Upload
earl-nicholson
View
216
Download
3
Embed Size (px)
Citation preview
Lecture 10. P2P VoIP
D. Moltchanov, TUT, Spring 2008
D. Moltchanov, TUT, Fall 2014
OutlineWhat is VoIP2G VoIP system: SIP-based
ArchitectureAll-IP callsPSTN-IP-PSTN callMessages and formats
3G VoIP system: P2P SkypeCapabilitiesLogin to the networkCallingSecurity features
Future VoIP systems: P2P SIP?
VoIP basics
What is VoIPVoIP definition
Specific sets of protocols to carry voice over the IPIP can be private or public InternetEarly provided by operators, now by third parties
The way VoIP is implemented evolved over time
Starting from late 90s
End devicesHardware phonesSoftware phones
Benefits of using VoIPOperational costs
No need for two separate networks (voice and data)Rich set of free features e.g. conference, forwarding…Lower costs since only Internet access is needed
Compare pricing scheme: flat for IP vs. per minute
FlexibilityMore than one call over a connectionCalls can be encryptedLocation independentIntegration with other servicesComputer + phone
Note: Internet to Internet calls are free…
VoIP evolution
2G VoIP systems: SIP
2G systems: protocolsData transmission: data plane
Real-time transport protocol (RTP)Real-time control protocol (RTCP)
Signaling: control planeH.323Session initiation protocol (SIP)
Location service: control planeProxiesFinding via DNS SVR
PSTN-IP gateways: control planeMedia gateway control protocol (MGCP)H.248 (similar to MGCP)
Description of codecs used: control planeSession description protocol (SDP)
2G VoIP infrastructure: SIP+RTPSIP+RTP makes a perfect combination
DNS is for proxy resolution
SIPWhat it does
Setup, control, terminate callsEnd-to-end signalingAllows for end system and MG control signaling
PropertiesPartially distributedText based (you may read messages in e.g. Wireshark)Simple (simpler than H.323)Limited but sufficient functionality (i.e. optimized)
FunctionalityPoint-to-point and multipoint callsAdditional featuresURL are used for addresses (e.g. sip:[email protected])
Basic call: all-IP
Basic call: PSTN-IP-PSTN
Reality is a bit more complicatedHow do we know where to call to?
All parties need to be registered with SIP serversWhich server to register with?Multicast to all known SIP proxies “sip.mcast.net” (224.0.1.75)
How to find the person?SVR (service record) in DNS servers for proxy resolutionSpecifies the location of proxy server for a specific serviceThat’s why we had DNS servers there
What is about type of the media?I use G.711, G.723, G.729, your client may prefer G.729Use SDP (session description protocol)
SIP calling
Requesting presence info Alice wants to be informed when Bob is online
Registering and notifying Bob goes online, Alice is notified
SIP messages: RFC 3261REGISTER
Register and notify proxy about its IP and URLs
INVITE Establish a media session between users
ACKConfirms reliable message exchanges
CANCEL Terminates a pending request
BYE Tears down a session between two users in a conference
OPTIONSSolicits info about the capabilities
SUBSCRIBEGet notifications
SDP: RFC 2327Media streams
A session can include multiple streams of differing content. SDP currently: audio, video, data, control, and application
AddressesIndicates the destination addresses
PortsUDP ports for each stream
Payload typesMedia format for each stream
Start and stop timesFor broadcasting (radio, video)
OriginatorFor broadcasting
2G systems: what we see?SIP almost makes a P2P system. Why?
Data connection goes directly between partiesControl is still performed using servers
Similar to “almost P2P” platforms?Music sharing (actually, file sharing) systems of late 90sNapsterAudiogalaxy
Audiogalaxy example You login using a specific agentAgent imports your song titles to the common DBOnce you need something you search through this DBResult is IP of the systems holding this title
3G VoIP systems: P2P Skype
What is Skype?A P2P application for
Primarily, VoIPVideo calls added recentlyInstant messagingFile transfers
Proprietary signalingNegotiable voice codecsProprietary encodersGateways to/from PSTN/SIP
Interesting featuresWorks well in almost all network conditionsWorks across NATs and firewalls
Overlay networkConsists of
Skype clients (SCs)Supernodes (SNs)Login serverHTTP server
ClientUsed to make activitiesStores configurationConnected to some SNsStores few SN addressesUpdates them periodically
Functionality of elementsSupernode
A node that can accept incoming TCP connectionsPreferably has enough CPU, memory, and BWPreferably not behind firewall or NATThere are default supernodesDo signaling directly with other SNsSometimes perform signaling and data transfer for SCs
Login serverEnsures that names are uniqueAuthentication point
HTTP serverUsed for updates
Skype featuresCodecs
Default: wideband 16KHz sampling, 5Kb per direction140pcks/s., 67 bytes of payload
Ports80 HTTP, 443 HTTPS TCPRandom UDP ports
Coding and encryptionEverything is encrypted using AESKeys: 256 bits, symmetricRSA for exchanging the symmetric keys
Host cacheSupernode list (IP, port) to fasten up the process, 200 entriesUpdated periodically, some SNs are always there
Login: joining the overlayContacting central servers
Authentification/authorizationLooking for updates at HTTP
Joining the overlayRefresh of SN list (shared.xml)
List containing SNsSends UDP packet to a default SN
Chooses a certain SN Opens TCP with connection with this SNConnection is maintained throughout a sessionExchanges info on on-line nodes
Testing for SN capabilitiesClient sometimes checks whether it could be a new SN
Login: firewall blockingIf firewall blocks UDP for SN list refreshing
Establishes TCP connections with few SNsGets info on the SN listAll but one connections are torn down
If firewall blocks connection to the login serverUses SN as a relay to authenticate
CallingSignaling
Using TCP connection directlyOverlay if impossible otherwiseMedia is carried using UDP
Procedure is as followsA queries SNs for the address of BOnce obtained signaling is done directly using TCPThen voice is carried using UDP
Calling: firewall blocks UDPSignaling by SNs on behalf of usersMedia: via TCP using 4 SNs as relays
Calling: port-restricted NATStep 1
User A gets address of SN of BSends UDP query containing its external addressSN of B replies with external address of B
Step 2A and B establish UDP flow using hole punchingA and B establish TCP connection using 4 SNs as relay
Calling: symmetric NATStep 1
A obtains the address of B
Step 2Trying hole punchingIt does not work (symmetric NAT)
Step 3They use TCP via 4 SNs as relays
Some factsSkype completely fails when firewall blocks UDP and TCP
This is exceptionally rareMechanism 1: hole punchingMechanism 2: tunneling via SNMechanism 3: use of overlay
Trying to use direct connections as much as possibleSNs may tear downNodes may overload overlay
Skype is seen as unwanted by enterprisesMay traverse firewalls, NATsMay bring unwanted stuff
Security: self-securityIt is not open source!Binary code
Parts of the binary are encryptedCode is decrypted in memory in run-time
Contains checks forPresence of a debuggerCode modificationResult: stops of crushes
Security: network securityFacts
Uses a proprietary protocolEncrypts all the traffic
Signaling packetsPayload: encrypted using RC4 streamRC4 key can be recovered from the packet
VoIP packetsEncrypted using AESOnly sender and receiver can decrypt
Future: P2P SIP?
What do we want?A bit more competition + open architecture
Goals and motivationGet rid of SIP serversNo fixed topologyAudio/video/IM all-in-oneInteroperability with SIP
PossibleJoin DHTQuery position in DHTUpdate neighborsRepeat periodically
More info at: http://www.p2psip.org/