Real Time CommunicationsProtocols and Applications

Tyler JohnsonActing Director

Telecommunications R&D

Full Service VVoIP Architecture

GatewayFarm

GatekeeperCluster

MCUFarm

MessagingServers

PSTNTrunks

H.323 FABRIC

Endpoints

Services

Embedded, Distributed,Load BalancingNT / Unix / VxWorks

Embedded, Distributed,Load BalancingNT / Unix / VxWorks

Embedded, Distributed,Load BalancingNT / Unix / VxWorks

Win2000Cluster

Management Server (Directory Services)

Unix

What is RTC ?

• Voice

• Video

• Instant Messaging

• Presence

• Data Collaboration

• Any network, any device

H.323 Protocol Stack

Physical Layer

Link Layer

Network Layer (IP)

UDP TCP

RTP

G.711

G.728

H.261

H.263

RTCP RAS H.225 H.245 T.120

Audio Video Terminal Control and Management Data

Audio Codecs

• ITU G.7x series– G.711 64 kbs PCM

(only required codec)– G.723– G.728

• Transcoded in gateways– but why ??

Physical Layer

Link Layer

Network Layer (IP)

UDP TCP

RTP

G.711

G.728

H.261

H.263

RTCP RAS H.225 H.245 T.120

Audio Video Terminal Control and Management Data

Video Codecs

• ITU H.26x series codecs– H.261 (most common)– H.263

• DCT-based algorithms• Typical speeds (-64kbs

audio)

– 384 kbs– 768 kbs– 1536 kbs– 1920 kbs

Physical Layer

Link Layer

Network Layer (IP)

UDP TCP

RTP

G.711

G.728

H.261

H.263

RTCP RAS H.225 H.245 T.120

Audio Video Terminal Control and Management Data

RTP / RTCP

• Real-time Transport Protocol– Time stamps in packets

allows stream re-assembly

• Real-time Control Protocol– Feedback channel to RTP

server

• UDP for media streams

Physical Layer

Link Layer

Network Layer (IP)

UDP TCP

RTP

G.711

G.728

H.261

H.263

RTCP RAS H.225 H.245 T.120

Audio Video Terminal Control and Management Data

H.245

• Media Control

• Capabilities Exchange– Handshake to determine supported codecs

Physical Layer

Link Layer

Network Layer (IP)

UDP TCP

RTP

G.711

G.728

H.261

H.263

RTCP RAS H.225 H.245 T.120

Audio Video Terminal Control and Management Data

RAS

• Registration, Admission and Status• Registers endpoint with gatekeeper• Version 2.0

– h323-ID– dialedDigits– URL-ID– transportID– email-ID– partyNumber– mobileUIM

Physical Layer

Link Layer

Network Layer (IP)

UDP TCP

RTP

G.711

G.728

H.261

H.263

RTCP RAS H.225 H.245 T.120

Audio Video Terminal Control and Management Data

H.225

• Call control– Initiate– Setup– Tear down

• Derived from Q.931– ASN.1 coding in

payload

Physical Layer

Link Layer

Network Layer (IP)

UDP TCP

RTP

G.711

G.728

H.261

H.263

RTCP RAS H.225 H.245 T.120

Audio Video Terminal Control and Management Data

T.120

• Data Collaboration– Screen scraping

(limited bit depth)– Shared Mouse

• De facto NetMeeting• T.120 server to scale

up• Dissatisfaction• Out of band D/C

Physical Layer

Link Layer

Network Layer (IP)

UDP TCP

RTP

G.711

G.728

H.261

H.263

RTCP RAS H.225 H.245 T.120

Audio Video Terminal Control and Management Data

For Decision in 2000

• Annex C “H.323 on ATM”

• Annex D “FAX over H.323”

• Annex E “Multiplexed Call Signaling Transport”

• Annex F “Simple Endpoint Type”

• Annex G “Text Conversation and Text Set”

• Annex H “User and Service Mobility”

• Annex I “Terminal Mobility”

• Annex J “Security for SET”

• Annex K “HTTP based Service Control”

• Annex L “Stimulus Signaling”

• Annex M.1 and M.2 “Tunneling of QSIG and ISUP“

• Annex O “H.323 URL”

H . 3 2 3

H.323 AnnexesH.323 Annexes

H.450 Supplementary Services

• H.450.1: ‘Creation Environment’

• H.450.2– Blind call transfer– Consultation

• H.450.3– Forward– Activation /

Deactivation– Interrogation

• H.450.4– Call Hold

• H.450.5– Call Park / Pickup

• H.450.6– Call Waiting

• H.450.7– Message Waiting

H.323 URL

• Annex O

• Editor: Orit Levin, RADVision

• Form h323:johndoe@radvision.com

• Enables clickable dialing

• Eliminates dial plan routing issues

• Will be the primary served object for white pages

Security

• H.235 Security and Encryption– Annex D

• UserID / password pair• Hop by hop authentication

– Annex E• PKI• Endpoint to endpoint authentication

– Requires both gatekeeper and endpoint support

In-Zone Dialing

EP1 EP2

GK1

EP1 dials 3333

2222 3333

GK1 establishes call to EP2

Media streams flow between endpoints

Call control flows through gatekeeper

Inter-Gatekeeper Communication

EP1 EP2

GK1 GK2

EP1 dials 3333

2222 3333

GK1 LRQs to GK2 for EP2GK2 establishes call to EP2

Dialing With DNS

EP1 EP2

GK1 GK2

DNS

EP1 dials ep2@gk2.domainDNS lookup on gk2.domainDNS returns IP of GK2GK1 calls GK2 for EP2GK2 connects EP2

2222 3333

ENUM (IETF)

EP1 EP2

GK1 GK2

DNS w/ENUM

2222 3333

EP1 dials 3333ENUM lookup 3333ENUM returns h323:ep2@gk2.domainDNS lookup on gk2.domainDNS returns IP of GK2GK1 calls GK2 for EP2GK2 connects EP2

Location Services

• Location of endpoints is a general problem

• Not limited to RTC

• Each endpoint is a server, different than client server model

• NAT issues

• P2P is another approach

How Does SIP Differ ?

• SIP handles only location, authentication and call initiation

• Not only media neutral, but application neutral

• Very extensible, but creates interoperability problems

• Ratified by IETF

• Primary direction of RTC services

Network Analysis

What is the problem?

• Artifacts are often observed in video or voice applications, but it is generally not clear whether the cause is in the protocol (i.e. application) or in the network

• Artifacts are gone before network or protocol engineers can examine problem

• Difficult to deploy test equipment to myriad geographically disparate sites

• Will this link work for the application before I deploy equipment?

• Most measurement tools are snapshots, and do not emulate media streams, thus missing important events.

Testing Advanced Networks10 minute 384kbs simulated conference

SURFNet (Netherlands) CUDI (Mexico)

Scouting Out ProblemsPublic Health Outreach Project

• Remote Health Clinic connected back to Internet2 via xDSL

• Original diagnosis was h.323 problem

• ISP refused problem ownership until presented with test results

Tulane <>LANet SimulationLouisiana Statewide T1

Network

Security Issues for RTC

E2M Security

• Pros– Ensures nobody steals

service provider’s resources– Ensures you pay your bill

• Cons– Doesn’t all you to access

resources in other realms– Doesn’t provide caller ID– Doesn’t recognize true

people to people nature of application

Call Server

E2E Security

• Pros– Confirms your identity to

the called party– Works across realms

• Cons– Requires common

authentication across reams

– Other applications don’t use this approach

– Administrative cost to identity verification

Incoming Call From:

Dr. Thomas GrayRadiology

<OK> Duke University<OK> Internet2

Call Server

How Does Federation Help

• E2E security features• Still implement your own authentication methods• Recognizes the world is a messy place

Call Server

Incoming Call From:

Dr. Thomas GrayRadiology

<OK> Duke University<OK> Internet2

Duke UNC

Internet2

Federation

Provider A Provider B

FCC

Federation

This Changes Everything

• Access to many service providers• Not necessarily required to pre-establish accounts• Call signaling and networks can be un-secured

Incoming Call From:Sarah McAllister

<OK> VISA 123456<OK> Provider A<OK> FCC

DukeHospital

UNCHospital

Federation

Provider A Provider B

FCC

Federation

MCUProvider

VoIPProvider

VoIPProvider

PTAFundraiser

Directory Enabled RTC

Using H.350

Directory Services

• Directories are a key enabler of video teleconferencing. Essentially not useful without.

• Directories are a key management tool for tracking and supporting users

• Directory can be a portal for related information e.g. account requests, support, user information updates, etc.

• Canonical data source is essential for scalability

H.350 Architecture Components

Endpoints What end user has

• H.323 Terminals:– Desktop videoconferencing (VCON,

Viavideo, etc)– Room videoconferencing (Polycom,

Tandberg, etc)– Multi-point control unit (MCU)

• SIP User Agents:– IP Telephony– Desktop (Messenger, CGU client…)

Call Servers - Management

• H.323 Gatekeeper

• SIP Proxy

• Both have lists of users, do call routing, enforce usage policies, do logging for any billing….

Enterprise Directory

• Central stores of information about people associated with an institution

• Authoritative (eg: Human Resources, Registrar; Telecommunications)

• ONE consolidated list – identities resolved (SSN!)• Benefits:

– Correct and current– Single location to disable account– Single location to reset password

• Video/VoIP manager – reinvent this wheel?

H.350 Directory

• Standardized LDAP schema that represents application-specific information for multimedia including these protocols:– SIP– H.323– H.235– H.320– Non-standard (eg: Access Grid, VRVS, MPEG2).

• Designed to require minimal changes to the enterprise directory.

H.350 Directory OrganizationcommObject commUniqueId commOwner commPrivateh323Identity h323IdentityGKDomain h323Identityh323-ID h323IdentitydialedDigits h323Identityemail-ID

…… h323IdentityEndPointTyper h323IdentityServiceLevelh235Identity h235IdentityUid h323IdentityPassword userCertificate

Enterprise DirectoryinetOrgPerson name (dn) address telephone email organization organizational unit commURIRFC 1274 userPassword

White Pages

• Look up person – find video/voip address• Standardized – works with multiple vendors’

hardware and software• Makes “Directory of Directories” searching

possible (a global multimedia directory)• Supports ‘clickable’ dialing• Prototype/Testbed H.350 directory

– https://videnet.unc.edu

Endpoints Implementing H.350 can…

• Based on EndpointID, email address, etc., lookup correct configuration information and load it. - Solves big user support issue!

• No matter what protocol or brand, necessary data can be managed in an organized way.

• Do white pages search via LDAP protocol – receive answers; ‘click to dial’ if supported.

Endpoints supporting H.235 can…

• User/Endpoint Validation– Do enterprise authentication– Obtain videoconferencing credentials– Use VC credentials to obtain CORRECT

configuration– Logging now suitable for usage tracking/billing

Call Servers Implementing H.350 can…

• Pull information from canonical store– Solves manual data entry problems– Can convert canonical to proprietary if needed

on the fly

• Use XIdentityServiceLevel attribute to provide levels of authorization

• Scale up video/voip operations

What problems did we want to solve?

• Use existing identity management (authoritative enterprise directory) – avoid replicating into proprietary directories

• Standardize storage for protocol-specific data to ease updates/migrations; one central store for multiple protocols

• Leverage identity management for reliable multimedia authentication and authorization

Other drivers

• We wanted solution to be implemented by vendors. Therefore, adoption as a standard was necessary

• H.323/SIP already had existing security protocols – use those, without requiring modifications

• Be useful for non-standards based conferencing (MPEG2 / Access Grid / VRVS)

• Evaluate utility of federated administration model for managing videoconferencing/voip

International Telecommunication Union

• The ITU is an inter-governmental organization under the umbrella of the United Nations (www.itu.int)– currently has over 450 members from industry– has more than 2800 Recommendations in force

• Study Group 16– multimedia service definition and multimedia systems, including the

associated terminals, modems, protocols and signal processing. – Multimedia Services, Systems and Terminals– e-business and e-commerce – Selected Recommendations

• H.320• H.323• H.264• H.350

• US Representation through US State Department

Why Standardization Process Was Helpful

• Caused the academic community to be extremely thorough– In terms of accuracy, scope and scenario development– Forced examination of real world implementation hurdles– Important linking between researchers and technologists– Implementation not valued in the computer science community

• Leads to less rigour• Higher education thus abandons its voice• Private industry not shy to speak up, but may not deliver desired results

• Diverse expert input• Thorough review by many eyes• Difficulty getting enterprise acceptance without standardization (i.e. we’ll

munge our own)• Difficulty getting vendor acceptance because each implementation

different• Educational community not a large enough market segment to drive

development• Paves the way for other vendor partnerships

– An interesting alternative to open source