inspired)– Comparison to related work on security (Paper in progress)

• Enhanced name resolution mechanims (DHT-based)– DID router resolution in the Internet Core

• Extend our framework towards a data-oriented / content-centric paradigm

18/02/2008 14ICACT08

Conclusion• Framework to instantiate NGI proposals• ID/Loc separation implementable

– Validated the claim of existing application support– Contribution towards a Next Generation Internet arch.

• Benefits from ID/Loc adoption:– Native network mobility support

• Transparent to applications– Native security based on the identification layer

• E2E single secure channel– Operation over heterogeneous realms (IPv4/IPv6)

• Affordable overhead (signaling, BW, computation)

18/02/2008 15ICACT08

Thank you! Questions?

18/02/2008 16ICACT08

Backup

18/02/2008 17ICACT08

References• J. F. Shoch, "Inter-Network Naming, Addressing, and Routing." In Proceedings of IEEE COMPCON,

Fall, 1979.• J. Chiappa, "Endpoints and Endpoint Names: A Proposed Enhancement to the Internet

Architecture", [Online]. Available: http://users.exis.net/~jnc/tech/endpoints.txt, 1999.• R. Jain, “Internet 3.0: Ten Problems with Current Internet Architecture and Solutions for the Next

Generation,” Military Communications Conference MILCOM, Washington, DC, October 23-25, 2006.

• I. Stoica, D. Adkins, S. Zhuang, S. Shenker and S. Surana, "Internet Indirection Infrastructure," In Proceedings of SIGCOMM 2002.

• M. Caesar, K. Lakshminarayana and et al. “ROFL: Routing on Flat Labels”. In Proceedings of SIGCOMM 2006.

• B. Ahlgren, J. Arkko, L. Eggert and J. Rajahalme. “A Node Identity Internetworking Architecture”. In Proceedings of the IEEE INFOCOM 2006 Global Internet Workshop, Spain, 2006.

• P. Nikander. "Implications of Identifier / Locator Split", Helsinki University of Technology (TKK) NETS 1a morning coffee, Dec. 2004. D. Farinacci et al. “Locator/ID Separation Protocol (LISP)”. IETF Draft, draft-farinacci-lisp-02 (work in progress), July 2007.

• ITU-T, “Separation of IP into identifier and locator in NGN”, Draft Recommendation Y.ipsplit, Beijing, China, 8-12 January 2007.

18/02/2008 18ICACT08

References• S. Schuetz, R. Winter, L. Burness, P. Eardley and B. Ahlgren, "Node Identity Internetworking

Architecture", IETF Internet-Draft draft-schuetz-nid-arch-00 (work in progress), September 2007. • W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, "A Framework for

Mobility and Flat Addressing in Heterogeneous Domains", In 25º Brazilian Symposium of Computer Networks and Distributed Systems 2007, SBRC 2007, Brazil May 2007.

• W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, “An Architecture for Mobility Support in a Next Generation Internet”, In IEEE 22nd International Conference on Advanced Information Networking and Applications (AINA), Japan, March 2008

• J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002

• R. Moskowitz and P. Nikander, "Host Identity Protocol (HIP) Architecture", RFC 4423, May 2006. • B. Ahlgren, L. Eggert, B. Ohlman, J. Rajahalme, and A. Schieder, “Names, addresses and identities

in ambient networks”. 1st ACM Workshop on Dynamic interconnection of Networks, September 2005

• J. Rosenberg and H. Schulzrinne, "Session Initiation Protocol (SIP): Locating SIP Servers", RFC 3263, June 2002.

• M. Handley, V. Jacobson and C. Perkins, "SDP: Session Description Protocol", RFC 4566, July 2006.

18/02/2008 19ICACT08

References• J. Y. H. So, J. Wang, and D. Jones, "SHIP Mobility Management Hybrid SIP-HIP Scheme," In

Proceedings of Sixth SNPD/SAWN International Conference, USA, 2005.• H. Tschofenig, J. Ott, H. Schulzrinne, T.Henderson, and G. Camarillo, "Interaction between

SIP and HIP", draft-tschofenig-hiprg-host-identities (work in process), Internet-Draft, IETF, June 2007

• D. Geneiatakis et al. "Survey of Security Vulnerabilities in Session Initiation Protocol", IEEE Communications Surveys and Tutorials, vol. 8 (3), IEEE Press, 2006, pp. 68–81.

• H. Schulzrinne and E. Wedlund, “Application Layer Mobility using SIP”, ACM Mobile Computing and Communications Review, vol. 4,, July 2000.

• D. Le, X. Fu and D. Hogrefe, “A Review of Mobility Support Paradigms for the Internet”, IEEE Communications Surveys and Tutorials, Jan 2006.

• A. Botta, A. Dainotti and A. Pescapè, "Multi-protocol and multi-platform traffic generation and measurement", INFOCOM 2007 DEMO Session, May 2007, Anchorage (Alaska, USA).

• Open SIP Express Router, [Online]. Available: http://www.openser.org/• SIPp, traffic generator, [Online]. Available

18/02/2008 20ICACT08

Architecture

Rede

Routing PeerCache

Flat routing

Filter DNSHandler

Legacy appl. support

Internal modules

DHCPDNSDHT RVSExternal Modules

Mobility

RVS ClientGw Msg Srv

DHT Client

DHCP Client

Control plane

Security Mgr

SecurityPacketHandler

IDMapper

Identification layer

SecurityDB

18/02/2008 21ICACT08