ESN LLC v. Cisco Systems, Inc. et al
Filing
68
Plaintiff ESN, LLC's Opening Claim Construction Brief filed by ESN LLC. (Attachments: # 1 Exhibit A - Part 1, # 2 Exhibit A - Part 2, # 3 Exhibit B, # 4 Exhibit C, # 5 Exhibit D, # 6 Exhibit E)(McAndrews, Peter)
EXHIBIT E
SIP Proxies
Jonathan Rosenberg
Chief Scientist
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Presentation Agenda
SIP Overview Definition of Proxy Roles Features for each role Generally useful capabilities
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Session Initiation Protocol (SIP)
Developed in mmusic Group in IETF
Proposed standard RFC2543, February 1999 Work began 1995 Part of Internet Multimedia Conferencing Suite
Main Functions
Invite users to sessions
the user's current location, match with their capabilities and preferences in order to deliver invitation
Find Carry
opaque session descriptions
Modification of sessions Termination of sessions
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Session Initiation Protocol (SIP) cont.
Main Features
Personal mobility services Wide area operation Session flexibility
Voice;
video; games; chat; virtual reality; etc.
Leverages other Internet protocols
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Protocol Components
User Agent Client (UAC)
End systems Send SIP requests
User Agent Server (UAS)
Listens for call requests Prompts user or executes program to determine response
User Agent
UAC plus UAS
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Protocol Components cont.
Redirect Server
Network server - redirects users to try other server
Proxy Server
Network server - a proxy request to another server can "fork" request to
multiple servers, creating a search tree Registrar
Receives registrations regarding current user locations
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
SIP Architecture
Request Response Media SIP Redirect Server
2 3 5 4 1 12 13 11 6 7
Location Service
SIP Proxy
10 8
SIP Proxy
9
SIP Client
14
SIP Client (User Agent Server)
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
A Real ITSP Network
Core Routing Proxies
Regional POPs
Regional Routing Proxy Gateway Managing Firewall Access Proxies FW Control Proxies GW
User Feature Proxies
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Proxy Servers have Roles
Proxy is just a SIP defined logical function
Not useful in and of itself Critical piece is value add features built on top of SIP proxy function Which features you need depends on roles
Real VoIP networks have multiple signaling points, each with
specific roles and functions
Access Proxies Firewall Control Proxies Core Routing Proxies Regional Routing Proxies Gateway Managing Proxies User Feature Proxies
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Access Proxies
Serve as access point into network What needs to be done at access
point?
Authentication Accounting DoS Attack Prevention
Authentication only need be done
once at ingress point
From there, secure TLS based
connections between elements
Critical for DOS prevention
Why is accounting needed here? For wholesale customers Only place in network where all traffic from/to customer arrives Ideal point for troubleshooting customer interface Customer traffic profiling and usage metrics Customer care Intrusion detection DoS attack detection Useful to dedicate proxies to
specific customers
High availability
How is authentication done?
Wholesale, bulk traffic TLS Individual consumers SIP proxy
No resource contention Common model in web server market
authentication mechanisms
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
as well
www.dynamicsoft.com
TLS Authentication
Transport Layer Security (TLS) Applications to SIP
Functions as a "Secure VoIP
is newer version of Secure Sockets Layer (SSL)
TLS/SSL is basis for web
Trunk"
All signaling traffic between pair of
security
HTTPS = HTTP over TLS/SSL Functions
Server to client and optionally
providers can run over TLS Benefits to provider
Prove that all traffic is from actual
customer
Very efficient public key
client to server authentication using public keys
Negotiation of shared private
operations only at beginning of connection
session key
Encryption of all messages once
connection established
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
SIP Authentication
Authentication Mechanisms
Basic Digest PGP (to be deprecated S/MIME and
Request
PGP/MIME to replace) Basic and Digest Are Shared Secret -
e, rea (nonc nge Challe
lm)
ACK
Assume Trust Relationship Between UA and Proxy
Only for outgoing requests
Request w/c re
dentials
SIP Can Also Authenticate Responses
Not used will be deprecated
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
DoS Attack Protection
DoS Attacks Flooding of packets Malicious content Access Proxy Acts as DMZ
DMZ
Machine
Sole point of entry for calls to
network
Filtering Functions Absorbs bursts Blocks large messages Removes content with viruses String parsing checks and validations
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Firewall Control Proxies
Responsible for allowing SIP and media traffic to traverse
firewalls and NATs at periphery of network
Ideally isolated from access proxies
Security risk in directly making these accessible Scalability Authenticate and authorize at periphery, freeing internal boxes from
performing the function again Logging to record firewall usage How do they allow SIP and media to traverse firewalls?
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Getting SIP Through Firewalls
Firewalls Typically Statically Configured to Let Traffic in/out of
Specific Ports/Addresses
SIP Itself Can Easily Be Let in/out Static port 5060 opened But SIP Signals Media Sessions, Usually RTP RTP Difficult to Isolate Uses dynamic UDP ports Not its own protocol No way to statelessly identify Therefore, Media Sessions Will Not Flow Through Firewall
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Getting SIP Through NATs
Network Address Translation (NAT) Modifies IP Addresses/Ports in Packets Benefits
Avoids network renumbering on change of provider Allows multiplexing of multiple private addresses into a
single public address ($$ savings)
Maintains privacy of internal addresses
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Getting SIP Through NATs cont.
Issues If a host includes its IP address inside of an application packet, it is wrong to the outside SIP fundamentally does this Addresses inside of SIP must be rewritten Where Can IP Addresses Be?
SDP From field To field Contact Record-route Via
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Continuing Challenges
Other Application Protocols Have Trouble With Firewalls
and NAT
ftp H.323
Solution is to Embed Application Layer Gateway (ALG) into
Firewall/NAT
Actually goes into packet and modifies addresses Requires understanding of protocol
Embedding ALG in NAT is Not Ideal Solution
Scaling Separation of function Expertise issue
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Proposed Solution
Separate Application Layer
NAT/Firewall from IP Layer NAT/Firewall
Similar to megaco decomposition MG analagous to packet filter MGC analagous to ALG (proxy) Same benefits
Better Faster Lower
Decomposed Firewall/NAT
Prox y Server/ALG Firewall/NAT Packet Filter
Control
scaling SIP Cost problem solved paths for new apps RTP
Expertise
Deployment Load
balancing
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
The Missing Piece
Control Protocol Between
INVITE BIND REQ BINDING INVITE 200 OK 200 OK OPEN
SIP ALG and IP NAT/Firewall
Main Requirements
Binding request: give a private
address, obtain a public address
Binding release Open hole (firewall) Close hole (firewall) Group bindings
ACK ACK
Proxy Server
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
Firewall
www.dynamicsoft.com
IETF Efforts on Firewall Traversal
SIP Working Group
Informational RFC will be developed
Summarizes Defines
SIP operations needed in firewall controlling proxy
SIP ALG function for NAT
MIDCOM Working Group
Recently approved Will develop framework and requirements Initial draft:
Kuthan, J. Rosenberg, "Firewall Control Protocol Framework and Requirements", draft-kuthan-fcp-01.txt
J.
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Routing
Routing is one of the primary Routing is best performed in a
functions of a proxy
Routing is one of the core
hierarchical fashion
Scalability Ease of management
Delegation Upgradability Isolation
services of a service provider
Most general definition:
Connecting users to the network
services required for the session by selecting a next hop server to process the request
Network Services
Gateways POPs Application Media
Many inputs to routing process
Registration database Telephone routing prefixes TRIP and TRIP-GW Caller preferences External databases
Platforms
Servers
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Core Routing Proxy
How does a proxy route? Depends on roles. Core Routing Proxy Job is to take calls from all access points and figure out high level next hop service to handle call Can recreate Class 4 Features Next hop service is typically
POP for PSTN termination User Feature Proxies for local subscribers FCP for calls out to peer networks
Regional
Routing generally based Telephone prefixes
TRIP Databases
for domain lookups
Why use a core? Avoids need for each service to know about each other Example: CPL in user feature proxy forwards call to PSTN termination
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Telephone Routing Prefixes
SIP INVITE Can Contain Phone Numbers
sip:17325551212@domain.com tel:17325551212
Do Not Correspond to Users on IP Network, but PSTN
Terminals
Call Must Be Routed to Gateway Gateways Often Arranged
tel:19735551212
sip:19735551212@ longdistance.com
Through Peering
1-732
regional.com
Which One to Use Based on Prefixes
(Domestic = gw1, Europe = gw2) address/port/transport Plus URL Rewrite Rules
1
longdistance.com
Route Table is Mapping From Prefixes to Next Hop IP
international.com
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Telephony Routing Over IP (TRIP)
Inter-domain Protocol for Gateway
Route Exchange
Gateways
Currently in working group last call in IETF
TRIP Supports Various Models
Bilateral agreements Centralized settlements provider Wholesaler service
Location Server ISP B
TRIP
TRIP Based on Scalable IP Routing
Technology
Uses BGP4 as a basis Supports aggregation Uses proven algorithms
Proxy = TRIP LS
Allows proxy to build routing table dynamically
End Users ISP A
Front End
Core Proxy would use TRIP to determine
whether to route call to a peer provider
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
External Databases
Routing Information Can Also Be
Located in External Databases
LDAP SQL whois++
DB Query
Static or Dynamic
INVITE
Several Standards
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Regional Proxy
Manages all gateways in a geographical region
Country, state, province Depends on size
Why separate from Core proxy?
Separate administrators for POPs Information on optimal routing not known globally
May be additional sub-regions depending on size Generally you want regional proxy when there are more than
one heterogeneous gateways in a POP
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Gateway Managing Proxies
Responsible for managing routing of
calls to sets of gateways
Routing decisions based on Gateway availability (up/down) Available gateway capacity Codecs and other features Possibly cost May want to handle temporary overload
cases
Gateway responds with 503; should try
another one
Generation of CDRs for calls Ideally should utilize full capacity of
gateways
Question: how does proxy know
available capacity of gateways?
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
TRIP and Gateways
Normal TRIP Runs Interdomain TRIP-GW: Lightweight Version That
Runs Between LS and Local Gateways
Provides Gateway Information INVITE
Exported to Other Domains Via TRIP
Provides Gateway Management
TRIP-GW
Capabilities
Load balancing based on available
ports/codecs
Liveness detection Failover
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Generating Billing Records
Billing Issues
Must bill for a real
Log Server
service
Gateways MCUs
Billing Mediation Server
Remote logging
Proxy "fronts" gateway Need secure
association to gateway
Session timer
Logging to Remote
Logging Server is Key Benefit
Real time not needed Gateways
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
User Feature Proxies
Proxies "closest" to users Responsible for routing calls based on
User Location User preferences
Execution of user services Accounting for billing of user services Authentication and Authorization of end users Back end DB for location and feature data Can recreate Class 5 Features
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Registration Database
On Startup, SIP UA Sends
DB
REGISTER to Registrar
Registration Data Provides
Addresses to Reach User
Registration Database Forms a
Registrar
SQL/LDAP/?
RE GI ST ER
Dynamic Routing Database of Users
Centralized Store is Desired for
Proxy Farm
Scalability
INVITE
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
SIP Caller Preferences
SIP Extensions for Specifying Caller
Preferences and Callee State
Presence
Preferences Carried in INVITE Setup
Proxy Server
Message
Preferences for
Reaching callee at home or work Fax, video, audio call Mobile or landline Secretary or voicemail Priority locations Preference Video
Caller Can Specify Proxy Routing
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Checklist of Other Desired Features
Configuration and Management Command line interface
web SNMP
Fault tolerance No single point of failure Its not for free with SIP Alarms to report device failures Many approaches to handle backups Scale
$$/Call or $$/Transaction is the key Linear scalability in performance is ideal
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Checklist of Other Desired Features cont.
Subscriber Management
Add users to system Define services and capabilities
CPL
or not?
Authorize services against subscriber lists
Dynamic Reconfiguration
Change parameters/routing table entries on the fly
Customized Logging Outputs
XML, apache, etc.
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Information Resource
Jonathan Rosenberg
jdrosen@dynamicsoft.com +1 973.952.5000
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies
www.dynamicsoft.com
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?