nena’s 11 th annual technical development conference
Post on 14-Jan-2016
33 Views
Preview:
DESCRIPTION
TRANSCRIPT
NENA’s 11NENA’s 11thth Annual AnnualTechnical Development Technical Development
ConferenceConference
An Architecture for Next-An Architecture for Next-Generation Emergency Generation Emergency
ServicesServicesHenning SchulzrinneHenning Schulzrinne
Columbia UniversityColumbia University
OverviewOverview
How does VoIP differ from landline and How does VoIP differ from landline and wireless PSTN?wireless PSTN?
IETF effortsIETF efforts statusstatus assumptionsassumptions
Common URL for emergency servicesCommon URL for emergency services Routing emergency callsRouting emergency calls Common location formatCommon location format Configuration of local emergency call Configuration of local emergency call
numbersnumbers Security issuesSecurity issues
PSTN vs. Internet TelephonyPSTN vs. Internet Telephony
Signaling & Media Signaling & Media
Signaling Signaling
Media
PSTN:
Internettelephony:
China
Belgian customer,currently visiting US
Australia
SIP trapezoidSIP trapezoid
SIP trapezoid
outbound proxy
a@foo.com: 128.59.16.1
registrar
1st request
2nd, 3rd, … request
voice trafficRTP
destination proxy(identified by SIP URI domain)
SIP addressingSIP addressing
Users identified by SIP or tel URIsUsers identified by SIP or tel URIs sip:alice@example.comsip:alice@example.com
tel: URIs describe E.164 number, not tel: URIs describe E.164 number, not dialed digits (RFC 2806bis)dialed digits (RFC 2806bis)
tel URIs tel URIs SIP URIs by outbound proxy SIP URIs by outbound proxy A person can have any number of SIP A person can have any number of SIP
URIsURIs The same SIP URI can reach many The same SIP URI can reach many
different phones, in different networksdifferent phones, in different networks sequential & parallel forkingsequential & parallel forking
SIP URIs can be created dynamically:SIP URIs can be created dynamically: GRUUsGRUUs conferencesconferences device identifiers device identifiers
(sip:foo@128.59.16.15)(sip:foo@128.59.16.15) Registration binds SIP URIs (e.g., Registration binds SIP URIs (e.g.,
device addresses) to SIP “address-of-device addresses) to SIP “address-of-record” (AOR)record” (AOR)
tel:110 sip:sos@domain
domain 128.59.16.17via NAPTR + SRV
How does VoIP differ from How does VoIP differ from landline and wireless PSTN?landline and wireless PSTN?
Telephone companies are no Telephone companies are no longer neededlonger needed there are still carriers for DSL and there are still carriers for DSL and
cable “IP dial tone”cable “IP dial tone” but unaware of type of data but unaware of type of data
carriedcarried VSP may be in another state or VSP may be in another state or
countrycountry Corporations and universities Corporations and universities
don’t have email carriers, eitherdon’t have email carriers, either
voice service provider
(RTP)
ISP(IP)
dark fiberprovider
Yahoo
MC
IN
YSER
NE
T
Why is VoIP ≠ wireless?Why is VoIP ≠ wireless? VoIP devices may not have phone VoIP devices may not have phone
numbers as lookup keysnumbers as lookup keys e.g., sip:hgs@cs.columbia.edue.g., sip:hgs@cs.columbia.edu
Location information for devices is civil, Location information for devices is civil, not longitude/latitudenot longitude/latitude e.g., service address for VSPse.g., service address for VSPs GPS not available (nor functional) on indoor GPS not available (nor functional) on indoor
devicesdevices plus, accuracy of 50 m (67%) or 150 m spans plus, accuracy of 50 m (67%) or 150 m spans
many buildings…many buildings… no floor informationno floor information
Cell phones don’t work in our building…Cell phones don’t work in our building… so A-GPS is unlikely to work there, eitherso A-GPS is unlikely to work there, either
Plus, wireless E911 complexity due to old Plus, wireless E911 complexity due to old signaling mechanismsignaling mechanism
50m
IETF effortsIETF efforts
IETF = Internet Engineering Task ForceIETF = Internet Engineering Task Force ““The Internet Engineering Task Force The Internet Engineering Task Force (IETF)(IETF) is is
a large open international community of a large open international community of network designers, operators, vendors, and network designers, operators, vendors, and researchers concerned with the evolution of researchers concerned with the evolution of the Internet architecture and the smooth the Internet architecture and the smooth operation of the Internet. It is open to any operation of the Internet. It is open to any interested individual.”interested individual.”
Efforts on 911 services go back to 2001, …Efforts on 911 services go back to 2001, … but only recent high-impact effortsbut only recent high-impact efforts individuals working both in NENA and IETF individuals working both in NENA and IETF
WGsWGs
Current IETF draftsCurrent IETF drafts
draft-taylor-sipping-emerg-scen-01draft-taylor-sipping-emerg-scen-01 scenarios, e.g., hybrid VoIP-PSTNscenarios, e.g., hybrid VoIP-PSTN
draft-schulzrinne-sipping-emergency-arch-00draft-schulzrinne-sipping-emergency-arch-00 overall architecture for emergency callingoverall architecture for emergency calling
draft-ietf-sipping-sos-00draft-ietf-sipping-sos-00 describes ‘sos’ SIP URIdescribes ‘sos’ SIP URI
draft-rosen-dns-sos-00draft-rosen-dns-sos-00 new DNS resource records for location mappingnew DNS resource records for location mapping
Architectural assumptions and Architectural assumptions and goalsgoals
SIP-based for interchangeSIP-based for interchange other protocols (e.g., H.323) via gatewayother protocols (e.g., H.323) via gateway
avoid complexity of multiple protocols everywhereavoid complexity of multiple protocols everywhere H.248/MGCP not used for interdomain signaling H.248/MGCP not used for interdomain signaling not not
needed hereneeded here InternationalInternational
devices bought anywhere can make emergency calls devices bought anywhere can make emergency calls anywhereanywhere
limit biases in address formats, languages, …limit biases in address formats, languages, … avoid built-in bias for “911” or “112” (mostly)avoid built-in bias for “911” or “112” (mostly) use term “ECC” instead of “PSAP” use term “ECC” instead of “PSAP”
MultimediaMultimedia support non-audio media if available in PSAPsupport non-audio media if available in PSAP
Goals, cont’d.Goals, cont’d.
Support other communications Support other communications modesmodes IMIM maybe email latermaybe email later
Support access for callers with Support access for callers with disabilitiesdisabilities real-time textreal-time text video for sign languagevideo for sign language
Common URL for emergency Common URL for emergency servicesservices
Emergency numbers may be dialed from Emergency numbers may be dialed from many different placesmany different places about 60 (national) different emergency service about 60 (national) different emergency service
numbers in the worldnumbers in the world many are used for other services elsewhere (e.g., many are used for other services elsewhere (e.g.,
directory assistance)directory assistance) End systems, proxies and gateways should End systems, proxies and gateways should
be able to tell easily that a call is an be able to tell easily that a call is an emergency callemergency call
Thus, need common identifier for callsThus, need common identifier for calls
Common URL for emergency Common URL for emergency callscalls
IETF draft suggests “sip:sos@home-IETF draft suggests “sip:sos@home-domain”domain” home-domain: domain of callerhome-domain: domain of caller
Can be recognized by proxies along the Can be recognized by proxies along the wayway short cut to emergency infrastructureshort cut to emergency infrastructure
If not, it reaches home proxy of subscriberIf not, it reaches home proxy of subscriber Call can be routed from there easilyCall can be routed from there easily
global access to routing information (see later)global access to routing information (see later)
Service identificationService identification
In some countries, In some countries, specialized numbers for specialized numbers for police, fire, …police, fire, …
We add SIP protocol We add SIP protocol header that identifies header that identifies call service:call service: Accept-Contact:
* ;service=“sos.mountain”
Generally, not user Generally, not user visiblevisible
sos.firesos.fire fire brigadefire brigade
sos.rescuesos.rescue ambulanceambulance
sos.marinesos.marine marine marine guardguard
sos.policesos.police policepolice
sos.mountasos.mountainin
mountain mountain rescuerescue
sos.testsos.test only testingonly testing
Other call identifiersOther call identifiers
Using SIP caller preferences/callee Using SIP caller preferences/callee capabilitiescapabilities
Caller languagesCaller languages automatically route to PSAP or call taker that automatically route to PSAP or call taker that
speaks Frenchspeaks French Accept-Language: frAccept-Language: fr
Caller media preferencesCaller media preferences automatically route to PSAP or call taker that can automatically route to PSAP or call taker that can
deal with typed textdeal with typed text Accept-Contact: *;text;requireAccept-Contact: *;text;require
Translating dialed digits Translating dialed digits
Always available: 112 and 911Always available: 112 and 911 Configuration mechanisms:Configuration mechanisms:
SIM cards (GSM phones)SIM cards (GSM phones) XCAP configurationXCAP configuration
local (outbound) proxylocal (outbound) proxy home proxyhome proxy
DNSDNS Default configuration if no other Default configuration if no other
information available:information available: 000, 08, 110, 999, 118 and 119000, 08, 110, 999, 118 and 119
Translating dialed numbers to Translating dialed numbers to emergency identifiersemergency identifiers
“9-1-1” 919111
sossos sossos
111100
sossos sos.policsos.policee
111122
sossos sos.firesos.fireOn many telephone-like systems, only numbers are available number translation
sips:sos@example.com
Emergency number Emergency number configuration via DNSconfiguration via DNS
NAPTR 100 10 "u" "SOS" "/110/sips:sos.police@notfall.de/i
de.sos.arpa
country=DEDHCP server
add 110 to list ofemergency dial strings
Determining locationsDetermining locations
Conveyed via DHCP from IP-level providerConveyed via DHCP from IP-level provider Formats:Formats:
geospatial (longitude, latitude, altitude or floor)geospatial (longitude, latitude, altitude or floor) civil (country, administrative units, street)civil (country, administrative units, street)
Provider usually knowsProvider usually knows Does not depend on being a voice service providerDoes not depend on being a voice service provider
802.11 triangulation802.11 triangulation GPS (for mobile devices)GPS (for mobile devices) Via configuration protocol (XCAP)Via configuration protocol (XCAP)
relies on VSP having accurate service location relies on VSP having accurate service location informationinformation
User-configured (last resort)User-configured (last resort)
Enhancing DHCP for Enhancing DHCP for locationslocations
use MAC address backtracing to get location informationuse MAC address backtracing to get location information can use existing DHCP servers and clientscan use existing DHCP servers and clients
DHCPserver
458/17 Rm. 815458/18 Rm. 816
DHCP answer:sta=DC loc=Rm815lat=38.89868 long=77.03723
8:0:20:ab:d5:d
CDP + SNMP8:0:20:ab:d5:d 458/17
GEOPRIV geospatial formatGEOPRIV geospatial format
Based on Based on GML mark-upGML mark-up
<?xml version="1.0" encoding="UTF-8"?> <presence xmlns="urn:ietf:params:xml:ns:pidf" xmlns:gp="urn:ietf:params:xml:ns:pidf:geopriv10" xmlns:gml="urn:opengis:specification:gml:schema-xsd:feature:v3.0" entity="pres:geotarget@example.com"> <tuple id="sg89ae"> <timestamp>2003-06-22T20:57:29Z</timestamp> <status> <gp:geopriv> <gp:location-info> <gml:location> <gml:Point gml:id="point96" srsName="epsg:4326"> <gml:coordinates>31:56:00S 115:50:00E</gml:coordinates> </gml:Point> </gml:location> </gp:location-info> <gp:usage-rules> <gp:retransmission-allowed>no</gp:retransmission-allowed> <gp:retention-expiry>2003-06-23T04:57:29Z</gp:retention-expiry> </gp:usage-rules> </gp:geopriv> </status> </tuple> </presence>
GEOPRIV civil formatGEOPRIV civil format
Based on NENA XML Based on NENA XML elementselements
Except internationalized Except internationalized administrative divisions:administrative divisions:
AA11
national subdivisions (state, region, national subdivisions (state, region, province, prefecture)province, prefecture)
AA22
county, parish, gun (JP), district (IN)county, parish, gun (JP), district (IN)
AA33
city, township, shi (JP)city, township, shi (JP)
AA44
city division, borough, city district, ward, city division, borough, city district, ward, chou (JP)chou (JP)
AA55
neighborhood, blockneighborhood, block
AA66
streetstreet
<country>US</country><A1>NJ</A1><A2>Bergen</A2><A3>Leonia</A3><A6>Westview</A6><STS>Ave</STS><HNO>313</HNO><NAM>Schulzrinne</NAM><ZIP>07605-1811</ZIP>
Location-based call routing – Location-based call routing – UA knows its locationUA knows its location
GPS
48° 49' N 2° 29' E
INVITE sips:sos@
DHCP
outboundproxy server
48° 49' N 2° 29' E Paris fire department
Location-based call routing – Location-based call routing – network knows locationnetwork knows location
IP
48° 49' N 2° 29' E
TOA
include locationinfo in 302
INVITE sips:sos@ INVITE sips:sos@paris.gendarme.fr
map location to (SIP) domain
outbound proxy
A quick review of DNSA quick review of DNS
DNS = mapping from hierarchical names to DNS = mapping from hierarchical names to resource recordsresource records commonly, but not necessarily IP addressescommonly, but not necessarily IP addresses
Authoritative server for each domain operated by Authoritative server for each domain operated by domaindomain e.g., columbia.edu server is owned & operated by e.g., columbia.edu server is owned & operated by
Columbia University Columbia University
pc.example.com leonia.nj.uscaches results
leonia.nj.us?
How does the PSAP find the How does the PSAP find the caller’s location?caller’s location?
Largest difference to existing E911 systemLargest difference to existing E911 system In-band, as part of call setupIn-band, as part of call setup
carried in body of setup messagecarried in body of setup message rather than by reference into external databaserather than by reference into external database
May be updated during callMay be updated during call moving vehiclesmoving vehicles late availability of information (GPS acquisition late availability of information (GPS acquisition
delay)delay) Also possible: subscribe to location information Also possible: subscribe to location information
GEOPRIV and SIMPLE GEOPRIV and SIMPLE architecturesarchitectures
targetlocationserver
locationrecipient
rulemaker
presentity
caller
presenceagent
watcher
callee
GEOPRIV
SIPpresence
SIPcall
PUBLISHNOTIFY
SUBSCRIBE
INVITE
publicationinterface
notificationinterface
ruleinterface
INVITE
A quick review of DNSA quick review of DNS
Thus, globally visible database, with delegated Thus, globally visible database, with delegated control of contentcontrol of content
Replication of DNS servers mandatoryReplication of DNS servers mandatory at least 2, often moreat least 2, often more automatically synchronizedautomatically synchronized
Robustness by cachingRobustness by caching typically life time of 24 hourstypically life time of 24 hours end system may not notice outage of authoritative serverend system may not notice outage of authoritative server
Host security Host security modification control modification control DNS security (DNSsec) to ensure authenticity of DNS security (DNSsec) to ensure authenticity of
contentcontent
Using DNS for determining Using DNS for determining PSAPsPSAPs
Define new domain, e.g., sos.arpaDefine new domain, e.g., sos.arpa .arpa used for infrastructure functions.arpa used for infrastructure functions
top-level queries done only rarelytop-level queries done only rarely results are cached at clientresults are cached at client
*.us.sos.arpa
*.sos.arpa
*.nj.us.sos.arpa
firedept.leonia.nj.gov
leonia.nj.us.sos.arpa?
Obtaining all sub-regionsObtaining all sub-regions
us.sos.arpa nj.us.sos.
arpa
us.sos.arpus.sos.arpaa
PTPTRR
al.us.sos.arpal.us.sos.arpaa
us.sos.arpus.sos.arpaa
PTPTRR
ak.us.sos.arak.us.sos.arpapa
us.sos.arpus.sos.arpaa
PTPTRR
nj.us.sos.arpnj.us.sos.arpaa
…… PTPTRR
……
CN=usA1=njA2=bergenA3=leonia
nj.us.sos.arpanj.us.sos.arpa PTRPTR sussex.nj.us.sos.arsussex.nj.us.sos.arpapa
nj.us.sos.arpanj.us.sos.arpa PTRPTR passaic.nj.us.sos.arpassaic.nj.us.sos.arpapa
nj.us.sos.arpanj.us.sos.arpa PTRPTR bergen.nj.us.sos.arbergen.nj.us.sos.arpapa
…… PTRPTR ……
What about geo addresses?What about geo addresses?
Store one DNS record for Store one DNS record for each PSAPeach PSAP or whatever the last caller-or whatever the last caller-
visible SIP proxy isvisible SIP proxy is could be state, county, city, … could be state, county, city, …
New POLY resource recordNew POLY resource record Records polygon edges of Records polygon edges of
PSAP service area PSAP service area (longitude-latitude tuples)(longitude-latitude tuples)
Same descent of hierarchySame descent of hierarchy at each level, search all at each level, search all
leaves for matchleaves for matchBergenPassaicAtlantic…
Address hidingAddress hiding Some advocate hiding IP addresses of PSAPs Some advocate hiding IP addresses of PSAPs
(or groups of PSAPs)(or groups of PSAPs) Not clear what this meansNot clear what this means
if call made, IP address will be returned in packetsif call made, IP address will be returned in packets Can, however, have different perimetersCan, however, have different perimeters
source address of SIP and audiopackets
Routing layersRouting layers
firewall boundary
Privacy and authenticationPrivacy and authentication
Want to ensure privacy of call setup Want to ensure privacy of call setup informationinformation
prevent spoofing of call originsprevent spoofing of call origins but can’t enforce call authenticationbut can’t enforce call authentication
need to authenticate call destinationneed to authenticate call destination ideally, certificate for PSAPsideally, certificate for PSAPs but initially just verify that reached DNS-but initially just verify that reached DNS-
indicated destinationindicated destination use TLS (SSL), as in httpuse TLS (SSL), as in httpss://:// host certificates widely availablehost certificates widely available
just need a domain name and a credit cardjust need a domain name and a credit card
Testing emergency callsTesting emergency calls
Current E911 system has no good way to Current E911 system has no good way to test 911 reachability without interfering test 911 reachability without interfering with emergency serviceswith emergency services
With VoIP, more distributed system With VoIP, more distributed system more need for testingmore need for testing
Use SIP OPTIONS request Use SIP OPTIONS request route request, route request, but don’t reach call takerbut don’t reach call taker
Also, DNS model allows external Also, DNS model allows external consistency checkingconsistency checking e.g., nationwide 911 testing agencye.g., nationwide 911 testing agency
Open issuesOpen issues
Technical (protocol) issues:Technical (protocol) issues: details of DNS recordsdetails of DNS records top-level DNS domain?top-level DNS domain? how to do testing with minimal impact?how to do testing with minimal impact?
Operational issues:Operational issues: who runs sos.arpa and us.sos.arpa?who runs sos.arpa and us.sos.arpa? export of MSAG information into DNS?export of MSAG information into DNS? will DSL and cable modem carriers provide location will DSL and cable modem carriers provide location
information?information? Funding issues:Funding issues:
use IP-layer funding for 911, not voice servicesuse IP-layer funding for 911, not voice services
ConclusionConclusion
Good news:Good news: VoIP-based 911 is not nearly as hard as Phase VoIP-based 911 is not nearly as hard as Phase
II wirelessII wireless can be leveraged to provide simpler Phase II can be leveraged to provide simpler Phase II
services for non-VoIP terminalsservices for non-VoIP terminals PC-based end system can be maintained as isPC-based end system can be maintained as is use of COTS, across national bordersuse of COTS, across national borders
Challenges:Challenges: cannot simply add one more patch to existing cannot simply add one more patch to existing
circuit-switched 911 systemcircuit-switched 911 system
top related