SlideShare una empresa de Scribd logo

Kamailio World 2014 - Kamailio - The Platform for Interoperable WebRTC

Descargar como PPTX, PDF
Crocodile WebRTC SDK and Cloud Signalling Network
Crocodile WebRTC SDK and Cloud Signalling Network

A presentation by Peter Dunkley (Technical Director, Acision). Presentation date 03-Apr-2014.

1 de 25
The platform for interoperable WebRTC Kamailio World 2014 10/3/2014 © Acision 2014 1
Evolution on the web Sir Tim Berners-Lee creates HTML. Web -pages are static W3C produces the DOM1 specification 1990 1996 1998 2004 2011 Microsoft and Netscape introduce different mechanisms for DHTML Google uses Ajax in Gmail (W3C releases 1st draft in 2006) – the dawn of web-apps WebSocket and WebRTC implementations become available 10/3/2014 © Acision 2014 2
Revolution in telecoms The revolution Before today the operators (big and small) had full control over real-time communications because it was hard to do and substantial infrastructure investment Claude Chappe was required. invented the optical telegraph Alexander Graham Bell patents the telephone From the 1960s onwards digital exchanges start to appear From the 1990s onwards voice started to be carried on technologies developed for data networks such as ATM and IP 1792 1837 1876 1919 1960s > 1990s > 2011 WebSocket and WebRTC implementations become available Rotary dial enters service First commercial electrical telegraph created by Cooke and Wheatstone 1963: DTMF enters service 10/3/2014 © Acision 2014 3
RTCWeb There are a number of proprietary implementations that provide direct interactive rich communication using audio, video, collaboration, games, etc. between two peers' web-browsers. These are not interoperable, as they require non-standard extensions or plugins to work. There is a desire to standardize the basis for such communication so that interoperable communication can be established between any compatible browsers. Real-Time Communication in WEB-Browsers (rtcweb) 2013-03-13 charter 10/3/2014 © Acision 2014 4
WebRTC The mission of the Web Real-Time Communications Working Group, part of the Ubiquitous Web Applications Activity, is to define client-side APIs to enable Real-Time Communications in Web browsers. These APIs should enable building applications that can be run inside a browser, requiring no extra downloads or plugins, that allow communication between parties using audio, video and supplementary real-time communication, without having to use intervening servers (unless needed for firewall traversal, or for providing intermediary services). Web Real-Time Communications Working Group Charter 10/3/2014 © Acision 2014 5
RTCWeb and WebRTC: not the same thing • RTCWeb is the on-the-wire protocol as defined by the IETF and may be used in many applications and systems – Within VoIP phones – On network servers – Includes MTI codecs for audio and video • WebRTC is the browser API as defined by the IETF 10/3/2014 © Acision 2014 6
RTCWeb/WebRTC Architecture 10/3/2014 © Acision 2014 7
Signalling not included • Google made a controversial (but very wise) decision not to specify how the signalling should work • Signalling is required – To discover who to communicate with – To exchange information on what the communication should be (audio, data, video, and codecs) • Even the simplest, proprietary, RESTful exchange is signalling 10/3/2014 © Acision 2014 8
Interoperability is sometimes required • These use-cases are typically ones where the point of the application is communication • For example: – Conferencing – calls in and out of legacy networks are required – Call Centres – calls in and out of legacy networks are required – Virtual PBX – calls in and out of legacy networks are required 10/3/2014 © Acision 2014 9
The signalling trapezoid 10/3/2014 © Acision 2014 10
Signalling options • Open standards are usually best – SIP over WebSocket, http://tools.ietf.org/html/rfc7118 – XMPP over WebSocket, http://tools.ietf.org/html/draft-moffitt-xmpp- over-websocket – OpenPeer, http://openpeer.org/ • The WebRTC API is easy but signalling is often hard – There are many open-source libraries that do the signalling – The library APIs vary in complexity to meet every need – Hosted infrastructure lets you add real-time communications to your website without having to build a network yourself 10/3/2014 © Acision 2014 11
HOWTO: Kamailio as a SIP over WebSocket server • Download, build, and install Kamailio 4.1 • Create a kamailio.cfg file based on the following code snippets http://www.kamailio.org/ 10/3/2014 © Acision 2014 12
Handling WebSocket handshakes in Kamailio ... tcp_accept_no_cl=yes ... event_route[xhttp:request] { set_reply_close(); set_reply_no_connect(); if ($hdr(Upgrade)=~"websocket" && $hdr(Connection)=~"Upgrade" && $rm=~"GET") { # Validate as required (Host:, Origin:, Cookie:) if (ws_handle_handshake()) exit; } xhttp_reply("404", "Not Found", "", ""); } 10/3/2014 © Acision 2014 13
WebSocket connections are always behind a NAT • Javascript applications cannot see the real IP address and port for the WebSocket connection • This means that the SIP server cannot trust addresses and ports in SIP messages received over WebSockets • nathelper and/or outbound can be used to solve this problem 10/3/2014 © Acision 2014 14
Using nathelper on SIP over WebSocket requests modparam(“nathelper|registrar”, “received_avp”, “$avp(RECEIVED)”) ... request_route { route(REQINIT); route(WSDETECT); ... route[WSDETECT] { if (proto == WS || proto == WSS) { force_rport(); if (is_method(“REGISTER”)) { fix_nated_register(); } else if (is_method(“INVITE|NOTIFY|SUBSCRIBE”)) { add_contact_alias(); } } } ... route[WITHINDLG] { if (has_totag()) { if (loose_route()) { if (!isdsturiset()) { handle_ruri_alias(); } ... 10/3/2014 © Acision 2014 15
Using nathelper on SIP over WebSocket responses onreply_route { if ((proto == WS || proto == WSS) && status =~ “[12][0-9][0-9]”) { add_contact_alias(); } } 10/3/2014 © Acision 2014 16
WebSocket connections are always behind a NAT • Use mediaproxy-ng from SIPWise https://github.com/sipwise/mediaproxy-ng • Companion Kamailio module: rtpproxy-ng http://kamailio.org/docs/modules/stable/modules/rtpproxy-ng.html • SIP Signalling is proxied instead of B2BUA'd (that is, not broken) 10/3/2014 © Acision 2014 17
Catch 488 to invoke mediaproxy-ng modparam(“rtpproxy-ng”, “rtpproxy_sock”, “udp:localhost:22223”) ... route[LOCATION] { ... t_on_failure(“UA_FAILURE”); } ... failure_route[UA_FAILURE] { if (t_check_status(“488”) && sdp_content()) { if (sdp_get_line_startswith(“$avp(mline)”, “m=”)) { if ($avp(mline) =~ “SAVPF”)) { $avp(rtpproxy_offer_flags) = “froc-sp”; $avp(rtpproxy_answer_flags) = “froc+SP”; } else { $avp(rtpproxy_offer_flags) = “froc+SP”; $avp(rtpproxy_answer_flags) = “froc-sp”; } # In a production system you probably need to catch # “RTP/SAVP” and “RTP/AVPF” and handle them correctly # too } append_branch(); rtpproxy_offer($avp(rtpproxy_offer_flags)); t_on_reply(“RTPPROXY_REPLY”); route(RELAY); } } ... 10/3/2014 © Acision 2014 18
Handle replies to the retried INVITE modparam(“rtpproxy-ng”, “rtpproxy_sock”, “udp:localhost:22223”) ... failure_route[UA_FAILURE] { ... t_on_reply(“RTPPROXY_REPLY”); route(RELAY); } onreply_route[RTPPROXY_REPLY] { if (status =~ “18[03]”) { # mediaproxy-ng only supports SRTP/SDES – early media # won't work so strip it out now to avoid problems change_reply_status(180, “Ringing”); remove_body(); } else if (status =~ “2[0-9][0-9]” && sdp_content()) { rtpproxy_answer($avp(rtpproxy_answer_flags)); } } ... 10/3/2014 © Acision 2014 19
Current mediaproxy-ng limitations • No support for SRTP/DTLS – SRTP/DTLS is a MUST for WebRTC and SRTP/SDES is a MUST NOT – mediaproxy-ng works with Google Chrome today (but Google will be removing SRTP/SDES over the next year) – mediaproxy-ng does not work with Firefox at this time • Does not support “bundling”/”unbundling” – WebRTC can “bundle” audio and video streams together, but mediaproxy-ng does not support this yet – Google Chrome does not currently support “unbundling” – You can have an audio stream, or a video stream, but not an audio and video stream at this time RTPEngine is coming 10/3/2014 © Acision 2014 20
HOWTO: Authenticate SIP using a web-service • No communication required between authentication server and Kamailio • Credentials expire (the expiry time is chosen by the authentication server) • Extract username and password from the “GET” used for HTTP handshake and authenticate there, or • Use the credentials for digest authentication of SIP requests • Check the From-URI or To-URI in SIP headers match the user part of the credential http://kamailio.org/docs/modules/stable/modules/auth_ephemeral.html 10/3/2014 © Acision 2014 21
Ephemeral Authentication 10/3/2014 © Acision 2014 22
Authenticating the handshake ... tcp_accept_no_cl=yes ... modparam(“auth_ephemeral”, “secret”, “kamailio_rules”) ... modparam(“htable”, “htable”, “wsconn=>size=8;”) ... event_route[xhttp:request] { ... # URI format is /?username=foo&password=bar $var(uri_params) = $(hu{url.querystring}); $var(username) = $(var(uri_params){param.name,username,&}); $var(password) = $(var(uri_params){param.name,password,&}); # Note: username and password could also have been in a Cookie: header if (!autheph_authenticate(“$var(username)”, “$var(password)”)) { xhttp_reply(“403”, “Forbidden”, “”, “”); exit; } if (ws_handle_handshake()) { $sht(wsconn=>$si:$sp::username) = $var(username) exit; } ... event_route[websocket:closed] { $var(regex) = $si + “:” $sp + “.*”; sht_rm_name_re(“wsconn=>$var(regex)”); } 10/3/2014 © Acision 2014 23
Checking SIP requests ... request_route { route(REQINIT); route(WSDETECT); ... if (!(proto == WS || proto == WSS)) route(AUTH); ... route[WSDETECT] { if (proto == WS || proto == WSS) { $var(username) = (str) $sht(wsconn=>$si:$sp::username); if ($var(username) == $null || $var(username) == “”) { send_reply(“403”, “Forbidden”); ws_close(1008, “Policy Violation”); exit; } if (!autheph_check_timestamp(“$var(username)”) || (is_method(“REGISTER|PUBLISH”) && !autheph_check_to(“$var(username)”)) || (!has_totag() && !autheph_check_from(“$var(username)”))) { send_reply(“403”, “Forbidden”); ws_close(1008, “Policy Violation”); exit; } force_rport(); ... 10/3/2014 © Acision 2014 24
Questions? Email: peter.dunkley@acision.com Twitter: @pdunkley 10/3/2014 © Acision 2014 25

Recomendados

OAuth and STUN, TURN in WebRTC context RFC7635
OAuth and STUN, TURN in WebRTC context RFC7635OAuth and STUN, TURN in WebRTC context RFC7635
OAuth and STUN, TURN in WebRTC context RFC7635Mihály Mészáros
 
Gloo 1.0 - API Gateway Overview and Demo
Gloo 1.0 - API Gateway Overview and DemoGloo 1.0 - API Gateway Overview and Demo
Gloo 1.0 - API Gateway Overview and DemoSolo.io
 
Kamailio, FreeSWITCH, and the Half-Blood Prince
Kamailio, FreeSWITCH, and the Half-Blood PrinceKamailio, FreeSWITCH, and the Half-Blood Prince
Kamailio, FreeSWITCH, and the Half-Blood PrinceFred Posner
 
WebRTC overview
WebRTC overviewWebRTC overview
WebRTC overviewRouyun Pan
 
Why is Kamailio so different? An introduction.
Why is Kamailio so different? An introduction.Why is Kamailio so different? An introduction.
Why is Kamailio so different? An introduction.Olle E Johansson
 
Sipwise rtpengine
Sipwise rtpengineSipwise rtpengine
Sipwise rtpengineAndreas Granig
 
Introduction to WebRTC
Introduction to WebRTCIntroduction to WebRTC
Introduction to WebRTCArt Matsak
 
Janus/SIP @ OpenSIPS 2019
Janus/SIP @ OpenSIPS 2019Janus/SIP @ OpenSIPS 2019
Janus/SIP @ OpenSIPS 2019Lorenzo Miniero
 

Recomendados

OAuth and STUN, TURN in WebRTC context RFC7635
OAuth and STUN, TURN in WebRTC context RFC7635OAuth and STUN, TURN in WebRTC context RFC7635
OAuth and STUN, TURN in WebRTC context RFC7635Mihály Mészáros
 
Gloo 1.0 - API Gateway Overview and Demo
Gloo 1.0 - API Gateway Overview and DemoGloo 1.0 - API Gateway Overview and Demo
Gloo 1.0 - API Gateway Overview and DemoSolo.io
 
Kamailio, FreeSWITCH, and the Half-Blood Prince
Kamailio, FreeSWITCH, and the Half-Blood PrinceKamailio, FreeSWITCH, and the Half-Blood Prince
Kamailio, FreeSWITCH, and the Half-Blood PrinceFred Posner
 
WebRTC overview
WebRTC overviewWebRTC overview
WebRTC overviewRouyun Pan
 
Why is Kamailio so different? An introduction.
Why is Kamailio so different? An introduction.Why is Kamailio so different? An introduction.
Why is Kamailio so different? An introduction.Olle E Johansson
 
Sipwise rtpengine
Sipwise rtpengineSipwise rtpengine
Sipwise rtpengineAndreas Granig
 
Introduction to WebRTC
Introduction to WebRTCIntroduction to WebRTC
Introduction to WebRTCArt Matsak
 
Janus/SIP @ OpenSIPS 2019
Janus/SIP @ OpenSIPS 2019Janus/SIP @ OpenSIPS 2019
Janus/SIP @ OpenSIPS 2019Lorenzo Miniero
 
Janus + Audio @ Open Source World
Janus + Audio @ Open Source WorldJanus + Audio @ Open Source World
Janus + Audio @ Open Source WorldLorenzo Miniero
 
rtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and Beyondrtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and BeyondAndreas Granig
 
Kamailio - SIP Routing in Lua
Kamailio - SIP Routing in LuaKamailio - SIP Routing in Lua
Kamailio - SIP Routing in LuaDaniel-Constantin Mierla
 
SIPREC RTPEngine Media Forking
SIPREC RTPEngine Media ForkingSIPREC RTPEngine Media Forking
SIPREC RTPEngine Media ForkingHossein Yavari
 
Media Handling in FreeSWITCH
Media Handling in FreeSWITCHMedia Handling in FreeSWITCH
Media Handling in FreeSWITCHMoises Silva
 
Kamailio :: A Quick Introduction
Kamailio :: A Quick IntroductionKamailio :: A Quick Introduction
Kamailio :: A Quick IntroductionOlle E Johansson
 
Polygot Java EE on the GraalVM
Polygot Java EE on the GraalVMPolygot Java EE on the GraalVM
Polygot Java EE on the GraalVMRyan Cuprak
 
C++からWebRTC (DataChannel)を利用する
C++からWebRTC (DataChannel)を利用するC++からWebRTC (DataChannel)を利用する
C++からWebRTC (DataChannel)を利用する祐司 伊藤
 
rtpengine and kamailio - or how to simulate calls at scale
rtpengine and kamailio - or how to simulate calls at scalertpengine and kamailio - or how to simulate calls at scale
rtpengine and kamailio - or how to simulate calls at scaleAndreas Granig
 
Asterisk WebRTC frontier: realize client SIP Phone with sipML5 and Janus Gateway
Asterisk WebRTC frontier: realize client SIP Phone with sipML5 and Janus GatewayAsterisk WebRTC frontier: realize client SIP Phone with sipML5 and Janus Gateway
Asterisk WebRTC frontier: realize client SIP Phone with sipML5 and Janus GatewayAlessandro Polidori
 
Asterisk WebRTC frontier: make client SIP Phone with sipML5 and Janus Gateway
Asterisk WebRTC frontier: make client SIP Phone with sipML5 and Janus GatewayAsterisk WebRTC frontier: make client SIP Phone with sipML5 and Janus Gateway
Asterisk WebRTC frontier: make client SIP Phone with sipML5 and Janus GatewayAlessandro Polidori
 
WebRTC DataChannels demystified
WebRTC DataChannels demystifiedWebRTC DataChannels demystified
WebRTC DataChannels demystifiedVictor Pascual Ávila
 
Principles of REST API Design
Principles of REST API DesignPrinciples of REST API Design
Principles of REST API DesignTwo Sigma
 
Introduction to FreeSWITCH
Introduction to FreeSWITCHIntroduction to FreeSWITCH
Introduction to FreeSWITCHChien Cheng Wu
 
Introdução ao ASP .NET Web API
Introdução ao ASP .NET Web APIIntrodução ao ASP .NET Web API
Introdução ao ASP .NET Web APIVinicius Mussak
 
Discover Quarkus and GraalVM
Discover Quarkus and GraalVMDiscover Quarkus and GraalVM
Discover Quarkus and GraalVMRomain Schlick
 
Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022Liran Tal
 
Web Components and Security
Web Components and SecurityWeb Components and Security
Web Components and SecurityTyler Peterson
 
Kamailio - Load Balancing Load Balancers
Kamailio - Load Balancing Load BalancersKamailio - Load Balancing Load Balancers
Kamailio - Load Balancing Load BalancersDaniel-Constantin Mierla
 
Kamailio - API Based SIP Routing
Kamailio - API Based SIP RoutingKamailio - API Based SIP Routing
Kamailio - API Based SIP RoutingDaniel-Constantin Mierla
 
Kamailio & IMS
Kamailio & IMSKamailio & IMS
Kamailio & IMSCarsten Bock
 
KamailioWorld 2014: Kamailio, IMS and WebRTC
KamailioWorld 2014: Kamailio, IMS and WebRTCKamailioWorld 2014: Kamailio, IMS and WebRTC
KamailioWorld 2014: Kamailio, IMS and WebRTCCarsten Bock
 

Más contenido relacionado

La actualidad más candente

Janus + Audio @ Open Source World
Janus + Audio @ Open Source WorldJanus + Audio @ Open Source World
Janus + Audio @ Open Source WorldLorenzo Miniero
 
rtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and Beyondrtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and BeyondAndreas Granig
 
SIPREC RTPEngine Media Forking
SIPREC RTPEngine Media ForkingSIPREC RTPEngine Media Forking
SIPREC RTPEngine Media ForkingHossein Yavari
 
Media Handling in FreeSWITCH
Media Handling in FreeSWITCHMedia Handling in FreeSWITCH
Media Handling in FreeSWITCHMoises Silva
 
Kamailio :: A Quick Introduction
Kamailio :: A Quick IntroductionKamailio :: A Quick Introduction
Kamailio :: A Quick IntroductionOlle E Johansson
 
Polygot Java EE on the GraalVM
Polygot Java EE on the GraalVMPolygot Java EE on the GraalVM
Polygot Java EE on the GraalVMRyan Cuprak
 
C++からWebRTC (DataChannel)を利用する
C++からWebRTC (DataChannel)を利用するC++からWebRTC (DataChannel)を利用する
C++からWebRTC (DataChannel)を利用する祐司 伊藤
 
rtpengine and kamailio - or how to simulate calls at scale
rtpengine and kamailio - or how to simulate calls at scalertpengine and kamailio - or how to simulate calls at scale
rtpengine and kamailio - or how to simulate calls at scaleAndreas Granig
 
Asterisk WebRTC frontier: realize client SIP Phone with sipML5 and Janus Gateway
Asterisk WebRTC frontier: realize client SIP Phone with sipML5 and Janus GatewayAsterisk WebRTC frontier: realize client SIP Phone with sipML5 and Janus Gateway
Asterisk WebRTC frontier: realize client SIP Phone with sipML5 and Janus GatewayAlessandro Polidori
 
Asterisk WebRTC frontier: make client SIP Phone with sipML5 and Janus Gateway
Asterisk WebRTC frontier: make client SIP Phone with sipML5 and Janus GatewayAsterisk WebRTC frontier: make client SIP Phone with sipML5 and Janus Gateway
Asterisk WebRTC frontier: make client SIP Phone with sipML5 and Janus GatewayAlessandro Polidori
 
Principles of REST API Design
Principles of REST API DesignPrinciples of REST API Design
Principles of REST API DesignTwo Sigma
 
Introduction to FreeSWITCH
Introduction to FreeSWITCHIntroduction to FreeSWITCH
Introduction to FreeSWITCHChien Cheng Wu
 
Introdução ao ASP .NET Web API
Introdução ao ASP .NET Web APIIntrodução ao ASP .NET Web API
Introdução ao ASP .NET Web APIVinicius Mussak
 
Discover Quarkus and GraalVM
Discover Quarkus and GraalVMDiscover Quarkus and GraalVM
Discover Quarkus and GraalVMRomain Schlick
 
Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022Liran Tal
 
Web Components and Security
Web Components and SecurityWeb Components and Security
Web Components and SecurityTyler Peterson
 

La actualidad más candente (20)

Janus + Audio @ Open Source World
Janus + Audio @ Open Source WorldJanus + Audio @ Open Source World
Janus + Audio @ Open Source World
 
rtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and Beyondrtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and Beyond
 
Kamailio - SIP Routing in Lua
Kamailio - SIP Routing in LuaKamailio - SIP Routing in Lua
Kamailio - SIP Routing in Lua
 
SIPREC RTPEngine Media Forking
SIPREC RTPEngine Media ForkingSIPREC RTPEngine Media Forking
SIPREC RTPEngine Media Forking
 
Media Handling in FreeSWITCH
Media Handling in FreeSWITCHMedia Handling in FreeSWITCH
Media Handling in FreeSWITCH
 
Kamailio :: A Quick Introduction
Kamailio :: A Quick IntroductionKamailio :: A Quick Introduction
Kamailio :: A Quick Introduction
 
Polygot Java EE on the GraalVM
Polygot Java EE on the GraalVMPolygot Java EE on the GraalVM
Polygot Java EE on the GraalVM
 
C++からWebRTC (DataChannel)を利用する
C++からWebRTC (DataChannel)を利用するC++からWebRTC (DataChannel)を利用する
C++からWebRTC (DataChannel)を利用する
 
rtpengine and kamailio - or how to simulate calls at scale
rtpengine and kamailio - or how to simulate calls at scalertpengine and kamailio - or how to simulate calls at scale
rtpengine and kamailio - or how to simulate calls at scale
 
Asterisk WebRTC frontier: realize client SIP Phone with sipML5 and Janus Gateway
Asterisk WebRTC frontier: realize client SIP Phone with sipML5 and Janus GatewayAsterisk WebRTC frontier: realize client SIP Phone with sipML5 and Janus Gateway
Asterisk WebRTC frontier: realize client SIP Phone with sipML5 and Janus Gateway
 
Asterisk WebRTC frontier: make client SIP Phone with sipML5 and Janus Gateway
Asterisk WebRTC frontier: make client SIP Phone with sipML5 and Janus GatewayAsterisk WebRTC frontier: make client SIP Phone with sipML5 and Janus Gateway
Asterisk WebRTC frontier: make client SIP Phone with sipML5 and Janus Gateway
 
WebRTC DataChannels demystified
WebRTC DataChannels demystifiedWebRTC DataChannels demystified
WebRTC DataChannels demystified
 
Principles of REST API Design
Principles of REST API DesignPrinciples of REST API Design
Principles of REST API Design
 
Introduction to FreeSWITCH
Introduction to FreeSWITCHIntroduction to FreeSWITCH
Introduction to FreeSWITCH
 
Introdução ao ASP .NET Web API
Introdução ao ASP .NET Web APIIntrodução ao ASP .NET Web API
Introdução ao ASP .NET Web API
 
Discover Quarkus and GraalVM
Discover Quarkus and GraalVMDiscover Quarkus and GraalVM
Discover Quarkus and GraalVM
 
Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022
 
Web Components and Security
Web Components and SecurityWeb Components and Security
Web Components and Security
 
Kamailio - Load Balancing Load Balancers
Kamailio - Load Balancing Load BalancersKamailio - Load Balancing Load Balancers
Kamailio - Load Balancing Load Balancers
 
Kamailio - API Based SIP Routing
Kamailio - API Based SIP RoutingKamailio - API Based SIP Routing
Kamailio - API Based SIP Routing
 

Destacado

KamailioWorld 2014: Kamailio, IMS and WebRTC
KamailioWorld 2014: Kamailio, IMS and WebRTCKamailioWorld 2014: Kamailio, IMS and WebRTC
KamailioWorld 2014: Kamailio, IMS and WebRTCCarsten Bock
 
IMS and WebRTC Workshop from Alan Quayle
IMS and WebRTC Workshop from Alan QuayleIMS and WebRTC Workshop from Alan Quayle
IMS and WebRTC Workshop from Alan QuayleAlan Quayle
 
IMS World Forum 2013 Highlights
IMS World Forum 2013 HighlightsIMS World Forum 2013 Highlights
IMS World Forum 2013 HighlightsAlan Quayle
 
WebRTC standards update (April 2014)
WebRTC standards update (April 2014)WebRTC standards update (April 2014)
WebRTC standards update (April 2014)Victor Pascual Ávila
 
WebRTC - a quick introduction
WebRTC - a quick introductionWebRTC - a quick introduction
WebRTC - a quick introductionOlle E Johansson
 
Lte security overview
Lte security overviewLte security overview
Lte security overviewaliirfan04
 

Destacado (9)

Kamailio & IMS
Kamailio & IMSKamailio & IMS
Kamailio & IMS
 
KamailioWorld 2014: Kamailio, IMS and WebRTC
KamailioWorld 2014: Kamailio, IMS and WebRTCKamailioWorld 2014: Kamailio, IMS and WebRTC
KamailioWorld 2014: Kamailio, IMS and WebRTC
 
IMS and WebRTC Workshop from Alan Quayle
IMS and WebRTC Workshop from Alan QuayleIMS and WebRTC Workshop from Alan Quayle
IMS and WebRTC Workshop from Alan Quayle
 
IMS World Forum 2013 Highlights
IMS World Forum 2013 HighlightsIMS World Forum 2013 Highlights
IMS World Forum 2013 Highlights
 
WebRTC standards update (April 2014)
WebRTC standards update (April 2014)WebRTC standards update (April 2014)
WebRTC standards update (April 2014)
 
NGN & IMS
NGN & IMSNGN & IMS
NGN & IMS
 
WebRTC - a quick introduction
WebRTC - a quick introductionWebRTC - a quick introduction
WebRTC - a quick introduction
 
Webrtc overview
Webrtc overviewWebrtc overview
Webrtc overview
 
Lte security overview
Lte security overviewLte security overview
Lte security overview
 

Similar a Kamailio World 2014 - Kamailio - The Platform for Interoperable WebRTC

Apidaze WebRTC Workshop barcelona 21st april 2013
Apidaze WebRTC Workshop barcelona 21st april 2013Apidaze WebRTC Workshop barcelona 21st april 2013
Apidaze WebRTC Workshop barcelona 21st april 2013Alan Quayle
 
Workshop web rtc customers and use cases
Workshop web rtc customers and use casesWorkshop web rtc customers and use cases
Workshop web rtc customers and use casesDouglas Tait
 
Implementation Lessons using WebRTC in Asterisk
Implementation Lessons using WebRTC in AsteriskImplementation Lessons using WebRTC in Asterisk
Implementation Lessons using WebRTC in AsteriskMoises Silva
 
From MSS to TelScale - Mobicents Summit 2011
From MSS to TelScale - Mobicents Summit 2011From MSS to TelScale - Mobicents Summit 2011
From MSS to TelScale - Mobicents Summit 2011telestax
 
Status of WebRTC across Asia by Alan Quayle +++
Status of WebRTC across Asia by Alan Quayle +++Status of WebRTC across Asia by Alan Quayle +++
Status of WebRTC across Asia by Alan Quayle +++Alan Quayle
 
WebRTC standards update - November 2014
WebRTC standards update - November 2014WebRTC standards update - November 2014
WebRTC standards update - November 2014Victor Pascual Ávila
 
Getting Started with WebRTC
Getting Started with WebRTCGetting Started with WebRTC
Getting Started with WebRTCChad Hart
 
[workshop] The Revolutionary WebRTC
[workshop] The Revolutionary WebRTC[workshop] The Revolutionary WebRTC
[workshop] The Revolutionary WebRTCGiacomo Vacca
 
WebSphere Liberty Rtcomm: WebRTC Middleware for the Enterprise
WebSphere Liberty Rtcomm: WebRTC Middleware for the EnterpriseWebSphere Liberty Rtcomm: WebRTC Middleware for the Enterprise
WebSphere Liberty Rtcomm: WebRTC Middleware for the EnterpriseBrian Pulito
 
WebRTC standards update (13 Nov 2013)
WebRTC standards update (13 Nov 2013)WebRTC standards update (13 Nov 2013)
WebRTC standards update (13 Nov 2013)Victor Pascual Ávila
 
The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway stefansayer
 
Attacking SAP Mobile
Attacking SAP MobileAttacking SAP Mobile
Attacking SAP MobileERPScan
 

Similar a Kamailio World 2014 - Kamailio - The Platform for Interoperable WebRTC (20)

WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)
WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)
WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)
 
DevCon5 (July 2014) - Acision SDK
DevCon5 (July 2014) - Acision SDKDevCon5 (July 2014) - Acision SDK
DevCon5 (July 2014) - Acision SDK
 
Apidaze WebRTC Workshop barcelona 21st april 2013
Apidaze WebRTC Workshop barcelona 21st april 2013Apidaze WebRTC Workshop barcelona 21st april 2013
Apidaze WebRTC Workshop barcelona 21st april 2013
 
Astricon 10 (October 2013) - SIP over WebSocket on Kamailio
Astricon 10 (October 2013) - SIP over WebSocket on KamailioAstricon 10 (October 2013) - SIP over WebSocket on Kamailio
Astricon 10 (October 2013) - SIP over WebSocket on Kamailio
 
Workshop web rtc customers and use cases
Workshop web rtc customers and use casesWorkshop web rtc customers and use cases
Workshop web rtc customers and use cases
 
Implementation Lessons using WebRTC in Asterisk
Implementation Lessons using WebRTC in AsteriskImplementation Lessons using WebRTC in Asterisk
Implementation Lessons using WebRTC in Asterisk
 
VozDigital DevFest 31/10/14
VozDigital DevFest 31/10/14VozDigital DevFest 31/10/14
VozDigital DevFest 31/10/14
 
From MSS to TelScale - Mobicents Summit 2011
From MSS to TelScale - Mobicents Summit 2011From MSS to TelScale - Mobicents Summit 2011
From MSS to TelScale - Mobicents Summit 2011
 
DevCon5 (July 2014) - Intro to WebRTC
DevCon5 (July 2014) - Intro to WebRTCDevCon5 (July 2014) - Intro to WebRTC
DevCon5 (July 2014) - Intro to WebRTC
 
Status of WebRTC across Asia by Alan Quayle +++
Status of WebRTC across Asia by Alan Quayle +++Status of WebRTC across Asia by Alan Quayle +++
Status of WebRTC across Asia by Alan Quayle +++
 
WebRTC standards update - November 2014
WebRTC standards update - November 2014WebRTC standards update - November 2014
WebRTC standards update - November 2014
 
Getting Started with WebRTC
Getting Started with WebRTCGetting Started with WebRTC
Getting Started with WebRTC
 
[workshop] The Revolutionary WebRTC
[workshop] The Revolutionary WebRTC[workshop] The Revolutionary WebRTC
[workshop] The Revolutionary WebRTC
 
WebSphere Liberty Rtcomm: WebRTC Middleware for the Enterprise
WebSphere Liberty Rtcomm: WebRTC Middleware for the EnterpriseWebSphere Liberty Rtcomm: WebRTC Middleware for the Enterprise
WebSphere Liberty Rtcomm: WebRTC Middleware for the Enterprise
 
WebRTC standards update (13 Nov 2013)
WebRTC standards update (13 Nov 2013)WebRTC standards update (13 Nov 2013)
WebRTC standards update (13 Nov 2013)
 
The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway
 
Attacking SAP Mobile
Attacking SAP MobileAttacking SAP Mobile
Attacking SAP Mobile
 
WebRTC Seminar Report
WebRTC Seminar ReportWebRTC Seminar Report
WebRTC Seminar Report
 
WebRCT
WebRCTWebRCT
WebRCT
 
DevCon 5 (July 2013) - WebSockets
DevCon 5 (July 2013) - WebSocketsDevCon 5 (July 2013) - WebSockets
DevCon 5 (July 2013) - WebSockets
 

Más de Crocodile WebRTC SDK and Cloud Signalling Network

Más de Crocodile WebRTC SDK and Cloud Signalling Network (9)

WebRTC Summit (June 2014) - WebRTC Interoperability (and why it is important)
WebRTC Summit (June 2014) - WebRTC Interoperability (and why it is important)WebRTC Summit (June 2014) - WebRTC Interoperability (and why it is important)
WebRTC Summit (June 2014) - WebRTC Interoperability (and why it is important)
 
Asterisk World (January 2014) - Taking Enterprise Telephony into the Web World
Asterisk World (January 2014) - Taking Enterprise Telephony into the Web WorldAsterisk World (January 2014) - Taking Enterprise Telephony into the Web World
Asterisk World (January 2014) - Taking Enterprise Telephony into the Web World
 
DevCon 5 (December 2013) - WebRTC & WebSockets
DevCon 5 (December 2013) - WebRTC & WebSocketsDevCon 5 (December 2013) - WebRTC & WebSockets
DevCon 5 (December 2013) - WebRTC & WebSockets
 
WebRTC Conference and Expo (November 2013) - Signalling Workshop
WebRTC Conference and Expo (November 2013) - Signalling WorkshopWebRTC Conference and Expo (November 2013) - Signalling Workshop
WebRTC Conference and Expo (November 2013) - Signalling Workshop
 
VUC 24-May-2013 - Crocodile
VUC 24-May-2013 - CrocodileVUC 24-May-2013 - Crocodile
VUC 24-May-2013 - Crocodile
 
ITSPA May 2013 - WebRTC, TURN, and WebSocket
ITSPA May 2013 - WebRTC, TURN, and WebSocketITSPA May 2013 - WebRTC, TURN, and WebSocket
ITSPA May 2013 - WebRTC, TURN, and WebSocket
 
Kamailio World 2013 - SIP and MSRP over WebSocket
Kamailio World 2013 - SIP and MSRP over WebSocketKamailio World 2013 - SIP and MSRP over WebSocket
Kamailio World 2013 - SIP and MSRP over WebSocket
 
FOSDEM 2013 - SIP and MSRP over WebSocket in Kamailio
FOSDEM 2013 - SIP and MSRP over WebSocket in KamailioFOSDEM 2013 - SIP and MSRP over WebSocket in Kamailio
FOSDEM 2013 - SIP and MSRP over WebSocket in Kamailio
 
Crocodile RTC Launch (Google Campus) - 1: Introduction
Crocodile RTC Launch (Google Campus) - 1: IntroductionCrocodile RTC Launch (Google Campus) - 1: Introduction
Crocodile RTC Launch (Google Campus) - 1: Introduction
 

Kamailio World 2014 - Kamailio - The Platform for Interoperable WebRTC

  • 1. The platform for interoperable WebRTC Kamailio World 2014 10/3/2014 © Acision 2014 1
  • 2. Evolution on the web Sir Tim Berners-Lee creates HTML. Web -pages are static W3C produces the DOM1 specification 1990 1996 1998 2004 2011 Microsoft and Netscape introduce different mechanisms for DHTML Google uses Ajax in Gmail (W3C releases 1st draft in 2006) – the dawn of web-apps WebSocket and WebRTC implementations become available 10/3/2014 © Acision 2014 2
  • 3. Revolution in telecoms The revolution Before today the operators (big and small) had full control over real-time communications because it was hard to do and substantial infrastructure investment Claude Chappe was required. invented the optical telegraph Alexander Graham Bell patents the telephone From the 1960s onwards digital exchanges start to appear From the 1990s onwards voice started to be carried on technologies developed for data networks such as ATM and IP 1792 1837 1876 1919 1960s > 1990s > 2011 WebSocket and WebRTC implementations become available Rotary dial enters service First commercial electrical telegraph created by Cooke and Wheatstone 1963: DTMF enters service 10/3/2014 © Acision 2014 3
  • 4. RTCWeb There are a number of proprietary implementations that provide direct interactive rich communication using audio, video, collaboration, games, etc. between two peers' web-browsers. These are not interoperable, as they require non-standard extensions or plugins to work. There is a desire to standardize the basis for such communication so that interoperable communication can be established between any compatible browsers. Real-Time Communication in WEB-Browsers (rtcweb) 2013-03-13 charter 10/3/2014 © Acision 2014 4
  • 5. WebRTC The mission of the Web Real-Time Communications Working Group, part of the Ubiquitous Web Applications Activity, is to define client-side APIs to enable Real-Time Communications in Web browsers. These APIs should enable building applications that can be run inside a browser, requiring no extra downloads or plugins, that allow communication between parties using audio, video and supplementary real-time communication, without having to use intervening servers (unless needed for firewall traversal, or for providing intermediary services). Web Real-Time Communications Working Group Charter 10/3/2014 © Acision 2014 5
  • 6. RTCWeb and WebRTC: not the same thing • RTCWeb is the on-the-wire protocol as defined by the IETF and may be used in many applications and systems – Within VoIP phones – On network servers – Includes MTI codecs for audio and video • WebRTC is the browser API as defined by the IETF 10/3/2014 © Acision 2014 6
  • 8. Signalling not included • Google made a controversial (but very wise) decision not to specify how the signalling should work • Signalling is required – To discover who to communicate with – To exchange information on what the communication should be (audio, data, video, and codecs) • Even the simplest, proprietary, RESTful exchange is signalling 10/3/2014 © Acision 2014 8
  • 9. Interoperability is sometimes required • These use-cases are typically ones where the point of the application is communication • For example: – Conferencing – calls in and out of legacy networks are required – Call Centres – calls in and out of legacy networks are required – Virtual PBX – calls in and out of legacy networks are required 10/3/2014 © Acision 2014 9
  • 10. The signalling trapezoid 10/3/2014 © Acision 2014 10
  • 11. Signalling options • Open standards are usually best – SIP over WebSocket, http://tools.ietf.org/html/rfc7118 – XMPP over WebSocket, http://tools.ietf.org/html/draft-moffitt-xmpp- over-websocket – OpenPeer, http://openpeer.org/ • The WebRTC API is easy but signalling is often hard – There are many open-source libraries that do the signalling – The library APIs vary in complexity to meet every need – Hosted infrastructure lets you add real-time communications to your website without having to build a network yourself 10/3/2014 © Acision 2014 11
  • 12. HOWTO: Kamailio as a SIP over WebSocket server • Download, build, and install Kamailio 4.1 • Create a kamailio.cfg file based on the following code snippets http://www.kamailio.org/ 10/3/2014 © Acision 2014 12
  • 13. Handling WebSocket handshakes in Kamailio ... tcp_accept_no_cl=yes ... event_route[xhttp:request] { set_reply_close(); set_reply_no_connect(); if ($hdr(Upgrade)=~"websocket" && $hdr(Connection)=~"Upgrade" && $rm=~"GET") { # Validate as required (Host:, Origin:, Cookie:) if (ws_handle_handshake()) exit; } xhttp_reply("404", "Not Found", "", ""); } 10/3/2014 © Acision 2014 13
  • 14. WebSocket connections are always behind a NAT • Javascript applications cannot see the real IP address and port for the WebSocket connection • This means that the SIP server cannot trust addresses and ports in SIP messages received over WebSockets • nathelper and/or outbound can be used to solve this problem 10/3/2014 © Acision 2014 14
  • 15. Using nathelper on SIP over WebSocket requests modparam(“nathelper|registrar”, “received_avp”, “$avp(RECEIVED)”) ... request_route { route(REQINIT); route(WSDETECT); ... route[WSDETECT] { if (proto == WS || proto == WSS) { force_rport(); if (is_method(“REGISTER”)) { fix_nated_register(); } else if (is_method(“INVITE|NOTIFY|SUBSCRIBE”)) { add_contact_alias(); } } } ... route[WITHINDLG] { if (has_totag()) { if (loose_route()) { if (!isdsturiset()) { handle_ruri_alias(); } ... 10/3/2014 © Acision 2014 15
  • 16. Using nathelper on SIP over WebSocket responses onreply_route { if ((proto == WS || proto == WSS) && status =~ “[12][0-9][0-9]”) { add_contact_alias(); } } 10/3/2014 © Acision 2014 16
  • 17. WebSocket connections are always behind a NAT • Use mediaproxy-ng from SIPWise https://github.com/sipwise/mediaproxy-ng • Companion Kamailio module: rtpproxy-ng http://kamailio.org/docs/modules/stable/modules/rtpproxy-ng.html • SIP Signalling is proxied instead of B2BUA'd (that is, not broken) 10/3/2014 © Acision 2014 17
  • 18. Catch 488 to invoke mediaproxy-ng modparam(“rtpproxy-ng”, “rtpproxy_sock”, “udp:localhost:22223”) ... route[LOCATION] { ... t_on_failure(“UA_FAILURE”); } ... failure_route[UA_FAILURE] { if (t_check_status(“488”) && sdp_content()) { if (sdp_get_line_startswith(“$avp(mline)”, “m=”)) { if ($avp(mline) =~ “SAVPF”)) { $avp(rtpproxy_offer_flags) = “froc-sp”; $avp(rtpproxy_answer_flags) = “froc+SP”; } else { $avp(rtpproxy_offer_flags) = “froc+SP”; $avp(rtpproxy_answer_flags) = “froc-sp”; } # In a production system you probably need to catch # “RTP/SAVP” and “RTP/AVPF” and handle them correctly # too } append_branch(); rtpproxy_offer($avp(rtpproxy_offer_flags)); t_on_reply(“RTPPROXY_REPLY”); route(RELAY); } } ... 10/3/2014 © Acision 2014 18
  • 19. Handle replies to the retried INVITE modparam(“rtpproxy-ng”, “rtpproxy_sock”, “udp:localhost:22223”) ... failure_route[UA_FAILURE] { ... t_on_reply(“RTPPROXY_REPLY”); route(RELAY); } onreply_route[RTPPROXY_REPLY] { if (status =~ “18[03]”) { # mediaproxy-ng only supports SRTP/SDES – early media # won't work so strip it out now to avoid problems change_reply_status(180, “Ringing”); remove_body(); } else if (status =~ “2[0-9][0-9]” && sdp_content()) { rtpproxy_answer($avp(rtpproxy_answer_flags)); } } ... 10/3/2014 © Acision 2014 19
  • 20. Current mediaproxy-ng limitations • No support for SRTP/DTLS – SRTP/DTLS is a MUST for WebRTC and SRTP/SDES is a MUST NOT – mediaproxy-ng works with Google Chrome today (but Google will be removing SRTP/SDES over the next year) – mediaproxy-ng does not work with Firefox at this time • Does not support “bundling”/”unbundling” – WebRTC can “bundle” audio and video streams together, but mediaproxy-ng does not support this yet – Google Chrome does not currently support “unbundling” – You can have an audio stream, or a video stream, but not an audio and video stream at this time RTPEngine is coming 10/3/2014 © Acision 2014 20
  • 21. HOWTO: Authenticate SIP using a web-service • No communication required between authentication server and Kamailio • Credentials expire (the expiry time is chosen by the authentication server) • Extract username and password from the “GET” used for HTTP handshake and authenticate there, or • Use the credentials for digest authentication of SIP requests • Check the From-URI or To-URI in SIP headers match the user part of the credential http://kamailio.org/docs/modules/stable/modules/auth_ephemeral.html 10/3/2014 © Acision 2014 21
  • 23. Authenticating the handshake ... tcp_accept_no_cl=yes ... modparam(“auth_ephemeral”, “secret”, “kamailio_rules”) ... modparam(“htable”, “htable”, “wsconn=>size=8;”) ... event_route[xhttp:request] { ... # URI format is /?username=foo&password=bar $var(uri_params) = $(hu{url.querystring}); $var(username) = $(var(uri_params){param.name,username,&}); $var(password) = $(var(uri_params){param.name,password,&}); # Note: username and password could also have been in a Cookie: header if (!autheph_authenticate(“$var(username)”, “$var(password)”)) { xhttp_reply(“403”, “Forbidden”, “”, “”); exit; } if (ws_handle_handshake()) { $sht(wsconn=>$si:$sp::username) = $var(username) exit; } ... event_route[websocket:closed] { $var(regex) = $si + “:” $sp + “.*”; sht_rm_name_re(“wsconn=>$var(regex)”); } 10/3/2014 © Acision 2014 23
  • 24. Checking SIP requests ... request_route { route(REQINIT); route(WSDETECT); ... if (!(proto == WS || proto == WSS)) route(AUTH); ... route[WSDETECT] { if (proto == WS || proto == WSS) { $var(username) = (str) $sht(wsconn=>$si:$sp::username); if ($var(username) == $null || $var(username) == “”) { send_reply(“403”, “Forbidden”); ws_close(1008, “Policy Violation”); exit; } if (!autheph_check_timestamp(“$var(username)”) || (is_method(“REGISTER|PUBLISH”) && !autheph_check_to(“$var(username)”)) || (!has_totag() && !autheph_check_from(“$var(username)”))) { send_reply(“403”, “Forbidden”); ws_close(1008, “Policy Violation”); exit; } force_rport(); ... 10/3/2014 © Acision 2014 24
  • 25. Questions? Email: peter.dunkley@acision.com Twitter: @pdunkley 10/3/2014 © Acision 2014 25