Download SIP over identifier/locator splitted next generation - DCA

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
Document related concepts

Net neutrality law wikipedia , lookup

Wireless security wikipedia , lookup

Computer network wikipedia , lookup

Distributed firewall wikipedia , lookup

Net bias wikipedia , lookup

Airborne Networking wikipedia , lookup

Peering wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Computer security wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Deep packet inspection wikipedia , lookup

Internet protocol suite wikipedia , lookup

Routing in delay-tolerant networking wikipedia , lookup

Zero-configuration networking wikipedia , lookup

SIP extensions for the IP Multimedia Subsystem wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Transcript 
SIP over an Identifier/Locator splitted
Next Generation Internet architecture
Christian Esteve Rothenberg, Walter Wong,
Fábio L. Verdi, Maurício F. Magalhães
School of Electrical and Computer Engineering (FEEC)
State University of Campinas (UNICAMP), Brazil
ICACT08
Phoenix Park, South Korea, 18/02/2008
Introduction
• Current Internet architecture presents some limitations
to the natural deployment of new services:
– Mobility/Multi-homing
– Network heterogeneity
“Patches” approach:
NAT, IPSec, Mobile IP,etc.
– Embedded Security
• Existing applications like SIP
demand security, mobility support,
and operation over IPv4 and IPv6.
18/02/2008
ICACT08
Many SIP add-ons:
ALG, SBC, TLS , SRTP,
S/MIME,etc.
2
Introduction
• Main issue: IP semantic overload
– Transport layer: IP is an identifier (naming)
IP
– Network layer: IP is a locator (addressing)
• Consequences
SIP
HTTP
SDP
Legacy
DNS
applications
RTP
…
– Lack of a stable identifier for
S
T
U
C
end-to-end communication
C
D
T
P
P
P
– Mobility/Multihoming
ID
Host Identifier
– Heterogeneity
IP
IPv4 IPv6
Network locator
– Security
• Solution
Ethernet
…
Network
– Identifier/locator separation
ATM
technology
WLAN
SONET
• HIP, IETF RRG LISP, NodeID
18/02/2008
ICACT08
3
Introduction
Identifier/locator separation
• Introduction of an identification layer between the network
and transport layers (as in HIP)
• Identifiers are 32-bit (128-bit in IPv6) flat (topology-free),
persistent and unique node IDs
<IP:port>src
<IP:port>des
Protocol
Application
Application
socket
socket
<ID:port>src
<ID:port>dest
Protocol
Identifier
Static binding
Dynamic binding
IP = 10.1.1.2
10.1.1.1
18/02/2008
locator
locator
ICACT08
IP = 10.1.2.3
10.1.1.1
10.1.1.2
4
Background
Next Generation Internet Architecture Proposal
• Originally inspired by the NodeID architecture
– Global, flat, cryptographic node Identifiers (as in HIP)
– Host FQDN assumed
• Extended with Domain IDs (DID)
– Scalability (!)
• Routing on flat IDs (DID/NID)
– Different to HIP (!)
18/02/2008
ICACT08
5
Contribution
Functionalities of our NGI Framework 1:
•
•
•
•
•
•
•
Name Resolution
Mobility
Internal
modules
Control
plane
Multi-homing
Mobility
DHT Client
Flat Routing
Gw Msg Srv RVS Client
Security Mgr DHCP Client
Security
Heterogeneity
Legacy Applications Support
DHT
External Modules
RVS
DNS
DHCP
Legacy appl. support
DNS
Filter
Handler
Identification layer
ID
Packet
Security
Handler Mapper
Security
DB
Flat routing
Peer
Routing
Cache
Network
1
W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, "A
can
e.g., SIP
Framework forHow
Mobility
and an
Flat existing
Addressing application
in Heterogeneouslike
Domains",
In 25º
Brazilianoperate
Symposiumwith
of Computer
Networks and
Distributed
Systems,
SBRC 2007.
and benefit
from
our NGI
Architecture?
18/02/2008
ICACT08
6
Scenario under evaluation
FQDN1
(hostname1.sth.atlanta.com)
NID1 (32-bit)
UA1 (sip:[email protected])
sip_proxy1.atlanta.com
(1)
DNS
(2)
INVITE
sip:[email protected]
To: sip:[email protected]
From:
sip:[email protected]
Contact: FQDN1
o= FQDN1
c= NID1
…
RVS
P1
DNS
Domain1
atlanta.com
(5)
DR
DHT
(3)
RVS
DHT
DR
Internet
Core (IPv4)
DHT
(4)
UA2 (sip:[email protected])
NID2 (32-bit)
FQDN2
(hostname2.sth.biloxi.com)
18/02/2008
Domain2
biloxi.com
P2
sip_proxy2.biloxi.com
ICACT08
7
Transparent naming
global, unique
local
Hostnames
• FQDN can be assumed as global
FQDN
name space for all hosts
Resolution()
SIP URI
NID
Locator
– Enabled by the unique and
user
Hash()
@
global-scope NIDs
Network
domain
Address
• SIP RFC 3261 RECOMMENDS
Node Identity
use of FQDN form names
Name resolution
Legacy appl. support
• SIP UA DNS requests (gethostbyname(), SIP SRV) intercepted
DNS
Filter
Handler
• NIDs returned to the SIP application as typical IP addreses.
Transparent architecture features
Flat routing
Peer
• The architecture handles the dynamic locator binding,
Routing
Cache
security associations, flat routing, etc.
Identification layer
(32 / 128 bits)
Private
Key
18/02/2008
ICACT08
Packet
Handler
Public
Key
ID
Mapper
Security
(IPv4 / IPv6)
Security
DB
8
Transparency
Source address = source NID
Destination address = dest NID
IP UDP Payload
Legacy SIP & RTP packets
Src <NID, DID>
Dst <NID, DID>
NIH
NID Header
Network
18/02/2008
IP
UDP
ICACT08
Payload
Payload
9
Security
• Embedded on the identification layer (HIP-like)
– NIDs are cryptographic hashes of public keys
– Enables nodes to self-claim their identities
– Authentication based on public key infrastructure (PKI)
• Provides single secure channel between peers
– For all communications, all applications
HDR, CERT, nonce
HDR, {CERT, DHB, nonce}, sig
A
18/02/2008
HDR, {DHA}, sig.
ICACT08
B
10
Mobility
•
•
•
•
Periodic locator updates in the Rendezvous Server
Mobility event transparent to applications (SIP clients)
TCP connections survived network reconfigurations
RTP stream “seamless” recovered
W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, “An
Architecture for Mobility Support in a Next Generation Internet”, In IEEE 22nd
International Conference on Advanced Information Networking and
Applicationswith
(AINA),
Japan, March
2008
10 experiments,
RVS Update
every 3s
and G.729 (20ms) coded RTP payload.
18/02/2008
ICACT08
11
Performance
• Signaling overhead
– Extra interactions required
– SIP session establishment
time difference negligible in
our testbed environment
• VoIP bandwidth overhead
– Comparable to other
security schemes
– Header compression
possible
ES P /A H
ID H
18/02/2008
ICACT08
12
Related Work
• Next Generation Internet architectures
– FARA, i3, TRIAD, ROFL, DONA
– Node Identity Internetworking Architecture (NodeID),
draft-schuetz-nid-arch-00, Sep. 07
• ID/Loc separation
– HIP, IETF RRG (LISP, NERD, etc.)
– ITU-T, “Separation of IP into identifier and locator in NGN”,
Draft Recommendation Y.ipsplit, Jan. 07
• Interactions of HIP with SIP
– P2PSIP, SHIP, draft-tschofenig-hiprg-host-identities, Jun. 07
18/02/2008
ICACT08
13
Future Work
• DID/NID flat routing approach
– Scalability
– Domain mobility (Submitted paper)
• Security model (HIP inspired)
– Comparison to related work on security (Paper in progress)
• Enhanced name resolution mechanims (DHT-based)
– DID router resolution in the Internet Core
• Extend our framework towards a data-oriented /
content-centric paradigm
18/02/2008
ICACT08
14
Conclusion
• Framework to instantiate NGI proposals
• ID/Loc separation implementable
– Validated the claim of existing application support
– Contribution towards a Next Generation Internet arch.
• Benefits from ID/Loc adoption:
– Native network mobility support
• Transparent to applications
– Native security based on the identification layer
• E2E single secure channel
– Operation over heterogeneous realms (IPv4/IPv6)
• Affordable overhead (signaling, BW, computation)
18/02/2008
ICACT08
15
Thank you!
Questions?
18/02/2008
ICACT08
16
Backup
18/02/2008
ICACT08
17
References
•
•
•
•
•
•
•
•
J. F. Shoch, "Inter-Network Naming, Addressing, and Routing." In Proceedings of IEEE COMPCON,
Fall, 1979.
J. Chiappa, "Endpoints and Endpoint Names: A Proposed Enhancement to the Internet
Architecture", [Online]. Available: http://users.exis.net/~jnc/tech/endpoints.txt, 1999.
R. Jain, “Internet 3.0: Ten Problems with Current Internet Architecture and Solutions for the Next
Generation,” Military Communications Conference MILCOM, Washington, DC, October 23-25,
2006.
I. Stoica, D. Adkins, S. Zhuang, S. Shenker and S. Surana, "Internet Indirection Infrastructure," In
Proceedings of SIGCOMM 2002.
M. Caesar, K. Lakshminarayana and et al. “ROFL: Routing on Flat Labels”. In Proceedings of
SIGCOMM 2006.
B. Ahlgren, J. Arkko, L. Eggert and J. Rajahalme. “A Node Identity Internetworking Architecture”. In
Proceedings of the IEEE INFOCOM 2006 Global Internet Workshop, Spain, 2006.
P. Nikander. "Implications of Identifier / Locator Split", Helsinki University of Technology (TKK)
NETS 1a morning coffee, Dec. 2004. D. Farinacci et al. “Locator/ID Separation Protocol (LISP)”.
IETF Draft, draft-farinacci-lisp-02 (work in progress), July 2007.
ITU-T, “Separation of IP into identifier and locator in NGN”, Draft Recommendation Y.ipsplit,
Beijing, China, 8-12 January 2007.
18/02/2008
ICACT08
18
References
•
•
•
•
•
•
•
•
S. Schuetz, R. Winter, L. Burness, P. Eardley and B. Ahlgren, "Node Identity Internetworking
Architecture", IETF Internet-Draft draft-schuetz-nid-arch-00 (work in progress), September
2007.
W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, "A Framework for
Mobility and Flat Addressing in Heterogeneous Domains", In 25º Brazilian Symposium of
Computer Networks and Distributed Systems 2007, SBRC 2007, Brazil May 2007.
W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, “An Architecture
for Mobility Support in a Next Generation Internet”, In IEEE 22nd International Conference on
Advanced Information Networking and Applications (AINA), Japan, March 2008
J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley and
E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002
R. Moskowitz and P. Nikander, "Host Identity Protocol (HIP) Architecture", RFC 4423, May 2006.
B. Ahlgren, L. Eggert, B. Ohlman, J. Rajahalme, and A. Schieder, “Names, addresses and
identities in ambient networks”. 1st ACM Workshop on Dynamic interconnection of Networks,
September 2005
J. Rosenberg and H. Schulzrinne, "Session Initiation Protocol (SIP): Locating SIP Servers", RFC
3263, June 2002.
M. Handley, V. Jacobson and C. Perkins, "SDP: Session Description Protocol", RFC 4566, July
2006.
18/02/2008
ICACT08
19
References
•
•
•
•
•
•
•
•
J. Y. H. So, J. Wang, and D. Jones, "SHIP Mobility Management Hybrid SIP-HIP Scheme," In
Proceedings of Sixth SNPD/SAWN International Conference, USA, 2005.
H. Tschofenig, J. Ott, H. Schulzrinne, T.Henderson, and G. Camarillo, "Interaction between
SIP and HIP", draft-tschofenig-hiprg-host-identities (work in process), Internet-Draft, IETF,
June 2007
D. Geneiatakis et al. "Survey of Security Vulnerabilities in Session Initiation Protocol", IEEE
Communications Surveys and Tutorials, vol. 8 (3), IEEE Press, 2006, pp. 68–81.
H. Schulzrinne and E. Wedlund, “Application Layer Mobility using SIP”, ACM Mobile
Computing and Communications Review, vol. 4,, July 2000.
D. Le, X. Fu and D. Hogrefe, “A Review of Mobility Support Paradigms for the Internet”, IEEE
Communications Surveys and Tutorials, Jan 2006.
A. Botta, A. Dainotti and A. Pescapè, "Multi-protocol and multi-platform traffic generation
and measurement", INFOCOM 2007 DEMO Session, May 2007, Anchorage (Alaska, USA).
Open SIP Express Router, [Online]. Available: http://www.openser.org/
SIPp, traffic generator, [Online]. Available
18/02/2008
ICACT08
20
Architecture
DHT
External Modules
RVS
DNS
DHCP
Legacy appl. support
Internal modules
Filter
Control plane
Mobility
DHT Client
Gw Msg Srv
RVS Client
Security Mgr
DHCP Client
DNS
Handler
Identification layer
Packet
Handler
ID
Mapper
Security
Security
DB
Flat routing
Routing
18/02/2008
ICACT08
Rede
Peer
Cache
21
Related documents
Public Safety Answering Point (PSAP) Callbacks
Public Safety Answering Point (PSAP) Callbacks
Should SIP be modified for per call billing?
Should SIP be modified for per call billing?
Diapositive 1
Diapositive 1
presentation
presentation
VIP-204 Programming
VIP-204 Programming
SIP Programming
SIP Programming
ABCD - Cisco
ABCD - Cisco
Voice over Mobile IP
Voice over Mobile IP
Internet Multimedia Architecture
Internet Multimedia Architecture
Chapter 04 Modern Applications
Chapter 04 Modern Applications
Security - Ingate Systems
Security - Ingate Systems
name_______________________ period_________ date
name_______________________ period_________ date
The American Class System
The American Class System
Chapter 24 - William Stallings, Data and Computer Communications
Chapter 24 - William Stallings, Data and Computer Communications
Chapter 24 - William Stallings, Data and Computer
Chapter 24 - William Stallings, Data and Computer
Collaboration Approaches for CTS05 GlobalMMCS Tutorial
Collaboration Approaches for CTS05 GlobalMMCS Tutorial
New Methods of Telephony Service
New Methods of Telephony Service
Service composition in IMS using Java EE SIP servlet
Service composition in IMS using Java EE SIP servlet
F. MILSA implementation considerations
F. MILSA implementation considerations
GISFI_CSeON_201309395
GISFI_CSeON_201309395