Efficient Telecommunication Infrastructure with Internet Telephony (VoIP)

3,657
-1

Published on

Get to know what Voice over IP is, how it works and to use it.

Published in: Technology, Business
1 Comment
3 Likes
Statistics
Notes
No Downloads
Views
Total Views
3,657
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
233
Comments
1
Likes
3
Embeds 0
No embeds

No notes for slide

Efficient Telecommunication Infrastructure with Internet Telephony (VoIP)

  1. 1. Efficient Telecommunication Infrastructure with Internet Telephony (VoIP) Thomas Siegers 3 July 2007 Songfuli Co., Ltd. 1
  2. 2. Information Hosted by: American Chamber of Commerce Taiwan Communications Technology Workshop This presentation is publicly available at: http://www.slideshare.net/thomasjs This presentation is published under the Creative Commons Attribution Share Alike License. For more information, see http://creativecommons.org/about/licenses/ 2
  3. 3. Agenda  Introduction  Hardware  Basics of telephony  Service providers  and networking  Integration into network and telephone system  Skype  Scenarios and examples  SIP protocol 2 hours 30 minutes 3
  4. 4. Hype Cycle www.gartner.com –2006 4
  5. 5. Introduction  Internet Telephony VoIP – Voice over IP (IP – Internet Protocol)  Pro: more economic no telephone charge for computer-to-computer calls* charge of local call for computer-to-telephone call *) except of charge for network access  Con: more complicated and less reliable relies on electric power emergency calls cannot be mapped to location network: connection interruptions, packet loss security: easier to trace calls over the Internet configuration: firewall traversal 5
  6. 6. Return of Investment Accumulated cost over 6 months 140 NTD 60 min calls per day to 120 Germany, 20 days per month 100 CHT 16 NTD/min VoIP 80 CHT 1 €¢/min VoIP 60 Investment for VoIP 40 100,000 NTD ROI after 5 months, 20 months after that savings of 0 >18,500 NTD/month 1 2 3 4 5 6 6
  7. 7. How does it work? Network Computer Telephone adapter + sound card + analog telephone + headset + software Computer Network transports Telephone adapter converts voice digital signals as converts digital into digital data packets. signals into voice. signals. 7
  8. 8. Telephony  PSTN Public Switched Telephone Network  POTS Plain Old Telephone Service  ISDN Integrated Services Digital Network  PBX Private Branch Exchange  FXO Foreign Exchange Office  FXS Foreign Exchange Station 8
  9. 9. PSTN PSTN–Public Switched Telephone Network Circuit-Switching TX TX TX TX TX TX TX TX TX TX TX TX - Telephone Exchange 9
  10. 10. PBX PBX = PABX–Private Automatic Branch Exchange Extensions Trunk PSTN FXO FXS FXO–goes on-hock and off-hook FXS–provides power, ring signal, dial tone 10
  11. 11. Network Packet-Switching Clients R Server R R R R R R R R R R R–Router 11
  12. 12. Layer Concept Message SENDER Delivery tere d Regis Address Service Transport Network 12
  13. 13. Protocol Stack ISO/OSI* Internet Examples 7 Application Application www : HTTP, FTP, DNS 6 Presentation mail : SMTP, POP, IMAP 5 Session p2p : SIP, eD2k, XMPP 4 Transport Transport TCP, UDP, NetBEUI, WAP 3 Network Internet IP, IGMP, ICMP, IPsec, ARP 2 Data Link Network PPP, L2TP, GPRS, ATM, FR Access** 1 Physical Ethernet, USB, Wi-Fi, ISDN *) ISO –International Organization for Standardization, OSI –Open Systems Interconnection **) original TCP/IP model, recently 5-layer model with data link and physical layer 13
  14. 14. TCP/IP Packet TCP-packet header data source port application data destination port (HTTP, FTP, SMPT) IP-packet header data source address TCP-packet destination address 14
  15. 15. Request – Response Request Source 10.0.0.100:1234 Server Client Destin. 203.66.88.89:80 HTTP Source 203.66.88.89:80 Destin. 10.0.0.100:1234 IP-address: IP-address: 10.0.0.100 Response 203.66.88.89 TCP-port: >1024 TCP-port: 80 15
  16. 16. Network Address Translation  NAT, IP masquerading  Address shortage of IP ver. 4 32 bit => 4 G ~ 4 billion addresses  Address ranges only for private use class A : 10.x.x.x, class B : 172.16.x.x – 172.31.x.x, class C : 192.168.x.x  Internet gateway (firewall) translates between private and public addresses.  Firewall rules: Internet request LAN  Internet : allow response Internet  LAN : allow request Internet  LAN : deny  Internet can only connect to the LAN, NAT when the LAN had sent a request before. LAN 16
  17. 17. Peer-to-Peer Communication  Peer-to-Peer (P2P) VoIP, file sharing, instant messaging  VoIP Protocols two protocols involved: SIP and RTP SIP - session initiation protocol: signalling, UDP port 5060 RTP - real-time transport protocol: voice communication, UDP port range 10000-20000  NAT Traversal - different kinds of NAT: symmetric, asymmetric - UDP hole punching - STUN - Simple Traversal of UDP through NATs necessary when both clients are behind NAT doesn’t work with symmetric NAT 17
  18. 18. UDP Hole Punching Before Process After 18
  19. 19. UDP Hole Punching Process 19
  20. 20. Firewall Application Filter 20
  21. 21. Skype  Peer-to-peer Internet telephony (VoIP) network  Software is free, but not open source  Proprietary protocol, traffic encrypted  Founded by the founders of the file sharing application Kazaa  Acquired by eBay in October 2005  Easy to deploy even behind firewall and NAT  Heavy use of network bandwidth and other resources  Difficult to integrate into organization’s security strategy 21
  22. 22. Getting Granular on Skype  2004 – Columbia University, New York, USA An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol http://www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf Analysis of network structure and traffic  2006 - EADS Corporate Research Center, France Silver Needle in the Skype http://www.secdev.org/conf/skype_BHEU06.handout.pdf Developers of Skype made immense effort to prevent reverse engineering, i.e. getting an inside view. The Skype client detects, when it is running within a debugger and then changes its behavior. Parts of its code are ciphered and will be decrypted during runtime. 22
  23. 23. Problems with Skype From a network security administrator point of view  Almost everything is obfuscated  Peer to peer architecture  Traffic even when the software is not used From a system security administrator point of view  Many protections, anti-debugging tricks, ciphered code  A product that works well for free from a company not involved on Open Source ?! The Chief Security Officer point of view  Is Skype a backdoor ?  Can I distinguish Skype’s traffic from real data exfiltration ?  Is Skype a risky program for my sensitive business ? 23
  24. 24. Conclusion Good points  Skype was made by clever people  Good use of cryptography Bad points  Hard to enforce a security policy with Skype  Jams traffic, can’t be distinguished from data exfiltration  Incompatible with traffic monitoring, IDS  Impossible to protect from attacks (which would be obfuscated)  Total blackbox. Lack of transparency. No way to know if there is/will be a backdoor  Fully trusts anyone who speaks Skype. 24
  25. 25. SIP Protocol  SIP – session initiation protocol - application layer protocol used for Internet telephone calls, multimedia distribution, and multimedia conferences - standardized by the Internet Engineering Task Force (IETF) - open specification: RFC 3261 (like all Internet standards)  SIP - The De-facto VoIP Standard http://en.wikipedia.org/wiki/SIP_Telephony#SIP_-_The_De-facto__VoIP_Standard  SIP – signalling, UDP port 5060 RTP – real-time transport protocol voice communication, UDP port range 10000-20000  Codec – audio data compression algorithm for voice G.729a – 8kbps, G.711 – 64kbps, G.723 obsolete, superseded by G.726 – 16-40kbps 25
  26. 26. VoIP Provider SIP – open protocol => everyone can offer services for it  VoIP provider is connected to both Internet and PSTN.  Over 2000 SIP VoIP providers Dialing between providers e.g. FreeWorldDialup no. 740218 => *393 740218 http://www.sipbroker.com/sipbroker/action/providerWhitePages  Advanced Features - monthly rate, flat rate - unlimited local and distance calling - voicemail, call forwarding, caller ID - dial-in number with home area code - direct inward dialing (DID) - fax receipt with e-mail notification 26
  27. 27. VoIP Services PSTN Internet IP Telephone   VoIP Provider Gateway  Computer, Analog Telephone Soft Phone & Headset 1) VoIP call–free 2) dial-out–charged 3) dial-in–charged 27
  28. 28. VoIP Hardware SIP – open protocol => everyone can build devices for it  Router  Analog Telephony Adapter (ATA)  SIP-Phone  Wireless Phone  USB-Devices  Integrated Systems  Large Systems  Hardware bundled by VoIP providers http://www.voipbuster.com/en/hardware.html http://www.sipgate.de/voipshop 28
  29. 29. Router  ADSL Internet access  VoIP (SIP)  FXS, (FXO)  Packet filter  VPN (virtual private network)  WLAN (wireless LAN) 29
  30. 30. Analog Telephony Adapter  ATA connects standard analog telephones to a VoIP network 30
  31. 31. SIP-Phone  Connected to LAN or directly to the Internet  Bridge to PC to share network cable 31
  32. 32. Wireless Phone  Wireless USB phones  USB Bluetooth phones  Wi-Fi phones 32
  33. 33. USB-Devices  Headsets  USP-Phones  Wireless USB-Phones 33
  34. 34. Integrated Systems  Multiple analog ports FXS, FXO  PBX  Firewall  VPN-gateway  WLAN  ISDN 34
  35. 35. Large System Used by VoIP Providers  SIP Proxy Server  T1/E1 Gateway  RTP Resource Server  Session Border Controller  Voice Mail, Auto-Attendant  Application Server  Conference Server  IP Recorder  Billing server  Universal SIP/H.323 Signal Converter 35
  36. 36. IP PBX  Software PBX  Can be installed on standard hardware from PC to Unix-server  Additional hardware required connection to POTS (FXO/FXS) or ISDN  Embedded appliances available  Asterisk popular open source software, another is sipX Linux distributions: Trixbox, AstLinux, AsteriskNOW used as basis for embedded appliances used by leading VoIP providers, e.g. iotum* *) iotum was named “Cool Vendor” in Enterprise Communications by Gartner in 2007 http://www.asterisk.org 36
  37. 37. Asterisk  Analog cards PCI bus, half or full length 1-8 FXO/FXS interfaces  Digital cards PRI E1/T1, ISDN  Appliance IP-PBX embedded in device with analog interfaces  Developer kits version ITSPs, OEMs, resellers, and integrators 37
  38. 38. IP-PBX  Software PBX embedded in robust hardware mostly based on Asterisk configurable via web browser  Primary rate interface 23 (T1) or 30 (E1) channels  Multiple extensions FXS or ISDN 38
  39. 39. Application Examples  Integration with PBX  VoIP gateway without PBX  VoIP gateway with PBX connected via FXS  VoIP gateway with PBX connected via FXO  Integration with Network  VoIP gateway as Firewall  VoIP gateway in LAN with private IP address  VoIP gateway in DMZ with private IP address  VoIP gateway in DMZ with public IP address  IP-PBX  SIP only / SIP and Skype 39
  40. 40. VoIP Gateway without PBX PSTN Internet FXO VoIP FXS LAN 40
  41. 41. VoIP Gateway 41
  42. 42. VoIP Gateway with PBX (FXS) PSTN Internet FXO VoIP PBX FXS FXS 42
  43. 43. VoIP Gateway with PBX (FXO) PSTN Internet FXO FXO VoIP PBX FXS FXS 43
  44. 44. Application Examples  Integration with PBX  VoIP gateway without PBX  VoIP gateway with PBX connected via FXS  VoIP gateway with PBX connected via FXO  Integration with Network  VoIP gateway as Firewall  VoIP gateway in LAN with private IP address  VoIP gateway in DMZ with private IP address  VoIP gateway in DMZ with public IP address  IP-PBX  SIP only / SIP and Skype 44
  45. 45. VoIP Gateway in LAN VoIP Provider Internet STUN public IP address NAT FW FW–firewall VoIP LAN–local area LAN network private IP address 45
  46. 46. VoIP Gateway in DMZ DMZ–demilitarized zone Internet public IP address VoIP DMZ FW NAT private IP address LAN 46
  47. 47. VoIP Gateway with public IP Internet public IP address FW outer firewall VoIP DMZ inner firewall FW private IP address NAT LAN 47
  48. 48. Application Examples  Integration with PBX  VoIP gateway without PBX  VoIP gateway with PBX connected via FXS  VoIP gateway with PBX connected via FXO  Integration with Network  VoIP gateway as Firewall  VoIP gateway in LAN with private IP address  VoIP gateway in DMZ with private IP address  VoIP gateway in DMZ with public IP address  IP-PBX  SIP only / SIP and Skype 48
  49. 49. IP-PBX PSTN Internet FW FXO FXS LAN analog telephone digital (IP) IP-PBX telephone 49
  50. 50. SIP and Skype PSTN Internet VoIP FXO FXS PBX FXS FXS LAN PC, FXS-card, Skype software 50
  51. 51. VoIP Scenarios  Transfer call between two VoIP Providers dial via caller’s VoIP provider transfer call to company’s VoIP provider transfer call to company’s internal extension  Transfer incoming call to teleworker teleworker is registered to company’s PBX (no provider) customer calls in via PSTN company’s operator transfers call to teleworker*  Setup multi-location corporate infrastructure headquarter serve as central registrar (no provider) branch offices register to headquarter *) http://en.wikipedia.org/wiki/Teleworker 51
  52. 52. Two VoIP Providers VoIP provider A PSTN  Internet VoIP provider B   FXO VoIP PBX Caller FXS FXS   Operator Extension 52
  53. 53. Teleworker PSTN Internet Teleworker  Wi-Fi FXO FXO VoIP PBX  Mobile Worker Customer FXS  Operator 53
  54. 54. Corporate Infrastructure Factory PSTN Internet   FXO FXO VoIP PBX  Sales Office Customer FXS  54
  55. 55. Q&A Thomas Siegers Songfuli Co., Ltd. Taipei, Taiwan 松福禮股份有限公司 http://www.songfuli.com thomas.siegers@songfuli.com http://www.slideshare.net/thomasjs 55

×