sip over an identifier/locator splitted next generation internet architecture christian esteve...
Post on 21-Dec-2015
219 views
TRANSCRIPT
SIP over an Identifier/Locator splittedNext Generation Internet architecture
Christian Esteve Rothenberg, Walter Wong, Fábio L. Verdi, Maurício F. Magalhães
School of Electrical and Computer Engineering (FEEC)State University of Campinas (UNICAMP), Brazil
ICACT08Phoenix Park, South Korea, 18/02/2008
Introduction
• Current Internet architecture presents some limitations to the natural deployment of new services:– Mobility/Multi-homing– Network heterogeneity– Embedded Security
• Existing applications like SIP demand security, mobility support, and operation over IPv4 and IPv6.
Many SIP add-ons: ALG, SBC, TLS , SRTP, S/MIME,etc.
“Patches” approach: NAT, IPSec, Mobile IP,etc.
18/02/2008 2ICACT08
Introduction• Main issue: IP semantic overload
– Transport layer: IP is an identifier (naming)– Network layer: IP is a locator (addressing)
• Consequences– Lack of a stable identifier for
end-to-end communication– Mobility/Multihoming– Heterogeneity– Security
• Solution – Identifier/locator separation
• HIP, IETF RRG LISP, NodeID
Host Identifier
IPv4 IPv6
ID
TCP
UDP
SCTP
RTPRTP
SIPSIP SDPSDPDNSDNSHTTPHTTP
EthernetEthernet
ATMATM
SONETSONETWLANWLAN
Network locator
Network technology
Legacyapplications
……
……
IP
18/02/20083
ICACT08
IP
Introduction
Identifier/locator separation• Introduction of an identification layer between the network
and transport layers (as in HIP)• Identifiers are 32-bit (128-bit in IPv6) flat (topology-free),
persistent and unique node IDs
IdentifierIdentifier
locator
ApplicationApplication
Dynamic binding
socketsocket
ApplicationApplication
locator
socketsocket
locatorlocatorlocatorlocatorlocator
Static binding
<IP:port>src
<IP:port>des
Protocol
<ID:port>src
<ID:port>dest
Protocol
IP = 10.1.1.1IP = 10.1.1.2 IP = 10.1.1.1IP = 10.1.1.2IP = 10.1.2.318/02/2008 4ICACT08
Next Generation Internet Architecture Proposal• Originally inspired by the NodeID architecture
– Global, flat, cryptographic node Identifiers (as in HIP)– Host FQDN assumed
• Extended with Domain IDs (DID)– Scalability (!)
• Routing on flat IDs (DID/NID)– Different to HIP (!)
Background
18/02/2008 5ICACT08
Contribution
Functionalities of our NGI Framework 1:• Name Resolution• Mobility• Multi-homing• Flat Routing• Security• Heterogeneity• Legacy Applications Support
Internal modules
Network
Routing PeerCache
Flat routing
Filter DNSHandler
Legacy appl. support
DHCPDNSDHT RVSExternal Modules
Mobility
RVS ClientGw Msg Srv
DHT Client
DHCP Client
Control plane
Security Mgr
SecurityPacketHandler
IDMapper
Identification layerSecurity
DB
How can an existing application like e.g., SIP operate with and benefit from our NGI Architecture?
How can an existing application like e.g., SIP operate with and benefit from our NGI Architecture?
1 W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, "A Framework for Mobility and Flat Addressing in Heterogeneous Domains", In 25º Brazilian Symposium of Computer Networks and Distributed Systems, SBRC 2007.
18/02/2008 6ICACT08
Scenario under evaluation
18/02/2008 7ICACT08
DR
DR
(1)(2)
RVS
RVS
DHT
DHT
DHTInternet
Core (IPv4)
Domain1atlanta.com
(3)
(4)
(5)
P1
DNS
Domain2biloxi.com
P2
FQDN1 (hostname1.sth.atlanta.com)NID1 (32-bit)UA1 (sip:[email protected])
FQDN1 (hostname1.sth.atlanta.com)NID1 (32-bit)UA1 (sip:[email protected])
UA2 (sip:[email protected])NID2 (32-bit)FQDN2 (hostname2.sth.biloxi.com)
UA2 (sip:[email protected])NID2 (32-bit)FQDN2 (hostname2.sth.biloxi.com)
INVITE sip:[email protected]: sip:[email protected]: sip:[email protected]: FQDN1o= FQDN1c= NID1 …
INVITE sip:[email protected]: sip:[email protected]: sip:[email protected]: FQDN1o= FQDN1c= NID1 …
sip_proxy1.atlanta.com
sip_proxy2.biloxi.com
DNS
NID (32 / 128 bits) Locator
PublicKey
Node Identity
FQDN
Hash()Network Address(IPv4 / IPv6)
localglobal, unique
user
domain
@
Resolution()
PrivateKey
SIP URI
Transparent namingHostnames• FQDN can be assumed as global
name space for all hosts– Enabled by the unique and
global-scope NIDs• SIP RFC 3261 RECOMMENDS
use of FQDN form names Name resolution• SIP UA DNS requests (gethostbyname(), SIP SRV) intercepted • NIDs returned to the SIP application as typical IP addreses.Transparent architecture features• The architecture handles the dynamic locator binding,
security associations, flat routing, etc.
Filter DNSHandler
Legacy appl. support
SecurityPacketHandler
IDMapper
Identification layerSecurity
DB
Routing PeerCache
Flat routing
18/02/2008 8ICACT08
Transparency
IPIP UDPUDP PayloadPayloadIPIP UDP Payload
PayloadNIHNIH
UDPIP
PayloadNIHNIH
PayloadNetwork
Legacy SIP & RTP packets
NID Header
Source address = source NIDDestination address = dest NID
Source address = source NIDDestination address = dest NID
Src <NID, DID>Dst <NID, DID>Src <NID, DID>Dst <NID, DID>
18/02/2008 9ICACT08
Security
• Embedded on the identification layer (HIP-like)– NIDs are cryptographic hashes of public keys– Enables nodes to self-claim their identities– Authentication based on public key infrastructure (PKI)
• Provides single secure channel between peers– For all communications, all applications
A B
HDR, CERT, nonce
HDR, {CERT, DHB, nonce}, sig
HDR, {DHA}, sig.
18/02/2008 10ICACT08
• Periodic locator updates in the Rendezvous Server• Mobility event transparent to applications (SIP clients)• TCP connections survived network reconfigurations• RTP stream “seamless” recovered
Mobility
10 experiments, with RVS Update every 3s and G.729 (20ms) coded RTP payload.
W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, “An Architecture for Mobility Support in a Next Generation Internet”, In IEEE 22nd International Conference on Advanced Information Networking and Applications (AINA), Japan, March 2008
W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, “An Architecture for Mobility Support in a Next Generation Internet”, In IEEE 22nd International Conference on Advanced Information Networking and Applications (AINA), Japan, March 2008
18/02/2008 11ICACT08
Performance
• Signaling overhead– Extra interactions required– SIP session establishment
time difference negligible in our testbed environment
• VoIP bandwidth overhead– Comparable to other
security schemes– Header compression
possible
18/02/2008 12ICACT08
ID H
E S P /A H
ID H
E S P /A H
ID HID H
E S P /A H
Related Work
• Next Generation Internet architectures– FARA, i3, TRIAD, ROFL, DONA– Node Identity Internetworking Architecture (NodeID),
draft-schuetz-nid-arch-00, Sep. 07 • ID/Loc separation
– HIP, IETF RRG (LISP, NERD, etc.)– ITU-T, “Separation of IP into identifier and locator in NGN”,
Draft Recommendation Y.ipsplit, Jan. 07• Interactions of HIP with SIP
– P2PSIP, SHIP, draft-tschofenig-hiprg-host-identities, Jun. 07
18/02/2008 13ICACT08
Future Work• DID/NID flat routing approach
– Scalability – Domain mobility (Submitted paper)
• Security model (HIP inspired)– Comparison to related work on security (Paper in progress)
• Enhanced name resolution mechanims (DHT-based)– DID router resolution in the Internet Core
• Extend our framework towards a data-oriented / content-centric paradigm
18/02/2008 14ICACT08
Conclusion• Framework to instantiate NGI proposals• ID/Loc separation implementable
– Validated the claim of existing application support– Contribution towards a Next Generation Internet arch.
• Benefits from ID/Loc adoption:– Native network mobility support
• Transparent to applications– Native security based on the identification layer
• E2E single secure channel– Operation over heterogeneous realms (IPv4/IPv6)
• Affordable overhead (signaling, BW, computation)
18/02/2008 15ICACT08
References• J. F. Shoch, "Inter-Network Naming, Addressing, and Routing." In Proceedings of IEEE COMPCON,
Fall, 1979.• J. Chiappa, "Endpoints and Endpoint Names: A Proposed Enhancement to the Internet
Architecture", [Online]. Available: http://users.exis.net/~jnc/tech/endpoints.txt, 1999.• R. Jain, “Internet 3.0: Ten Problems with Current Internet Architecture and Solutions for the Next
Generation,” Military Communications Conference MILCOM, Washington, DC, October 23-25, 2006.
• I. Stoica, D. Adkins, S. Zhuang, S. Shenker and S. Surana, "Internet Indirection Infrastructure," In Proceedings of SIGCOMM 2002.
• M. Caesar, K. Lakshminarayana and et al. “ROFL: Routing on Flat Labels”. In Proceedings of SIGCOMM 2006.
• B. Ahlgren, J. Arkko, L. Eggert and J. Rajahalme. “A Node Identity Internetworking Architecture”. In Proceedings of the IEEE INFOCOM 2006 Global Internet Workshop, Spain, 2006.
• P. Nikander. "Implications of Identifier / Locator Split", Helsinki University of Technology (TKK) NETS 1a morning coffee, Dec. 2004. D. Farinacci et al. “Locator/ID Separation Protocol (LISP)”. IETF Draft, draft-farinacci-lisp-02 (work in progress), July 2007.
• ITU-T, “Separation of IP into identifier and locator in NGN”, Draft Recommendation Y.ipsplit, Beijing, China, 8-12 January 2007.
18/02/2008 18ICACT08
References• S. Schuetz, R. Winter, L. Burness, P. Eardley and B. Ahlgren, "Node Identity Internetworking
Architecture", IETF Internet-Draft draft-schuetz-nid-arch-00 (work in progress), September 2007. • W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, "A Framework for
Mobility and Flat Addressing in Heterogeneous Domains", In 25º Brazilian Symposium of Computer Networks and Distributed Systems 2007, SBRC 2007, Brazil May 2007.
• W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, “An Architecture for Mobility Support in a Next Generation Internet”, In IEEE 22nd International Conference on Advanced Information Networking and Applications (AINA), Japan, March 2008
• J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002
• R. Moskowitz and P. Nikander, "Host Identity Protocol (HIP) Architecture", RFC 4423, May 2006. • B. Ahlgren, L. Eggert, B. Ohlman, J. Rajahalme, and A. Schieder, “Names, addresses and identities
in ambient networks”. 1st ACM Workshop on Dynamic interconnection of Networks, September 2005
• J. Rosenberg and H. Schulzrinne, "Session Initiation Protocol (SIP): Locating SIP Servers", RFC 3263, June 2002.
• M. Handley, V. Jacobson and C. Perkins, "SDP: Session Description Protocol", RFC 4566, July 2006.
18/02/2008 19ICACT08
References• J. Y. H. So, J. Wang, and D. Jones, "SHIP Mobility Management Hybrid SIP-HIP Scheme," In
Proceedings of Sixth SNPD/SAWN International Conference, USA, 2005.• H. Tschofenig, J. Ott, H. Schulzrinne, T.Henderson, and G. Camarillo, "Interaction between
SIP and HIP", draft-tschofenig-hiprg-host-identities (work in process), Internet-Draft, IETF, June 2007
• D. Geneiatakis et al. "Survey of Security Vulnerabilities in Session Initiation Protocol", IEEE Communications Surveys and Tutorials, vol. 8 (3), IEEE Press, 2006, pp. 68–81.
• H. Schulzrinne and E. Wedlund, “Application Layer Mobility using SIP”, ACM Mobile Computing and Communications Review, vol. 4,, July 2000.
• D. Le, X. Fu and D. Hogrefe, “A Review of Mobility Support Paradigms for the Internet”, IEEE Communications Surveys and Tutorials, Jan 2006.
• A. Botta, A. Dainotti and A. Pescapè, "Multi-protocol and multi-platform traffic generation and measurement", INFOCOM 2007 DEMO Session, May 2007, Anchorage (Alaska, USA).
• Open SIP Express Router, [Online]. Available: http://www.openser.org/• SIPp, traffic generator, [Online]. Available
18/02/2008 20ICACT08