practical voip peering
play

Practical VoIP Peering Klaus Darilion enum.at - PowerPoint PPT Presentation

Nov 13, 2022 •847 likes •1.23k views

Practical VoIP Peering Klaus Darilion enum.at klaus.darilion@enum.at www.enum.at Practical VoIP Peering Peering* Peering: negotiation of reciprocal interconnection arrangements between service providers Layer 3 peering Layer 5

  1. Practical VoIP Peering Klaus Darilion enum.at klaus.darilion@enum.at www.enum.at Practical VoIP Peering

  2. Peering* � Peering: negotiation of reciprocal interconnection arrangements between service providers � Layer 3 peering � Layer 5 peering *definitions from draft-ietf-speermint-terminology-06.txt www.enum.at Practical VoIP Peering

  3. Layer 3 Peering � interconnection of two service providers' networks for the purposes of exchanging IP packets which destined for one (or both) of the peer's networks ISP A ISP B ISP A ISP B Internet AS..... AS..... AS..... AS..... eXchange www.enum.at Practical VoIP Peering

  4. Layer 5 Peering = VoIP Peering � interconnection of two service providers for the purposes of routing SIP signaling � this presentation is about L5 peering ITSP A ITSP B SIP ISP X ISP Y ISP X ISP Y Internet AS..... Internet AS..... AS..... AS..... www.enum.at Practical VoIP Peering

  5. Why is L5-peering needed? � SIP like Email/SMTP � no explicit peering needed � requires an “open” SIP proxy: � allow incoming SIP requests (from non-local domains) � allow outgoing SIP requests (to non-local domains) � examples: iptel.org, freeworlddialup, gizmoproject www.enum.at Practical VoIP Peering

  6. Why is L5-peering needed? � an “open” SIP proxy raises issues, e.g.: � SPIT (VoIP SPAM) � QoS � billing (interconnect fees, transit fees) � security (authentication, DoS, ...) www.enum.at Practical VoIP Peering

  7. Peering Terminology* � “open” connectivity � SMTP-style � static peering � pre-defined peering partners � dynamic peering � peering partners not known in advance � bilateral peering vs. federation peering *my definition www.enum.at Practical VoIP Peering

  8. Federation* � A group of ITSPs agree to receive calls from each other via SIP � agree on administrative rules (settlement, abuse- handling, ...) � agree on technical details of the interconnection � an ITSP can be a member of � no federation � a single federation � multiple federations � can have any combination of bi-lateral and multi- lateral (i.e., federated) interconnections. *definition from draft-ietf-speermint-terminology-06.txt www.enum.at Practical VoIP Peering

  9. Federations Federation Y Federation Z D Required: federation discovery and matching Call setup details are C intra-federation. A • A �� B by rules of X B • D �� A by rules of Z • D,B,C to each other by rules of Y Federation X • No federated path from A to C www.enum.at Practical VoIP Peering

  10. Static Peering � peering partners known in advance � typically block routing (phone numbers) INVITE sip:+43720...... ITSP B Internet Internet INVITE sip:+1.......... ITSP A PSTN-provider www.enum.at Practical VoIP Peering

  11. Static Peering � only traffic between known peers ITSP A ITSP B X Internet Internet X ITSP X ITSP C www.enum.at Practical VoIP Peering

  12. Dynamic Peering � peering partners NOT known in advance � usually an E.164-URI mapping (ENUM) ENUM ENUM Internet Internet ITSP B INVITE sip:...@itspB INVITE sip:...@itspC ITSP A ITSP C www.enum.at Practical VoIP Peering

  13. Static vs. Dynamic Peering within Federations � new ITSP joins federation � static peering � A, B and C have to configure peer X ITSP A ITSP B � dynamic peering Federation Federation X X � ITSP X announces federation membership � at A, B and C no configuration needed ITSP C new ITSP X www.enum.at Practical VoIP Peering

  14. Peering Requirement � authentication , authorization, accounting Hi, I am ITSP A! Is it really ITSP A? ITSP A ITSP B � authentication is essential for peering � layer 1/2: dedicated links � layer 3: IP based (TCP or UDP+IPSEC) � layer 5: TLS, cookie/token, SIP Identity ... www.enum.at Practical VoIP Peering

  15. Components � flexible SIP proxy � ENUM lookup � TLS � domainpolicy module � www.enum.at Practical VoIP Peering

  16. Peering with Openser � config snippets � static peering, IP based authentication � static peering, TLS based authentication � dynamic peering with TLS www.enum.at Practical VoIP Peering

  17. Static Peering - IP � outgoing: block based routing (one "if" for each peer) if (uri =~ "^sip:\+1") { # USA sethostport(“1.2.3.4:6060;transport=tcp"); } else if (uri =~ "^sip:\+4359966") { # austrian ITSP xyz sethostport(“10.10.0.4"); # private VLAN } else if (uri=~"^sip:\+491234") { # german ITSP foobar or using openser’s LCR module load_gws(), next_gw() www.enum.at Practical VoIP Peering

  18. Static Peering - IP � outgoing: domain based routing if (uri =~ "^sip:*.@itspA") { sethostport("peer.itspA;transport=tcp"); } else if (uri =~ "^sip:*.@itspB") { # do nothing, current R-URI is fine } else { sl_send_reply("403","untrusted peer"); ... www.enum.at Practical VoIP Peering

  19. Static Peering - IP � incoming: authentication based on IP address (one "if" for each peer) if ((src_ip==1.1.1.1)&&(proto==TCP)) { # from ITSP foobar route(10); } else { # unknown peer sl_send_reply("403","stay away"); or using openser’s LCR module from_gw() www.enum.at Practical VoIP Peering

  20. Static Peering - TLS � authentication based on TLS: TLS config (one pair for each peer) # socket based TLS server domain, used by itspB tls_server_domain[local_ip:port] { # show the following cert to incoming peer tls_certificate = "/certs/signedByItspB/mycert.pem" tls_private_key = "/certs/signedByItspB/myprivkey.pem" # validate presented certificate against this CA tls_ca_list = "/certs/myself/myCa" tls_verify_client = 1 tls_require_client_certificate = 1 } # socket based TLS client domain for peering with peerX tls_client_domain[remote_ip:port] { # show the following cert to peer tls_certificate = "/certs/signedByItspB/mycert.pem" tls_private_key = "/certs/signedByItspB/myprivkey.pem" # validate presented certificate against this CA tls_ca_list = "/certs/myself/myCa" tls_verify_server = 1 } www.enum.at Practical VoIP Peering

  21. Static Peering - TLS � incoming routing: authentication based on TLS if (proto==TLS) { # already authenticated by TLS stack route(10); } else { # unknown peer sl_send_reply( " 403 " ,"use TLS " ); � outgoing routing: TLS is transparent # request/destination URI contains transport=TLS t_relay(); www.enum.at Practical VoIP Peering

  22. Static Peering - Conclusion � requires manual configuration � outgoing � incoming � does not scale � either complex IP address management or � complex certificate configuration � dynamic peering not possible www.enum.at Practical VoIP Peering

  23. Solution: Domain Policy � domain based policy announcing (draft- lendl-domain-policy-ddds) � callee domain (ITSP) announces peering policy in DNS � technical � federation � caller applies policy � implemented in openser’s domainpolicy module www.enum.at Practical VoIP Peering

  24. Domain Policy Example $ORIGIN itspB. IN NAPTR 10 10 ("U" "D2P+SIP:fed" "!^.*$!http://sipxconnect.example.org/!" . ) IN NAPTR 20 10 ("U" "D2P+SIP:fed" "!^.*$!http://myfederation.foobar/!" . ) IN NAPTR 30 10 ("U" "D2P+SIP:std" "!^.*$!urn:ietf:rfc:4474!" .) � itspB accepts calls from: � members of the federations � peers identified by RFC4474 (Authenticated Identity Management ) www.enum.at Practical VoIP Peering

  25. Openser Domainpolicy Howto 1. configure domainpolicy table with federation policy 2. configure TLS (preferred authentication method) 3. announce domainpolicy (federation membership) in DNS 4. query and apply domainpolicy www.enum.at Practical VoIP Peering

  26. 1. Configure Federation Policy � sample federation policy � federation identifier: http://fedx/ � TLS (federation signs certificates) � prefix peer's URI with "fedx" to find ingress proxy � openser's domainpolicy table +----+--------------+------+---------------------+------+ | id | rule | type | att (avp name) | val | +----+--------------+------+---------------------+------| | 1 | http://fedX/ | fed | s:domainprefix | fedx | | 2 | http://fedX/ | fed | s:transportoverride | tls | | 3 | http://fedX/ | fed | i:400 | fedx | +----+--------------+------+---------------------+------+ www.enum.at Practical VoIP Peering

  27. 2. Configure TLS ... tls_client_domain_avp=400 ... # socket based TLS server domain, used for ingress of federationX tls_server_domain[local_ip:6061] { # show the following cert to incoming peer tls_certificate = "/certs/fedX/mycert.pem" tls_private_key = "/certs/fedX/myprivkey.pem" # validate presented certificate against this CA tls_ca_list = "/certs/fedX/ca" tls_verify_client = 1 tls_require_client_certificate = 1 } # name based TLS client domain for egress peering with federationX tls_client_domain["fedx"] { # show the following cert to peer tls_certificate = "/certs/fedX/mycert.pem" tls_private_key = "/certs/fedX/myprivkey.pem" # validate presented certificate against this CA tls_ca_list = "/certs/fedX/ca" tls_verify_server = 1 } www.enum.at Practical VoIP Peering

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

VoIP Peering & Interconnect BOF (voipeer) IETF 64 Vancouver, BC

VoIP Peering & Interconnect BOF (voipeer) IETF 64 Vancouver, BC

VoIP Peering & Interconnect BOF (voipeer) IETF 64 Vancouver, BC http://www.1-4-5.net/~dmm/IETF/IETF64/VOIPEER Administriva Mailing list: majordomo@lists.uoregon.edu subscribe voipeer or visit

335 views • 14 slides
PEERING A very brief introduction Types of Peering Private Peering Bi-lateral Peering

PEERING A very brief introduction Types of Peering Private Peering Bi-lateral Peering

PEERING A very brief introduction Types of Peering Private Peering Bi-lateral Peering Multi-lateral Peering Private Peering Dedicated circuit between two peers Can use a cross connect within a data centre; Or via dark

608 views • 21 slides
What is VoIP? 1 VoIP What is it and how can it help my business? - VoIP is an acronym for

What is VoIP? 1 VoIP What is it and how can it help my business? - VoIP is an acronym for

Welcome to Business Matters Todays topic: What is VoIP? 1 VoIP What is it and how can it help my business? - VoIP is an acronym for Voice over Internet Protocol - Phone service through your Internet connection 2 Components of

510 views • 29 slides
Access Power Peering A historical perspective on The Evolution of the Internet Peering Ecosystem

Access Power Peering A historical perspective on The Evolution of the Internet Peering Ecosystem

Access Power Peering A historical perspective on The Evolution of the Internet Peering Ecosystem William B. Norton Executive Director DrPeering International The 2 nd Workshop on Internet Economics (WIE11) DR PEERING December 1-2, 2011

475 views • 26 slides
Voice over IP (VoIP) Technology Services 875-4357 cchelpdesk@ccis.edu What is VoIP? VoIP

Voice over IP (VoIP) Technology Services 875-4357 cchelpdesk@ccis.edu What is VoIP? VoIP

Voice over IP (VoIP) Technology Services 875-4357 cchelpdesk@ccis.edu What is VoIP? VoIP (voice over IP) is an IP telephony term for a set of facilities used to manage the delivery of voice information over the Internet. A major advantage of

1.26k views • 5 slides
Remote Peering: More Peering without Internet Flattening Ignacio Castro Juan Camilo Cardona

Remote Peering: More Peering without Internet Flattening Ignacio Castro Juan Camilo Cardona

Remote Peering: More Peering without Internet Flattening Ignacio Castro Juan Camilo Cardona * Sergey Gorinsky Pierre Francois IMDEA Networks Institute Open University of Catalonia * Carlos III University of Madrid Madrid,

473 views • 25 slides
The Peering Simulation Game William B. Norton Co-Founder, Chief Technical Liaison Equinix Inc.

The Peering Simulation Game William B. Norton Co-Founder, Chief Technical Liaison Equinix Inc.

The Peering Simulation Game William B. Norton Co-Founder, Chief Technical Liaison Equinix Inc. APRICOT Bali 2007 3 minute Intro to Peering Transit $$ ISP A Peering provides routes only to each Upstream others customers Transit Provider

545 views • 21 slides
Warm Welcome Matrix SETU VTEP Single Span VoIP to T1/E1 PRI Gateway Introduction VoIP to T1/E1

Warm Welcome Matrix SETU VTEP Single Span VoIP to T1/E1 PRI Gateway Introduction VoIP to T1/E1

Warm Welcome Matrix SETU VTEP Single Span VoIP to T1/E1 PRI Gateway Introduction VoIP to T1/E1 PRI Gateway Dedicated VoIP-ISDN PRI Gateway Plug-n-Play device VoIP access device for an existing PBX PRI trunking for an

404 views • 27 slides
VoIP switching and billing suite Break through your data VoIP switching and billing suite

VoIP switching and billing suite Break through your data VoIP switching and billing suite

VoIP switching and billing suite Break through your data VoIP switching and billing suite components VoIP switch - SIP softswitch based on VoIP switch Opensips significantly re-developed by 5g 5g Future. Future Dynamic or static routing - a

156 views • 11 slides
Transporting Voice by Using IP NTP VoIP Testbed: A SIP-based VoIP Platform Department of CSIE,

Transporting Voice by Using IP NTP VoIP Testbed: A SIP-based VoIP Platform Department of CSIE,

Transporting Voice by Using IP NTP VoIP Testbed: A SIP-based VoIP Platform Department of CSIE, NCTU Quincy Wu Email: solomon@ipv6.club.tw 1 Outline Introduction Voice over IP RTP & SIP NTP VoIP Platform Conclusion

1.02k views • 64 slides
VoIP Hacking Lars Strand PhD student Norwegian Defence Research Establishment (FFI) Jely,

VoIP Hacking Lars Strand PhD student Norwegian Defence Research Establishment (FFI) Jely,

VoIP Hacking Lars Strand PhD student Norwegian Defence Research Establishment (FFI) Jely, 15.-16. January 2009 VoIP? PSTN: 100 year old technology, 99.999% uptime, call anyone anytime can VoIP offer that today? VoIP next

479 views • 15 slides
Introduction (1 of 2) An Empirical Evaluation of VoIP Playout Buffer Dimensioning in VoIP

Introduction (1 of 2) An Empirical Evaluation of VoIP Playout Buffer Dimensioning in VoIP

4/3/2015 Introduction (1 of 2) An Empirical Evaluation of VoIP Playout Buffer Dimensioning in VoIP increasingly important Skype, Google Talk, and MSN Started with inexpensive use at home with friends and family Messenger Now businesses

631 views • 7 slides
SIP- -based Prepaid Mechanism based Prepaid Mechanism SIP on NTP VoIP Platform in on NTP VoIP

SIP- -based Prepaid Mechanism based Prepaid Mechanism SIP on NTP VoIP Platform in on NTP VoIP

LAB 117 & VoIP LAB SIP- -based Prepaid Mechanism based Prepaid Mechanism SIP on NTP VoIP Platform in on NTP VoIP Platform in Taiwan Taiwan 19th APAN Meeting in Bangkok, January 2005 Ines Sok-Ian Sou and Prof. Quincy Wu Dept. of

293 views • 27 slides
A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic

A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic

A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic Tejmani Sinam, Irengbam Tilokchan Singh, Sukumar Nandi Pradeep Lamabam, Ngasham Nandarani Devi Department of Computer Science and Engineering,

231 views • 6 slides
CORPORATE presentation VoIP, SMS, SOFTWARE LICENCED LANDLINE VOIP SMS SOFTWARE TURKEY

CORPORATE presentation VoIP, SMS, SOFTWARE LICENCED LANDLINE VOIP SMS SOFTWARE TURKEY

CORPORATE presentation VoIP, SMS, SOFTWARE LICENCED LANDLINE VOIP SMS SOFTWARE TURKEY OPERATOR DATA MVNO OTTs Services that 100% guarantee reliable and lucrative partnerships lead to absolute success. premier global communications

331 views • 7 slides
FCC Releases VoIP E911 Order Highlights: Providers of Interconnected VoIP Services

FCC Releases VoIP E911 Order Highlights: Providers of Interconnected VoIP Services

GLOBAL TELECOMMUNICATIONS AND MEDIA INDUSTRY GROUP E-NEWS JUNE 8, 2005 FCC Releases VoIP E911 Order Highlights: Providers of Interconnected VoIP Services Required to Supply Enhanced 911 (E911) capabilities. Must File Letters

357 views • 4 slides
BEAM Detector Detector POWER x-ray laser - Focus e Final D a m E p l e i n

BEAM Detector Detector POWER x-ray laser - Focus e Final D a m E p l e i n

jector e Superconducting Collider + e Linear e+ Target damping ring Accelerator linear accelerator Positron Pre-damping and Damping R ing e+ Focus Final rator H igh E nergy L ow E nergy BEAM Detector Detector POWER x-ray

757 views • 36 slides
INTRODUCTION TO AIR QUALITY IN CITIES Morgennebel | CC-BY-NC-ND-2.0 | https://flic.kr/p/ee6kY1

INTRODUCTION TO AIR QUALITY IN CITIES Morgennebel | CC-BY-NC-ND-2.0 | https://flic.kr/p/ee6kY1

INTRODUCTION TO AIR QUALITY IN CITIES Morgennebel | CC-BY-NC-ND-2.0 | https://flic.kr/p/ee6kY1 GAS PHASE AIR POLLUTANTS Carbon monoxide, nitrogen oxides, ozone, etc. MPCA Photos | CC-BY-NC-2.0 | https://flic.kr/p/AYnApd Sea salt, black carbon,

519 views • 14 slides
The Recombination epoch of the Universe with dark matter: constraints on self-annihilation cross

The Recombination epoch of the Universe with dark matter: constraints on self-annihilation cross

Silvia Galli Laboratoire APC, Paris University of Rome La Sapienza The Recombination epoch of the Universe with dark matter: constraints on self-annihilation cross sections Silvia Galli GGI 17/05/2010 Outline Motivations: Pamela,

433 views • 20 slides
Overcoming Barriers to Undergraduate Research in Logic Jeff Hirst Mathematical Sciences

Overcoming Barriers to Undergraduate Research in Logic Jeff Hirst Mathematical Sciences

Overcoming Barriers to Undergraduate Research in Logic Jeff Hirst Mathematical Sciences Department Appalachian State University Boone, North Carolina These slides are available at: www.mathsci.appstate.edu/~jlh Daunting prospects for

268 views • 8 slides
1 , 2 , , 1 , 2 , , ( 1 , 2 ,

1 , 2 , , 1 , 2 , , ( 1 , 2 ,

1 , 2 , , 1 , 2 , , ( 1 , 2 , , ) 1 , 2 , , 1 , 2 , , 1 11 1 11 1 21

418 views • 39 slides
10 years of SIP And some lessons along the way Presented by Tim Bray Technical Director ProVu

10 years of SIP And some lessons along the way Presented by Tim Bray Technical Director ProVu

10 years of SIP And some lessons along the way Presented by Tim Bray Technical Director ProVu Communications Ltd Tim Bray Work for ProVu Communications Ltd A distributor of SIP equipment A provider of hosted phone deployment and

482 views • 34 slides
1 3GPP Release GPRS/EDGE Data Infrastructure R8 R9 R10 R99 R4 R5 R6 R7 2000 2001 2002

1 3GPP Release GPRS/EDGE Data Infrastructure R8 R9 R10 R99 R4 R5 R6 R7 2000 2001 2002

Outline 3GPP: IMS 3GPP Evolution (IP Multimedia Subsystem) SIP Architecture Mobility Management SIP and 3G Networks Eric Wu 2012 National Central University Department of Computer Science and Information Engineering Department

372 views • 11 slides
SIP MIB draft-ietf-sip-mib-00.txt Kevin Lingle Joon Maeng Dave Walker Background why a

SIP MIB draft-ietf-sip-mib-00.txt Kevin Lingle Joon Maeng Dave Walker Background why a

SIP MIB draft-ietf-sip-mib-00.txt Kevin Lingle Joon Maeng Dave Walker Background why a MIB? not required... essential for GWs and servers ITSPs want stats and interoperable management merge Cisco UA MIB and SS8 server MIB

348 views • 7 slides

More recommend