Iptel’s SIP Express Router (SER) SIP Proxy Server SIP Workshop AARNet By Stephen Kingham

2 Outline and Objectives What is SER Installation Configuration (user and routing) Modules Authentication

3 What is SER? S IP E xpress R outer Open Source, and can be commercially supported. It is a Location Server, a Proxy Server, and a Redirect Server. Very popular in the Research and Education Sector. Very efficient, very fast, handle huge call loads (New Yorks busy hour on a medium sized Pentium with 1Gbyte of RAM) Has Voice Mail. Has (SIMPLE Protocol) to Jabber interface for Instant Messaging and Presence. Has Web programming interface Can write your own modules to add features (Internet2 ISN is a good example). Uses SQL database

4 Installation Easy to install. Source is available, so are a wide range of packages for a very large range of Unix platforms. Warning: The “how to”s for “webser” do not match the installations. The MySQL datsbase is called “ser” and the “database root” password (“heslo”). taipei/sip/install-SER.html

5 Sources for information to install taipei/sip/install-SER.htmlhttp:// taipei/sip/install-SER.html Or and get the latest RPM. Or Freebsd comes with SER already! And of course

6 Configuration All done in /etc/ser/ser.cfg Once the configuration is changed restart with /etc/rc.d/init.d/ser restart First half of /etc/ser/ser.cfg is loading modules and setting some default. Second half is how every SIP Message is processed and is like a programme. Good primer for the conf is here: And as well as googlewww.operser.org

7 Example for routing ENUM loadmodule “/srv/ser/modules/enum.so" # if it is a number in correct format, ie with + in front, eg If (method=="INVITE" && uri="sip:\+[0-9]{2,15}. *") { # # search for service type "sip" or "voice:sip" or "video:sip" # note the '+' sign in front of the second parameter if ( ! enum_query("e164.arpa.","+sip+voice:sip+video:sip") { # # Did not find sip in e164.arpa # search for "e2u+sip" in freenum.org enum_query("freenum.org."); if ( ! enum_query("+sip+voice:sip+video:sip") { { xlog ( "L_NOTICE", "DEBUG: Did not find enum in e164.arpa or freenum\n" ); };

8 SER programming Main “route” block processes each sip message You can have “sub route blocks” called from the main. You can set flags, (maximum of 30 by default) and test if they are set or not latter. Flags can also be defined as a trigger. Eg Setting a flag 2 to trigger creation of an accounting record. There no user defined variables, only the standard sip variables eg –src_ip –from_uri –method

9 Authorisation in SER Users are put into groups ( serctl acl show ). The groups are defined in the serctl programme, look for the following line in the program: ACL_GROUPS="local ld int voic free-pstn “ I like to add mobile Commands in the script: If ( uri =~ “ sip:0[1-9][0-9]{7} ) { # destintion is a local number if ( ! is_user_in ( “ credentials ”, “ local ” ) ) { # user is not in local group, deny the call sl_send_reply( “ 403 ”, “ No permission for local calls ” ); break; # exit from script } } consume_credentials() # for calls leaving this domain # route call ©Stephen

10 SER administration Standard error messages from SER go to /var/log/messages check /var/log/messages to find out why ser does not start eg tail –f /var/log/messages Take a look at the “ xlog ” command in the ser.cfg file to send more information to /var/log/messages. You can turn on debugging and run from the command line. The programme “ serctl ”. Use this very useful programme for maintenance, as well as moves adds and changes.

11 SER debug: use xlog Into ser.cfg add loadmodule "/usr/lib/ser/modules/xlog.so” xlog(level, format): level = L_ALERT | L_CRIT | L_ERR | L_WARN | L_NOTICE | L_INFO | L_DBG Format = %rm : request's method %ru : request's r-uri %tu : 'To' uri %tt : 'To' tag %mi : SIP message id %pp : process id (pid) %is : IP source address % : '%' %Ts : unix time stamp %Tf : string formatted time %ci : call-id %cs : cseq %ct : contact header %fu : 'From' uri %ft : 'From' tag I like xlog ( "L_NOTICE", "DEBUG: uri from uri to uri \n\n" );

12 phpMyAdmin – to manage mysql tables serctl programme –The programme “ serctl ”. Real time monitoring as well as ADD, MOVES, and CHANGES to users and telephones. –Serctl and serweb write directly to /tmp/ser_fifo. phpMyAdmin – to manage mysql tables –Excellent for managing the SER Proxy Server data stored in the mysql data base. –Get it from –Any changes here do not go via /tmp/ser_fifo and thus to activate changes ser must be restarted with /etc/rc.d/init.d/ser restart

13 DNS SIP relies on DNS for routing (eg finding other SIP Servers). If something goes wrong with DNS then call setups can block for several seconds. Mitigate by: –Cache DNS (eg nscd daemon in Linux) –Have plenty of free children (threads) in the Proxy Server –Process transactions statefully to absorb retransmissions without additional DNS lookups.

14 NAT Support On the Server, install and run the STUN Daemon. Refer to talk by Dr. Saverio Niccolini at Tereena 2005 :

15 Routing Telephone numbers! WWW and work by using the Domain Name Service (DNS). –DNS turns human addresses into Internet addresses, –DNS on it’s own is very uninteresting or useful! The ENUM standard teaches DNS about Telephone numbers! –VoIP users can discover that they can make VoIP calls to a number without routing it first to the PSTN! –Traditional Carriers around the world do not like ENUM. Join the ACMA’s ENUM Trial, ref: enum.edu.au ©Stephen

16 Authorisation in SER Users are put into groups (serctl acl show, add using ). The groups are defined in the serctl programme, look for ACL_GROUPS="local ld int voic free-pstn “ I like to add mobile and ld-aarnet-local-cost The above is done within the mysql tables. Commands in the script: If ( uri =~ “ sip:0[1-9][0-9]{7} ) { # destintion is a local number if ( ! is_user_in ( “ credentials ”, “ local ” ) ) { # user is not in local group, deny the call sl_send_reply( “ 403 ”, “ No permission for local calls ” ); break; # exit from script } } consume_credentials() # for calls leaving this domain # route call ©Stephen

Some other UAs SIP Workshop AARNet By Stephen Kingham

18 Hard telephones All can tftp or ftp their config file. Some can be configured using web interface. Generally all can be configured from the keyboard. co7960/cisco7960.htmlhttp:// co7960/cisco7960.html ys/index.htmlhttp:// ys/index.html ycom/index.htmlhttp:// ycom/index.html

19 Radvision MCU and Gateway Cisco IOS gased Gateway: coVoIPGateways/ciscoas5300.html coVoIPGateways/ciscoas5300.html Radvision MCU vision-viaip400/index.html vision-viaip400/index.html