Chair for Computer Networks & InternetWilhelm-Schickard-Institute for Computer ScienceUniversity of Tübingen
A Cooperative SIP Infrastructure for Highly Reliable
Telecommunication Services
Ali Fessi, Heiko Niedermayer,
Holger Kinkelin, Georg Carle
IPTComm 2007, 19th-20th July, New York, USA
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 2
Overview
Motivation
Properties of server-based SIP networks
Properties of P2P-based SIP networks
Our solution for SIP reliability: Cooperative SIP (CoSIP) CoSIP Overview
Sample Applications
Implementation
Evaluation: Improving reliability and security with CoSIP
Initial functional tests results
Conclusions
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 3
Motivation
Some open issues with VoIP still need to be solved reliability, security, QoS, SPIT, etc.
Users are used to the nearly 100% reliable PSTN
Good news: Peer-to-peer (P2P) networks provide higher reliability
Bad news: P2P network have also their bad side
• Security in P2P networks is much harder to cope with due to decentralization
Goals How can we make SIP networks more reliable?
How can we benefit from the advantages of both architectures • server vs. P2P
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 4
Properties of Server-based SIP Networks
Sufficient security mechanisms
• UA authentication
• Integrity and confidentiality
High lookup performance of SIP URI
• O(1) messages
Complex service infrastructure
• SIP proxies, registrars, AAA servers, location database, DNS server, routers, etc
Network and service failures may propagate quickly
Server infrastructures are vulnerable to DoS attacks
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 5
Properties of P2P-SIP Networks
Self-organization Recoverability from local failures
Robustness against DoS attacks
P2P network can also survive under difficult conditions
Scalability Lookup performance of the Contact URI in a DHT in the avg case:
• O( log ( N ) ) messages; N is the number of peers
Several security issues can not be solved in pure P2P network Attacks on the routing of lookup requests
Attacks on the content of the P2P network
Sybil attacks, partitioning attacks, etc.
Open P2P-SIP networks are an invitation for SPIT!
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 6
Cooperative SIP (CoSIP)
Basic idea
Design a hybrid architecture that benefits from the advantages of both server-based and P2P-based SIP networks
SIP User Agents organize themselves into a P2P network
SIP infrastructure and SIP User Agents cooperate in order to provide the best service
Cooperative SIP architecture: CoSIP
Improve reliability, survivability, security and lookup performance
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 7
CoSIP: UA Registration
DHT
Alice Bob
REGISTERput(H(SIP_URI), Contact_URI)
A SIP UA is registered to the SIP infrastructure as well as to the DHT
Use REGISTER for registration to the infrastructure
Use put for the registration to the DHT:
put (H(SIP_URI), Contact_URI)
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 8
CoSIP: Session Establishment
DHT
Alice Bob
INVITEget(SIP_URI)
Contact_URI
INVITE
200 OKSession
Signaling to the SIP infrastructure with INVITE
In parallel: resolve the Contact-URI in the DHT with a get
get (H(SIP_URI)) = Contact_URI
Server does not answer or DHT is faster?
use the Contact-URI provided by the DHT lookup
perform direct signaling to the peer
Lookup performance under normal conditions:
• O(1) messages
in case of failures of the infrastructure:
• O( log ( N ) ) messages;
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 9
CoSIP Sample Applications
Large enterprise/ academic SIP networks with e.g. 20-30 k-users CoSIP can be used to bridge
network and service failures maintenance downtimes
SIP Infrastructure
CoSIP-enabled SIP Network
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 10
CoSIP Sample Applications (2)
CoSIP adapter/ proxy in DSL routers CoSIP adapters organize themselves into a P2P network
DSL Router
with a CoSIP adapter / CoSIP proxy
Small Office
and Home
Network
(SOHO)
SIP Infrastructure
Internet/VoIP Provider
SOHO
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 11
Implementation of CoSIP as an external Proxy Application
SIP UA CoSIP Proxy
DHT
SIP
SIP
XML RPC
CoSIP Proxy SIP UASIP
SIP
XML RPC
The CoSIP proxy is an adapter to connect regular SIP UA CoSIP Proxy communicates with the SIP infrastructure and the P2P network DHT: Bamboo/ Pastry Formal specification of the “CoSIP” protocol with SDL Programming language: Python When the SIP infrastructure fails: P2P signaling between the CoSIP proxies
SIP Express Router (SER)
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 12
Specification of CoSIP - Goody
State machines „switchable“ to different modes1. Cooperative mode (DHT + SIP server)
2. DHT-only mode (basically P2P-SIP with Bamboo as a DHT)
3. Server-only mode
DHT-only mode successfully tested with OpenDHT
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 13
SIP UA running with CoSIP Proxy in the background
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 14
Evaluation
Improving reliability with CoSIP P2P network provide high reliability and self-organization
• Local failures can be recovered autonomically by neighboring peers
Data is replicated on a set of nodes (replica set)
Even large failures affect only a part of the network
In the ideal case (uncorrelated failures), the probability of a service failure
with CoSIP would be:
CoSIP provides even better reliability and survivability than
P2P-SIP networks
server-based SIP networks
nodesreplicanodeDHTServerCoSIP FailureFailureFailure _#_
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 15
Evaluation
Improving security with CoSIP Managing security in large P2P-SIP networks is not possible without
central severs
However, PKI / CA is not enough
A CA is not able to detect an attack in the P2P network and shut down the attacker
A security solution for P2PSIP requires• more SIP specific knowledge
• knowledge about the P2P network
CoSIP servers can provide Identity Management for the P2P-SIP network
CoSIP servers can make sure that peers in the P2P-SIP network behave well
How can you provide Intrusion Detection in a large P2P network?
a “CoSIP server” can help to do this job
More work is still required on this topic
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 16
Evaluation
Initial tests have been run on PlanetLab Each used PlanetLab node hosts
a SIP UA
a CoSIP proxy
a Bamboo DHT node
High variance of the RTT on PlanetLab noticed SIP server failure emulated Successful recoverability from service failure
No interruption of service is noticed
Time required to establish a session between UAC and UAS increases slightly but is still acceptable
Performance results will be published soon
Remote Control
Node #1
SIP Server
CoSIP Proxy
SIP UA
DHT node
Node #20Node #2 Node #3
CoSIP Proxy
SIP UA
DHT node
CoSIP Proxy
SIP UA
DHT node
CoSIP Proxy
SIP UA
DHT node
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 17
CoSIP: Summary
CoSIP provides a low-cost solution for significantly improving the reliability of SIP networks
Implementation CoSIP as an external proxy application compatible to existing SIP networks
Cooperative (server + DHT) as well as DHT-only mode possible
CoSIP is a hybrid architecture which provides better reliability, survivability, security and performance simultaneously
Could CoSIP be useful for catastrophic failures / emergency calls?
Future work Integration of security mechanisms to CoSIP Improve security of P2P-SIP
CoSIP is still a single domain concept Peering of several domains with CoSIP
Improving geometry and routing in the DHT for higher connectivity in case of network failures
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 18
Questions / Discussion / Feedback
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 19
P2P-SIP
Basic idea: „SIP without server“ Registration:
Phase1: Node registration = P2P-SIP node “joins” the DHT Phase 2: User registration = storing the Contact URI with SIP URI as lookup key
in the DHT Session establishment:
Resolving the SIP URI to a Contact URI using the DHT Subsequent signaling can occur between the two peers
DHT
1
DHT
2
1
DHT
1
2
3
Node registration User registration Session establishment
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 20
Evaluation - PlanetLab
Global research network 784 nodes 382 institutions
Con’s Very variable performance and load of PlanetLab nodes High variance in the RTT
Causes high variance in the measurement results
High instability and unreliability of the PlanetLab nodes Upgrade PlanetLab 3.0 to 4.0 More than 50 nodes barely manageable
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 21
CoSIP State Machines
Formal specification of the CoSIP protocol using SDL
Logical separation between the state machines of
different SIP UAs
The CoSIP proxy processes
requests from UA
messages from the server
messages from the DHT
timeouts for limiting the pending time
Events are processed FIFO
Idle
INVITE from UAC
INVITE to SRV
100 to UAC
dht.get()
PENDING_SRV_DHT
timer_res.start()timestamp = time()
SDL diagram for the processing of an INVITE
message in state IDLE
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 22
CoSIP State Machines (2)
High Level INVITE Session State MachineHigh Level REGISTER Session State Machine
IDLE
PENDING PENDING_DHT
REGISTERED
UA: REGISTER SRV: 401
SRV: 200 UA: REGISTER
SRV: Timeout
DHT: Error,Timeout
DHT: Success
DHT: Success, Error, Timeout
UA goes offline
IDLE
PENDING_SRV_DHT PENDING_SRV_UAS
DONE
UAC: Invite
SRV: 180
DHT: Data
UAS: 180
UAS: 100, Server: 100
PENDING_DHT PENDING_SRV
SRV: 404,Timeout SRV DHT
DHT: Data, Error,Timeout SRV DHT
SRV: 180,Timeout SRV_UAS
SRV: 180, Timeout
Server: 100, DHT: Error
SRV: 100
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 23
Related Work
P2PSIP Secure Overlay Services (SOS) Resilient Overlay Networks (RON) Skype CoDNS
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 24
Overview Tesbed
PC #1 (Windows) PC #2 (SuSE 10.1)
Wengo SIP Phone
CoSIP Proxy
kphone
CoSIP Proxy
SIP SIP
DHT
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 25
OpenDHT
OpenDHT = Bamboo running on PlanetLab publicly accessible
put get remove
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 26
CoSIP Implementation: Overview
Threading for transport of SIP messages
and communication with the DHT
Event-based processing of
SIP messages
DHT messages
Timeouts
Events are processed
FIFO
Programming language Python
Platform independent
(CoSIP tested with Linux / Windows)
Code size ca. 5 kLoC
Transport to UA, server and DHT
CoSIP proxy
UAC Repository
UAC
Session Repository
Register Session
Invite SessionInvite SessionInvite Session
UAC
Session Repository
Register Session
Invite SessionInvite SessionInvite Session
Event Queue
UAC
Session Repository
REGISTER Session
Invite SessionInvite SessionINVITE Session
REGISTER Session
Timer Srv Registr.
Timer DHT Registr.
DHT Registrator
INVITE Session
Timer Resolver
Timer UAS
DHT Resolver
SIP Parser
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 27
SIP UA running with CoSIP Proxy in the background
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 28
Evaluation – Recovery from Service Interruption
0
0,05
0,1
0,15
0,2
0,25
0 100 200 300 400 500
Versuchslaufzeit [s]
An
two
rtze
it [
s]
Antwortzeit UAS
Durchschnitt mit Server
Durchschnitt ohne Server
SIP Serverausfall
A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 29
Evaluation (VI)
0
0,02
0,04
0,06
0,08
0,1
0,12
0,14
2 4 6 8 10 12 14
Anzahl Knoten
An
two
rtze
it [
s]
Antwortzeit
Abschätzung