1 Thomas Siegers Songfuli Co., Ltd. 3 July 2007 Efficient Telecommunication Infrastructure with Internet Telephony (VoIP)
May 08, 2015
1
Thomas SiegersSongfuli Co., Ltd.
3 July 2007
Efficient Telecommunication Infrastructure with Internet Telephony (VoIP)
2
Information
Hosted by:American Chamber of Commerce TaiwanCommunications Technology Workshop
This presentation is publicly available at:http://www.slideshare.net/thomasjs
This presentation is published under theCreative Commons Attribution Share Alike License.For more information, see http://creativecommons.org/about/licenses/
3
Agenda
Introduction Basics of telephony and networking Skype SIP protocol
Hardware Service providers Integration into network
and telephone system Scenarios and examples
2 hours30 minutes
4
Hype Cycle
www.gartner.com –2006
5
Introduction Internet Telephony
VoIP – Voice over IP (IP – Internet Protocol)
Pro: more economicno telephone charge for computer-to-computer calls*charge of local call for computer-to-telephone call*) except of charge for network access
Con: more complicated and less reliablerelies on electric poweremergency calls cannot be mapped to locationnetwork: connection interruptions, packet losssecurity: easier to trace calls over the Internetconfiguration: firewall traversal
6
Return of Investment
0
20
40
60
80
100
120
140
1 2 3 4 5 6
months
NTD
CHTVoIP
Accumulated cost over 6 months
60 min calls per day to Germany,20 days per month
CHT 16 NTD/min VoIP 1 €¢/min
Investment for VoIP 100,000 NTD
ROI after 5 months, after that savings of >18,500 NTD/month
7
How does it work?
Computer+ sound card+ headset+ software
Network
Telephone adapter+ analog telephone
Computer converts voice into digital signals.
Network transports digital signals as data packets.
Telephone adapter converts digital signals into voice.
8
Telephony PSTN
Public Switched Telephone Network
POTSPlain Old Telephone Service
ISDNIntegrated Services Digital Network
PBXPrivate Branch Exchange
FXOForeign Exchange Office
FXSForeign Exchange Station
9
PSTN
PSTN–Public Switched Telephone Network
Circuit-Switching
TXTX
TX
TX
TX
TXTX
TX TXTX
TX
TX - Telephone Exchange
10
PBX
Extensions
FXSFXOPSTN
Trunk
PBX = PABX–Private Automatic Branch Exchange
FXO–goes on-hock and off-hook
FXS–provides power, ring signal, dial tone
11
Network
Packet-Switching
RR
R
R
R
RR
R RR
R
R–Router
ServerClients
12
Layer Concept
Address
SENDER
Network
Transport
Service
Delivery
Message
Registered
13
Protocol StackISO/OSI* Internet Examples
7 Application Application www : HTTP, FTP, DNS
6 Presentation mail : SMTP, POP, IMAP
5 Session p2p : SIP, eD2k, XMPP
4 Transport Transport TCP, UDP, NetBEUI, WAP
3 Network Internet IP, IGMP, ICMP, IPsec, ARP
2 Data Link NetworkAccess**
PPP, L2TP, GPRS, ATM, FR
1 Physical Ethernet, USB, Wi-Fi, ISDN
*) ISO –International Organization for Standardization, OSI –Open Systems Interconnection**) original TCP/IP model, recently 5-layer model with data link and physical layer
14
TCP/IP Packet
IP-packet
TCP-packet
source addressdestination address
TCP-packet
header data
source portdestination port
application data(HTTP, FTP, SMPT)
dataheader
15
Request – Response
ClientServer
Request
Response
HTTP
Source 10.0.0.100:1234Destin. 203.66.88.89:80
Source 203.66.88.89:80 Destin. 10.0.0.100:1234
IP-address:10.0.0.100
TCP-port: >1024
IP-address:203.66.88.89
TCP-port: 80
16
Network Address Translation NAT, IP masquerading Address shortage of IP ver. 4
32 bit => 4 G ~ 4 billion addresses
Address ranges only for private useclass A : 10.x.x.x, class B : 172.16.x.x – 172.31.x.x, class C : 192.168.x.x
Internet gateway (firewall) translatesbetween private and public addresses.
Firewall rules:request LAN Internet : allowresponse Internet LAN : allowrequest Internet LAN : deny
Internet can only connect to the LAN,when the LAN had sent a request before.
LAN
Internet
NAT
17
Peer-to-Peer Communication Peer-to-Peer (P2P)
VoIP, file sharing, instant messaging
VoIP Protocolstwo protocols involved: SIP and RTPSIP - session initiation protocol: signalling, UDP port 5060RTP - real-time transport protocol: voice communication, UDP port range 10000-20000
NAT Traversal- different kinds of NAT: symmetric, asymmetric- UDP hole punching- STUN - Simple Traversal of UDP through NATs necessary when both clients are behind NAT doesn’t work with symmetric NAT
18
UDP Hole Punching
Before Process After
19
UDP Hole Punching Process
20
Firewall Application Filter
21
Skype Peer-to-peer Internet telephony (VoIP) network
Software is free, but not open source
Proprietary protocol, traffic encrypted
Founded by the founders of the file sharing application Kazaa
Acquired by eBay in October 2005
Easy to deploy even behind firewall and NAT
Heavy use of network bandwidth and other resources
Difficult to integrate into organization’s security strategy
22
Getting Granular on Skype 2004 – Columbia University, New York, USA
An Analysis of the Skype Peer-to-Peer Internet Telephony Protocolhttp://www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf
Analysis of network structure and traffic 2006 - EADS Corporate Research Center, France
Silver Needle in the Skypehttp://www.secdev.org/conf/skype_BHEU06.handout.pdf
Developers of Skype made immense effort to prevent reverse engineering, i.e. getting an inside view. The Skype client detects, when it is running within a debugger and then changes its behavior. Parts of its code are ciphered and will be decrypted during runtime.
23
Problems with SkypeFrom a network security administrator point of view Almost everything is obfuscated
Peer to peer architecture
Traffic even when the software is not used
From a system security administrator point of view Many protections, anti-debugging tricks, ciphered code
A product that works well for free from a company not involved on Open Source ?!
The Chief Security Officer point of view Is Skype a backdoor ?
Can I distinguish Skype’s traffic from real data exfiltration ?
Is Skype a risky program for my sensitive business ?
24
ConclusionGood points Skype was made by clever people
Good use of cryptography
Bad points Hard to enforce a security policy with Skype
Jams traffic, can’t be distinguished from data exfiltration
Incompatible with traffic monitoring, IDS
Impossible to protect from attacks (which would be obfuscated)
Total blackbox. Lack of transparency.No way to know if there is/will be a backdoor
Fully trusts anyone who speaks Skype.
25
SIP Protocol SIP – session initiation protocol
- application layer protocol used for Internet telephone calls, multimedia distribution, and multimedia conferences- standardized by the Internet Engineering Task Force (IETF)- open specification: RFC 3261 (like all Internet standards)
SIP - The De-facto VoIP Standardhttp://en.wikipedia.org/wiki/SIP_Telephony#SIP_-_The_De-facto__VoIP_Standard
SIP – signalling, UDP port 5060RTP – real-time transport protocolvoice communication, UDP port range 10000-20000
Codec – audio data compression algorithm for voiceG.729a – 8kbps, G.711 – 64kbps,G.723 obsolete, superseded by G.726 – 16-40kbps
26
SIP – open protocol => everyone can offer services for it
VoIP provider is connected to both Internet and PSTN. Over 2000 SIP VoIP providers
Dialing between providerse.g. FreeWorldDialup no. 740218 => *393 740218http://www.sipbroker.com/sipbroker/action/providerWhitePages
Advanced Features- monthly rate, flat rate- unlimited local and distance calling- voicemail, call forwarding, caller ID- dial-in number with home area code- direct inward dialing (DID)- fax receipt with e-mail notification
VoIP Provider
27
VoIP Services
PSTN Internet
Gateway
Computer, Soft Phone &
Headset
IP Telephone
Analog Telephone
VoIP Provider
1) VoIP call–free2) dial-out–charged3) dial-in–charged
28
SIP – open protocol => everyone can build devices for it
Router
Analog Telephony Adapter (ATA)
SIP-Phone
Wireless Phone
USB-Devices
Integrated Systems
Large Systems Hardware bundled by VoIP providers
http://www.voipbuster.com/en/hardware.htmlhttp://www.sipgate.de/voipshop
VoIP Hardware
29
Router ADSL Internet access
VoIP (SIP)
FXS, (FXO)
Packet filter
VPN (virtual private network)
WLAN (wireless LAN)
30
Analog Telephony Adapter ATA
connects standard analog telephones to a VoIP network
31
SIP-Phone Connected to LAN
or directly to the Internet
Bridge to PCto share network cable
32
Wireless Phone Wireless USB phones
USB Bluetooth phones
Wi-Fi phones
33
USB-Devices Headsets
USP-Phones
Wireless USB-Phones
34
Integrated Systems Multiple analog ports
FXS, FXO
PBX
Firewall
VPN-gateway
WLAN
ISDN
35
Large SystemUsed by VoIP Providers
SIP Proxy Server
T1/E1 Gateway
RTP Resource Server
Session Border Controller
Voice Mail, Auto-Attendant
Application Server
Conference Server
IP Recorder
Billing server
Universal SIP/H.323 Signal Converter
36
IP PBX Software PBX
Can be installed on standard hardwarefrom PC to Unix-server
Additional hardware requiredconnection to POTS (FXO/FXS) or ISDN
Embedded appliances available Asterisk
popular open source software, another is sipXLinux distributions: Trixbox, AstLinux, AsteriskNOWused as basis for embedded appliancesused by leading VoIP providers, e.g. iotum**) iotum was named “Cool Vendor” in Enterprise Communications by Gartner in 2007http://www.asterisk.org
37
Asterisk Analog cards
PCI bus, half or full length1-8 FXO/FXS interfaces
Digital cardsPRI E1/T1, ISDN
ApplianceIP-PBX embedded in device with analog interfaces
Developer kitsversion ITSPs, OEMs, resellers, and integrators
38
IP-PBX Software PBX
embedded in robust hardwaremostly based on Asteriskconfigurable via web browser
Primary rate interface23 (T1) or 30 (E1) channels
Multiple extensionsFXS or ISDN
39
Application Examples Integration with PBX
VoIP gateway without PBX
VoIP gateway with PBX connected via FXS
VoIP gateway with PBX connected via FXO
Integration with Network VoIP gateway as Firewall
VoIP gateway in LAN with private IP address
VoIP gateway in DMZ with private IP address
VoIP gateway in DMZ with public IP address
IP-PBX SIP only / SIP and Skype
40
VoIP Gateway without PBX
PSTN Internet
LAN
FXS
FXOVoIP
41
VoIP Gateway
42
VoIP Gateway with PBX (FXS)
PSTN Internet
PBX
FXS
FXO
FXS
VoIP
43
VoIP Gateway with PBX (FXO)
PSTN Internet
PBX
FXS
FXO FXO
FXS
VoIP
44
Application Examples Integration with PBX
VoIP gateway without PBX
VoIP gateway with PBX connected via FXS
VoIP gateway with PBX connected via FXO
Integration with Network VoIP gateway as Firewall
VoIP gateway in LAN with private IP address
VoIP gateway in DMZ with private IP address
VoIP gateway in DMZ with public IP address
IP-PBX SIP only / SIP and Skype
45
VoIP Gateway in LAN
Internet
FW
LAN
VoIPProvider
STUN
NAT
public IP address
private IP address
FW–firewall
LAN–localareanetwork
VoIP
46
VoIP Gateway in DMZ
Internet
FW
LAN
DMZ
DMZ–demilitarized zone
NAT
public IP address
private IP address
VoIP
47
VoIP Gateway with public IP
Internet
FW
LAN
DMZ
NAT
public IP address
private IP address
FW
outer firewall
inner firewallVoIP
48
Application Examples Integration with PBX
VoIP gateway without PBX
VoIP gateway with PBX connected via FXS
VoIP gateway with PBX connected via FXO
Integration with Network VoIP gateway as Firewall
VoIP gateway in LAN with private IP address
VoIP gateway in DMZ with private IP address
VoIP gateway in DMZ with public IP address
IP-PBX SIP only / SIP and Skype
49
IP-PBX
PSTN Internet
FW
LAN
analogtelephone digital (IP)
telephoneIP-PBX
FXS
FXO
50
SIP and Skype
PSTN Internet
PBX
FXS
FXO
FXS
LAN
FXS
PC, FXS-card,Skype software
VoIP
51
VoIP Scenarios Transfer call between two VoIP Providers
dial via caller’s VoIP providertransfer call to company’s VoIP providertransfer call to company’s internal extension
Transfer incoming call to teleworkerteleworker is registered to company’s PBX (no provider)customer calls in via PSTNcompany’s operator transfers call to teleworker*
Setup multi-location corporate infrastructureheadquarter serve as central registrar (no provider)branch offices register to headquarter
*) http://en.wikipedia.org/wiki/Teleworker
52
Two VoIP Providers
PSTN Internet
PBX
FXS
FXO
FXS
VoIP provider A
VoIP provider B
Operator Extension
Caller
VoIP
53
Teleworker
PSTN Internet
PBX
FXS
FXO FXO
Customer
Teleworker
Operator
Mobile Worker
Wi-Fi
VoIP
54
Corporate Infrastructure
PSTN Internet
PBX
FXS
FXO FXO
Customer
Sales Office
Factory
VoIP
55
Q & A
Thomas SiegersSongfuli Co., Ltd.
Taipei, Taiwan松福禮股份有限公司
http://[email protected]
http://www.slideshare.net/thomasjs