Scribd Logo
Upload

Welcome to Scribd!

  • Rfc4028 Session Timer

    Uploaded by

    Eliakim Feliciano Morais
    176 views25 pages
    The document describes Session Timers in SIP, which define a mechanism for periodic session refresh requests to keep SIP sessions alive. It introduces the Session-Expires header field to convey session duration, the Min-SE header field for the minimum allowed session expiration, and the 422 response code for when the requested session expiration is too small. It specifies user agent client, proxy, and user agent server behaviors for processing these fields and responding to session refresh requests. An example call flow demonstrates how the session timer mechanism works between the UAC and UAS via proxies.

    Original Description:

    Rfc4028 Session Timer

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document describes Session Timers in SIP, which define a mechanism for periodic session refresh requests to keep SIP sessions alive. It introduces the Session-Expires header field to convey session duration, the Min-SE header field for the minimum allowed session expiration, and the 422 response code for when the requested session expiration is too small. It specifies user agent client, proxy, and user agent server behaviors for processing these fields and responding to session refresh requests. An example call flow demonstrates how the session timer mechanism works between the UAC and UAS via proxies.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    176 views25 pages

    Rfc4028 Session Timer

    Uploaded by

    Eliakim Feliciano Morais
    The document describes Session Timers in SIP, which define a mechanism for periodic session refresh requests to keep SIP sessions alive. It introduces the Session-Expires header field to convey session duration, the Min-SE header field for the minimum allowed session expiration, and the 422 response code for when the requested session expiration is too small. It specifies user agent client, proxy, and user agent server behaviors for processing these fields and responding to session refresh requests. An example call flow demonstrates how the session timer mechanism works between the UAC and UAS via proxies.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 25

    RFC4028

    Session Timer in the


    Session Initiation Protocol
    Speaker Ying Shun Lin
    Adviser Quincy Wu

    Outline

    Introduction
    Session-Expires Header field Definition
    Min-SE Header field Definition
    422-Response Code Definition
    UAC / Proxy / UAS Behavior
    Security Considerations
    Example call Flow

    Introduction (1/3)

    SIP does not define a keepalive


    mechanism for the sessions it establishes
    INVITE
    100 Trying

    UAC
    BYE

    call stateful proxy will retain state for the ca


    3

    Introduction (2/3)

    This extension defines a keepalive mechanism for SIP


    sessions. UAs send periodic (re-INVITE or UPDATE)
    requests (referred to as session refresh requests) to
    keep the session alive .

    If a session refresh request is not received before the


    interval passes the session is considered
    terminated.
    Both UAs are supposed to send a BYE and call
    stateful proxies can remove any state for the call.

    Introduction (3/3)

    Two new header fields (Session-Expires and


    Min-SE) and a new response code (422) are
    defined
    - Session-Expires conveys the duration of the session
    - Min-SE
    conveys the minimum allowed value
    for the
    session expiration.
    - 422 response indicates that the session timer
    duration
    was too small.
    5

    Define some terms

    Session Interval
    Session Expiration
    Session Refresh Request
    Initial Session Refresh Request
    Subsequent Session Refresh Request
    Refresh

    Session-Expires Header Field


    Definition

    placed only in requests (INVITE or UPDATE), as well as


    in any 2xx response to request.

    MUST be prepared to handle Session-Expires


    header field values of any duration greater than
    90
    1800 seconds (30 minutes) is RECOMMENDED.

    insert the Session-Expires header field SHOULD


    NOT choose values of less than 30 minutes.
    SessionExpires:1800;refresher=uac

    Min-SE Header Field Definition

    used in an request (INVITE or UPDATE) it


    indicates the smallest value of the session
    interval that can be used for that session .

    MUST NOT be less than 90 seconds


    - When the header field is not present, its default
    value for is 90 seconds.

    MUST NOT be used in responses except for


    those with a 422 response code .
    Min-SE:90

    422 Response Code Definition

    Session Interval Too Small


    - generated by a UAS or proxy when a request
    contains a Session-Expires header field with a
    duration below the minimum timer for the
    server .

    MUST contain a Min-SE header field with the


    minimum timer for that server.
    9

    Session-Expire & Min-SE Header


    Fields

    10

    UAC Behavior

    Generating an Initial Session


    Refresh Request
    Processing a 2xx Response
    Processing a 422 Response
    Generating Subsequent Session
    Refresh Requests

    11

    UAC /Proxy Behavior


    INVITE

    Supported :timer
    Session Expires: XX ; refresher =uac`
    Min-SE: XX

    Require: timer
    200 Supported: timer

    UAC

    Session-Expires : ; refresher=

    proxy
    422

    Min-SE :

    Session Interval Too


    Small

    12

    UAC Behavior
    422

    UAC

    Min-SE
    :xx

    proxy

    Supported :timer
    Expires: XX ; refresher =
    INVITE Session
    uac/uas
    Min-SE: XX

    If a UAC knows that its peer supports the UPDATE method


    RECOMMENDED that UPDATE be used instead of a re-INVITE

    13

    Proxy Behavior

    The proxy processing rules require the


    proxy
    to remember information between the
    request and response, ruling out stateless
    proxies.
    - Processing of Requests
    - Processing of Responses
    - Session Expiration
    14

    Proxy Behavior (Request)


    Supported :timer

    Proxy 2

    Session Expires:
    (small)
    call failure
    Session Expires: XX
    INVITE Min-SE: XX

    INVITE

    Session Expires: XX
    Min-SE: XX

    Proxy 1

    15

    Proxy Behavior (Response)


    (proxy remembers UAC did not

    )
    There is no session expiration for this
    session
    support

    Session-Expires (from the forwarded request


    refresher :`uac`

    UAS did not


    support the
    session timer
    ) Session Expires

    UAS
    (proxy remembers that the UAC did support the session
    timer )

    16

    UAS Behavior
    INVITE

    422

    Supported
    :timer

    Session Expires:
    Min-SE:

    Min-SE:
    Min-SE:

    UAS

    proxy

    200 ok
    Expires:

    Session

    17

    UAS Behavior
    UAC supports?

    Refresher
    parameter

    refresher
    parameter

    in request

    in response

    none

    uas

    uac

    NA

    uas

    NA

    none

    uas or uac

    uac

    uac

    uas

    uas
    18

    Security
    Considerations(1/3)

    Inside Attacks
    Case 1:
    a rogue UAC that wishes to force a UAS to generate
    refreshes at a rapid rate
    - The UAS or any proxy that objects to this low
    timer
    will reject the request with a 422, thereby
    preventing the attack.
    19

    Security
    Considerations(2/3)
    Case2:
    rogue UAS that wishes to force a UAC to generate
    refreshes at a rapid rate .
    - UAC copy the current session interval into the
    Session-Expires header field in the request.
    The proxies will reject this request and provide a
    Min-SE with a higher minimum, which the UAC will
    then use.

    20

    Security
    Considerations(3/3)

    Outside Attacks
    - An element that can observe and modify a request
    or response in transit can force rapid session
    refreshes .
    - proxies that record-route and request session timer
    SHOULD record-route with a SIPS URI .
    A UA that inserts a Session-Expires header into a
    request or response SHOULD include a Contact URI
    that is a SIPS URI.

    21

    (1)
    INVITE sips:bob@biloxi.example.com SIP/2.0
    Via: SIP/2.0/TLS pc33.atlanta.example.com;branch=z9hG4bKna
    Supported: timer
    Session-Expires: 90
    Max-Forwards: 70
    To: Bob <sips:bob@biloxi.example.com>
    Proxy P2
    Proxy P1
    From: Alice <sips:alice@atlanta.example.com>;tag=19283017
    Alice
    Bob
    Call-ID: a84b4c76e66710
    (1)INVITE
    CSeq: 314159 INVITE
    SE:90
    Contact: <sips:alice@pc33.atlanta.example.com>
    (2)
    (4)
    Content-Type: application/sdp
    (2)422
    SIP/2.0
    422 Session Interval Too SmallSIP/2.0
    INVITE
    sips:bob@biloxi.example.com
    Content-Length:
    142
    MSE:3600
    Via: SIP/2.0/TLS
    SIP/2.0/TLS pc33.atlanta.example.com;branch=z9hG4bKn
    Via:
    pc33.atlanta.example.com;branch=z9hG4bKnashds8
    Supported: timer
    (3)ACK
    ;received=192.0.2.1
    Session-Expires:
    3600
    Min-SE: 3600
    3600
    Min-SE:
    To: Bob <sips:bob@biloxi.example.com>;tag=9a8kz
    Max-Forwards:
    70
    (4)INVITE
    From:
    To:
    BobAlice
    <sips:bob@biloxi.example.com>
    SE:3600
    <sips:alice@atlanta.example.com>;tag=1928301774
    From: Alice <sips:alice@atlanta.example.com>;tag=19283017
    MSE:3600
    Call-ID: a84b4c76e66710
    a84b4c76e66710
    Call-ID:
    CSeq: 314160
    314159 INVITE
    INVITE
    CSeq:
    Contact: <sips:alice@pc33.atlanta.example.com>
    Content-Type: application/sdp
    22
    Content-Length: 142

    Example Call Flow

    Example
    Call Flow
    (10)

    INVITE sips:bob@biloxi.example.com
    SIP/2.0
    Proxy
    P2
    Proxy P1
    Via: SIP/2.0/TLS pc33.atlanta.example.com;branch=z9hG4bKnashd
    Alice
    Bob
    (5)INVITE
    Supported: timer
    Session-Expires: 4000SE:3600
    MSE:3600
    Min-SE: 4000
    Max-Forwards: 70 (6)422
    To: Bob <sips:bob@biloxi.example.com>
    MSE:4000
    From: Alice <sips:alice@atlanta.example.com>;tag=1928301774
    (7)ACK
    Call-ID: a84b4c76e66710
    (8)422
    CSeq:
    314161 INVITE
    MSE:4000
    Contact:
    <sips:alice@pc33.atlanta.example.com>
    Content-Type: application/sdp
    (9)ACK
    Content-Length:
    142
    (10)INVITE
    SE:4000
    MSE:4000
    23

    (15)
    SIP/2.0 200 OK
    Via: SIP/2.0/TLS pc33.atlanta.example.com;branch=z9hG4bKna
    ;received=192.0.2.1
    Require: timer
    Supported: timer
    Record-Route:
    Proxy P2
    Proxysips:p1.atlanta.example.com
    P1
    Session-Expires: 4000;refresher=uac
    Alice
    Bob
    (11)INVITE
    To: Bob <sips:bob@biloxi.example.com>;tag=9as888nd
    SE:4000
    (12)INVITE
    From: Alice <sips:alice@atlanta.example.com>;tag=192830177
    MSE:4000
    SE:4000
    Call-ID: a84b4c76e66710
    MSE:4000
    CSeq: 314161 INVITE
    Contact: <sips:bob@192.0.2.4>
    (13)200OK
    Content-Type: application/sdp
    (14)200OK
    Content-Length: 142
    SE:4000
    SE:4000
    (15)200OK
    SE:4000

    Example Call Flow

    (16)ACK
    (17)ACK

    24

    Example Call Flow


    Proxy P1

    Proxy P2

    Alice
    (18)UPDAT
    ESE:4000

    Bob
    (19)UPDAT
    ESE:4000

    (18)
    UPDATE sips:bob@192.0.2.4 SIP/2.0 (20)200OK
    SE:4000
    Via: SIP/2.0/TLS
    pc33.atlanta.example.com;branch=z9hG4bKnashds12
    (21)200OK
    Route: sips:p1.atlanta.example.com
    SE:4000
    Supported: timer
    Session-Expires: 4000;refresher=uac (22)BYE
    Max-Forwards: 70
    To: Bob <sips:bob@biloxi.example.com>;tag=9as888nd
    (23)BYE
    From: Alice <sips:alice@atlanta.example.com>;tag=1928301774
    (24)408 (Request
    Call-ID: a84b4c76e66710
    Timeout)
    CSeq: 314162 UPDATE
    25
    Contact: <sips:alice@pc33.atlanta.example.com>

    You might also like