session initiation protocol sip common log format clf
play

Session Initiation Protocol (SIP) Common Log Format (CLF) - PowerPoint PPT Presentation

May 27, 2023 •321 likes •510 views

76 th IETF, Hiroshima, Japan November, 2009 Session Initiation Protocol (SIP) Common Log Format (CLF) (draft-gurbani-sipclf-problem-statement-00) Editors: Vijay K. Gurbani <vkg@bell-labs.com> Bell Laboratories/Alcatel-Lucent Eric Burger

  1. 76 th IETF, Hiroshima, Japan November, 2009 Session Initiation Protocol (SIP) Common Log Format (CLF) (draft-gurbani-sipclf-problem-statement-00) Editors: Vijay K. Gurbani <vkg@bell-labs.com> Bell Laboratories/Alcatel-Lucent Eric Burger <eburger@standardstrack.com> Neustar, Inc.

  2. Contributors Humberto Abdelnur <Humberto.Abdelnur@loria.fr> Tricha Anjali <tricha@ece.iit.edu> Oliver Festor <Olivier.Festor@loria.fr> Hadriel Kaplan <hkaplan@acmepacket.com> Adam Roach <adam@nostrum.com> Theo Zourzouvillys <theo@voip.co.uk> Dale Worley <dworley@nortel.com> 2 | November 2009 IETF | vkg@bell-labs.com

  3. What is CLF Common Log Format (CLF): A summary of an application layer PDU * * (To paraphrase RjS) 3 | November 2009 IETF | vkg@bell-labs.com

  4. Need for a CLF SIP has many entities participating in a session setup request. Need some way to find out what is going on in real-time or post process. Model: HTTP CLF! 4 | November 2009 IETF | vkg@bell-labs.com

  5. HTTP CLF 5 | November 2009 IETF | vkg@bell-labs.com

  6. What SIP CLF is and is not ... SIP CLF is NOT… SIP CLF IS:  … a replacement for a CDR  … a standardized format that (Call Detail Record). can be used by all SIP entities.  … a billing tool.  … an easily digestible log of past and current transactions.  … a QoS measurement tool.  … a format that allows quick parsing to discover relation- ships between transactions $ grep yuhyt6 sip-clf.txt gets all transactions with this label.  … amenable for easy parsing and creating other innovative tools. 6 | November 2009 IETF | vkg@bell-labs.com

  7. Use cases • Trend analysis (“I want to find out which geographical area are the most calls coming from at 2:00 AM”). • Troubleshooting (“How long did it take to generate a final response to an INVITE?”) • Message correlation across transactions (“Find all messages corresponding to Call-ID X, including all forked branches”) • Transaction correlation across dialogs (“Find all messages for dialog created by Call-ID X and tags A and B”). • Establish concise and standardized diagnostic trail of a SIP session locally and globally. • Establish concise and standardized format for training automata (anomaly detection.) 7 | November 2009 IETF | vkg@bell-labs.com

  8. Benefits of a SIP CLF • Establishes a common reference for logging SIP messages across vendor/open-source implementations. • Correlate SIP messages across transactions and dialogs. • Easily search, merge, and summarize log records. • Train anomaly detection systems to trigger alarms. • Allow independent tool providers to provide innovative tools for trend analysis and traffic reports. • Common diagnostic trail from testing of SIP equipment. • Can be used for off-line analysis (trend analysis) as well as real- time analysis. 8 | November 2009 IETF | vkg@bell-labs.com

  9. Challenges in defining SIP CLF • SIP is not a linear request-reply protocol • HTTP is linear : pipelining okay, one request = one response. • Complexity inherent in the protocol: • Serial and parallel forking elicit multiple responses. • Delays between getting a request and sending a response (outside of “long polling” in HTTP, servers respond quickly; not quite so in SIP. Impact on proxies.) • Multiple transactions grouped in a dialog; dialog persists for a long time, transactions short-lived (e.g., BYE comes much later, but relation between INVITE and BYE should be preserved in a log file.) 9 | November 2009 IETF | vkg@bell-labs.com

  10. Challenges in defining SIP CLF • ACK requests need careful considerations: • Only tied to an INVITE. • No responses for ACKs. • For non-2xx, ACKs hop-by-hop (part of INVITE transaction.) • For 2xx, ACK end-to-end. • CANCEL requests need careful considerations: • Only tied to an INVITE. • Requires exactly one response. • Is propagated hop-by-hop. 10 | November 2009 IETF | vkg@bell-labs.com

  11. Challenges in defining SIP CLF • INVITE can pend, resulting in a 1xx response (200ms rule.) This 1xx response needs to be captured to train automata. • SIP has a richer set of actors: UAS, UAC, B2BUA, proxy, registrar, redirect server, ... • Need to take SIP extensibility in account. • Preserve user privacy in CLF (through anonymization, etc.) 11 | November 2009 IETF | vkg@bell-labs.com

  12. SIP CLF fields Date Remotehost Authuser Method Request-URI From (including tag) To (including tag) Call-ID Status Contact list Server-transaction Client-transaction 12 | November 2009 IETF | vkg@bell-labs.com

  13. SIP CLF example For sake of illustration only, example is in ASCII:  A proxy receives a request and sends a provisional upstream <allOneLine> 1230756560 192.168.1.10 - INVITE sip:bob@example.net sip:alice@example.com;tag=hy7 sip:bob@example.net 7yhgt1@example.com - uyt67h FORK/- </allOneLine> 1230756560 uyt67h - 100 INVITE + - 13 | November 2009 IETF | vkg@bell-labs.com

  14. SIP CLF example The proxy forks two branches: <allOneLine> 1230756563 - - INVITE sip:bob@home.example.net sip:alice@example.com;tag=hy7 sip:bob@example.net 7yhgt1@example.com - uyt67h CLIENT/hb76 </allOneLine> <allOneLine> 1230756564 - - INVITE sip:bob@carphone.example.net sip:alice@example.com;tag=hy7 sip:bob@example.net 7yhgt1@example.com - uyt67h CLIENT/hb77 </allOneLine> 14 | November 2009 IETF | vkg@bell-labs.com

  15. SIP CLF example Proxy receives provisionals and final responses: 1230756565 uyt67h hb76 100 INVITE sip:bob@example.net;tag=876v - 1230756565 uyt67h hb77 100 INVITE sip:bob@example.net;tag=561t - 1230756565 uyt67h hb76 180 INVITE sip:bob@example.net;tag=876v - 1230756565 uyt67h hb77 180 INVITE sip:bob@example.net;tag=561t - 1230756567 uyt67h hb77 182 INVITE sip:bob@example.net;tag=561t - 1230756568 uyt67h hb76 500 INVITE sip:bob@example.net;tag=876v - <allOneLine> 1230756568 uyt67h hb77 200 INVITE sip:bob@example.net;tag=561t "sip:bob@home.example.net" </allOneLine> 15 | November 2009 IETF | vkg@bell-labs.com

  16. SIP CLF example Proxy sends 200 OK upstream and ACKs 500: <allOneLine> 1230756569 uyt67h - 200 INVITE sip:bob@example.net;tag=561t "sip:bob@home.example.net" </allOneLine> <allOneLine> 1230756569 + - ACK sip:bob@home.example.net + + + - uyt67h CLIENT/hb76 </allOneLine> 16 | November 2009 IETF | vkg@bell-labs.com

  17. Solutions space  ASCII Representation (http://tools.ietf.org/html/draft-gurbani-sipping-clf- 01)  Indexed representation (http://tools.ietf.org/html/draft-roach-sipping-clf- syntax-01)  PCAP representation (not actively pursued by author; see http://tools.ietf.org/html/draft-kaplan-sipping-clf-pcap-00)  IPFIX representation (no drafts exist yet.) 17 | November 2009 IETF | vkg@bell-labs.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Session Initiation Protocol (SIP) Common Log Format (CLF) n Joint work with ... Tricha

The Session Initiation Protocol (SIP) Common Log Format (CLF) n Joint work with ... Tricha

Vijay K. Gurbani &lt;vkg@bell-labs.com&gt; Computer Systems and Security Research Bell Laboratories/Alcatel-Lucent Oct. 03, 2010 The Session Initiation Protocol (SIP) Common Log Format (CLF) n Joint work with ... Tricha Anjali

684 views • 25 slides
Session Initiation Protocol (SIP) The Session Description Protocol The Most Common Message

Session Initiation Protocol (SIP) The Session Description Protocol The Most Common Message

Session Initiation Protocol (SIP) The Session Description Protocol The Most Common Message Body Session information describing the media to be exchanged between the parties SDP, RFC 2327 (initial publication) A number of

671 views • 21 slides
Internet Technology 5/6/2016 Session Initiation Protocol (SIP) Dominant protocol for Voice

Internet Technology 5/6/2016 Session Initiation Protocol (SIP) Dominant protocol for Voice

Internet Technology 5/6/2016 Session Initiation Protocol (SIP) Dominant protocol for Voice over IP (VoIP): RFC 3261 Allows a call to be established between multiple parties Notify a callee of a call request Agree on media encodings

300 views • 8 slides
Session Initiation Protocol (SIP) Introduction A powerful alternative to H.323 More

Session Initiation Protocol (SIP) Introduction A powerful alternative to H.323 More

Session Initiation Protocol (SIP) Introduction A powerful alternative to H.323 More flexible, simpler Easier to implement Advanced features Better suited to the support of intelligent user devices A part of IETF multimedia

772 views • 36 slides
Session Initiation Protocol Jouni Soitinaho 1 Jso_SIP_v2.PPT/ 05.04.2001/ Jouni Soitinaho

Session Initiation Protocol Jouni Soitinaho 1 Jso_SIP_v2.PPT/ 05.04.2001/ Jouni Soitinaho

Session Initiation Protocol Jouni Soitinaho 1 Jso_SIP_v2.PPT/ 05.04.2001/ Jouni Soitinaho Contents Protocol Development Protocol Basics Expandability Extension Examples Application areas Conclusions 2

617 views • 26 slides
Session Initiation Protocol (SIP) Chapter 5 Introduction A powerful alternative to H.323

Session Initiation Protocol (SIP) Chapter 5 Introduction A powerful alternative to H.323

Session Initiation Protocol (SIP) Chapter 5 Introduction A powerful alternative to H.323 More flexible, simpler Easier to implement Advanced features Better suited to the support of intelligent user devices A part of IETF

654 views • 32 slides
Migration towards a more secure authentication in the Session Initiation Protocol Lars Strand

Migration towards a more secure authentication in the Session Initiation Protocol Lars Strand

Migration towards a more secure authentication in the Session Initiation Protocol Lars Strand Wolfgang Leister Alan Duric The Fifth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2011) 21-27

805 views • 21 slides
Session Initiation Protocol (SIP) Sess o o o oco (S ) Part II Prof. Ai-Chun Pang Graduate

Session Initiation Protocol (SIP) Sess o o o oco (S ) Part II Prof. Ai-Chun Pang Graduate

Session Initiation Protocol (SIP) Sess o o o oco (S ) Part II Prof. Ai-Chun Pang Graduate Institute of Networking and Multimedia, Dept. of Comp. Sci. and Info. Engr., National Taiwan University Email: acpang@csie.ntu.edu.tw

591 views • 38 slides
A Session Initiation Protocol (SIP) Load Control Event Package

A Session Initiation Protocol (SIP) Load Control Event Package

A Session Initiation Protocol (SIP) Load Control Event Package draft-ietf-soc-load-control-event-package-00.txt Charles Shen and Henning Schulzrinne, Columbia University Arata Koike, NTT IETF 80, Prague, Czech Republic March 2011 Now

644 views • 31 slides
Response Identity in Session Initiation Protocol draft-cao-sip-response-identity-00 Feng Cao

Response Identity in Session Initiation Protocol draft-cao-sip-response-identity-00 Feng Cao

Response Identity in Session Initiation Protocol draft-cao-sip-response-identity-00 Feng Cao Cullen Jennings 1 Agenda Introduction Scope Requirements SIP Response Identity Overview Open Issues Summary 2

205 views • 9 slides
A Mechanism for Session Initiation Protocol (SIP) Avalanche Restart Overload Control

A Mechanism for Session Initiation Protocol (SIP) Avalanche Restart Overload Control

A Mechanism for Session Initiation Protocol (SIP) Avalanche Restart Overload Control draft-shen-soc-avalanche-restart-overload-00 Charles Shen and Henning Schulzrinne, Columbia University Arata Koike, NTT IETF 80, Prague, Czech Republic

443 views • 10 slides
The Session Description Protocol The Most Common Message Body Be session information

The Session Description Protocol The Most Common Message Body Be session information

The Session Description Protocol The Most Common Message Body Be session information describing the media to be exchanged between the parties SDP, RFC 2327 (initial publication) SIP uses SDP in an answer/offer mode. An agreement

690 views • 49 slides
Addressing Record-Route issues in Session Initiation Protocol (SIP)

Addressing Record-Route issues in Session Initiation Protocol (SIP)

Addressing Record-Route issues in Session Initiation Protocol (SIP) (draft-froment-sip-record-route-fix-00.txt) SIP IETF 68th March 21st, 2007 Thomas Froment Thomas.Froment@alcatel-lucent.fr Why this draft? Based on implementor

312 views • 7 slides
The Session Initiation Protocol (SIP) Henning Schulzrinne Dept. of Computer Science Columbia

The Session Initiation Protocol (SIP) Henning Schulzrinne Dept. of Computer Science Columbia

hgs/SIP Tutorial 1 The Session Initiation Protocol (SIP) Henning Schulzrinne Dept. of Computer Science Columbia University New York, New York (sip:)schulzrinne@cs.columbia.edu May 2001 hgs/SIP Tutorial 2 Overview protocol

1.86k views • 137 slides
Desktop sharing with the Session Initiation Protocol Willem Toorop willem.toorop@os3.nl February

Desktop sharing with the Session Initiation Protocol Willem Toorop willem.toorop@os3.nl February

Desktop sharing with the Session Initiation Protocol Willem Toorop willem.toorop@os3.nl February 25, 2009 How can application and desktop sharing, initiated by SIP, be realised in existing SIP infrastructure with the least possible impact on

824 views • 47 slides
Initiation The Sacraments of Initiation The Sacraments of Initiation are celebrated by Catholic

Initiation The Sacraments of Initiation The Sacraments of Initiation are celebrated by Catholic

The Restored Order of the Sacraments of Initiation The Sacraments of Initiation The Sacraments of Initiation are celebrated by Catholic Christian families Baptism, (Reconciliation), Confirmation, First Communion in the context of families

502 views • 19 slides
The Massachusetts SMART Green Communities Division Program and Municipalities Webinar March 20,

The Massachusetts SMART Green Communities Division Program and Municipalities Webinar March 20,

Helping Massachusetts Municipalities Create a Cleaner Energy Future COMMONWEALTH OF MASSACHUSETTS Charles Baker, Governor Matthew Beaton, Secretary Judith Judson, Commissioner The Massachusetts SMART Green Communities Division Program and

718 views • 43 slides
Clockwyse Project Design Review Tyler Krupicka, Ketan Reddy, and Jeremiah Zucker A Quick Refresh

Clockwyse Project Design Review Tyler Krupicka, Ketan Reddy, and Jeremiah Zucker A Quick Refresh

Clockwyse Project Design Review Tyler Krupicka, Ketan Reddy, and Jeremiah Zucker A Quick Refresh on Our Project Classroom based digital signage connected to existing alerting infrastructure. With this approach, response time can be reduced

849 views • 31 slides
A Scalable Approach to Attack Graph Generation By Ou, Boyer, McQueen Presented By: Philip Koshy

A Scalable Approach to Attack Graph Generation By Ou, Boyer, McQueen Presented By: Philip Koshy

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA A Scalable Approach to Attack Graph Generation By Ou, Boyer,

591 views • 33 slides
Idioms for Interaction: Functional Types, Process Types and Distributed Systems

Idioms for Interaction: Functional Types, Process Types and Distributed Systems

Idioms for Interaction: Functional Types, Process Types and Distributed Systems http://mrg.doc.ic.ac.uk/ Nobuko Yoshida Imperial College London 1 Outline Idioms for Interaction Multiparty Session Types Scribble and Applications to

1.07k views • 71 slides
CSE440: Introduction to HCI Methods for Design, Prototyping and Evaluating User Interaction

CSE440: Introduction to HCI Methods for Design, Prototyping and Evaluating User Interaction

CSE440: Introduction to HCI Methods for Design, Prototyping and Evaluating User Interaction Lecture 01: Nigini Oliveira Introduction Abhinav Yadav Liang He Angel Vuong Jeremy Viny Who we are Nigini Oliveira Study and practice CS in Brazil

440 views • 40 slides
CSE440: Introduction to HCI Methods for Design, Prototyping and Evaluating User Interaction

CSE440: Introduction to HCI Methods for Design, Prototyping and Evaluating User Interaction

CSE440: Introduction to HCI Methods for Design, Prototyping and Evaluating User Interaction Lecture 01: Nigini Oliveira Introduction Manaswi Saha Liang He Jian Li Zheng Jeremy Viny Who we are Nigini Oliveira Studied computer science in

739 views • 42 slides
An open source framework for graphical related tasks Clment Forest Digital-Trainers

An open source framework for graphical related tasks Clment Forest Digital-Trainers

An open source framework for graphical related tasks Clment Forest Digital-Trainers www.digital-trainers.com VgSDK in short External dependencies Supported hardware Base principles The user describes the objects in a scene graph The

510 views • 35 slides
Lecture 16: The Universality Problem for TBA 2014-07-29 Dr. Bernd Westphal 16 2014-07-29

Lecture 16: The Universality Problem for TBA 2014-07-29 Dr. Bernd Westphal 16 2014-07-29

Real-Time Systems Lecture 16: The Universality Problem for TBA 2014-07-29 Dr. Bernd Westphal 16 2014-07-29 main Albert-Ludwigs-Universit at Freiburg, Germany Contents &amp; Goals Last Lecture: Extended Timed Automata

726 views • 47 slides

More recommend