SIPit27 Summary

From GlobalSIPit
Jump to: navigation, search
SIPit 27 was hosted by ETSI in cooperation with ITRI in Taiwan, Taipei
the week of November 15-19, 2010.

There were 54 attendees from 22 companies visiting from 10 countries.
We had 34 distinct implementations. 

We had several first-time attendees at this event, many bringing 
engineering prototypes. 

The largest change from the previous SIPit was in the level of support
for RFC5626 (Outbound). Nearly a quarter of the implemenations present
included an outbound implementation. Interestingly, about half of those
supported using outbound only with TCP. Multiparty testing uncovered
a potential problem with that specification (see the notes below).

The roles represented (some implementations act in more than one role)
 25 endpoints
  9 proxy/registrars/b2bua/sbcs
  1 dedicated event server

Implementations using each transport for SIP messages:
   UDP   100% 
   TCP   86%
   TLS   74% server-auth, 62% mutual-auth
   SCTP  15%
   DTLS   0%

53% the implementations present supported IPv6.

There were no Identity implementations present.

For DNS we had support for:
   Full RFC3263		: 68% 
   SRV only		: 21%
   A records only	: 11%
   no DNS support	: 0%

Support for various items in the endpoints 
  64% replaces
  32% 3489stun
  24% outbound 
  24% turn
  24% path
  20% ice
  20% gruu
  20% diversion
  16% service-route
  16% 5389stun
  16% history-info (there were no implementations of 4244bis)
  12% sip/stun multiplexing
  12% sigcomp
  12% join

Support for various items in the proxies:
  57% path
  29% service-route
  29% sigcomp
  29% diversion
  14% gruu
  14% sip/stun multiplexing
  14% history-info

The endpoints and B2BUAs implemented these methods:
 100% INVITE, CANCEL, ACK, BYE 
  96% REGISTER
  96% OPTIONS
  92% REFER
  92% NOTIFY 
  88% SUBSCRIBE
  80% UPDATE
  80% INFO
  76% PRACK 
  52% MESSAGE
  48% PUBLISH 

80% of the implementations sent RTP from the port advertised for reception (symmetric-rtp).
3 of the implementations required the other party to use symmetric-rtp.

80% of the UAs present both sent RTCP and paid attention to RTCP they received.

60% of the endpoints present supported SRTP using sdes.
There was one SRTP-mikey implementation present, and two ZRTP implementations.
There were no dtls-srtp implementations at this SIPit.

40% of the endpoints supported multipart/mime.
There were no implementations present with S/MIME support.

32% of the implementations present followed RFC6026 (corrections to the INVITE transaction)
52% followed RFC4320 (corrections to the non-INVITE transaction)

There were 3 SIP Event Server implementations (not counting endpoints that support events only for refer).
There were 7 SIP Event Client implementations (not counting endpoints that support events only for refer).

These event packages were supported:
  Server   Client
    2        6        presence
    1        4        presence.winfo
    0        2        message-summary
    1        3        dialog
    1        3        reg
    0        1        conference
    1        1        xcap-diff
    0        1        reg-gruu

These packages were supported with the eventlist extension:
  Server   Client
    1        3        presence

There was one implementation of event-rate-control, and two implementations of subnot-etags present.

There was one Info-Packages implementations present using an unregistered payload type.

Four of the proxies present still rely only on max-forwards. 
There was one implementation of fork-loop-fix, but no implementations of max-breadth.

Multiparty tests (notes contributed by Eoin McLeod and Byron Campen)

The spiral and forking tests continue to be helpful, uncovering bugs in new endpoint 
implementations, particularly when there are multiple early-media legs or 200 OKs from
multiple branches. The more notable interoperability problems this time were
related to Route/Record-Route, especially when making a transition from IPv4 to IPv6
across a proxy. Most of those problems were resolved when the implementations involved
followed the double record-routing recommendations in RFC5658. That said, when there
were many IPv6 hops contributing to the route-set, we began running into maximum 
message-size assumptions in the endpoints. The team working on this multiparty
created a clever self-testing tool allowing an endpoint to request a number of v6
and v4 hops by using the dialed digits (e.g. 664664446@).

The end of the forking test focused on TLS. We constructed a configuration exercised
a TLS connection between each of the partipating elements with a single SIP request
(see <https://www.sipit.net/files/Forking_tls---digraph%20topology2.png>). The majority
of the elements involved correctly validated the certificates when establishing 
connections. There were some issues with Record-Route values being created that did
not match the certificate contents for the proxy.

We exercised the proxy-doom (see RFC5393) test scenario utilizing a larger number
of participating AoRs. Even with the loop detection mechanisms in that specification,
the number of messages induced utilizing 30 AoRs flooded the participants in this test,
pointing to the need for implementation of Max-Breadth.

The STUN/TURN/ICE multiparty saw successful negotiation of the use of reflexive candidates
at each endpoint. We exercised successful calls between endpoints supporting Outbound and
those that didn't (but both supporting ICE). We induced a successful call with media 
traversing a TURN trapezoid by putting two endpoints behind different NATS, configuring 
them to not advertise reflexive candidates, and using firewalls to prevent each endpoint 
from seeing the other endpoint's TURN server directly.

We had a significant number of Outbound implementations present, and exercised correct
interaction between multiple edge-proxy and registrar implementations. A few of the UAs
participating could only establish one flow. The participants discovered a potential
problem in RFC5626 - the conditions under which an authoritative proxy/register is allowed
to try a second (or subsequent) flow when receiving an error on the active flow may be
incorrect. Currently, section 7 of RFC5626 restricts this to when the proxy has received
a 430, a 408, or a transport failure. It does not allow quick failover if the proxy receives
a 503, or a 480 that may have resulted form a 503 at some proxy between the edge proxy and
the authoritative proxy/registrar. The characterization of all responses other than 430 or
408 meaning "The targeted instance has already provided its response." may be incorrect.
The next SIPit's Outbound multiparty will focus on Flow-Timer behavior.

The SRTP multiparty test continues to expose issues with how different implementations
currently achieve "best-effort" security using SDES. Some implement RTP/SAVP, others 
implement RTP/AVP with crypto attributes. We encountered some issues with secure RTCP -
even if 32-bit keys are negotiated for RTP, the RTCP still needs to use 80-bit keys.
One implementation confused the flag indicating unencrypted SRTCP with meaning RTCP
(hence leaving out the authentication hash).

We spent some time late in the event introducing torture tests, and unusual messages 
into the network (for example, sending an unsolicted 200 OK to an INVITE to the broadcast 
address, which stimulated BYEs from a few implementations). In general, the implementations
at the event handled (or ignored) these messages correctly, but enough didn't that we will
continue to try these at the next several events.