Title: SIP
1SIP growing up
- Henning Schulzrinne
- Columbia University
- SIP 2003 January 2003
- Paris, France
2Overview
- What happened in 2002?
- standards milestones
- deployment
- Outlook for 2003
- substantial completion?
- SIP challenges
3What happened in 2002?
- New revision of SIP RFCs published
- RFC 3261 basic protocol specification
- RFC 3262 Reliability of Provisional Responses
- RFC 3263 Locating SIP Servers
- RFC 3264 An Offer/Answer Model with the Session
Description Protocol (SDP) - RFC 3265 SIP-specific Event Notification
4RFC 3261
- Backward compatible with RFC 2543 no new
version - Major changes
- specification behavior-oriented, not
header-oriented - e.g., separation into layers
- mandate support for UDP and TCP
- formal offer/answer model for media negotiation
- uses both SRV and NAPTR for server location, load
balancing and redundancy - much more complete security considerations
- sips for secured (TLS) path
- PGP removed due to lack of use
- Basic authentication removed as unsafe
- S/MIME added for protecting message bodies (and
headers, via encapsulation) - Route/Record-Route simplified
5SIP and 3G wireless networks
- In July, 3GPP adopts SIP as signaling protocol
for Release5 - increased collaboration between organizations
- still somewhat different perspectives
3GPP IETF
network doesnt trust user user only partially trusts network
L1/2-specific generic
walled garden open access
6SIP adoption in 2002
- IBM, Novell support SIMPLE for group
communications in the enterprise - but still confusion by Microsoft MSN Messenger
5.0 (no SIP) vs. Windows Messenger 4.7 (SIP
MSN, but mostly for XP) - AOL backing off from interoperability
- IETF adds Jabber to the IM standards confusion
- PRIM and APEX fading
- 3GPP adopts SIMPLE as IM/presence mechanism for
Release6 - commercial services for consumers and businesses
- Vonage, Denwa, eStara,
- MCI Worldcom, DeltaThree
7SIP products
- Still no cheap (lt 100) phones, but getting
closer - snom 100 (270), Cisco 7905 (165), Teledex (but
not all SIP yet) - but still not Wal-Mart ?
- video-conferencing equipment still lacking
- turn-key IP PBX-in-a-box available from
multiple vendors
- many good software clients
- PDA clients emerging
- despite industry issues, robust set of
participants at
8SIP standardization in 2002
- Probably point of maximum activity for SIP work
- There have been at least (in my collection of
6428 distinct IETF I-Ds) - 210 distinct I-Ds with sip (not counting -00,
-01, etc.) - 83 with sipping
- 34 with simple
- Current status somewhat difficult to track
- not all WG I-Ds are draft-ietf-
- many drafts start as draft-somebody-
- IETF draft tracking is iffy (complete only after
WG done) - JAIN activities in 2002
- SIP servlet API
- JAIN SIP lite
WG RFCs IESG or RFC editor WG I-Ds
SIP 17 11 10
SIPPING 4 9 12
SIMPLE 0 6 0
9Other SIP RFCs published in 2002
- DHCP options for SIP servers
- The Session Initiation Protocol (SIP) UPDATE
Method - Integration of Resource Management and Session
Initiation Protocol (SIP) - Internet Media Type message/sipfrag
- A Privacy Mechanism for the Session Initiation
Protocol (SIP) - Private Extensions to the Session Initiation
Protocol (SIP) for Asserted Identity within
Trusted Networks - Session Initiation Protocol (SIP) Extension for
Instant Messaging - The Reason Header Field for the Session
Initiation Protocol (SIP) - Session Initiation Protocol (SIP) Extension
Header Field for Registering Non-Adjacent
Contacts - User Requirements for the Session Initiation
Protocol (SIP) in Support of Deaf, Hard of
Hearing and Speech-impaired Individuals - Session Initiation Protocol for Telephones
(SIP-T) Context and Architectures - Short Term Requirements for Network Asserted
Identity - Integrated Services Digital Network (ISDN) User
Part (ISUP) to Session Initiation Protocol (SIP)
Mapping
10Major SIP standardization items left to do
- Conferencing
- conference creation ad-hoc and pre-arranged
- call leg events ? conference membership tracking
- floor control SIP events SOAP
- Application interaction
- DTMF control (instead of INFO, complementary to
RFC 2833) - e.g., KPML for causing HTTP POST on digit
combinations - User identity via S/MIME
- Debugging and call history
- Content indirection
- Emergency calls
- Presence and IM
- session mode (INVITE-initiated)
- UPDATE for presence updates
- is-composing event while typing
- limit message size
- delivery confirmation
- more detailed presence status
- SIMPLE Java APIs
11SIP standardization
- After this, mostly into maintenance mode
- track bugs and eventually issue RFC 3261bis
- Will SIP progress to Draft Standard?
- hardly unique
- 883 Proposed Standard RFCs, 99 Draft Standard, 66
Standard - unlikely ? too many external dependencies (TLS,
S/MIME, SRV, NAPTR, ) - lots of work (interop statements) ? too little
motivation
12Is SIP still simple?
- 25 SIP RFCs ( SDP), 823 pages
- and the call flows RFCs arent out yet ?
- RFC 3261 is longest RFC ever
- by bytes, RFC 2801 (IOTP) wins by page count
- However
- probably only (3GPP) proxy writers need to worry
about most of these - can still build a simple user agent in a (long)
evening - most effort is likely to be for security
- TLS, digest, S/MIME, AAA,
- DOS protection
13What has SIP become?
- Session Initiation Protocol 2 out of 3 words
are wrong (or too narrow) - Plesiosynchronous end-to-end message delivery
- with real-time confirmation (unlike email)
- but modest rates (unlike RTP)
- either as session or stand-alone (page-mode)
- Rendezvous find end point via abstract address
- Components for specific functionality
- session setup and negotiation INVITE, UPDATE,
OPTIONS, ACK, INFO, BYE, PRACK - event notification sessions SUBSCRIBE, NOTIFY
- page-mode message delivery MESSAGE
- binding management REGISTER
- Transport from UDP ? UDP TCP ? TCP SCTP UDP
14General VoIP infrastructure
- One cannot build a service on SIP alone
- Other items still need work
- AAA for SIP, both RADIUS (widely used, but
obsolete) and DIAMETER - security infrastructure
- how to authenticate to callee?
- cheap identities ? even PKI mainly helps to
identify caller on second call - use OPTION to get callee certificate?
- configuration of SIP devices
- configuring by keypad is a pain
- configuration by web page doesnt scale
- tftp is insecure and for LAN only
- need configuration for identities, protocol
parameters
15Aside SIP phone QoS
- We measured mouth-to-ear one-way delay of a range
of commercial SIP phones and software
applications, in a LAN
end-point A end-point B A ? B B ? A
GSM PSTN 115 ms 109 ms
3Com Cisco 51 ms 63 ms
NetMeeting NetMeeting 401 ms 421 ms
Messenger XP Messenger XP 109 ms 120 ms
16Emergency (911/112) services
DHCP
500 W 120th Room 815
MAC ? port
911
CDP port 17, cepsr-7-1
INVITE sipsos_at_cs.columbia.edu Location 500 W
120, Rm. 815
tel911
500 W 120
jurisdictional directory
17SIP security infrastructure
- need to store secret in semi-trusted devices
- single sign-on?
- CINEMA system
- i-button or magnetic swipe card
- sets up lines on phone
- controls environment
- all via SIP events
- but phone configuration via screen faking
dim lights
SIP events
add line
change station
18SIP work at Columbia
- Location-based services
- Event models and filtering
- Mesh-based conferencing
- End system service creation (CPL extension)
- Service discovery
19Conclusion
- SIP standardization nearing completion
- core functionality sufficient to build
- 3G mobile system
- corporate PBX
- but need more operational experience
- efforts still telephony-centric, but combinations
IM VoIP emerging - architectural model for whats-SIP-good-at
emerging, but different visions