Edvina.se :: SIPit 26 host site

SIPit 26 was hosted by Edvina and TANDBERG in Kista, Sweden
the week of May 17-21, 2010.

There were 67 attendees from 28 companies visiting from 15 countries.
We had 42 distinct implementations.

There was a huge upswing in the number of TLS and SRTP implementations at this event (and IPv6 support continues to grow steadily). There was also a large upswing in ICE and TURN implementations.

The roles represented (some implementations act in more than one role)

Robert focused more on helping with the multiparty tests and specification discussions and did not review each survey response with its team as closely at this event as he has e in the past few. As a result, please be cautious of a little more uncertainty in these values.

Implementations using each transport for SIP messages:

• UDP   98%
• TCP   98%
• TLS   81% server-auth, 57% mutual-auth
• SCTP  21%
• DTLS   0%

Just over half of the implementations present supported IPv6.

There were three Identity implementations present

For DNS we had support for:

• Full RFC3263 : 86%
• SRV only : 5%
• A records only : 2%
• no DNS support : 7%

Support for various items in the endpoints

• 55% replaces
• 38% 3489stun
• 31% ice
• 24% gruu
• 21% sip/stun multiplexing
• 21% turn
• 17% diversion
• 17% history-info
• 17% path
• 17% ipsec
• 17% sigcomp
• 15% 5389stun
• 14% service-route
• 10% join

Support for various items in the proxies:

• 38% path
• 23% service-route
• 15% sigcomp
• 31% ipsec
• 31% gruu
• 15% sip/stun multiplexing
• 31% diversion
• 0% history-info

There were 2 MSRP and 2 XCAP implementations (one with xcap-diff support) present.

The endpoints and B2BUAs implemented these methods:

• 100% INVITE, CANCEL, ACK, BYE
• 90% REGISTER
• 90% OPTIONS
• 84% REFER
• 79% NOTIFY
• 79% UPDATE
• 69% INFO
• 66% SUBSCRIBE
• 55% PRACK
• 52% MESSAGE
• 48% PUBLISH

79% of the implementations sent RTP from the port advertised for reception (symmetric-rtp).
4 of the implementations required the other party to use symmetric-rtp.

72% of the UAs present both sent RTCP and paid attention to RTCP they received

55% of the endpoints present supported SRTP – all were using sdes.
There were no dtls-srtp implementations at this SIPit.

45% of the endpoints supported multipart/mime.
There was one implementation present with S/MIME support.

There were 10 SIP Event Server implementations (not counting endpoints that support events only for refer).
There were 13 SIP Event Client implementations (again, not counting
endpoints that only support events for refer).

These event packages were supported:
Server   Client

8       11        presence
4        7        presence.winfo
4        8        message-summary
5        6        dialog
0        3        reg
1        2        conference
1        1        xcap-diff
1        1        kpml
0        1        ua-profile
0        1        reg-gruu

These packages were supported with the eventlist extension:

Server   Client

3        1        presence

There were two Info-Packages implementations present. One was using a proprietary payload type.
The other was reusing a SIP-Events package.

Six of the proxies present still rely only on max-forwards.
There were three implementations of fork-loop-fix, but no implementations of max-breadth.

Multiparty tests

Reports contributed by Mark Thompson, Eoin McLeod, and Olle Johansson

Multiparty test: Forking

Teams coalesced quickly into a working topology that was successful  in having all forked targets ringing in parallel.

With different UAs injecting the call, a number of different implementation issues arose, including:

• some UAs could not process sdp offers with multiple instances of the same media type in (e.g. 1x Audio, 2x Video, 2x Application). When stripped back to 1x Audio, 2x Video the situation improved, but even then some would only ring if there was at most one m-line of each type.
• some UAs could not handle messages greater than 2048 bytes (sdp payload and SIP header overhead). Rather than returning 513 Message Too Large, the UAs in question would silently discard the request.
• one UA implementation present elected to BYE early dialogs for forks that they do not wish to be answered having successfully established at least one confirmed dialog. The dialog-stateful outbound proxy in this test successfully survived the race condition by failing with a 481 Call/Transaction Does Not Exist response.
• one UA implementation incorrectly assumed that the To header could be used for request targeting rather than the Request-URI. This assumption led to them not being able to participate as the recipient of re-targeted call forks.
• one proxy implementation present, when configured with both IPv4 and IPv6 DNS servers to query, would stall request forwarding until all DNS requests had been resolved. Where one of the configured servers was unavailable or slow to respond, the entire call setup would suffer significant latency despite there being sufficient candidates available to route toward.
• The test procedure was then updated so that the multiple answer edge condition could be tested: the link between the top-most forking proxy and its downstream forks was disconnected whilst all signaled UAs were instructed to answer. Upon reconnecting the network, the forking proxy would receive multiple 200 OK responses to the initial request.
• Most UA implementations placed as originators of the call were shown to successfully ACK-BYE the undesired alternative answers whilst maintaining the first responder’s confirmed dialog.
• At least one UA implementation did not respond to subsequent 200 OK responses establishing confirmed dialogs, instead discarding them as if they were not received resulting in re-transmits and eventual timeout.

Multiparty test: Loops/Spirals

Implementations all behaved well during the basic loops and spirals tests using multiple protocols on IPv4 only. When we introduced IPv6 into some hops, several proxy and endpoint implementations would not recognize messages as valid when
they failed to parse the IPv6 addresses in Vias or Record-Routes that should have just been opaque bits to them. We constructed a loop with 3 of the participating B2BUA implementations and discovered that none of them were decrementing  Max-Forwards (some were resetting the value to 70) or performing any other type of  loop-detection.

Multiparty test: SRTP

There were a much larger number of SRTP implementations present at this event, and many scenarios were exercised with success. Some of the notable problems encountered included a few implementations that were using SDES without TLS and continued arguments around how to implement sips/how to indicate one hop of SIP over TLS. Individal testing between the peers exercised wrapping and hold/resume. The next event’s test will focus more closely on scenarios like those, and streams utilizing multiple SSRCs

Multiparty test: STUN/TURN/ICE

This test was very well attended. Endpoints successfully negotiatied sessions utilizing both server and peer reflexive candidates. Connectivity was established between UAs behind different NATs that were using the same private address ranges. We exercised connectivity through TURN chosen using ICE. When older SDP mangling elements were introduced, fewer setup attempts were successful – some implementations were not recognizing ICE mismatches. Several implementations stopped sending keepalives when streams were put on hold. Some implementations restarted ICE when coming off hold.

Multiparty test: TLS

As noted earlier, there was a large upswing in the number of implementations utilizing TLS present. Configuration of endpoints (establishing trusted CAs and installing certificates) is still very slow, but once the endpoints were configured, interoperability of SIP over TLS was very high. (However, see the related note on the SRTP test). The automated tests started at SIPit 25 continue to be refined and will soon be available for tests between SIPit events.

Multiparty test: Early Media

The early media test was also well attended, and the automated tests for early media scenarios continue to be refined. We tested handling early media in forking situations (one branch sends early media, another branch answers) and taking early media on and off hold.  The early media test was developed as a self-test and will be available for tests between SIPit events. The test involved forking the call to multiple servers sending early media in the same dialog. The participants argued that early media for ring tones could and propably should be separated from early media for operator messages by using 180 with SDP for ring tones and 183 with SDP for other messages. This way, a UA can decide to stop listening to the 180 ring tone if an 183 message is sent.
UAs showed very different behaviour, from jumping between the various streams to mixing them.

Multiparty test: Presence

The multiparty presence tests successfully exercised basic inter-domain presence exchange, including exchange of winfo information. The participants  tried to set up a back-end-subscription loop between two RLSes, but  configuration issues got in the way. We will try to exercise that scenario early at the next event.

Multiparty test: IPv6

The IPv6 multiparty was set up in order to run various calls through gateways between IPv4 and IPv6, as well as to discuss and setup permanent self-tests for UAs and proxys. IPv4 UAs successfully placed calls to IPv6 UAs through servers that handled the gateway situation. IPv4 UAs mostly had a hard time handling getting SDPs or Contact: headers with IPv6 addresses when placing calls through a proxy that supported dual stack. Successful sessions were  established on an IPv6 only networkA lot of experience was gained and we will continue to refine these tests on following SIPits.

Robert J Sparks

Related posts

• SRTP – Secure RTP
• SIPit 26
• Identify your SIP Internet peers – use TLS authentication!

At SIPit26 we began setting up a series of automated self-tests for IPv6, like we’ve done previously with SIP/TLS. We also integrated IPv6 in as many multiparty tests as possible, to see how IPv4 and IPv6 lived together.Some notes and experiences:

• IPv4-only applications will receive IPv6 in messaging. Even if an application DO NOT support IPv6-native connections, the application will surely get IPv6 addresses in various places in the message. In SIP, a call may traverse an IPv6 proxy before reaching your IPv4 proxy or phone. Via headers will have IPv6 and maybe a record-route header too. All user agents needs to support this. We had at least one crash in a proxy that failed to parse an IPv6 address.
• Placing an IPv4 call to a proxy that forwards the message to an IPv6 phone without handling RTP traversal leads to issues as well. The phone gets an IPv6 address in the Contact: header and failes to send the ACK properly. This happened with Asterisk. Because of parsing failure, the parser gave up and sent ACKs and BYEs to the wrong address.
• We did successfully set up calls between IPv6 user agents using IPv6 proxys. The failures happened in the mixed scenarious.
• When placing a call to a domain that was configured with both A and AAAA records for the SRV records, but only one of them responding, we noticed long timeouts before failover, if that even happened. Many discussions about this followed, which lead to the conclusion that this was a poorly configured domain. Some implementations have hard-coded a preference for IPv4 since IPv6 is mostly used over tunnels and add latency today. This should be user-configurable. An owner of a domain can use SRV record weights to indicate a preference to one or the other protocols, which is a better solution. If you use IPv6 over tunnels, make sure that you separate host records for A and AAAA and have a preference towards the A record hosts in your SRV records.

We do need to continue testing all kinds of migration scenarious to  be able to come up with a best current practise document. SIPit26 gave us many good experiences to build from. I hope that testing continues at SIPit27 with the new SIPit IPv6-o-matic(R)(C)(TM) and the prompts from Allison Smith!

Related posts

• SIPit 26 Partner: The IPv6 Forum
• New SIPit partner: The IPv6 Forum!
• IPv6 is a hot topic for the SIP world!
• Edvina

SIPit 26 is over and everything was packed together quickly, thanks to help from sponsors and participants. It did surprise me a lot how quickly we could pack all the phones, cables, tables and equipment together.

I think it’s been a great SIPit. Unfortunately, I did not have time to test much, but I will take the oppurtunity to test at the next SIPit. We’ve run many successful multiparty tests. Successful tests doesn’t mean that everything works as expected. It’s a good thing to locate new bugs in implementations, to find issues with the standard specifications.  That’s exactly why we run the SIPit interoperability tests.

SIPit26 added a lot of focus on IPv6. We integrated IPv6 in standard tests, we added IPv6 self-tests and we run IPv6 multiparty tests. I’ll write more about the results and experiences learned later.

A big thank you to:

• The SIP Forum and Robert Sparks for organizing SIPits
• My co-host, TANDBERG.
• The sponsors: .se, Ingate, Intertex
• SNOM Technologies that provided all the phones
• My family that helped me set things up. Lisa printed badges and welcome packs, Erik that helped me building the network
• Lasse Andersson at Whizom who helped me all week, including setting up everything
• All the SIPit partipant companies and attendees. Together we make the SIP world better, promoting interoperability between vendors and products.

Being a SIPit host is an experience I would happily repeat. Join the club and offer to host a coming SIPit. Next up is Asia, possibly Australia. After that it’s back to the USA again.

Now, it’s time for me to get back to a normal life and get out in my garden.

With SIPit greetings from a sunny Sollentuna!

/Olle

Related posts

• We’re building the testbed!
• TANDBERG
• Sponsors
• SNOM Technologies
• SIPit 26 Partner: The IPv6 Forum

Today, we’re building the SIPit26 testbed in Electrum’s main conference hall. We have 70 testers registred and on their way to Stockholm (if the Icelandic ash doesn’t give them problems). Lincoln and James from the Interoperability Labs at the University of New Hampshire arrived safely yesterday and quickly started putting the network together.

Every team gets a phone from Snom, ranging from SNOM 320′s to the brand new SNOM 870 with touch screen. Ingate provides a PBX for the event and they’re here configuring everything to have the internal phone system up and running tomorrow.

See you all tomorrow!

Related posts

• Thank you all for a great SIPit26!
• TANDBERG
• Sponsors
• SNOM Technologies
• SIPit 26 Partner: The IPv6 Forum

TLS, Transport Layer Security, is the IETF standard for TCP session security, based on Netscape’s old SSL technology. TLS delivers both confidentiality to a TCP session and authentication of the server and the client (if requested). TLS is used in the Session Initiation Protocol, SIP, for signalling protection and/or authentication on a hop by hop basis.

When opening up your SIP services to the Internet, you face the same issues as with other protocols, like e-mail (SMTP). We have already seen many types of SIP attacks, mostly simple attacks targeting weak usernames and passwords used by SIP system administrators. If authentication succeeds – or if it’s not used at all – the SIP service is used for placing expensive International calls.

There are many proposals out there on how to set up trusted federations between SIP services. The simplest way forward is to use TLS. Only accept connections protected by TLS, using a well known certificate authority you trust. Could be your own, a commercial CA or a free CA that you trust. That way, you can always find the other party and you can easily block if there is misuse. And you will get rid of a lot of misuse attempts, because if there’s one thing they don’t want, it’s traceability.

The usage of TLS in SIP is not well understood. The original SIP RFC was not very clear in the use of TLS, something which has been clarified later. We have run trainings on SIPit a few times and started automated self-tests of TLS and SIP. We will continue these efforts in order to educate developers and get better implementations, as well as to run tests the new RFCs on the use of TLS in SIP.

This is only one area of all where participation in SIPit helps you improve your product. Register for SIPit today!

Related posts

• SIPit 26 summary
• SIP and the Stream Control Transport Protocol (SCTP)
• SIP :: The Session Initiation Protocol
• Ingate Systems
• Discover SIP!

With the recent partnership between the SIP Forum and the IPv6 Forum, the IPv6 Forum joins the SIPit 26 team as an association partner.  The IPv6 Forum has been working with spreading the word about the need for migration to IPv6 for many years and have a mission to “advocate IPv6 by dramatically improving technology, market, and deployment user and industry awareness of IPv6, creating a quality and secure new Generation Internet and allowing world-wide equitable access to knowledge and technology, embracing a moral responsibility to the world.”

-” It’s high time to move to end 2 end.” says Latif Ladid, IPv6 Forum, “IPv6 and SIP are natively designed for
it. The best way around something is to go through it”.

SIPit is a test event organized by the SIP Forum for the realtime communication developers using the IETF Session Initiation Protocol for IP telephony, presence, instant messaging and other applications. SIPit has been organized 25 times around the world, with the upcoming event – number 26 – being organized in Stockholm, Sweden.

-”SIP is currently used on many devices, and it will be used on many new types of things that communicate over IP. All these devices will need addresses that are globally reachable for realtime communication – video, audio, chat and other types of personal communication over an enterprise IP network or the Internet.” says Olle E. Johansson at Edvina, the company that hosts SIPit 26 together with TANDBERG. “There simply won’t be any public IPv4 addresses for all these intelligent things, so it’s important for the SIP industry to embrace, understand and implement the IPv6 protocol everywhere. Using IPv6 will also save time and money that is today used to implement complicated NAT traversal solutions. For a global realtime communication platform, we need a global IP network – and that’s going to be based on IPv6.”

SIPit26 takes place in Kista, north of Stockholm, Sweden May 17-21, 2010. SIPit global web site is at http://www.sipit.net, the event site for SIPit 26 is at http://sipit.edvina.se

Related posts

• SIPit 26 Partner: The IPv6 Forum
• IPv6 is a hot topic for the SIP world!
• SIPit 26
• SIP Forum
• SIP and IPv6 testing :: lessons learned

The SIP Forum and the IPv6 Forum just announced a partnership to promote interoperability. This is very welcome. While I believe there are many SIP applications that work over a pure IPv6 network, I don’t think all applications handle migration properly. There’s still a lot of experience to build up and guidelines to write.

For SIPit 26, I was hoping we could create automated self tests for a lot of IPv6 tests, like:

• Connecting to a domain URI from IPv4, getting IPv6 host records
• Connecting to a domain, getting multiple SRV records with mixed IPv6 and IPv4
• Setting up a call, getting IPv6 in the SDP over IPv4
• Setting up a call to a domain, finding out that DNS for that domain only has IPv6 glue records
• ICE with dual stacks on one end – which transport will be used
• ICE with dual stacks on both ends – is there transport selection preference?
• Setting up a call from IPv4 only phone, getting only IPv6 addresses – selection of default ALG for IPv6

There are a number of test scenarious that needs to be set up. At SIPit, we have enough developers gathered to do this and at SIPit26 we have the support of .se that has IPv6 as one of the focus areas. Let’s test IPv6 at SIPit!

Read the Press Release from the SIP Forum and the IPv6 Forum!

Related posts

• New SIPit partner: The IPv6 Forum!
• SIPit 26 Partner: The IPv6 Forum
• SIPit 26
• SIP Forum
• SIP and IPv6 testing :: lessons learned

The SIPit 26 registration opened today.

Registration costs 375 Euro (plus VAT within the EU). If you register before April 12th, you are eligible for the Early Bird rate of 300 Euro (excl VAT). The fee includes lunch, snacks and one week of testing with other development teams! This year, we will also run SIPit updates – short seminars on various topics. SIP and TLS, DNSsec, IPv6 are on the agenda both for tests and update seminars.

Welcome to SIPit 26 in Stockholm – register today!

Cristian Constantin has written a good overview of issues with SIP over UDP, TCP and SCTP on the Tekelec “SIP Sessions” blog. SCTP is a new transport that has been testing during many SIPits and will be tested by participants during SIPit 26 in Stockholm.  Cristian writes:

“SCTP can be considered the Swiss army knife of transport protocols. It basically offers combined features of both UDP and TCP. UDP-like features are: message boundary preservation, unordered message delivery, one-to-many sockets at the application level. Among TCP-like features: positive (selective) acknowledgment, retransmission of lost data, windowed flow control, congestion control, one-to-one sockets at the application level.”

[...]

“SCTP is a relatively newcomer in the transport protocols ecosystem. The SCTP socket API is a moving target still under development. Due to novelty, the level of complexity of some of the SCTP stack implementations is inversely proportional with the time spent on testing them; sometimes their performance in terms of throughput is not on a par with the one offered by TCP.”

Read the whole article on the SIP Sessions blog.

Related posts

• SIP :: The Session Initiation Protocol
• Identify your SIP Internet peers – use TLS authentication!
• Discover SIP!

Dan York visited SIPit 25 at the University of New Hampshire in September 2009 and made a short video that is a very good introduction to SIPit . He writes:

“What is the SIPit test event all about? How does it make communications systems better? What do participants do at the event? How can companies get involved? To answer all those questions and more, host Dan York interviewed SIPit coordinator Robert Sparks at the SIPit 25 event held in September 2009 at the University of New Hampshire InterOperability Lab (IOL) in Durham, NH, USA.”

• Please watch it – and register for SIPit today!

Related posts

• First time attendees :: Read this