Understanding SIP Routing

When sending SIP requests to Office Communications Server, a series of routing decisions are made by the server in order to route the requests to the right person or the right location. How the server decides this depends on the types of requests and the given topology. The server uses the information in the headers in each of the requests to know how to route the request through the network.

Overview of SIP Routing Concepts

Office Communications Server uses the header information found in the packets to know how to route packets through the network to the right user or the right location. The headers that are primarily used for routing in SIP are record-route headers, route headers, via headers, and contact headers. Routing signatures are placed in the headers to guarantee integrity of the messages. The following sections describe each of these headers and routing signatures in more detail.

Record-Route Headers

A server that proxies a message can add its own fully qualified domain name (FQDN) or IP address to the record-route header to indicate that it wants to remain in the signaling path for all subsequent SIP traffic in the current session. For example, for security reasons, an Office Communications Server 2007 Access Edge Server inserts its FQDN into all requests that establish a session originating from a corporate branch office; it does this to ensure that all subsequent messages in the established session have to go back through it before crossing the branch office firewall.

Route Headers

Route headers consist of a list of FQDNs or IP addresses of all entities in the path of a request. Upon receiving a message, each Office Communications Server removes its own FQDN or IP address from the list and forwards the message to the next Uniform Resource Identifier (URI) in the list.

Via Headers

The via header or headers contain FQDNs or IP addresses of the client and all Office Communications Servers that have handled a request. Via headers are used to direct responses back to a client by using the same path by which it was sent, but in the opposite direction. A server can also inspect the via header to determine whether it has previously handled a request.

Contact Headers

A user's address, as opposed to the address of the SIP server on which the user is hosted, is stored in the contact header. A server redirecting a message can write the address of the intended recipient in a contact header returned in a response to the client. Subsequently, the client can contact the recipient directly without having to go through the server.

Route Signatures

Office Communications Server uses route signatures to guarantee integrity of the messages flowing through the network. Without route signatures, the server would have no way to verify that the route the packets took through the network was not compromised by an attacker. Office Communications Server uses a cryptographic signature to verify that the packets did actually come through every hop that was expected.

Office Communications Server signs routing information in the Record-Route+Contact header and the via headers. The signing is performed on the edges of the server network trusted for supplying routing information on connections that are not trusted for routing and on Access Edge Servers on connections to federated domains. When signing the Record-Route+Contact header, the signature is placed in the route URI so that it is retained in the dialog state by the clients and echoed back in route headers in each request in the dialog. When a request is received from an untrusted network boundary (such as client or federated), Office Communications Server uses the route signature contained in the route URI to verify that the route path has not been tampered with.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.191.14.50