Sunday, January 3, 2010

Best of New in Kamailio 3.0.0 - #10: topology hiding

Kamailio (OpenSER) 3.0.0 comes with a new module named topoh. In SIP, there are several headers indicating the local IP address of user agent or the path taken to rich the SIP server:
  • top most Via header
  • contact address
  • Record-Route headers
  • sometimes the Call-ID header
You may want to hide such details, typical use cases being:
  • protect the addresses of your PSTN gateways - will protect you against people trying to attack them to get free calls
  • protect your internal network topology - when having a big platform with many servers, you do not disclose their addresses
  • interconnection provider - to keep the details of connected parties secret to the other, to prevent a bypass of its service in the future
Note that for full privacy, you have to use a media relay (like rtpproxy) to hide the endpoints of media stream.

Advantages of topology hiding via topoh module:
  • lightweight solution - it is built in top of the SIP proxy, does not keep the state of the call. Needed information is encrypted in the SIP message
  • it can work across several SIP servers - by sharing same secret, different servers can encode/decode SIP messages within same call
  • script writer gets access to clear SIP messages - using an innovation in Kamailio 3.0.0, the SIP message is decode before executing the config file and is encoded after it execution. Practically, in config you process headers as they are set by caller or callee, ensuring proper accounting, authorization, etc.
  • straightforward usage - you need just to load the module, eventually tune the module parameters and that's it - topology hiding functionality is transparent to config routing logic
  • scalability - there is no back-to-back user agent involved, one box running topoh can scale up to many thousands of active calls with a casual server hardware these days
See screenshots with headers of (pay attention to Via, Contact, Call-ID):
  • received INVITE from caller
  • forwarded INVITE to callee
  • received 200 ok from callee
  • forwarded 200 ok to caller






The readme of topoh module is available at:
http://kamailio.org/docs/modules/3.0.x/modules/topoh.html

Check next post to learn about MemCached connector - accessing memcached from Kamailio config file.

No comments:

Post a Comment