Voice over IP

Voice over IP (VoIP)

Networks and Networking AICT003-3-2

VoIP

Data Communication & NetworksData Communications & NetworkingAICT003-3-2 - Networks and Networking Chapter 12 2

Topic & Structure of the lesson

• Introduction to VoIP• Considerations for implementing VoIP• Benefits of VoIP• Components of VoIP• VoIP security issues• VoIP standards and protocols• Interconnecting VoIP protocols

VoIP


Learning Outcomes

At the end of this lecture students would be able to:

• Describe the use of VoIP

• Distinguish considerations for implementing VoIP

• Define the benefits of VoIP

• Define the components necessary to implement VoIP

• Describe the security issues affecting the use of VoIP

• Distinguish the different standards and protocols available for VoIP

• Describe the approach to be considered when deciding to interconnect

different VoIP protocols

VoIP


• Voice over IP (VoIP) or IP telephony is the transmission of voice over packet-switched IP networks.

• Changes in the way people and organizations communicate has brought about many changes. Some very obvious changes that lead to introduction of VoIP:

• Growth of the internet and applications based on the Internet Protocol (IP)

• The internet has become a ubiquitous means of communication

• The total amount of packet-based traffic has quickly surpassed traditional voice (circuit-switched) network traffic

Introduction to VoIP

VoIP


• Develop appropriate network architecture

• Ensure that the organization has examined the risks involved

• Ensure physical controls are deployed accordingly

• Evaluate costs for additional power backup system

• Security factors

Considerations for implementing VoIP

VoIP


Benefits of VoIP

• VoIP can supply many unique capabilities to the carriers and customers

• The most important benefits include the following:

• Cost savings and productivity

• Open standards and multi-vendor interoperability

• Integrated voice and data networks

VoIP


Disadvantages of VOIP

• Quality of calls across Internet is not assured• Broadband equivalent connection needed for

connecting offsite• Network switches may need replacement• Power on Ethernet may need to be established

over the LAN• Phone availability is dependent on network

hardware and power• Some VOIP providers have fees• Emergency calls 000 do not issue an origin

VoIP


Components of VoIP

• Traditional telephone handset

• Conferencing units

• Mobile units

• PC or “softphone”

VoIP


VOIP from router

• Use standard phones connected directly to router

• Cheaper than router + analog telephone adapter

• Quality of service provided at the router

VoIP


VoIP standards and protocols

• Basic terminology must be understood in order to understand the applications and usage of VoIP

• The following definitions serve as a useful starting point:

• H.248 is an ITU Recommendation that defines “Gateway Control Protocol”

• H.323 is an ITU Recommendation that defines “packet-based multimedia communications systems”

• Media Gateway Control Protocol (MGCP), also known as IRTF RFC 2705, defines a centralized architecture for creating multimedia applications, including VoIP

• Real-Time Transport Protocol, also known as IRTF RFC 1889, defines a transport protocol for real-time applications..

VoIP


• Centralized and Distributed Architectures

• All voice networks were built using centralized architecture in which dumb endpoints (telephones) were controlled by centralized switches

• Although this model worked well for basic telephony services, it mandated a trade-off between simplified management and endpoint and service innovation

• One of the benefits of VoIP is that it allows networks to be built using either a centralized or a distributed architecture

• Centralized architectures are associated with MGCP and H.248 protocols


VoIP



• The endpoints can be VoIP gateways, IP phones, media servers, or any device that can initiate and terminate a VoIP call

• The call-control devices are called gatekeepers in an H.323 network, and proxy or redirect servers in a SIP network

VoIP


Session Initiation Protocol (SIP)

SIP Messages

BYE OPTIONS CANCEL REGISTERACKINVITE

VoIP


Session Initiation Protocol (SIP)

VoIP


H.323

VoIP


H.323

VoIP


Interconnecting VoIP Protocols

• Interconnecting VoIP Protocols

• VoIP networks continue to be deployed at a rapid pace

• However;

• vendor support for each protocol differs

• companies have varying business requirements

• Having various protocols gives customers the flexibility to connect services from multiple carriers

• Therefore standards are adopted to;

• Simplify deployment of multivendor endpoints

• Increases options for network management and provisioning

VoIP



• As companies expand their networks, they are faced with choices about how to interconnect segments using differing VoIP protocols

• These choices often fall into three categories:

• Translation through time-division multiplexing (TDM)

• The company uses either TDM equipment or VoIP gateways to translate from one protocol domain to another

• Single protocol architecture

• The company moves all its VoIP devices and services to a single protocol, simplifying the network as a whole

VoIP


• Protocol translation

• The company uses IP-based protocol translators to interconnect two or more VoIP protocol domains


VoIP


VoIP Case study: Skype

• A (VoIP) service, was first released in 2003 as a way to make free computer-to-computer calls, or reduced-rate calls from a computer to telephones.

• Support for paid services such as calling landline/mobile phones from Skype (formerly called SkypeOut), allowing landline/mobile phones to call Skype (formerly called SkypeIn and now Skype Number), and voice messaging generates the majority of Skype's revenue.

VoIP


• As of 2010, Skype was available in 27 languages and has 660 million worldwide users, an average of over 100 million active each month.

• Unlike most other VoIP services, Skype is a hybrid peer-to-peer and client–server system. It makes use of background processing on computers running Skype software, and this is reflected in Skype's original proposed name of ”Sky Peer-to-Peer”

• Estimated Skype International call market share in 2014 is around 40% ,more than 200 billion minutes per year

VoIP


Skype protocol

The Skype protocol is a proprietary Internet telephony network based on peer-to-peer architecture, used by Skype. The protocol's specifications have not been made publicly available by Skype and official applications using the protocol are closed-source.

The Skype network is not interoperable with most other Voice over IP (VoIP) networks without proper licensing from Skype

Numerous attempts to study and/or reverse engineer the protocol have been undertaken to reveal the protocol, investigate security or to allow unofficial clients.

VoIP


• After acquisition, Microsoft announced the deprecation of the old Skype protocol

• The new Skype protocol promises better offline messaging and better messages synchronization across Skype devices.

• The deprecation became effective in the second week of August, 2014

VoIP


Skype Architecture

• Skype was the first peer-to-peer IP telephony network. The network contains three types of entities: super nodes, ordinary nodes, and the login server. Each client maintains a host cache with the IP address and port numbers of reachable super nodes.

• The Skype user directory is decentralized and distributed among the super nodes in the network.

• Skype does not support the use of the IPv6 protocol, which would greatly reduce the complexity associated

VoIP


Type of nodes: Ordinary host

Skype Client

Super nodes (SN)

Also a Skype Client Must have a public IP address Determined to have sufficient bandwidth, CPU, memory

Login server

VoIP


Login

On the first login, Skype client establishes TCP connection with Bootstrap Super Node Hard-coded into Skype client application

Logins are routed through a Super Node If no Super Nodes are reachable, login fails

Attempts to use Ports 80 and 443 if behind firewall

VoIP


Login

• Login is perhaps the most critical function to the Skype operation.

• It is during this process a SC authenticates its user name and password with the login server, advertises its presence to other peers and its buddies, determines the type of NAT and firewall it is behind, and discovers online Skype nodes with public IP addresses.

• It was observed that these newly discovered nodes were used to maintain connection with the Skype network should the SN to which SC was connected became unavailable.

VoIP


Login Process

VoIP


Login Process (contd.)

• The HC must contain a valid entry for a SC to be able to connect to the Skype network. If the HC was filled with only one invalid entry, SC could not connect to the Skype network and reported a login failure.

• To understand and gain useful insights in the Skype login process by observing the message flow between SC and this invalid HC entry. The experimental setup and observations for the login process are described below:

• First, we flushed the SC host cache and filled it with only one entry which was the IP address and port number of a machine on which no Skype client was running.

• The SC was then started and a login attempt was made. Since HC had an invalid entry, SC could not connect to the Skype network. We observed that the SC first sent a UDP packet to this entry. If there was no response after roughly five seconds, SC tried to establish a TCP connection with this entry. It then tried to establish a TCP connection to the HC IP address and port 80 (HTTP port). If still unsuccessful, it tried to connect to HC IP address and port 443 (HTTPS port). SC then waited for roughly 6 seconds. It repeated the whole process four more times after which it reported a login failure.

VoIP


Login Process (contd.)

• It was observed that a SC must establish a TCP connection with a SN in order to connect to the Skype network. If it cannot connect to a super node, it will report a login failure.

• Most firewalls are configured to allow outgoing TCP traffic to port 80 (HTTP port) and port 443 (HTTPS port). A SC behind a firewall, which blocks UDP traffic and permits selective TCP traffic, takes advantage of this fact.

• At login, it establishes a TCP connection with another Skype node with a public IP address and port 80 or port 443.

VoIP


Login Server

• After a SC is connected to a SN, the SC must authenticate the user name and password with the Skype login server.

• The login server is the only central component in the Skype network. It stores Skype user names and passwords and ensures that Skype user names are unique across the Skype name space.

• SC must authenticate itself with login server for a successful login.

• It was observed during the experiments that SC always exchanged data over TCP with a node whose IP address was 80.160.91.11.

• It was since then believed that this node is the login server.• A reverse lookup of this IP address retrieved NS records whose

values are ns14.inet.tele.dk and ns15.inet.tele.dk. It thus appears from the reverse lookup that the login server is hosted by an ISP based in Denmark.

VoIP


Host cache (HC)

A list of super node IP address and port pairs that Skype Client (SC) builds and refresh regularly.

At least one valid entry must be present in the HC. A SC stores HC in the Windows registry, Local to

one machine and is not stored on a central server The SN is selected by the Skype protocol based on

a number of factors like CPU and available bandwidth.

After running a SC for two days, it was observed that HC contained a maximum of 200 entries

VoIP


Encryption

Skype uses AES to protect sensitive information.

Uses 256-bit encryption, which has a total of 1.1X1077 possible keys.

Uses 1536 to 2048 bit RSA to negotiate symmetric AES keys.

User public keys are certified by login server at login.

VoIP


Skype Operation

Skype, like many other VoIP (Voice over Internet Protocol) clients available, has changed the way we think about communication

VoIP owes its versatility to another fantastic technology, the Internet. Instead of sending signals via a PSTN network, be it analog or digital, a VoIP application usually uses SIP (a variation of the standard TCP/IP protocols) to create data packets, and sends them on the same network you use for email and web surfing.

By using data packets, the technology can be used to carry more than the standard mono voice your old telephone does; VoIP can carry text, images, live video and high quality stereo sound as well as ’screen sharing’, depending on the speed and reliability of your internet connection.

VoIP


Skype: peers as relays• problem: both Alice, Bob

are behind “NATs” – NAT prevents outside peer

from initiating connection to insider peer

– inside peer can initiate connection to outside

relay solution: Alice, Bob maintain open connection

to their SNs Alice signals her SN to

connect to Bob Alice’s SN connects to Bo

b ’s SN Bob’s SN connects to Bob

over open connection Bob initially initiated to his SN

VoIP


NAT and firewall traversal

• NAT and firewall traversal are important Skype functions.• Each Skype node uses a variant of STUN protocol to

determine the type of NAT and firewall it is behind.• There is no global NAT and firewall traversal server

because if there was one, the Skype node would have exchanged traffic with it during login and call establishment.

• The Skype network is an overlay network and thus each Skype client (SC) should build and refresh a table of reachable nodes. In Skype, this table is called host cache (HC) and it contains IP address and port number of super nodes.

VoIP


Global Index

• Skype claims to have implemented a ‘3G P2P’ or ‘Global Index’ technology, which is guaranteed to find a user if that user has logged in the Skype network in the last 72 hours.

• Skype uses wideband codecs which allows it to maintain reasonable call quality at an available bandwidth of 32 kb/s. It uses TCP for signaling, and both UDP and TCP for transporting media traffic.

• Signaling and media traffic are not sent on the same ports.

VoIP


Conferencing

A call was established between A (the most powerful one) and B. Then B decided to include C in the conference. From the ethereal dump, we observed that B and C were sending their voice traffic over UDP to SC on machine A, which was acting as a mixer.

It mixed its own packets with those of B and sent them to C over UDP and vice versa

VoIP


Even if user B or C started a conference, A, which was the most powerful amongst the three, always got elected as conference host and mixer.

If iLBC codec is used, the total call 36 KB/s for a two-way call. For three-user conference, it jumps to 54 kb/s for the machine hosting the conference.

For a three party conference, Skype does not do full mesh conferencing.

To host a conference with 5 parties you need a big PC, a Pentium 4 or thereabouts. With a PIII CPU of 450 MHz you will be limited to hosting 3 parties.

VoIP


Conclusion

• Skype is the first VoIP client based on peer-to-peer technology. There are three factors are responsible for its increasing popularity.

• First, it provides better voice quality than MSN and Yahoo IM clients; second, it can work almost seamlessly behind NATs and firewalls; and third, it is extremely easy to install and use.

• It is believed that Skype client uses its version of STUN protocol to determine the type of NAT or firewall it is behind. The NAT and firewall traversal techniques of Skype are similar to many existing applications such as network games.

• It is by the random selection of sender and listener ports, the use of TCP as voice streaming protocol, and the peer-to-peer nature of the Skype network, that not only a SC traverses NATs and firewalls but it does so without any explicit NAT or firewall traversal server.

• Skype uses TCP for signaling. It uses wide band codecs and has probably licensed them from GlobalIPSound. Skype communication is encrypted end-to-end.

VoIP


Q & A

Question and Answer Session

Voice over IP

Documents

introduction of voip

voip considerations

use of voip

ip networks

powersome voip providers

transmission of voice

network traffic introduction

different standards