Download - SIPTesngw/ FreeSWITCH$
![Page 1: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/1.jpg)
SIP Tes(ng w/ FreeSWITCH ClueCon, August 2013
Moisés Silva <[email protected]> Manager, So?ware Engineering
![Page 2: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/2.jpg)
About Sangoma
• Industry pioneer with over 25 years of experience in communicaIons hardware and so?ware
• Publicly traded company since 2000 – TSXV: STC
• One of the most financially healthy companies in our industry – Growing, Profitable, Cash on the Balance Sheet, No Debt
• Mid-‐market sized firm with just under 100 staff in all global territories – Offices in Canada (Toronto), US (CA, NJ), EU (UK & Holland), APAC
(India), CALA (Miami) • World wide customer base
– Selling direct to carriers and OEMs – Selling to the enterprise through a network of distribuIon partners
2
Sangoma Technologies -‐ © 2013
![Page 3: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/3.jpg)
Broad Line of Great Products
• Voice Telephony Boards – Analog/digital/hybrid, WAN, ADSL
• Session border controllers • Microso? Lync • VoIP Gateways
– NetBorder SIP to TDM – SS7 to SIP
• So?ware ApplicaIons – NetBorder Express, Call Progress
Analyzer… • Transcoding (boards/appliances) • Fiber connecIvity (STM1) • Wireless products (GSM)
3
Sangoma Technologies -‐ © 2013
![Page 4: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/4.jpg)
Agenda
• TesIng Overview
• FuncIonality Tests
• Load Tests
• Security Tests
4
Sangoma Technologies -‐ © 2013
![Page 5: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/5.jpg)
Overview
• I know, SIP tesIng can be scary
5
Sangoma Technologies -‐ © 2013
![Page 6: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/6.jpg)
Overview
• TesIng complex systems requires detailed engineering and deep knowledge of OSes, wide range of protocols, hardware, etc
• Not everyone likes doing it, it is not glamorous work …
• But … It’s developer’s responsibility to test, not customer’s … shocking!
6
Sangoma Technologies -‐ © 2013
![Page 7: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/7.jpg)
Overview
• Lots of open source tools out there that can be used for tesIng: • Sipp • Sipsak • Sipvicious • Voiper • FreeSWITCH • Asterisk
7
Sangoma Technologies -‐ © 2013
![Page 8: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/8.jpg)
Overview
• Commercial tools as well • IXLoad from Ixia • SIP Hammer from Empirix
8
Sangoma Technologies -‐ © 2013
![Page 9: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/9.jpg)
Overview
• FreeSWITCH can be used to test other systems • Generate calls with full RTP wide array of codecs • Support for IPv4/IPv6, TLS, SRTP, STUN, ICE etc • Flexible programmable logic via XML, Python etc • Originate/terminate T.38 faxing • Originate/terminate SIP/TDM calls (and others) • Easy to hook up modules to test media or signaling:
• Example: tone_detect, mod_bert, fs_test
9
Sangoma Technologies -‐ © 2013
![Page 10: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/10.jpg)
Func(onality Tests
FuncIonality Tests
10
Sangoma Technologies -‐ © 2013
![Page 11: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/11.jpg)
Func(onality Tests
• Verify expected SIP behaviors
• REFER actually places a new call to given desInaIon • 183 with SDP actually bridges media • 4/5XX responses hang up or retry a call • REGISTER creates an AOR in your DB • … And you can go crazy with Presence tests …
11
Sangoma Technologies -‐ © 2013
![Page 12: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/12.jpg)
Func(onality Tests
• IdenIfy your most important funcIonality
• Execute manual tests, take traces (pcap/wireshark)
• Write test scenarios for them
• Automate them! (Python/Ruby/PERL scripIng)
12
Sangoma Technologies -‐ © 2013
![Page 13: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/13.jpg)
SIPp
13
Sangoma Technologies -‐ © 2013
![Page 14: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/14.jpg)
SIPp
• FreeSWITCH Wiki SIPP Quote
“IF YOU DO NOT UNDERSTAND HOW TO STRESS TEST PROPERLY THEN DON'T BOTHER Using SIPp is part dark art, part voodoo, part Santeria. YOU HAVE BEEN WARNED”
14
Sangoma Technologies -‐ © 2013
![Page 15: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/15.jpg)
SIPp
• Low-‐level SIP funcIonality & performance test tool
• Not super user-‐friendly, errors can go unnoIced
• Requires a firm grasp on SIP (requests, responses, transacIons, dialogs)
• Flow logic is XML-‐based
15
Sangoma Technologies -‐ © 2013
![Page 16: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/16.jpg)
SIPp
16
Sangoma Technologies -‐ © 2013
![Page 17: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/17.jpg)
SIPp
17
Sangoma Technologies -‐ © 2013
![Page 18: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/18.jpg)
SIPp
• <send>, <recv>, <pause>, <exec>, rinse & repeat • <send> sends raw SIP messages
• <recv> indicates you are expecIng a SIP response or request
• <pause> waits some milliseconds
• <exec> Can be used to play a pcap (and other stuff)
18
Sangoma Technologies -‐ © 2013
![Page 19: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/19.jpg)
SIPp
• <send> takes care of re-‐transmissions if “retrans” awribute is used
• <recv> blocks if non-‐opIonal
• <exec> playing a file is non-‐blocking (surprising if you know FreeSWITCH/Asterisk playback)
19
Sangoma Technologies -‐ © 2013
![Page 20: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/20.jpg)
SIPp
• More complex scenarios can be created with condiIonal branching
• Use staIsIcal branching to add some variety to your scenarios
• <pause> can be done using different distribuIon models such as normal, exponenIal, pareto, etc
20
Sangoma Technologies -‐ © 2013
![Page 21: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/21.jpg)
SIPp
• Subtle mistakes can go unnoIced (no media)
21
Sangoma Technologies -‐ © 2013
![Page 22: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/22.jpg)
SIPp
• Use [media_port] tag, do not hard-‐code ports in the SDP
22
Sangoma Technologies -‐ © 2013
![Page 23: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/23.jpg)
SIPp
• Make sure you use –rtp_echo
• Make sure you insert a <pause> a?er playing a pcap and make sure the pcap is long enough
• For load tests raise your process limits (ulimit –a for details)
23
Sangoma Technologies -‐ © 2013
![Page 24: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/24.jpg)
SIPp
• AutomaIng creaIon of SIPp scenarios out of pcap captures:
• Sippie • hwp://sourceforge.net/projects/sippie/
• Sniff2sipp • hwp://svnview.digium.com/svn/sniff2sipp/
24
Sangoma Technologies -‐ © 2013
![Page 25: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/25.jpg)
SIPSak
• Mostly useful for flood tests
• Much simpler/smaller than sipp, but less control
• Easily used for RFC4475 tesIng (SIP Torture)
25
Sangoma Technologies -‐ © 2013
![Page 26: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/26.jpg)
FreeSWITCH
• You can create SIP flows indirectly using FreeSWITCH applicaIons
• No direct/raw SIP access, but possible through FreeSWITCH channel variables
• Logic programmable in XML, Python, LUA etc
26
Sangoma Technologies -‐ © 2013
![Page 27: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/27.jpg)
FreeSWITCH
• Use ESL originate to send INVITEs
• fs_test Python script mimics some SIPp opIons • hwps://github.com/moises-‐silva/fs_test
• Control INVITE SIP headers through “sip_h_” originate variables
• Send REFER with “deflect” applicaIon
27
Sangoma Technologies -‐ © 2013
![Page 28: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/28.jpg)
FreeSWITCH
• Send 180 with “ring_ready”
• Send 183 with “pre_answer”
• Send 200 with “answer”
• Send 3XX with “redirect”
• Send 4XX/5XX/6XX with “respond”
• Send BYE with “hangup”
28
Sangoma Technologies -‐ © 2013
![Page 29: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/29.jpg)
FreeSWITCH
• G.711 media test / checking can be accomplished using mod_bert or tone_detect • hwps://github.com/moises-‐silva/freeswitch/tree/mod_bert
• Calls failing the media test are hung up with MEDIA_TIMEOUT reason
29
Sangoma Technologies -‐ © 2013
![Page 30: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/30.jpg)
Load Tests
Load Tests
30
Sangoma Technologies -‐ © 2013
![Page 31: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/31.jpg)
Load Tests
• Load tesIng can be a fine art
• Be careful and define tesIng scope • OS (Linux, Windows, 64/32 bit, OS packages versions) • Media features (RTP/SRTP, UDPTL, Codec) • Signaling Features (TLS, PRACK, Presence, T.38) • Hardware environment (CPU, Memory, PCI/PCIx, HD) • Network environment (TCP/UDP/Ethernet se|ngs)
31
Sangoma Technologies -‐ © 2013
![Page 32: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/32.jpg)
Load Tests
• Performance can vary widely when changing just a few environment characterisIcs, be sure to test a?er each change
• Record your findings (ie: use CacI)
• Do no underesImate non-‐call-‐related load • RegistraIons, Presence, MWI, etc
32
Sangoma Technologies -‐ © 2013
![Page 33: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/33.jpg)
Load Tests
• Measure your network performance / throughput
• Use good cat6 ethernet cables! • Use Iperf
• hwps://code.google.com/p/iperf/
33
Sangoma Technologies -‐ © 2013
![Page 34: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/34.jpg)
Load Tests
• Launching iperf server
34
Sangoma Technologies -‐ © 2013
![Page 35: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/35.jpg)
Load Tests
• Launching iperf client
35
Sangoma Technologies -‐ © 2013
![Page 36: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/36.jpg)
Load Tests
• Do not forget to verify with bwm-‐ng
36
Sangoma Technologies -‐ © 2013
Iperf server bandwidth
Iperf client bandwidth
![Page 37: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/37.jpg)
Load Tests
• Slight payload change (iperf –l 172) causes significant performance difference
37
Sangoma Technologies -‐ © 2013
Iperf server bandwidth
Iperf client bandwidth
![Page 38: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/38.jpg)
Security Tests
Security Tests
38
Sangoma Technologies -‐ © 2013
![Page 39: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/39.jpg)
Security Tests
• Sipvicious • Voiper
39
Sangoma Technologies -‐ © 2013
![Page 40: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/40.jpg)
SipVicious
• Sipvicious is handy to test your fail2ban rules
• Use svwar.py and svcrack.py to trigger your fail2ban
• Verify the host was blocked
40
Sangoma Technologies -‐ © 2013
![Page 41: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/41.jpg)
Voiper
• Voiper is handy for fuzzy/vulnerability tesIng • hwp://voiper.sourceforge.net/
• Whatever you do, do not click on the last link at that page (UnprotectedHex)
41
Sangoma Technologies -‐ © 2013
![Page 42: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/42.jpg)
Voiper
• python fuzzer.py -‐f SIPInviteCommonFuzzer -‐i 192.168.168.1 -‐p 5060 -‐a sessions/scen1 -‐c 0
• Tons of messages like this on FreeSWITCH:
42
Sangoma Technologies -‐ © 2013
![Page 43: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/43.jpg)
Voiper
• Note fail2ban can hardly help here (if at all)
• SoluIon is report malformed packets via events and possibly block hosts sending excess of malformed traffic
43
Sangoma Technologies -‐ © 2013
![Page 44: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/44.jpg)
QUESTIONS
![Page 45: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/45.jpg)
Contact Us
• Sangoma Technologies 100 Renfrew Drive, Suite 100 Markham, Ontario L3R 9R6 Canada
• Website hwp://www.sangoma.com/
• Telephone +1 905 474 1990 x2 (for Sales)
• Email [email protected]
Sangoma Technologies -‐ © 2013
45
![Page 46: SIPTesngw/ FreeSWITCH$](https://reader031.vdocuments.mx/reader031/viewer/2022012103/616a129611a7b741a34e8133/html5/thumbnails/46.jpg)
THANK YOU