SIP: Naked in All Its GloryThomas LeeChief ArchitectGlobal Knowledge EMEAUNC404

Agenda

IntroductionSIP OverviewTCP/IP StackSDPRTPSIP – RegisterSIP – InviteSIP – MessageTroubleshooting

Introduction

Why this talk?Why does SIP matter?Expectations

Who Am I?

Chief Architect at Global KnowledgeAuthor/Writer

Who Am I?

Chief Architect at Global KnowledgeAuthor/WriterBlogs:

http://cacorner.blogspot.comhttp://tfl09.blogspot.comhttp://pshscripts.blogspot.com

My email: Thomas.Lee@GlobalKnowedge.eu

Tools We’ll Use

WireSharkSnooperOCS 2007 and OCS 2007 R2Pre-canned Traces

Sample Traces uploaded to: http://www.reskit.net/ocs/ocs.zip

Agenda

IntroductionSIP OverviewTCP/IP StackSDPRTPSIP – RegisterSIP – InviteSIP – MessageTroubleshooting

SIP Overview

What is SIP?A signalling protocol for IM, presence, conferencing and voice

Carried over TCP and TLS in OCS 2007Usually carried in TLS/TCP, can be carried in TCPIPv4 only - at present

Text basedSimilar to SMTP, HTTPText headers plus bodyBody type described in header

SIP and RFCs

Lots, lots, lotsStarting point: RFC 5411 - “A Hitchhiker's Guide to the Session Initiation Protocol (SIP)”

SIP RFCs (some)

RFC 3261 – The Session Initiation ProtocolRFC 3262 – Reliability of Provisional ResponsesRFC 3263 – Locating SIP ServersRFC 3264 – Offer/Answer Model with SDPRFC 3265 – SIP Event NotificationRFC 2976 – The SIP INFO Method

SIP RFCs (some)

RFC 3261 – The Session Initiation ProtocolRFC 3262 – Reliability of Provisional ResponsesRFC 3263 – Locating SIP ServersRFC 3264 – Offer/Answer Model with SDPRFC 3265 – SIP Event NotificationRFC 2976 – The SIP INFO Method[SIMPLE] - SIP Instant Message and Presence Leveraging Extensions (SIMPLE) made Simple

http://www.ietf.org/internet-drafts/draft-ietf-simple-simple-05.txt

Microsoft and SIP

Microsoft has extended SIP and related protocolsThese extensions are well documented!Microsoft Office Protocol Documentshttp://msdn.microsoft.com/en-us/library/cc307432.aspxOr http://tinyurl.com/c3wuae

For OCS, start at:[MS-OCSPROT]: Office Communications Server Protocols Overview

SIP Entities

Entities send request messages and/or receive response message(s) Entities include:

User Agent – aka EndpointProxy ServerRedirect ServerRegistrar ServerPresence Server

SIP Messages

Header Structure similar to HTTPBody can be anything (SDP, Presence XML)Body type indicated by the headerRequest messages start with a Start Line requesting somethingResponse messages return a response code (plus an optional body)

SIP Message Parts

Start LineMETHOD (i.e. The request)URI

Message Headers<headername> : <header value>

Blank LineBody

SDPMIMEXML

SIP Request Messages

REGISTER - LogonSUBSCRIBE – requests for presence, etcNOTIFY – notifies change in presence, etcINVITE – request for a conversation ACK – affirmation a previous msg receivedBYE – Ends a conversation gracefullyCANCEL – cancels less gracefullyOPTIONS – stuff a User Agent can offerMESSAGE – IM Message

SIP Messages - Response

Provisional1xx – ringing, searching, queuing

Final2xx – success 3xx – redirection or forwarding4xx – request failure5xx – server failure6xx – global failure

Example SIP Message

Start-Line: REGISTER sip:gktrain.net SIP/2.0From: <sip:Administrator@gktrain.net>;tag=6b2c500b2d;epid=24eae58f68To: <sip:Administrator@gktrain.net>CSeq: 2 REGISTERCall-ID: 068878a83a6e4da0b35bfb8b5b7cfc5eVia: SIP/2.0/TLS 10.100.100.100:24195Max-Forwards: 70Contact: <sip:10.100.100.100:24195;transport=tls;ms-opaque=8d8d3eab21>;methods="INVITE, MESSAGE, INFO, OPTIONS, BYE, CANCEL, NOTIFY, ACK, REFER, BENOTIFY";proxy=replace;+sip.instance="<urn:uuid:791FC487-A7AC-5A07-BA5C-0AAD4F06C921>"User-Agent: UCCAPI/3.5.6907.0 OC/3.5.6907.0 (Microsoft Office Communicator 2007 R2)Supported: gruu-10, adhoclist, msrtc-event-categoriesSupported: ms-forkingms-keep-alive: UAC;hop-hop=yesEvent: registrationProxy-Authorization: Kerberos qop="auth", realm="SIP Communications Service", targetname="sip/OCSEE.gktrain.net", version=4, gssapi-data=“ Deleted!"Content-Length: 0Message-Body: –$$end_record

Agenda

IntroductionSIP OverviewTCP/IP StackSDPRTPSIP – RegisterSIP – InviteSIP – MessageTroubleshooting

SIP And The TCP/IP Stack

SIP is an APPLICATION PROTOCOLSIP is carried by a transport protocol

TLS/TCP or TCPTransport Protocol carried in datagram protocol

IPv4IPv6 not supported

IP is carried in a physical layer protocolEthernetOr...

Why Use TCP?

UDP part of SIP RFCs, but...UDP “unreliable”TCP includes retry mechanismUDP has limited size packets

OCS Sends large XML presence documentsTCP can be secured

Using TLS

Why TLS?

SIP originally UDP basedCan’t be secured

SIP can be carried in TCPInsecure, Insecure, Insecure

TLS encrypts Requires a PKI!

Why?Security, security, security

Examining SIP using WireSharkdemo 1

Agenda

IntroductionSIP OverviewTCP/IP StackSDPRTPSIP – RegisterSIP – InviteSIP – MessageTroubleshooting

SDP – Session Description Protocol

Text based Originally used on MBoneUsed to specify RTP SessionsCan negotiateCarried in body of SIP messageUsually seen in Invite and 200 OK messages

SDP RFCs

RFC 2327 - SDP: Session Description ProtocolRFC 3264 - An Offer/Answer Model with SDPRFC 3311 - SIP UPDATE MethodLook at MS Protocol documents too

Sample SDP – in IM Invite

v=0o=- 0 0 IN IP4 10.100.100.100s=sessionc=IN IP4 10.100.100.100t=0 0m=message 5060 sip nulla=accept-types:text/plain multipart/alternative image/gif text/rtf text/html application/x-ms-ink application/ms-imdn+xml text/x-msmsgsinvite

SDP Sample – Invite for Phone Callv=0o=- 0 0 IN IP4 16.0.0.100s=sessionc=IN IP4 16.0.0.100b=CT:99980t=0 0m=audio 63488 RTP/AVP 114 111 112 115 116 4 8 0 97 101k=base64:SUi3f4QkyWbNmf7KBimV2MQMnMJncGc5Pj+3G8iTCQVOJn+7MM/0mRdsYLDra=candidate:917TIvZhmZbBU4T//p3jlck05H0S2pUd7Muzz4GDkZE 1 To4CceJ4l+1/tAiH3hQw6g UDP 0.900 16.0.0.100 63488 a=candidate:917TIvZhmZbBU4T//p3jlck05H0S2pUd7Muzz4GDkZE 2 To4CceJ4l+1/tAiH3hQw6g UDP 0.900 16.0.0.100 28416 a=cryptoscale:1 client AES_CM_128_HMAC_SHA1_80 inline:0obtBkF7k+iljDXOL+8sJBUZ/OmNclZhxjFBCyqw|2^31|1:1a=crypto:2 AES_CM_128_HMAC_SHA1_80 inline:ixW+BiAyYe12QLbPjoH91gy7xmcSu6vGeYdhit3Z|2^31|1:1a=maxptime:200a=rtcp:28416a=rtpmap:114 x-msrta/16000a=fmtp:114 bitrate=29000a=rtpmap:111 SIREN/16000a=fmtp:111 bitrate=16000a=rtpmap:112 G7221/16000a=fmtp:112 bitrate=24000a=rtpmap:115 x-msrta/8000a=fmtp:115 bitrate=11800a=rtpmap:116 AAL2-G726-32/8000a=rtpmap:4 G723/8000a=rtpmap:8 PCMA/8000a=rtpmap:0 PCMU/8000a=rtpmap:97 RED/8000a=rtpmap:101 telephone-event/8000a=fmtp:101 0-16a=encryption:optional

Examining SIP/SDP Traffic Using Snooperdemo 2

Agenda

IntroductionSIP OverviewTCP/IP StackSDPRTPSIP – RegisterSIP – InviteSIP – MessageTroubleshooting

RTP: Real-Time Transport Protocol

Not Real-Time Protocol!Carries A/V samplesThin headerRuns over UDPSecured using SRTP

MS Extension: SSRTP

RTP RFCsRFC 3550 - RTP: A Transport Protocol for Real-Time ApplicationsRFC 3551 - RTP Profile for Audio and Video ConferencesRFC 3711 – Secure Real-time Transport ProtocolRFC 2198 - RTP Profile for Audio and Video ConferencesRFC 4733 - RTP Payload for DTMF, etcRFC 2190 - RTP Payload Format for H.263 Video Streams

RTP Packet Structure

Agenda

IntroductionSIP OverviewTCP/IP StackSDPRTPSIP – RegisterSIP – InviteSIP – MessageTroubleshooting

SIP – Register

Register – what a client does to “logon”Initial register always fails (unauthenticated)SSO attempted (if appropriate)Third time lucky

Look at post sign-on activity

Examining REGISTERdemo 3

Agenda

IntroductionSIP OverviewTCP/IP StackSDPRTPSIP – RegisterSIP – InviteSIP – MessageTroubleshooting

Sip – Invite

Invite – invites an endpoint into a conversation

Invite can invite intoIM SessionA/V CallConference

ResponsesProvisional ResponsesFinal 200 OK responseFinal non-OK responses

Examining INVITEdemo 4

Agenda

IntroductionSIP OverviewTCP/IP StackSDPRTPSIP – RegisterSIP – InviteSIP – MessageTroubleshooting

SIP – Message

Message is an IM Message – part of an IM ConversationMessage contents are sent in rich text (HTML)Snooper removes PII (i.e. the message itself)File transfer is interesting!

Examining MESSAGE, etcdemo 5

Agenda

IntroductionSIP OverviewTCP/IP StackSDPRTPSIP – RegisterSIP – InviteSIP – MessageTroubleshooting

SIP Troubleshooting

For the most part, not much you can really do to troubleshoot SIP

If it works – well it worksIf it doesn’t – call MS – it’s a bug

Knowing what to look for can help in OCS troubleshooting

Determine what is normalLook for the differences

SIP TroubleshootingPotential

Check correct version of the clientEnsure client can connect to server(s)Confirm ports and IP addressesCheck ICE candidatesCODEC selectionUnknown contactsCertificate errorsetc

An Interesting Problem

On DC – replication was turned offOCS relies on GC

New user createdNo GC replication

User did not get proper Location ProfileNo obvious errors in event log

Snooper trace helped to point to AD

Summary

IntroductionSIP OverviewTCP/IP StackSDPRTPSIP – RegisterSIP – InviteSIP – MessageTroubleshooting

questions & answers

www.microsoft.com/teched

Sessions On-Demand & Community

http://microsoft.com/technet

Resources for IT Professionals

http://microsoft.com/msdn

Resources for Developers

www.microsoft.com/learningMicrosoft Certification and Training Resources

www.microsoft.com/learning

Microsoft Certification & Training Resources

Resources

More Resources

OCS Learning Plan - http://tinyurl.com/cwp27h and http://tinyurl.com/23w3l6 OCS R2 Resource Kit - http://tinyurl.com/cxv6gw R2 Learning Portal - http://tinyurl.com/cmo54sOCS R2 Ignite - http://www.globalknowledge.be/pdf/GKOCS.pdf

Related Content

UNC201 – Lap around Release 2 of the Microsoft Unified Communications PlatformUNC303 Deep Dive into the Edge Server in Microsoft Office Communications Server 2007 R2UNC304 Deploying Administering, and Managing Microsoft OCS 2007 R2UNC232 – Troubleshooting Microsoft Communications Server 2007

Call to ActionLearn More!

Related Content at TechEd on “Related Content” SlideAttend in-person or consume post-event at TechEd Online

Check out online learning/training resourceshttp://technet.microsoft.com/exchange/2010 http://technet.microsoft.com/office/ocs

Try It Out!Download the Exchange Server 2010 Beta Evaluation

http://www.microsoft.com/exchange/2010/try-it

Get a 5-Day Trial of Office Communications Server 2007 R2https://r2.uctrial.com/

Complete an evaluation on CommNet and enter to win!

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,

IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.