1 / 49

VoIP 系統與 SIP 協定

VoIP 系統與 SIP 協定. 李思銳 voip_taiwan@yahoo.com.tw. 大綱. 穿越 NAT 編譯 Open Source 的 STUN Server and Client Outbound Proxy. NAT. 通常使用 192.168.xxx.xxx, 172.16.xxx.xxx ~ 172.29.xxx.xxx, 10.xxx.xxx.xxx; 但是沒有強制規定一定要以上的 IP range NAT 可分為四類 : Full Cone Restricted Port Restricted Symmetric. Full Cone NAT.

betty_james
Download Presentation

VoIP 系統與 SIP 協定

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. VoIP系統與SIP協定 李思銳voip_taiwan@yahoo.com.tw

  2. 大綱 • 穿越 NAT • 編譯Open Source的STUN Server and Client • Outbound Proxy

  3. NAT • 通常使用192.168.xxx.xxx, 172.16.xxx.xxx ~ 172.29.xxx.xxx, 10.xxx.xxx.xxx; 但是沒有強制規定一定要以上的IP range • NAT可分為四類:Full ConeRestrictedPort RestrictedSymmetric

  4. Full Cone NAT • 來自同一internal ip:port的所有要求都將mapping到相同的external ip:port • internal可以透過internal ip:port  external ip:port, 往external傳輸的網路封包 • external可以透過external ip:port  internal ip:port , 往internal傳輸的網路封包

  5. Restricted NAT • 來自同一internal ip:port的所有要求都將mapping到相同的external ip:port • external”只能”循原路往internal傳輸網路封包, 也就是, internal曾將某一網路封包傳送到external時, external”才能”把網路封包傳送到internal

  6. Port Restricted NAT • 與Restricted Cone NAT一樣, 但是限制範圍包括port

  7. Symmetric NAT • 來自同一內部ip:port的所有要求, 在傳送到某一特定目標ip:port時, 都將mapping到相同的外部ip:port, 如果同一目標傳送的網路封包具有相同的來源ip:port, 但目的地不同, 則使用不同的mapping port • 只有收到資料封包的external可以向internal回送UDP封包

  8. 關於穿越NAT • 如果由client來做, 通常是去問外部的server(如STUN server), 目前NAT IP位址為何, 以及偵測NAT的type • 如果是server來做, 最有效的做法就是outbound proxy, 這樣的做法就如同H.323裡的proxy mode. 但是, 由於所有的封包都經過outbound server, 網路流量是必需考量的重點

  9. 編譯與執行STUN Server • # tar xvfz stund_0.96_Aug13.tgz • # make • # ifconfig eth0:0 linux_host_ip_2 • # ./server -v • # ./client -v linux_host_ip

  10. 設定SJPhone –使用我們的STUN server

  11. 設定SJPhone –使用預設的STUN server

  12. 利用STUN穿越NAT的作法 • 在REGISTER和INVITE時, 注意Contact這個SIP header欄位的變化 • 在INVITE時, 注意o, c和m這幾個SDP欄位的變化

  13. REGISTER封包 • U 192.168.11.175:5060 -> 192.168.11.200:5060 • REGISTER sip:192.168.11.200 SIP/2.0. • Via: SIP/2.0/UDP 192.168.11.175;rport;branch=z9hG4bKc0a80baf0000000b451e2ebc000040ba00000009. • Content-Length: 0. • Contact: <sip:1000@公網ip:公網port>. • Call-ID: A3D4497E-E6C9-42FC-B00D-E0F3D6B3550D@192.168.11.175. • CSeq: 5 REGISTER. • From: <sip:1000@192.168.11.200>;tag=2792242113900. • Max-Forwards: 70. • To: <sip:1000@192.168.11.200>. • User-Agent: SJphone/1.60.289a (SJ Labs).

  14. INVITE封包 • U 192.168.11.175:5060 -> 192.168.11.200:5060 • INVITE sip:1002@192.168.11.200 SIP/2.0. • Via: SIP/2.0/UDP 192.168.11.175;rport;branch=z9hG4bKc0a80baf00000021451e2f73000067fa00000013. • Content-Length: 223. • Contact: <sip:1000@公網ip:公網port>. • Call-ID: 62228ED9-F77A-41EE-B2EC-D090C987280C@192.168.11.175. • Content-Type: application/sdp. • CSeq: 1 INVITE. • From: "unknown"<sip:1000@192.168.11.200>;tag=2810534316052. • Max-Forwards: 70. • To: <sip:1002@192.168.11.200>. • User-Agent: SJphone/1.60.289a (SJ Labs).

  15. v=0. • o=- 3368594931 3368594931 IN IP4 公網ip. • s=SJphone. • c=IN IP4公網ip. • t=0 0. • a=direction:active. • m=audio公網port RTP/AVP 0 101. • a=rtpmap:0 PCMU/8000. • a=rtpmap:101 telephone-event/8000. • a=fmtp:101 0-11,16.

  16. Quiz • If two Uac behind the same NAT, and they enable STUN. What problem will happen?

  17. 大綱 • H.323介紹 • Open Source的H.323 terminal • 在Linux平台的Gatekeeper • 封包擷取與觀察

  18. 編譯的順序 • 因為library相依性的問題, 請照下面順序編譯:pwlibopenh323gnugk

  19. 編譯pwlib • # tar xvfz pwlib_1_5_3.tgz • # cd pwlib • # ./configure • # make opt • # make install • # cd ..

  20. 編譯openh323 • # tar xvfz openh323_1_12_3.tgz • # cd openh323 • # ./configure • # make opt • # make install • # cd ..

  21. 編譯gnugk • # tar xvfz gnugk-2.0.8.tgz • # cd openh323gk • 編輯Makefile, disable ACCT, RADIUS, MYSQL, PGSQL, WAITARQ • # make opt • # make install • # cd ..

  22. 啟動gnugk • # cp -a /usr/local/lib/libp* /usr/lib/. • # cp -a /usr/local/lib/libh* /usr/lib/. • # gnugk -c ./openh323gk/etc/gnugk.ini

  23. 設定SJPhone • 新增一個Profile • 使用Call through H.323 Gatekeeper • 輸入正確的Gatekeeper Address

  24. 設定OpenPhone • 設定Username和Aliases • 更改Local interfaces

  25. 輸入正確的Gatekeeper Address • 關掉OpenPhone後, 再啟動一次

  26. 擷取封包

  27. 大綱 • SIP IP-PBX: Asterisk • Asterisk的編譯與SIP service的啟動 • Asterisk的設計概念 • TransCoding的問題研究

  28. Asterisk的編譯 • # tar xvfz asterisk-1.0.11.tar.gz • # cd asterisk-1.0.11 • # make • # make install • # make samples

  29. Asterisk預設的安裝路徑 • 執行檔:/usr/sbin/asterisk • Modules:/usr/lib/asterisk/modules • Config:/etc/asterisk

  30. sip.conf • 請見/etc/asterisk/sip.conf, 或是光碟片裡copy出來的default sip config of asterisk • 請注意以下一些設定, 我們通常/也許可能會去更改:context=defaultport=5060bindaddr=0.0.0.0

  31. 增加SIP client帳號 • [1000] • type=friend • secret=1000 • host=dynamic • [1001] • type=friend • secret=1001 • host=dynamic

  32. Problem • 註冊OK • 1000< -- >1001對打不對勁 • 增加底下兩項到sip.conf的1000和1001帳號裡nat=yescontext=internal

  33. 增加internal context到extensions.conf[internal]exten => 100,1,Dial(SIP/1000)exten => 200,1,Dial(SIP/1001) • X-Lite(1001)呼叫SJPhone(1000):call 100 • SJPhone(1000)呼叫X-Lite(1001):call 200

  34. Asterisk的設計概念 • Asterisk is so-called IP-PBX • 他主要是針對他們的類比或數位的板卡所設計的程式 • 基本上, 可以將Asterisk視作是一個加強型的Trunk Gateway

  35. TransCoding的問題研究 • 基於上述原因, 預設所有RTP封包都會經過Asterisk • 另外Asterisk為解決某些device沒有提供的codec, 他將進到自己本身的封包作codec的轉換 • Asterisk的核心codec為PCM16和GSM

  36. 大綱 • SIP互通性研究 • 研究X-Lite的各種設定 • 各種Open Source SIP Protocol Stack之比較與探討 • SIP RFC 2543和RFC 3261比較與問題 • SIP與H.323比較與差異 • SIP優缺點與未來之挑戰

  37. The setting with X-Lite • Auto Detect IP • Listen on IP • Listen SIP Port • Listen RTP Port • NAT Firewall IP • Out Bound SIP Proxy • Stun Server • DNS Server

  38. Display Name • Username • Authorization User • Password • Domain/Realm • SIP Proxy • Outbound Proxy • Send Internal IP • Forward SIP URL • Dial Prefix

  39. Reregister Proxy • Send Compact SIP Messages • Send Basic SDP Messages • Use SIP rport • Timeout

  40. SIP rport • allows a client to request that the server send the response back to the source IP address and port from which the request originated

  41. Open source SIP stack • VOCAL: vovida, huge and full functions, support RFC2543 but RFC3261 unknown • OPAL: openh323, support H.323 and SIP • miniSIP: support TLS • oSIP: GNU, very small, C language

  42. Hold in RFC2543 • RFC3261 hold: a=sendonly, a=recvonly, a=sendrecv • RFC2543 hold: c=0.0.0.0 • Quiz: Is the address “0.0.0.0” a legal internet address?

  43. RFC3261 vs. RFC2543 • Please refer chapter 28 of RFC3261 • Refer the book “Understanding the Session Initiation Protocol” (second edition), searching the keyword “RFC 2543” • Installing the vocal server and client and then testing with your program or device

  44. SIP vs. H.323 • IETF vs. ITU-T(CCITT) • Text vs. ASN.1 • SIP URL vs. E164ID/H323ID • NAT friendly • Gateway mode and prefix number • Trunk gateway and connecting to telecommunication • SIP servers vs. H.323 gatekeeper

  45. The problem with SIP • SIP 3261和2543不相容 • 由於是Text編碼傳輸, 無法保證call setup time • 沒有gateway prefix觀念, 需自行實作, 也因此造成某些程度的不相容 • 在RFC規範裡, MUST字眼很少出現, 各廠商的產品相容性需驗證 • SIP某些功能仍然是draft, 也就是還沒定稿 • SIP的規範散見各RFC或draft

More Related