Efficient Telecommunication Infrastructure
         with Internet Telephony (VoIP)




 Thomas Siegers                   3...
Information


                                Hosted by:
    American Chamber of Commerce Taiwan
     Communications Techn...
Agenda

 Introduction             Hardware
 Basics of telephony      Service providers
 and networking           Int...
Hype Cycle




www.gartner.com –2006
                                     4
Introduction
 Internet Telephony
  VoIP – Voice over IP (IP – Internet Protocol)
 Pro: more economic
  no telephone char...
Return of Investment
Accumulated cost over
6 months                  140   NTD

60 min calls per day to   120
Germany,
20 ...
How does it work?


                      Network
 Computer
                                       Telephone adapter
 + so...
Telephony
 PSTN
  Public Switched Telephone Network
 POTS
  Plain Old Telephone Service
 ISDN
  Integrated Services Dig...
PSTN

   PSTN–Public Switched Telephone Network
   Circuit-Switching

                                    TX
             ...
PBX

       PBX = PABX–Private Automatic Branch Exchange

                                             Extensions
        ...
Network

                   Packet-Switching


Clients                                   R       Server
               R  ...
Layer Concept


     Message
               SENDER

  Delivery            tere
                           d
              ...
Protocol Stack
       ISO/OSI*                   Internet                 Examples

 7     Application                Appl...
TCP/IP Packet

  TCP-packet          header                 data


                source port           application data
...
Request – Response


                          Request
                     Source 10.0.0.100:1234       Server
   Client ...
Network Address Translation
 NAT, IP masquerading
 Address shortage of IP ver. 4
   32 bit => 4 G ~ 4 billion addresses
...
Peer-to-Peer Communication
 Peer-to-Peer (P2P)
  VoIP, file sharing, instant messaging
 VoIP Protocols
  two protocols i...
UDP Hole Punching




Before       Process         After




                                     18
UDP Hole Punching Process




                            19
Firewall Application Filter




                              20
Skype
 Peer-to-peer Internet telephony (VoIP) network
 Software is free, but not open source
 Proprietary protocol, tra...
Getting Granular on Skype
 2004 – Columbia University, New York, USA
  An Analysis of the Skype Peer-to-Peer Internet Tel...
Problems with Skype
From a network security administrator point of view
 Almost everything is obfuscated
 Peer to peer a...
Conclusion
Good points
 Skype was made by clever people
 Good use of cryptography

Bad points
 Hard to enforce a securi...
SIP Protocol
 SIP – session initiation protocol
   - application layer protocol used for Internet telephone calls,
     m...
VoIP Provider
SIP – open protocol => everyone can offer services for it
 VoIP provider is connected to both Internet and ...
VoIP Services


     PSTN                                              Internet
                                  IP Telep...
VoIP Hardware
SIP – open protocol => everyone can build devices for it
 Router
 Analog Telephony Adapter (ATA)
 SIP-Pho...
Router
   ADSL Internet access
   VoIP (SIP)
   FXS, (FXO)
   Packet filter
   VPN (virtual private network)
   WLAN...
Analog Telephony Adapter
            ATA
             connects standard analog
             telephones to a VoIP network
...
SIP-Phone
     Connected to LAN
      or directly to the Internet
     Bridge to PC
      to share network cable




   ...
Wireless Phone
       Wireless USB phones
       USB Bluetooth phones
       Wi-Fi phones




                         ...
USB-Devices
      Headsets
      USP-Phones
      Wireless USB-Phones




                             33
Integrated Systems
         Multiple analog ports
          FXS, FXO
         PBX
         Firewall
         VPN-gatew...
Large System
     Used by VoIP Providers
      SIP Proxy Server
      T1/E1 Gateway
      RTP Resource Server
      Se...
IP PBX
 Software PBX
 Can be installed on standard hardware
  from PC to Unix-server
 Additional hardware required
  co...
Asterisk
    Analog cards
     PCI bus, half or full length
     1-8 FXO/FXS interfaces
    Digital cards
     PRI E1/T1...
IP-PBX
   Software PBX
    embedded in robust hardware
    mostly based on Asterisk
    configurable via web browser
   ...
Application Examples
 Integration with PBX
     VoIP gateway without PBX
     VoIP gateway with PBX connected via FXS
 ...
VoIP Gateway without PBX

PSTN                  Internet




       FXO
       VoIP

       FXS

              LAN




   ...
VoIP Gateway




               41
VoIP Gateway with PBX (FXS)

PSTN                          Internet




           FXO
                     VoIP
         ...
VoIP Gateway with PBX (FXO)

PSTN                          Internet




          FXO     FXO
                    VoIP
   ...
Application Examples
 Integration with PBX
     VoIP gateway without PBX
     VoIP gateway with PBX connected via FXS
 ...
VoIP Gateway in LAN
                       VoIP
                     Provider            Internet
                      ST...
VoIP Gateway in DMZ

   DMZ–demilitarized zone
                                                Internet



               ...
VoIP Gateway with public IP

                                                Internet

           public IP address



   ...
Application Examples
 Integration with PBX
     VoIP gateway without PBX
     VoIP gateway with PBX connected via FXS
 ...
IP-PBX

     PSTN                            Internet




                             FW
            FXO


            FX...
SIP and Skype

PSTN                                        Internet




                                  VoIP
         FX...
VoIP Scenarios
 Transfer call between two VoIP Providers
  dial via caller’s VoIP provider
  transfer call to company’s V...
Two VoIP Providers

            VoIP provider A
PSTN                                       Internet
                     ...
Teleworker

    PSTN                                             Internet
                                  Teleworker   ...
Corporate Infrastructure
                           Factory

    PSTN                                 Internet


         ...
Q&A

        Thomas Siegers
        Songfuli Co., Ltd.
         Taipei, Taiwan
       松福禮股份有限公司

       http://www.songful...
Upcoming SlideShare
Loading in …5
×

Efficient Telecommunication Infrastructure with Internet Telephony (VoIP)

4,491 views

Published on

Get to know what Voice over IP is, how it works and to use it.

Published in: Technology, Business
1 Comment
3 Likes
Statistics
Notes
No Downloads
Views
Total views
4,491
On SlideShare
0
From Embeds
0
Number of Embeds
17
Actions
Shares
0
Downloads
247
Comments
1
Likes
3
Embeds 0
No embeds

No notes for slide

Efficient Telecommunication Infrastructure with Internet Telephony (VoIP)

  1. 1. Efficient Telecommunication Infrastructure with Internet Telephony (VoIP) Thomas Siegers 3 July 2007 Songfuli Co., Ltd. 1
  2. 2. Information Hosted by: American Chamber of Commerce Taiwan Communications Technology Workshop This presentation is publicly available at: http://www.slideshare.net/thomasjs This presentation is published under the Creative Commons Attribution Share Alike License. For more information, see http://creativecommons.org/about/licenses/ 2
  3. 3. Agenda  Introduction  Hardware  Basics of telephony  Service providers  and networking  Integration into network and telephone system  Skype  Scenarios and examples  SIP protocol 2 hours 30 minutes 3
  4. 4. Hype Cycle www.gartner.com –2006 4
  5. 5. Introduction  Internet Telephony VoIP – Voice over IP (IP – Internet Protocol)  Pro: more economic no telephone charge for computer-to-computer calls* charge of local call for computer-to-telephone call *) except of charge for network access  Con: more complicated and less reliable relies on electric power emergency calls cannot be mapped to location network: connection interruptions, packet loss security: easier to trace calls over the Internet configuration: firewall traversal 5
  6. 6. Return of Investment Accumulated cost over 6 months 140 NTD 60 min calls per day to 120 Germany, 20 days per month 100 CHT 16 NTD/min VoIP 80 CHT 1 €¢/min VoIP 60 Investment for VoIP 40 100,000 NTD ROI after 5 months, 20 months after that savings of 0 >18,500 NTD/month 1 2 3 4 5 6 6
  7. 7. How does it work? Network Computer Telephone adapter + sound card + analog telephone + headset + software Computer Network transports Telephone adapter converts voice digital signals as converts digital into digital data packets. signals into voice. signals. 7
  8. 8. Telephony  PSTN Public Switched Telephone Network  POTS Plain Old Telephone Service  ISDN Integrated Services Digital Network  PBX Private Branch Exchange  FXO Foreign Exchange Office  FXS Foreign Exchange Station 8
  9. 9. PSTN PSTN–Public Switched Telephone Network Circuit-Switching TX TX TX TX TX TX TX TX TX TX TX TX - Telephone Exchange 9
  10. 10. PBX PBX = PABX–Private Automatic Branch Exchange Extensions Trunk PSTN FXO FXS FXO–goes on-hock and off-hook FXS–provides power, ring signal, dial tone 10
  11. 11. Network Packet-Switching Clients R Server R R R R R R R R R R R–Router 11
  12. 12. Layer Concept Message SENDER Delivery tere d Regis Address Service Transport Network 12
  13. 13. Protocol Stack ISO/OSI* Internet Examples 7 Application Application www : HTTP, FTP, DNS 6 Presentation mail : SMTP, POP, IMAP 5 Session p2p : SIP, eD2k, XMPP 4 Transport Transport TCP, UDP, NetBEUI, WAP 3 Network Internet IP, IGMP, ICMP, IPsec, ARP 2 Data Link Network PPP, L2TP, GPRS, ATM, FR Access** 1 Physical Ethernet, USB, Wi-Fi, ISDN *) ISO –International Organization for Standardization, OSI –Open Systems Interconnection **) original TCP/IP model, recently 5-layer model with data link and physical layer 13
  14. 14. TCP/IP Packet TCP-packet header data source port application data destination port (HTTP, FTP, SMPT) IP-packet header data source address TCP-packet destination address 14
  15. 15. Request – Response Request Source 10.0.0.100:1234 Server Client Destin. 203.66.88.89:80 HTTP Source 203.66.88.89:80 Destin. 10.0.0.100:1234 IP-address: IP-address: 10.0.0.100 Response 203.66.88.89 TCP-port: >1024 TCP-port: 80 15
  16. 16. Network Address Translation  NAT, IP masquerading  Address shortage of IP ver. 4 32 bit => 4 G ~ 4 billion addresses  Address ranges only for private use class A : 10.x.x.x, class B : 172.16.x.x – 172.31.x.x, class C : 192.168.x.x  Internet gateway (firewall) translates between private and public addresses.  Firewall rules: Internet request LAN  Internet : allow response Internet  LAN : allow request Internet  LAN : deny  Internet can only connect to the LAN, NAT when the LAN had sent a request before. LAN 16
  17. 17. Peer-to-Peer Communication  Peer-to-Peer (P2P) VoIP, file sharing, instant messaging  VoIP Protocols two protocols involved: SIP and RTP SIP - session initiation protocol: signalling, UDP port 5060 RTP - real-time transport protocol: voice communication, UDP port range 10000-20000  NAT Traversal - different kinds of NAT: symmetric, asymmetric - UDP hole punching - STUN - Simple Traversal of UDP through NATs necessary when both clients are behind NAT doesn’t work with symmetric NAT 17
  18. 18. UDP Hole Punching Before Process After 18
  19. 19. UDP Hole Punching Process 19
  20. 20. Firewall Application Filter 20
  21. 21. Skype  Peer-to-peer Internet telephony (VoIP) network  Software is free, but not open source  Proprietary protocol, traffic encrypted  Founded by the founders of the file sharing application Kazaa  Acquired by eBay in October 2005  Easy to deploy even behind firewall and NAT  Heavy use of network bandwidth and other resources  Difficult to integrate into organization’s security strategy 21
  22. 22. Getting Granular on Skype  2004 – Columbia University, New York, USA An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol http://www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf Analysis of network structure and traffic  2006 - EADS Corporate Research Center, France Silver Needle in the Skype http://www.secdev.org/conf/skype_BHEU06.handout.pdf Developers of Skype made immense effort to prevent reverse engineering, i.e. getting an inside view. The Skype client detects, when it is running within a debugger and then changes its behavior. Parts of its code are ciphered and will be decrypted during runtime. 22
  23. 23. Problems with Skype From a network security administrator point of view  Almost everything is obfuscated  Peer to peer architecture  Traffic even when the software is not used From a system security administrator point of view  Many protections, anti-debugging tricks, ciphered code  A product that works well for free from a company not involved on Open Source ?! The Chief Security Officer point of view  Is Skype a backdoor ?  Can I distinguish Skype’s traffic from real data exfiltration ?  Is Skype a risky program for my sensitive business ? 23
  24. 24. Conclusion Good points  Skype was made by clever people  Good use of cryptography Bad points  Hard to enforce a security policy with Skype  Jams traffic, can’t be distinguished from data exfiltration  Incompatible with traffic monitoring, IDS  Impossible to protect from attacks (which would be obfuscated)  Total blackbox. Lack of transparency. No way to know if there is/will be a backdoor  Fully trusts anyone who speaks Skype. 24
  25. 25. SIP Protocol  SIP – session initiation protocol - application layer protocol used for Internet telephone calls, multimedia distribution, and multimedia conferences - standardized by the Internet Engineering Task Force (IETF) - open specification: RFC 3261 (like all Internet standards)  SIP - The De-facto VoIP Standard http://en.wikipedia.org/wiki/SIP_Telephony#SIP_-_The_De-facto__VoIP_Standard  SIP – signalling, UDP port 5060 RTP – real-time transport protocol voice communication, UDP port range 10000-20000  Codec – audio data compression algorithm for voice G.729a – 8kbps, G.711 – 64kbps, G.723 obsolete, superseded by G.726 – 16-40kbps 25
  26. 26. VoIP Provider SIP – open protocol => everyone can offer services for it  VoIP provider is connected to both Internet and PSTN.  Over 2000 SIP VoIP providers Dialing between providers e.g. FreeWorldDialup no. 740218 => *393 740218 http://www.sipbroker.com/sipbroker/action/providerWhitePages  Advanced Features - monthly rate, flat rate - unlimited local and distance calling - voicemail, call forwarding, caller ID - dial-in number with home area code - direct inward dialing (DID) - fax receipt with e-mail notification 26
  27. 27. VoIP Services PSTN Internet IP Telephone   VoIP Provider Gateway  Computer, Analog Telephone Soft Phone & Headset 1) VoIP call–free 2) dial-out–charged 3) dial-in–charged 27
  28. 28. VoIP Hardware SIP – open protocol => everyone can build devices for it  Router  Analog Telephony Adapter (ATA)  SIP-Phone  Wireless Phone  USB-Devices  Integrated Systems  Large Systems  Hardware bundled by VoIP providers http://www.voipbuster.com/en/hardware.html http://www.sipgate.de/voipshop 28
  29. 29. Router  ADSL Internet access  VoIP (SIP)  FXS, (FXO)  Packet filter  VPN (virtual private network)  WLAN (wireless LAN) 29
  30. 30. Analog Telephony Adapter  ATA connects standard analog telephones to a VoIP network 30
  31. 31. SIP-Phone  Connected to LAN or directly to the Internet  Bridge to PC to share network cable 31
  32. 32. Wireless Phone  Wireless USB phones  USB Bluetooth phones  Wi-Fi phones 32
  33. 33. USB-Devices  Headsets  USP-Phones  Wireless USB-Phones 33
  34. 34. Integrated Systems  Multiple analog ports FXS, FXO  PBX  Firewall  VPN-gateway  WLAN  ISDN 34
  35. 35. Large System Used by VoIP Providers  SIP Proxy Server  T1/E1 Gateway  RTP Resource Server  Session Border Controller  Voice Mail, Auto-Attendant  Application Server  Conference Server  IP Recorder  Billing server  Universal SIP/H.323 Signal Converter 35
  36. 36. IP PBX  Software PBX  Can be installed on standard hardware from PC to Unix-server  Additional hardware required connection to POTS (FXO/FXS) or ISDN  Embedded appliances available  Asterisk popular open source software, another is sipX Linux distributions: Trixbox, AstLinux, AsteriskNOW used as basis for embedded appliances used by leading VoIP providers, e.g. iotum* *) iotum was named “Cool Vendor” in Enterprise Communications by Gartner in 2007 http://www.asterisk.org 36
  37. 37. Asterisk  Analog cards PCI bus, half or full length 1-8 FXO/FXS interfaces  Digital cards PRI E1/T1, ISDN  Appliance IP-PBX embedded in device with analog interfaces  Developer kits version ITSPs, OEMs, resellers, and integrators 37
  38. 38. IP-PBX  Software PBX embedded in robust hardware mostly based on Asterisk configurable via web browser  Primary rate interface 23 (T1) or 30 (E1) channels  Multiple extensions FXS or ISDN 38
  39. 39. Application Examples  Integration with PBX  VoIP gateway without PBX  VoIP gateway with PBX connected via FXS  VoIP gateway with PBX connected via FXO  Integration with Network  VoIP gateway as Firewall  VoIP gateway in LAN with private IP address  VoIP gateway in DMZ with private IP address  VoIP gateway in DMZ with public IP address  IP-PBX  SIP only / SIP and Skype 39
  40. 40. VoIP Gateway without PBX PSTN Internet FXO VoIP FXS LAN 40
  41. 41. VoIP Gateway 41
  42. 42. VoIP Gateway with PBX (FXS) PSTN Internet FXO VoIP PBX FXS FXS 42
  43. 43. VoIP Gateway with PBX (FXO) PSTN Internet FXO FXO VoIP PBX FXS FXS 43
  44. 44. Application Examples  Integration with PBX  VoIP gateway without PBX  VoIP gateway with PBX connected via FXS  VoIP gateway with PBX connected via FXO  Integration with Network  VoIP gateway as Firewall  VoIP gateway in LAN with private IP address  VoIP gateway in DMZ with private IP address  VoIP gateway in DMZ with public IP address  IP-PBX  SIP only / SIP and Skype 44
  45. 45. VoIP Gateway in LAN VoIP Provider Internet STUN public IP address NAT FW FW–firewall VoIP LAN–local area LAN network private IP address 45
  46. 46. VoIP Gateway in DMZ DMZ–demilitarized zone Internet public IP address VoIP DMZ FW NAT private IP address LAN 46
  47. 47. VoIP Gateway with public IP Internet public IP address FW outer firewall VoIP DMZ inner firewall FW private IP address NAT LAN 47
  48. 48. Application Examples  Integration with PBX  VoIP gateway without PBX  VoIP gateway with PBX connected via FXS  VoIP gateway with PBX connected via FXO  Integration with Network  VoIP gateway as Firewall  VoIP gateway in LAN with private IP address  VoIP gateway in DMZ with private IP address  VoIP gateway in DMZ with public IP address  IP-PBX  SIP only / SIP and Skype 48
  49. 49. IP-PBX PSTN Internet FW FXO FXS LAN analog telephone digital (IP) IP-PBX telephone 49
  50. 50. SIP and Skype PSTN Internet VoIP FXO FXS PBX FXS FXS LAN PC, FXS-card, Skype software 50
  51. 51. VoIP Scenarios  Transfer call between two VoIP Providers dial via caller’s VoIP provider transfer call to company’s VoIP provider transfer call to company’s internal extension  Transfer incoming call to teleworker teleworker is registered to company’s PBX (no provider) customer calls in via PSTN company’s operator transfers call to teleworker*  Setup multi-location corporate infrastructure headquarter serve as central registrar (no provider) branch offices register to headquarter *) http://en.wikipedia.org/wiki/Teleworker 51
  52. 52. Two VoIP Providers VoIP provider A PSTN  Internet VoIP provider B   FXO VoIP PBX Caller FXS FXS   Operator Extension 52
  53. 53. Teleworker PSTN Internet Teleworker  Wi-Fi FXO FXO VoIP PBX  Mobile Worker Customer FXS  Operator 53
  54. 54. Corporate Infrastructure Factory PSTN Internet   FXO FXO VoIP PBX  Sales Office Customer FXS  54
  55. 55. Q&A Thomas Siegers Songfuli Co., Ltd. Taipei, Taiwan 松福禮股份有限公司 http://www.songfuli.com thomas.siegers@songfuli.com http://www.slideshare.net/thomasjs 55

×