16 June 2004
University of Pennsylvania
Welcome to Philadelphia - Steve Blair
Workshop goals and agenda review - Dennis Baron
Talk: SIP.edu in context - Ben Teitelbaum
SIP.edu has progressed from an idea 1.5 years ago to a community
of working implementations together with a cookbook in February
2004. Some of the "religious principles" of the project are that
"connectivity is the key" - Metcalfe's law (value of network
increases by the square of the number of users). Right now we are
merely looking for paths in the snow - don't predict the future
without observing usage. A business model will likely emerge after
we've achieved interconnnection of our users. There is an effort to
reorganize the real time communications space in Internet2 (of which
SIP.edu is one component) in order to create greater architectural
consistency. Ben presented some architectural diagrams of the current
RTC activities and where SIP.edu fits in - a connective middleware
layer, above network-layer connectivity and below damping middleware
(anti-spam and auth), rich presence, applications and auxiliary
services layers. Our goal should be to displace rather than replace
traditional voice communications (as communications technologies
rarely replace earlier technologies).
SIP.edu Overview - Dennis Baron
The goals include:
- build knowledge base for sip.edu implementors
- investigate future areas that should be pursued by sip.edu
- chart course for scaling up campus and inter-campus sip
- still needs some work
- DNS is complete
- SER and Pingtel proxy evaluations need a little updating
- gateway section needs expansion
- Cisco, Avaya
- functional but not sophisticated
- 80 users on Internet2
- SER proxy
- experimental eduPerson LDAP directory
- commercial gateway provider (not on Internet2)
- SIP for 6+ years; Cisco mostly
- Ed Guy CTO
- Chris Celiberti (peering engineering) FWD
- "don't do telephony"
- lots of trials
- purchased new TDM PBX
- was strong push for CM
- SER, Cisco, etc.
- a few Pingtel
- 95% chance of large Siemens trial
- large switch, many capabilities
- Siemens interested in pushing things
- playing with Asterisk
- 12 campuses
- 2200 Cisco phones (13k to go)
- 15k more phones at remote campuses (non University Park)
- LionShare, Shib, interest in understandng SIP dir needs (Renee)
- 150 production CM phones
- interested in directory services
- E911 through Cisco Emergency Responder
- interest in POTS replacement (Palladino)
- here for mind-meld (Blair)
- paths in the snow, usage is educational
- futhering advancement of SIP
- small CM implementation in testbed
- 6 islands
- ancient Nortel switch
- smaller (1000); 15% typically scattered around world
- perpetually 2 weeks away from coming up :-)
- firewalls/nat/vpn/userAgents to deal with
- > 1 million circuit-switched over cable
- 7 million + subscribers, 40 million by 2006
- residential VoIP announced
- SIP for presence + peering +video
- starting SIP with PacketCable / CableLabs
- want to offer Software client to all
- moving to CM, Unity
- interested in SIP, primarily as it ties into CM (also as "application
- cellular; writing applications to prevent phones
from ringing during classroom hours
- total control of voice, data, cable under one roof
- not a lot going on right now
- directors very interested in SIP as emerging tech
- pilot coming
- currently have Avaya CCS
Campus Deployment Experiences
Yale - Jeremy George
- 15,000 public phones; all in SER proxy
- Currently Yale's SIP.edu implementation is a pilot for
administration staff and IT staff
- server components are redundant (duplicated or triplicated)
- convergence is not required as much as reaching a confidence level
- may duplicate networks for voice QoS
Q . What are the barriers to dynamic UA registration?
A. cost of long distance charges and allowing anyone to
register w/ your proxy
Q . Directory integration?
A. Alias through SER, not done through CSPS but SER and CSPS
Q . What if you have only soft phones?
A. Not many barriers really in that case.
Q . Is there a business case
being employed? eg. money savings because of fewer wallplates/phone
A. Not focusing on that now.
Q . Do you allow others to buy their own
phones? What about user/device registration issues?
- PSU: pre-register phones by MAC address w/ call mgr
- Iowa U: move away from MAC to 802.1X
- Columbia: free love (no network auth/authz)
- It's possible to do registration just by SIP id,
rather then needing hardware registration.
- Public IP addresses essential -- for interoperability and
to avoid the complicated NAT problems
Q . How do you do directory integration?
A. Currently aliasing through SER
University of Pennsylvania - Steve Blair
- Verizon centrex environment; 26K lines, local, intra-lata
411 service; Long distance from MCI and Paetec
June 2001: lab tests with cisco call mgr;
tests with cisco SIP proxy server (CSPS);
Jan 2004: SER;
Aug 2003: production
pilot of broadworks;
Oct 2003 SIP.edu operational
in test mode with 23,000 subscribers.
- Cisco 2620XM VWIC T1 on each, T1/PRI Verizon DMS100 CO Switch
- Cisco, IpDialog
- Futures: productionize the proxy; better directory integration;
hosted gateway service; residential living VoIP offering.
Q . What is the
format of the backend directories/databases and how often are they updated
A. Currently Oracle db backend with some LDAP front ends.
Directory info is statically uploaded into the SIP
proxy. Directory extract only done once so far at the
beginning of the project.
Q . About organizational boundaries (data/telecom/phone
organizations). What works?
A. Penn performed reorganization where the voice and data
groups were merged. That helped but there was an initial
period of significant adjustment.S
Q . (Puerto Rico) Why run Asterisk & SER side by side?
A. Only use asterisk for voice mail services right now.
Columbia - Alan Crosswell
- Opening Plug: "Free Love and Secured Services": http://www.educause.edu/asp/doclib/abstract.asp?ID=ERM0266
- Design: proxy: iptel.org's SER; gateway: cisco 2621 with
voice adapter card, sip and call manager
- Just a sandbox, Linux PC, no redundancy etc
- Take advantage of SER's ease of customization to just call
a shell script to rewrite destinations, eg. sip:email@example.com --> sip:firstname.lastname@example.org
- NYC, so disaster recovery was an incentive for VoIP backup devices
- Lessons learned:
- Have to understand SIP to properly configure SER. SER
is a lot like sendmail configuration
- Can't use with Kerberos for single sign-on (yet).
Not sure we want to at this point in time though
because of insecure UAs.
- Directory integration -- easy:
- pre-existing LDAP directory that includes
Q . Can users change their contact/presence info
A. Not yet, LDAP currently read-only
Q . How does Asterisk scale as VM server?
A. Don't know: don't you just throw more PC's at the problem?
Q . Any
thought of integrating voice and data operations?
A. Yes; but hasn't happened yet.
Q . Privacy issues? eg. directory release
perms? callability via sip? Many people don't give out phone# but readily
give out e-mail address. Now sip.edu publishes your unpublished
phone#! Do you stop the routing of a sip.edu addressed call
if recipient has unpublished phone#?
A. Yes, but applies only to students. Policy: fac/staff must
have published phone numbers.
Q . How do you map phone hardware address
A. We don't. Free love silly.
- Comment from Ben T: idea: use voicemail trick, eg. message
delivered via voicemail: " i sipped you, this would have
been a real phone call if you had opted in."
Penn State University - Phil Coolick
- Working on VoIP conversion; currently 2200 phones into a
centrex replacement; core components are/will be SIP
- SIP.edu deployment stages: Cisco CSPS 2.2/Linux RH3.0;
Cisco 3745 as PSTN gateway
- E.164 numbers for registered hard phones
- MAC address authentication prevents IP phone mobility but
- Looking ahead: DNS entries of SIP.edu phones (via e164.arpa);
LDAP directory integration; security issues for SIP soft
phones, secure authentication etc; 911 location service.
Harvard - Candace Holman
- SIP.edu -- not very far along
- Current concentration on VoIP deployment efforts
- FERPA considerations a big priority
- Don't currently use eduPerson schema
Q . Why not?
A. Already had existing LDAP scheme; all the same data
anyway, just different attribute names.
- Free World Dialup: Ed Guy, CTO, pulver.com and Free World Dialup
- Largest open, free, co-operative VoIP network in the world.
- Based on open source software (iptel.org, asterisk.org) and
commercial products (eDial, Nextone)
- NAT workarounds: Anti NAT devices
- Jasomi PPC
- 230,000+ users from 170 countries, 1.5 % registered simultaneously
- International breakdown USA 34%, Israel 21%, Brazil and Canada 5%,
others 1% and some unknown
- Clients choose their own clients: IP phones, soft phones,
- eyeP media - new software phone
- Messenger as a SIP UA has dropped to 1% of the FWD UAs (newest
version forbids external proxy registration)
- Kall8 bridges pstn numbers into FWD circle - peers with
CallManagers (SIP and H.323 trunking) and other SIP proxies
- "Interconnect" peers with carriers like Vonage, Earthlink labs,
- to provide ENUM capability numbers instead of names in URIs
- Not part of SIP.EDU at the moment, but uses many of the same
architectural/protocol elements (SIP etc). Could become part of it later
- anonymous users are ok for free services but not for
- presence is what makes IP communications different
- CALEA (signaling vs. media - campus provides both but FWD provides
only the signaling)
- ENUM - +87810 393 in e164.ARPA; e164.fwd.net
- developed automatic configuration tools; client network
analyzer; only 2 people on call at any one time
- 84 different UAs in 6 hr period
- 10% of subscriber base use it per day
- 1 - 2% at any given time
Q . Have you looked at STUN?
A. Yes, we have a STUN server too; we try to support as many
end user configurations as possible.
- 50 or 60 peers, some of which are PSTN peers also
Q . Voicemail system?
A. We did have a Commercial voicemail system at one time. It
worked well w/ some UAs
- Interconnection: FWD Interconnect
working with ISPs to enable their customers to call
FWD from pure IP side of their network; free calling
to subscribers of other VoIP networks (Delta3,
Earthlink labs, Vonage, Packet8, Kal8
- ENUM service: 2nd year of ENUM service
+87810 393 in e164.ARPA; E164.fwdnet.net
- Can I call my friend's cellphone in Bangladesh? No.
Q . Can I call
my friend's cellphone in Austria?
A. Perhaps; because of their cellular/data network integration
- Voice quality: G.711 or better; so dialup access is usually
not good enough.
Q . About supporting the operation: How many people
Q . Hacking?
A. Not many incidents. Had a commercial blackbox system hacked,
vendor had never anticipated box being outside firewall. It
took 3 hours for it to get broken into.
Q . DDOS?
A. Not really. The most major problem in recent times was running out
of phone numbers.
Q . Support/Operations staff? (ie. # humans)
A. 4 developers, 2 support, 2 operations
SIP Spam Discussion
Presentation: "The Gathering Storm" - Ben
- potentially much worse then today's email spam - it's real-time
- can't easily batch process the spam messages
- phone communication is inherently interrupt driven
- SIP URI not allowed in the Do-Not-Call listing
- Review of anti-spam approaches for e-mail: whitelists,
blacklists, reverse MX schemes, reputation systems,
challenge-response, content filters, charging etc.
- Use partial solutions? Comment from Brad Templeton:
"Don't knock the arms race"
- Initial trust relationships in sip.edu
leverage shibboleth, incommon, etc.
- At SIP proxy -- combine whitelist, blacklists, filtering,
before call routing?
Q. (to Ed Guy/FWD) any attempts to bulk deliver to FWD?
A. No not yet, only nuisance calls
Comment: How about content filtering via speech2text technologies?
Comment: simple challenge?
OOB agreed upon challenge
Presentation: SIP identity draft - Jeremy George
- Jon Peterson and Cullen Jennings worked on ietf standard
- Anti-forgery extension for SIP
- A new header Identity containing cryptographically signed data
- Signature verification by PKI (trusted CA and certs)
- Another header, Identity-Info containing HTTPS or SIP URL of the
certificate to use
- Sending domain computes hash over to/from, call-id, sip-date,
contact addr, message-body and signs with certificate for domain
- Receiving domain authenticates the signature.
Peering Discussion (Dennis Baron)
- Do we need a SIP.edu community routing policy?
Today we're not really locked down and there is no
routing policy. Anyone can reach a SIP.edu subscriber.
- Knowing who to contact when things go wrong.
Comments: we have an unofficial directory of directories
for SIP.edu maintained by Ben T on the webpage. There's
a big carrot for the 5th SIP.edu participant as we will
finally exceed the 100,000 users mark. A big press release
will be forthcoming.
- Comments: how about a site's SIP.edu operational status?
eg. some sort of test address at each site that can be called
to determine whether the service is up. Most agreed that
it was a worthwhile idea.
E.164 Discussion (Dennis Baron)
- Numbers will remain important while pstn is around, while
UAs and phones have uncomfortable alpha entry, people are
attached to their phone numbers (part of their identity)
- URL formatting: sip: and tel:
- ENUM described in RFC 2916 is the use of the DNS to store
E.164 numbers (fully qualified PSTN numbers). The domain
"e164.arpa" is used.
- E.164 numbers are of the form: +1-617-252-1232
- Obtaining a DNS name for an E.164 number:
reverse phone#: 23212527161
dottify: 184.108.40.206.220.127.116.11.1.6.1 add .e164.arpa: 18.104.22.168.22.214.171.124.1.6.1.e164.arpa
- Performing DNS queries for 126.96.36.199.188.8.131.52.1.6.1.e164.arpa
returns a list of URLS (sip, mailto etc)
- .1.e164.arpa -- delegated to North
- 87810: experimental internet country code
- implemented by FWD
- VisionNG: ITU allocated study group/non-profit org
promotes open architecture for interoperable IP telephony
What about number portability?
No re-delegation? problems; who controls
- Comments: ENUM broken? run private ENUM; more useful in most cases
- Impromptu presentation: Ben Teitelbaum did 3 minute
presentation on "reverse SIP.edu" -- reaching SIP.edu
URI's from legacy phones.
- Comments: Ben Teitelbaum: increasingly gets pressure from
university CIOs to build telephone network out of Internet2.
After all, we have national coverage. Is this really a good
idea? Policy issues: leak calls to the local area or not?
- Use EduPerson
- Dynamic LDAP lookup for telephoneNumber-> e.164 -> SIP URI?
- Private ENUM root (e164.internet2.edu) and trial campus ENUM
Renee Re: SIP identity:
- roles for attributes / roles
- XML attribute language (I forget what it's called.)
Wrap-Up - Dennis Baron
- Cookbook needs work
- Another workshop?
Most in attendance in favor of this.
There is a VoIP workshop after the Internet2 Fall 2004 Member Meeting
- Sip.EDU@internet2.edu mailing list
* B.T: we should collect feedback from Europe/APAN. Although
not active participants today, there are watching us closely.
* How about hands-on workshop like the Internet2 Multicast/IPv6 workshops?
* An extra day would have been good for this workshop.