CertMagic.com is a place where you can find various types of TT0-101 exam certifications preparation material. CertMagic’s full range of study material for the TT0-101 exam helps you to be prepared for the TT0-101 exam full (more)
CertMagic.com is a place where you can find various types of TT0-101 exam certifications preparation material. CertMagic’s full range of study material for the TT0-101 exam helps you to be prepared for the TT0-101 exam fully and enter the exam centre with full confidence.We provide you easy, simple and updated study material. After preparing from the TT0-101 exam material prepared by us we guarantee you that you will be a certified professional. We guarantee that with CertMagic TT0-101 study material, you will pass the Certification exam.
(less)
Troytec.com is a place where you can find various types of TT0-101 exam certifications preparation material. Troytec’s full range of study material for the TT0-101 exam helps you to be prepared for the TT0-101 exam fully and enter the exam centre (more)
Troytec.com is a place where you can find various types of TT0-101 exam certifications preparation material. Troytec’s full range of study material for the TT0-101 exam helps you to be prepared for the TT0-101 exam fully and enter the exam centre with full confidence.We provide you easy, simple and updated study material. After preparing from the TT0-101 exam material prepared by us we guarantee you that you will be a certified professional. We guarantee that with Troytec TT0-101 study material, you will pass the Certification exam. (less)
Slide 1: Efficient Telecommunication Infrastructure with Internet Telephony (VoIP)
Thomas Siegers Songfuli Co., Ltd.
3 July 2007
1
Slide 2: Information
Hosted by: American Chamber of Commerce Taiwan Communications Technology Workshop
This presentation is publicly available at: http://www.slideshare.net/thomasjs
This presentation is published under the Creative Commons Attribution Share Alike License. For more information, see http://creativecommons.org/about/licenses/
2
Slide 3: Agenda
Introduction Basics of telephony and networking Skype SIP protocol Hardware Service providers Integration into network and telephone system Scenarios and examples
2 hours 30 minutes
3
Slide 4: Hype Cycle
www.gartner.com –2006
4
Slide 5: Introduction
Internet Telephony VoIP – Voice over IP (IP – Internet Protocol) Pro: more economic no telephone charge for computer-to-computer calls* charge of local call for computer-to-telephone call *) except of charge for network access Con: more complicated and less reliable relies on electric power emergency calls cannot be mapped to location network: connection interruptions, packet loss security: easier to trace calls over the Internet configuration: firewall traversal
5
Slide 6: Return of Investment
Accumulated cost over 6 months 60 min calls per day to Germany, 20 days per month CHT 16 NTD/min VoIP 1 €¢/min Investment for VoIP 100,000 NTD ROI after 5 months, after that savings of >18,500 NTD/month
140 120 100 80 60 40 20 0 1 2 3 4 5 6
NTD
CHT VoIP
months
6
Slide 7: How does it work?
Network Computer + sound card + headset + software Computer converts voice into digital signals. Network transports digital signals as data packets. Telephone adapter + analog telephone
Telephone adapter converts digital signals into voice.
7
Slide 8: Telephony
PSTN Public Switched Telephone Network POTS Plain Old Telephone Service ISDN Integrated Services Digital Network PBX Private Branch Exchange FXO Foreign Exchange Office FXS Foreign Exchange Station
8
Slide 9: PSTN
PSTN–Public Switched Telephone Network Circuit-Switching TX TX TX TX TX TX TX TX
TX TX
TX
TX - Telephone Exchange
9
Slide 10: PBX
PBX = PABX–Private Automatic Branch Exchange Extensions
Trunk
PSTN
FXO
FXS
FXO–goes on-hock and off-hook FXS–provides power, ring signal, dial tone
10
Slide 11: Network
Packet-Switching Clients R R R R
R R R
R R R
Server
R R–Router
11
Slide 12: Layer Concept
Message
SENDER
Delivery
d tere egis R
Address
Service Transport Network
12
Slide 13: Protocol Stack
ISO/OSI* 7 6 5 4 3 2 1 Application Presentation Session Transport Network Data Link Physical Transport Internet Network Access** Internet Application Examples www : HTTP, FTP, DNS mail : SMTP, POP, IMAP p2p : SIP, eD2k, XMPP TCP, UDP, NetBEUI, WAP IP, IGMP, ICMP, IPsec, ARP PPP, L2TP, GPRS, ATM, FR Ethernet, USB, Wi-Fi, ISDN
*) ISO –International Organization for Standardization, OSI –Open Systems Interconnection **) original TCP/IP model, recently 5-layer model with data link and physical layer
13
Slide 14: TCP/IP Packet
TCP-packet header data
source port destination port IP-packet header
application data (HTTP, FTP, SMPT)
data
source address destination address
TCP-packet
14
Slide 15: Request – Response
Request
Client
Source 10.0.0.100:1234 Destin. 203.66.88.89:80
Server
HTTP
IP-address: 10.0.0.100 TCP-port: >1024
Source 203.66.88.89:80 Destin. 10.0.0.100:1234
Response
IP-address: 203.66.88.89 TCP-port: 80
15
Slide 16: Network Address Translation
NAT, IP masquerading Address shortage of IP ver. 4
32 bit => 4 G ~ 4 billion addresses
Address ranges only for private use
class A : 10.x.x.x, class B : 172.16.x.x – 172.31.x.x, class C : 192.168.x.x
Internet gateway (firewall) translates between private and public addresses. Firewall rules:
request LAN Internet : allow response Internet LAN : allow request Internet LAN : deny
Internet
Internet can only connect to the LAN, when the LAN had sent a request before.
NAT
LAN
16
Slide 17: Peer-to-Peer Communication
Peer-to-Peer (P2P) VoIP, file sharing, instant messaging VoIP Protocols two protocols involved: SIP and RTP SIP - session initiation protocol: signalling, UDP port 5060 RTP - real-time transport protocol: voice communication, UDP port range 10000-20000 NAT Traversal - different kinds of NAT: symmetric, asymmetric - UDP hole punching - STUN - Simple Traversal of UDP through NATs necessary when both clients are behind NAT doesn’t work with symmetric NAT
17
Slide 18: UDP Hole Punching
Before
Process
After
18
Slide 19: UDP Hole Punching Process
19
Slide 20: Firewall Application Filter
20
Slide 21: Skype
Peer-to-peer Internet telephony (VoIP) network Software is free, but not open source Proprietary protocol, traffic encrypted Founded by the founders of the file sharing application Kazaa Acquired by eBay in October 2005 Easy to deploy even behind firewall and NAT Heavy use of network bandwidth and other resources Difficult to integrate into organization’s security strategy
21
Slide 22: Getting Granular on Skype
2004 – Columbia University, New York, USA An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol
http://www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf
Analysis of network structure and traffic 2006 - EADS Corporate Research Center, France Silver Needle in the Skype
http://www.secdev.org/conf/skype_BHEU06.handout.pdf
Developers of Skype made immense effort to prevent reverse engineering, i.e. getting an inside view. The Skype client detects, when it is running within a debugger and then changes its behavior. Parts of its code are ciphered and will be decrypted during runtime.
22
Slide 23: Problems with Skype
From a network security administrator point of view
Almost everything is obfuscated Peer to peer architecture Traffic even when the software is not used
From a system security administrator point of view
Many protections, anti-debugging tricks, ciphered code A product that works well for free from a company not involved on Open Source ?!
The Chief Security Officer point of view
Is Skype a backdoor ? Can I distinguish Skype’s traffic from real data exfiltration ? Is Skype a risky program for my sensitive business ?
23
Slide 24: Conclusion
Good points
Skype was made by clever people Good use of cryptography
Bad points
Hard to enforce a security policy with Skype Jams traffic, can’t be distinguished from data exfiltration Incompatible with traffic monitoring, IDS Impossible to protect from attacks (which would be obfuscated) Total blackbox. Lack of transparency. No way to know if there is/will be a backdoor Fully trusts anyone who speaks Skype.
24
Slide 25: SIP Protocol
SIP – session initiation protocol
- application layer protocol used for Internet telephone calls, multimedia distribution, and multimedia conferences - standardized by the Internet Engineering Task Force (IETF) - open specification: RFC 3261 (like all Internet standards)
SIP - The De-facto VoIP Standard
http://en.wikipedia.org/wiki/SIP_Telephony#SIP_-_The_De-facto__VoIP_Standard
SIP – signalling, UDP port 5060 RTP – real-time transport protocol voice communication, UDP port range 10000-20000 Codec – audio data compression algorithm for voice G.729a – 8kbps, G.711 – 64kbps, G.723 obsolete, superseded by G.726 – 16-40kbps
25
Slide 26: VoIP Provider
SIP – open protocol => everyone can offer services for it VoIP provider is connected to both Internet and PSTN. Over 2000 SIP VoIP providers Dialing between providers e.g. FreeWorldDialup no. 740218 => *393 740218
http://www.sipbroker.com/sipbroker/action/providerWhitePages
Advanced Features - monthly rate, flat rate - unlimited local and distance calling - voicemail, call forwarding, caller ID - dial-in number with home area code - direct inward dialing (DID) - fax receipt with e-mail notification
26
Slide 27: VoIP Services
PSTN
IP Telephone
Internet
VoIP Provider Gateway
Analog Telephone
1) VoIP call–free 2) dial-out–charged 3) dial-in–charged
Computer, Soft Phone & Headset
27
Slide 28: VoIP Hardware
SIP – open protocol => everyone can build devices for it Router Analog Telephony Adapter (ATA) SIP-Phone Wireless Phone USB-Devices Integrated Systems Large Systems Hardware bundled by VoIP providers
http://www.voipbuster.com/en/hardware.html http://www.sipgate.de/voipshop
28
Slide 29: Router
ADSL Internet access VoIP (SIP) FXS, (FXO) Packet filter VPN (virtual private network) WLAN (wireless LAN)
29
Slide 30: Analog Telephony Adapter
ATA connects standard analog telephones to a VoIP network
30
Slide 31: SIP-Phone
Connected to LAN or directly to the Internet Bridge to PC to share network cable
31
Slide 32: Wireless Phone
Wireless USB phones USB Bluetooth phones Wi-Fi phones
32
Slide 33: USB-Devices
Headsets USP-Phones Wireless USB-Phones
33
Slide 34: Integrated Systems
Multiple analog ports FXS, FXO PBX Firewall VPN-gateway WLAN ISDN
34
Slide 35: Large System
Used by VoIP Providers SIP Proxy Server T1/E1 Gateway RTP Resource Server Session Border Controller Voice Mail, Auto-Attendant Application Server Conference Server IP Recorder Billing server Universal SIP/H.323 Signal Converter
35
Slide 36: IP PBX
Software PBX Can be installed on standard hardware from PC to Unix-server Additional hardware required connection to POTS (FXO/FXS) or ISDN Embedded appliances available Asterisk popular open source software, another is sipX Linux distributions: Trixbox, AstLinux, AsteriskNOW used as basis for embedded appliances used by leading VoIP providers, e.g. iotum*
*) iotum was named “Cool Vendor” in Enterprise Communications by Gartner in 2007 http://www.asterisk.org
36
Slide 37: Asterisk
Analog cards PCI bus, half or full length 1-8 FXO/FXS interfaces Digital cards PRI E1/T1, ISDN Appliance IP-PBX embedded in device with analog interfaces Developer kits version ITSPs, OEMs, resellers, and integrators
37
Slide 38: IP-PBX
Software PBX embedded in robust hardware mostly based on Asterisk configurable via web browser Primary rate interface 23 (T1) or 30 (E1) channels Multiple extensions FXS or ISDN
38
Slide 39: Application Examples
Integration with PBX
VoIP gateway without PBX VoIP gateway with PBX connected via FXS VoIP gateway with PBX connected via FXO
Integration with Network
VoIP gateway as Firewall VoIP gateway in LAN with private IP address VoIP gateway in DMZ with private IP address VoIP gateway in DMZ with public IP address
IP-PBX
SIP only / SIP and Skype
39
Slide 40: VoIP Gateway without PBX
PSTN Internet
FXO
VoIP
FXS
LAN
40
Slide 41: VoIP Gateway
41
Slide 42: VoIP Gateway with PBX (FXS)
PSTN Internet
FXO
VoIP PBX
FXS FXS
42
Slide 43: VoIP Gateway with PBX (FXO)
PSTN Internet
FXO
FXO
VoIP PBX
FXS FXS
43
Slide 44: Application Examples
Integration with PBX
VoIP gateway without PBX VoIP gateway with PBX connected via FXS VoIP gateway with PBX connected via FXO
Integration with Network
VoIP gateway as Firewall VoIP gateway in LAN with private IP address VoIP gateway in DMZ with private IP address VoIP gateway in DMZ with public IP address
IP-PBX
SIP only / SIP and Skype
44
Slide 45: VoIP Gateway in LAN
VoIP Provider STUN
public IP address
Internet
NAT VoIP
private IP address
FW
FW–firewall
LAN
LAN–local area network
45
Slide 46: VoIP Gateway in DMZ
DMZ–demilitarized zone Internet
public IP address
VoIP
DMZ NAT
FW
private IP address
LAN
46
Slide 47: VoIP Gateway with public IP
Internet
public IP address
FW VoIP DMZ
private IP address
outer firewall inner firewall NAT
FW
LAN
47
Slide 48: Application Examples
Integration with PBX
VoIP gateway without PBX VoIP gateway with PBX connected via FXS VoIP gateway with PBX connected via FXO
Integration with Network
VoIP gateway as Firewall VoIP gateway in LAN with private IP address VoIP gateway in DMZ with private IP address VoIP gateway in DMZ with public IP address
IP-PBX
SIP only / SIP and Skype
48
Slide 49: IP-PBX
PSTN Internet
FW
FXO
FXS analog telephone
LAN IP-PBX
digital (IP) telephone
49
Slide 50: SIP and Skype
PSTN Internet
FXO
VoIP
FXS
PBX
FXS
FXS
LAN
PC, FXS-card, Skype software
50
Slide 51: VoIP Scenarios
Transfer call between two VoIP Providers dial via caller’s VoIP provider transfer call to company’s VoIP provider transfer call to company’s internal extension Transfer incoming call to teleworker teleworker is registered to company’s PBX (no provider) customer calls in via PSTN company’s operator transfers call to teleworker* Setup multi-location corporate infrastructure headquarter serve as central registrar (no provider) branch offices register to headquarter
*) http://en.wikipedia.org/wiki/Teleworker
51
Slide 52: Two VoIP Providers
PSTN VoIP provider A
Internet
FXO
VoIP provider B
VoIP
PBX
FXS
FXS
Caller
Extension
52
Operator
Slide 53: Teleworker
PSTN
Teleworker
Internet
Wi-Fi FXO FXO
VoIP
Customer
PBX
Mobile Worker FXS
Operator
53
Slide 54: Corporate Infrastructure
Factory
PSTN
Internet
FXO FXO
VoIP
Customer
PBX
Sales Office FXS
54
Slide 55: Q&A
Thomas Siegers Songfuli Co., Ltd. Taipei, Taiwan 松福禮股份有限公司 http://www.songfuli.com thomas.siegers@songfuli.com http://www.slideshare.net/thomasjs
55
