headers
Avshalom Houri | 3 Jan 2011 16:25
Picon
Favicon

Changing route set in SIP outbound

Assume that the first SIP proxy that is part of the route set (in SIP outbound)
crashes and immediately restarts, or a backup proxy takes over. Is there any way to keep the dialog alive if either of the
endpoints senses this failure and recreates a connection or the dialog is doomed and needs to be
fully recreated again? The issue is that the route set includes the connection information, which is no longer valid.

tnx
avshalom 
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is essentially closed and only used for finishing old business.
Use sip-implementors <at> cs.columbia.edu for questions on how to develop a SIP implementation.
Use dispatch <at> ietf.org for new developments on the application of sip.
Use sipcore <at> ietf.org for issues related to maintenance of the core SIP specifications.
Permalink | Reply | 5 comments |
headers
Worley, Dale R (Dale | 3 Jan 2011 16:26
Favicon

Re: Changing route set in SIP outbound

________________________________________
From: sip-bounces <at> ietf.org [sip-bounces <at> ietf.org] On Behalf Of Avshalom Houri [AVSHALOM <at> il.ibm.com]

Assume that the first SIP proxy that is part of the route set (in SIP outbound)
crashes and immediately restarts, or a backup proxy takes over. Is there any way to keep the dialog alive if
either of the
endpoints senses this failure and recreates a connection or the dialog is doomed and needs to be
fully recreated again? The issue is that the route set includes the connection information, which is no
longer valid.
________________________________________

As you phrase the question, the *dialog* cannot be kept alive if the connection in question is lost because
the route set cannot be changed.

Dale
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is essentially closed and only used for finishing old business.
Use sip-implementors <at> cs.columbia.edu for questions on how to develop a SIP implementation.
Use dispatch <at> ietf.org for new developments on the application of sip.
Use sipcore <at> ietf.org for issues related to maintenance of the core SIP specifications.
Permalink | Reply | 2 comments |
headers
aayush | 3 Jan 2011 16:40
Picon
Gravatar

Re: Changing route set in SIP outbound

The route set cannot be changed mid dialog.

Regarding the endpoint detecting the crash of an intermediate proxy,there is a periodic session refresh mechanism available in SIP which the endpoint must support.

This mechanism is implemented by examining the Session-Expires and Min-SE headers.

Conversely if a backup proxy takes over the crashed one, then both proxies (Active-Stabdby) must support Virtual IP failover for implementing this fault tolerance use case.

On Jan 3, 2011 8:59 PM, "Worley, Dale R (Dale)" <dworley <at> avaya.com> wrote:

________________________________________
From: sip-bounces <at> ietf.org [sip-bounces <at> ietf.org] On Behalf Of Avshalom Houri [AVSHALOM <at> il.ibm.com]


Assume that the first SIP proxy that is part of the route set (in SIP outbound)
crashes and immedia...

________________________________________

As you phrase the question, the *dialog* cannot be kept alive if the connection in question is lost because the route set cannot be changed.

Dale
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is essentially closed and only used for finishing old business.
Use sip-implementors <at> cs.columbia.edu for questions on how to develop a SIP implementation.
Use dispatch <at> ietf.org for new developments on the application of sip.
Use sipcore <at> ietf.org for issues related to maintenance of the core SIP specifications.
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is essentially closed and only used for finishing old business.
Use sip-implementors <at> cs.columbia.edu for questions on how to develop a SIP implementation.
Use dispatch <at> ietf.org for new developments on the application of sip.
Use sipcore <at> ietf.org for issues related to maintenance of the core SIP specifications.
Permalink | Reply | 1 comment |
headers
Nataraju A.B | 4 Jan 2011 14:36
Picon

Re: Changing route set in SIP outbound

AFAIU, Any proxy which forms part of the route-set during call setup. It must support backup and recovery mechanism. 


One simple  example where the proxy supports billing functionality could be part of the route-set and it shall support back and recovery. In this case it shall back back up all the necessary data to recover if there is any failure in the active unit. Otherwise it does not make sense to to be part of a route-set.


On Mon, Jan 3, 2011 at 9:10 PM, aayush <abhatnagar192006 <at> gmail.com> wrote:

The route set cannot be changed mid dialog.

Regarding the endpoint detecting the crash of an intermediate proxy,there is a periodic session refresh mechanism available in SIP which the endpoint must support.

This mechanism is implemented by examining the Session-Expires and Min-SE headers.

Conversely if a backup proxy takes over the crashed one, then both proxies (Active-Stabdby) must support Virtual IP failover for implementing this fault tolerance use case.

On Jan 3, 2011 8:59 PM, "Worley, Dale R (Dale)" <dworley <at> avaya.com> wrote:

________________________________________
From: sip-bounces <at> ietf.org [sip-bounces <at> ietf.org] On Behalf Of Avshalom Houri [AVSHALOM <at> il.ibm.com]


Assume that the first SIP proxy that is part of the route set (in SIP outbound)
crashes and immedia...

________________________________________

As you phrase the question, the *dialog* cannot be kept alive if the connection in question is lost because the route set cannot be changed.

Dale
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is essentially closed and only used for finishing old business.
Use sip-implementors <at> cs.columbia.edu for questions on how to develop a SIP implementation.
Use dispatch <at> ietf.org for new developments on the application of sip.
Use sipcore <at> ietf.org for issues related to maintenance of the core SIP specifications.


_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is essentially closed and only used for finishing old business.
Use sip-implementors <at> cs.columbia.edu for questions on how to develop a SIP implementation.
Use dispatch <at> ietf.org for new developments on the application of sip.
Use sipcore <at> ietf.org for issues related to maintenance of the core SIP specifications.



--
Thanks,
Nataraju A.B.

_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is essentially closed and only used for finishing old business.
Use sip-implementors <at> cs.columbia.edu for questions on how to develop a SIP implementation.
Use dispatch <at> ietf.org for new developments on the application of sip.
Use sipcore <at> ietf.org for issues related to maintenance of the core SIP specifications.
Permalink | Reply | 0 comments |
headers
Cullen Jennings | 14 Jan 2011 03:35
Picon
Favicon
Gravatar

Re: Errata report on errata 2602 and 2120 on RFC 5479, "Requirements and Analysis of Media Security Management Protocols"


I agree with the Recommended status on these. Might be good to run the first one by EKR. 

On Dec 13, 2010, at 3:09 PM, Worley, Dale R (Dale) wrote:

> ======================================================================
> RFC5479, "Requirements and Analysis of Media Security Management Protocols"
> Source of RFC: sip (rai)
> 
> Errata ID: 2602
> 
> Status: Reported
> Type: Technical
> 
> Reported By: Fabio Pietrosanti
> Date Reported: 2010-11-04
> 
> Section A.5.2 says:
> 
>      SDP Security Descriptions with SIPS
>         Not applicable; SDP Security Descriptions does not have a long-
>         term secret.
> 
> It should say:
> 
>      SDP Security Descriptions with SIPS
>         The PFS feature of SDP Security Description with SIPS rely on
>         TLS and the availability or not of PFS for SRTP calls depends
>         on the negotiated TLS key negotiation algorithm.
> 
>         If the selected TLS key negotiation algorithm of SIPS provide
>         PFS feature, then the underlying SRTP encryption will support
>         PFS.  For example TLS_DHE_RSA_WITH_AES_256_CBC_SHA provde PFS
>         feature as described in RFC5246.  If the selected TLS key
>         negotiation algorithm of SIPS does not provide PFS feature,
>         then the underlying SRTP encryption will not support PFS.
>         For example TLS_RSA_WITH_AES_256_CBC_SHA does not provide PFS
>         feature as described in RFC5246.
> 
> 
> Notes:
> 
> It's not true that SDP Security Descriptions with SIPS have PFS "Not
> applicable" because the SDES rely on TLS that is part of the security
> scheme.
> 
> Practically if the long terms keys (the x509v3 RSA key of SIPS server)
> is compromised, the TLS sessions can be decrypted, the SDES key
> extracted and SRTP calls deciphered.
> 
> TLS support key exchange methods that provide PFS trough the use of
> Ephemeral Diffie Hellman keys.
> 
> When SIPS use TLS with DHE key negotiation, then SDES acquire PFS
> feature because even in case of long-term key compromise (the server
> x509v3 RSA key), the short term keys (the SDES keys exchanged) will be
> safe.
> ----------------------------------------------------------------------
> Recommended status:  (correct) Verified (publish)
> Should be reviewed by a security expert.
> 
> It seems that the entry for "SDP Security Descriptions with S/MIME" is
> also incorrect, as revelation of the private keys of the participants
> will render the SDES readable.  I think better phrasing of the revised
> wording is:
> 
>      SDP Security Descriptions with SIPS
>         PFS if the selected TLS cipher suites for the SIPS hops provide PFS.
> 
>      SDP Security Descriptions with S/MIME
>         No PFS.
> 
> This needs to be reviewed by a security expert.
> ======================================================================
> RFC5479, "Requirements and Analysis of Media Security Management Protocols"
> Source of RFC: sip (rai)
> 
> Errata ID: 2120
> 
> Status: Reported
> Type: Editorial
> 
> Reported By: Alfred Hoenes
> Date Reported: 2010-04-05
> 
> Section 4.4,3rd para says:
> 
> |  A typical case of using media security where two entities are having
>   a Voice over IP (VoIP) conversation over IP-capable networks.
>   [...]
> 
> It should say:
> 
> |  A typical case of using media security is where two entities are
>   having a Voice over IP (VoIP) conversation over IP-capable networks.
>   [...]
> 
> Notes:
> 
> Rationale: missing verb.
> ----------------------------------------------------------------------
> Recommended status:  (correct) Hold for document update
> ======================================================================
> 
> Dale
> _______________________________________________
> Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
> This list is essentially closed and only used for finishing old business.
> Use sip-implementors <at> cs.columbia.edu for questions on how to develop a SIP implementation.
> Use dispatch <at> ietf.org for new developments on the application of sip.
> Use sipcore <at> ietf.org for issues related to maintenance of the core SIP specifications.

_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is essentially closed and only used for finishing old business.
Use sip-implementors <at> cs.columbia.edu for questions on how to develop a SIP implementation.
Use dispatch <at> ietf.org for new developments on the application of sip.
Use sipcore <at> ietf.org for issues related to maintenance of the core SIP specifications.
Permalink | Reply | 0 comments |

Gmane