OpenSIPS Workshop
-
Upload
saul-ibarra-corretge -
Category
Technology
-
view
5.093 -
download
7
description
Transcript of OpenSIPS Workshop
![Page 1: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/1.jpg)
Workshop
Adrian Georgescu@agprojects
AG ProjectsSIP Infrastructure Experts
Saúl Ibarra Corretgé@saghul
Monday, October 21, 2013
![Page 2: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/2.jpg)
AG ProjectsSIP Infrastructure Experts
Hello!
• AG Projects, 10+ years of experience
• Software development for SIP infrastructures
• Blink (and many other projects!)
• Open Source
Monday, October 21, 2013
![Page 3: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/3.jpg)
AG ProjectsSIP Infrastructure Experts
Commercial Products
• MSP and SIP Thor - Turnkey SIP platforms
• Blink - SIP Client for OSX, Linux and Windows
Self-organizing SIP Infrastructure
SIP User Agents
User agents need only RFC3263 support(locating SIP services using DNS lookups)
Internet
Self-organizingHorizontally scalableBuilt-in disaster recoveryNo single point of failureMaintenance free
Multiple RolesSIP Proxy/RegistrarRTP Media relayPresence AgentXCAP serverVoicemailProvisioning
Node 5
DB
Node 3
DB
Node 1
DB
Node 2
DB
Node 6
DB
Node 4
DB
SIPRTP
NATNAT
Monday, October 21, 2013
![Page 4: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/4.jpg)
4
Monday, October 21, 2013
![Page 5: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/5.jpg)
AG ProjectsSIP Infrastructure Experts
We like questions, interrupt us!
Monday, October 21, 2013
![Page 6: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/6.jpg)
AG ProjectsSIP Infrastructure Experts
What is OpenSIPS?
• Open Source SIP Server
• It does SIP, just SIP
• Proxy, registrar, B2BUA, ...
Monday, October 21, 2013
![Page 7: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/7.jpg)
AG ProjectsSIP Infrastructure Experts
Possible deployment scenarios
• Load balancer
• Edge proxy
• Proxy / registrar
• LCR gateway
• Presence Agent
Monday, October 21, 2013
![Page 8: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/8.jpg)
AG ProjectsSIP Infrastructure Experts
Monday, October 21, 2013
![Page 9: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/9.jpg)
AG ProjectsSIP Infrastructure Experts
Monday, October 21, 2013
![Page 10: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/10.jpg)
AG ProjectsSIP Infrastructure Experts
Monday, October 21, 2013
![Page 11: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/11.jpg)
AG ProjectsSIP Infrastructure Experts
Monday, October 21, 2013
![Page 12: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/12.jpg)
12
Monday, October 21, 2013
![Page 13: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/13.jpg)
AG ProjectsSIP Infrastructure Experts
1. Keep the core proxy as lean as possible
• Edge proxy
• Sanity checks
• NAT traversal
• Forward to core proxy
Monday, October 21, 2013
![Page 14: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/14.jpg)
AG ProjectsSIP Infrastructure Experts
• Core proxy
• Main routing logic
• User lookup
• Route request to destination
Monday, October 21, 2013
![Page 15: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/15.jpg)
AG ProjectsSIP Infrastructure Experts
Using Path support
• RFC 3327
• Keep the edge proxy always in the path
• Always route requests through it (also outgoing)
Monday, October 21, 2013
![Page 16: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/16.jpg)
AG ProjectsSIP Infrastructure Experts
Using Path support…loadmodule "rr.so"loadmodule "registrar.so"loadmodule "path.so"…
modparam("path", "use_received", 1)…
# On the edge proxyif (method == "REGISTER") { if (!add_path_received("edge-in")) sl_send_reply("503", "Internal Path Error"); ...}
# On the core proxyif (method == "REGISTER") { … save("location", "p2v");}
Monday, October 21, 2013
![Page 17: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/17.jpg)
AG ProjectsSIP Infrastructure Experts
NAT traversal
• Always apply NAT traversal techniques
• Chances of not needing them are too low
• But do not break ICE
Monday, October 21, 2013
![Page 18: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/18.jpg)
AG ProjectsSIP Infrastructure Experts
Monday, October 21, 2013
![Page 19: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/19.jpg)
AG ProjectsSIP Infrastructure Experts
NAT traversal
if (method != "REGISTER" && client_nat_test("3")) { fix_contact();}
if ((method=="REGISTER" || method=="SUBSCRIBE" || (method=="INVITE" && !has_totag())) && client_nat_test("3")) { nat_keepalive();}
if (method==INVITE && !has_totag()) { engage_media_proxy();} Fix media
Fix signaling
Monday, October 21, 2013
![Page 20: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/20.jpg)
AG ProjectsSIP Infrastructure Experts
2. Keep your configuration tidy
• Use a version control system such as git
• Separate logical sections in different files
• Use a template language to help you
• Handle each method separately
Monday, October 21, 2013
![Page 21: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/21.jpg)
AG ProjectsSIP Infrastructure Experts
Handle each SIP method separately
...if (method == "REGISTER") { ...} else if (method == "INVITE") { ...} else if (method == "SUBSCRIBE") { ...} else if (method == "PUBLISH") { ......
Monday, October 21, 2013
![Page 22: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/22.jpg)
AG ProjectsSIP Infrastructure Experts
Using jcfg
• https://github.com/saghul/jcfg
• Uses Jinja templates for generating config files
Monday, October 21, 2013
![Page 23: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/23.jpg)
AG ProjectsSIP Infrastructure Experts
Using jcfg
# TCP
{% if use_tcp %}disable_tcp=no{% for listener in tcp_listeners %}listen=tcp:{{ listener }}{% endfor %}disable_tcp=yes{% endif %}
context = { # UDP 'udp_listeners': ['127.0.0.1:5060', '127.0.0.1:5080'], # TCP 'use_tcp': True, 'tcp_listeners': ['127.0.0.1:5060', '127.0.0.1:5080']}
jcfg --input opensips.tpl --output opensips.cfg --context settings.py
Monday, October 21, 2013
![Page 24: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/24.jpg)
AG ProjectsSIP Infrastructure Experts
3. Fraud is unavoidable, deal with it
• Usage quotas per user, per day / month
• Implement a quick way for switching off an account
• Blacklist premium numbers
• Nobody calls to Antarctica, really
• Limit number of concurrent calls
Monday, October 21, 2013
![Page 25: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/25.jpg)
AG ProjectsSIP Infrastructure Experts
4. Apply common sense sec. measures
• ‘1234’ is not a password, it’s a joke
• Different credentials for SIP and for web configuration tools
• Detect multiple authentication failures
• Discard well known bad UAs
• ‘friendly-scanner’ anyone?
Monday, October 21, 2013
![Page 26: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/26.jpg)
AG ProjectsSIP Infrastructure Experts
Mitigating signaling attacks
if (has_totag()) { # in-dialog request if (!validate_dialog()) fix_route_dialog(); ...}
Monday, October 21, 2013
![Page 27: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/27.jpg)
AG ProjectsSIP Infrastructure Experts
Call limit with CallControlif (method==INVITE && !has_totag()) { $avp(cc_call_limit) := 10; $avp(cc_call_token) := $RANDOM; call_control(); switch ($retcode) { case 2: # Call with no limit case 1: # Call has limit and is under callcontrol management break; case -1: # Not enough credit (prepaid call) sl_send_reply("402", "Not enough credit"); exit; case -2: # Locked by another call in progress (prepaid call) sl_send_reply("403", "Call locked by another call in progress"); exit; case -3: # Duplicated callid sl_send_reply("400", "Duplicated callid"); exit; case -4: # Call limit reached sl_send_reply("503", "Too many concurrent calls"); exit; default: # Internal error (message parsing, communication, ...) sl_send_reply("500", "Internal server error"); exit; }}
Monday, October 21, 2013
![Page 28: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/28.jpg)
AG ProjectsSIP Infrastructure Experts
Using the new Event Interface
…loadmodule("event_datagram")…
# Subscribe to the E_PIKE_BLOCKED event
# Raise your own events from the routing script$avp(s:attr) = "number";$avp(s:val) = 0;$avp(s:attr) = "string";$avp(s:val) = "dummy value";raise_event("E_DUMMY", $avp(s:attr), $avp(s:val));
Monday, October 21, 2013
![Page 29: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/29.jpg)
AG ProjectsSIP Infrastructure Experts
BYE
• Keep configuration simple
• Apply Common Sense (TM)
• Be prepared to deal with fraud and failure
Monday, October 21, 2013
![Page 30: OpenSIPS Workshop](https://reader034.fdocuments.in/reader034/viewer/2022052321/555a22d9d8b42a900d8b4617/html5/thumbnails/30.jpg)
AG ProjectsSIP Infrastructure Experts
Questions?
@agprojects
@saghul
Monday, October 21, 2013