, SIP
3
IP, , , . (NAT)
VoIP. IP- SIP? ?
.
NAT
, NAT .,
. IP- , NAT Contact Via, SDP-
, . NAT OSI, SIP- ;
SDP- IP- (
), , SIP-.
, IP-.
, " " : . , NAT -
. , NAT SIP .
NAT SIP-
SIP- IP- , . IP- SIP received Via
; Via. NAT - , NAT
, , NAT-NAT ; .
RFC 3581 [1], , , Via;
rport Via. , IP- , .
NAT . .
SIP-. SIP ,
, . NAT (
) , SIP- UA NAT, NAT .
, .
1.
.1 REGISTER 8023 5060, NAT (
) . UA,
IP- , Contact . IP-; ,
IP- , , .
NAT ( – ).
: SIP-, ,
. SIP- SIP- re-INVITE, OPTIONS, INFO, NOTIFY ( UDP) ,
.
Managing Client Initiated Connections in SIP (IETF) [2]. .
, . instance-id reg-id Contact
UA , .
NAT.
, NAT UDP ( .2).
2. NAT SIP-
REGISTER Via rport, UAS RFC3581, reg-id +sip.instance Contact:
REGISTER sip:proxy.example.com SIP/2.0 Via: SIP/2.0/UDP client.example.com:5060;rport;branch=z9hG4bK Max-Forwards: 70 Supported: path,gruu From: Client <sip:[email protected]>;tag=djks8732 To: Client <sip:[email protected]> Call-ID: [email protected] CSeq: 1 REGISTER
Contact: <sip:[email protected]>;reg-id=1 ;+sip.instance="<urn:uuid:00000000-0000-0000-0000-00A95A0E120>" Content-Length: 0
:
SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP client.example.com:5060 ;rport=8050;branch=z9hG4bK;received=192.0.1.2 From: Client <sip:[email protected]>;tag=djks8732 To: Client <sip:[email protected]>;tag=876877 Call-ID: [email protected] CSeq: 1 REGISTER WWW-Authenticate: [ ] Content-Length: 0
reg-id +sip.instance , REGISTER, [2]. , IP-
, , received rport Via. RFC 3261 RFC 3581.
IP- , , NAT ,
.
NAT
NAT , IP- , SDP- , ,
NAT ( .3).
3. NAT
Simple Traversal of UDP through NAT (STUN)
NAT NAT [3]. STUN (Simple Traversal of UDP through NAT, RFC 3489 [4]),
NAT STUN-. SIP
IP- NAT STUN. NAT.
* Full Cone NAT – NAT IP- IP- . ,
NAT , , - , , .
IP- , .
* Restricted Cone NAT - , . , , NAT , IP- X
, IP- X.
* Port Restricted Cone NAT – , . IP- X, P,
" NAT , IP- X P.
* Symmetric NAT - IP- IP- IP- .
IP- ., NAT ,
, , .
STUN . STUN ( UA) NAT STUN- . STUN-
, IP- NAT.4). IP- SDP- SIP- (
Via Contact). NAT.
4. STUN
, . STUN NAT SIP ., Port Restricted Cone NAT, - Restricted Cone NAT,
NAT , STUN ., UA NAT " " STUN,
STUN . "" – STUN SIP TCP,
TCP- .
Traversal Using Relay NAT (TURN)
STUN TURN (Traversal Using Relay NAT). TURN IP- (
). TURN- , DMZ , Restricted Cone NAT:
IP- , TURN- .
, TURN- ( ) ( .5).
NAT. IP- Allocate Send;
STUN. TURN TCP UDP.
5. TURN
: . TURN
, " " NAT. , TURN
: STUN [5].
Interactive Connectivity Establishment (ICE)
TURN- RTP- , STUN NAT. " " NAT
IETF ICE (Interactive Connectivity Establishment).
; ICE (framework) STUN TURN SIP.
ICE . . UA IP-
, STUN ( UPnP,Universal Plug and Play) IP- , IP- TURN- .
- .
STUN, - STUN, - TURN- . :
, , .
. (). , ,
.
RTP/RTCP, ,
. , STUN TURN, RTCP, , RTP- , ,
rtcp SDP (RFC 3605) IP- , UA RTCP- .
, ICE , VoIP- . ICE [6].
SIP- , , – TURN. ,
RTP B2BUA ("Back-to-back user agent" – SIP- , SIP UA, ).
NAT IP- Contact.
, , , RTP- UA NAT, IP- NAT- ,
SDP . , NAT ,B2BUA " " IP- , , IP- :
RTP , . RTP , IP- :
B2BUA. ( ) IP- SDP- .
c SDP- . RTP.
: (UA , SDP).
: , , –
NAT. , SDP- .
, -.
Cisco COMEDIA
, [7] IP-, RTP- , IP- ,
( NAT) RTP- . , NAT, RTP-
IP- , , , IP- , RTP- ( ,
). , RFC 3581 [1], .
, COMEDIA . INVITE SDP- :
v=0o=client 28908445312 28908445312 IN IP4 10.1.2.23s=-t=0 0c=IN IP4 10.1.2.23m=audio 49172 RTP/AVP 0a=rtpmap:0 PCMU/8000a=direction:active IN IP4
direction COMEDIA. SDP UAS :
v=0o=client 28908445214 28908445214 IN IP4 client.public.orgs=-t=0 0c=IN IP4 client.public.orgm=audio 54332 RTP/AVP 0a=rtpmap:0 PCMU/8000a=direction:passive IN IP4
UAS UAC , . UAS RTP- IP- , ,
SDP- 10.1.2.23:49172.
COMEDIA Cisco IETF [8] . RFC
4145 - TCP-Based Media Transport in SDP, TCP. , COMEDIA
: IP- : , SDP- ,
. (!) COMEDIA. COMEDIA
.
(ApplicationLayer Gateway, ALG), IP,
. ALG (Session BorderController, SBC) , SIP. ,
., SIP ALG ,
, SIP." SIP ALG
.
UPnP (Universal Plug and Play) SOHO . , VoIP
. , NAT [9].
SIP
IETF SIP Working Group , , SIP-
, . .
SIP . - ,. -
.
. , INVITE
. .
, , , From (
) .
SIP : HTTP (RFC2617 [10]), ( SIP TLS).
HTTP INVITE 407 Proxy Authorization Required, Proxy-
Authenticate, . ACK 407 Proxy Authorization Required INVITE,
- Proxy-Authorization, ( .6).
6.
. .6 INVITE, 407 Proxy Authorization Required INVITE
. , , 407 Proxy Authorization Required 401 Unauthorized,
Authenticate. UA INVITE Authorization.
— , ( )
MD5. SIP Authorization , .
Authentication-Info -, . , -
- TLS S/MIME. , SIP EAP-AKA (RFC 4178 [11]) EAP (Extensible Authentication Protocol, RFC 3478) AKA
(Authentication and Key Agreement, UMTS CDMA2000).
Transport Layer Security (TLS)
HTTP, SIP- Transport Layer Security (TLS). SIP over TLS
, ( , RFC 3261, ,
). SIP over TLS ( .7).
7. TLS
TLS, TLS IPSec ( ,
). SIP ( ),
" . " " .
TLS "" (Man-in-the-Middle). SIP : TLS-
, , ( ) SIP- ,
.
TLS HTTPS,
. SIP . , , TLS-: ,
. , TLS-
. , TLS- " " SIP ,
.
, TLS TCP-,
. , , SYN- TLS- .
RFC 4347 [12], DTLS, UDP. TLS RFC 4346 [13].
Secure MIME (S/MIME)
, , SIP-, :
* SIP URI IP-
* ,
* IP- , ,
* Presence- : , , .
( TLS, ) , SIP-
S/MIME (RFC 3851 [14]). , SIP RFC PGP,
. 23 RFC 3261 S/MIME. , SIP.
S/MIME , SIP.
. . .
, . UA
- ". , S/MIME ,
, .
S/MIME ( .8).
8. S/MIME
.8 SIP- S/MIME. SIP- MIME- "message/sip",
SIP-. ,
S/MIME- . , SIP- : S/MIME.
, . Request-URI, Via, Record-
Route, Route, Max-Forwards, Proxy-Authorization , ( )
.
SIP
RFC 3323 [15] RFC 3325 [16]:
( , , ).
SIP ,
. SIP UA , .
- From -
. [16].
. P-Preferred-Identity P-Asserted-Identity. P-Preferred-
Identity UA . INVITE, From, SIP URI
) P-Preferred-Identity. Privacy, :
"none" - ; P-Asserted-Identity"user" - ; P-Asserted-Identity"id" -
9.
, . P-Asserted-
Identity , . -, ,
P-Asserted-Identity.
. ( .9), P-Asserted-
Identity. ( .10),
(From, Contact, Reply-To, Call-ID, Call-Info, Via,User-Agent, Organization, Server, Subject, In-Reply-To, Record-Route Warning). P-Asserted-Identity
Privacy, Privacy .
10.
, .
, ( UA ) TLS IPSec.
, : , RFC 4474 [17] Identity
Identity-Info , RFC 4916 [18] –
UPDATE .
. RFC 3711 [19] SRTP (Secure Real-time Transport Protocol), RTP
, . PGP ,
ZRTP. Diffie-Hellman SRTP .
[20]. ,
.
RFC 3581 - An Extension to SIP for Symmetric Response RoutingManaging Client Initiated Connections in SIP: http://www.ietf.org/internet-drafts/draft-ietf-sip-
outbound-10.txt " NAT" ( ,
2006)RFC 3489 - Simple Traversal of UDP through NAT (STUN)Traversal Using Relays around NAT (TURN): Relay Extensions to STUN:http://www.ietf.org/internet-drafts/draft-ietf-behave-turn-04.txtInteractive Connectivity Establishment (ICE): A Protocol for NAT Traversal for Offer/AnswerProtocols: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-ice-17.txtSIP: Connection-Oriented Media Enhancements for SIP:http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ftsymnat.htmConnection-Oriented Media Transport in SDP: http://tools.ietf.org/id/draft-ietf-mmusic-sdp-comedia-04.txtBest Current Practices for NAT Traversal for SIP: http://www.ietf.org/internet-drafts/draft-ietf-sipping-nat-scenarios-06.txtRFC 2617 - HTTP Authentication: Basic and Digest Access AuthenticationRFC 4178 - Extensible Authentication Protocol Method for 3rd Generation Authentication andKey Agreement (EAP-AKA)RFC 4347 - Datagram Transport Layer Security (DTLS)RFC 4346 - The Transport Layer Security (TLS) Protocol Version 1.1RFC 3851 - Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 MessageSpecificationRFC 3323 - A Privacy Mechanism for SIPRFC 3325 - Private Extensions to the SIP for Asserted Identity within Trusted NetworksRFC 4474 - Enhancements for Authenticated Identity Management in SIPRFC 4916 - Connected Identity in SIPRFC 3711 - The Secure Real-time Transport Protocol (SRTP)ZRTP: Media Path Key Agreement for Secure RTP: http://www.ietf.org/internet-drafts/draft-zimmermann-avt-zrtp-04.txt