Updates on latest versions of Kamailio SIP server and a preview of the 4th Kamailio World Conference, May 18-20, 2016, in Berlin

1. Daniel-Constantin Mierla
Co-Founder Kamailio Project
@miconda
VUC588 - April 8, 2016
project updates

2. (c) asipto.com 2
History
2002 Jun 2005 Jul 2008 Aug 2008 Nov 2008
SIP Express Router (SER)
OpenSER Kamailio
Other Forks...
Same application: Kamailio - SER
Oct 2009 Jan
2010
v3.0.0
Integration
Completed
v1.5.0
Sep
2011
Sep 2001
First
Line
Of
Code
Open
Source
GPL
FhG
Fokus
Institute
Berlin
rename
Awarded
Best Open
Source
Networking
Software
2009
By InfoWorld
10
Years
Jun
2012
v3.3.0
ITSPA
UK
Award
Mar
2013
v4.0.0
Kamailio
v4.1.0
Dec
2013
………. v4.2.0
Oct
2014
Jun
2015
v4.3.0
Mar
2016
v4.4.0

3. Kamailio
overview

4. 4
SIPSIP
multimedia

5. 5
inbound
proxy
outbound
proxy
accounting
proxy

6. ! SIP Signaling Server
" SIP registrar
" handle registrations from devices
" SIP location server
" locate targets - lcr, load balancer, user location service
" SIP proxy server (router)
" routing and re-routing huge volume of SIP traffic
" SIP application server
" rich telephony services
" instant messaging and presence
" integration with third party applications
" integration with web 2.0 and social networking
6

7. ! It is not
" SIP phone
" SIP media server
" SIP back-to-back user agent
! It handles only signaling
X
7

8. Kamailio
typical use cases

9. TWO BASIC ARCHITECTURES
9
main signalling server edge signalling server

10. dispatcher module
• list of balancing nodes from file or database
• monitoring of nodes (activate/inactivate
automatically)
• re-route in case of failure
• various algorithms: hashing, weight distribution, round
robin, call load distribution, priority routing
• reload list of nodes without restart
10
LOAD BALANCER
# Dispatch requests
route[DISPATCH] {
# round robin dispatching on gateways group '1'
if(!ds_select_dst("1",“4")) {
send_reply("404", "No destination");
exit;
}
xdbg("--- SCRIPT: going to <$ru> via <$du>n");
t_on_failure("RTF_DISPATCH");
route(RELAY);
exit;
}
# Re-route in case of failure
failure_route[RTF_DISPATCH] {
if (t_is_canceled()) {
exit;
}
# next node - only for 500 or local timeout
if (t_check_status(“500") || (t_branch_timeout() && !t_branch_replied())) {
if(ds_next_dst()) {
t_on_failure("RTF_DISPATCH");
route(RELAY);
exit;
}
}
}
media servers - gateways - pbxes

11. plenty of options
• lcr module
• carrierroute module
• prefix_route module
• drouting module
• combinations: mtree + dispatcher
LEAST COST OR DID ROUTING
11
route[LCR] {
if (!load_gws("1")) {
send_reply("503", "Error loading gateways");
exit;
}
if (!next_gw()) {
send_reply("503", "No available gateways");
exit;
}
t_on_failure(“RTF_LCR");
route(RELAY);
exit;
}
# Re-route in case of failure
failure_route[RTF_LCR] {
if (t_is_canceled()) {
exit;
}
# next node - only for 500 or local timeout
if (t_check_status(“500") || (t_branch_timeout() && !t_branch_replied())) {
if(next_gw()) {
t_on_failure("RTF_LCR");
route(RELAY);
exit;
}
}
}
pstn
provider
pstn
provider
pstn
provider
lcr DID
routing

12. block DOS or dictionary attacks
part of default kamailio.cfg
• htable module
• pike module
• detect high volume of traffic from same source and
block it for a specific interval of itme
12
SIP FIREWALL
# ip ban htable with autoexpire after 5 minutes
modparam("htable", "htable", “ipban=>size=8;autoexpire=300;")
…
route[SAFEGUARD] {
# flood detection from same IP and traffic ban for a specific interval
# be sure you exclude checking trusted peers, such as pstn gateways
# - local host excluded (e.g., loop to self)
if(src_ip!=myself) {
if($sht(ipban=>$si)!=$null) {
# ip is already blocked
xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)n");
exit;
}
if (!pike_check_req()) {
xlog("ALERT: pike blocking $rm from $fu (IP:$si:$sp)n");
$sht(ipban=>$si) = 1;
exit;
}
}
if($ua =~ "friendly-scanner") {
sl_send_reply("200", "OK");
exit;
}
}

13. core and tm module
• set transport in R-URI or outbound proxy address
• force transport via dedicated function
13
TRANSPORT LAYER GATEWAY
# Force UDP
route[TOUDP] {
# round robin dispatching on gateways group '1'
record_route();
$du = “sip:nexthop.com:5060;transport=udp”;
force_send_socket(“udp:10.1.1.10:5080”);
route(RELAY);
exit;
}
tls
web socket
udp
udp udp
IPv6
bridging networks
• public to private networks and back
• IPv4 to IPv6 and back
• any transport layer to another one and back

14. edge proxy
• authentication
• nat traversal
• parallel forking
• serial forking
• call forwarding
• call blocking
• white/black listing
• DNS handling
14
OFFLOAD SIGNALLING PROCESSING

15. 15
DESIGNED FOR SCALABILITY
forking
replication

16. plenty at signalling layer
• instant messaging
• presence
• gaming
• notifications
16
EXTRA FEATURES
extensibility
• define your new request types
• flexibility in handling unknown requests, headers, etc.
additional functions
• embedded XCAP server
• embedded MSRP relay
• IMS
INVITE
NOTIFY
MESSAGE
TICTACTOE
PUBLISHTURNRIGHT

17. News
Recent Years

18. 18

19. 19
! security
" strong encryption algorithms for tls
" flexibility to work with many certificates at the same time
" dnssec, config file crypto tools
! performance, scalability and redundancy
" full asynchronous processing layer
" event driven api interface (json)
" nosql: redis, memcached, mongodb, cassandra
" distributed message queue between kamailio nodes
" new memory managers
! flexibility
" embedded http client for API interaction
" dynamic memory manager selection
" update of routing parameters without restart
" more event routes
" json sip routing format

20. 20
! enhancements for typical use cases
" webrtc - secure websockets with support for fragmentation
" classic sip to webrtc gateway, including RTP to SRTP
" volte - ims: dozens of extensions
" sms routing handling
" more load balancing algorithms
! call load distribution, relative weight, …
" topology hiding and topology stripping
" user location partitioning and replication
" generic caching replication
" prepaid and call stateful control
" call rating limits
" detecting attacks and blocking them
" IPv6 cleanup

21. The Future
Kamailio 5.0

22. 22
! native configuration with embedded interpreters
" lua, perl, python, .net, …
" ability to reload routing logic
" highly optimized alternative of config with our own routing language
! continuous integration
" unit tests
" automatic builds
" source code restructuring
" review options for a new build system
! api driven processing
" integration with external systems
" keep kamailio as bare sip layer router
! your suggestions are welcome
" …

23. The 4th Kamailio World Conference
May 18-20, 2016
Berlin, Germany
celebrating 15 years of Kamailio development

24. (c) asipto.com 24
www.kamailioworld.com
May 18-20, 2016 - in Berlin, Germany

25. 25
highlights
! Berlin, same nice location in the city center
" half day technical workshops
" two days of conference
! workshops
" IMS tutorial
" continuous integration
" troubleshooting
" alternative: visit to Fraunhofer FOKUS testbeds (to be confirmed very soon)
! conference
" SIP from classic telephony to webrtc and volte
" Kamailio and other open source projects well represented
! Asterisk, FreeSwitch, Sems
" security and scalability
" typical use cases
" experiences from operating large telephony platforms

26. (c) asipto.com 26
www.kamailioworld.com
May 18-20, 2016 - in Berlin, Germany

27. 27
Questions?
Daniel-Constantin Mierla
Co-Founder Kamailio Project
@miconda