Hello all,
I wanted to share with everyone else my opinion on where SER and/or iptel.org is going, and ask folks for opinion and testing the new features mentioned bellow. Shortly I think the key goals on the software side are SLAMP bundling, security and performance. On the operational side, the technology is getting to a place which I like to call "akamai of sip" ... world-wide distributed reliable SIP network.
- BUNDLING. I'm a strong believer in SLAMP ... SER/SEMS/SERWEB -- Linux -- Apache -- Mysql -- Perl/Python/PHP. It is the software mesh-up that actually allows to build a variety of web applicatons. We now have SIPSAK, SERWEB and SEMS well synchronized and working with each other. SER has advanced on the packaging side to provide out-of-the-box experience: we have a very complete configuration file (OOB) dealing with most common real-word scenarios, we have all-in-one packaging that puts all the pieces in a single box. (see bellow for more).
- SECURITY: Enormous attention has been paid to it. Actually I have contracted a security review, TCP code known to be easily vulnerable to blocking attacks has been made more robust, and SER now implements predictive nonces to deal with replay attacks mounted on digest authentication. Support for Identity (see bellow and RFC4474) has been extensively tested in Sipits. In fact, I consider lack of Internet-wide notion of identity one of the greatest hassles in the Internet and this is our modest contribution to address that.
- PERFORMANCE. This can be never appreciated enough. While SER can easily serve quite large populations on commodity hardware, the real challenge is in fact dealing with abnormalities. This includew boot avalanches of SIP telephones, misconfigurations, unsolicited traffic, simply all the things you never wish to happen. Still they do. Currently the bottleneck turned out to be database, which has been greatly improved.
It is worthwile mentioned we eat our own dog's food ... the public iptel.org service is powered by SLAMP. I'm working with my collegues on advance concepts that allow to deal with massive geographic dispersion (akamai-like experience), routing, etc. See bellow for more.
OOB ----- * Features
First -- OOB, which stands for out-of-the-box, and is a very exhaustive configuration of SER (we might have called it all-you-can-eat) , dealing with most of common features/problems: - NAT traversal - basic call services (variants of call forwarding, speed-dial) - multidomain hosting - gateway routing and gateway protection
* Requirements
OOB is available for SER 2.0 and higher, as it leverages some of the key SER features coming up with this thoroughly overhauled version. There is also OOB debian package for it -- not that it only includes SER without supporting packages such as mysql and rtp proxy.
* Roadmap - even more security (rate-limit, identity, permissions) Most important to me appears Identity support. Given that lack of some credible notion of identity is causing a lot of mess, I think it is time to begin using verifiable identity with SIP. SER supports Identity (RFC4474) since quite a while and has been tested in sipits for it. Also on the security page, I think the famous module rate-limit shall appear in OOB rather soon than late.
* Source: http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/etc/ser-oob.cfg?rev...
ai1 ---- * Features All-in-one is an attempt to bring all related packages on a single box using a simple installation procedure. The metapackage includes SER, SEMS, SERWEB, SER_CTL. It is in its very early stage, so please help by testing it.
* Requirements debian. There is currently no other system supported.
* To use it: - put the iptel.org debian package repository in your source.list: deb http://ftp.iptel.org/debian etch main cvs - update package list and repositories: apt-get update; apt-get upgrade - set appropriate reconfiguration level to *medium* dpkg-reconfigure - install ai1 apt-get install ai1
* Known limitations It is really just finished and only little tested. Please help testing and collecting the initial experience.
Other semi-news ---------------
While there are interesting periodic Talmudic discussion when 2.0 shall be labeled as "released", there is lot of good work going on with SER 2.1 (the "HEAD version"). Let me make a "sales pitch" for at least some parts of it which have so far made it to CVS.
A very important change is the DB-API overhaul. For those of you who are running deployments which are a bit "dense", it is certainly no secret that database matters. In fact, it it not unusual to have about seven database transactions for a single SIP invite transaction. Thus database has a huge impact on performance, and if database is for whatever reason lame, so will be soon everything else. A large portion of all major failures I have witnessed were someway related to databases. The DB-API performs very well and is ready to be used with real-time databases. Also a new LDAP module has been contributed (single DB driver for all modules, not like at this moment yet radius-based modules for different functionalities).
It is also important to realize that well-done database engine is the key instrument for integrating applications (or if you wish to use this horrible buzzword, databases are great *middleware*.) The thing is that in reality it is mysql and other noble databases that connect applications (such as SER) with web-front-ends (such as SERWEB), CLIs (such as SERCTL) and any other thinkable applications. Personally I think that middleware technologies such as "corba" have actually not achieved such an impact as good open databases did -- long live SLAMP.
On the "aplication-mash-up side", another step is going to be single-sign-on. I believe this will be very useful in integrating SIP, and serweb with other applications, such as address books. Our esteemed serweb author is working on it hard right now.
New configuration framework is extremelly useful thing -- now many things can be easily managed in SER in real-time without the need to restart the server. http://sip-router.org/browser/ser/doc/cfg.txt?rev=6627%3A746a56c7a1f4
An extremely long list of useful features and fixes have appeared on CVS, be blessed all who have contributed to keeping SER a well-oiled machine by adding all these laborious changes. I apologize to all the authors for not mentioning all the important contributions, this email just began to be more lengthy than I hoped for. http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/NEWS?rev=HEAD&c...
Also as you know, there is a SER book, alas only in German now: http://www.amazon.de/Internet-Telefonie-VoIP-mit-Asterisk-SER/dp/3937514163
iptel.org setup ---------------- I think the iptel.org running SIP service deserves some extra attention. In the future I actually plan to "fork" a new mainling list, so that folks can better separate debates related to the software and to the running service.
In the heart of the service, there is SER running (CVS/HEAD version). With SER, we have many useful features: - have-my-domain ... folks can claim, administer and run their own domains - BETA: Akamai-like services for selected hosted domains. Briefly, it allows subscribers to be served by a server close to them. Particularly beneficial for media relay. - media services: 1000@iptel.org ... voicemail, 000777 prefix ... conference bridge; there is also zRTP-secured confidential conferencing service - subscriber provisioning (domain owners can largely manipulate structure user profiles) - multiple identities (00 prefix) allows you to terminate SIP calls using alternate accounts preconfigured in user profile - monitoring (administrator tool which is essential to keep the service healthy) - massive routing administrator provisioning
Of course not all of it is achieved using SER alone -- that's where the SLAMP concept comes in. Media services are powered by SEMS, Web-provisioning is achieved using SERWEB. Even proprietary components fit in very well, such as the monitoring box (palladion), load-balancer and one private SER extension (the massive route provisioning).
notes to openser users ---------------------- stay tuned. whereas all the development mentioned here relates to SER, I'm confident they will make their way to openser as well. We had recently a very open (:-)) meeting with openser advocate, Henning W. and there was quite lot of good will to exchange. See http://openser.org/pipermail/devel/2008-June/013880.html