Presented By Team Netgeeks SIP Session Initiation Protocol.
-
Upload
chrystal-hodges -
Category
Documents
-
view
221 -
download
0
Transcript of Presented By Team Netgeeks SIP Session Initiation Protocol.
Presented ByPresented ByTeam NetgeeksTeam Netgeeks
SIPSIP
Session Initiation ProtocolSession Initiation Protocol
AGENDA
Introduction Applications Overview of operation
○ Protocol Elements○ Requests○ Responses
SIP based services Security
Introduction SIP Session Initiation Protocol, RFC 3261 A signaling, presence and instant
messaging protocol. Developed to set up, modify, and tear
down multimedia sessions, request and deliver presence and instant messages over the Internet.
SIP allows two end points to establish media sessions with each other.
Introduction
The main signaling functions of the protocol are as follows:
Location of an end point. Contacting an end point to determine
willingness to establish a session. Exchange of media information to allow
session to be established. Modification of existing media sessions. Tear-down of existing media sessions.
Introduction
Also been extended to request and deliver presence information (on-line/off-line status and location information such as that contained in a “buddy” list, as well as instant message sessions. These functions include:
Publishing and uploading of presence information. Requesting delivery of presence information. Presence and other event notification. Transporting of instant messages.
SIP applications Setting up voice-over-IP calls Setting up multimedia conferences Event notification (subscribe/notify) a IM
and presence Text and general messaging Signaling transport
SIP SIP is based on an HTTP-like
request/response transaction model. SIP works with both IPv4 and IPv6. SIP uses the well-known port number of
5060 or 5061.
It can use either TCP or UDP as transport protocol.
Overview of operation The basic functions of SIP: location of an end point, signal of a
desire to communicate, negotiation of session parameters to establish the session, and teardown of the session once established.
Incorporates elements of two widely used Internet protocols: Hyper Text Transport Protocol (HTTP) and Simple Mail Transport Protocol (SMTP) used for e-mail. From HTTP, SIP borrowed a client-server design and the use of URLs
and URIs. From SMTP, SIP borrowed a text-encoding scheme and header style.
SIP identity Uniform Resource Identifier (URI) called a SIP URI
sip:[email protected] Secure URI, called a SIPS URI
sips:[email protected]
Basic topology
Alice
Wonder-Land
Macro-Soft
Bob
INVITE
INVITE
OK
OK
RTP
INVITE
OK
•Note that the media is always end-to-end and not through the proxy.
SIP Protocol Elements
SIP has the following entities, each with different function.
1. SIP Terminal - Supports the real time, two-way communication with other SIP entities.
2. SIP User Agent - user agents are the endpoints of the call. User Agent Client (UAC) initiating the call User Agent Server (UAS) answering the call.
Receives and responds to SIP requests and can accept, refuse or redirect the call.
The User Agent software switches between the UAC and UAS modes on a message-by-message basis depending on what is going on. The User Agents can be handsets or desktop applications.
SIP Protocol Elements (cont’d) 3. SIP Network Server - Handles the signaling associated with multiple calls and allows peer-to-
peer calls to be made using client-server protocol. Main function is to provide name resolution and user location, and to pass on messages to other servers using next-hop routing protocols.
There is more than one type of server: the Proxy Server , Redirect Server , and the Registrar Server .
Proxy Servers - Network hosts acting as both clients and servers to other entities. The job is to ensure requests are routed to appropriate entity identified by a SIP Uniform Resource Identifier (URI). The Proxy servers can operate in two different modes: The SIP stateful Proxy server and the SIP stateless Proxy server .
Redirect Servers receive SIP requests and send response to zero or more addresses. The first location to answer takes the call. Redirect servers do not initiate SIP requests or accept SIP calls.
Registrar Servers accept registration requests. These servers maintain the databases that contain location information of all user agents registered with a particular SIP domain, thereby enabling the users to update their location and policy information.
SIP - Requests
INVITE - initiate call REGESTER - register with location service
Other Methods: ACK - confirm final response BYE - terminate (and transfer) call
Session Initiation and Tear Down
INVITE F1INVITE F2
INVITE F4TRYING F5
TRYING F3
RINGING F7
RINGING F8 200 OK F9200 OK F10
200 OK F11
ACK F12
BYE F13
200 OK F14
Media Stream
RINGING F6
Alice’s Softphone
Alice’s Proxy Server
Bob’sProxy Server
Bob’s Softphone
Sample Request Format
INVITE sip:[email protected] SIP/2.0 Via: SIP/2.0/UDP pc33.wonderland.com; Max-Forwards: 70 To: Bob <sip:[email protected]> From:Alice<sip:[email protected]>;tag=1928301774 Call-ID: [email protected] CSeq: 314159 INVITE Contact: <sip:[email protected]> Content-Type: application/sdp Content-Length: 142
Sample Response Format
SIP/2.0 200 OK Via: SIP/2.0/UDP server10.macrosoft.com
;branch=z9hG4bKnashds8;received=192.0.2.3 Via: SIP/2.0/UDP bigbox3.site3.wonderland.com;received=192.0.2.2 Via: SIP/2.0/UDP
h3.wonderland.com;branch=z9hG4bK776asdhds ;received=192.0.2.1 To: Bob <sip:[email protected]>;tag=a6c85cf From: Alice <sip:[email protected]>;tag=1928301774 Call-ID: [email protected] CSeq: 314159 INVITE Contact: <sip:[email protected]> Content-Type: application/sdp Content-Length: 131
SIP Responses
SIP Response Routing
SIP Transportation SIP operates over any packet network, reliable or unreliable
choices: UDP: most common
– low state overhead– small max. packet size
TCP: can combine multiple signaling flows over one link– use with SSL– connection setup overhead– HOL blocking for trunks
SCTP: new protocol– no HOL blocking– fallback address (but SRV provides this already)– connection setup overhead
SIP – based services
Call forwarding: basic INVITE behavior (proxy/redirect)
Call transfer: REFER method Call hold: set media address to 0.0.0.0 –
can be done individually per media Caller id: From, plus extensions
SIP – based services ( Call Tx )
SIP presence protocol
Security
Threats spoofing From in REGISTER: call
redirection spoofing From in INVITE: bypass call
filtering snooping media packets billing confusion (identifier munging) denial-of-service attack
Security (cont’d)
Layer/mechanism Approach characteristics
Network Layer IPSec hard to configure.
Transport Layer TLS
SIP INVITE basic/digest Shared secrets with random parties.
SIP REGISTER basic/digest securing headers?
Basic (plaintext password) and digest (challenge-response) are very similar to HTTP security mechanisms.
References
http://www.faqs.org/rfcs/rfc3261.html SIP – Understanding The Session Initiation
Protocol by Alan B.Johnston http://www.cs.columbia.edu/~hgs/teaching/
ais/slides/2003/sip_long.pdf