Multimedia networking Voice/data integration

(1)

Presentation_ID 1

1 Multimedia networking

Voice/data integration

ULg VoIP

3 Agenda

 

‘XXth Century’ voice = Analog thenTime Division Multiplexing (TDM)

 

‘XXIst Century’ voice

packetization

Quality of service

Signalling

Issues with NAT

Security

(2)

5 Loop

(Local or Station)

+

48v

–

Station

PBX or Central Office

Loop Start Signaling

T

R

On-hook,

open loop

BELL

+

–

DC Current

48v

Off-hook,

close loop

BELL

+

–

Ringing

BELL !!

48v

BELL

Ring on-hook

Ans off-hook

Echo in Voice Networks

Delay in

the network

Listener Echo

Talker

Listener

Talker Echo

(3)

ULg VoIP

7 Echo Loss

(dB)

Echo Path Delay

(ms)

Echo Is Unnoticeable

Echo Is Always Present

~20

~200

- 10

- 50

Echo Is a Problem

High Loss

Low Loss

ULg VoIP

8 Speech and

the Telephone Network

300Hz

_4kHz

_16kHz

Po

w

er

/ V

o

lu

m

e

Frequency / Pitch

Human Ear

Response

Telephone

Network

3700Hz voice bandwidth

3400Hz

(4)

ULg VoIP

9 Mean Opinion Score

Source

Impairment

Codec ‘X’

Channel Simulation

“Nowadays, a chicken leg is

a rare dish”

1 2 3 4 5

Rating

Speech Quality

Level of Distortion

5 Excellent

Imperceptible

4 Good

Just perceptible but not annoying

3 Fair

Perceptible and slightly annoying

2 Poor

Annoying but not objectionable

1 Unsatisfactory

Very annoying and objectionable

MOS of 4.0 = Toll Quality

Agenda

 

‘XX Century’ voice

 

‘XXI Century’ voice

packetization

Quality of service

Signalling

Issues with NAT

Security

(5)

ULg VoIP

12 IP Phones

 

QoS in phones - standard 802.1p/q

 

Integrated Ethernet switching

 

Easy access to new world features

IPv6

GigaEthernet

Video

IEEE 802.1x

ULg VoIP

13 Inline Power: IEEE 802.3AF

10/100 Ethernet without Inline Power

 

IP phone are power hungry and you do not want to have a 220V power

cable

(6)

ULg VoIP

14 Agenda

 

‘XXth Century’ voice

 

‘XXIst Century’ voice

Packetization

Quality of service

Signalling

Issues with NAT

Security

Sampling

Stage

Analogueue

Audio

Source

Pulse Code Modulation—Nyquist Theorem

1 sample = 8 bits;

8000 samples/sec = 64,000

bit/s

Analogue to Digital Voice

(7)

ULg VoIP

16 Speech Compression Techniques

Overview

Waveform Coding

•  PCM

Differential Waveform Coding

•  DPCM, ADPCM

Source algorithms

•  Generic CELP, CSA-CELP

ULg VoIP

17

5

4

3

2

1

2

4

8

16

32

64 Kbps

Su

b

je

cti

ve

Q

u

al

ity

(MO

S)

Hybrid Coders

(LD-CELP &

CS-ACELP)

Vocoders

(Older Technology)

Waveform Coders

(ADPCM)

Score

Quality

Description of Impairment

5

4

3

2

1 Excellent

Good

Fair

Poor

Bad

Imperceptible

Just Perceptible, not Annoying

Perceptible and Slightly Annoying

Annoying but not Objectionable

Very Annoying and Objectionable

Source: A.M. Kondoz, “Digital Speech Coding for Low Bit-Rate Communications Systems”, 1995

(8)

19 4 Bytes

4 Bytes

RTP Timestamp

Synchronization Source (SSRC) ID

Sequence Number

Payload

Type

M

CC

V

E

R

RTP/RTCP—RFCs 1889/1890

 

End-to-end network transport function

Payload type identification—voice, video, compression type

Sequence numbering

Time stamping

Delivery monitoring

 

RTCP (Real-Time Control Protocol)

Header is 40 bytes

IP Header (20) UDP (8)

RTP (12)

26 kbps of bandwidth

per call

Compressing RTP Header gives

4-5

Bandwidth Per IP Call

(9)

ULg VoIP

22 Agenda

 

‘XXth Century’ voice

 

‘XXIst Century’ voice

Packetization

Quality of service

Signalling

Issues with NAT

Security

ULg VoIP

23 A

A

First Bit

Transmitted

Last Bit

Received

Network

Sender

Receiver

t

Network

Transit Delay

Processing

Delay

Processing

Delay

End-to-End Delay

(10)

24 Delay Variation—“Jitter”

t

Sender Transmits

B Receives

C

B

A

C

B

A

SenderA

ReceiverB

Network

d1

d2

D1 = d1

D2 = d2

Jitter

Delay and Jitter

 

Delay and jitter are generated when a packet is stored and

forwarded:

by router and switches

 

Delay is also generated by links

1 microsecond every 200 Km

 

Jitter is also caused by burst

 

Jitter requires play-back buffers

(11)

27 Campus

Backbone

Multimedia

Training

Servers

Finance

Manager

Remote

Campus

Differentiated Services

Classification

Enforcement

ULg VoIP

28 Packet Classification Layers

PT

DATA

FCS

PREAM. SFD DA

SA

_{4 Bytes}

TAG

3 bits used for COS

(user priority)

Version

Length

ToS

1 Byte

Len

ID offset

TTL Proto

FCS IP-SA

IP-DA

Data

3 bits called IP Precedence for differentiated services

(DiffServ may use 6 D.S. bits plus 2 for flow ctrl)

Version

Length

Traffic

Class

1 Byte

Hop

Limit

IP-DA

Flow

Label

Len

Hdr

IP-SA

Data

(12)

ULg VoIP

29 Evolving Business Requirements

Business Requirements Will Evolve and Expand over Time

Time

Critical Data

Realtime

4-Class Model

Best Effort

Signaling / Control

Call Signaling

Critical Data

Interactive Video

Voice

8-Class Model

Scavenger

Best Effort

Streaming Video

Network Control

Network Management

Realtime Interactive

Transactional Data

Multimedia Conferencing

Voice

12-Class Model

Bulk Data

Scavenger

Best Effort

Multimedia Streaming

Network Control

Broadcast Video

Call Signaling

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSIntro_40.html#wp61135

Collaboration & Presence

 

Presence augmented Instant Messaging

Who is on-line

Are they busy?

Where are they?

 

All of this pieces of information

Can be automated

(13)

ULg VoIP

32 Collaboration & Teleconference

 

High-speed, ubiquitous Internet allows

Cheap (Internet based) communications

Visual interaction

Sharing slides, documents

Seeing others on video

Working on the same document

ULg VoIP

33

(14)

ULg VoIP

35 New Application Requirements

The Impact of HD on the Network

 

User demand for HD video has a major impact on the network

(H.264) 720p HD video requires twice as much bandwidth as (H.323) DVD

(H.264) 1080p HD video requires twice as much bandwidth as (H.264) 720p

(15)

ULg VoIP

39 SIP: Session Initiated Protocol

 

SIP is another VoIP signaling protocol

 

Web like

 

Text format messages

Similar to HTTP

 

Fast call setup

 

Run over UDP or TCP

 

SIP proxies are the equivalent of H.323 gatekeepers

ULg VoIP

40 SIP Basics

 

SIP is a peer-to-peer protocol where end-devices (User Agents - UAs) initiate

sessions

 

SIP defines the signaling mechanism

 

SIP works for voice, video, instant messaging

 

SIP uses IETF protocols

HTTP 1.1

Session Description Protocol (SDP)

media (RTP)

name resolution & mobility (DHCP & DNS)

application encoding (MIME)

(16)

ULg VoIP

41 Internet or

private IP network

VoIP Architecture

Based on Session Initiation Protocol

SIP Proxy

SIP Trunk

Old Phone

network

Extensio

n

IP Address

2000

192.168.0.1 6000

2001:db8::abba:babe

SIP Clients!

1) SIP registration

Ext: 2000

IP: 192.168.0.1

IP: 2001:db8::abba:babe

Ext: 6000

2) Voice

3) External

voice

VoIP Pricing...

 

SIP: Session Initiation Protocol

Used to allow only authenticated device

SIP Proxy Register the IP address of a phone extension

SIP Trunk: gateway to classical analog voice

 

SIP proxy: free software (Asterisk) on an existing server

 

SIP trunk: cheap calls fixed price for Europe 5 EUR/month

 

SIP client on mobile/PC: free

(17)

43 SIP Commands/Responses

 

INVITE

 

CONNECTED

 

BYE

 

UNREGISTER

 

REGISTER

 

1XX Information

 

2XX Success

 

3XX Redirection

 

4XX Client Error

 

5XX Server Error

 

6XX Global Failure

Commands

Responses

ULg VoIP

44 SIP Phone

SIP UA / GW

Redirect

Server

Or SIP proxy

INVITE

3xx Redirect

INVITE to Address Returned in Contact: of 3XX response

100 Trying

180 Ringing

200 OK

ACK

BYE

200 OK

(18)

ULg VoIP

45 Web Real Time Communication

= WebRTC

 

IETF & W3C work

supported by Google,

Mozilla, Opera

Do peer-to-peer

communication IN the

browser

Goal is interoperation

of browsers and

applications

Big $$$ involved in

codec licenses...

Relies on DTLS (SSL

for UDP), SCTP,

STUN, ... (see later)

Source: Creative Commons, Feyd-Aran

What Is 9-1-1 (or 1-1-2 or 9-9-9)?

 

A simple, easy to remember telephone number that

allows automated call routing to the

local

public safety

agency, based on where you are calling

from

 

In some jurisdictions (North America) there are many

different destinations;

source

routed

 

Mostly ubiquitous for residential service

 

Varying degrees of deployment globally

Enhanced 9-1-1 in North America

(19)

ULg VoIP

48 Legacy Architecture

PhoneCompany, Inc.

The End Device

OSI Model

Layer 1/2

Mywires

Layer 3

Mynetwork

L

o

ca

ti

o

n

PhoneCompany, Inc.

Layer 7

Mydialtone

Smart Network—Dumb Endpoints

ULg VoIP

49 Internet Architecture

Last Mile, Inc.

ISP, Inc.

Location/Presence.com

Common Point—

The End Device

OSI Model

Lo

ca

tio

n

Loc

atio

_n

Layer 3

Network

Layer 7

Application

Layer 2

Access

I Think I’ll

Advertise My

Location

(20)

ULg VoIP

50 Problem: The Global Road Warrior

Internet

Chicago

PSAP

Hotel in Chicago

Corporate

HQ in Paris

VPN to Cor

_porate

This issue Must be solved!

112, What’s That?

Chicago,

Where’s That?

How Do I Route

This One?

SIP Routing Based on UAC’s Location

Alice

Outbound Proxy

--0a0

Content-Type: application/sdp

v=0

o=alice 2890844526 2890844526 IN IP4 atlanta.com

c=IN IP4 10.1.3.33

t=0 0

m=audio 49172 RTP/AVP 0

a=rtpmap:0 PCMU/8000

--0a0

**Content-Type: application/pidf+xml (short form*)**

 

SIP Routing based on Location

urn:service:sos is not globally unique

INVITE

w/ SDP and Location

INVITE sips:urn:service:sos SIP/2.0

Via: SIP/2.0/TLS pc33.atlanta.com;branch=z9hG4bK74

Max-Forwards: 70

From: Alice <sip:[email protected]>;tag=9fxced76sl

To: <sip:urn:service:sos>

Call-ID: [email protected]

CSeq: 31862 INVITE

Geolocation: <cid:[email protected]>

Route: <sips:[email protected];lr>

Contact: <sip:[email protected]>

Content-Type: multipart/mixed; boundary=0a0

Content-Length: 311

Proxy MUST learn UAC’s location,

determine where UAC is, then

If LoST query done by UA, may be as a Route

header

(21)

ULg VoIP

52 Agenda

ULg VoIP

53 Network Address Translation: IP at Home

 

IPv4 addresses are scarce and close to exhaustion

 

Network Address Translation helps

WiFi ʻRouterʼ!

Multiplex all inside!

Hosts over the ISP address!

ADSL Modem!

Internet !

192.168.1.1!

ADSL or Cable modem:!

1 IPv4 address!

(22)

ULg VoIP

54 Different NAT Behaviors...

Good reading: The Internet Protocol Journal, Volume 7, Number 3 by Geoff Huston

(23)

ULg VoIP

56 Full Cone NAT

ULg VoIP

57 What is STUN/ICE?

 

STUN

Simple Traversal of User Datagram Protocol (UDP) Through Network

Address Translators (NAT)

STUN (RFC3489) is a request/response protocol

Response contains IP address and UDP port of request

Allows client behind a NAT to find out its public address, the type of NAT it is

behind and the internet side port associated by the NAT

Example application: Googletalk

 

ICE

Interactive Connectivity Establishment

Defines a standardized method for SIP-enabled clients to determine a set of

IP addresses where clients can establish contact behind firewall

Leverages STUN to collect IP addresses

Example: MSN Live Messenger

(24)

ULg VoIP

58 STUN Overview

Simple Traversal of UDP through NAT

 

RFC 3489

 

Client-server protocol

 

Allows a client behind a NAT

find out its public address

the internet side port associated by NAT with a particular local port

type of NAT it is behind

 

This information is used for UDP communication between

two hosts that are both behind NAT routers.

 

Free implementation of STUN client/server

 

http://sourceforge.net/projects/stun

STUN Operation

 

STUN server located on the

public Internet. Using 2 addresses

and 2 ports.

 

STUN usages

– binding discovery,

– NAT keepalives

 

STUN messages are sent on the

very same ports that RTP will use

latter

– First 2 bits allow to differentiate

between STUN and RTP

STUN

STUN Server

NAT2

NAT1

STUN Client

Public Internet

Private Net 2

Private Net 1

(25)

ULg VoIP

60 Interactive Connectivity Establishment (ICE)

Overview

 

offer-answer model for media streams through NAT.

 

use of STUN and its relay extension TURN

in a specific methodology which avoids many of the pitfalls of using any one

alone.

Each agent can have its own STUN server, or they can be the same

 

ICE agents (endpoints) discover their topologies to find a path or paths

by which they can communicate.

 

Agents L and R are capable of engaging in an offer/answer exchange

SDP messages to set up a media session between L and R. Exchange

will occur through a SIP server...

ULg VoIP

61 Gathering Candidate Addresses

 

each agent has a variety of candidate transport addresses:

directly attached network interface

A translated address on the public side of a NAT (a "server reflexive"

address)

The address of a media relay the agent is using

Could be IPv4 or IPv6 or both

(26)

ULg VoIP

62 Example

Stun Srvr

Binding discovery usage

192.0.2.2:3478

Agent L

10.0.1.1 Agent R

192.0.2.1 NAT

192.0.2.3 2001:db8:bad::f00d

Connectivity Checks

 

Local

Order highest to lowest priority candidates

Sends them to R over the signaling channel

in the SDP offer.

 

When R receives the offer:

same gathering process

responds with its own ordered list of candidates.

sorts the candidate pairs in priority order.

Sends checks on each candidate pair in priority order.

 

Both acknowledge checks received from the other agent.

(27)

ULg VoIP

64 Agenda

ULg VoIP

65 Voice and Data Threat Models Merge

 

IP Telephony

inherits IP data network threat

models:

Reconnaissance, DoS, host vulnerability exploit, surveillance,

hijacking, identity, theft, misuse, etc.

 

QoS requirements of IP Telephony

increase exposure to

DoS attacks

that affect:

Delay, jitter, packet loss, bandwidth

 

PC endpoints typically require user authentication,

phones

typically allow any user

(exceptions: access/billing codes,

Class of Service)

(28)

ULg VoIP

70 Securing the IP Telephony Itself

 

Plain SIP/SCCP protocols:

No authentication

No integrity

No confidentiality

 

Secure SIP/SCCP protocols

With authentication: using X.509 certificates

With integrity and confidentiality

Rely on cryptographically secure protocols

 

Secure firmware and configuration with RSA signatures

IP

TCP

TLS

HTTP

SCCP

SIP

LDAP

Supports any application protocol

•  Needs secure method to exchange

shared secret

•  Bi-directional PKI pairs for

mutual authentication

•  Shared secret exchanged using

RSA

•  Computes Hashed Message

Authentication Code (HMAC)

•  Allows MD5 or SHA1

•  Conventional cryptography using

shared secret

•  DES, 3DES, AES

•  RC2, RC4

Protecting Signaling

(29)

ULg VoIP

72 Authentication and Encryption Basics

Protecting the Signaling

TLS is the transport for

signed (RSA),

authenticated

(HMAC-SHA1) and encrypted

(AES-128) signaling (1)

ULg VoIP

73 SRTP: Secure RTP

Authenticated portion

timestamp

P

V

X

CC

M

PT

sequence number

synchronization source (SSRC) identifier

contributing sources (CCRC) identifiers

…

RTP extension (optional)

RTP payload

SRTP MKI -- 0 bytes for voice

Authentication tag -- 4 bytes for voice

Encrypted portion

•  RFC 3711 for transport of secure media

•  Uses AES-128 for both authentication and encryption

•  High throughput, low packet expansion

(30)

ULg VoIP

74 Authentication and Encryption Basics

Protecting the Media Streams

CAPF

CTL Client

SRTP is the transport for

authenticated and encrypted

(AES-128) media (2)

Final Words

 

IP Telephony is now a proven technology

 

SIP is the standard