Embed Size (px)
Citation preview
The Internet Real-Time The Internet Real-Time LaboratoryLaboratory
Prof. Henning SchulzrinneFeb 2006
http://www.cs.columbia.edu/IRT
Current membersCurrent members IRT lab: 1 faculty, 1 post-doc, 13 PhD, 6 MS
GRAs, 2 visitors and a researcher: total 24 China, Germany, Hong Kong, India, Italy,
Israel, Japan, Korea, Pakistan, USA
SponsorsSponsorsEquipment grants and student support: past and Equipment grants and student support: past and presentpresent
Research topicsResearch topics
Internet Real-Time Systems
Multimedia collaboration
911 calls on Internet
Reliability and scalability
Peer-to-peer systems
Ubiquitous computing
Service discovery
Mobile and ad hoc
Wireless telephony
presence
Programmable services
Enterprise IP telephony
Security
Global service discoveryGlobal service discoveryThe problemThe problem
Knarig Arabshian
Current protocols: Local network (not Internet) Limited description or query --
attribute-value or interface matching We need:
A global service discovery architecture
Scalable (avoid central dependency) Robust and self adjusting Use modern description logic (OWL)
Global service discoveryGlobal service discoveryGloServ: Hierarchical P2P Global Service Discovery GloServ: Hierarchical P2P Global Service Discovery ArchitectureArchitecture
Knarig Arabshian
4) Send the query to theclosest high-level server
that is known
Service
Restaurant Travel Medical Communication
Destination Flights Agencies
Hotel Bed&Breakfastdomain: hotel.destination.service
2) Map the word “inn” to “hotel”
1) Query for “inn” is issued
3) Look up the domain ofthe equivalent server orclosely related server inthe primitive skeleton
ontology
1
34
2
Hotel
hostel inn rooming lodging motel
Classify services using OWL
Use service classification to map ontology to a hierarchical P2P network (using CAN for p2p)
Bootstrap servers using information in ontology
Intelligent registration and querying
Global service discoveryGlobal service discoveryGloServ: Hierarchical P2P Global Service Discovery GloServ: Hierarchical P2P Global Service Discovery ArchitectureArchitecture
(CampGround) 3
3(Sightseeing)
(Hotel) 20
hasActivity
<1,2> <3,2><1,3> <3,3><2,1><2,2> . . . <2,3> <10,2> <10,3>
ha
sA
cc
om
mo
da
tio
n
(Budget) 2
1(Sports)
2(Adventure)
CAN DHTdistribution of properties
CAN DHT
CAN DHT
CAN DHT
CAN DHT
Knarig Arabshian
7DS 7DS The problem and overview of 7DSThe problem and overview of 7DS
The opportunity Wireless infrastructure slow to emerge (3G $$$) 802.11b cheap and simple to deploy Mobile devices spread data in densely populated
areas (e.g., NYC)
What is 7DS? Content-independent: works for any web object Uses standard caching mechanism After 25’, 90% of interested users have data Also, data upload:
Wing Yuen (Andy)
7DS 7DS Overview of the networksOverview of the networks
Two nodes communicate when they are in proximity
Small transmit power Optimal # neighbor ≈1
Large end-to-end throughput
Trade off capacity with delay
Ad hoc network; example:
Wing Yuen (Andy)
Mobile node
path
7DS7DSEmail upload applicationEmail upload application
Objective: purge message replicas
Time-based scheme Purge message when TTL expires
Hop-based scheme Decrement b in each node
encounter Purge message when b=0
Evaluate storage and storage-time cost
Optimal depth=2, select breadth such that prob. delivery =1
Wing Yuen (Andy)
depth=4
breadth=2
7DS7DSfor mobile platformsfor mobile platforms
Source: ARCChart – Developing for Mobile Environments
Derek
Wireless VoIPWireless VoIPOverview of the network and problemsOverview of the network and problems
Sangho ShinAndrea Forte
R1
AP2 AP1
Internet
Access-point
Router
Subnet A
Subnet BR2
Layer 2 handoff
Layer
3
handoff
Handoff delay (Layer 2 and Layer 3)Limited capacityCall admission control
Wireless VoIPWireless VoIPProblems and solutionsProblems and solutions
Layer 2 (MAC) & Layer 3 (IP) Handoff
Selective Scanning & Caching Fast L3 Handoff using temp IP Cooperative handoff
Limited capacity Dynamic PCF (DPCF) Adaptive Priority Control (APC)
Call admission control Virtual Traffic Generation
Improving VoIP capacity Bandwidth
IEEE 802.11a/b/g : 11~ 54 Mb/s Actual throughput
Except overhead: 2~20 Mb/s Ethernet (100-1000 Mb/s) >> WLANs Need to improve Capacity for VoIP.
Sangho ShinAndrea Forte
Too many clients or, simultaneous calls in an AP deterioration of QoS
Need Call Admission Control (CAC)
Wireless VoIPWireless VoIPPassive DAD (1/2)Passive DAD (1/2)
Duplicate Address Detection (DAD)Before the DHCP server decides to assign an IP address, it has to be sure that such address is not already in use. In order to do this, the DHCP server sends ICMP Echo requests and waits for ICMP Echo replies.
The delay introduced by DAD is in the order of seconds!
Passive DAD (P-DAD)We introduce a new agent, namely Address Usage Collector (AUC), which collects information about the IP addresses in use in its subnet. The AUC will then inform the DHCP server about IP addresses already in use in a particular subnet.
Sangho ShinAndrea Forte
Wireless VoIPWireless VoIPPassive DAD (2/2)Passive DAD (2/2)
Address Usage Collector (AUC)
DHCP server
Router/relay agent
SUBNET
AUC builds DUID:MAC pair table (DHCP traffic only). AUC builds IP:MAC pair table (broadcast and ARP traffic). Whenever a new pair is added to the table or if a potential
unauthorized IP is detected, the AUC sends the pair to the DHCP server.
DHCP server checks if the pair is correct or not and it records the IP address as in use.
IP MAC ExpireIP1 MAC1 570
IP2 MAC2 580
IP3 MAC3 590IP4 DUID4
Broadcast-ARP/DHCP
ARP checking AUC scans unused IPs using ARP query periodically. Silent nodes can be detected.
Client ID MACDUID1 MAC1
DUID2 MAC2
DUID3 MAC3
TCP Connection
Sangho ShinAndrea Forte
Wireless VoIPWireless VoIPProblems of the current DADProblems of the current DAD
In wireless networks, it takes long time to get ICMP echo response, or even the response can be lost when the channel is very congested.
Windows XP SP2 activates the firewall, and the firewall blocks incoming ICMP echo by default.
ISC DHCP software has a bug in the DAD timer, and the timer value is decided between 0 ~ 1 sec randomly.
Sangho ShinAndrea Forte
VoIP real world app.VoIP real world app.Training air traffic controllers at FAATraining air traffic controllers at FAA
Existing communication system Voice communications network
Analog, fixed point-to-point connections Fast Ethernet data network Video network Depends on analog, hard-wired communication systems that use
obsolete parts no longer available without custom manufacture What the project is?
Simulate a FAA classroom Classroom has student, pilot and an instructor workstation Student plays the role of an ATC, who is trained by the pilot. Student and pilot communicate to each other, via a notion of
frequency (unicast) and facility (multicast) What am I doing?
Feature enhancements Get the project successfully deployed on-site Development of robust audio tool on Windows platform
Venkata S. MalladiAnurag Chakravarti
Session peeringSession peeringfor multimedia and VoIP interconnectfor multimedia and VoIP interconnect
Motivation: expenses, overhead, flexibility of end-to-end IP-based services.
How it is done: switch fabric, rules and regulations that manage sending and receiving data among one another.
Challenges: Architecture, QoS, Security, Operations Support Services, Reliability, Protocol Interoperability, Call routing, ENUM, etc.
Charles Shen
IP Phone
IP PhoneSIP basedNetwork
PSTNPSTN (telephone)
SIP basedNetwork
Existing architecture
Direct Peering
ENUMENUMMarriage of Internet and telephone numberingMarriage of Internet and telephone numbering
Bridges traditional telephony with Internet capabilities into a platform for new services and applications.
Charles Shen
SIP Proxy
SIP ProxyEnum Server
[1] Caller dials callee’s normal phone number
212-939-7040
[2] Caller’s proxy queries Enum for 0.4.0.7.9.3.9.2.1.2.1.e164.arpa and gets response sip:[email protected]
[3] Caller’s proxy receives response sip:[email protected] and proceed to set up call with the callee
Caller
Callee
Session peering and ENUMSession peering and ENUMStatus quo and our workStatus quo and our work
WGs in standardization bodies such as IETF SPEERMINT, ENUM WG and SIPForum technical WG are working on requirements and architecture details for a Session Peering for Multimedia Interconnect architecture.
I am currently involved in ENUM server performance investigation and expected to contribute to other parts of the peering architecture as well.
Also related: SIP Scalability Performance Study.
Charles Shen
NG 9-1-1NG 9-1-1Overview of the NG911 projectOverview of the NG911 project
Traditional 9-1-1 system Does not work well for calls from Internet phones!
Two (related) fundamental problems Where is the caller? To which PSAP (call center) should the call go?
Other problems Going beyond the traditional 9-1-1 functionalities
Multimedia (audio + video + text) Sending instructional video on CPR
Project Participants Columbia University, Texas A&M University,
University of Virginia NENA, Cisco, Nortel Funded by NTIA and SIPquest
Jong Yul KimWonsang Song
NG 9-1-1NG 9-1-1Solution and statusSolution and status
Location Determination
Current status SIP-based prototype system NENA requirements for IP-capable PSAPs IETF ECRIT WG Proposals to solutions for fundamental problems On-going preparations for testing in live PSAP in College Station, Texas
Jong Yul KimWonsang Song
CDP DHCP GPS Manual Entry
Merits Cisco devices are ubiquitous
Less burden for administrators than DHCP
DHCP is ubiquitous Applicable to both SIP
UA and SIP proxy
Delivers precise location
No work for administrators
Is always a backup method
Drawbacks Only works with Cisco switches and access points
Administrators have to enter switch – location mapping
No good for wireless connections
Administrators have to enter machine – location mapping for each machine
GPS does not work indoors or when a significant portion of the sky is blocked from view.
No guarantee of timely update
Prone to human error
Useful Situation
In organizations that use Cisco devices
In organizations where computers are fixed in one place
Outdoors When all else fails
VoIP securityVoIP securityDenial of Service (DoS) attacks: the problemDenial of Service (DoS) attacks: the problem
DoS attacks are still prevalent in the Internet
Telephony services are exposed as they move to the IP network
The E911 service is specifically vulnerable
How to distinguish between a human and machine request?
Detection and Mitigation
Eilon Yardeni
VoIP securityVoIP securityTaxonomy of DoS attacks: vulnerability attacksTaxonomy of DoS attacks: vulnerability attacks
Implementation flaws Application specific attacks
Session Initiation Protocol (SIP) Session tear down – spoofed “BYE”s Modify media sessions – spoofed re-INVITEs
Flooding Flood with “INVITE” or “REGISTER” Access links congestion
Attack on E911 911 calls do not require authentication Attacker can target:
Call takers Call routing Mapping service
Physical location spoofing
Eilon Yardeni
VoIP securityVoIP securityDefense against DoS attacksDefense against DoS attacks
Fake location Signed location Location verification
First level filtering heuristics IP-to-geo location comparison List of legitimate subnets
Eilon Yardeni
VoIP securityVoIP securityTrust path discovery for SPAM detectionTrust path discovery for SPAM detection
Motivation: option for sender filtering against spam (SPIT/SPIM)
Determine whether to accept communication’s requests, e.g., emails, calls, instant messages from a “stranger”
Based on reputation of that stranger
Challenge: how to get the stranger’s reputation
Approach Gathering trustworthy opinions on
individuals and their domains from trust paths
Opinions: based on trust indicators which represent one’s trust on receiving messages
Trust paths: chains of trust relationships; among individuals, among domains and between an individual and a domain
IETF draft-ono-trust-path-discovery-01
Kumiko Ono
Alice Dave
A third party reputation systemi.e., a server of social network
2. Query his reputation
1. Receive communication request
Related Work
1. Receive communication requestAlice Dave
Trust paths i.e., buddy-list, call-log
2. Query his reputation
Our Approach
VoIP infrastructureVoIP infrastructureReliability and scalabilityReliability and scalability
Failover: redundancy
Load sharing: scalability
Kundan Singh
REGISTERINVITE
P1
P2
P3
a-h
i-q
r-z
Use DNS
Combine the two in a two stage architecture• Infinite scalability (linear with #servers)• High availability
VoIP infrastructureVoIP infrastructureCINEMA: multi-platform multimedia collaboration CINEMA: multi-platform multimedia collaboration
Beyond voice: video, text, IM, presence, screen sharing, shared web browsing, …
Beyond SIP phone: regular telephone, email, web, … Beyond synchronous communication: offline mails, discussion
forum, file sharing, …
Kundan Singh
ProgramCall
routing
SIP SAP RSVP RTCP
RTP
MediaG.711MPEG
RTSP
Signaling Quality of service Media transport
InternetTelephony
InternetRadio/TV Messaging
and Presence
Interactivevoice response
Unified messagingVideo
conferencing
Physical layer
Link layer
Network (IPv4, IPv6)
Transport (TCP, UDP)
Application layer
VoiceXML
DTMF MixingSpeech/
textSDP
ProgramCall
routing
SIP SAP RSVP RTCP
RTP
MediaG.711MPEG
RTSP
Signaling Quality of service Media transport
InternetTelephony
InternetRadio/TV Messaging
and Presence
Interactivevoice response
Unified messagingVideo
conferencing
Physical layer
Link layer
Network (IPv4, IPv6)
Transport (TCP, UDP)
Application layer
Physical layer
Link layer
Network (IPv4, IPv6)
Transport (TCP, UDP)
Application layer
VoiceXML
DTMF MixingSpeech/
textSDP
VoIP infrastructureVoIP infrastructurePeer-to-peer Internet telephonyPeer-to-peer Internet telephony
Server-based Maintenance and configuration cost: dedicated
administrator Central point of failures: catastrophic failures Depends on controlled infrastructure (e.g., DNS)
Peer-to-peer Self adjusting, robust against catastrophic failures, highly
scalable, and no configurations Call setup and user search latency is higher: O(log(N)) Security: how to handle malicious peers? Identity
protection? Our P2P-SIP
Hybrid architecture: works with both P2P and server-based Built-in P2P network: acts as a service node for proxy,
registrar, presence, offline storage, and media relay External P2P network: managed and trusted peer nodes Identity protection: Email identifier == SIP identifier
Kundan Singh
Presence System Presence System OverviewOverview Presence
Ability and willingness to communicate.
Rules about how and what part of presence info can be accessed
More detailed information includes location, preferred communication mode, current mood and activity
Presentity Represents a user or a group
of users or a program Source of presence
information Watcher
Requester of presence information about a presentity
Bob’s Presentity
Bob is busy right now. He
is on 42nd ,Broadw
ay.U can reach
him after 4.00 p.m. on his office line.
Presentity and WatchersPresentity and Watchers
Bob’s status, location
Available, Busy,
Somewhat available, InvisibleInvisible
wife
son
colleague
externalworld
PUBLISH SUBSCRIBE
NOTIFYBob’s
PresentityWatchersWatchersWatchers
Bob’s Presence User Agents (PUA)
PC-IM Client
R u there ?
Cell Phone
BUZZ
PUBLISH
Bob’s Filters
(Rules), PIDF
PresenceServer
Presence Deployment: Cross-Presence Deployment: Cross-domaindomain
SIP NOTIFY
SIP SUBSCRIBE
Presence Server
Presence Database
Presence ServerPresence ServerWatchers/Buddies
for one presentity
Presence ServerPresence ServerWatchers/Buddies
for one presentity
PSTN
SCPSCP
Wireless Network
SIP PUBLISH
SIP PUBLISH
SIP PUBLISH
Broadband IP Network (VoIP, Internet)
SIP Phone TV
IM
Presence ServicesPresence Services
Determining communication status Dial tone no longer enough, Decide
based on Presentity’s Location, Activity (Sleeping,
Driving, etc.), Mood (angry, happy etc.,) Presentity’s preferred mode of
communication (e.g., text , audio device, landline phone)
Location based services Fleet management
SummarySummary
Internet Real-Time Systems Service discovery, 7DS, wireless VoIP,
Security, NG 911, reliability, scalability, peer-to-peer
Other projects: sip user agent, CPL/sip-cgi/LESS scripts, session mobility, Skype analysis, …
Questions?
