SIP on an Overlay Network

Abstract: With the development of mobile (specifically: wide area cellular telephony) technology, users’ requirements have changed from the basic voice service based on circuit switch technology to a desire for high speed packet based data transmission services. Voice over IP (VoIP), a packet based service, is gaining increasing attention due to its high performance and low cost. However, VoIP does not work well in every situation. Today Network address translation (NAT) traversal has become the main obstruction for future VoIP deployment. In this thesis we analyze and compare the existing NAT traversal solutions. Following this, we introduce a VoIP over IPSec (VOIPSec) solution (i.e., a VoIP over IPSec virtual private network (VPN) scheme) and an extended VOIPSec solution mechanism. These two solutions were tested and compared to measure their performance in comparison to a version of the same Session Initiation Protocol (SIP) user agent running without IPSec. In the proposed VOIPSec solution, the IPSec VPN tunnel connects each of the SIP clients to a SIP server, thus making all of the potential SIP participants reachable, i.e., solving the NAT traversal problem. All SIP signaling and media traffic for VoIP calls are transmitted through this prior established tunnel. This VPN tunnel provides the desired universal means for VoIP traffic to traverse NAT equipment. Additionally, the IPSec VPN also guarantees the security of VoIP calls at the IP level. In order to improve the security level of media streams for the VOIPSec solution, we deployed and evaluated an extended VOIPSec solution which provides end-to-end protection of the real time media traffic. In this extended VOIPSec solution, we used SRTP instead of RTP to carry the media content. This extended method was shown to provide all of the advantages of VOIPSec and SRTP without any additional delay for the media traffic (as compared to the VoIPSec solution). Note that the solution proposed in this thesis may be of limited practical importance in the future as more NATs become VoIP capable; but the solution is currently essential for facilitating the increasing deployment of VoIP systems in practice. For VoIP calls that do not need end-to-end security, we recommend the use of the VOIPSec solution as a means to solve the NAT traversal problem and to protect traffic at the IP level. When application to application security is not needed we prefer the VOIPSec solution to the extended VOIPSec solution for the following reasons: (1) our test results show that the time for call setup for the extended VOIPSec solution is twice time the time needed for the VOIPSec solution and the extended VOIPSec solution requires the use of user agents that support SRTP. While, the VOIPSec solution does not require a special user agent and all VoIP clients in the market are compatible with this solution. However, when more SIP user agents add support for SRTP, the extended VOIPSec solution will be applicable for users of these SIP user agents.