chair for computer networks & internet wilhelm-schickard-institute for computer science...

Chair for Computer Networks & InternetWilhelm-Schickard-Institute for Computer ScienceUniversity of Tübingen

A Cooperative SIP Infrastructure for Highly Reliable

Telecommunication Services

Ali Fessi, Heiko Niedermayer,

Holger Kinkelin, Georg Carle

IPTComm 2007, 19th-20th July, New York, USA

A. Fessi, et al, “A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services“ 2

Overview

Motivation

Properties of server-based SIP networks

Properties of P2P-based SIP networks

Our solution for SIP reliability: Cooperative SIP (CoSIP) CoSIP Overview

Sample Applications

Implementation

Evaluation: Improving reliability and security with CoSIP

Initial functional tests results

Conclusions


Motivation

Some open issues with VoIP still need to be solved reliability, security, QoS, SPIT, etc.

Users are used to the nearly 100% reliable PSTN

Good news: Peer-to-peer (P2P) networks provide higher reliability

Bad news: P2P network have also their bad side

• Security in P2P networks is much harder to cope with due to decentralization

Goals How can we make SIP networks more reliable?

How can we benefit from the advantages of both architectures • server vs. P2P


Properties of Server-based SIP Networks

Sufficient security mechanisms

• UA authentication

• Integrity and confidentiality

High lookup performance of SIP URI

• O(1) messages

Complex service infrastructure

• SIP proxies, registrars, AAA servers, location database, DNS server, routers, etc

Network and service failures may propagate quickly

Server infrastructures are vulnerable to DoS attacks


Properties of P2P-SIP Networks

Self-organization Recoverability from local failures

Robustness against DoS attacks

P2P network can also survive under difficult conditions

Scalability Lookup performance of the Contact URI in a DHT in the avg case:

• O( log ( N ) ) messages; N is the number of peers

Several security issues can not be solved in pure P2P network Attacks on the routing of lookup requests

Attacks on the content of the P2P network

Sybil attacks, partitioning attacks, etc.

Open P2P-SIP networks are an invitation for SPIT!


Cooperative SIP (CoSIP)

Basic idea

Design a hybrid architecture that benefits from the advantages of both server-based and P2P-based SIP networks

SIP User Agents organize themselves into a P2P network

SIP infrastructure and SIP User Agents cooperate in order to provide the best service

Cooperative SIP architecture: CoSIP

Improve reliability, survivability, security and lookup performance


CoSIP: UA Registration

DHT

Alice Bob

REGISTERput(H(SIP_URI), Contact_URI)

A SIP UA is registered to the SIP infrastructure as well as to the DHT

Use REGISTER for registration to the infrastructure

Use put for the registration to the DHT:

put (H(SIP_URI), Contact_URI)


CoSIP: Session Establishment

DHT

Alice Bob

INVITEget(SIP_URI)

Contact_URI

INVITE

200 OKSession

Signaling to the SIP infrastructure with INVITE

In parallel: resolve the Contact-URI in the DHT with a get

get (H(SIP_URI)) = Contact_URI

Server does not answer or DHT is faster?

use the Contact-URI provided by the DHT lookup

perform direct signaling to the peer

Lookup performance under normal conditions:

• O(1) messages

in case of failures of the infrastructure:

• O( log ( N ) ) messages;


CoSIP Sample Applications

Large enterprise/ academic SIP networks with e.g. 20-30 k-users CoSIP can be used to bridge

network and service failures maintenance downtimes

SIP Infrastructure

CoSIP-enabled SIP Network


CoSIP Sample Applications (2)

CoSIP adapter/ proxy in DSL routers CoSIP adapters organize themselves into a P2P network

DSL Router

with a CoSIP adapter / CoSIP proxy

Small Office

and Home

Network

(SOHO)

SIP Infrastructure

Internet/VoIP Provider

SOHO


Implementation of CoSIP as an external Proxy Application

SIP UA CoSIP Proxy

DHT

SIP

SIP

XML RPC

CoSIP Proxy SIP UASIP

SIP

XML RPC

The CoSIP proxy is an adapter to connect regular SIP UA CoSIP Proxy communicates with the SIP infrastructure and the P2P network DHT: Bamboo/ Pastry Formal specification of the “CoSIP” protocol with SDL Programming language: Python When the SIP infrastructure fails: P2P signaling between the CoSIP proxies

SIP Express Router (SER)


Specification of CoSIP - Goody

State machines „switchable“ to different modes1. Cooperative mode (DHT + SIP server)

2. DHT-only mode (basically P2P-SIP with Bamboo as a DHT)

3. Server-only mode

DHT-only mode successfully tested with OpenDHT


SIP UA running with CoSIP Proxy in the background


Evaluation

Improving reliability with CoSIP P2P network provide high reliability and self-organization

• Local failures can be recovered autonomically by neighboring peers

Data is replicated on a set of nodes (replica set)

Even large failures affect only a part of the network

In the ideal case (uncorrelated failures), the probability of a service failure

with CoSIP would be:

CoSIP provides even better reliability and survivability than

P2P-SIP networks

server-based SIP networks

nodesreplicanodeDHTServerCoSIP FailureFailureFailure _#_


Evaluation

Improving security with CoSIP Managing security in large P2P-SIP networks is not possible without

central severs

However, PKI / CA is not enough

A CA is not able to detect an attack in the P2P network and shut down the attacker

A security solution for P2PSIP requires• more SIP specific knowledge

• knowledge about the P2P network

CoSIP servers can provide Identity Management for the P2P-SIP network

CoSIP servers can make sure that peers in the P2P-SIP network behave well

How can you provide Intrusion Detection in a large P2P network?

a “CoSIP server” can help to do this job

More work is still required on this topic


Evaluation

Initial tests have been run on PlanetLab Each used PlanetLab node hosts

a SIP UA

a CoSIP proxy

a Bamboo DHT node

High variance of the RTT on PlanetLab noticed SIP server failure emulated Successful recoverability from service failure

No interruption of service is noticed

Time required to establish a session between UAC and UAS increases slightly but is still acceptable

Performance results will be published soon

Remote Control

Node #1

SIP Server

CoSIP Proxy

SIP UA

DHT node

Node #20Node #2 Node #3

CoSIP Proxy

SIP UA

DHT node

CoSIP Proxy

SIP UA

DHT node

CoSIP Proxy

SIP UA

DHT node


CoSIP: Summary

CoSIP provides a low-cost solution for significantly improving the reliability of SIP networks

Implementation CoSIP as an external proxy application compatible to existing SIP networks

Cooperative (server + DHT) as well as DHT-only mode possible

CoSIP is a hybrid architecture which provides better reliability, survivability, security and performance simultaneously

Could CoSIP be useful for catastrophic failures / emergency calls?

Future work Integration of security mechanisms to CoSIP Improve security of P2P-SIP

CoSIP is still a single domain concept Peering of several domains with CoSIP

Improving geometry and routing in the DHT for higher connectivity in case of network failures


Questions / Discussion / Feedback


P2P-SIP

Basic idea: „SIP without server“ Registration:

Phase1: Node registration = P2P-SIP node “joins” the DHT Phase 2: User registration = storing the Contact URI with SIP URI as lookup key

in the DHT Session establishment:

Resolving the SIP URI to a Contact URI using the DHT Subsequent signaling can occur between the two peers

DHT

1

DHT

2

1

DHT

1

2

3

Node registration User registration Session establishment


Evaluation - PlanetLab

Global research network 784 nodes 382 institutions

Con’s Very variable performance and load of PlanetLab nodes High variance in the RTT

Causes high variance in the measurement results

High instability and unreliability of the PlanetLab nodes Upgrade PlanetLab 3.0 to 4.0 More than 50 nodes barely manageable


CoSIP State Machines

Formal specification of the CoSIP protocol using SDL

Logical separation between the state machines of

different SIP UAs

The CoSIP proxy processes

requests from UA

messages from the server

messages from the DHT

timeouts for limiting the pending time

Events are processed FIFO

Idle

INVITE from UAC

INVITE to SRV

100 to UAC

dht.get()

PENDING_SRV_DHT

timer_res.start()timestamp = time()

SDL diagram for the processing of an INVITE

message in state IDLE


CoSIP State Machines (2)

High Level INVITE Session State MachineHigh Level REGISTER Session State Machine

IDLE

PENDING PENDING_DHT

REGISTERED

UA: REGISTER SRV: 401

SRV: 200 UA: REGISTER

SRV: Timeout

DHT: Error,Timeout

DHT: Success

DHT: Success, Error, Timeout

UA goes offline

IDLE

PENDING_SRV_DHT PENDING_SRV_UAS

DONE

UAC: Invite

SRV: 180

DHT: Data

UAS: 180

UAS: 100, Server: 100

PENDING_DHT PENDING_SRV

SRV: 404,Timeout SRV DHT

DHT: Data, Error,Timeout SRV DHT

SRV: 180,Timeout SRV_UAS

SRV: 180, Timeout

Server: 100, DHT: Error

SRV: 100


Related Work

P2PSIP Secure Overlay Services (SOS) Resilient Overlay Networks (RON) Skype CoDNS


Overview Tesbed

PC #1 (Windows) PC #2 (SuSE 10.1)

Wengo SIP Phone

CoSIP Proxy

kphone

CoSIP Proxy

SIP SIP

DHT


OpenDHT

OpenDHT = Bamboo running on PlanetLab publicly accessible

put get remove


CoSIP Implementation: Overview

Threading for transport of SIP messages

and communication with the DHT

Event-based processing of

SIP messages

DHT messages

Timeouts

Events are processed

FIFO

Programming language Python

Platform independent

(CoSIP tested with Linux / Windows)

Code size ca. 5 kLoC

Transport to UA, server and DHT

CoSIP proxy

UAC Repository

UAC

Session Repository

Register Session

Invite SessionInvite SessionInvite Session

UAC

Session Repository

Register Session

Invite SessionInvite SessionInvite Session

Event Queue

UAC

Session Repository

REGISTER Session

Invite SessionInvite SessionINVITE Session

REGISTER Session

Timer Srv Registr.

Timer DHT Registr.

DHT Registrator

INVITE Session

Timer Resolver

Timer UAS

DHT Resolver

SIP Parser


SIP UA running with CoSIP Proxy in the background


Evaluation – Recovery from Service Interruption

0

0,05

0,1

0,15

0,2

0,25

0 100 200 300 400 500

Versuchslaufzeit [s]

An

two

rtze

it [

s]

Antwortzeit UAS

Durchschnitt mit Server

Durchschnitt ohne Server

SIP Serverausfall


Evaluation (VI)

0

0,02

0,04

0,06

0,08

0,1

0,12

0,14

2 4 6 8 10 12 14

Anzahl Knoten

An

two

rtze

it [

s]

Antwortzeit

Abschätzung

chair for computer networks & internet wilhelm-schickard-institute for computer science...

Documents

cooperative sip infrastructure

sip reliability

sip ua

p2p network sip infrastructure

open p2psip networks

p2p slide

peer p2p networks

infrastructure use