Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Session Initiation Protocol (SIP) Common Log Format (CLF)‏ IETF 74, March 2009, San Francisco, CA (USA)‏ Vijay K. Gurbani Eric Burger Humberto Abdelnur.

Published bySharon Lynch Modified over 9 years ago

Similar presentations

Presentation on theme: "The Session Initiation Protocol (SIP) Common Log Format (CLF)‏ IETF 74, March 2009, San Francisco, CA (USA)‏ Vijay K. Gurbani Eric Burger Humberto Abdelnur."— Presentation transcript:

1 The Session Initiation Protocol (SIP) Common Log Format (CLF)‏ IETF 74, March 2009, San Francisco, CA (USA)‏ Vijay K. Gurbani Eric Burger Humberto Abdelnur Olivier Festor Tricha Anjali

2 Agenda  Scope of the problem (Eric).  Solution as documented (Vijay).  Open issues (Vijay).

3 CLF Motivations  Large heterogeneity of SIP equipments available –Interoperate at SIP level –but support proprietary log formats (if any)‏  Fostering heterogeneity acceptance Build on a per device basis log wrappers for any management application (tedious, error prone, costly) OR Standardize a common format CLF provides the means for option (2)‏

4 What SIP CLF is and is not … SIP CLF is NOT…  … a replacement for a CDR (Call Detail Record).  … a billing tool.  … a QoS measurement tool. SIP CLF IS:  … a standardized format that can be used by all SIP entities.  … an easily digestible log of past and current transactions.  … a format that allows quick parsing to discover relation- ships between transactions $ grep yuhyt6 sip-clf.txt gets all transactions with this label.  … amenable to easy parsing for creating other innovative tools.

5 Applications that can benefit from CLF  Security Management –Forensic analysis tools –Intrusion detection/prevention systems –Automata training  Fault Management –Faults tracking / calls correlation –Call traces Validation  Standard log services –E.g. SYSLOG

6 6 Challenges in defining SIP CLF  SIP is not a linear request-reply protocol – HTTP is linear: pipelining okay, one request = one response.  Complexity inherent in the protocol: – Serial and parallel forking elicit multiple responses. – Delays between getting a request and sending a response (origin server in HTTP is quick; UAS not quite so. Impact on proxies.)‏ – Multiple transactions grouped in a dialog; dialog persists for a long time, transactions short-lived (e.g., BYE comes much later, but relation between INV and BYE should be preserved in a log file.)‏

7 7 Challenges in defining SIP CLF  ACK requests need careful considerations: – Only tied to an INVITE. – No responses for ACKs. – For non-2xx, ACKs hop-by-hop (part of INV transaction.)‏ – For 2xx, ACK end-to-end.  CANCEL requests need careful considerations: – Only tied to an INVITE. – Requires exactly one response. – Is propagated hop-by-hop.  INV can pend, resulting in a 1xx response (200ms rule.) This 1xx response needs to be captured to train automata.  SIP has a richer set of actors: UAS, UAC, B2BUA, proxy, registrar, redirect server,...

8 8 SIP CLF is... inspired by HTTP CLF %h %l %u %t \"%r\" %s %b remotehost rfc931 authuser [date] request status bytes Example: 127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] \ "GET /apache_pb.gif HTTP/1.0" 200 2326 SIP CLF borrows a bit from Apache CLF and Squid CLF. Some elements don't contribute (%b %l -- removed.)‏

9 Request CLF  B2BUA correlation directives –FORK/ used by the server transaction –CLIENT/ used by the client transaction  Extensions –to be defined (other headers) / message-body 1230756560 192.168.1.10 - INVITE sip:bob@example.net sip:alice@example.com;tag=iu8u76 sip:bob@example.net i98ju@example.com " “ y6y78u - server client date remotehost userauth method request-URI from to callid “contact-list” transact. transact. delim extension code code

10 Response CLF  Need to record provisional/final responses  Both CANCELs and INVITEs will have the same %x value. 1230756560 y6y78u - 100 INVITE sip:bob@example.net;tag=yh78 - 1230756560 y6y78u - 180 INVITE + - 1230756560 y6y78u - 200 INVITE + - server client date transaction transaction status method to “contact-list” delim extension code

11 11 Open issues Preserving privacy  Anonymize IP addresses and other private information.  File system, operating-level permissions.

12 12 Open issues Handling rfc3841 directives  How rfc3841 directives should be handled? –directives may lead a proxy to alter normal rules (e.g. no- cancel directive)

13 13 Open issues “%c” issue  Contact: ;param=”1 2”

14 14 Backups

15 15 SIP CLF: Examples In the following example, Alice is registering herself with her domain's registrar and is challenged for HTTP Digest: 1230756550 192.168.1.2 - REGISTER sip:example.com sip:alice@example.com;tag=iu8u76 sip:alice@example.com 8719u@example.com - hgt678h - 1230756550 hgt678h - 401 REGISTER sip:alice@example.com;tag=8hy -

16 16 SIP CLF: Examples Registration is successful: 1230756560 192.168.1.2 alice REGISTER sip:example.com sip:alice@example.com;tag=iu8u76 sip:alice@example.com;tag=yh78 8719u@example.com " ;q=0.7;expires=7200, ;q=0.5;expires=3600" hgt679h - 1230756550 hgt679h - 200 REGISTER + " ;q=0.7;expires=7200, ;q=0.5;expires=3600" Note: +

17 17 SIP CLF: Examples In this example, Bob contacts Alice; Alice's UAS has sent a 180 upstream but has not generated a final response yet. Before Alice has a chance to pick up the phone, Bob hangs up causing a CANCEL to arrive at Alice's UAS. Alice's UAS processes the CANCEL, sending a 200 OK (CANCEL), followed by sending a 487 (INVITE) and receiving an ACK: 1230756560 192.168.1.10 - INVITE sip:bob@example.net sip:alice@example.com;tag=iu8u76 sip:bob@example.net i98ju@example.com " " y6y78u - 1230756560 y6y78u - 100 INVITE sip:bob@example.net;tag=yh78 - 1230756560 y6y78u - 180 INVITE + - 1230756561 192.168.1.10 - CANCEL + + + + - y6y78u - 1230756560 y6y78u - 200 CANCEL + - 1230756561 y6y78u - 487 INVITE sip:bob@example.net;tag=yh78 - 1230756561 192.168.1.10 - ACK + + + + + y6y78u - Note: Correlation using %x (server transaction.)‏

18 18 SIP CLF: Examples A session queued and answered: 1230756560 192.168.1.10 - INVITE sip:agent@acd.example.net sip:alice@example.com;tag=iu8u76 sip:agent@acd.example.net i98ju@example.com - z9hG4bk7yt6 - 1230756560 z9hG4bk7yt6 - 100 INVITE sip:agent@acd.example.net;tag=oi8 - 1230756560 z9hG4bk7yt6 - 180 INVITE + - 1230756561 z9hG4bk7yt6 - 182 INVITE + - 1230756564 z9hG4bk7yt6 - 182 INVITE + - 1230756565 z9hG4bk7yt6 - 183 INVITE + - 1230756566 z9hG4bk7yt6 - 200 INVITE + - 1230756566 192.168.1.10 - ACK + + + + - z9hG4bk7yt6 -

19 CLF Motivations  Large heterogeneity of SIP equipments available –Interoperate at SIP level –but support proprietary log formats (if any)‏  Fostering heterogeneity acceptance Build on a per device basis log wrappers for any management application (tedious, error prone, costly) OR Standardize a common format CLF provides the means for option (2)‏

Download ppt "The Session Initiation Protocol (SIP) Common Log Format (CLF)‏ IETF 74, March 2009, San Francisco, CA (USA)‏ Vijay K. Gurbani Eric Burger Humberto Abdelnur."

Similar presentations

1 © 2001, Cisco Systems, Inc. All rights reserved. © 2004, Cisco Systems, Inc. All rights reserved. Location Conveyance in SIP draft-ietf-sipping-location-requirements-02.

1 © 2001, Cisco Systems, Inc. All rights reserved. © 2004, Cisco Systems, Inc. All rights reserved. Location Conveyance in SIP draft-ietf-sipping-location-requirements-02.
SIP, Presence and Instant Messaging

SIP, Presence and Instant Messaging
July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.

July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.
January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.
Signaling: SIP SIP is one of Many ITU H.323 Originally for video conferencing The first standard protocol for VoIP Still in wide usage, but negative.

Signaling: SIP SIP is one of Many ITU H.323 Originally for video conferencing The first standard protocol for VoIP Still in wide usage, but negative.
IETF 91 DISPATCH draft-jesske-dispatch-forking- answer-correlation-02 Roland Jesske.

IETF 91 DISPATCH draft-jesske-dispatch-forking- answer-correlation-02 Roland Jesske.
SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.

SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.
Session Initiation Protocol Winelfred G. Pasamba.

Session Initiation Protocol Winelfred G. Pasamba.
Session Initiation Protocol (SIP) By: Zhixin Chen.

Session Initiation Protocol (SIP) By: Zhixin Chen.
VoIP Using SIP/RTP by George Fu, UCCS CS 522 Semester Project Fall 2004.

VoIP Using SIP/RTP by George Fu, UCCS CS 522 Semester Project Fall 2004.
Cmpe 491 Special Project In Computer Engineering SIP User Agent In JAVA Alp Eren YILMAZ & Serdar YALÇINKAYA.

Cmpe 491 Special Project In Computer Engineering SIP User Agent In JAVA Alp Eren YILMAZ & Serdar YALÇINKAYA.
A Generic Event Notification System Using XML and SIP Knarig Arabshian and Henning Schulzrinne Department of Computer Science Columbia University

A Generic Event Notification System Using XML and SIP Knarig Arabshian and Henning Schulzrinne Department of Computer Science Columbia University
Chapter 6: Distributed Applications Business Data Communications, 5e.

Chapter 6: Distributed Applications Business Data Communications, 5e.
CSc 461/561 CSc 461/561 Multimedia Systems Part C: 2. SIP.

CSc 461/561 CSc 461/561 Multimedia Systems Part C: 2. SIP.
SIP, Session Initiation Protocol Internet Draft, IETF, RFC 2543.

SIP, Session Initiation Protocol Internet Draft, IETF, RFC 2543.
SIP 逄愛君 SIP&SDP2 Industrial Technology Research Institute Computer & Communication Research Laboratories Elgin Pang Outline.

SIP 逄愛君 SIP&SDP2 Industrial Technology Research Institute Computer & Communication Research Laboratories Elgin Pang Outline.
1 Extending SIP Speaker: Hsuan-Ming Chen Adviser: Ho-Ting Wu Date: 2005/04/26.

1 Extending SIP Speaker: Hsuan-Ming Chen Adviser: Ho-Ting Wu Date: 2005/04/26.
Agenda Introduction to 3GPP Introduction to SIP IP Multimedia Subsystem Service Routing in IMS Implementation Conclusions.

Agenda Introduction to 3GPP Introduction to SIP IP Multimedia Subsystem Service Routing in IMS Implementation Conclusions.
Introduction to SIP Speaker: Min-Hua Yang Advisor: Ho-Ting Wu Date:2005/3/29.

Introduction to SIP Speaker: Min-Hua Yang Advisor: Ho-Ting Wu Date:2005/3/29.
AARNet Copyright 2011 Network Operations SIP Deep Dive Bill Efthimiou APAN33 SIP workshop February 2012.

AARNet Copyright 2011 Network Operations SIP Deep Dive Bill Efthimiou APAN33 SIP workshop February 2012.

Similar presentations

Ads by Google