SIP.edu Deployment sipETH

Technical Overview

ETH Zurich's PolyPhone environment is composed by following elements:

SIP Proxy

The SIP proxy server used is SIP Express Router (SER) from iptel.org.
SER was extended with custom modules written in C to integrate extisting services of ETH. Main reasons to use custom C modules:
- a lot faster than shell scripts
- no new processes are spawned during operation
- possibility to return custom error messages by calling sl_reply_error directly
- LDAP and database connections can be persistent, i.e. connections are opened when a SER module is loaded and are reused on each subsequent call to exported module functions.

SIP Registrar

The default SER registrar where all active SIP clients are registered.

PeerPoint (Jasomi Networks)

A third party Border Gateway Controller is integrated to support NAT/Firewalled user agents and hide internal topology of SIP environment (Proxies, Gateways, Servers).

LDAP nethz

Stores usernames, passwords, E-Mail (primary and aliases) and internal phone numbers.

PermissionDB

Stores phonenumbers, settings and permissions for users. In the near future, the PermissionDB will be integrated into the LDAP infrastructure.

Web-Interface

Instead of serweb, we use a custom website with interface to the SER proxy. In the near future, the web interface will be integrated in the web interface of the existing LDAP services (n.ethz.ch). The web interface also gives useful information about this project and monitors the status of the environment components.

RADIUS

The following operations are authorized using the existing RADIUS server infrastructure:
- Registration of SIP users (REGISTER)
- Establishing calls using an n.ethz.ch digest header (INVITE)

Location DB, Accounting

The default SER Location DB. Accounting is only used for statistical reasons (it is not yet working properly)

DNS

Domain Name Server of ethz.ch (serving about 450 subdoains) is fully integrated with SER. Any former e-mail could be resolved to a SIP account or an internal pstn phone number.

Gateways

Existing pstn infrastructure has been integrated in the envirnment. Authorized Sip users can reach every internal and external phone.

Voice Mail

A voice mail-box system is available to the user. The system is based on Asterisk.

TCP/IP (Wired)

The wired TCP/IP network of ETH. Directly adressable IP numbers are used (no firewalls or number translation).

HOME (FW, NAT)

Infrastructure used by employees when at home or en route.

ETH WLAN

The Wireless LAN infrastructure of ETH. For public users the WLAN allows only access to selected IP addresses inside ETH (e. g. the home page www.ethz.ch). Other addresses can only be reached after VPN validation. Since this is not possible with WLAN SIP phones, exceptional access to the SIP Server / MEDIA Proxy has been granted. Phone registered on our SIP server will be able to establish connections to any other SIP phone on the Internet.

Integration of the Business Telephony System

The ETH business telephony system internally uses numbers with five digits. All phones can be reached externally by dialing +41 44 63 followed by the five digit code.

All ETH business phones can be directly reached by dialing SIP:12345@ethz.ch where 12345 is the five digit code.

inet Numbers

In this project we introduce the concept of inet numbers. Inet numbers are personal and do not replace business telephone numbers. Inet numbers are made available to professors, students and staff. Also alumni and former staff will have the right to use their inet number after having left ETH. Users will directly be charged for calls to the PSTN.

Users with an inet number can register SIP phones on the SIP Proxy. A username and a password must be provided for RADIUS authentication.

Inet numbers are real phone numbers (belonging to Swiss Numbering plan +41) and can be directly reached from PSTN worldwide. A special district (058) has been allocated for them.

We assume this service will strengthen the relationship inside the ETH community.

Routing of calls using an E-Mail address as identifier

Primary E-Mails and the five digit internal phone numbers of ETH staff are stored in LDAP.
This information is publicly available so no special precautions are required to fetch this information from the LDAP servers. URI of incoming SIP invite messages of type sip:email@org.ethz.ch are first resolved in LDAP. If an inet phone number is associated with the E-Mail address, the To: URI is rewritten so that a SIP client registered at the SER proxy using the inet phone number is contacted first. If there is no inet phone number, then the To: URI is rewritten into the default five letter digit business telephone number, if available.

Additionaly, some E-Mail aliases are stored in an ActiveDirectory forest. Unlike normal LDAP for primary email addresses, there is no public directory for e-mail aliases. The SER therefore connects to this active directory using another custom C module implementing a secure SASL/TLS LDAP lookup. Again, E-Mail addresses are rewritten into inet phone numbers, if possible. If there is no inet phone number, then the To: URI is rewritten into the default five letter digit business telephone number.

Authorisation of inet Phone Users

Users that were assigned an inet phone number may register themselves with a SIP client at the SER proxy server.

Each and every ETH member has a central n.ethz user account. Normal user validation for public computer facilities can either be done using RADIUS or using LDAP. For the SIP project, we chose to use auth_radius from the ser distribution to authenticate SIP clients of users with an inet phone number as this allows authentication using a challenge/response scheme. The RADIUS library being used is radiusng.

Authorisation was further extended with a custom MYSQL table that - once a user is registered at the proxy server - allows fine-grained control over who can dial which number (e.g. internal phone numbers, emergency phone numbers, national normal rate PSTN calls, national mobile calls which are more expensive in Switzerland etc.). SIP phone system administrators can modify permissions using a custom web interface.

Accounting

Accounting is performed on the Cisco gateway using the built-in logging system. Accounting is also performed using the ser built-in ACC module, currently with varying success.

Presence

There is currently a web interface that directly connects to the SIP server using the SER FIFO (to auto sync db contents) and the MYSQL database. Presence does only distinguish between who is registered and who is not. The presence subsystem is currently being worked on to include SUBSCRIBE / NOTIFY events in the future.

Instant Messaging (IM)

Users can either send Instant Messages using IM-enabled SIP clients or using a web interface. As most SIP clients used do not support incoming SIP messages, a gateway translating instant messages to e-mail was developed (primary e-mail addresses is resolved using LDAP). The instant message subsystem is currently being worked on to improve client interoperability.

Voice mail

A voice mail system is currently not implemented. It will be implemented later.

ENUM Integration

Our SIP Proxy implementation supports ENUM for outbound calls. When a phone number starts with a "+?, like sip:+41446336297@ethz.ch, then a request to the e164.arpa ENUM servers is started. If there is an entry for this number, then the corresponding phone number is called. If there is no entry, then the address is interpreted as an international PSTN phone number.

Further information

If you want further information, please contact Michele De Lorenzi (sip@ethworld.ethz.ch) or Armin Brunner (armin.brunner@id.ethz.ch).