SIP Protocol - - from www.chinaroby.com

 www.chinaroby.com

SIP

The Session Initiation Protocol (SIP) has taken the world of VoIP by storm. Originally considered little more than an interesting idea, SIP now seems poised to dethrone the mighty H.323 as the VoIP protocol of choicecertainly at the endpoints of the network. The premise of SIP is that each end of a connection is a peer, and the protocol negotiates capabilities between them. What makes SIP compelling is that it is a relatively simple protocol, with a syntax similar to that of other familiar protocols such as HTTP and SMTP.

SIP is supported in Asterisk with the chan_sip.so module.

8.2.2.1. History

SIP was originally submitted to the Internet Engineering Task Force (IETF) in February of 1996 as "draft-ietf-mmusic-sip-00." The initial draft looked nothing like the SIP we know today and contained only a single request type: a call setup request. In March of 1999, after 11 revisions, SIP RFC 2543 was born.

At first, SIP was all but ignored, as H.323 was considered the protocol of choice for VoIP transport negotiation. However, as the buzz grew, SIP began to gain popularity, and while there may be a lot of different factors that accelerated its growth, we'd like to think that a large part of its success is due to its freely available specification.

8.2.2.2. Future

SIP has earned its place as the protocol that justified VoIP. All new user and enterprise products are expected to support SIP, and any existing products will now be a tough sell unless a migration path to SIP is offered. SIP is widely expected to deliver far more than VoIP capabilities, including the ability to transmit video, music, and any type of real-time multimedia. SIP is poised to deliver the majority of new applications over the next few years.

8.2.2.3. Security considerations

SIP uses a challenge/response system to authenticate users. An initial INVITE is sent to the proxy with which the end device wishes to communicate. The proxy then sends back a 407 Proxy Authorization Request message, which contains a random set of characters referred to as a "nonce ." This nonce is used along with the password to generate an MD5 hash, which is then sent back in the subsequent INVITE. Assuming the MD5 hash matches the one that the proxy generated, the client is then authenticated.

Denial of Service (DoS) attacks are probably the most common type of attack on VoIP communications. A DoS attack can occur when a large number of invalid INVITE requests are sent to a proxy server in an attempt to overwhelm the system. These attacks are relatively simple to implement, and their effects on the users of the system are immediate. SIP has several methods of minimizing the effects of DoS attacks, but ultimately they are impossible to prevent.

SIP implements a scheme to guarantee that a secure, encrypted transport mechanism (namely Transport Layer Security, or TLS) is used to establish communication between the caller and the domain of the callee. Beyond that, the request is sent securely to the end device, based upon the local security policies of the network. Note that the encryption of the media (that is, the RTP stream) is beyond the scope of SIP itself and must be dealt with separately.

More information regarding SIP security considerations, including registration hijacking, server impersonation, and session teardown, can be found in Section 26 of SIP RFC 3261.

8.2.2.4. SIP and NAT

Probably the biggest technical hurdle SIP has to conquer is the challenge of carrying out transactions across a NAT layer. Because SIP encapsulates addressing information in its data frames, and NAT happens at a lower network layer, the addressing information is not modified, and thus the media streams will not have the correct addressing information needed to complete the connection when NAT is in place. In addition to this, the firewalls normally integrated with NAT will not consider the incoming media stream to be part of the SIP transaction, and will block the connection.

Comments

Post a Comment

Popular posts from this blog

Freepbx Server : Asterisk PBX Phone System

Image
  Freepbx Server : Asterisk PBX Freepbx is based on Asterisk which is an Open Source Software of phone system. Freepbx is an Open Source Software that brings together IP Communications Services in one place. It's a platform that simplifies the management of your business interaction channels, incorporating a Telephone exchange (VoIP) with email, CRM, fax, videoconference, recording, reports and more. And it is free,download it from www.Freepbx.org All of Asterisk cards (FXS FXO cards and ISDN PRI E1 cards) can wok with Freepbx,that is also an Open Source Software,so,users can edit the code to meet the need. And the features and function is powerful.  With Freepbx and ChinaRoby's Asterisk cards,users can build an Asterisk VoIP PBX ,VoIP Phone System,call centre,Freepbx server for home / businesses / hotels / schools ...
Read more

What Are Some disadvantages of VoIP? -- chinaroby.com

  What Are Some disadvantages of VoIP? If you're considering replacing your traditional telephone service with Internet Voice, there are some possible differences: Some Internet Voice services don't work during power outages and the service provider may not offer backup power; It may be difficult for some Internet Voice services to seamlessly connect with the 911 dispatch center or identify the location of Internet Voice 911 callers.See also IP PBX Phone System ,Asterisk PABX,Gateway phone appliance, VoIP Phone Systems for Small Business. Asterisk is an open source IP PABX that runs on the Linux operating system. It is an extremely powerful product capable of the most advanced PABX functions including voice-mail, conference calls, trunking, hunt groups, and much more.  
Read more

Asterisk: The Professional's PBX from https://www.chinaroby.com

  Asterisk: The Professional's PBX Never in the history of telecommunications has a system so suited to the needs of business been available, at any price. Asterisk is an enabling technology, and, as with Linux, it will become increasingly rare to find an enterprise that is not running some version of Asterisk, in some capacity, somewhere in the network, solving a problem as only Asterisk can. Asterisk - a Professional PBX   This acceptance is likely to happen much faster than it did with Linux, though, for several reasons: Linux has already blazed the trail that led to open source acceptance, so Asterisk can follow that lead. The telecom industry is crippled, with no leadership being provided by the giant industry players. Asterisk has a compelling, realistic, and exciting vision. End users are fed up with incompatible, limited functionality, and horrible support. Asterisk solves the first two problems; the community has shown a passion for the latter.
Read more