interactive connectivity establishment : ice speaker : wenping zhang date : 2008.05.01

21
Interactive Connectivity Establishment : ICE speaker Wenping Zhang date 2008.05.01

Upload: hester-blair

Post on 21-Jan-2016

218 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Interactive Connectivity Establishment : ICE speaker : Wenping Zhang date : 2008.05.01

Interactive Connectivity Establishment : ICE

speaker:Wenping Zhang

date: 2008.05.01

Page 2: Interactive Connectivity Establishment : ICE speaker : Wenping Zhang date : 2008.05.01

2

Outline

Introduction What is NAT What is the Problem What is STUN What is TURN IETFs Answer: ICE Conclusion Reference

Page 3: Interactive Connectivity Establishment : ICE speaker : Wenping Zhang date : 2008.05.01

3

Introduction SIP has seen widespread usage and deployment in both

the public Internet and private IP networks.

However, its success has not come without difficulties. Perhaps most significant among them has been the proliferation of network address translator and firewall devices.

The IETF responded to this need by the creation of a new specification that augments SIP with robust and low-cost NAT traversal. This specification, Interactive Connectivity Establishment, was produced by the mmusic working group.

Page 4: Interactive Connectivity Establishment : ICE speaker : Wenping Zhang date : 2008.05.01

4

What is NAT

Page 5: Interactive Connectivity Establishment : ICE speaker : Wenping Zhang date : 2008.05.01

5

What is the Problem

In the Contact of a REGISTER as the target for incoming INVITE

Page 6: Interactive Connectivity Establishment : ICE speaker : Wenping Zhang date : 2008.05.01

6

Cont.

In the SDP as the target for receipt of media

Page 7: Interactive Connectivity Establishment : ICE speaker : Wenping Zhang date : 2008.05.01

7

What is STUN

Page 8: Interactive Connectivity Establishment : ICE speaker : Wenping Zhang date : 2008.05.01

8

What is TURN

Page 9: Interactive Connectivity Establishment : ICE speaker : Wenping Zhang date : 2008.05.01

9

IETFs Answer: ICE ICE provides NAT and firewall traversal capabilities for any

type of session-oriented protocol, though it has been designed to work with SIP and its companion protocol, the Session Description Protocol (SDP).

ICE makes use of STUN and TURN and provides a unifying framework around them.

Even though ICE has not yet reached RFC status, there are already several large-scale deployments supporting hundreds of thousands of users.

Page 10: Interactive Connectivity Establishment : ICE speaker : Wenping Zhang date : 2008.05.01

10

Cont. A client will obtain IP addresses and ports by using both

techniques, including both addresses - in addition to ports allocated from local interfaces - into the SIP call-setup messages. Each of these is called a candidate and represents a potential point of communications for the agent.

At that point, the agents begin a process of connectivity checks.

These are STUN messages sent from one agent to the other, probing to find a particular pair of addresses that work. Once a pair is found, the probes cease, and media can begin to flow.

Page 11: Interactive Connectivity Establishment : ICE speaker : Wenping Zhang date : 2008.05.01

11

Cont. The detailed operation of ICE can be

broken into six steps: Gathering Prioritizing Encoding Offering and Answering Checking Completing

Page 12: Interactive Connectivity Establishment : ICE speaker : Wenping Zhang date : 2008.05.01

12

Step 1: Gathering

Prior to making a call, the caller begins gathering IP addresses and ports, each of which is a potential candidate for communications.

Three different types of candidates Host Candidates Server Reflexive Candidates Relayed Candidates

Page 13: Interactive Connectivity Establishment : ICE speaker : Wenping Zhang date : 2008.05.01

13

Step 2: Prioritizing Once the agent has gathered its candidates, it

assigns each of them a priority value.

Priorities are from 0 to 2 to the power of 31 minus 1, with larger numbers denoting higher priority.

Typically, the lowest priority is given to the relayed candidates, since sending media through a relay is expensive and increases voice latency.

Page 14: Interactive Connectivity Establishment : ICE speaker : Wenping Zhang date : 2008.05.01

14

Cont.

The type preference MUST be an integer from 0 to 126 inclusive, and represents the preference for the type of the candidate .

The local preference MUST be an integer from 0 to 65535 inclusive.

The component ID is the component ID for the candidate, and MUST be between 1 and 256 inclusive.

Page 15: Interactive Connectivity Establishment : ICE speaker : Wenping Zhang date : 2008.05.01

15

Step 3: Encoding Each candidate is placed into an

a=candidate attribute of the offer

Each candidate line has IP address and port Component ID Foundation Transport Protocol Priority Type “Related Address”

Page 16: Interactive Connectivity Establishment : ICE speaker : Wenping Zhang date : 2008.05.01

16

Step 4: Offering and Answering Once the calling agent has constructed its SIP

INVITE request with the SDP payload, it sends the request to the called party.

Assuming the called party also supports ICE, the called party holds off on ringing the phone. it performs the same gathering, prioritizing, and encoding that the caller performed.

The called party then generates a provisional SIP response.

Page 17: Interactive Connectivity Establishment : ICE speaker : Wenping Zhang date : 2008.05.01

17

Step 5: Checking

Each agent pairs up its candidates with its peers to form candidate pairs

Each agent sends a connectivity check every 20ms, in pair priority order

Upon receipt of the request the peer agent generates a response

If the response is received the check has succeeded

Page 18: Interactive Connectivity Establishment : ICE speaker : Wenping Zhang date : 2008.05.01

18

Step 6: Completing Once a check is completed, the agent knows it has found a

pair that will work for media traffic.

By avoiding ringing the phone until the ICE checks have been completed, ICE can guarantee that when the called party does answer, media will successfully flow in each direction

Once the phone rings, the called party answers. This generates an SIP 200 OK final response, confirming acceptance of the call.

If ICE negotiation results in the selection of a candidate pair that differs from the default IP address and port carried in the SDP, the caller performs an SIP re-INVITE to update the default.

Page 19: Interactive Connectivity Establishment : ICE speaker : Wenping Zhang date : 2008.05.01

19

Cont.

Page 20: Interactive Connectivity Establishment : ICE speaker : Wenping Zhang date : 2008.05.01

20

Conclusion

ICE is one of the most important extensions produced to date for SIP. Indeed, it is considered one of its few core extensions - those expected to be used by every SIP client for every SIP call. Though designed for SIP, ICE is applicable to any session-oriented protocol.

ICE’s importance goes beyond just robust NAT traversal. ICE adds significant security to SIP overall, eliminating a key DoS attack , which can be launched by using SIP networks as amplifiers.

Page 21: Interactive Connectivity Establishment : ICE speaker : Wenping Zhang date : 2008.05.01

21

Reference

IETF Journal, “Interactive Connectivity Establishment”, By Jonathan Rosenberg, Cisco Systems

ICE Tutorial

J. Rosenberg. “Interactive Connectivity Establishment (ICE): A Methodology for Network Address Translator (NAT) Traversal for Offer/Answer Protocols.” IETF Internet Draft draft-ietf-mmusic-ice-19, October 2006.

Rosenberg, "Interactive Connectivity Establishment (ICE): Methodology for Network Address Translator (NAT) Traversal for the Session Initiation Protocol (SIP)", Internet draft http://www.ietf.org/internet-drafts/draft-rosenberg-sipping-ice- 01.txt, February 2003