A Cooperative SIP Infrastructure for Highly Reliable
Download
Report
Transcript A Cooperative SIP Infrastructure for Highly Reliable
Overview
Introduction
Properties of server-based SIP networks
Properties of P2P-based SIP networks
Cooperative SIP (CoSIP)
• CoSIP Overview
• Sample Applications
• Implementation
Evaluation:
•
reliability
• security with CoSIP
Summary
INTRODUCTION
Some open issues with VoIP still need to be solved
reliability, security, QoS, SPIT, etc.
Users are used to the nearly 100% reliable PSTN
Properties of Server-based SIP
Networks
Sufficient security mechanisms
• UA authentication
• Integrity and confidentiality
High lookup performance of SIP URI
• O(1) messages
Complex service infrastructure
• SIP proxies, registrars, AAA servers, location database, DNS
server, routers, etc.
Network and service failures may propagate quickly
Server infrastructures are vulnerable to DoS attacks.
Properties of P2P-SIP Networks
Self-organization
Recoverability from local failures
Robustness against DoS attacks
P2P network can also survive under difficult conditions
Scalability
Lookup performance of the Contact URI in a DHT in the avg case:
O( log ( N ) ) messages; N is the number of peers
Several security issues can not be solved in pure P2P network
Attacks on the routing of lookup requests
Attacks on the content of the P2P network
Sybil attacks, partitioning attacks, etc.
Open P2P-SIP networks are an invitation for SPIT!
Cooperative SIP (CoSIP)
Overview
Design a hybrid architecture that benefits from the
advantages of both server-based and P2P-based SIP
networks
SIP User Agents organize themselves into a P2P network
SIP infrastructure and SIP User Agents cooperate in order
to provide the best service
Cooperative SIP architecture: CoSIP
Improve reliability, survivability, security and lookup
performance
CoSIP Sample Application
Large enterprise/ academic SIP networks with e.g. 20-30 k-users
CoSIP can be used to bridge
network and service failures
maintenance downtimes
SIP Infrastructure
CoSIP-enabled SIP Network
EVALUATION OF CoSIP
Improving reliability with CoSIP
P2P network provide high reliability and self-organization
Local failures can be recovered automatically by neighboring peers
Data is replicated on a set of nodes (replica set)
Even large failures affect only a part of the network
In the ideal case (uncorrelated failures), the probability of a service failure with CoSIP
would be:
Failure CoSIP = Failure Server Failure DHT
replicanodes
node
CoSIP provides even better reliability and survivability than
P2P-SIP networks
server-based SIP networks
EVALUATION
Improving security with CoSIP
Managing security in large P2P-SIP networks is not possible without
central severs
However, PKI / CA is not enough
A CA is not able to detect an attack in the P2P network and shut down
the attacker
A security solution for P2PSIP requires
•
more SIP specific knowledge
knowledge about the P2P network
CoSIP servers can provide Identity Management for the P2P-SIP
network
CoSIP servers can make sure that peers in the P2P-SIP network behave
well
SUMMARY
CoSIP provides a low-cost solution for significantly improving
the reliability of SIP networks
Implementation
CoSIP as an external proxy application
compatible to existing SIP
networks
Cooperative (server + DHT) as well as DHT-only mode possible
CoSIP is a hybrid architecture which provides better reliability,
survivability, security and performance simultaneously
FUTURE WORK
Integration of security mechanisms to CoSIP
Improve security of
P2P-SIP
CoSIP is still a single domain concept
Peering of several domains
with CoSIP
Improving geometry and routing in the DHT for higher connectivity in
case of network failures