The SpeedTouchTM SIP multi-media PBX

The SpeedTouchTMIntegrated SIP multi-media PBX

Author:

Date:

Edition:

Elisabeth LEPOIL

June 2003

v2.0

Abstract:

Applicability:

Updates:

This application note provides technical information on the SIP multi-media PBX integrated in SpeedTouch™ products. A general introduction presents Voice-over-IP communications and gives you an overview of SIP-enabled networks. Then, we describe how the SpeedTouch™ SIP PBX can be introduced in your SIP-enabled network and point out the valuable services it offers to the end-user. The last part of this document explains how to configure the SIP PBX services and gives you information on some commercial SIP endpoints configuration.

This application note applies to the SpeedTouch™ 610(i/s/v) Business DSL Routers.

Due to the continuous evolution of DSL technology, existing products are regularly upgraded. For more information on the latest technological innovations, software upgrades, and documents, please visit the SpeedTouch™ web site at:

http://www.speedtouch.com

R-SYS-20030506-0002 v2.0

1

The SpeedTouchTM SIP multi-media PBX

1 INTRODUCTION

1.1 From traditional telephony to Voice-over-IP communications

For many years, most of the telephony was made on the old Public Switched Telephone Network (PSTN) and, over time, telephone service providers have enhanced their services by providing Custom Local Area Signaling Service (CLASS) features to the customers. Those CLASS features permit subscribers of the features to tailor their telephone service according to individual needs (e.g : call screening, call logging…). Rapidly, it appeared that a customized version of the CLASS features is required in medium-to-large sized business, in order to facilitate business and group communications. The so-called Private Branch eXchange (PBX) was born!

Today, Internet telephony, defined as the transport of telephone calls over the Internet, can be used to send packets between two or more parties without reserving the connection. Furthermore, based on a powerful signaling protocol such as SIP protocol, Voice-over-IP communications allow other Internet applications as Web, email, chat, presence and instant messaging to be blended with voice to provide entirely new classes of services & features not available with circuit-switched telephony. So, despite QoS issues on the public Internet network and the quick erosion of cost differentials between PSTN-based telephony and IP-based telephony, Voice-over-IP communications are more and more popular. Consequently, they are pushed by a number of the industry’s leading providers, including Microsoft®, AOL and Yahoo!

The SpeedTouch™ router has a key role in the enhancement of Voice-over-IP services for corporations, universities or enterprises. Using the SpeedTouch™ integrated multi-media SIP PBX, the user can secure the SIP communications and manage, without involvement of the operator, certain local services such as registration blocking, sessions screening, sessions logging. The added value of a PBX is now available in a SIP-enabled network!

1.2 SIP-based IP network in general

Session Initiation Protocol (SIP), defined in RFC 3261[1], is a signaling protocol used for initiating, modifying and terminating sessions in an IP network. These sessions can be voice calls, video calls, text chat sessions, or anything else that two SIP-enabled endpoints can facilitate. A powerful characteristic of the SIP protocol is that it is a lightweight text-based protocol that leverages the power of the Internet by borrowing such common elements as the format of HTTP, Domain Name System (DNS) and email style addressing (SIP URL). A SIP-enabled IP network includes usual IP components and services such as routers and DNS servers, as well as SIP user agents (UA) and optionally SIP network servers.

The SIP User Agents, addressed by SIP URLs, are effectively the end system components for a session (e.g IP phone, PC or PDA); they originate and terminate SIP requests. SIP User Agents can implement advanced services such as Call Waiting, Call Hold or Call Transfer for IP telephony, and they can autonomously call each other if their SIP URL includes their own IP address (e.g john@194.0.0.4 can call Julie@193.0.0.110). But SIP UAs can also benefit from SIP network servers advanced services & addressing capabilities.

R-SYS-20030506-0002 v2.0

2

The SpeedTouchTM SIP multi-media PBX

The SIP network servers are network devices that handle the signaling associated with multiple sessions. In a proxy model, a SIP proxy server forwards signaling messages between the called and calling parties in a similar way as a HTTP proxy server does it in a HTTP system; it is the only point of contact that the clients have for signaling messages. After the session has been established, the RTP [9] audio or video packets are sent directly between the clients. See Figure 1 below.

S IP U A 1 S IP U A 2

IP ne tw o rk

S IP -enab led IP ne tw o rk

S IP signa llin g m essage s

S IP signa llin g m essage s

A ud io /V id eo d a ta

A ud io /V id eo d a ta

R eg istra rs (o p tio na l) S IP p ro x y servers

(o p tio na l)

joh n@ p roxy_ ren n es-IP _ ad d ress joh n@ sip_ ren n es

Ju lie@ p roxy_ p aris_ IP _ ad d ress Ju lie@ sip_ paris

Figure 1 i SIP operat on

A SIP proxy server makes use of a location database, updated by a SIP registrar, in order to locate the called user agent. Indeed, SIP UAs periodically register their current location with a SIP registrar that may be collocated with a SIP proxy server.

These bindings between UAs’ SIP URLs and the IP address of the machine into which they are currently logged cope with user agent mobility. Indeed, SIP UAs can be remotely addressed via the IP address of the SIP proxy server managing their SIP domain (e.g : john@proxy_rennes_IP_address) or, in a friendly way, using their SIP domain name (e.g john@sip_rennes). SIP User Agents can, furthermore, benefit from advanced services available on SIP proxy servers such as call logging, call billing or call screening.

Refer to APPENDIX B, for information on the basic SIP messages flow exchanged between the calling User Agent and the called User Agent, in a proxy model.

R-SYS-20030506-0002 v2.0

3

The SpeedTouchTM SIP multi-media PBX

2 THE SPEEDTOUCH™ MULTI-MEDIA SIP PBX IN VARIOUS SIP-ENABLED IP NETWORK TOPOLOGIES

Acting as both a SIP registrar and a SIP proxy server, the SpeedTouch™ SIP PBX can be very valuable in various SIP-based network topologies:

•

•

•

•

In a single-site SOHO environment,

In an operator network,

In a multi-site SOHO/SME environment but also,

In a home-working environment.

In all those network topologies, the SpeedTouch™ SIP PBX is considered as the local registrar and proxy server for the SIP UAs connected on its Ethernet interface. All those LAN devices are configured with the SpeedTouch™ SIP PBX as their outbound proxy server & registrar server. Refer to APPENDIX A for SIP UAs configuration examples.

As explained in the following paragraphs, introducing the SpeedTouch™ SIP PBX in those network configurations allows you to, easily and in a centralized way, customizing your own Intelligent Network (IN) services, via the SpeedTouch™ WEB interface. Furthermore, the SpeedTouch™ SIP PBX plays a key role in securing SIP communications that involve the Voice-over-IP devices connected on its LAN interface.

2.1 The SpeedTouch™ multi-media SIP PBX in a “single site Small Office/Home Office” environment

In a single site SOHO environment, SIP communications between SIP User Agents are done in the simplest way. SIP network servers are not used and so limited CLASS services are available to the user. Introducing the SpeedTouch™ multi-media SIP BX in your network, you are able to improve the services available for your SIP communications and secure your LAN network. See Figure 2 .

S p eed T o uch-S IP P B X

1 @ 1 0 .0 .0 .1 3 8

2 @ 1 0 .0 .0 .1 3 8

3 @ 1 0 .0 .0 .1 3 8

1 0 .0 .0 .1

1 0 .0 .0 .2

1 0 .0 .0 .3

S IP -enab led W A N netw o rk

N A T D S L

4 @ 1 9 4 .0 .0 .1 61

5 @ 1 9 4 .0 .0 .1 62

1 9 4 .0 .0 .11 0 .0 .0 .1 38

S IP U A 1

S IP U A 2

S IP U A 3

S IP U A 4

S IP U A 5

Figure 2 lSing e site SOHO

R-SYS-20030506-0002 v2.0

4

The SpeedTouchTM SIP multi-media PBX

The first level of security available for SIP communications across the SpeedTouch™ SIP PBX refers to its registrar server capability. Indeed, as explained in paragraph 3.1, only LAN users configured as “SpeedTouch™ SIP users” and registered in the SpeedTouch™ SIP PBX can be involved in SIP communications across the SpeedTouch™ SIP PBX. As an example, in the scenario described in Figure 2 , 1@10.0.0.138 and 3@10.0.0.138 can call each other only if both SIP UAs are registered “SpeedTouch™ SIP users”. If 2@10.0.0.138 is not configured as a “SpeedTouch™ SIP users”, it is not allowed to make or receive SIP calls. Furthermore, enabling the Network Address Translation (NAT) feature on the WAN interface of the SpeedTouch™, LAN SIP UAs are accessible via a unique public IP address allocated to the SpeedTouch™ WAN interface (e.g : 194.0.0.1, on Figure 2 ). In the example depicted on Figure 2 , SIP UA4 can contact SIP UA1 at 1@194.0.0.1 , SIP UA2 at 2@194.0.0.1 and SIP UA3 at 3@194.0.0.1.

A higher level of security for SIP communications can also be configured in the SpeedTouch™ SIP PBX. Before forwarding SIP messages between the calling SIP UA and the called SIP UA, the SpeedTouch™ integrated proxy server checks the configured screening conditions (refer to paragraph 3.3) and it rejects non-authorized sessions. Other additional services such as session logging can also help you securing your SIP communications.

To operate without external outbound registrar/proxy server, the SpeedTouch™ SIP PBX has to be configured with the following default “SIP settings”:

Figure 3 tSpeedTouch™SIP PBX configuration without outbound proxy/regis rar

R-SYS-20030506-0002 v2.0

5

The SpeedTouchTM SIP multi-media PBX

2.2 The SpeedTouch™ multi-media SIP PBX in an operator network

In a business environment (see Figure 4 ), all the power of the SIP protocol is intrinsically available; outbound registrars & proxy servers, located in the operator network, deal with SIP UAs mobility and they offer advanced CLASS services. Nevertheless, the SpeedTouch™ SIP PBX can also be very valuable in this environment. Indeed, collaborating with those external outbound SIP network servers to manage the UA’s SIP domain, the SpeedTouch™ SIP PBX allows you to manage, without any assistance from the operator, your own CLASS services.

D S L

S p eed T o uch –S IP P B X

1 @ sip renne s

2 @ sip renne s

3 @ sip renne s

1 0 .0 .0 .1

1 0 .0 .0 .2

1 0 .0 .0 .3

S IP -enab led W A N netw o rk

A lca te l 5 0 2 0 (reg istra r/p ro x y)

N A T

4 @ sip p aris

5 @ sip _ ed ege m

1 9 4 .0 .0 .1

1 9 4 .0 .0 .4

1 9 4 .0 .0 .5

1 9 4 .0 .0 .16 1

S IP U A 1

S IP U A 2

S IP U A 3

S IP U A 4

S IP U A 5

Figure 4 tOperator rolling ou SIP

WAN SIP UAs (e.g : 4@sip_paris, 5@sip_edegem on Figure 4 ) are managed by the external outbound SIP network servers whereas communications involving LAN SIP UAs(e.g : 1@sip_rennes, 2@sip_rennes , 3@sip_rennes on Figure 4 ) are managed by both the SpeedTouch™ SIP PBX and the outbound network SIP servers. The SpeedTouch™ SIP PBX processes SIP signaling messages as a first-hop registrar and proxy server and it relays SIP requests and responses between the LAN SIP UAs and the next-hop external outbound SIP network servers. SIP communications security can be locally managed by the SpeedTouch™ SIP PBX. More precisely, the general SIP PBX filtering rules described in paragraph 3.1 also apply to this network configuration. In the example described in Figure 4 , 1@sip_rennes and 2@sip_rennes have to be configured as “SpeedTouch™ SIP users” and registered in the SpeedTouch™ SIP PBX in order that 1@sip_rennes can call 4@sip_paris or 2@sip_rennes and, 4@sip_paris can contact 1@sip_rennes, 2@sip_rennes. On the SpeedTouch™ SIP PBX, you can also locally manage additional CLASS services such as session screening or session logging (refer to paragraph 3.3), leading to an easy customization of the IN services you require.

In order to operate in the network environment described in Figure 4 , including the ALCATEL 5020 SIP server (registrar & proxy server collocated together), the SpeedTouch™ SIP PBX has to be configured in the following way :

R-SYS-20030506-0002 v2.0

6

The SpeedTouchTM SIP multi-media PBX

Figure 5 /SpeedTouch™SIP PBX configuration with outbound proxy registrar

2.3 The SpeedTouch™ multi-media SIP PBX in a “multi-site SOHO/SME” environment

As depicted in Figure 6 , SpeedTouch™ multi-media SIP PBXs can also be involved in a multi-site SOHO/SME environment. Used in this context, the SpeedTouch™ SIP PBX acts as THE registrar and proxy server for the entire SOHO/SME network and so it provides advanced SIP services for the whole SIP network.

D S L

S p eed T o uch S IP P B X -A

1 @ sip renne s

2 @ sip renne s

3 @ sip renne s

1 0 .0 .0 .1

1 0 .0 .0 .2

1 0 .0 .0 .3

S IP -enab led W A N netw o rk

S p eed T o uch S IP P B X -B

S p eed T o uch S IP P B X -C

4 @ sip p aris 2 0 .0 .0 .4

5 @ sip p aris2 0 .0 .0 .5

6 @ sip ed ege m3 0 .0 .0 .6

7 @ sip ed ege m3 0 .0 .0 .7

D S L

D S L

1 9 4 .0 .0 .1

1 9 4 .0 .0 .2

1 9 4 .0 .0 .3N A T

N A T

N A T

Figure 6 - Multi site SOHO/SME

In such scenario, at least two SpeedTouch™ multi-media SIP PBXs are involved. One of them, named the “master SIP PBX” (e.g : SIP PBX A on Figure 6 ), acts as the outbound registrar/proxy server for the whole SIP-based network. The other SpeedTouch™ SIP PBXs in this network are “slave SIP PBXs” (e.g : SIP PBX B&C on Figure 6 ); they rely on the “master SIP PBX” for advanced SIP features. Consequently, the master SpeedTouch™ SIP PBX is configured without external outbound proxy/registrar server whereas the slave

R-SYS-20030506-0002 v2.0

7

The SpeedTouchTM SIP multi-media PBX

SpeedTouch™ SIP PBXs are configured with the master SIP PBX as their outbound proxy/registrar server. As an illustration, in the example described on Figure 6 , master SpeedTouch™ SIP PBX A is configured as follows:

Figure 7 Master SpeedTouch™SIP PBX configuration

For the SpeedTouch™SIP PBX B & C, the configuration is the following one:

Figure 8 l

•

S ave SpeedTouch™SIP PBX configuration

Like in the other, previously described, network configurations (paragraph 2.1 & 2.2), only LAN SIP UAs configured as “SpeedTouch™ SIP Users” on the SIP PBX they are attached to (refer to paragraph 3.1), are allowed to be involved in SIP communications. In addition, in this last scenario, only the WAN SIP UAs configured as “SpeedTouch™ SIP Users” of the “SIP PBX Master” can make and receive SIP sessions. In the example described on Figure 6 , to interconnect all SIP UAs of this network, the following configurations of the SpeedTouch™SIP PBX are required:

4@sip_paris and 5@sip_paris configured as “SIP users” for SpeedTouch™ SIP PBX B,

• 6@sip_edegem & 7@sip_edegem configured as “SIP users” for SpeedTouch™ SIP PBX C,

• 1@sip_rennes, 2@sip_rennes, 3@sip_rennes, 4@sip_paris, 5@sip_paris, 6@sip_edegem, 7@sip_edegem have to be “SIP users” for SpeedTouch™ SIP PBX.

R-SYS-20030506-0002 v2.0

8

The SpeedTouchTM SIP multi-media PBX

The master SpeedTouch™ SIP PBX provides advanced addressing capabilities for the whole SIP network (e.g : any SIP UAs can be addressed by a SIP domain name). Furthermore, as all SIP UAs residing in this network are known from the master SIP PBX, SIP services for any SIP UAs in this network can be managed directly from the master SpeedTouch™ SIP PBX. Refer to paragraph 3.3 for more information on how to configure those IN services.

2.4 The SpeedTouch™ multi-media SIP PBX in a “home-working” environment

In a home-working environment (See Figure 9 ), an employee can communicate, in a secure way, with SIP user agents located in the corporate network, through an Ipsec tunnel. The employee’ SIP UA remotely registers to the corporate SpeedTouch™ SIP PBX, and SIP communications can be established between the employees, using the Ipsec client/gateway capability of the SpeedTouch™ 610.

D S L

S p eed T o uch 6 1 0 (e m b ed d ed Ip sec

c lien t

1 0 0 @ sip tb f 1 0 .0 .0 .1 IS P W A N

ne tw o rk

S p eed T o uch 6 1 0S IP P B X -A Ip sec G W

2 0 0 @ sip tb f2 0 .0 .0 .1

3 0 0 @ sip tb f2 0 .0 .0 .2

D S L

1 9 4 .0 .0 .2 1 9 4 .0 .0 .1

N A T N A T

Ip sec tu n n e l

C o rp o ra te n e tw o rk

Figure 9 Homeworking environment

Refer to [19] for information on how to configure an IPsec tunnel between an Ipsec client and the SpeedTouch™ 610 Ipsec gateway.

The SpeedTouch™ SIP PBX A is the only SIP server of the corporate network so it is configured without neither external outbound proxy server nor external outbound registrar server. Refer to 2.3Figure 7 to configure its SIP settings.

Local and remote employees’ SIP UA have to be configured as SpeedTouch™A SIP users. In the example described in Figure 9 , 1@sip_tbf, 2@sip_tbf and 3@sip_tbf are SpeedTouch™ SIP PBX A users.

Black lists can also be configured for each of those SIP UAs.

Let’s now describe more precisely how the SIP protocol is supported across the SpeedTouch™.

R-SYS-20030506-0002 v2.0

9

The SpeedTouchTM SIP multi-media PBX

3 SIP PROTOCOL IN THE SPEEDTOUCH™

By default, the SpeedTouch™ catches SIP protocol messages, carried over UDP, on the default SIP protocol port (port # 5060). But it can also be configured to listen SIP signaling messages on another port number (See “Listening port” parameter on Figure 4 ).

The implementation of the SIP protocol in the SpeedTouch™ includes:

•

•

•

SIP user registration

SIP messages relay with IN services support

Transparency for SIP protocol across NAT

All those features only apply to the SIP UAs managed by the SIP PBX that is to say the “SpeedTouch™ SIP users”

3.1 The SpeedTouch™ SIP users

On the SpeedTouch™, it is possible to make restrictions on the users that can be involved in SIP communications across the SIP PBX.

Only the configured “SpeedTouch™ SIP users” are allowed to make outbound sessions across the SpeedTouch™. In addition, those configured SIP users have to register in the SpeedTouch™ SIP PBX in order to be able to receive inbound sessions.

The SpeedTouch™ SIP users are configured with a SIP URL and an IP address at which they are allowed to be contacted. Note that the configured SIP URLs can represent a group of SIP UAs (e.g : configure *@sip_rennes to allow any UAs in the “sip_rennes” domain) and that static(e.g : 10.0.0.2/32) and dynamic UAs contact IP address(e.g : 0.0.0.0/0) are supported.

As an example, in the network scenarios described on Figure 4 , 1@sip_rennes, 2@sip_rennes are allowed to be involved in SIP communications across the SIP PBX only if they are configured as SpeedTouch™ SIP users:

Figure 10 Configuration of SpeedTouch™ SIP visible users

R-SYS-20030506-0002 v2.0

10

The SpeedTouchTM SIP multi-media PBX

By default, all “SpeedTouch™ SIP users” are configured to operate in the SIP network configuration defined globally for the SIP PBX (See “SIP settings” examples on Figure 3 , Figure 5 and Figure 8 ). But, you can also define a SIP network topology per “SpeedTouch™ SIP user”, configuring or not an outbound registrar and a proxy server per “SpeedTouch™ SIP user”. See Figure 10 .

3.2 The integrated SIP registrar

The SpeedTouch™ integrated SIP registrar processes Register request & associated responses in order to keep track of the SpeedTouch™ SIP users location information.

More precisely, the REGISTRATION process in the SpeedTouch™ SIP PBX can be described as follows:

1

2

3

•

•

4

5

Catch any SIP REGISTER request received on the SIP PBX port (by default port # 5060)

Check that the caller UA is configured as a SpeedTouch™ SIP user and that the IP address at which it wants to be contacted matches the “Contact” IP address configured for this SpeedTouch™ SIP user. If at least one condition is not met, SpeedTouch™ SIP PBX rejects the session and sends a reply message “403 Forbidden”

Check if an outbound registrar is configured for this SIP communication:

If Yes, the “Contact” field and the “Via” field of the SIP REGISTER request are updated with the IP address of the SpeedTouch™ WAN interface and the SIP request is forwarded to the external outbound registrar. Then, SpeedTouch™ SIP PBX waits for a REGISTER response from the outbound registrar.

If No, the SpeedTouch™ SIP PBX replies, by its own, to the REGISTER request, sending a “200 OK” response.

Update its internal location table with the Contact IP address of the user and the remaining timeout of the registration. Until this timeout expires, the “Contact” IP address is used to route inbound sessions to the proper SIP UA.

Forward the Register response to the originating UA.

R-SYS-20030506-0002 v2.0

11

The SpeedTouchTM SIP multi-media PBX

The location table updated by the SpeedTouch™ SIP registrar can be displayed:

Figure 11 SIP PBX Location table

3.3 The integrated SIP proxy server

The SpeedTouch™ SIP PBX also integrates a SIP proxy server. It relays outbound SIP messages to a configured outbound proxy server or directly to the called SIP UA. It also forwards inbound SIP messages to the device from which the called UA has registered.

To increase SIP communications security, it may make sense to block sessions originating from either side of the network that are associated with particular users, on account of fraud, abuse, and so forth. Therefore, the SpeedTouch™ SIP PBX policy logic analyses the From/To field in SIP INVITEs messages, comparing the URI with a list of undesirables, and if it finds a match returning a 403 Forbidden message and refusing to pass the signaling along.

More precisely, the SpeedTouch™ SIP PBX includes an outbound session screening feature. It allows the subscriber to prohibit outbound sessions, through the use of an outbound black list, configurable via the SpeedTouch™ WEB interface. In a similar way, inbound sessions can be controlled by the inbound session screening capability of the SpeedTouch™ SIP PBX. This allows the subscriber to restrict inbound sessions originating from users configured an inbound black list.

R-SYS-20030506-0002 v2.0

12

The SpeedTouchTM SIP multi-media PBX

As an example, the configuration described in Figure 12 prevents 1@site_rennes from making a call to 4@site_paris and from receiving calls from the user 2@sip_rennes :

Figure 12 t

1

2

3

4

•

• •

5

6

Inbound and ou bound black lists configuration

In a nutshell, the SpeedTouch™ SIP proxy server processes SIP messages as follows:

For outbound SIP requests:

Catch any outbound SIP request received on the SIP PBX port (by default port # 5060)

Check that the caller UA is configured as a SpeedTouch™ SIP user. If this condition is not met, it rejects the session and sends a reply message “403 Forbidden”

Check that the called UA is not configured in the outbound black list of the caller UA. Otherwise, it rejects the session and sends a reply message “403 Forbidden”

Determine where the SIP request has to be routed:

To the next-hop server if there is one external outbound proxy server configured for this SIP communication,

Directly to the IP address of the called SIP UA if it is a Direct call

Directly to the contact IP address of the concerned called UA if the called UA is configured as a SpeedTouch™ SIP user and registered in the SpeedTouch™ SIP PBX.

Then, forward the SIP request to this destination, updating the “Contact” field and the “Via” field of the SIP message with the IP address of the SpeedTouch™ WAN interface.

If the destination of the SIP message can’t be determined, it rejects the session and replies with a “404 Not found” message.

R-SYS-20030506-0002 v2.0

13

The SpeedTouchTM SIP multi-media PBX

For inbound SIP requests:

1

2

3

4

Figure 13

Catch any inbound SIP request received on the SIP PBX port (by default port # 5060)

Check, in its location table, that the called UA is configured as a SpeedTouch™ SIP user and registered in the SpeedTouch™ SIP PBX. If one condition is not met, it rejects the session and sends a reply message “404 Not found”

Check that the caller UA is not configured in the inbound black list of the called UA. Otherwise, it rejects the session and sends a reply message “403 Forbidden”

Update the “Via” & “Contact” fields of the SIP message and forwards the inbound SIP request to the called UA.

All inbound and outbound SIP sessions that cross the multi-media SIP PBX can be monitored from the SpeedTouch™ WEB interface. This is a useful tool to supervise the SIP communications involving your LAN UAs.

SpeedTouch™ SIP PBX Session logging

R-SYS-20030506-0002 v2.0

14

The SpeedTouchTM SIP multi-media PBX

3.4 Transparency of SIP protocol across NAT

The multi-media SIP PBX can be used with the Network Address Translation (NAT) feature of the SpeedTouch™. This NAT mechanism is very valuable when connecting for instance an enterprise or home IP network to the Public IP network. Indeed, it translates an IP address used within one “inside” network(e.g : LAN network) to a different IP address known within another “outside” network (e.g : WAN network). It allows users on the inside network to see the outside network but the outside users cannot see the inside users, as all communication with the outside network is done via the translation device.

In order to transparently support the SIP protocol across its NAT module, the SpeedTouch™ embeds a SIP Application Level Gateway (ALG) that rewrites SIP messages header and body with the right translated/de-translated IP addresses.

The multi-media SIP PBX autonomously creates the appropriate NAT settings to accept inbound sessions across the SpeedTouch™ when NAT is enabled on its WAN interface. No extra configuration is required from the user. For instance, in the scenario described on Figure 2 , when NAT is enabled on a WAN interface of the SpeedTouch™, the following NAT entry is created by the SpeedTouch™ SIP PBX to catch all inbound SIP messages arriving on the SIP protocol port (e.g : port number 5060) of this interface: :nat list

Indx Prot Inside-address:Port Outside-address:Port Foreign-address:Port Flgs Expir 2 UDP 127.0.0.1:5060 194.0.0.1:5060 0.0.0.0:0 19 0

Therefore, in the SpeedTouch™, the benefits of both the NAT feature and the SIP PBX feature can be combined.

R-SYS-20030506-0002 v2.0

15

The SpeedTouchTM SIP multi-media PBX

4 CONCLUSION

Whatever your SIP-enabled network topology, the SpeedTouch™ SIP PBX provides you valuable services, for your Voice-over-IP communications. You can benefit from its integrated CLASS services and customize, via the friendly WEB interface of the SpeedTouch™, your own Intelligent Network services.

In a nutshell, to use the SpeedTouch™ SIP PBX in your network, proceed as follows:

1

2

3

4

5

6

Determine in which network environment you want to use the SpeedTouch™ SIP PBX (refer to paragraph 2.1, 2.2 or 2.3) and configure the “SIP settings” for the SpeedTouch™ SIP PBX, in the appropriate way.

Configure the “SpeedTouch™ SIP users” (refer to paragraph 3.1) on your SpeedTouch™ SIP PBX,

For advanced SIP communications security, configure inbound/outbound black lists in the SpeedTouch™ SIP PBX, (refer to paragraph 3.3),

Configure your SIP User Agents to work with the SpeedTouch™ SIP PBX (Refer to APPENDIX A),

Register your SIP UAs and check that the Registration process succeeds, viewing the SIP PBX location table (refer to Figure 11 ).

Establish SIP sessions and monitor sessions logging via the SpeedTouch™ WEB interface (refer to Figure 13 ).

R-SYS-20030506-0002 v2.0

16

The SpeedTouchTM SIP multi-media PBX

APPENDIX A

1

CONFIGURATION OF SIP UAS TO WORK WITH THE SPEEDTOUCH™ MULTI-MEDIA SIP PBX

Set-up with ST 280/282

Using the SpeedTouch™ 280/282 in collaboration with the SpeedTouch™ SIP PBX, you benefit from plug-and-play SIP phones. The WEB interface of the SpeedTouch™280/282 does not need to be used and the IP phones are remotely configured from the SpeedTouch™ router WEB interface.

Indeed, in factory default, the SpeedTouch™ 280/282 is in DHCP mode. Each phone transmits a guaranteed unique name to the SpeedTouch™ DHCP server (e.g : ST 280-MACAddress) and derives its phone number from the last byte of the IP address it gets from the DHCP server (e.g : if the IP address is 10.0.0.1, the telephone number is 1. Furthermore, the SpeedTouch™ 280/282 is, by default, configured with the SpeedTouch™ LAN IP address (e.g : 10.0.0.138) as its default gateway IP address, and its outbound proxy server.

Therefore, as soon as the SpeedTouch™ 280/282 are connected to the SpeedTouch™ router, they are operational and they can be involved in SIP communications across the SpeedTouch™ SIP PBX.

In a nutshell, to use the SpeedTouch™ 280/282 in collaboration with the SpeedTouch™ 610 SIP PBX, proceed as follows:

Surf to the DHCP server of the SpeedTouch™ router and click on the “Server leases” web page. All the connected SpeedTouch™ 280/282 SIP phone can be noticed :

Figure 14

2

3

DHCP server of the SpeedTouch™

Using the telephone numbers shown on this web page, the user can call from every SpeedTouch™ 280/282 phone to every other SpeedTouch™ 280/282 phones. The user can also identify which phone is located where, by calling a phone number and checking which phone rings.

If the phone numbers are OK for the user, then he creates a static DHCP server lease to guarantee that the next time the IP phone will get the same IP address and so the same phone number. Select a DHCP entry and ‘Lock’ it.

R-SYS-20030506-0002 v2.0

17

The SpeedTouchTM SIP multi-media PBX

Permanent DHCP entries Figure 15

4 Configure the SpeedTouch™ SIP PBX as summarized in paragraph 4.

Note : Using the ST280/282 WEB interface, you can modify the phone’s domain name configuring the “Domain name” parameter.

R-SYS-20030506-0002 v2.0

18

The SpeedTouchTM SIP multi-media PBX

Configuration of a Pingtel hard phone

To use the Pingtel phone with the SpeedTouch™ SIP PBX,

1

•

•

•

2

Connect to the Pingtel WEB interface and configure the following parameters:

the “SIP_DIRECTORY_SERVERS”, “SIP_PROXY_REGISTERS” have to be configured with the LAN IP address of the SpeedTouch™ 610 (E.g : 10.0.0.138, by default).

the “SIP_REGISTRY_SERVERS” parameter has to be configured with the phone’s domain name (e.g : 10.0.0.138, “lan.com”)

the “SIP_UDP_PORT” must be equal to the SpeedTouch™ SIP PBX listening port.

Configure the SpeedTouch™ SIP PBX as summarized in paragraph.

R-SYS-20030506-0002 v2.0

19

The SpeedTouchTM SIP multi-media PBX

Configuration of a SNOM hard phone

To use the SNOM phone with the SpeedTouch™ SIP PBX,

1

•

• •

2

Connect to the SNOM WEB interface and configure the following parameters:

The “IP Gateway” and “Outbound proxy” parameters have to be configured with the LAN IP address of the SpeedTouch™ 610 (E.g : 10.0.0.138, by default).

Select ‘Default SIP port’ as listening port for SIP messages,

the “Registrar” parameter has to be configured with the phone’s domain name (e.g : phone’s private IP address, “lan.com”)

Configure the SpeedTouch™ SIP PBX as summarized in paragraph 4.

R-SYS-20030506-0002 v2.0

20

The SpeedTouchTM SIP multi-media PBX

R-SYS-20030506-0002 v2.0

21

The SpeedTouchTM SIP multi-media PBX

Configuration of Atlinks phones

To use the Atlinks phone with the SpeedTouch™ SIP PBX,

1

•

•

2

Connect to the Atlinks WEB interface and configure the following parameters:

the “SIP_Server_IP” and “IP gateway” have to be configured with the LAN IP address of the SpeedTouch™ 610 (E.g : 10.0.0.138, by default).

the “SIP Server port” must be equal to the SpeedTouch™ SIP PBX listening port.

Configure the SpeedTouch™ SIP PBX as summarized in paragraph 4.

R-SYS-20030506-0002 v2.0

22

The SpeedTouchTM SIP multi-media PBX

Configuration of Microsoft messenger v4.6 or higher

To use MSN messenger v4.6 or higher with the SpeedTouch™ SIP PBX,

1 Apply for an iptel.org account at http://www.iptel.org/services/. Remember the chosen password well and confirm a subscription verification email.

2 Configure the SpeedTouch™ SIP PBX as summarized in paragraph 4. More precisely, configure the SIP URI you get from “iptel.org” (e.g : gilb@iptel.org) as a SpeedTouch™ SIP user and configure the IP address of “iptel.org’ as the outbound proxy/registrar.

3 Download and install MSN messenger v4.6 or higher from the Microsoft site (http://messenger.msn.com/)

4

• •

Configure MSN messenger to use SIP communications

Tools-Options-Accounts must be set to “Communication services”

Enter your sign-in-name(including your domain name). In advanced options, you are supposed to set server name to the SpeedTouch™ LAN IP address (e.g :“10.0.0.138”) and “Connect using” to UDP.

5 Sign in using the password for which you applied. Use username@iptel.org as “sign-in name” (without “sip” and with domain name), “username” (without anything else) as “user name”.

6 Now you can call your friends. Push the button “Start a Voice Conversation” and fill-in an email-like address such as “gilb@iptel.org”

R-SYS-20030506-0002 v2.0

23

The SpeedTouchTM SIP multi-media PBX

APPENDIX B OVERVIEW OF SIP REQUESTS/RESPONSES.

SIP methods

INVITE Invites a user to participate in a session; establish a connection. Also used to change state or capabilities, such as the codec used.

ACK Used to facilitate reliable message exchange for INVITEs

BYE Indicates that either the originator or the target wishes to end the call; terminates a connection or declines an invitation.

REFER Indicates that the recipient should contact a third party using provided contact information; initiates a transfer.

CANCEL Cancels a pending request; does not affect a completed request.

REGISTER Registers a user’s address with a SIP location server; resolves a public address to a specific address. Not related to specific session.

OPTIONS Solicits information about features supported by SIP servers such as supported methods and media capabilities.

NOTIFY Provides information about a state change; not related to a specific session. Used for message waiting communications with a voice mail server and to indicate the outcome of transfers.

SUBSCRIBE Indicates the desire for NOTIFY (state change) requests. Used for message waiting communications with a voice mail server.

Table 1 SIP methods supported in the SpeedTouch™

SIP Response codes

1xx Informational: trying, ringing, forwarding, queuing, in progress.

2xx Successful: OK

3xx Redirection: indicate additional information for call forwarding

4xx Request failure: indicate request errors such as missing information

5xx Server failure: timeouts, unavailable services, and other server errors

6xx Global failures: busy, declined, not found, not acceptable.

Table 2 SIP response codes supported in the SpeedTouch™

R-SYS-20030506-0002 v2.0

24

The SpeedTouchTM SIP multi-media PBX

In the proxy model, the basic SIP messages flow exchanged between the calling User Agent and the called User Agent is described in Figure 16 , Figure 17 .

S IP R eg istra r (R en n e s)

S IP R e g istra r(P a ris)

jo h n @ sip _ ren n es ju lie@ sip _ p a ris

R E G IS T E R R E G IS T E R

2 0 0 O K 2 0 0 O K

T o : joh n @ sip _ renn es C o n ta c t: 1 0 .0 .0 .5 V ia :jo hn @ sip_ ren n es

T o : Ju lie@ sip _ p a ris C on ta ct:2 0 .0 .0 .4 V ia :Ju lie@ sip_ pa ris

Figure 16 SIP User Agent registration

SIPserver@proxy_rennes SIPserver@proxy_paris

john@sip_rennes Julie@sip_paris

INVITE (Julie@sip_paris) INVITE

INVITE

200 OK

200 OK

200 OK

ACK

Media session

Where is sip paris ? Where is

Julie ?

Via:john@sip_rennes Via:SIPserver@proxy_rennes Via:john@sip_rennes Via:SIPserver@proxy_paris

Via:SIPserver@proxy_rennes Via:john@sip_rennes

TRYING, RINGING signalling messages exchanged

Via:SIPserver@proxy_paris Via:SIPserver@proxy_rennes Via:john@sip_rennes

Via:SIPserver@proxy_rennes Via:john@sip_rennes

Via:john@sip_rennes

Via:john@sip_rennes ACK

Via:SIPserver@proxy_rennes Via:john@sip_rennes Via:SIPserver@proxy_paris

Via:SIPserver@proxy_rennes Via:john@sip_rennes

ACK

Figure 17 Basic SIP messages flow, in proxy model.

R-SYS-20030506-0002 v2.0

25

The SpeedTouchTM SIP multi-media PBX

Terminology

SIP session A session can be a simple two-way telephone call or it could be a collaborative multi-media conference session. The ability to establish these sessions means that a host of innovative services becomes possible, such as voice-enriched e-commerce, web page click-to-dial, multi-media Instant Messaging with buddy lists, and location services.

SIP call A SIP call consists of one or more sessions. An example of a call that encompasses multiple session is a conference call.

Direct call SIP UAs call each other directly; no SIP servers are involved in the call.

User Agent Client

An UAC is a caller application that initiates and sends SIP requests

User Agent Server

An UAS receives and responds to SIP requests on behalf of clients; accepts, redirects or refuses calls.

LAN SIP UA SIP User Agent located on the Local Area Network (LAN) side of the SpeedTouch™ SIP PBX

WAN SIP UA SIP User Agent located on the Wide Area Network (WAN) side of the SpeedTouch™ SIP PBX

SIP registrar A registrar is a server that accepts REGISTER requests. A registrar is typically co-located with a proxy or redirect server and MAY offer location services.

SIP proxy server An intermediary program that acts as both a server and a client for the purpose of making requests on behalf of other clients. Requests are serviced internally or by passing them on, possibly after translation, to other servers.

SIP URL The “objects” addressed by SIP are identified by a SIP URL. The SIP URL takes a form similar to a mailto i.e user@host. The user part is a user name or a telephone number. The host part is either a domain name or a numeric network address. (e.g: sip:lucie@tbf.com, sip:paul@10.0.0.1, sip:pierre@tbf.ren.com)

IN services Intelligent Network services

NAT Network Address Translation

LAN/WAN interface

The WAN interface of the SpeedTouch refers to its DSL interface. The LAN interface of the SpeedTouch refers to its Ethernet interface.

Outbound From the perspective of a machine on the LAN, packets that originate from systems on the LAN and that are forwarded towards the WAN network.

Inbound From the perspective of a machine on the LAN, packets that arrive from the WAN interface and that are routed, towards a LAN device.

R-SYS-20030506-0002 v2.0

26

The SpeedTouchTM SIP multi-media PBX

References

[1] RFC 3261 SIP session initiation protocol

[2] RFC3262 Reliability of provisional responses in the Session Initiation Protocol (SIP)

[3] RFC3263 Session Initiation Protocol (SIP) : Location SIP servers

[4] RFC3264 An offer/Answer model with the Session Description Protocol (SDP)

[5] RFC3265 Session Initiation Protocol (SIP) – Specific Event Notification

[6] RFC3361 Dynamic Host Configuration Protocol (DHCP-for-IPv4) option for Session Initiation Protocol (SIP) servers

[7] RFC2976 SIP INFO method

[8] RFC 3428 Session Initiation Protocol (SIP) Extension for Instant Messaging

[9] RFC 1889 RTP : A Transport protocol for Real-Time applications

[10] RFC 2327 SDP : Session Description Protocol

[11] http://www.ietf.org/internet-drafts/draft-ietf-sip-session-timer-10.txt Session Timers in the Session Initiation Protocol (SIP)

[12] http://www.ietf.org/internet-drafts/draft-ietf-simple-winfo-package-05.txt A Watcher Information Event Template-Package for the Session Initiation Protocol (SIP)

[13] http://www.ietf.org/internet-drafts/draft-ietf-sipping-mwi-01.txt A Message summary and Message Waiting Indication Event

[14] http://www.ietf.org/internet-drafts/draft-ietf-sip-refer-07.txt The SIP Refer Method

[15] http://www.ietf.org/internet-drafts/draft-ietf-sip-cc-transfer-05.txt SIP Call Control - Transfer

[16] http://www.ietf.org/internet-drafts/draft-ietf-sipping-service-examples-03.txt Session Initiation Protocol Services Examples

[17] http://www.ietf.org/internet-drafts/draft-ietf-simple-presence-10.txt A presence Event Package for the Session Initiation Protocol (SIP)

[18] http://www.ietf.org/internet-drafts/draft-rosenberg-simple-message-session-00.txt Using Message for IM sessions

[19] “VPN client-to-site interconnection the SpeedTouch™ 610” application note (Dirk Van Aken)

[20] “SpeedTouch™ and Quality Of Service” Dirk Van de Poel

R-SYS-20030506-0002 v2.0

27

The SpeedTouchTM SIP multi-media PBX

Visit us at:

www.speedtouch.com

Acknowledgements

All Colleagues for sharing their knowledge.

Coordinates

THOMSON

Prins Boudewijnlaan 47 B-2650 Edegem Belgium

Email: documentation.speedtouch@thomson.net

Copyright

©2003 THOMSON. All rights reserved.

The content of this document is furnished for informational use only, may be subject to change without notice, and should not be construed as a commitment by THOMSON. THOMSON assumes

no responsibility or liability for any errors or inaccuracies that may appear in this document. The information contained in this document represents the current view of THOMSON on the issues

discussed as of the date of publication. Because THOMSON must respond to changing market conditions, it should not be interpreted to be a commitment on the part of THOMSON, and

THOMSON cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. THOMSON MAKES NO WARRANTIES,

EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

R-SYS-20030506-0002 v2.0

28