Transcription
VONAGE CONFIDENTIALVonage &OpenSIPSA Great CallOpenSIPS SummitAmsterdam, NLMay 2-5, 20171
, PROPRIETARY & CONFIDENTIALOpenSIPSHigh Performance SIP Router
, PROPRIETARY & CONFIDENTIALSupported Device TypesMobile DeviceSoftphonesATA’sIP PhonesSIP Trunks & PBX’s
, PROPRIETARY & CONFIDENTIALOne Registrar To Rule Them All
, PROPRIETARY & CONFIDENTIALOne Registrar To Rule Them AllMandatory RequirementsSecureRedundantHighly AvailableScalableMonitoring
Registrar ChallengesLogging - Delays introduced at loadTCP - Locking / internal table lookups at loadTLS - Device Compatibility / DiagnosticsMax Branches - Device location lookupsDNS Lookups - Internal to the networkSecurity - Never expose more information than necessary, Handle bad actors, Handlebroken devices, software, PROPRIETARY & CONFIDENTIAL
, PROPRIETARY & CONFIDENTIALRegistrationsChallengeLogging - Delays introduced at load
RegistrationsChallengeLogging - Delays introduced at loadSolutionLimit Logging – Log Level, Conditional Execution, Removal in Production, PROPRIETARY & CONFIDENTIAL
, PROPRIETARY & CONFIDENTIALRegistrationsChallengeTCP - Locking / Internal table lookups at load
RegistrationsChallengeTCP - Locking / Internal table lookups at loadSolutionOpenSIPS timer settings, Kernel timer (sysctl) settings, Splitting workload (UDP/TCP/TLS),Exhaustive Load Testing, PROPRIETARY & CONFIDENTIAL
, PROPRIETARY & CONFIDENTIALRegistrationsChallengeTLS – Device Compatibility & DiagnosticsWildcard Support (SAN), SRV Support, Captures over TLS connections
, PROPRIETARY & CONFIDENTIALRegistrationsChallengeTLS – Device Compatibility & DiagnosticsWildcard Support (SAN), SRV Support, Captures over TLS connectionsSolutionDevice Certification TestingOpenSIPS Logging, HEP from OpenSIPS, Wireshark (certs needed)Exhaustive Load Testing
, PROPRIETARY & CONFIDENTIALRegistrationsChallengeMax Branches
, PROPRIETARY & CONFIDENTIALRegistrationsChallengeMax BranchesSolutionRecompile OpenSIPS sourceReduce the number of registrars needed to locate a userDistributed DB/Cache store/fetch
, PROPRIETARY & CONFIDENTIALRegistrationsChallengeDNS Lookups – Under load DNS lookup time causes problemsSolution
, PROPRIETARY & CONFIDENTIALRegistrationsChallengeDNS Lookups – Under load DNS lookup time causes problemsSolutionOpenSIPS dns cache module to the rescue almostName Server Cache Daemon (nscd)Remove all DNS lookups from the interior of the network
RegistrationsChallengeSecurity – Never expose more information than is absolutely necessaryHandle Bad Actors, Handle broken devices/software, PROPRIETARY & CONFIDENTIAL
RegistrationsChallengeSecurity – Never expose more information than is absolutely necessaryHandle Bad Actors, Handle broken devices/software, PROPRIETARY & CONFIDENTIALSolutionTopology Hiding, Module, Ratelimit Module, Pike ModuleIPTables ratelimit, IPTables packet inspection
Registrar SolutionsLimit Logging - Log Level, Conditional Execution, Removal in ProductionTCP - OpenSIPS timer settings, Kernel timer (sysctl) settings, Split workload (UDP/TCP/TLS)TLS - Wildcard (SAN) support, SRV support, Captures in OpenSIPS, HEP, Wireshark (with certs)Max Branches - Split workload, Distributed DB/Cache, Patch OpenSIPSDNS Lookups – dns cache module, Name Server Cache Daemon (nscd), Remove lookups frominside the network, Understand the good & bad of SRVSecurity – Topology Hiding, Ratelimit module, Pike module, IPTables ratelimit, IPTables packetinspection, PROPRIETARY & CONFIDENTIAL
INVITEChallengeRatelimit based on business logic, Size of messages, Large SDP Payloads, MultipleAudio/Video Codecs, Inconsistent Responses from Clients and/or Carriers, PROPRIETARY & CONFIDENTIAL
INVITEChallengeRatelimit based on business logic, Size of messages, Large SDP Payloads, MultipleAudio/Video Codecs, Inconsistent Responses from Clients and/or CarriersSolutionRatelimit module, Restrict message size, Remove Unsupported Codecs, Special CaseHandling, PROPRIETARY & CONFIDENTIAL
, PROPRIETARY & CONFIDENTIALSUBSCRIBEChallengeFailure Routes – Response Codes returned to the client device
SUBSCRIBEChallengeFailure Routes – Response Codes returned to the client deviceSolutionLearn why t relay(0x04) is so importantUnderstand all the negative responses returned to the clientUnderstand how the client reacts to each particular negative response, PROPRIETARY & CONFIDENTIAL
, PROPRIETARY & CONFIDENTIALSUBSCRIBEChallengeRatelimit based on business logic, Volume of messages, Bad Actors
, PROPRIETARY & CONFIDENTIALSUBSCRIBEChallengeRatelimit based on business logic, Volume of messages, Bad ActorsSolutionRatelimit based on criteria such as IP, User-Agent or Event-type
, PROPRIETARY & CONFIDENTIALINTERNAL - CARRIER ROUTINGChallengeEvery carrier has their own view as to how they interpret RFC3261
INTERNAL - CARRIER ROUTINGChallengeEvery carrier has their own view as to how they interpret RFC3261SolutionInterop TestingDo not expect the carrier to change the way they do things so be prepared to solveproblems locally, PROPRIETARY & CONFIDENTIAL
, PROPRIETARY & CONFIDENTIALINTERNAL - FEATURESChallengeServer Feature Creep
, PROPRIETARY & CONFIDENTIALINTERNAL - FEATURESChallengeServer Feature CreepSolutionSpecialized “function specific” server
, PROPRIETARY & CONFIDENTIALINTERNAL - PERFORMANCEChallengeExternal DB Lookups
INTERNAL - PERFORMANCEChallengeExternal DB LookupsSolutionPerformance gains by keeping tables in memory rather than performing and external DBquery, PROPRIETARY & CONFIDENTIAL
, PROPRIETARY & CONFIDENTIALINTERNAL - PERFORMANCEChallengeEfficient lookups across the enterprise
, PROPRIETARY & CONFIDENTIALINTERNAL - PERFORMANCEChallengeEfficient lookups across the enterpriseSolutionCaching – local caches, regional caches, enterprise caches
, PROPRIETARY & CONFIDENTIALINTERNAL - ENHANCEMENTSChallengeTechnology UpgradesSolutionMigrate from Memcache to Redis where it makes senseMigrate from SQL to NoSQL where it makes senseImplement Patterns – PUB/SUB
COMING ATTRACTIONSNEXMO (nexmo.com)Developer Access to the backend telephony infrastructureBuild fully featured voice applications such as recorded voice proxies, voice conferencingsystems, lead distribution and customer support systemsWith the Voice API you can initiate and control calls to and from the PSTN, PROPRIETARY & CONFIDENTIAL
, PROPRIETARY & CONFIDENTIALCOMING ATTRACTIONSMid-RegistrarOpenSIPS module for scalable registration and call forking
, PROPRIETARY & CONFIDENTIALCOMING ATTRACTIONSDNSMove all resolutions to the edge
, PROPRIETARY & CONFIDENTIALCOMING ATTRACTIONSTCPDefault protocol for mobile, possibly the entire enterprise
, PROPRIETARY & CONFIDENTIALCOMING ATTRACTIONSTLSAcross the enterprise
, PROPRIETARY & CONFIDENTIALCOMING ATTRACTIONSFreeSWITCH (freeswitch.com)Stable Server / Fantastic Feature Set
, PROPRIETARY & CONFIDENTIALCOMING ATTRACTIONSHomer (sipcapture.org)SIP Capture for jobs where Wireshark isn’t suited
, PROPRIETARY & CONFIDENTIALCOMING ATTRACTIONSVoIP Monitor (voipmonitor.org)A worthy tool to analyze calls
, PROPRIETARY & CONFIDENTIALVonage & OpenSIPS A Great CallThank YouNorm Brandinger (norm.brandinger@vonage.com)
IP Phones SIP Trunks & PBX's. VONAGE, PROPRIETARY & CONFIDENTIAL . (SAN), SRV Support, Captures over TLS connections. VONAGE, PROPRIETARY & CONFIDENTIAL Registrations Challenge TLS - Device Compatibility & Diagnostics . VONAGE, PROPRIETARY & CONFIDENTIAL Registrar Solutions Limit Logging - Log Level, Conditional Execution, Removal in .
