"Mu's Analyzer complements our internal vulnerability detection methods, which accelerates our remediation efforts, and decreases exposure to exploitation. "

Joe Levy
Chief Technology Officer
SonicWALL

Session Initiation Protocol (SIP)

The signaling protocol at the core of VoIP networks is the Session Initiation Protocol (SIP). As the system complexity increases, due to growing complexity of protocols, feature sets, configuration choices, etc., implementation mistakes or misconfigurations leading to interoperability issues become ever more likely. These flaws create opportunities for service interruptions or degradations in VoIP systems, including those based on the IMS architecture.

SIP Collateral

• SIP Protocol Brief (download PDF, registration required)
• West Coast Labs Documents Mu's SIP Leadership
• Mu Participates in SIP and IMS Interoperability Events

SIP is actually much more than just one protocol defined by one specification...in its entirety, it's defined by well over 100 documents. Implementers have a daunting number of requirements and thus many opportunities to unintentionally make mistakes. For any given SIP application, a subset of these documents will be mandatory, another subset may be recommended, and a third subset may be completely optional. In fact, most of these documents will each have its own "must," "should," and "may" statements.

To make things even more complex, the rapid evolution of SIP applications means that a feature that is optional today may become mandatory (or be deprecated!) tomorrow, so network operators may see issues where an old version has trouble talking to a newer version of the same product because the ground rules have changed since it was initially deployed or most recently updated. Despite the best efforts of the standards bodies, some of these incompatibilities may even be baked into the standards as they evolve, breaking backward compatibility, so ongoing proactive service assurance is one of the only ways to know whether a service can tolerate dangerous traffic it is virtually guaranteed to encounter in the real world.

Are SIP Implementations Reliable, Available and Secure Enough?

SIP is evolving rapidly at both the standards-body level and the product level, yet network operators are aggressively deploying SIP in a wide variety of revenue-generating applications, e.g., the so-called "triple-play" services that encompass voice, video and data. SIP is an essential element of the voice aspect of live triple-play networks today worldwide, and while subscribers appreciate the lower price point compared to traditional telephony services, VoIP services already built a perception of lower quality. VoIP service quality has to increase markedly before subscribers will want VoIP for its features, not just its price.

SIP’s relative immaturity means the risk of downtime is elevated, which is not acceptable to network operators (subscribers don't like downtime, either!). In order to reduce the chance that their SIP-based services will experience expensive downtime, carriers are using proactive service assurance to ensure that their revenue-generating or business-critical services are as reliable, available and secure as they can make them. Proactive service assurance of SIP-based applications is essential for many technical and business reasons, viz.: 

• SIP equipment is being deployed in revenue-critical and business-critical communication infrastructure. Hidden software flaws can have very high costs, significantly impacting normal business operations, ultimately causing damage ranging from downtime and/or SLA penalties to increased customer churn
• The SIP specification provides considerable implementation latitude to vendors. The flexibility means that many seemingly conformant products with equivalent functionality will not behave the same in equivalent configurations, due to valid but incompatible implementation choices
• The SIP specification itself creates opportunities for reliability, availability, and security issues due to the high complexity of the implementation choice space multiplied by the much larger possible configuration space
• SIP is frequently deployed in software applications or hardware products that are difficult or impossible to patch once implementation flaws are found

All these factors drive the requirements to carry out thorough proactive service assurance of SIP throughout the development (vendors) and deployment (network operators) life cycles. The best option is to use a highly automated methodology to proactively isolate and remediate any software implementation flaws before they cause downtime: Use a Mu-4000 Service Analyzer.

Mu’s Proactive Service Assurance Solution for SIP Applications

Mu’s implementation of SIP dynamically interacts with a VoIP service (or any service that depends on SIP, including location-based or presence-based services) and correlates custom user-defined effects to establish reliability, availability and security metrics — including latency data. The Mu-4000 statefully interacts with both SIP endpoints and passthrough devices (e.g., proxies or session border controllers (SBCs)) and has extensive configuration knobs for interacting with any SIP components, even those deployed within IMS environments.

In addition to the SIP Torture Test (RFC-4475), the Mu-4000's SIP analysis suites cover various SIP-based VoIP call flows, SIP’s REGISTER and OPTIONS methods, as well as various unsolicited SIP messages. The Mu-4000's SIP implementation includes both an integrated user-agent-client (UAC) and -server (UAS) and includes over 4,000,000 (four million!) unique test cases that can be delivered over any of 10 transport stacks (UDP, TCP, TCP+SSLv2, TCP+SSLv3, or TCP+TLSv1 — over IPv4 or IPv6) with or without SIP Digest authentication.

And They Lived Happily Ever After

At the end of the day, uptime for cutting-edge SIP-based services is the only way to ensure that subscribers are happy, which means they will want to keep exchanging their money for the network operator’s service. Mu’s proactive service assurance methodology is the way that carriers are meeting or exceeding subscribers’ expectations for service delivery as part of the ongoing deployment life cycle process.

Solution
Mu-4000 Service Analyzer

Back to top ^