Open SourceOpen StandardsExample of OpenSER with OSPJim.Dalton@TransNexus.com

Open StandardsOpen Source Projects based on Open Standards offer:Low costFlexibilityNo Risk of being locked into a Proprietary SolutionSIP applicationsWeb Standards that enable new SIP applicationsHTTP (SHTTP)XML

OpenSEROpenSER is an Open Source SIP ProxyVery high reliability and performanceVery widely deployedVery flexibleHistory2002 SIP Express Router (SER) Project2005 OpenSER forked from SER2008 JuneOpenSER changes names to KamailioOpenSIPS forked from OpenSER

OpenSER V1.2 PerformanceOpenSER has very high performance with OSP routing and accounting.OpenSER on a server with two, dual core Xeon CPUs can route and collect CDRs for over 500 million minutes per month of wholesale VoIP traffic.OpenSER Performance on a single core of an Intel 5140 2.33 CPU

SIP Trunking & DID ServicesValue proposition begins with low priceFlexibility and innovation becomes a competitive advantageLoad balance high call rates across multiple carriersCall CentersCall BroadcastsCampaignsSchool systemsDID services

SIP Trunking & DID ServicesPSTNCarrier 5PSTNCarrier 4PSTNCarrier 2PSTNCarrier 1PSTNCarrier 3EnterpriseEnterpriseEnterpriseEnterprise

Overview of OSP ServerETSI OSP protocol defines standardized messages for the secure exchange IP based sessions.An OSP server is a web serverResembles SOAP, VXML and CCXMLMessage FormatsMultipurpose Internet Mail Extensions (MIME)eXtensible Markup Language (XML)Secure MIMECommunication Protocols

OpenSER and OSPOpenSERRoutingQuery &ResponseCall DetailRecordsSource NetworkDestination NetworkOSPServer

Enterprise VoIP VPNSecure peering architecture provides VoIP VPN InternetCallCenterHeadquartersSalesOfficeBranchOfficeManufacturing1. Centralized routing2. Secure inter-office access control3. Centralized accounting4. Autonomous local operation5. Minimum bandwidth1. Centralized routing1. Centralized routing2. Secure inter-office access control1. Centralized routing2. Secure inter-office access control3. Centralized accounting1. Centralized routing2. Secure inter-office access control3. Centralized accounting4. Autonomous local operationOSPServer1. Enrollment2. Route Authorization3. SIP INVITE with Digitally Signed Token4. CDR collection

Inter-Network PeeringOpenSERRoutingQuery &ResponseCall DetailRecordsSource NetworkDestination NetworkOSPServerOpenSERValidatePeeringToken

Tiered PeeringSecure peering among multiple peering networks.InternetPeeringServerPeeringServerYellowPeeringNetworkPurplePeeringNetwork

Cascading SettlementsSecure, end to end accounting ensures every network is compensated.InternetPeeringServerYellowPeeringNetworkPurplePeeringNetworkPeeringServer

OSP Message ExampleHTTP/1.1 200 OKServer: IP address of OSP serverDate: Thu, 12 May 2005 18:32:59 GMTConnection: Keep-AliveKeep-Alive: timeout=3600, max=5000Content-Length: 1996Content-Type: text/plain

2005-05-12T18:32:59Z4785098287068543017

MTExNTkxOTE3Ny45 Called Number [IP Address:Port]HTTP HeaderOSP Message

OSP Message Example (cont.)

2005-05-12T18:32:59Z4785098287068543017

MTExNTkxOTE3Ny45 Called Number [IP Address: Port] 14400 s 2005-05-12T18:27:59Z 2005-05-12T18:37:59Z sip Calling Number Vj0xCnI9MjE2NTUKYz0KQz03Nzc3Nzc3Nzc3Cmk9TVRFeE5Ua3hPVEUzTnk0NQphPT IwMDUtMDUtMTJUMTg6Mjc6NTlaCnU9MjAwNS0wNS0xMlQxODozNzo1OVoKST00Nz

Unique Transaction ID per callCall ID from source deviceCalled Number may be translatedIP Address of Called NumberCall authorized for 14440 secondsCall authorized to start in 10 minute windowProtocol may be SIP, H323, IAX, Digitally signed of token

More About OSP & OpenSERInstructions for building OpenSER with OSP support: http://www.transnexus.com/White%20Papers/Multi-Lateral_Peering_with_SER_V2.0.pdf

OSP client library: http://sourceforge.net/projects/osp-toolkit/

OpenSER performance with OSP: http://www.transnexus.com/White%20Papers/OpenSER-SER_Comparison.htm

Secure VoIP peering is made possible by the OSP protocol a standard defined by ETSI the European Telecommunication Standards Institute. OSP is a defined set of messages for authorizing and accounting for voice, video or any type session between IP networks. The messages are written in XML and transmitted via HTTP.As shown in this slide, an OSP peering server is web server which understands standard OSP messages. In this slide, a certificate authority peering server is added to the network of PBXs to create a VoIP VPN on the public Internet.The first step is the one time process of enrolling each IP PBS with the peering server to create the network of trusted peers for VoIP callingFor example, if someone in the European branch office wants to call the manufacturing facility in China, the local PBX in Europe will recognize that it does not have a route or access to complete the call, so it sends a peering authorization request to the peering server which responds with the destination IP address and a digitally signed token authorizing the call. The source PBS then sends a SIP INVITE to the destination. The INVITE includes the peering token. The destination validates the peering token with the public key of the peering server and accepts the call.When the call is over, both the source and destination PBxs send their call detail records (CDRs) to the Peering server.This slide introduces the concept of tiered peering which is an extension of the wholesale peering model presented in the previous example. In this illustration there are two wholesale peering networks: Yellow and Purple. The peering server in the Yellow network manages peering among all VoIP devices in the Yellow network. The OSP server in the Purple network manages peering among all VoIP devices in the Purple network.

Question? What happens when there is a call from a VoIP device in the Yellow network that can only completed by a VoIP device in the Purple network? How would a call be routed from South America to Australia? The answer is secure peering between the Yellow and Purple networks. The operators of the Yellow and Purple OSP servers would have peering relationship for managed calls between their peering networks.

Call Scenario:Calling party in Brazil calls Australia. The VoIP device in Brazil cannot complete the call in its network, so it queries the Yellow peering server for a peer in another network that can complete the call.The Yellow server does not have a peer in its routing table that can complete the call. However, it does have a peering relationship with the Purple peering network and sends a query to the Purple peering server.The Purple peering server does have a peer that can complete the call to Australia and returns the IP address and a digitally signed token to the Yellow peering server.The Yellow peering server forwards the routing information and peering token from the Purple peering server to the VoIP device in Brazil.The VoIP device in Brazil send a SIP INVITE to the Australian VoIP device in the Purple peering network. The Australian VoIP device receives the INVITE from an unknown peer in Brazil, but validates that the call was authorized by the Purple peering server and accepts the call.When the call is finished, the VoIP device in Brazil sends it call detail record to the Yellow peering server and the VoIP device in Australia sends its call detail record to the Purple peering server. Each peering server then forwards its call detail record to the other peering server to complete end to end accounting of the transaction.This slide presents an OSP message captured off the wire. Inside the HTTP message is the XML based OSP message. This OSP message is a peering Authorization Response message from a peering server to a source peer.This screenshot is a continuation of previous Peering Authorization Response message defines the details of the authorized peering session. Details include:A unique transaction ID.2. The Call ID created by the source peer.3. The called number, which may be translated by the peering server.4. The IP address of the destination peer.5. The session usage authorized. In this example it is 14,400 seconds or 4 hours. However, the OSP protocol supports also supports any usage type such as packets, bits or bytes.6. Authorization window, each token can define a specific time window for authorization.7. Signaling protocol expected by the destination device.8. And the digital signature of the peering server