Protocol 17 IPv4 Hdr UDP Hdr 17 IP Data Original IPv4 Packet Original IPv4 Packet Next Hdr 4 ESP Trlr ESP Auth Data ESP Hdr 50 Protocol 50 IPv4 Hdr IP Data UDP Hdr 17 UDP Datagram Protoc
Trang 1OAKLEY—This extends ISAKMP by describing a specific mechanism for key exchange through different defined “modes.” Most of IKE’s key exchange is directly based on OAKLEY
SKEME—This defines a key exchange process different from that of OAKLEY IKE uses some SKEME features, such as public key encryption methods and the
“fast rekeying” feature
IKE takes ISAKMP and adds the details of OAKLEY and SKEME to perform its magic IKE has the two ISAKMP phases
Phase 1—The first stage is a “setup” process in which two devices agree on how they will exchange further information securely This creates an SA for IKE itself, although it’s called an ISAKMP SA This special bidirectional SA is used for Phase 2
Phase 2 —Now the ISAKMP SA is used to create the other SAs for the two devices
This is where the parameters such as secret keys are negotiated and shared Why two phases? Phase 1 typically uses public key encryption and is slow, but technically only has to be done once Phase 2 is faster and can conjure different but very secure secret keys every hour or every 10 minutes (or more frequently for very sensitive transactions)
Trang 2This page intentionally left blank
Trang 3QUESTIONS FOR READERS
Figure 29.10 shows some of the concepts discussed in this chapter and can be used to answer the following questions
1 Which IPSec ESP mode is used in the fi gure—transport or tunnel?
2 Which IP protocol is being tunneled?
3 What does the ESP trailer next header value of 4 indicate?
4 Could NAT also be used with IPSec to substitute the IPv4 addresses and
encrypt them?
5 Is the SPI fi eld encrypted? Is it authenticated?
FIGURE 29.10
IPSec ESP used with an IPv4 packet.
Protocol
17
IPv4 Hdr
UDP Hdr (17)
IP Data
Original IPv4 Packet
Original IPv4 Packet
Next Hdr
4
ESP Trlr
ESP Auth Data
ESP
Hdr
(50)
Protocol
50
IPv4 Hdr
IP Data
UDP Hdr (17) UDP Datagram Protocol
17
IPv4 Hdr
Encrypted Fields Authenticated Fields
UDP Datagram
731
Trang 5PART
VII
The Internet is not just for data anymore This part of the book examines how
voice communication has transitioned to the Internet
■ Chapter 30—Voice over Internet Protocol
Trang 7What You Will Learn
In this chapter, you will learn how VoIP is becoming more and more popular as
an alternative to the traditional public switched telephone network (PSTN) We’ll look at one form of “softphone” that lets users make “voice” calls (voice is really many things) over an Internet connection to their PC
You will learn about the protocols used in VoIP, especially for the “data” (RTP and RTCP) and for signaling (H.323 and SIP) We’ll put it all together and look at a complete architecture for carrying media other than data on the Internet
Voice over Internet
In November 2006, when a person in Cardiff, Wales, made a local telephone call, no part of the British Telecom (BT) PSTN was involved Only the “last mile” of the circuit was the same: No telephone central offi ce, voice switches, or channelized trunks were used to carry the voice call Instead, the calls were handled by multiservice access nodes (MSANs) and carried with IP protocols over the same type of network that handles BT’s Internet traffi c
BT was so happy with the results that by 2011 they say their entire PSTN will be replaced with an IP network using MPLS to both secure and provide QoS for the calls Many countries use IP voice on their backbones (such as Telecom Italia), but this is the fi rst time a national system has decided to spend a huge amount of money (almost US$20 billion, BT says) to convert everything
It’s old news that many people, both around the world and in the United States, use the Internet to talk over the telephone Not many of these customers know it, however, because various factors combine to make the use of voice over IP (VoIP) technology
a sensitive subject There are those who intentionally use the Internet for voice calls, and many software packages (such as those from Vonage and Avaya) are available But not many people know that a percentage of calls (perhaps the majority) made over the PSTN are carried for part of their journey over the Internet using VoIP The cellular tele-phone network is converging on IP protocols even faster than the landline network
Trang 8lo0: 192.168.0.1
fe-1/3/0: 10.10.11.1 MAC: 00:05:85:88:cc:db (Juniper_88:cc:db) IPv6: fe80:205:85ff:fe88:ccdb
P9
lo0: 192.168.9.1
PE5
lo0: 192.168.5.1
P4
lo0: 192.168.4.1
so-0/0/1 79.2
so-0/0/1 24.2
so-0/0/0 47.1
so-0/0/2 29.2
so-0/0/3 49.2
so-0/0/3 49.1
so-0/0/059.2
so-0/0/2 45.1
so-0/0 /2 45.2 so-0/0/059.1
ge-0/0/3 50.2
ge-0/0/350.1 DSL Link
Ethernet LAN Switch with Twisted-Pair Wiring
em0: 10.10.11.177
MAC: 00:0e:0c:3b:8f:94
(Intel_3b:8f:94)
IPv6: fe80::20e:
cff:fe3b:8f94
eth0: 10.10.11.66 MAC: 00:d0:b7:1f:fe:e6 (Intel_1f:fe:e6) IPv6: fe80::2d0:
b7ff:fe1f:fee6
LAN2: 10.10.11.51 MAC: 00:0e:0c:3b:88:3c (Intel_3b:88:3c) IPv6: fe80::20e:
cff:fe3b:883c
LAN2: 10.10.11.111 MAC: 00:0e:0c:3b:87:36 (Intel_3b:87:36) IPv6: fe80::20e:
cff:fe3b:8736
winsvr1
LAN1
Los Angeles
Office
Ace ISP
AS 65459
Wireless
in Home
Solid rules ⫽ SONET/SDH
Dashed rules ⫽ Gig Ethernet
Note: All links use 10.0.x.y
addressing only the last
two octets are shown.
FIGURE 30.1
VoIP setup on the Illustrated Network, showing the host using an Internet telephony package.
Trang 9lo0: 192.168.6.1
fe-1/3/0: 10.10.12.1 MAC: 0:05:85:8b:bc:db (Juniper_8b:bc:db) IPv6: fe80:205:85ff:fe8b:bcdb Ethernet LAN Switch with Twisted-Pair Wiring
eth0: 10.10.12.77
MAC: 00:0e:0c:3b:87:32
(Intel_3b:87:32)
IPv6: fe80::20e:
cff:fe3b:8732
eth0: 10.10.12.166 MAC: 00:b0:d0:45:34:64 (Dell_45:34:64) IPv6: fe80::2b0:
d0ff:fe45:3464
LAN2: 10.10.12.52 MAC: 00:0e:0c:3b:88:56 (Intel_3b:88:56) IPv6: fe80::20e:
cff:fe3b:8856
LAN2: 10.10.12.222 MAC: 00:02:b3:27:fa:8c IPv6: fe80::202: b3ff:fe27:fa8c
LAN2
New York
Office
P7
lo0: 192.168.7.1
PE1
lo0: 192.168.1.1
P2
lo0: 192.168.2.1
so-0/0/1
79.1
so-0/0/1
24.1
so-0/0/0
47.2
so-0/0/2
29.1
so-0/0/3 27.2
so-0/0/3 27.1
so-0 /0/2 17.2
so-0/0/2 17.1
so-0/0/0 12.2
so-0/0/012.1
ge-0/0/3 16.2
ge-0/0/3 16.
1
Server
(172.24.45.78)
AS 65127
Global Public Internet CHAPTER 30 Voice over Internet Protocol 737
Trang 10The exact percentage of PSTN traffi c using VoIP is very diffi cult to pin down because some telephony carriers are relatively open about this fact and others are not, and all are as wary of their competitors as they ever were The use of VoIP is also controversial because not too long ago the voice quality of such calls was (might as well admit it) horrible
This chapter concerns voice, not audio, a distinction often glossed over by users but never by engineers Voice is concerned primarily with comprehension of the
spoken word, that is, of what is said rather than how it “sounds.” Audio is generally
a stereo representation of more than just speech Think of audio as a motion picture soundtrack The telephone system is “tuned” to the frequencies used in human speech, not music or special effects explosions And that makes all the difference
VOIP IN ACTION
It’s a little too much to expect seeing a full-blown VoIP server and gateway on the Illustrated Network, although Juniper Networks does indeed make such software Nevertheless, we can “borrow” an Avaya IP Softphone server for our network and install the client software on wincli2 (10.10.112.222) Then we can use the VoIP software to place a call to a desk phone and capture the exchange of signaling and voice packets This is shown in Figure 30.1
Naturally, the server can place the call anywhere in the world, but having a con-versation with a telephone in a local cubicle makes it easier to complete the call, talk, hang up, and so on Figure 30.2 shows the main screen for the Avaya VoIP software It doesn’t look much like a phone, and some VoIP clients make an effort to make the user
FIGURE 30.2
Avaya IP Softphone client interface Note that this is not very “phone-like.”