webrtc conference and expo (november 2013) - signalling workshop
DESCRIPTION
A presentation by Tsahi Levent-Levi, Peter Dunkley (Technical Director, Crocodile RCS Ltd), Kevin Wiseman (Chief Architect, CafeX), Rod Apeldoorn (EasyRTC Server Lead, Priologic). Presentation date 19-Nov-2013.TRANSCRIPT
04/11/2023
1
04/11/2023
3
Speakers• Peter Dunkley– Technical Director– Crocodile RCS Ltd
• Kevin Wiseman – Chief Architect– CafeX
• Rod Apeldoorn – EasyRTC Server Lead– Priologic
04/11/2023
4
SIP OVER WEBSOCKETS
Peter DunkleyTechnical DirectorCrocodile RCS Ltd
04/11/2023
5
What is SIP over WebSockets• It is exactly the same SIP as SIP over TCP, SIP over
TLS, and SIP over UDP – just over WebSockets instead
• It can be secure by using Secure WebSockets• It is about to become an RFC – currently in the IETF
editors queue• It is widely supported by many open-source projects
04/11/2023
6
A quick comparisonStandards Based
ProprietarySIP over WebSockets XMPP (BOSH/WebSockets)
Open-source support High Medium LowVendor tie-in prevention High Medium LowEase of use High Medium High*Client performance Medium Medium High*Network performance High Medium Medium*Ease of interoperability High Medium Low*Standalone applications High High High*Use existing media servers High Low Low
* Dependent on the proprietary option chosen – could be made better or worse depending on what you chose!
04/11/2023
7
Open source support and vendor tie-in prevention
• SIP over WebSockets– At least four well tested open-source Javascript client stacks– At least six well tested open-source server stacks
• XMPP (BOSH/WebSockets)– At least two well tested open-source Javascript client stacks– At least three open-source server stacks
• Proprietary– Many options (even open-source options) but all different and
incompatible - many are vendor specific
04/11/2023
8
Ease of use• SIP over WebSockets
– It is not hard – you are not implementing the signalling yourself– Many client library choices with different APIs and complexities– Many SDK vendors working to make it even easier for you
• XMPP (BOSH/WebSockets)– It is not hard – you are not implementing the signalling yourself– Limited client library choices mean that it is harder than it should be
• Proprietary– Might well be very easy (but might not be) – it depends on your technology
choices– No easier than SIP if you choose the right SIP client library
04/11/2023
9
Client and network performance• SIP over WebSockets
– Javascript client libraries can be large, but minification and app-cache use mitigate this almost completely
– The network can have very high performance while making use of years of developments in real-time signalling and scaling
• XMPP (BOSH/WebSockets)– Javascript client libraries can be large, but minification and app-cache use mitigate this
almost completely– The network will be high performance as long as you do not require interoperability
• Proprietary– The client library may be small (depending on your vendor choice)– The network may be high performance (depending on your vendor choice) as you do
not require interoperability
04/11/2023
10
Interoperable and standalone• The triangle vs the trapezoid• All options are equally suitable for use with the “triangle”• SIP over WebSockets is better for use with the “trapezoid”• Avoid gateways whenever you can (they add network cost
and complexity)• Using SIP makes your application compatible with most
existing media servers (commercial and open-source)
04/11/2023
11
The Triangle
UA UAMedia
Server
SignallingSignalling
04/11/2023
12
The Trapezoid
UA UA
Server Signalling
Media
Server
SignallingSigna
lling
04/11/2023
13
Use cases for SIP over WebSockets
• SIP is well suited for anything requiring interoperability– Conferencing – do you really want to exclude the guy travelling
who can’t get (or afford) a mobile data connection?– Online education – why shouldn’t I be able to listen to lectures
through other routes?– Telemedicine – a huge boon for people living in remote areas
(aren’t those the ones who struggle to get online?)– Call centres – can I afford to exclude customers who can’t use
(or don’t want to use) WebRTC?
Many of the applications that need to interoperate are high-value
04/11/2023
14
Kamailio: WebSocket Handshake...tcp_accept_no_cl=yes...event_route[xhttp:request] {
set_reply_close();set_reply_no_connect();
if ($hdr(Upgrade)=~"websocket"&& $hdr(Connection)=~"Upgrade"&& $rm=~"GET") {
# Validate as required (Host:, Origin:, Cookie:)
if (ws_handle_handshake())exit;
}
xhttp_reply("404", "Not Found", "", "");}
04/11/2023
15
Kamailio: Request Handlingmodparam(“nathelper|registrar”, “received_avp”, “$avp(RECEIVED)”)...request_route {
route(REQINIT);route(WSDETECT);...
route[WSDETECT] {if (proto == WS || proto == WSS) {
force_rport();if (is_method(“REGISTER”)) {
fix_nated_register();} else if (is_method(“INVITE|NOTIFY|SUBSCRIBE”)) {
add_contact_alias();}
}}...route[WITHINDLG] {
if (has_totag()) {if (loose_route()) {
if (!isdsturiset()) {handle_ruri_alias();
}...
04/11/2023
16
Kamailio: Response Handling
onreply_route {if ((proto == WS || proto == WSS)
&& status =~ “[12][0-9][0-9]”) {add_contact_alias();
}}
04/11/2023
17
Kamailio: RTP Profile Conversion (1)modparam(“rtpproxy-ng”, “rtpproxy_sock”, “udp:localhost:22223”)...route[LOCATION] {
...t_on_failure(“UA_FAILURE”);
}...failure_route[UA_FAILURE] {
if (t_check_status(“488”) && sdp_content()) {if (sdp_get_line_startswith(“$avp(mline)”, “m=”)) {
if ($avp(mline) =~ “SAVPF”)) {$avp(rtpproxy_offer_flags) = “froc-sp”;$avp(rtpproxy_answer_flags) = “froc+SP”;
} else {$avp(rtpproxy_offer_flags) = “froc+SP”;$avp(rtpproxy_answer_flags) = “froc-sp”;
}# In a production system you probably need to catch# “RTP/SAVP” and “RTP/AVPF” and handle them correctly# too
}append_branch();rtpproxy_offer($avp(rtpproxy_offer_flags));t_on_reply(“RTPPROXY_REPLY”);route(RELAY);
}}...
04/11/2023
18
Kamailio: RTP Profile Conversion (2)modparam(“rtpproxy-ng”, “rtpproxy_sock”, “udp:localhost:22223”)...failure_route[UA_FAILURE] {
...t_on_reply(“RTPPROXY_REPLY”);route(RELAY);
}
onreply_route[RTPPROXY_REPLY] {if (status =~ “18[03]”) {
# mediaproxy-ng currently only supports SRTP/SDES – early media# won't work so strip it out now to avoid problemschange_reply_status(180, “Ringing”);remove_body();
} else if (status =~ “2[0-9][0-9]” && sdp_content()) {rtpproxy_answer($avp(rtpproxy_answer_flags));
}}...
04/11/2023
19
Authentication (1)• You do not need accounts on the SIP network• You can federate with existing identity providers
(Facebook, Google+, LinkedIn, Twitter, your own)• There is a Kamailio module designed for this (and
implementing it elsewhere is easy)
04/11/2023
20
Authentication (2)
Web Service
SIP Proxy
Calling UA
Called UA
SIP
SIP
RESTOAuth2
Shared secret – communication
link not required
You don’t have to create or manage accounts on the SIP Proxy/registrar
04/11/2023
21
Kamailio: Authentication (1)...tcp_accept_no_cl=yes...modparam(“auth_ephemeral”, “secret”, “kamailio_rules”)...modparam(“htable”, “htable”, “wsconn=>size=8;”)...event_route[xhttp:request] {
...# URI format is /?username=foo&password=bar$var(uri_params) = $(hu{url.querystring});$var(username) = $(var(uri_params){param.name,username,&});$var(password) = $(var(uri_params){param.name,password,&});# Note: username and password could also have been in a Cookie: header
if (!autheph_authenticate(“$var(username)”, “$var(password)”)) {xhttp_reply(“403”, “Forbidden”, “”, “”);exit;
}
if (ws_handle_handshake()) {$sht(wsconn=>$si:$sp::username) = $var(username)exit;
}...
event_route[websocket:closed] {$var(regex) = $si + “:” $sp + “.*”;sht_rm_name_re(“wsconn=>$var(regex)”);
}
04/11/2023
22
Kamailio: Authentication (2)...request_route {
route(REQINIT);route(WSDETECT);...if (!(proto == WS || proto == WSS))
route(AUTH);...
route[WSDETECT] {if (proto == WS || proto == WSS) {
$var(username) = (str) $sht(wsconn=>$si:$sp::username);if ($var(username) == $null || $var(username) == “”) {
send_reply(“403”, “Forbidden”);ws_close(1008, “Policy Violation”);exit;
}
if (!autheph_check_timestamp(“$var(username)”)|| (is_method(“REGISTER|PUBLISH”)
&& !autheph_check_to(“$var(username)”))|| (!has_totag() && !autheph_check_from(“$var(username)”))) {
send_reply(“403”, “Forbidden”);ws_close(1008, “Policy Violation”);exit;
}
force_rport();...
04/11/2023
23
Questions?
Code: https://github.com/crocodilertc
Email: [email protected]
Twitter: @pdunkley
04/11/2023
24
WHAT IS SIGNALLING
Kevin WisemanChief ArchitectCaféX
04/11/2023
25
The Basics…• WebRTC Spec does not define the signalling– It leaves that open to the implementer
• It does define the media descriptor exchange– Utilises the Session Description Protocol
04/11/2023
26
What is signalling• Communications session control from one party to
another party • Typically via some location service– E.g. SIP Registrar, social network, games service
• Describes the requests and responses– Make call, end call, hold, resume, transfer etc– Ringing, answer, rejected, established etc
• Mechanism for exchanging media description– SDP offer/answer exchange
04/11/2023
27
Session Description Protocol• Used to negotiate media between parties– Media (audio, video), Ports, Codecs, ICE etc– offer/answer exchange
• The good news:– Browser generates and consumes SDP offers & answers
• The bad news:– WebRTC SDP places specific requirements on SDP that
most existing telecom entities do not support
04/11/2023
28
Signalling isn't the hard piece with WebRTC
Media and media description are
04/11/2023
29
Closed Systems• Real time coms within Games, Social Networks etc• No compelling reason to adopt any one approach
over another– Already know who is who and how to communicate– No integration into existing telcoms system– Extend existing control channel for SDP offer/answer, or– Utilise 3rd party services to provide real time coms
04/11/2023
30
WebRTC Gateway• Proprietary signalling over HTTP or WebSocket between
browser and gateway• Gateway makes sense if:
– The call scenarios you need to support are standard well defined UC features• Voice & video: Make call, answer call, end call, transfer call, N-way call• IM&P: Send message, receive message, set presence• Application Event Distribution
– You want to embed UC features as part of a service– Your SIP infrastructure has limited support for ICE/STUN and
Multiplexing RTP etc
• This is the use case we are seeing almost exclusively– Customers wanting to embed UC features as part of an overall
service
• Challenges – Dependency on gateway exposing features
Fusion Web
Gateway
Fusion Media Broker
Browser
SIP Network
JSON call control over WebSocket
SIP
SRTP
De-ICEd, de-STUNned &de-multiplexedRTP
Client SDK
CaféX Implementation
04/11/2023
31
SIP over Websockets• SIP over web sockets makes sense if:
– The call scenarios you need to support to the browser require all the features of SIP
– You have developers that can make full use of SIP features on the browser
– Your SIP end points already support ICE/STUN and Multiplexing RTP etc
• Challenges – SIP stack/UA in the browser (dependency on large and complex
JS in Browser)– SIP interworking with yet another 3rd party SIP stack– Security – opening up all the features (and potential security
holes) of SIP to the public internet is dangerous– No benefit to most existing SIP systems – still have to add web
sockets support, still have to add SDP and Media translation
Fusion Web
Gateway
Fusion Media Broker
Browser
SIP Network
SIP over Websocket
SIP
RTP
De-ICEd, de-STUNned &de-multiplexedRTP
JS SIPStack
JS SIP UA
If Café X had used SIP over WebSockets
04/11/2023
32
Web Dev & Signalling• Most Web Devs don’t know or even need to know the
signalling protocol– Busy enough already
• Web Devs expect a rich functional high level API– Efficiency & ease of use
• Don’t want to reinvent the wheel every time they want to add RTC to a web app– If no API provided the first thing a web dev will do is write one
and re-use next time they need to use the service
04/11/2023
33
API Example – Initialisation<script src="https://<gateway_address>:<8080>/gateway/fusion-client-sdk.js"></script>
//Get hold of the sessionID however your app needs tovar sessionID = getMySessionID();
//Google provide a stun server which you can use or you can use your own. //Providing any empty array will result in no stun messages being sent. var stunServers=["stun.l.google.com:19302"];
//Set up initialization success callback before calling startUC.onInitialised = function() {
//perform tasks associated with successful initialization such as registering listeners on UC objects};
//Set up initialization failure callback before calling startUC.onInitialisedFailed = function() {
//perform tasks associated with initialization failure};
//Start my UC session using the Session ID and stun server listUC.start(sessionID, stunServers);
04/11/2023
34
API Example – Media Streamswindow.webkitURL.createObjectURL.UC.phone.onRemoteMediaStream = function(remoteMediaStream) {
//Configure the streams, this can be used to set up visibility of elements and//set the elements src to that of the remote stream, the remoteMediaStream must be//added to the page in order to receive audio or and video.video.src = window.webkitURL.createObjectURL(remoteMediaStream);
};
UC.phone.onLocalMediaStream = function(localMediaStream) {//As with the remote media stream, you should add the localMediaStream to the page//in order to allow the framework to playback local (ie, webcam) feedbackpreview.src = window.webkitURL.createObjectURL(localMediaStream);
};
04/11/2023
35
API Example – Make Callvar call;
//A method to call from the UI to make a callfunction makeCall(addressToCall) {
//Create a call object from the framework and save it somewhere call = UC.phone.createCall(addressToCall);
//Set what to do when the remote party ends the callcall.onEnded = function() { alert("Call Ended"); };
//Set up what to do if the callee is busy, inform your user etccall.onBusy = function() { alert("The callee was busy"); };
//Dial the callcall.dial();
};
//A method to call from the UI to end a current callfunction endCall() { call.end(); };
04/11/2023
36
CUSTOM SIGNALING
Rod Apeldoorn EasyRTC Server LeadPriologic
04/11/2023
37
Benefits Over SIP• Faster on the client side• Easier for developers to understand• Less restrictive
04/11/2023
38
Example Custom Message Types(from EasyRTC)
WebRTC Core• candidate• offer• answer• reject
Application Level• authenticate• hangup• getIceConfig• roomJoin• roomData• setPresence• filesOffer• Many more…
04/11/2023
39
Why Combine WebRTC Signaling with Application Servers?
• Authentication• Call logging• Call control• Combine with application logic• Client connects to just one server– Why SIP + Presence + Application servers?
• Will SIP Gateways offer JSON signaling? Yes!
04/11/2023
40
Transports
Websockets• Available in all modern browsers• Fast + Responsive + Securable• Maintains open socket• Servers have to deal with
concurrent socket limits
XHR Polling• AKA “HTTP Long Polling”• Easy + Securable• To use:
– XMLHttpRequest API– jquery.ajax()
• Used by Google AppRTC Demo
04/11/2023
41
Transports
JSONP + CORS• The original popular method for
DHTML• Cross site scripting issues• “Cross-Origin Resource Sharing”
can be setup• Still a valid fallback
– Especially for older browsers
Other• XMPP (Jabber)
– Instant messengers
• Local– Bluetooth– USB / Serial
• WebRTC Data Channels– Example coming!
04/11/2023
42
Cisco Jabber + EasyRTC
• Cisco DX650 chat with Cisco or Non-Cisco web user
• WebRTC Across Devices and Transports
• Built using– Cisco Jabber SDK– EasyRTC Opensource
04/11/2023
43
Using a Websocket Library
General Benefits• Cross browser support• Easy message sending• Easy event handling
– Connect / Disconnect / Message
• Fallbacks to XHR or JSONP
Why EasyRTC uses Socket.io• Most popular for Node.js• Client API’s in many languages
– JavaScript / C++ / ObjC / Java …
• Message Acknowledgments• Why recode what’s done well?
04/11/2023
44
Private WebRTC Signaling1. Connect users to
servers via Websockets2. Establish DataChannels
between users on same servers
3. Establish WebRTC Peer Connection between User 1 and 3– Signals sent via
DataChannel– User 2 acts as a relay– Neither server aware of
final connection
04/11/2023
45
Private WebRTC Signaling1. Connect users to
servers via Websockets2. Establish DataChannels
between users on same servers
3. Establish WebRTC Peer Connection between User 1 and 3– Signals sent via
DataChannel– User 2 acts as a relay– Neither server aware of
final connection
04/11/2023
46
Private WebRTC Signaling1. Connect users to
servers via Websockets2. Establish DataChannels
between users on same servers
3. Establish WebRTC Peer Connection between User 1 and 3– Signals sent via
DataChannel– User 2 acts as a relay– Neither server aware of
final connection
http://bit.ly/1iq6v8Dhttp://bit.ly/1iq6v8D
04/11/2023
47
Q&A