• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Efficient Telecommunication Infrastructure with Internet Telephony (VoIP)
 

Efficient Telecommunication Infrastructure with Internet Telephony (VoIP)

on

  • 4,105 views

Get to know what Voice over IP is, how it works and to use it.

Get to know what Voice over IP is, how it works and to use it.

Statistics

Views

Total Views
4,105
Views on SlideShare
4,094
Embed Views
11

Actions

Likes
0
Downloads
211
Comments
1

1 Embed 11

http://www.slideshare.net 11

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Efficient Telecommunication Infrastructure with Internet Telephony (VoIP) Efficient Telecommunication Infrastructure with Internet Telephony (VoIP) Presentation Transcript

    • Efficient Telecommunication Infrastructure with Internet Telephony (VoIP) Thomas Siegers 3 July 2007 Songfuli Co., Ltd. 1
    • Information Hosted by: American Chamber of Commerce Taiwan Communications Technology Workshop This presentation is publicly available at: http://www.slideshare.net/thomasjs This presentation is published under the Creative Commons Attribution Share Alike License. For more information, see http://creativecommons.org/about/licenses/ 2
    • Agenda  Introduction  Hardware  Basics of telephony  Service providers  and networking  Integration into network and telephone system  Skype  Scenarios and examples  SIP protocol 2 hours 30 minutes 3
    • Hype Cycle www.gartner.com –2006 4
    • Introduction  Internet Telephony VoIP – Voice over IP (IP – Internet Protocol)  Pro: more economic no telephone charge for computer-to-computer calls* charge of local call for computer-to-telephone call *) except of charge for network access  Con: more complicated and less reliable relies on electric power emergency calls cannot be mapped to location network: connection interruptions, packet loss security: easier to trace calls over the Internet configuration: firewall traversal 5
    • Return of Investment Accumulated cost over 6 months 140 NTD 60 min calls per day to 120 Germany, 20 days per month 100 CHT 16 NTD/min VoIP 80 CHT 1 €¢/min VoIP 60 Investment for VoIP 40 100,000 NTD ROI after 5 months, 20 months after that savings of 0 >18,500 NTD/month 1 2 3 4 5 6 6
    • How does it work? Network Computer Telephone adapter + sound card + analog telephone + headset + software Computer Network transports Telephone adapter converts voice digital signals as converts digital into digital data packets. signals into voice. signals. 7
    • Telephony  PSTN Public Switched Telephone Network  POTS Plain Old Telephone Service  ISDN Integrated Services Digital Network  PBX Private Branch Exchange  FXO Foreign Exchange Office  FXS Foreign Exchange Station 8
    • PSTN PSTN–Public Switched Telephone Network Circuit-Switching TX TX TX TX TX TX TX TX TX TX TX TX - Telephone Exchange 9
    • PBX PBX = PABX–Private Automatic Branch Exchange Extensions Trunk PSTN FXO FXS FXO–goes on-hock and off-hook FXS–provides power, ring signal, dial tone 10
    • Network Packet-Switching Clients R Server R R R R R R R R R R R–Router 11
    • Layer Concept Message SENDER Delivery tere d Regis Address Service Transport Network 12
    • Protocol Stack ISO/OSI* Internet Examples 7 Application Application www : HTTP, FTP, DNS 6 Presentation mail : SMTP, POP, IMAP 5 Session p2p : SIP, eD2k, XMPP 4 Transport Transport TCP, UDP, NetBEUI, WAP 3 Network Internet IP, IGMP, ICMP, IPsec, ARP 2 Data Link Network PPP, L2TP, GPRS, ATM, FR Access** 1 Physical Ethernet, USB, Wi-Fi, ISDN *) ISO –International Organization for Standardization, OSI –Open Systems Interconnection **) original TCP/IP model, recently 5-layer model with data link and physical layer 13
    • TCP/IP Packet TCP-packet header data source port application data destination port (HTTP, FTP, SMPT) IP-packet header data source address TCP-packet destination address 14
    • Request – Response Request Source 10.0.0.100:1234 Server Client Destin. 203.66.88.89:80 HTTP Source 203.66.88.89:80 Destin. 10.0.0.100:1234 IP-address: IP-address: 10.0.0.100 Response 203.66.88.89 TCP-port: >1024 TCP-port: 80 15
    • Network Address Translation  NAT, IP masquerading  Address shortage of IP ver. 4 32 bit => 4 G ~ 4 billion addresses  Address ranges only for private use class A : 10.x.x.x, class B : 172.16.x.x – 172.31.x.x, class C : 192.168.x.x  Internet gateway (firewall) translates between private and public addresses.  Firewall rules: Internet request LAN  Internet : allow response Internet  LAN : allow request Internet  LAN : deny  Internet can only connect to the LAN, NAT when the LAN had sent a request before. LAN 16
    • Peer-to-Peer Communication  Peer-to-Peer (P2P) VoIP, file sharing, instant messaging  VoIP Protocols two protocols involved: SIP and RTP SIP - session initiation protocol: signalling, UDP port 5060 RTP - real-time transport protocol: voice communication, UDP port range 10000-20000  NAT Traversal - different kinds of NAT: symmetric, asymmetric - UDP hole punching - STUN - Simple Traversal of UDP through NATs necessary when both clients are behind NAT doesn’t work with symmetric NAT 17
    • UDP Hole Punching Before Process After 18
    • UDP Hole Punching Process 19
    • Firewall Application Filter 20
    • Skype  Peer-to-peer Internet telephony (VoIP) network  Software is free, but not open source  Proprietary protocol, traffic encrypted  Founded by the founders of the file sharing application Kazaa  Acquired by eBay in October 2005  Easy to deploy even behind firewall and NAT  Heavy use of network bandwidth and other resources  Difficult to integrate into organization’s security strategy 21
    • Getting Granular on Skype  2004 – Columbia University, New York, USA An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol http://www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf Analysis of network structure and traffic  2006 - EADS Corporate Research Center, France Silver Needle in the Skype http://www.secdev.org/conf/skype_BHEU06.handout.pdf Developers of Skype made immense effort to prevent reverse engineering, i.e. getting an inside view. The Skype client detects, when it is running within a debugger and then changes its behavior. Parts of its code are ciphered and will be decrypted during runtime. 22
    • Problems with Skype From a network security administrator point of view  Almost everything is obfuscated  Peer to peer architecture  Traffic even when the software is not used From a system security administrator point of view  Many protections, anti-debugging tricks, ciphered code  A product that works well for free from a company not involved on Open Source ?! The Chief Security Officer point of view  Is Skype a backdoor ?  Can I distinguish Skype’s traffic from real data exfiltration ?  Is Skype a risky program for my sensitive business ? 23
    • Conclusion Good points  Skype was made by clever people  Good use of cryptography Bad points  Hard to enforce a security policy with Skype  Jams traffic, can’t be distinguished from data exfiltration  Incompatible with traffic monitoring, IDS  Impossible to protect from attacks (which would be obfuscated)  Total blackbox. Lack of transparency. No way to know if there is/will be a backdoor  Fully trusts anyone who speaks Skype. 24
    • SIP Protocol  SIP – session initiation protocol - application layer protocol used for Internet telephone calls, multimedia distribution, and multimedia conferences - standardized by the Internet Engineering Task Force (IETF) - open specification: RFC 3261 (like all Internet standards)  SIP - The De-facto VoIP Standard http://en.wikipedia.org/wiki/SIP_Telephony#SIP_-_The_De-facto__VoIP_Standard  SIP – signalling, UDP port 5060 RTP – real-time transport protocol voice communication, UDP port range 10000-20000  Codec – audio data compression algorithm for voice G.729a – 8kbps, G.711 – 64kbps, G.723 obsolete, superseded by G.726 – 16-40kbps 25
    • VoIP Provider SIP – open protocol => everyone can offer services for it  VoIP provider is connected to both Internet and PSTN.  Over 2000 SIP VoIP providers Dialing between providers e.g. FreeWorldDialup no. 740218 => *393 740218 http://www.sipbroker.com/sipbroker/action/providerWhitePages  Advanced Features - monthly rate, flat rate - unlimited local and distance calling - voicemail, call forwarding, caller ID - dial-in number with home area code - direct inward dialing (DID) - fax receipt with e-mail notification 26
    • VoIP Services PSTN Internet IP Telephone   VoIP Provider Gateway  Computer, Analog Telephone Soft Phone & Headset 1) VoIP call–free 2) dial-out–charged 3) dial-in–charged 27
    • VoIP Hardware SIP – open protocol => everyone can build devices for it  Router  Analog Telephony Adapter (ATA)  SIP-Phone  Wireless Phone  USB-Devices  Integrated Systems  Large Systems  Hardware bundled by VoIP providers http://www.voipbuster.com/en/hardware.html http://www.sipgate.de/voipshop 28
    • Router  ADSL Internet access  VoIP (SIP)  FXS, (FXO)  Packet filter  VPN (virtual private network)  WLAN (wireless LAN) 29
    • Analog Telephony Adapter  ATA connects standard analog telephones to a VoIP network 30
    • SIP-Phone  Connected to LAN or directly to the Internet  Bridge to PC to share network cable 31
    • Wireless Phone  Wireless USB phones  USB Bluetooth phones  Wi-Fi phones 32
    • USB-Devices  Headsets  USP-Phones  Wireless USB-Phones 33
    • Integrated Systems  Multiple analog ports FXS, FXO  PBX  Firewall  VPN-gateway  WLAN  ISDN 34
    • Large System Used by VoIP Providers  SIP Proxy Server  T1/E1 Gateway  RTP Resource Server  Session Border Controller  Voice Mail, Auto-Attendant  Application Server  Conference Server  IP Recorder  Billing server  Universal SIP/H.323 Signal Converter 35
    • IP PBX  Software PBX  Can be installed on standard hardware from PC to Unix-server  Additional hardware required connection to POTS (FXO/FXS) or ISDN  Embedded appliances available  Asterisk popular open source software, another is sipX Linux distributions: Trixbox, AstLinux, AsteriskNOW used as basis for embedded appliances used by leading VoIP providers, e.g. iotum* *) iotum was named “Cool Vendor” in Enterprise Communications by Gartner in 2007 http://www.asterisk.org 36
    • Asterisk  Analog cards PCI bus, half or full length 1-8 FXO/FXS interfaces  Digital cards PRI E1/T1, ISDN  Appliance IP-PBX embedded in device with analog interfaces  Developer kits version ITSPs, OEMs, resellers, and integrators 37
    • IP-PBX  Software PBX embedded in robust hardware mostly based on Asterisk configurable via web browser  Primary rate interface 23 (T1) or 30 (E1) channels  Multiple extensions FXS or ISDN 38
    • Application Examples  Integration with PBX  VoIP gateway without PBX  VoIP gateway with PBX connected via FXS  VoIP gateway with PBX connected via FXO  Integration with Network  VoIP gateway as Firewall  VoIP gateway in LAN with private IP address  VoIP gateway in DMZ with private IP address  VoIP gateway in DMZ with public IP address  IP-PBX  SIP only / SIP and Skype 39
    • VoIP Gateway without PBX PSTN Internet FXO VoIP FXS LAN 40
    • VoIP Gateway 41
    • VoIP Gateway with PBX (FXS) PSTN Internet FXO VoIP PBX FXS FXS 42
    • VoIP Gateway with PBX (FXO) PSTN Internet FXO FXO VoIP PBX FXS FXS 43
    • Application Examples  Integration with PBX  VoIP gateway without PBX  VoIP gateway with PBX connected via FXS  VoIP gateway with PBX connected via FXO  Integration with Network  VoIP gateway as Firewall  VoIP gateway in LAN with private IP address  VoIP gateway in DMZ with private IP address  VoIP gateway in DMZ with public IP address  IP-PBX  SIP only / SIP and Skype 44
    • VoIP Gateway in LAN VoIP Provider Internet STUN public IP address NAT FW FW–firewall VoIP LAN–local area LAN network private IP address 45
    • VoIP Gateway in DMZ DMZ–demilitarized zone Internet public IP address VoIP DMZ FW NAT private IP address LAN 46
    • VoIP Gateway with public IP Internet public IP address FW outer firewall VoIP DMZ inner firewall FW private IP address NAT LAN 47
    • Application Examples  Integration with PBX  VoIP gateway without PBX  VoIP gateway with PBX connected via FXS  VoIP gateway with PBX connected via FXO  Integration with Network  VoIP gateway as Firewall  VoIP gateway in LAN with private IP address  VoIP gateway in DMZ with private IP address  VoIP gateway in DMZ with public IP address  IP-PBX  SIP only / SIP and Skype 48
    • IP-PBX PSTN Internet FW FXO FXS LAN analog telephone digital (IP) IP-PBX telephone 49
    • SIP and Skype PSTN Internet VoIP FXO FXS PBX FXS FXS LAN PC, FXS-card, Skype software 50
    • VoIP Scenarios  Transfer call between two VoIP Providers dial via caller’s VoIP provider transfer call to company’s VoIP provider transfer call to company’s internal extension  Transfer incoming call to teleworker teleworker is registered to company’s PBX (no provider) customer calls in via PSTN company’s operator transfers call to teleworker*  Setup multi-location corporate infrastructure headquarter serve as central registrar (no provider) branch offices register to headquarter *) http://en.wikipedia.org/wiki/Teleworker 51
    • Two VoIP Providers VoIP provider A PSTN  Internet VoIP provider B   FXO VoIP PBX Caller FXS FXS   Operator Extension 52
    • Teleworker PSTN Internet Teleworker  Wi-Fi FXO FXO VoIP PBX  Mobile Worker Customer FXS  Operator 53
    • Corporate Infrastructure Factory PSTN Internet   FXO FXO VoIP PBX  Sales Office Customer FXS  54
    • Q&A Thomas Siegers Songfuli Co., Ltd. Taipei, Taiwan 松福禮股份有限公司 http://www.songfuli.com thomas.siegers@songfuli.com http://www.slideshare.net/thomasjs 55