, SIP

3

IP, , , . (NAT)

VoIP. IP- SIP? ?

.

NAT

, NAT .,

. IP- , NAT Contact Via, SDP-

, . NAT OSI, SIP- ;

SDP- IP- (

), , SIP-.

, IP-.

, " " : . , NAT -

. , NAT SIP .

NAT SIP-

SIP- IP- , . IP- SIP received Via

; Via. NAT - , NAT

, , NAT-NAT ; .

RFC 3581 [1], , , Via;

rport Via. , IP- , .

NAT . .

SIP-. SIP ,

, . NAT (

) , SIP- UA NAT, NAT .

, .

1.

.1 REGISTER 8023 5060, NAT (

) . UA,

IP- , Contact . IP-; ,

IP- , , .

NAT ( – ).

: SIP-, ,

. SIP- SIP- re-INVITE, OPTIONS, INFO, NOTIFY ( UDP) ,

.

Managing Client Initiated Connections in SIP (IETF) [2]. .

, . instance-id reg-id Contact

UA , .

NAT.

, NAT UDP ( .2).

2. NAT SIP-

REGISTER Via rport, UAS RFC3581, reg-id +sip.instance Contact:

REGISTER sip:proxy.example.com SIP/2.0 Via: SIP/2.0/UDP client.example.com:5060;rport;branch=z9hG4bK Max-Forwards: 70 Supported: path,gruu From: Client <sip:client@example.com>;tag=djks8732 To: Client <sip:client@example.com> Call-ID: 763hdc73y7dkb37@example.com CSeq: 1 REGISTER

Contact: <sip:client@client.example.com>;reg-id=1 ;+sip.instance="<urn:uuid:00000000-0000-0000-0000-00A95A0E120>" Content-Length: 0

:

SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP client.example.com:5060 ;rport=8050;branch=z9hG4bK;received=192.0.1.2 From: Client <sip:client@example.com>;tag=djks8732 To: Client <sip:client@example.com>;tag=876877 Call-ID: 763hdc73y7dkb37@example.com CSeq: 1 REGISTER WWW-Authenticate: [ ] Content-Length: 0

reg-id +sip.instance , REGISTER, [2]. , IP-

, , received rport Via. RFC 3261 RFC 3581.

IP- , , NAT ,

.

NAT

NAT , IP- , SDP- , ,

NAT ( .3).

3. NAT

Simple Traversal of UDP through NAT (STUN)

NAT NAT [3]. STUN (Simple Traversal of UDP through NAT, RFC 3489 [4]),

NAT STUN-. SIP

IP- NAT STUN. NAT.

* Full Cone NAT – NAT IP- IP- . ,

NAT , , - , , .

IP- , .

* Restricted Cone NAT - , . , , NAT , IP- X

, IP- X.

* Port Restricted Cone NAT – , . IP- X, P,

" NAT , IP- X P.

* Symmetric NAT - IP- IP- IP- .

IP- ., NAT ,

, , .

STUN . STUN ( UA) NAT STUN- . STUN-

, IP- NAT.4). IP- SDP- SIP- (

Via Contact). NAT.

4. STUN

, . STUN NAT SIP ., Port Restricted Cone NAT, - Restricted Cone NAT,

NAT , STUN ., UA NAT " " STUN,

STUN . "" – STUN SIP TCP,

TCP- .

Traversal Using Relay NAT (TURN)

STUN TURN (Traversal Using Relay NAT). TURN IP- (

). TURN- , DMZ , Restricted Cone NAT:

IP- , TURN- .

, TURN- ( ) ( .5).

NAT. IP- Allocate Send;

STUN. TURN TCP UDP.

5. TURN

: . TURN

, " " NAT. , TURN

: STUN [5].

Interactive Connectivity Establishment (ICE)

TURN- RTP- , STUN NAT. " " NAT

IETF ICE (Interactive Connectivity Establishment).

; ICE (framework) STUN TURN SIP.

ICE . . UA IP-

, STUN ( UPnP,Universal Plug and Play) IP- , IP- TURN- .

- .

STUN, - STUN, - TURN- . :

, , .

. (). , ,

.

RTP/RTCP, ,

. , STUN TURN, RTCP, , RTP- , ,

rtcp SDP (RFC 3605) IP- , UA RTCP- .

, ICE , VoIP- . ICE [6].

SIP- , , – TURN. ,

RTP B2BUA ("Back-to-back user agent" – SIP- , SIP UA, ).

NAT IP- Contact.

, , , RTP- UA NAT, IP- NAT- ,

SDP . , NAT ,B2BUA " " IP- , , IP- :

RTP , . RTP , IP- :

B2BUA. ( ) IP- SDP- .

c SDP- . RTP.

: (UA , SDP).

: , , –

NAT. , SDP- .

, -.

Cisco COMEDIA

, [7] IP-, RTP- , IP- ,

( NAT) RTP- . , NAT, RTP-

IP- , , , IP- , RTP- ( ,

). , RFC 3581 [1], .

, COMEDIA . INVITE SDP- :

v=0o=client 28908445312 28908445312 IN IP4 10.1.2.23s=-t=0 0c=IN IP4 10.1.2.23m=audio 49172 RTP/AVP 0a=rtpmap:0 PCMU/8000a=direction:active IN IP4

direction COMEDIA. SDP UAS :

v=0o=client 28908445214 28908445214 IN IP4 client.public.orgs=-t=0 0c=IN IP4 client.public.orgm=audio 54332 RTP/AVP 0a=rtpmap:0 PCMU/8000a=direction:passive IN IP4

UAS UAC , . UAS RTP- IP- , ,

SDP- 10.1.2.23:49172.

COMEDIA Cisco IETF [8] . RFC

4145 - TCP-Based Media Transport in SDP, TCP. , COMEDIA

: IP- : , SDP- ,

. (!) COMEDIA. COMEDIA

.

(ApplicationLayer Gateway, ALG), IP,

. ALG (Session BorderController, SBC) , SIP. ,

., SIP ALG ,

, SIP." SIP ALG

.

UPnP (Universal Plug and Play) SOHO . , VoIP

. , NAT [9].

SIP

IETF SIP Working Group , , SIP-

, . .

SIP . - ,. -

.

. , INVITE

. .

, , , From (

) .

SIP : HTTP (RFC2617 [10]), ( SIP TLS).

HTTP INVITE 407 Proxy Authorization Required, Proxy-

Authenticate, . ACK 407 Proxy Authorization Required INVITE,

- Proxy-Authorization, ( .6).

6.

. .6 INVITE, 407 Proxy Authorization Required INVITE

. , , 407 Proxy Authorization Required 401 Unauthorized,

Authenticate. UA INVITE Authorization.

— , ( )

MD5. SIP Authorization , .

Authentication-Info -, . , -

- TLS S/MIME. , SIP EAP-AKA (RFC 4178 [11]) EAP (Extensible Authentication Protocol, RFC 3478) AKA

(Authentication and Key Agreement, UMTS CDMA2000).

Transport Layer Security (TLS)

HTTP, SIP- Transport Layer Security (TLS). SIP over TLS

, ( , RFC 3261, ,

). SIP over TLS ( .7).

7. TLS

TLS, TLS IPSec ( ,

). SIP ( ),

" . " " .

TLS "" (Man-in-the-Middle). SIP : TLS-

, , ( ) SIP- ,

.

TLS HTTPS,

. SIP . , , TLS-: ,

. , TLS-

. , TLS- " " SIP ,

.

, TLS TCP-,

. , , SYN- TLS- .

RFC 4347 [12], DTLS, UDP. TLS RFC 4346 [13].

Secure MIME (S/MIME)

, , SIP-, :

* SIP URI IP-

* ,

* IP- , ,

* Presence- : , , .

( TLS, ) , SIP-

S/MIME (RFC 3851 [14]). , SIP RFC PGP,

. 23 RFC 3261 S/MIME. , SIP.

S/MIME , SIP.

. . .

, . UA

- ". , S/MIME ,

, .

S/MIME ( .8).

8. S/MIME

.8 SIP- S/MIME. SIP- MIME- "message/sip",

SIP-. ,

S/MIME- . , SIP- : S/MIME.

, . Request-URI, Via, Record-

Route, Route, Max-Forwards, Proxy-Authorization , ( )

.

SIP

RFC 3323 [15] RFC 3325 [16]:

( , , ).

SIP ,

. SIP UA , .

- From -

. [16].

. P-Preferred-Identity P-Asserted-Identity. P-Preferred-

Identity UA . INVITE, From, SIP URI

) P-Preferred-Identity. Privacy, :

"none" - ; P-Asserted-Identity"user" - ; P-Asserted-Identity"id" -

9.

, . P-Asserted-

Identity , . -, ,

P-Asserted-Identity.

. ( .9), P-Asserted-

Identity. ( .10),

(From, Contact, Reply-To, Call-ID, Call-Info, Via,User-Agent, Organization, Server, Subject, In-Reply-To, Record-Route Warning). P-Asserted-Identity

Privacy, Privacy .

10.

, .

, ( UA ) TLS IPSec.

, : , RFC 4474 [17] Identity

Identity-Info , RFC 4916 [18] –

UPDATE .

. RFC 3711 [19] SRTP (Secure Real-time Transport Protocol), RTP

, . PGP ,

ZRTP. Diffie-Hellman SRTP .

[20]. ,

.

RFC 3581 - An Extension to SIP for Symmetric Response RoutingManaging Client Initiated Connections in SIP: http://www.ietf.org/internet-drafts/draft-ietf-sip-

outbound-10.txt " NAT" ( ,

2006)RFC 3489 - Simple Traversal of UDP through NAT (STUN)Traversal Using Relays around NAT (TURN): Relay Extensions to STUN:http://www.ietf.org/internet-drafts/draft-ietf-behave-turn-04.txtInteractive Connectivity Establishment (ICE): A Protocol for NAT Traversal for Offer/AnswerProtocols: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-ice-17.txtSIP: Connection-Oriented Media Enhancements for SIP:http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ftsymnat.htmConnection-Oriented Media Transport in SDP: http://tools.ietf.org/id/draft-ietf-mmusic-sdp-comedia-04.txtBest Current Practices for NAT Traversal for SIP: http://www.ietf.org/internet-drafts/draft-ietf-sipping-nat-scenarios-06.txtRFC 2617 - HTTP Authentication: Basic and Digest Access AuthenticationRFC 4178 - Extensible Authentication Protocol Method for 3rd Generation Authentication andKey Agreement (EAP-AKA)RFC 4347 - Datagram Transport Layer Security (DTLS)RFC 4346 - The Transport Layer Security (TLS) Protocol Version 1.1RFC 3851 - Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 MessageSpecificationRFC 3323 - A Privacy Mechanism for SIPRFC 3325 - Private Extensions to the SIP for Asserted Identity within Trusted NetworksRFC 4474 - Enhancements for Authenticated Identity Management in SIPRFC 4916 - Connected Identity in SIPRFC 3711 - The Secure Real-time Transport Protocol (SRTP)ZRTP: Media Path Key Agreement for Secure RTP: http://www.ietf.org/internet-drafts/draft-zimmermann-avt-zrtp-04.txt