1 / 21

SIP over an Identifier/Locator splitted Next Generation Internet architecture

SIP over an Identifier/Locator splitted Next Generation Internet architecture. Christian Esteve Rothenberg, Walter Wong, Fábio L. Verdi, Maurício F. Magalhães School of Electrical and Computer Engineering (FEEC) State University of Campinas (UNICAMP), Brazil. ICACT08

farren
Download Presentation

SIP over an Identifier/Locator splitted Next Generation Internet architecture

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SIP over an Identifier/Locator splittedNext Generation Internet architecture Christian Esteve Rothenberg, Walter Wong, Fábio L. Verdi, Maurício F. Magalhães School of Electrical and Computer Engineering (FEEC) State University of Campinas (UNICAMP), Brazil ICACT08 Phoenix Park, South Korea, 18/02/2008

  2. Introduction • Current Internet architecture presents some limitations to the natural deployment of new services: • Mobility/Multi-homing • Network heterogeneity • Embedded Security • Existing applications like SIP demand security, mobility support, and operation over IPv4 and IPv6. “Patches” approach: NAT, IPSec, Mobile IP,etc. Many SIP add-ons: ALG, SBC, TLS , SRTP, S/MIME,etc. ICACT08

  3. Introduction • Main issue: IP semantic overload • Transport layer: IP is an identifier (naming) • Network layer: IP is a locator (addressing) • Consequences • Lack of a stable identifier for end-to-end communication • Mobility/Multihoming • Heterogeneity • Security • Solution • Identifier/locator separation • HIP, IETF RRG LISP, NodeID IP Legacyapplications SIP HTTP SDP DNS RTP … SCTP TCP UDP IP ID Host Identifier Network locator IPv4 IPv6 Ethernet … Network technology ATM WLAN SONET ICACT08

  4. <IP:port>src <IP:port>des Protocol <ID:port>src <ID:port>dest Protocol Static binding Dynamic binding Introduction Identifier/locator separation • Introduction of an identification layer between the network and transport layers (as in HIP) • Identifiers are 32-bit (128-bit in IPv6) flat (topology-free), persistent and unique node IDs Application Application socket socket Identifier locator locator locator locator locator IP = 10.1.1.1 IP = 10.1.1.2 IP = 10.1.2.3 IP = 10.1.1.1 IP = 10.1.1.2 ICACT08

  5. Background Next Generation Internet Architecture Proposal • Originally inspired by the NodeID architecture • Global, flat, cryptographic node Identifiers (as in HIP) • Host FQDN assumed • Extended with Domain IDs (DID) • Scalability (!) • Routing on flat IDs (DID/NID) • Different to HIP (!) ICACT08

  6. Network Contribution External Modules DHT RVS DNS DHCP Functionalities of our NGI Framework 1: • Name Resolution • Mobility • Multi-homing • Flat Routing • Security • Heterogeneity • Legacy Applications Support Legacy appl. support Filter DNS Handler Internal modules Control plane Mobility DHT Client Identification layer ID Mapper Gw Msg Srv RVS Client Packet Handler Security Security DB Security Mgr DHCP Client Flat routing 1 W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, "A Framework for Mobility and Flat Addressing in Heterogeneous Domains", In 25º Brazilian Symposium of Computer Networks and Distributed Systems, SBRC 2007. Routing Peer Cache • How can an existing application like e.g., SIPoperate with and benefit from our NGI Architecture? ICACT08

  7. DR DR Scenario under evaluation FQDN1 (hostname1.sth.atlanta.com)NID1 (32-bit)UA1 (sip:alice@atlanta.com) sip_proxy1.atlanta.com DNS (1) (2) RVS INVITE sip:bob@biloxi.com To: sip:bob@biloxi.com From: sip:alice@atlanta.com Contact: FQDN1 o= FQDN1c= NID1 … DNS Domain1 atlanta.com DHT DHT (5) (3) Internet Core (IPv4) RVS DHT (4) UA2 (sip:bob@biloxi.com)NID2 (32-bit)FQDN2 (hostname2.sth.biloxi.com) Domain2 biloxi.com sip_proxy2.biloxi.com ICACT08

  8. Transparent naming Hostnames • FQDN can be assumed as global name space for all hosts • Enabled by the unique and global-scope NIDs • SIP RFC 3261 RECOMMENDS use of FQDN form names Name resolution • SIP UA DNS requests (gethostbyname(), SIP SRV) intercepted • NIDs returned to the SIP application as typical IP addreses. Transparent architecture features • The architecture handles the dynamic locator binding, security associations, flat routing, etc. Legacy appl. support Filter DNS Handler Identification layer ID Mapper Packet Handler Security Security DB Flat routing Routing Peer Cache ICACT08

  9. IP UDP Payload Payload IP UDP Src <NID, DID> Dst <NID, DID> Payload NIH NID Header Transparency Source address = source NID Destination address = dest NID Legacy SIP & RTP packets NIH Payload IP UDP Payload Network ICACT08

  10. A B Security • Embedded on the identification layer (HIP-like) • NIDs are cryptographic hashes of public keys • Enables nodes to self-claim their identities • Authentication based on public key infrastructure (PKI) • Provides single secure channel between peers • For all communications, all applications HDR, CERT, nonce HDR, {CERT, DHB, nonce}, sig HDR, {DHA}, sig. ICACT08

  11. Mobility • Periodic locator updates in the Rendezvous Server • Mobility event transparent to applications (SIP clients) • TCP connections survived network reconfigurations • RTP stream “seamless” recovered W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, “An Architecture for Mobility Support in a Next Generation Internet”, In IEEE 22nd International Conference on Advanced Information Networking and Applications (AINA), Japan, March 2008 10 experiments, with RVS Update every 3s and G.729 (20ms) coded RTP payload. ICACT08

  12. Performance • Signaling overhead • Extra interactions required • SIP session establishment time difference negligible in our testbed environment • VoIP bandwidth overhead • Comparable to other security schemes • Header compression possible ICACT08

  13. Related Work • Next Generation Internet architectures • FARA, i3, TRIAD, ROFL, DONA • Node Identity Internetworking Architecture (NodeID), draft-schuetz-nid-arch-00, Sep. 07 • ID/Loc separation • HIP, IETF RRG (LISP, NERD, etc.) • ITU-T, “Separation of IP into identifier and locator in NGN”, Draft Recommendation Y.ipsplit, Jan. 07 • Interactions of HIP with SIP • P2PSIP, SHIP, draft-tschofenig-hiprg-host-identities, Jun. 07 ICACT08

  14. Future Work • DID/NID flat routing approach • Scalability • Domain mobility (Submitted paper) • Security model (HIP inspired) • Comparison to related work on security (Paper in progress) • Enhanced name resolution mechanims (DHT-based) • DID router resolution in the Internet Core • Extend our framework towards a data-oriented / content-centric paradigm ICACT08

  15. Conclusion • Framework to instantiate NGI proposals • ID/Loc separation implementable • Validated the claim of existing application support • Contribution towards a Next Generation Internet arch. • Benefits from ID/Loc adoption: • Native network mobility support • Transparent to applications • Native security based on the identification layer • E2E single secure channel • Operation over heterogeneous realms (IPv4/IPv6) • Affordable overhead (signaling, BW, computation) ICACT08

  16. Thank you! Questions? ICACT08

  17. Backup ICACT08

  18. References • J. F. Shoch, "Inter-Network Naming, Addressing, and Routing." In Proceedings of IEEE COMPCON, Fall, 1979. • J. Chiappa, "Endpoints and Endpoint Names: A Proposed Enhancement to the Internet Architecture", [Online]. Available: http://users.exis.net/~jnc/tech/endpoints.txt, 1999. • R. Jain, “Internet 3.0: Ten Problems with Current Internet Architecture and Solutions for the Next Generation,” Military Communications Conference MILCOM, Washington, DC, October 23-25, 2006. • I. Stoica, D. Adkins, S. Zhuang, S. Shenker and S. Surana, "Internet Indirection Infrastructure," In Proceedings of SIGCOMM 2002. • M. Caesar, K. Lakshminarayana and et al. “ROFL: Routing on Flat Labels”. In Proceedings of SIGCOMM 2006. • B. Ahlgren, J. Arkko, L. Eggert and J. Rajahalme. “A Node Identity Internetworking Architecture”. In Proceedings of the IEEE INFOCOM 2006 Global Internet Workshop, Spain, 2006. • P. Nikander. "Implications of Identifier / Locator Split", Helsinki University of Technology (TKK) NETS 1a morning coffee, Dec. 2004. D. Farinacci et al. “Locator/ID Separation Protocol (LISP)”. IETF Draft, draft-farinacci-lisp-02 (work in progress), July 2007. • ITU-T, “Separation of IP into identifier and locator in NGN”, Draft Recommendation Y.ipsplit, Beijing, China, 8-12 January 2007. ICACT08

  19. References • S. Schuetz, R. Winter, L. Burness, P. Eardley and B. Ahlgren, "Node Identity Internetworking Architecture", IETF Internet-Draft draft-schuetz-nid-arch-00 (work in progress), September 2007. • W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, "A Framework for Mobility and Flat Addressing in Heterogeneous Domains", In 25º Brazilian Symposium of Computer Networks and Distributed Systems 2007, SBRC 2007, Brazil May 2007. • W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, “An Architecture for Mobility Support in a Next Generation Internet”, In IEEE 22nd International Conference on Advanced Information Networking and Applications (AINA), Japan, March 2008 • J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002 • R. Moskowitz and P. Nikander, "Host Identity Protocol (HIP) Architecture", RFC 4423, May 2006. • B. Ahlgren, L. Eggert, B. Ohlman, J. Rajahalme, and A. Schieder, “Names, addresses and identities in ambient networks”. 1st ACM Workshop on Dynamic interconnection of Networks, September 2005 • J. Rosenberg and H. Schulzrinne, "Session Initiation Protocol (SIP): Locating SIP Servers", RFC 3263, June 2002. • M. Handley, V. Jacobson and C. Perkins, "SDP: Session Description Protocol", RFC 4566, July 2006. ICACT08

  20. References • J. Y. H. So, J. Wang, and D. Jones, "SHIP Mobility Management Hybrid SIP-HIP Scheme," In Proceedings of Sixth SNPD/SAWN International Conference, USA, 2005. • H. Tschofenig, J. Ott, H. Schulzrinne, T.Henderson, and G. Camarillo, "Interaction between SIP and HIP", draft-tschofenig-hiprg-host-identities (work in process), Internet-Draft, IETF, June 2007 • D. Geneiatakis et al. "Survey of Security Vulnerabilities in Session Initiation Protocol", IEEE Communications Surveys and Tutorials, vol. 8 (3), IEEE Press, 2006, pp. 68–81. • H. Schulzrinne and E. Wedlund, “Application Layer Mobility using SIP”, ACM Mobile Computing and Communications Review, vol. 4,, July 2000. • D. Le, X. Fu and D. Hogrefe, “A Review of Mobility Support Paradigms for the Internet”, IEEE Communications Surveys and Tutorials, Jan 2006. • A. Botta, A. Dainotti and A. Pescapè, "Multi-protocol and multi-platform traffic generation and measurement", INFOCOM 2007 DEMO Session, May 2007, Anchorage (Alaska, USA). • Open SIP Express Router, [Online]. Available: http://www.openser.org/ • SIPp, traffic generator, [Online]. Available ICACT08

  21. Architecture External Modules DHT RVS DNS DHCP Legacy appl. support Internal modules Filter DNS Handler Control plane Mobility DHT Client Identification layer ID Mapper Gw Msg Srv RVS Client Packet Handler Security Security DB Security Mgr DHCP Client Flat routing Routing Peer Cache ICACT08 Rede

More Related