O slideshow foi denunciado.
Seu SlideShare está sendo baixado. ×

Kamailio World 2016: Update your SIP!

Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Carregando em…3
×

Confira estes a seguir

1 de 28 Anúncio

Kamailio World 2016: Update your SIP!

A presentation about new functionality in SIP that is really needed for Hosted PBX services, SIP on mobile phones and more situations. #SIP #Kamailio #Asterisk #TLS #MoreCrypto

A video with this presentation is available on YouTube at
https://www.youtube.com/watch?v=uqFNlqB_Ssw

A presentation about new functionality in SIP that is really needed for Hosted PBX services, SIP on mobile phones and more situations. #SIP #Kamailio #Asterisk #TLS #MoreCrypto

A video with this presentation is available on YouTube at
https://www.youtube.com/watch?v=uqFNlqB_Ssw

Anúncio
Anúncio

Mais Conteúdo rRelacionado

Diapositivos para si (20)

Quem viu também gostou (20)

Anúncio

Semelhante a Kamailio World 2016: Update your SIP! (20)

Mais de Olle E Johansson (16)

Anúncio

Mais recentes (20)

Kamailio World 2016: Update your SIP!

  1. 1. UPDATE YOUR SIP! Olle E. Johansson @oej oej@edvina.net yum update SIP-2.0 Kamailio World Berlin, May 2016
  2. 2. © Copyright 2016 Edvina AB, Sollentuna , Sweden. All rights reserved. SIP :: FIRSTTEN
 YEARS UDP - connectionless Used in-house onVLANs Used only for ISDN on IP SIP replaced the wire from the PBX to the desktop.
  3. 3. © Copyright 2016 Edvina AB, Sollentuna , Sweden. All rights reserved. SIP :: NOW UDP - connectionless Used in-house onVLANs Used only for ISDN on IP Connections:TLS and WSS SIP trunks over Internet Some Chat, presence
  4. 4. © Copyright 2016 Edvina AB, Sollentuna , Sweden. All rights reserved. NEW ENVIRONMENTS, 
 NEW CHALLENGES SIP + WebRTC SIP + 4G data Hosted PBX services
 over Internet
  5. 5. © Copyright 2016 Edvina AB, Sollentuna , Sweden. All rights reserved. NEW USE-CASES SIP for live radio broadcasts SIP for air traffic control SIP for TV broadcast coordination
  6. 6. HOSTED PBX CHALLENGES NAT Firewalls and application level gateways Coming up: Dual stack networks SIP clients on mobile networks - ouch UDP tough through firewalls Optimal media routing Hosted PBX services
 over Internet
  7. 7. SIP + WEBRTC RTP/SAVPF - What’s that? Very large SDP’s break UDP (fragmentation pain) The connection is the “login” status Was this really a good idea from the start? SIP + WebRTC
  8. 8. SIP OVER MOBILE NETWORKS The network wants to limit sessions (IP flows) How do we receive incoming calls? Carrier Grade NATs are as evil as common NAT The connection (TCP/TLS) is the “login” SIP + 4G data
  9. 9. © Copyright 2016 Edvina AB, Sollentuna , Sweden. All rights reserved. SOLUTION #1: OUTBOUND SIP client/server
 (phone) SIP server Incoming call Reuse the same connection, managed by the client! REGISTER INVITE As long as we have at least one connection, the UA is ”online” and available. Supported by Kamailio
  10. 10. OUTBOUND …ISSUES Customer’s doesn’t see the need (OEJ: yet…) They have implemented non-RFC-compliant connection reuse Kamailio have had it for a very long time We need to standardize half-simple-outbound in the IETF
  11. 11. © Copyright 2016 Edvina AB, Sollentuna , Sweden. All rights reserved. SOLUTION #2: ICE SIP NATted network NATted network Alice Bob Cecilia SIP Media relay Turn Always finds the best media path
  12. 12. ICE:WAITING FORTHE BEST Setting up a media flow takes time Developer’s doesn’t use the tricks with early media setup Trickle ICE is a good way forward - but how to do that in SIP is still a bit unclear Use fast ICE setup with early media, restart full ICE at 200 OK and rerun during the call. Don’t be afraid to move media.
  13. 13. © Copyright 2016 Edvina AB, Sollentuna , Sweden. All rights reserved. SOLUTION #3: OPUS Always finds and use the best media capabilities
  14. 14. OPUS: NOT ALL IS GOLDTHAT GLIMMERS ISDN-style media layers doesn’t handle Opus Locking Opus to ONE mode with no dynamic changes Not using RTCP feedback at all, not sending RTCP This is not a good solution
  15. 15. © Copyright 2016 Edvina AB, Sollentuna , Sweden. All rights reserved. SOLUTION #4:TLS AND SRTP #MoreCrypto Server Network Link Application Client Identity check Algorithm agreement Key Set up Encryption of data Certificate validation
  16. 16. TLS ::VERY FEW DO IT RIGHT TLS from a phone to a SIP server requires connection reuse ONLY Defined in SIP OUTBOUND Which developers doesn’t like So how do we solve this? (bring the wine, and let’s discuss) #MoreCrypto
  17. 17. SRTP :: EXCHANGING KEYS Legacy devices send keys in the SIP message. In clear text. When was that a good idea? WebRTC started the move to DTLS key exchange in the media plane May be problematic for old devices Long calls, reinvites - some interoperability issues #MoreCrypto
  18. 18. KAMAILIO IN A 
 CONNECTED SIP WORLD Kamailio has improved a lot! Connections are in focus now Connection ID per non-UDP connection Events when connections close Unregister when connections close Websockets,TLS,TCP - ready to rock in a Kamailio in your network now!
  19. 19. SUMMARY: Require support for SIP Outbound Require support for TLS and SRTP/DTLS key exchange Require support for Opus - with full feedback and dynamic properties Support our work in the IETF Where are the desktop phones?
  20. 20. NEW SIP STUFF
 COMING FROMTHE IETF ANDTHE SIP FORUM
  21. 21. STIR: IMPROVED IDENTITIES Another try at securing the identity Started by pressure from FCC Hopefully can bootstrap secure Caller IDs in PSTN situations Hopefully can bootstrap secure SIP IDs
  22. 22. SIPCORE: FINDING EACH OTHER IN DUAL STACKS First step of Happy Eyeballs for SIP Draft in WGLC Change the “OR “ to an “AND” Advice on DNS SRV support for dual stack usage
  23. 23. SIPCORE: HAPPY EARDRUMS Setting up sessions in dual stack environments TCP,WSS, SCTP - No worries, use Happy Eyeballs UDP: It’s complicated Still under discussion Implementations underway, it’s real now.
  24. 24. STRONGER AUTHENTICATION First idea: Replace MD5 with SHAxxx Dead end, abandoned Second idea: Use OAUTH Right now: Confusion - where do we boldly go now? Defining the PROBLEM
  25. 25. SIPCONNECT 2.0 Soon in WGLC Adds TLS Adds IPv6 Kamailio still lacks GIN support Client connection reuse
  26. 26. KAMAILIOTODO: Improve TLS validation of connections Add support for GIN - bulk registrations for phone numbers to be SIP Connect 1.0 and 2.0 compatible (both as a UA and a server) Start working on dual stack issues - connection setup with happy eyeballs IPv6 source address selection is incomplete
  27. 27. © Copyright 2016 Edvina AB, Sollentuna , Sweden. All rights reserved. WORKFLOW PROPOSAL 5.0 planning over beer and/or wine Hacking, hacking, hacking The “oh, no” moment Back to step 1
  28. 28. SIPIT 31: SEPT 12-16 IOL Labs, Durham, New Hampshire, USA - www.sipit.net Five days of great
 SIP testing. Learning more. Solving problems. IETF 96 BERLIN Berlin, Germany, July 17-22 2016 Five days of standard discussions, brainstorming and bar-BOFs Twitter @oej See you there!

×