The Internet Real-Time Laboratory Prof. Henning Schulzrinne Feb 2006
advertisement
The Internet Real-Time Laboratory Prof. Henning Schulzrinne Feb 2006 http://www.cs.columbia.edu/IRT Current members IRT lab: 1 faculty, 1 post-doc, 13 PhD, 6 MS GRAs, 2 visitors and a researcher: total 24 China, Germany, Hong Kong, India, Italy, Israel, Japan, Korea, Pakistan, USA Sponsors Equipment grants and student support: past and present Research topics Internet Real-Time Systems Security Service discovery Reliability and scalability Multimedia collaboration Mobile and ad hoc Peer-to-peer systems Enterprise IP telephony 911 calls on Internet Ubiquitous computing presence Wireless telephony Programmable services Global service discovery Knarig Arabshian The problem Current protocols: Local network (not Internet) Limited description or query -- attributevalue or interface matching We need: A global service discovery architecture Scalable (avoid central dependency) Robust and self adjusting Use modern description logic (OWL) Knarig Arabshian Global service discovery GloServ: Hierarchical P2P Global Service Discovery Architecture Classify services using OWL Use service classification to map ontology to a hierarchical P2P network (using CAN for p2p) Bootstrap servers using information in ontology Intelligent registration and querying 1 1) Query for “inn” is issued 2 4 Hotel 3 hostel inn rooming lodging motel Service 2) Map the word “inn” to “hotel” Restaurant Travel Medical Communication 4) Send the query to the closest high-level server that is known Destination Flights Agencies Hotel domain: hotel.destination.service Bed&Breakfast 3) Look up the domain of the equivalent server or closely related server in the primitive skeleton ontology Global service discovery Knarig Arabshian GloServ: Hierarchical P2P Global Service Discovery Architecture CAN DHT distribution of properties hasAccommodation (Hotel) 20 CAN DHT (CampGround) 3 (Budget) 2 <1,2> <3,2> <1,3> <3,3> <2,1> <2,2> . . . <2,3> <10,2> <10,3> 3 1 2 (Sightseeing) (Sports) (Adventure) hasActivity CAN DHT 7DS Wing Yuen (Andy) The problem and overview of 7DS The opportunity Wireless infrastructure slow to emerge (3G $$$) 802.11b cheap and simple to deploy Mobile devices spread data in densely populated areas (e.g., NYC) What is 7DS? Content-independent: works for any web object Uses standard caching mechanism After 25’, 90% of interested users have data Also, data upload: Wing Yuen (Andy) 7DS Overview of the networks Two nodes communicate when they are in proximity Small transmit power path Mobile node Optimal # neighbor ≈1 Large end-to-end throughput Trade off capacity with delay Ad hoc network; example: Wing Yuen (Andy) 7DS Email upload application Objective: purge message replicas Time-based scheme breadth=2 depth=4 Hop-based scheme Purge message when TTL expires Decrement b in each node encounter Purge message when b=0 Evaluate storage and storage-time cost Optimal depth=2, select breadth such that prob. delivery =1 7DS Derek for mobile platforms Source: ARCChart – Developing for Mobile Environments Sangho Shin Andrea Forte Wireless VoIP Layer 3 handoff Overview of the network and problems Internet Subnet B R2 Subnet A R1 AP2 AP1 Layer 2 handoff Handoff delay (Layer 2 and Layer 3) Limited capacity Call admission control Access-point Router Sangho Shin Andrea Forte Wireless VoIP Problems and solutions Layer 2 (MAC) & Layer 3 (IP) Handoff Limited capacity Selective Scanning & Caching Fast L3 Handoff using temp IP Cooperative handoff Improving VoIP capacity Bandwidth Actual throughput IEEE 802.11a/b/g : 11~ 54 Mb/s Except overhead: 2~20 Mb/s Ethernet (100-1000 Mb/s) >> WLANs Need to improve Capacity for VoIP. Dynamic PCF (DPCF) Adaptive Priority Control (APC) Call admission control Virtual Traffic Generation Too many clients or, simultaneous calls in an AP deterioration of QoS Need Call Admission Control (CAC) Wireless VoIP Sangho Shin Andrea Forte Passive DAD (1/2) Duplicate Address Detection (DAD) Before the DHCP server decides to assign an IP address, it has to be sure that such address is not already in use. In order to do this, the DHCP server sends ICMP Echo requests and waits for ICMP Echo replies. The delay introduced by DAD is in the order of seconds! Passive DAD (P-DAD) We introduce a new agent, namely Address Usage Collector (AUC), which collects information about the IP addresses in use in its subnet. The AUC will then inform the DHCP server about IP addresses already in use in a particular subnet. Sangho Shin Andrea Forte Wireless VoIP Passive DAD (2/2) Address Usage Collector (AUC) TCP Connection DHCP server IP4 DUID4 IP MAC Expire Client ID MAC IP1 MAC1 570 DUID1 MAC1 IP2 IP3 MAC2 MAC3 580 590 DUID2 DUID3 MAC2 MAC3 Broadcast-ARP/DHCP Router/relay agent SUBNET AUC builds DUID:MAC pair table (DHCP traffic only). AUC builds IP:MAC pair table (broadcast and ARP traffic). Whenever a new pair is added to the table or if a potential unauthorized IP is detected, the AUC sends the pair to the DHCP server. DHCP server checks if the pair is correct or not and it records the IP address as in use. ARP checking AUC scans unused IPs using ARP query periodically. Silent nodes can be detected. Wireless VoIP Sangho Shin Andrea Forte Problems of the current DAD In wireless networks, it takes long time to get ICMP echo response, or even the response can be lost when the channel is very congested. Windows XP SP2 activates the firewall, and the firewall blocks incoming ICMP echo by default. ISC DHCP software has a bug in the DAD timer, and the timer value is decided between 0 ~ 1 sec randomly. VoIP real world app. Venkata S. Malladi Anurag Chakravarti Training air traffic controllers at FAA Existing communication system What the project is? Voice communications network Analog, fixed point-to-point connections Fast Ethernet data network Video network Depends on analog, hard-wired communication systems that use obsolete parts no longer available without custom manufacture Simulate a FAA classroom Classroom has student, pilot and an instructor workstation Student plays the role of an ATC, who is trained by the pilot. Student and pilot communicate to each other, via a notion of frequency (unicast) and facility (multicast) What am I doing? Feature enhancements Get the project successfully deployed on-site Development of robust audio tool on Windows platform Charles Shen Session peering for multimedia and VoIP interconnect Motivation: expenses, overhead, flexibility of end-toend IP-based services. How it is done: switch fabric, rules and regulations that manage sending and receiving data among one another. Challenges: Architecture, QoS, Security, Operations Support Services, Reliability, Protocol Interoperability, Call routing, ENUM, etc. Direct Peering IP Phone SIP based Network SIP based Network PSTN PSTN (telephone) Existing architecture IP Phone Charles Shen ENUM Marriage of Internet and telephone numbering Enum Server SIP Proxy Callee [2] Caller’s proxy queries Enum for 0.4.0.7.9.3.9.2.1.2.1.e164.arpa and gets response sip:irt@cs.columbia.edu Caller [1] Caller dials callee’s normal phone number SIP Proxy [3] Caller’s proxy receives response sip:irt@cs.columbia.edu and proceed to set up call with the callee 212-939-7040 Bridges traditional telephony with Internet capabilities into a platform for new services and applications. Session peering and ENUM Charles Shen Status quo and our work WGs in standardization bodies such as IETF SPEERMINT, ENUM WG and SIPForum technical WG are working on requirements and architecture details for a Session Peering for Multimedia Interconnect architecture. I am currently involved in ENUM server performance investigation and expected to contribute to other parts of the peering architecture as well. Also related: SIP Scalability Performance Study. NG 9-1-1 Jong Yul Kim Wonsang Song Overview of the NG911 project Traditional 9-1-1 system Two (related) fundamental problems Does not work well for calls from Internet phones! Where is the caller? To which PSAP (call center) should the call go? Other problems Going beyond the traditional 9-1-1 functionalities Multimedia (audio + video + text) Sending instructional video on CPR Project Participants Columbia University, Texas A&M University, University of Virginia NENA, Cisco, Nortel Funded by NTIA and SIPquest Jong Yul Kim Wonsang Song NG 9-1-1 Solution and status Location Determination CDP Merits Drawbacks DHCP Cisco devices are ubiquitous Less burden for administrators than DHCP Only works with Cisco switches and access points Administrators have to enter switch – location mapping In organizations that use Cisco devices Useful Situation DHCP is ubiquitous Applicable to both SIP UA and SIP proxy No good for wireless connections Administrators have to enter machine – location mapping for each machine In organizations where computers are fixed in one place Current status GPS Manual Entry Delivers precise location No work for administrators Is always a backup method GPS does not work indoors or when a significant portion of the sky is blocked from view. No guarantee of timely update Prone to human error Outdoors When all else fails SIP-based prototype system NENA requirements for IP-capable PSAPs IETF ECRIT WG Proposals to solutions for fundamental problems On-going preparations for testing in live PSAP in College Station, Texas VoIP security Eilon Yardeni Denial of Service (DoS) attacks: the problem DoS attacks are still prevalent in the Internet Telephony services are exposed as they move to the IP network The E911 service is specifically vulnerable How to distinguish between a human and machine request? Detection and Mitigation VoIP security Taxonomy of DoS attacks: vulnerability attacks Implementation flaws Application specific attacks Session Initiation Protocol (SIP) Flooding Session tear down – spoofed “BYE”s Modify media sessions – spoofed re-INVITEs Flood with “INVITE” or “REGISTER” Access links congestion Attack on E911 911 calls do not require authentication Attacker can target: Call takers Call routing Mapping service Physical location spoofing Eilon Yardeni VoIP security Defense against DoS attacks Fake location Signed location Location verification First level filtering heuristics IP-to-geo location comparison List of legitimate subnets Eilon Yardeni Kumiko Ono VoIP security Trust path discovery for SPAM detection Motivation: option for sender filtering against spam (SPIT/SPIM) Determine whether to accept communication’s requests, e.g., emails, calls, instant messages from a “stranger” Based on reputation of that stranger Challenge: how to get the stranger’s reputation Approach Gathering trustworthy opinions on individuals and their domains from trust paths Opinions: based on trust indicators which represent one’s trust on receiving messages Trust paths: chains of trust relationships; among individuals, among domains and between an individual and a domain IETF draft-ono-trust-path-discovery-01 Related Work 2. Query his reputation Our Approach A third party reputation system i.e., a server of social network Alice 1. Receive communication request Dave Trust paths i.e., buddy-list, call-log 2. Query his reputation Alice 1. Receive communication request Dave Vishal Singh Presence System Overview Presence Ability and willingness to communicate. Rules about how and what part of presence info can be accessed More detailed information includes location, preferred communication mode, current mood and activity Presentity Represents a user or a group of users or a program Source of presence information Watcher Requester of presence information about a presentity Bob is busy right now. He is on 42nd ,Broadway. U can reach him after 4.00 p.m. on his office line. Bob’s Presentity Vishal Singh Presence Presentity and Watchers Bob’s Presentity PUBLISH Bob’s status, location Presence Server Bob’s Filters (Rules), PIDF SUBSCRIBE NOTIFY Available, Busy, Somewhat available, Invisible Watchers Watchers Watchers wife PUBLISH son Ru there ? BUZZ Cell Phone colleague PC-IM Client Bob’s Presence User Agents (PUA) external world Vishal Singh Presence Deployment: Cross-domain SCP SIP NOTIFY SIP PUBLISH Presence Server PSTN SIP PUBLISH SIP PUBLISH Wireless Network Presence Database Presence Server Presence Server Watchers/Buddies for one presentity SIP SUBSCRIBE IM TV SIP Phone Broadband IP Network (VoIP, Internet) Presence Server Presence Server Watchers/Buddies for one presentity Presence Vishal Singh Services Determining communication status Dial tone no longer enough, Decide based on Presentity’s Location, Activity (Sleeping, Driving, etc.), Mood (angry, happy etc.,) Presentity’s preferred mode of communication (e.g., text , audio device, landline phone) Location based services Fleet management Kundan Singh VoIP infrastructure CINEMA: multi-platform multimedia collaboration Beyond voice: video, text, IM, presence, screen sharing, shared web browsing, … Beyond SIP phone: regular telephone, email, web, … Beyond synchronous communication: offline mails, discussion forum, file sharing, … Internet Telephony Interactive voice response Internet Radio/TV Messaging and Presence Unified messaging Video conferencing Media G.711 MPEG SIP RTSP SAP RSVP RTCP Application layer RTP Transport (TCP, UDP) Network (IPv4, IPv6) Quality of service Signaling Media transport Link layer Physical layer Program Call routing Voice XML DTMF Mixing Speech/ text SDP Kundan Singh VoIP infrastructure Reliability and scalability Failover: redundancy Load sharing: scalability P1 a-h INVITE REGISTER i-q Use DNS P2 P3 r-z Combine the two in a two stage architecture • Infinite scalability (linear with #servers) • High availability Peer-to-peer Kundan Singh P2P Internet telephony using SIP Server-based Peer-to-peer Maintenance and configuration cost: dedicated administrator Central point of failures: catastrophic failures Depends on controlled infrastructure (e.g., DNS) Self adjusting, robust against catastrophic failures, highly scalable, and no configurations Call setup and user search latency is higher: O(log(N)) Security: how to handle malicious peers? Identity protection? Our P2P-SIP Hybrid architecture: works with both P2P and server-based Built-in P2P network: acts as a service node for proxy, registrar, presence, offline storage, and media relay External P2P network: managed and trusted peer nodes Identity protection: Email identifier == SIP identifier Salman Abdul Baset Peer-to-peer Analysis of the Skype peer-to-peer VoIP application Memory usage Application Application version Skype 1.4.0.84 19 MB, 19 MB Yahoo 7.0.0.437 MSN 7.5 G-Talk 1.0.0.80 before call (caller, callee) Process priority during call (caller, callee) before call during call 21 MB, 27 MB Normal High 38 MB, 34 MB 43 MB, 42 MB Normal 25 MB, 22 MB 34 MB, 31 MB 9 MB, 9 MB 13 MB, 13 MB Mouth-toear latency Latency Standard Deviation 96 ms 4 Normal 152 ms 12 Normal Normal 184 ms 16 Normal Normal 109 ms 10 Peer-to-peer Salman Abdul Baset Churn in small scale p2p networks Small scale: nodes count 5 to 1000 Churn: node arrival/departure rate Office: high churn at 9:00am and 5:00pm Is distributed hash table (DHT) better than flooding? Correlated and un-correlated failures Summary Internet Real-Time Systems Service discovery, 7DS, wireless VoIP, Security, NG 911, reliability, scalability, peer-to-peer Other projects: SIP user agent, CPL/sipcgi/LESS scripts, session mobility, DotSlash, … Questions?
