GIAO THC SIP

Session Initiation Protocol

Class DV11, University Of Transport In Ho Chi Minh City

THNH VIN NHM

L Vn Hu
Dng Cng Gip
Trn Ngc Tun

Tng Quan V SIP

II Cu Trc & Phn Loi Bn Tin

III Hot ng Ca SIP M Phng
IV Bo Mt SIP
V So Snh SIP v H323
3

Tng Quan V SIP

Gii Thiu
Cu Trc
c im Ca SIP

Gii Thiu
SIP (Session Initiation Protocol) giao thc khi to phin.
c chun ha bi IETF (The Internet Engineering Task
Force) nm 1999.

Hot ng lp Application trong m hnh OSI.

c dng thit lp, duy tr v kt thc cc phin
truyn thng a phng tin.
H tr truyn Unicast v Multicast.

Gii Thiu

RTSP

Internet Multimedia Protocols

6

Cu Trc

Cu Trc

Cu Trc
SIP
USER
AGENT

UAC

SERVER

UAS

PROXY

REDIRECT

REGISTRAR

Cu Trc
SIP User Agent
- UAC (Client): khi to yu cu SIP.
- UAS (Server): chp nhn, chuyn tip hoc t chi yu cu.

10

Cu Trc
Proxy Server: chuyn tip cc SIP request ti thc th khc trong
mng.

11

Cu Trc
Redirect Server: l mt Server chp nhn mt yu cu
SIP, chuyn i a ch trong yu cu thnh mt a ch
mi v tr li a ch ny tr v Client.
Registrar: c dng ng k cc i tng trong
min SIP v cp nht v tr hin ti ca chng.

12

Cu Trc
SIP Components

Location
Server

Redirect
Server

Registrar
Server

PSTN

User Agent

Gateway
Proxy
Server

Proxy
Server

13

Cu Trc

14

c im Ca SIP
n gin
Hiu qu
Kh nng co dn

Mm do
H tr di ng
Kh nng lp trnh ca ngi dng
Kh nng m rng
15

Cu Trc & Phn Loi Bn Tin

Phn Loi

SIP c dng cho c ch giao tip Peer-to-Peer thng qua

m hnh Client-Server.
17

C 6 phng thc c bn:

REGISTER

ng k vi Registrar

INVITE

bt u thit lp cuc gi

ACK

xc nhn nhn INVITE

BYE

yu cu kt thc

CANCEL

hy yu cu ang trong hng i

OPTIONS

xc nh nng lc my ch

V mt s phng thc m rng: UPDATE, MESSAGE,

SUBSCRIBE, NOTIFY,

18

REGISTER
Cho php UA cung cp v tr hin ti v URLs ng k
n Registrar.
C th cp nht v tr hin ti
Cc yu cu sau c chuyn hng ti v tr mi.
UA khng cn IP tnh,m c th dng DHCP.

19

INVITE
yu cu thit lp mt phin.
Thng tin mang trong phn Body cha.
Loi phin
a ch IP
S Port
Chun m ha

20

INVITE
K t bn tin INVITE th 2 gi i gi c gi l
re-INVITE.

re-INVITE c th s dng :

t hoc hy cuc gi t Hold call.

Thay i thng s phin v loi m ha.

21

INVITE
ACK Dng kt thc qu trnh three way handshake.

Ch dng cho bn tin INVITE.

22

OPTION
Yu cu v kh nng ca mt UA.
S nhn c cc phn hi v: cc bn tin h tr,codec...

S tr li ca UA tng t nh bn tin INVITE.

23

BYE & CANCEL

BYE: kt thc 1 phin gi thit lp.

UA s dng gi cc gi tin(RTP)

CANCEL: kt thc 1 phin gi cha thit lp.

Xy ra khi bn tin INVITE cha nhn c phn hi.

24

Method - MESSAGE
M rng giao thc SIP cho Instant Messaging (IM).
Yu cu:

Phi cha ni dung trong phn Bdy

use the standard MIME headers to identify the content

25

REFER
REFER: ngh ngi nhn truy cp vo a ch ca
bn th 3.
Typical Use: Dng cho tnh nng Call Transfer.

Cho php thnh lp 1 cuc i thoi bn ngoi.

26

SUBSCRIBE & NOTIFY

SUBSCRIBE : yu cu thng bo khi c mt s kin
t bit xy ra.

Gi tr Expires l thi gian timeout ca bn tin.

NOTIFY : thng bo trng thi s kin.

ng dng:

Thng bo s hin din ca User.

Tin nhn i trong voicemail.

27

Cc Responses SIP ging vi cc Responses trong HTTP.

M trng thi

1xx: Information

Tm kim , bo hiu, sp hng i.

2xx: Success

Thnh cng.

3xx: Redirect

Chuyn tip yu cu.

4xx: Client Error

Yu cu khng c p ng

5xx: Server Error

Li pha my phc v

6xx: Global Failure

S c ton mng

28

Responses: 1xx-3xx
SIP Response Code
100 Trying
180 Ringing
181 Call Is Being Forwarded
182 Queued
183 Session Progress
200 OK
300 Multiple Choices
301 Moved Permanently
302 Moved Temporarily
305 Use Proxy
380 Alternative Service

Brief Description
Request received and action is being taken
UA received INVITE and is alerting user
Used by proxy to indicate call is being forwarded
Called party unavailable, call queued
Used in early media and QoS setup
Request successful
Address resolved to several choices
User can no longer be found at Req-URI address
Temporarily cannot find user at Req-URI address
Resource MUST be accessed through proxy.
Call not successful. Alternatives possible.

29

Responses: 4xx
SIP Response Code
400 Bad Request
401 Unauthorized
402 Payment Required
403 Forbidden
404 Not Found
405 Method Not Allowed
406 Not Acceptable
407 Proxy Authentication Required
408 Request Timeout
410 Gone
413 Request Entity Too Large
414 Request-URI Too Long
415 Unsupported Media Type
416 Unsupported URI Scheme
420 Bad Extension
421 Extension Required
423 Registration Too Brief
480 Temporarily Unavailable

Brief Description
Request not understood due to malformed syntax
Request requires user authentication
Reserved for future use
UAS understood request and refuses to fulfill it
UAS finds that user doesn't exist in the domain
Method is understood but not allowed
Response content not allowed by Accept header
Client must first authenticate itself with proxy
UAS could not produce response in time
UAS resource unavailable; no forwarding addr.
Request contains body longer than UAS accepts
Req-URI longer than server is willing to interpret
Format of the body not supported by UAS
Scheme of URI unknown to server
UAS not understand protocol extension
UAS needs particular extension process request
Contact header field expiration time too small
UAS contacted successfully but user unavailable

30

Responses: 5xx-6xx
SIP Reponse Code
500 Server Internal Error
501 Not Implemented
502 Bad Gateway
503 Service Unavailable
504 Server Time-out
505 Version Not Supported
513 Message Too Large
600 Busy Everywhere
603 Decline
604 Does Not Exist Anywhere
606 Not Acceptable

Brief Description
UAS unexpected condition & cannot fulfill request
UAS not support functionality to fulfill the request
UAS Rx invalid response from a downstream server
UAS can't process due to overload or maintenance
UAS not Rx response from external server
UAS not support SIP version in request
Message length exceeded UAS capabilities
End systems contacted, user busy at all of them
End systems contacted, user explicitly decline
UAS has information Req-URI user not exist
Some aspects of Session Desc. not acceptable
31

Cu Trc Bn Tin SIP

32

Cu Trc Bn Tin SIP

33

Cu Trc Bn Tin SIP

34

Cu Trc Bn Tin SIP

35

Cu Trc Bn Tin RESPONDSES

SIP/2.0 200 OK
Via: SIP/2.0/UDP proxy.munich.de:5060;branch=z9hG4bK8542.1
Via: SIP/2.0/UDP 100.101.102.103:5060;branch=z9hG4bK45a35h76
To: Heisenberg <sip:w.heisenberg@munich.de>;tag=24019385
From: E. Schroedinger <sip:schroed5244@aol.com>;tag=312345
Call-ID: 105637921@100.101.102.103
CSeq: 1 INVITE
Contact: sip:wh@200.201.202.203
Content-Type: application/sdp
Content-Length: 173
v=0
o=Heisenberg 2452772446 2452772446 IN IP4 200.201.202.203
s=SIP Call
c=IN IP4 200.201.202.203
t=0 0
m=audio 56321 RTP/AVP 0
a=rtpmap:0 PCMU/8000

36

Cu Trc & Phn Loi Bn Tin

Hot ng Ca SIP
TNG QUAN V HOT NG CA SIP
A CH SIP
NH V SERVER SIP
S GIAO DCH SIP
THAY I 1 PHIN ANG TN TI
HOT NG CHNH CA SIP
HOT NG CA PROXY SERVER
HOT NG CA REDIRECT SERVER
M HNH 1 CUC GI SIP IN HNH
CALL HOLD
CALL TRANSFER
M PHNG

Tng Quan
a ch SIP

a ch ca SIP cn c gi l b nh v ti nguyn
chung URL (Universal Resource Locator).

Tn ti di dng

user@host.

Phn user trong phn a ch c th l tn ngi s

dng hoc s in thoi.

Phn host c th l tn min hoc a ch mng.

sip@hotmail.com
01684722708@192.168.1.1

39

Tng Quan
nh V Server
B1/ Nu phn host trong Request URI(username@host) l a
ch IP, Client tip xc vi Server a ch IP . Nu khng
phi th qua B2.

B2/Client truy vn DNS Server a ch IP tng ng vi phn

host l bao nhiu, sau DNS server s gi li cho Client 1
bng ghi danh sch cc a ch. Nu trong bng ghi
khng c a ch n cn th client s lp tc kt thc hot
ng v n khng nh v c Server.

Tng Quan
S Giao Dch SIP
Khi phn host ca URL SIP c gii quyt, Client gi mt hoc
nhiu yu cu SIP n Server v nhn c mt hoc nhiu p ng t
Server. Cc yu cu cng vi cc p ng lin h vi nhau trong hot
ng ny to thnh s giao dch SIP. Tt c cc p ng cha cng cc
gi tr trong cc trng Call-ID, Cseq, To v From. iu ny cho php
cc p ng so khp vi cc yu cu.

Nu Client gi yu cu s dng UDP, p ng c gi n a ch

c nh ngha trong trng tiu ca yu cu.

Nu TCP c s dng, cc p ng v yu cu trong mt s giao

dch n l c mang trn cng mt kt ni TCP.

Tng Quan
Thay i M Phin ang Tn Ti

Trong mt s trng hp, ngi ta mong mun thay i

ccn thng s ca mt phin ang tn ti. iu ny
c thc hin bng cch pht li bn tin INVITE, s
dng cng Call-ID.

Chng hn, hai i tc(USER A & USER B)ang tr

chuyn v mun thm vo mt ngi th ba (USER

C)vo. Th USER A or USER B s gi bn tin INVITE n
USER C thng qua Proxy Server.

HOT NG CHNH CA SIP

PROXY SERVER

REDIRECT SERVER

M Hnh Cuc Gi Sip in Hnh

CALL
HOLD.

CALL
TRANSFER.

48

SIP SECURITY
Chng Thc
Cc Phng Thc Bo Bt
Cc loi Tn Cng
Gii Php Phng Th

Chng Thc
SIP S dng M ha MD5 ging vi HTTP chn vo
bn tin.
Password khng c th hin r rng m phi bm
thnh m MD5.
c yu cu bi Internet Telephony Service Providers
(ITSP)

50

TLS (Transport Layer Security)

TLS trong SIP (SIPs) cng ging nh TLS trong HTTP
(HTTPs).

51

S/MIME
Cung cp mt c ch bo mt Mail trn mng Voip.

52

Attacks : Cp ng k
Hacker gim st cc thng ip REGISTER t mt User v
thay i phn a ch trong thng ip ny

53

Attacks : DOS (denial of service)

T chi dch v

54

Attacks : Gi mo Call-ID

55

Attacks: Man in the middle

56

Gii php phng th

Bo mt lp vt l vi bo hiu SIP.

m bo vn QoS lp mng.
C ch bo mt vi gi tin RTP lp transport.
Firewall: p dng nhiu cp lc khc nhau.
Phone: Bo mt firmware.
Chng thc: TLS

Clients i vi the server

Servers i vi the client

57

58

So Snh H323 V SIP

59

So Snh H323 V SIP

60

So Snh H323 V SIP

61