200 likes | 367 Vues
Deployment of the VoIP Servers. BY: Syed khaja Najmuddin Ahmed Anil Kumar Marikukala. Outline. Introduction SIP, RTP & RTCP Security Vulnerabilities Deployment Scenario 1 Scenario 2 Scenario 3 Improvements to VoIP servers Conclusion. Introduction:. VoIP Server :
E N D
Deployment of the VoIP Servers BY: Syed khaja Najmuddin Ahmed Anil Kumar Marikukala
Outline • Introduction • SIP, RTP & RTCP • Security Vulnerabilities • Deployment • Scenario 1 • Scenario 2 • Scenario 3 • Improvements to VoIP servers • Conclusion
Introduction: VoIP Server: • It’s a software or OS which users connect to make or receive VoIP calls. • it allows VoIP phone calls to occur on computer network or internet. • It can be installed on any device or a network location and even on virtual machines. • It routes voice and multimedia traffic on voice data networks • It creates a call session, allows communication of data, and monitors the flow of the data. • This is done is by using SIP, RTP and RTCP protocols respectively. • VoIP Server is a collective server of these three protocols services. • Deploying VoIP server means installing OS or software on a device which provides above mentioned services.
SIP, RTP & RTCP • Session Initiation Protocol(SIP) works in session layer, it first creates a session between two users when a session is created the call is initiated. • It monitors the sessions and terminates the session after a BYE request is sent by any user. • Real-time Transport Protocol(RTP) is application layer protocol and works on UDP for fast delivery of data, it transports audio and video data in a standardized packet format. • It transports stream data from end to end in real time, it provides timestamps, synchronization and payload format. • Real-time Transport Control Protocol(RTCP): it monitors the transmission of data on RTP. • It checks for QoS(Quality of Service), transport statistics of RTP and provides synchronization for multimedia streams.
Security Vulnerabilities • The Security Vulnerabilities of the VoIP server are the collective vulnerabilities of SIP and RTP protocols. • The vulnerability issues like Registration Hijacking, Proxy Impersonation, Message Tampering, Session tear down, DoSetc in SIP and authentication, integrity and replay protection in RTP are also vulnerabilities of the VoIP server. • To mitigate the vulnerabilities, security features in SIP and RTP can be added. • Intrusion detection and prevention system can be deployed along with honeypot in the network to greatly increase the security.
Deployment • VoIP server can be deployed anywhere in the network. • Best location for deploying the VoIP server depends on the network. • For deploying VoIP Server on a network it has to support voice traffic flow in it. • Security of the VoIP server depends on the security of the network. • For VoIP servers there are no separate networks they are deployed on the same network which is used by organization for LAN and Internet purpose. • Not all routers can route Voice and Multimedia traffic so, an integrated router or Voice specific router has to be installed on the network. • All Switches can carry Voice Traffic but a separate Voice VLAN has to be created and the ports on the switch has to be configured to Voice VLAN to carry voice traffic. • We have created three scenarios and deployed VoIP server on them
Scenario 1 • We created this scenario deploying VoIP Sever in a small company without using internet. • In this scenario we have three 24 port switches which are interconnected through trunks and share data and information through VTP(VLAN trunking protocol). • The end devices like IP phones, VoIP devices and PC’s are connected to the switches. • At the port 3 (access port) of IP phone a PC is connected both the IP phone and the PC shares the same port on the switch. • VoIP server is connected to switch B, so all the VoIP will go through it and it needs to have connection with other switches . • Trunks are enabled and VTP is configured on 3 switches and the switch on Building B is configured in VTP server mode other switches are configured in VTP client mode. • To allow Voice Traffic in the network first Voice VLAN’s has to be configured first. Then the ports on switches has to be configured to carry voice traffic
Fig 1. VoIP Server Deployment within a company Fig 1. is the Screenshot of the deployment done on Cisco Packet Tracer by Me and Anil
Scenario 1 Cont… • Since all the IP phones and devices are connected on to the same Voice VLAN there is no need of router to interconnect between different VLAN’s. • Here in this scenario we have connected PC’s at the access port of the IP phones, then that ports also needs have to access to data VLAN for PC to be connected to the network. • CDP(Cisco Discovery Protocol) has to be enable on the network. CDP will identify the device types and it will allocate the data VLAN to Laptop’s connected to IP phone’s. • When data traffic comes to the network through Voice VLAN port it will make it appear as if it’s coming through data VLAN port. • VoIP server is also connected to Voice VLAN so, now all the IP phones can make calls to each other by contacting VoIP server within the network. • I have used a layer 3 switch for Building B though it’s not needed in this scenario because if in the future it’s decided there are going to be more than one data VLAN or Voice VLAN or both in the network router will be need to interconnect between different VLAN’s. • Since Building B is a layer 3 switch it can easily perform routing and faster than router too if it’s needed so deploying it this network is justified.
Scenario 2 • This scenario is designed for introducing VoIP servers into big organization without using internet and making VoIP calls between two or more organizations. • The Voice traffic to the severs in this scenario is designed to carry above 1000calls easily. • In this scenario there are two organizations A and B and within each organization there are different VLAN’s for data and Voice. • Here in organization A each switch is connected to other switch using Trunks and switch of Building B is Configured as VTP server and other switches as VTP clients. • STP(Spanning Tree Protocol) is run to remove the redundancy loops in the networks and again switch of Building B is set as root bridge by modifying it’s bridge ID. • Integrated router is connected to switch Building B, Integrated router supports both Voice and data traffic so, its used to route both Voice and data traffic between VLAN’s.
STP root bridge STP root bridge VTP Server VTP Server Fig 2. VoIP server Deployment within an organization and VoIP Server Inter connections between organization's. Fig 2. is the Screenshot of the deployment done on Cisco Packet Tracer by Me and Anil and modified using MS-Paint
Scenario 2 Cont… • VoIP server is directly connected to Integrated Router, here VoIP server can be connected anywhere on the network to any switch but we chose to deploy it here because normal switches might not handle 1000 calls or more at one but the integrated router can easily route that much traffic. • Gigabit port’s of IR(Integrated router) is used to connect to VoIP server and switch to handle heavy traffic, IR’s of two organizations are connected using serial port. • routing protocols like OSPF or EIGRP needs are used to route between end devices, switches, routers and VoIP servers. • Proxy server is an imaginary server between VoIP server 1 and 2, this proxy server mirrors the information of both the VoIP servers. This Proxy server is used when a client A in one organization wants to make a call to client B in another organization. • Proxy server provides the information of the route of the client in the other organization to the clients and helps in routing calls between organizations. • Thus IP Phones from the organization A can make VoIP call within organization and to IP phones in Organization B.
Scenario 3 • In this scenario we roughly show how the VoIP servers are deployed on internet when the internet connection is being provided by the ISP. • Here customers IP phones and PC’s and other devices are connected to a wireless gateway router, this gateway router runs protocols like DHCP, DNS, NAT and PAT. • The gateway router automatically provides Private IP addresses to the end devices by using DHCP, it translates the Private IP to another private IP using NAT and PAT, it resolves the addresses using DNS. • The gateway routers are connected to the switches, these switches on its each port has separate VLAN so that no two gateway router is in the same network. • Each port supports data and Voice traffic flow using CDP to provide customers the flexibility of using the connections to their will. • The Area switches are interconnected through trunks and VTP is enabled on the routing on each VLAN. STP is also enabled.
Fig 3. VoIP server Deployment on internet in a WAN Fig 3. is the Screenshot of the deployment done on Cisco Packet Tracer by Me and Anil
Scenario 3 Cont… • These Area switches are connected to ISP provider router, this router is connected to the internet. The ISP server exists on this router. • The router here though used here is just one in real time many router will exist in many area stubs, the real ISP server exists on ISP backbone area where it has 2 or more routers for failover. The area border router(ABR’s) connects the various area routers to ISP backbone area routers. • Here we have used integrated router to route both voice and data traffic but in real time voice specific routers will be separated from data routers. • OSPF, EIGRP protocols are used for internal routing and BGP is used for routing on the internet. • Various VoIP service provider servers are located on the internet like gtalk server, Skype server, VoIP service provider Server. They are connected to a Voice specific router which is connected to the internet. • These servers are on a network location with a private IP assigned to them, they handle traffic in order of 10,000 requests or more simultaneously.
Scenario 3 Cont… • When a user wants to make a VoIP call a VoIP Service REQUEST is sent to VoIP server over internet via routing and a Reply is sent back to the client device and the initiation of the VoIP call takes place. • So to make VoIP call between users the entire routing process takes place then VoIP session is initiated, Voice data is transmitted through the created route and by the end of the call session is dropped. • Skype and Gtalkservers are used for making VoIP calls through application layer services software like Skype and Gtalk. • VoIP service Provider server is used to make VoIP call using IP phones. • This is the rough deployment scenario though there are several device missing here like Firewalls, Modems, Load balancers, etc., • Since there are so many routing taking place in this scenario the latency will be high for the VoIP calls, so the QoS is given high priority in this WAN network.
Improvements to VoIP servers. • We cannot randomly apply the same or best techniques to every VoIP Server in Deployment, Improvements to the VoIP servers has to be done based on the scenarios, the requirements and the priorities in the given condition. • In scenario 1 since it’s a local network all we can implement and try all sorts of security techniques in it to increase the security if the SIP and RTP protocols and even use it as test-bed to test security technologies in it for future development since, we can also design Event correlation engine and test it here it will not have much effect on the QoS of the Call since it’s a local network. • In scenario 2 the need of security is high since other organizations are connected and various VLAN’s are present.Here we can install IDS, IPS, create a honey pot to increase the security along with adding encryption algorithm to SIP. • In scenario 3 load balancing & QoS takes highest priority the traffic has to be routed properly and the quality should be maintained to standards and the network should never fail so, here we can add additional servers and routers for redundancy and use load balancing schemes between servers and trunks depending on VoIP traffic and VoIP traffic Priorities.
Conclusion • We discussed what VoIP servers are?, how it works? what security Vulnerabilities it has? • We were able to deploy VoIP Server in three different scenarios which are most commonly used around the world. • We explained three scenarios and how VoIP server is deployed in each of them and how the network will work with VoIP server. • We were able to recommend the types of improvements in the servers based on the server type and its needs.