200 likes | 378 Views
SIP Peer-to-Peer Telephony. Joel Maloff, Principal Consultant Maloff NetResults E-mail: jmaloff@gmail.com Telephone: 954-263-1306 Web: www.maloff.com Blog: www.maloff-ip.com/maloffontheinternet. Creating a New Carrier-Class Model. Objectives.
E N D
SIP Peer-to-Peer Telephony Joel Maloff, Principal Consultant Maloff NetResults E-mail: jmaloff@gmail.com Telephone: 954-263-1306 Web: www.maloff.com Blog: www.maloff-ip.com/maloffontheinternet Creating a New Carrier-Class Model
Objectives • To describe the approaches used to blend the superior attributes of SIP Peer-to-Peer telephony with techniques that provide high quality services at low cost to the service provider. • To understand the security vulnerabilities introduced by the P2P “super node” concept, and more attractive alternatives. • To define “carrier class” SIP P2P telephony services, and highlight a model for their delivery.
Peer-to-Peer Telephony Models • The Skype Model • SIP P2P Model • Directed SIP P2P (DSP) Model
Impact of P2P Telephony Models • How do these models differ architecturally? • What are the security implications? • Scalability • Consumer-Grade vs. Carrier-Class
The Skype Model • As understood from publicly available sources. • Skype is a quasi-Peer-to-Peer service using a small infrastructure for registration and enlisting unsuspecting end-users as “super nodes” to act as the presence coordination and interconnection link between users. • On an average day, there are approximately 20,000 users whose machines have been enlisted by Skype as super nodes – mostly without their knowledge (www.blackhat.com March 2006).
The Skype Super Node Issue • This is an example of the impact that the super node function has on a PC. • One minute intervals show Skype super node function capturing +/- 100 kbps Source: http://www.voipwiki.com/blog/ 17 July 2006
Skype Issues • Relies on the ignorance of super nodes. • Super nodes compromise the most basic network security policies in a corporate environment. • The “keep-alive” functionality has the potential to decrease hard drive life by as much as 50%.
Skype Issues • The Skype model: • is proprietary. • has not been disclosed. • has not been patented. • As of 19 July 2006, a Chinese company reportedly has cracked the Skype code, reverse engineered it, and plans to deploy WITHOUT super node functionality.
SIP P2P Model • Skype uses a closed proprietary approach. • Various groups have been working on a SIP P2P model (e.g., "Peer-to-Peer Internet Telephony Using SIP”). • Almost all of them retain the “super node” as opposed to more traditional client-server models. • The advantage of these approaches is their ability to build functionality as a community via open standards architecture.
Directed SIP P2P (DSP) Model • The DSP approach incorporates SIP but uses a distributed server architecture to direct calls and establish presence rather than enlisting consumers and businesses as “super nodes.” • In this way, the best aspects of client-server are combined with the cost benefits of P2P and SIP.
Directed SIP Peer-to-Peer (DSP Model) • Fusion’s Approach
Other Emerging Models • BandTel (www.Bandtel.com) • Clustered SIP softswitch architecture • pairs of DNS servers direct SIP calls to SIP signaling transfer points (STPs) • directs SIP calls to "N" SIP proxies in the BandTel SIP proxy matrix.
Other Emerging Models • Communigate (www.communigate.com) • All-Active Dynamic Cluster SIP farm able to scale to 10 million VoIP subscribers in a simulated environment. Call load generation of 1,000 SIP calls per second with up to 192,000 unique registered end-points driven by a test device for inbound calling.
Security Implications • Any model that uses a super node must punch holes through a corporate network’s perimeter defenses or a consumer’s desktop firewall. • Typical server security vulnerabilities and vectors can be exploited to compromise services, capture confidential information, or be used as a vehicle to invade other machines. • Many corporations and government entities are banning Skype and similar services due to these risks.
Scalability • True Peer-to-Peer telephony • Great promise for enterprises. • Limited numbers of users employing sophisticated applications on their PCs or using VoIP-specific devices in an encrypted, tunneled, or VPN environment can be quite valuable. • Attempting to scale these systems in a secure, well-managed environment to multiple millions is impractical.
Scalability • The DSP model is designed to scale infinitely through the use of geographically dispersed nodes that are part of the core infrastructure. • Super node-based models can work only as long as the users are unconcerned about their flaws OR until there are better models.
Consumer grade Generally a free service offered by an entity that has very little traditional telephony infrastructure. For off-net calling, must interface with one or more carriers. End-to-end quality control is beyond their reach or their concern. Carrier class Advanced VoIP services, such as DSP telephony, layered on top of traditional telephony services. May incorporate soft switch functionality and interconnect with many other carriers. VoIP Peering On-Net quality is a realistic objective. Consumer-Grade vs. Carrier-Class An underlying issue is the distinction between consumer-grade and carrier-class VoIP solutions.
Consumer-Grade vs. Carrier-Class • Just as most Internet Service Providers began as technical entrepreneur driven and evolved into professional organizations, so too will VoIP providers – evolving into carrier-class providers.
Conclusions • It is critical to understand where the market is evolving and what should be expected from your solutions. Some of these include: • Hardened applications that are security-aware and do not expose end-users to unnecessary risk. • Scalable applications that address the needs of both enterprises AND global carriers. • The distinction between consumer-grade and carrier-class applications/services.