watch out - the norwegian version
TRANSCRIPT
Watch out!The SIP world is changing. Don’t stay in the past.
[email protected] E. Johansson * [email protected] * Twitter oej© Copyright Edvina AB, Sollentuna, Sweden 2011. All rights reserved.
Warning.High rate of slides/min...
Me.
Twitter:
@oej
@sipv6
@edvina
Blog:www.voip-forum.com
Aftenposten idagAftenposten IDAG!
Where are we?
• SIP is ten years old
• Mostly used for PSTN over IP
• Narrowband audio
• Insecure implementations
• Insecure deployments
BAD!
We can do better.Our customers deserve better.
WE SHOULD BE
ASHAMED!
• We have more smart phones, tablets and other devices than PCs These devices have multimedia - video, audio
• Multimedia is changing - wideband, stereo, 7-1, screen sharing
• The number of users is exploding
The network is changing.
© Copyright 2010, Edvina AB, Sollentuna, Sweden. All rights reserved. Approved distribution only. [email protected]
The network is reachingand end. And a beginning.
• We have no more IPv4 addresses to allocate
• How are we going to build new cloud services, add new devices and build a larger Internet?
• Do you want carrier grade NAT’s?
© Copyright 2010, Edvina AB, Sollentuna, Sweden. All rights reserved. Approved distribution only. [email protected]
The network is falling apart.
• We lack a lot of knowledge about networking out there.
• The NAT and Firewall devices are just good enough to handle a minimum level of traffic and predeterimed applications
• Customers need to wake up. Otherwise the clouds will be rain clouds with dangerous thunderstorms.
© Copyright 2010, Edvina AB, Sollentuna, Sweden. All rights reserved. Approved distribution only. [email protected]
The network is out of control
There’s no ”inside” and ”outside” any more. If there ever was.
The realtime platform requires better security.
Good news!There are alternatives
SkypeYet another telco monopoly. Only this time,
it’s Internet-based.
Just joking.Let’s take a look at real alternatives.
Building solutions onAsterisk, Asterisk SCF and FreeSwitch and...
IPtelephony
Old stuff
IPtelephony
ChatPresence Video Screen
sharing Games
Systemintegration
Socialnetworks RSS ?
SIP
Internet & IP networks
Welcome to therealtime Internet.
SIP
Internet & IP networks
The social multimedianetwork.
This is not justabout telephony.
SIP
Internet & IP networks
Welcome to therealtime Internet.
What is SIP?
• A protocol to find each other in real time
• A protocol to manage sessions between people
REALTIMEI T ’ S ALL ABOUT NOW.
Building this requiresa bit more than good
old SIP INVITE
200 OK
ACK
Learn new things.
ICE
SIP outbound
GRUU
TLS
GIN - pbx registrations
SIP identity
RTP multiplexing
MSRP
WebRTC
The new kidon the block
• Cooperation between the W3C and IETF
• Bidirectional media between browsers
• Audio, video, text
• The platform for new services
• SIP in the browser (listen to Iñaki!)
WebRTC
The vision
• An open service where we can communicate freely with each other from any device and any network
• First wave propably just between users of the same web service
• Many of us wants open federation - it requires a shared address space and protocol
WebRTC
Dependencies
• The architecture is still discussed
• Will propably depend on ICE, which means dependencies on TURN/STUN as well
• OverSIP and jsSIP presented here today is a good example of the future!
WebRTC
WebRTC• Platform for new cool
applications
• Built into the web browser
• Security-enabled from start
• We’ll still have NAT and firewall issues
• Will it be standardized enough
• Will we need SBCs to handle the connections?
+ -
WebRTC
ICE
Taking us out of the NAT darkness.
ICE
Ice: Show me yours, and I’ll show you mine.
SIP
NATted network
NATted network
Alice
Bob
Cecilia
SIP
Media relay
•All UAs find all their addresses, using STUN
•May allocate an address using TURN
•Sends all addresses as candidates in SDP
•Receipient tries to contact addresses and select best media path
•Supports both IPv4 and IPv6
•IPv6 UAs allocate IPv4 Turn address
ICE
Turn
ICE• Finds the best media path
between two nodes
• Supports IPv4 and IPv6 deployments
• Binds SIP+SDP to actual media
• Used by Microsoft, Apple (FaceTime), Google Hangouts
• Takes time at call setup
• Hard for b2bua’s to support
• Complex for developers
+ -
ICE
Globally Routable device addresses
SIP
NATted network
Alice
Bob
Bob
SIP
SIP
Example.com
astritech.com
The AOR for Alice and Bobbelongs to their proxy. Bob has one
AOR for multiple UAs.
The GRUU points to a device. It is allocatedat registration and belongs to the domain, thus
can be used globally!
GRUU
Builds on SIP outboundUUID URN’s.
Device URIs• Makes transfers and
other SIP in-dialog functions work across domains
• A Contact without IPv4/IPv6 dependencies
• Opens up for multi-device calls (SPLICES)
• Complex RFC
• Adds a bit of complexity to the UA
+ -
GRUU
RFC 4474- SIP identity• A domain implements an authentication service
that signs an identity on outbound messages
• Users identify themselves to domain server (proxy) by other means (Digest, TLS)
• Signs the From: URI (AOR)
AUDIO
SIP
Local Local
SIPIdentity
SIPHTTP auth or
TLS auth
IDENTITY
Can this be connected to federated identity?
• Shibboleth/SAML 2.0/FEIDE
• Draft exists, but no progress. Needs work.
• OpenID
• Oauth
IDENTITY
SIP identity
• Enables trust of identities between domains
• Adds integrity check of SIP messages
• Together with TLS for connections, part of trust platform for an open federation
• Complex RFC
• PKI is always complicated
• Not many implementations, thus very few tests of interoperability
+ -
IDENTITY
What’s missing?Proper solution
for TLS and a PKI.Implementationsof DTLS SRTPkey exchange
End to endsecurity.
Managementof security and configurations.
Customers with theguts to do somethingdifferent.
The next generation realtime network.
• We’ve learned a lot in 10 years of SIP.
• Why hasn’t the IP phones changed?
• New models coming - see Goji for smartphones, Skycall on Norwegian and Panasonic Android SIP phones
Ask yourselves the important question.
Have you become one of the
old PBX-huggers?
The ones that just doesn’t let go.
Why doesn’t mobile office solutionshave blinking lamps and all that stuff?
Summary
• IETF realized that NAT is a big issue and developed GRUU, ICE and Outbound. Use it.
• For security, there’s TLS, S/MIME and SIP/Identity
• A properly architectured SIP architecture can handle much more than telephony.
• Look at Skype, Microsoft Lync and AG Projects product suite for inspiration.
• Only the last company in the list is using open standards!
REALTIMEI T ’ S ALL ABOUT NOW.
10 bullet pointsto remember!
The road ahead:
OPEN UNIFIEDCOMMUNICATION
A C C O R D I N G T O E D V I N A
© Copyright 2012, Edvina AB, Sollentuna, Sweden. All rights reserved. Approved distribution only. [email protected]
1. Use Open NetworkProtocols
OPEN UNIFIEDCOMMUNICATION
A C C O R D I N G T O E D V I N A
TCP/IP * SIP * XMPP
© Copyright 2012, Edvina AB, Sollentuna, Sweden. All rights reserved. Approved distribution only. [email protected]
2. Use Open Source
OPEN UNIFIEDCOMMUNICATION
A C C O R D I N G T O E D V I N A
COOPERATIVE SOFTWARE
© Copyright 2012, Edvina AB, Sollentuna, Sweden. All rights reserved. Approved distribution only. [email protected]
3. Use e-mail style addresses.
OPEN UNIFIEDCOMMUNICATION
A C C O R D I N G T O E D V I N A
One address that rule them all!
@
© Copyright 2012, Edvina AB, Sollentuna, Sweden. All rights reserved. Approved distribution only. [email protected]
4. Implement with Integrity and Security
OPEN UNIFIEDCOMMUNICATION
A C C O R D I N G T O E D V I N A
BUILDING TRUST FOR NEW SOLUTIONS
© Copyright 2012, Edvina AB, Sollentuna, Sweden. All rights reserved. Approved distribution only. [email protected]
5. Implement green anti-travel solutions
OPEN UNIFIEDCOMMUNICATION
A C C O R D I N G T O E D V I N A
VIDEO IS IMPORTANT.
© Copyright 2012, Edvina AB, Sollentuna, Sweden. All rights reserved. Approved distribution only. [email protected]
6. Corporate Social Responsibility
OPEN UNIFIEDCOMMUNICATION
A C C O R D I N G T O E D V I N A
OPEN SOURCE = AVAILABILITY FOR THE 3RD WORLD
Building and connecting to a network for everyone.
© Copyright 2012, Edvina AB, Sollentuna, Sweden. All rights reserved. Approved distribution only. [email protected]
7. Everything is and should be building
blocks
OPEN UNIFIEDCOMMUNICATION
A C C O R D I N G T O E D V I N A
EVERYTHING SHOULD HAVE AN AN OPEN API
© Copyright 2012, Edvina AB, Sollentuna, Sweden. All rights reserved. Approved distribution only. [email protected]
8. Don’t disconnect from the world.
OPEN UNIFIEDCOMMUNICATION
A C C O R D I N G T O E D V I N A
IPv6 NOW
© Copyright 2012, Edvina AB, Sollentuna, Sweden. All rights reserved. Approved distribution only. [email protected]
9. Don’t wait for demand
OPEN UNIFIEDCOMMUNICATION
A C C O R D I N G T O E D V I N A
Deliver services to your users.
© Copyright 2012, Edvina AB, Sollentuna, Sweden. All rights reserved. Approved distribution only. [email protected]
10. Think different.
OPEN UNIFIEDCOMMUNICATION
A C C O R D I N G T O E D V I N A
The new telephony platform is not about telephony.
REALTIMEI T ’ S ALL ABOUT NOW.
...and for these ideas to come true,
you’ll need...
© Copyright 2012, Edvina AB, Sollentuna, Sweden. All rights reserved. Approved distribution only. [email protected]
Slides available soon onslideshare.net/oej
Thank you!Any questions?
Twitter: @oej - the rest [email protected]