Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • This is the latest map of Internet2 universities. Each Internet2 university commits to providing the high performance networking on their own campus, connecting to a high-performance backbone network, and supporting advanced applications development on their own campus.
  • IP-over-DWDM (OC-192c) and IP-over-SONET OC-48c Backbone with 230 participants – research universities & laboratories -- Expanded access - 32 state education networks Enable New Applications Many good Demonstrations Real Time Application can now work Transfers of Large Datasets Provide the Test Bed for New Technologies Packet over Sonet New Measurement Techniques Allows sharing of Ideas and Results
  • Partnerships are the foundation of how the Internet developed and they are also a part of the foundation of Internet2.
  • 50% of small colleges; 25% of high schools
  • Highlight for VON: The image in the upper left shows M ichael Tilson Thomas, who is Director of the New World Symphony, on screen from Miami coaching a conducting student who is in New York City. (the student is from the Manhattan School of Music and is at Columbia for this Internet master class). Stereo quality audio / near-broadcast quality Video MPEG2 @ 15 Mbps. This is not merely a one-off demonstration; nearly 250 master classes like this have been taught over over Internet2 with campuses around the world. Because the latency requirements for musical interactions are so stringent, this community is looking at removing codec latency by conducting these classes using uncompressed FireWire video (DVTS) Interactive collaboration Real-time access to remote resources Large-scale, multi-site computation and data mining Shared virtual reality Any combination of the above Priorites: Promote large scale adoption of common applications Encourage innovation at the edge (and be attentive to emergent apps)
  • Need to scale advanced, collaborative apps to support millions of devices and users; Rich presence
  • Why we are an interesting place to grow RTC.. Mention middleware and cyber-security as examples of “higher-level connectivity”. 26% of college students use IM (twice the rate of average Internet users)* * The Internet Goes to College , Pew Internet and American Life Project report, Sept. 2002.
  • Danger that a rush to match traditional PSTN notions of voice security will undermine potential of VoIP

    1. 1. & VoIP Security 2nd Workshop on Securing VoIP June 1-2, Washington, DC Ben Teitelbaum <>
    2. 2. Outline <ul><li>Internet2 </li></ul><ul><li> </li></ul><ul><ul><li>Goal </li></ul></ul><ul><ul><li>Architecture </li></ul></ul><ul><ul><li>Status </li></ul></ul><ul><ul><li>Security Concerns </li></ul></ul><ul><li>Abilene Observatory </li></ul><ul><ul><li>VoIP Observatory? </li></ul></ul>
    3. 3. Internet2 Who? <ul><li>Elevator Explanation </li></ul><ul><ul><li>Internet2's mission is to develop and deploy advanced network applications and technologies, accelerating the creation of tomorrow’s Internet </li></ul></ul><ul><li>Who we really are </li></ul><ul><ul><li>Membership organization of 200+ US research universities </li></ul></ul><ul><ul><li>Parent 501.3c (UCAID) has board of university presidents </li></ul></ul><ul><ul><li>Project supported by numerous partnerships (government, industry, international) </li></ul></ul><ul><li>Goals </li></ul><ul><ul><li>Enable new generation of applications </li></ul></ul><ul><ul><li>Re-create leading edge R&E network capability </li></ul></ul><ul><ul><li>Transfer capability to global production internet </li></ul></ul>
    4. 4. Internet2 Universities 206 University Members, March 2005
    5. 5. High Performance Networks
    6. 6. Internet2 Partnerships <ul><li>Internet2 universities are recreating the partnerships that fostered the Internet in its infancy </li></ul><ul><ul><li>Industry </li></ul></ul><ul><ul><li>Government </li></ul></ul><ul><ul><li>International </li></ul></ul><ul><li>Additional Participation </li></ul><ul><ul><li>Over 60 Internet2 Corporate Members </li></ul></ul><ul><ul><li>Over 40 Affiliate Members </li></ul></ul><ul><ul><li>New Association Member Category </li></ul></ul><ul><ul><li>Over 30 International Partners </li></ul></ul>
    7. 7. Sponsored Education Group Participants
    8. 8. Internet2 Focus Areas <ul><li>Advanced Network Infrastructure </li></ul><ul><ul><li>10 GB Abilene backbone • Advanced regional networks • 100 MB to the desktop • National fiber-optic facility </li></ul></ul><ul><li>Middleware </li></ul><ul><ul><li>Directories • Authentication • Authorization </li></ul></ul><ul><li>Engineering </li></ul><ul><ul><li>Multicast • IPv6 • Measurement • New Arch </li></ul></ul><ul><li>Advanced Applications </li></ul><ul><ul><li>Gigabit+ file transfer • High-end video • Remote instrumentation • Distributed computation • Virtual co-laboratories • Distance learning • Integrated Communications </li></ul></ul>
    9. 9. Advanced Applications (high-end, few users)
    10. 10. <ul><li>Many ways VoIP can be better… </li></ul><ul><ul><li>Multi-media integration </li></ul></ul><ul><ul><li>Integration with campus IT assets </li></ul></ul><ul><ul><li>Use of IPv6 and Multicast </li></ul></ul><ul><ul><li>Fidelity </li></ul></ul><ul><ul><li>Addressing </li></ul></ul><ul><ul><li>Mobility </li></ul></ul><ul><ul><li>Privacy </li></ul></ul><ul><ul><li>Survivability </li></ul></ul><ul><ul><li>Emergency services </li></ul></ul>Advanced Communications (less high-end, many users) * Drawings by VoIP user, Louis Teitelbaum (age 6)
    11. 11. Internet2’s Secret Sauce <ul><li>Demographics </li></ul><ul><ul><li>~3.8 million students (tech-savvy, talk a lot, adapt easily) </li></ul></ul><ul><ul><li>And, by the way, they graduate (tech-transfer à la email) </li></ul></ul><ul><li>Institutional Commitments </li></ul><ul><ul><li>Internet2 members have committed to advance IP communications and promote collaborative apps </li></ul></ul><ul><ul><li>Commitment to advance communication way beyond POTS </li></ul></ul><ul><li>Connectivity </li></ul><ul><ul><li>Great networking connectivity and campus middleware </li></ul></ul><ul><ul><ul><li>High-bandwidth, low-loss, low-jitter </li></ul></ul></ul><ul><ul><ul><li>End-to-end transparency (few NATs) </li></ul></ul></ul><ul><ul><ul><li>Emerging middleware infrastructure for authentication & authorization </li></ul></ul></ul><ul><ul><ul><li>IPv6 and multicast too! </li></ul></ul></ul><ul><li>Strong commitment to open standards </li></ul>
    12. 12. Working Group <ul><li>Fearless Leader </li></ul><ul><ul><li>Dennis Baron, MIT (Chair) </li></ul></ul><ul><li>Web Site </li></ul><ul><ul><li> </li></ul></ul>
    13. 13. Ends and Means <ul><li>Ends </li></ul><ul><ul><li>Grow SIP connectivity in Internet2 </li></ul></ul><ul><ul><li>Increase value proposition for end-user SIP adoption </li></ul></ul><ul><ul><li>Promote SIP and converged identity </li></ul></ul><ul><ul><li>Provide a useful service, while supporting R&D </li></ul></ul><ul><li>Means </li></ul><ul><ul><li>Cookbook with various “recipes” </li></ul></ul><ul><ul><li>Corporate sponsorship and promotional pricing </li></ul></ul><ul><ul><ul><li>Cisco, Avaya, so far </li></ul></ul></ul><ul><ul><li>Build community </li></ul></ul>
    14. 14. <ul><li>Users should not be burdened with device addresses, when it’s people they care about </li></ul><ul><li>Addresses should be mnemonic and empower enterprises to manage the identities of their users </li></ul><ul><ul><ul><li> </li></ul></ul></ul><ul><li>It’s time to put E.164 numbers behind us! </li></ul><ul><li>A.G. Bell did not say: </li></ul>Why Phone NUMBERS? “ +1-617-252-1232, come here. I need you!”
    15. 15. Architecture v0.1 SIP Proxy SIP-PBX Gateway PBX INVITE ( INVITE ( DNS SRV query telephoneNumber where mail=”bob” PRI / CAS Bob's Phone SIP User Agent Campus Directory DNS SRV
    16. 16. Architecture v0.2 INVITE ( DNS SRV query SIP User Agent REGISTER (Contact: INVITE (sip:bob@ SIP Proxy Bob's SIP Phones SIP Registrar IP Voice, Video, IM, ... location DB If Bob has registered, ring his SIP UAs; Else, call his extension through the PBX. DNS SRV
    17. 17. Campus Deployments
    18. 18. Security Considerations <ul><li>VoIP is wonderful, but returns us to the bad old days of in-band signaling </li></ul><ul><li>DoS, SPIT, SPIM, Spideo, all concerns </li></ul><ul><li>Toll fraud - not so much </li></ul><ul><li> community looking seriously at draft-ietf-sip-identity-05 (Peterson & Jennings) to deter spoofing </li></ul><ul><li>Possible leverage of Shibboleth / InCommon PKI </li></ul>
    19. 19. Security Should Not Compromise Security <ul><li>CALEA </li></ul><ul><ul><li>Tapping boxes could introduce fragility </li></ul></ul><ul><ul><li>Tapping boxes could be hacked </li></ul></ul><ul><li>911 </li></ul><ul><ul><li>Short-term solutions could delay the deployment of much better long-term solutions </li></ul></ul><ul><ul><ul><li>IP-enabled PSAPs </li></ul></ul></ul><ul><ul><ul><li>Better 911 : multimedia, testability, low-cost, robustness </li></ul></ul></ul><ul><ul><ul><li>Columbia/Texas A&M/Internet2/NENA NG911 project </li></ul></ul></ul><ul><li>Priority and preemption systems </li></ul><ul><ul><li>Open new opportunities for DoS attacks </li></ul></ul><ul><ul><li>Best-effort is often what you want in a crisis </li></ul></ul>
    20. 20. Goals Revisted <ul><li>Provide a useful service… </li></ul><ul><ul><li>User-to-user connectivity to support mass-use of new collaborative applications </li></ul></ul><ul><ul><li>Eventual evolution of testbed deployments into production services </li></ul></ul><ul><li>… while supporting R&D </li></ul><ul><ul><li>Experimental deployment of new solutions </li></ul></ul><ul><ul><li>Access to statistics & measurement data </li></ul></ul>
    21. 21. Abilene Observatory - Summary <ul><li>History and Motivation </li></ul><ul><li>What is the Observatory? </li></ul><ul><ul><li>Collocation Projects </li></ul></ul><ul><ul><li>Internet2 and NOC Measurements </li></ul></ul><ul><ul><li>Data Collections </li></ul></ul><ul><li>Examples of Research Results </li></ul><ul><li>Participation in Research Proposals </li></ul><ul><li>Future Directions </li></ul><ul><li>Issues </li></ul><ul><li> </li></ul>
    22. 22. History and Motivation <ul><li>Original Abilene racks included measurement devices </li></ul><ul><ul><li>Included a single PC </li></ul></ul><ul><ul><li>Early OWAMP, surveyor measurements </li></ul></ul><ul><ul><li>Optical splitters at some locations </li></ul></ul><ul><li>Motivation was primarily operational </li></ul><ul><li>Data collections </li></ul><ul><ul><li>Collected and maintained by the NOC </li></ul></ul><ul><ul><li>How is the network performing? </li></ul></ul><ul><ul><li>Available to other network operators </li></ul></ul><ul><ul><li>Data also proved valuable for research purposes </li></ul></ul>
    23. 23. History and Motivation <ul><li>An important decision was made during the last upgrade process (Juniper T-640 routers and OC-192c) </li></ul><ul><ul><li>Two racks, one dedicated to measurement platform </li></ul></ul><ul><ul><li>Potential for research community to collocate </li></ul></ul><ul><li>Created two components to the Observatory </li></ul><ul><ul><li>Collocation - research groups are able to collocate equipment in the Abilene router nodes </li></ul></ul><ul><ul><li>Measurement - data is collected by the NOC, the Ohio ITEC, and Internet2, and made available to the research community </li></ul></ul>
    24. 24. Abilene router node Power Out-of-band Eth. Switch T-640 (M-5) Power (48VDC) Measurement Machines (nms) Space! Measurement(Observatory) Rack
    25. 25. Dedicated servers at each node <ul><li>Houston Router Node </li></ul><ul><ul><li>NMS machines </li></ul></ul><ul><ul><li>PlanetLab machines </li></ul></ul>
    26. 26. Collocation Research Projects <ul><li>PlanetLab – Nodes installed in all Abilene Router Nodes </li></ul><ul><ul><li>PlanetLab is a global overlay network for developing and accessing new network services </li></ul></ul><ul><ul><li>Goal is deploy 1000 nodes in a variety of networks </li></ul></ul><ul><ul><li>Designed to support both short-term experiments and long-running services </li></ul></ul><ul><ul><li>Larry Peterson, Princeton University is Research Lead </li></ul></ul><ul><ul><li> </li></ul></ul><ul><ul><li>Potential new direction using MPLS L2VPNs </li></ul></ul>
    27. 27. Collocation Projects <ul><li>The AMP Project – Active Measurement Platform, Deployed in all Abilene Router Nodes </li></ul><ul><ul><li>More than 150 nodes deployed worldwide </li></ul></ul><ul><ul><li>Measurements include path, round-trip-time, packet loss and on demand throughput tests </li></ul></ul><ul><ul><li>Project of NLANR/MNA </li></ul></ul><ul><ul><li>Tony McGregor NLANR/MNA, Waikato University is Research Lead </li></ul></ul><ul><ul><li> </li></ul></ul>
    28. 28. Collocation Projects <ul><li>The PMA Project – Passive Measurement and Analysis, Deployed at Abilene Indianapolis Router Node </li></ul><ul><ul><li>Analysis of header traces from over 20 sites, including OC-192 circuits in Abilene </li></ul></ul><ul><ul><li>Header traces of all packets in and out of the Indianapolis Abilene router – A router clamp </li></ul></ul><ul><ul><li>Joerg Micheel, NLANR/MNA, San Diego Supercomputer Center, UCSD, is research lead </li></ul></ul><ul><ul><li> </li></ul></ul><ul><ul><li> </li></ul></ul>
    29. 29. Measurement Capabilities <ul><li>One way latency, jitter, loss </li></ul><ul><ul><li>IPv4 and IPv6 </li></ul></ul><ul><li>Regular TCP/UDP throughput tests – ~1 Gbps </li></ul><ul><ul><li>IPv4 and IPv6; On-demand available (see “pipes”) </li></ul></ul><ul><li>SNMP (NOC) </li></ul><ul><ul><li>Octets, packets, errors; collected frequently </li></ul></ul><ul><li>“ Netflow” (ITEC Ohio) </li></ul><ul><ul><li>Addresses anonymized by 0-ing the low order 11 bits </li></ul></ul><ul><li>Multicast beacon with historical data </li></ul><ul><li>Routing data </li></ul><ul><ul><li>Both IGP and BGP - Measurement device participates in both </li></ul></ul><ul><ul><li>Japanese research techniques on routing research were implemented </li></ul></ul>
    30. 30. Databases – Date Types <ul><li>Data is collected locally and stored in a distributed databases </li></ul><ul><li>Databases </li></ul><ul><ul><li>Usage Data </li></ul></ul><ul><ul><li>Netflow Data </li></ul></ul><ul><ul><li>Routing Data </li></ul></ul><ul><ul><li>Latency Data </li></ul></ul><ul><ul><li>Throughput Data </li></ul></ul><ul><ul><li>Router Data </li></ul></ul><ul><ul><li>Syslog Data </li></ul></ul>
    31. 31. Databases - Interface <ul><li>Variety of Interfaces to data </li></ul><ul><ul><li>Simple web based for usage data </li></ul></ul><ul><ul><li>Rsync for netflow </li></ul></ul><ul><ul><li>Simple web based for routing data </li></ul></ul><ul><ul><li>SOAP interface for latency data </li></ul></ul><ul><ul><li>SOAP interface for throughput data </li></ul></ul><ul><ul><li>SOAP interface for Router data </li></ul></ul><ul><ul><li>Syslog data still under development </li></ul></ul>
    32. 32. “ Observatory”? <ul><li>Could the Abilene Observatory be leveraged to support VoIP security research? </li></ul><ul><li>Are additional data (e.g . anonymized proxy logs) needed to support VoIP security research? </li></ul>