real time communications protocols and applications tyler johnson acting director telecommunications...
TRANSCRIPT
Real Time CommunicationsProtocols and Applications
Tyler JohnsonActing Director
Telecommunications R&D
Full Service VVoIP Architecture
GatewayFarm
GatekeeperCluster
MCUFarm
MessagingServers
PSTNTrunks
H.323 FABRIC
Endpoints
Services
Embedded, Distributed,Load BalancingNT / Unix / VxWorks
Embedded, Distributed,Load BalancingNT / Unix / VxWorks
Embedded, Distributed,Load BalancingNT / Unix / VxWorks
Win2000Cluster
Management Server (Directory Services)
Unix
What is RTC ?
• Voice
• Video
• Instant Messaging
• Presence
• Data Collaboration
• Any network, any device
H.323 Protocol Stack
Physical Layer
Link Layer
Network Layer (IP)
UDP TCP
RTP
G.711
G.728
H.261
H.263
RTCP RAS H.225 H.245 T.120
Audio Video Terminal Control and Management Data
Audio Codecs
• ITU G.7x series– G.711 64 kbs PCM
(only required codec)– G.723– G.728
• Transcoded in gateways– but why ??
Physical Layer
Link Layer
Network Layer (IP)
UDP TCP
RTP
G.711
G.728
H.261
H.263
RTCP RAS H.225 H.245 T.120
Audio Video Terminal Control and Management Data
Video Codecs
• ITU H.26x series codecs– H.261 (most common)– H.263
• DCT-based algorithms• Typical speeds (-64kbs
audio)
– 384 kbs– 768 kbs– 1536 kbs– 1920 kbs
Physical Layer
Link Layer
Network Layer (IP)
UDP TCP
RTP
G.711
G.728
H.261
H.263
RTCP RAS H.225 H.245 T.120
Audio Video Terminal Control and Management Data
RTP / RTCP
• Real-time Transport Protocol– Time stamps in packets
allows stream re-assembly
• Real-time Control Protocol– Feedback channel to RTP
server
• UDP for media streams
Physical Layer
Link Layer
Network Layer (IP)
UDP TCP
RTP
G.711
G.728
H.261
H.263
RTCP RAS H.225 H.245 T.120
Audio Video Terminal Control and Management Data
H.245
• Media Control
• Capabilities Exchange– Handshake to determine supported codecs
Physical Layer
Link Layer
Network Layer (IP)
UDP TCP
RTP
G.711
G.728
H.261
H.263
RTCP RAS H.225 H.245 T.120
Audio Video Terminal Control and Management Data
RAS
• Registration, Admission and Status• Registers endpoint with gatekeeper• Version 2.0
– h323-ID– dialedDigits– URL-ID– transportID– email-ID– partyNumber– mobileUIM
Physical Layer
Link Layer
Network Layer (IP)
UDP TCP
RTP
G.711
G.728
H.261
H.263
RTCP RAS H.225 H.245 T.120
Audio Video Terminal Control and Management Data
H.225
• Call control– Initiate– Setup– Tear down
• Derived from Q.931– ASN.1 coding in
payload
Physical Layer
Link Layer
Network Layer (IP)
UDP TCP
RTP
G.711
G.728
H.261
H.263
RTCP RAS H.225 H.245 T.120
Audio Video Terminal Control and Management Data
T.120
• Data Collaboration– Screen scraping
(limited bit depth)– Shared Mouse
• De facto NetMeeting• T.120 server to scale
up• Dissatisfaction• Out of band D/C
Physical Layer
Link Layer
Network Layer (IP)
UDP TCP
RTP
G.711
G.728
H.261
H.263
RTCP RAS H.225 H.245 T.120
Audio Video Terminal Control and Management Data
For Decision in 2000
• Annex C “H.323 on ATM”
• Annex D “FAX over H.323”
• Annex E “Multiplexed Call Signaling Transport”
• Annex F “Simple Endpoint Type”
• Annex G “Text Conversation and Text Set”
• Annex H “User and Service Mobility”
• Annex I “Terminal Mobility”
• Annex J “Security for SET”
• Annex K “HTTP based Service Control”
• Annex L “Stimulus Signaling”
• Annex M.1 and M.2 “Tunneling of QSIG and ISUP“
• Annex O “H.323 URL”
H . 3 2 3
H.323 AnnexesH.323 Annexes
H.450 Supplementary Services
• H.450.1: ‘Creation Environment’
• H.450.2– Blind call transfer– Consultation
• H.450.3– Forward– Activation /
Deactivation– Interrogation
• H.450.4– Call Hold
• H.450.5– Call Park / Pickup
• H.450.6– Call Waiting
• H.450.7– Message Waiting
H.323 URL
• Annex O
• Editor: Orit Levin, RADVision
• Form h323:[email protected]
• Enables clickable dialing
• Eliminates dial plan routing issues
• Will be the primary served object for white pages
Security
• H.235 Security and Encryption– Annex D
• UserID / password pair• Hop by hop authentication
– Annex E• PKI• Endpoint to endpoint authentication
– Requires both gatekeeper and endpoint support
In-Zone Dialing
EP1 EP2
GK1
EP1 dials 3333
2222 3333
GK1 establishes call to EP2
Media streams flow between endpoints
Call control flows through gatekeeper
Inter-Gatekeeper Communication
EP1 EP2
GK1 GK2
EP1 dials 3333
2222 3333
GK1 LRQs to GK2 for EP2GK2 establishes call to EP2
Dialing With DNS
EP1 EP2
GK1 GK2
DNS
EP1 dials [email protected] lookup on gk2.domainDNS returns IP of GK2GK1 calls GK2 for EP2GK2 connects EP2
2222 3333
ENUM (IETF)
EP1 EP2
GK1 GK2
DNS w/ENUM
2222 3333
EP1 dials 3333ENUM lookup 3333ENUM returns h323:[email protected] lookup on gk2.domainDNS returns IP of GK2GK1 calls GK2 for EP2GK2 connects EP2
Location Services
• Location of endpoints is a general problem
• Not limited to RTC
• Each endpoint is a server, different than client server model
• NAT issues
• P2P is another approach
How Does SIP Differ ?
• SIP handles only location, authentication and call initiation
• Not only media neutral, but application neutral
• Very extensible, but creates interoperability problems
• Ratified by IETF
• Primary direction of RTC services
What is the problem?
• Artifacts are often observed in video or voice applications, but it is generally not clear whether the cause is in the protocol (i.e. application) or in the network
• Artifacts are gone before network or protocol engineers can examine problem
• Difficult to deploy test equipment to myriad geographically disparate sites
• Will this link work for the application before I deploy equipment?
• Most measurement tools are snapshots, and do not emulate media streams, thus missing important events.
Scouting Out ProblemsPublic Health Outreach Project
• Remote Health Clinic connected back to Internet2 via xDSL
• Original diagnosis was h.323 problem
• ISP refused problem ownership until presented with test results
E2M Security
• Pros– Ensures nobody steals
service provider’s resources– Ensures you pay your bill
• Cons– Doesn’t all you to access
resources in other realms– Doesn’t provide caller ID– Doesn’t recognize true
people to people nature of application
Call Server
E2E Security
• Pros– Confirms your identity to
the called party– Works across realms
• Cons– Requires common
authentication across reams
– Other applications don’t use this approach
– Administrative cost to identity verification
Incoming Call From:
Dr. Thomas GrayRadiology
<OK> Duke University<OK> Internet2
Call Server
How Does Federation Help
• E2E security features• Still implement your own authentication methods• Recognizes the world is a messy place
Call Server
Incoming Call From:
Dr. Thomas GrayRadiology
<OK> Duke University<OK> Internet2
Duke UNC
Internet2
Federation
Provider A Provider B
FCC
Federation
This Changes Everything
• Access to many service providers• Not necessarily required to pre-establish accounts• Call signaling and networks can be un-secured
Incoming Call From:Sarah McAllister
<OK> VISA 123456<OK> Provider A<OK> FCC
DukeHospital
UNCHospital
Federation
Provider A Provider B
FCC
Federation
MCUProvider
VoIPProvider
VoIPProvider
PTAFundraiser
Directory Services
• Directories are a key enabler of video teleconferencing. Essentially not useful without.
• Directories are a key management tool for tracking and supporting users
• Directory can be a portal for related information e.g. account requests, support, user information updates, etc.
• Canonical data source is essential for scalability
Endpoints What end user has
• H.323 Terminals:– Desktop videoconferencing (VCON,
Viavideo, etc)– Room videoconferencing (Polycom,
Tandberg, etc)– Multi-point control unit (MCU)
• SIP User Agents:– IP Telephony– Desktop (Messenger, CGU client…)
Call Servers - Management
• H.323 Gatekeeper
• SIP Proxy
• Both have lists of users, do call routing, enforce usage policies, do logging for any billing….
Enterprise Directory
• Central stores of information about people associated with an institution
• Authoritative (eg: Human Resources, Registrar; Telecommunications)
• ONE consolidated list – identities resolved (SSN!)• Benefits:
– Correct and current– Single location to disable account– Single location to reset password
• Video/VoIP manager – reinvent this wheel?
H.350 Directory
• Standardized LDAP schema that represents application-specific information for multimedia including these protocols:– SIP– H.323– H.235– H.320– Non-standard (eg: Access Grid, VRVS, MPEG2).
• Designed to require minimal changes to the enterprise directory.
H.350 Directory OrganizationcommObject commUniqueId commOwner commPrivateh323Identity h323IdentityGKDomain h323Identityh323-ID h323IdentitydialedDigits h323Identityemail-ID
…… h323IdentityEndPointTyper h323IdentityServiceLevelh235Identity h235IdentityUid h323IdentityPassword userCertificate
Enterprise DirectoryinetOrgPerson name (dn) address telephone email organization organizational unit commURIRFC 1274 userPassword
White Pages
• Look up person – find video/voip address• Standardized – works with multiple vendors’
hardware and software• Makes “Directory of Directories” searching
possible (a global multimedia directory)• Supports ‘clickable’ dialing• Prototype/Testbed H.350 directory
– https://videnet.unc.edu
Endpoints Implementing H.350 can…
• Based on EndpointID, email address, etc., lookup correct configuration information and load it. - Solves big user support issue!
• No matter what protocol or brand, necessary data can be managed in an organized way.
• Do white pages search via LDAP protocol – receive answers; ‘click to dial’ if supported.
Endpoints supporting H.235 can…
• User/Endpoint Validation– Do enterprise authentication– Obtain videoconferencing credentials– Use VC credentials to obtain CORRECT
configuration– Logging now suitable for usage tracking/billing
Call Servers Implementing H.350 can…
• Pull information from canonical store– Solves manual data entry problems– Can convert canonical to proprietary if needed
on the fly
• Use XIdentityServiceLevel attribute to provide levels of authorization
• Scale up video/voip operations
What problems did we want to solve?
• Use existing identity management (authoritative enterprise directory) – avoid replicating into proprietary directories
• Standardize storage for protocol-specific data to ease updates/migrations; one central store for multiple protocols
• Leverage identity management for reliable multimedia authentication and authorization
Other drivers
• We wanted solution to be implemented by vendors. Therefore, adoption as a standard was necessary
• H.323/SIP already had existing security protocols – use those, without requiring modifications
• Be useful for non-standards based conferencing (MPEG2 / Access Grid / VRVS)
• Evaluate utility of federated administration model for managing videoconferencing/voip
International Telecommunication Union
• The ITU is an inter-governmental organization under the umbrella of the United Nations (www.itu.int)– currently has over 450 members from industry– has more than 2800 Recommendations in force
• Study Group 16– multimedia service definition and multimedia systems, including the
associated terminals, modems, protocols and signal processing. – Multimedia Services, Systems and Terminals– e-business and e-commerce – Selected Recommendations
• H.320• H.323• H.264• H.350
• US Representation through US State Department
Why Standardization Process Was Helpful
• Caused the academic community to be extremely thorough– In terms of accuracy, scope and scenario development– Forced examination of real world implementation hurdles– Important linking between researchers and technologists– Implementation not valued in the computer science community
• Leads to less rigour• Higher education thus abandons its voice• Private industry not shy to speak up, but may not deliver desired results
• Diverse expert input• Thorough review by many eyes• Difficulty getting enterprise acceptance without standardization (i.e. we’ll
munge our own)• Difficulty getting vendor acceptance because each implementation
different• Educational community not a large enough market segment to drive
development• Paves the way for other vendor partnerships
– An interesting alternative to open source