Internet Engineering Task Force P. Dawes
Internet-Draft Vodafone Group
Intended status: Standards Track January 9, 2009
Expires: July 13, 2009
Private Extension to the Session Initiation Protocol (SIP) for Debugging
draft-dawes-sipping-debug-00
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on July 13, 2009.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Abstract
Networks that use SIP to start and stop sessions between their users
will frequently be upgraded with software and hardware changes.
Dawes Expires July 13, 2009 [Page 1]
Internet-Draft P-Debug-ID January 2009
Users will similarly frequently change their client software and the
way they use the network. In order to allow troubleshooting and
regression testing, it is useful to provide debugging as part of the
network fabric. This draft describes an event package that provides
debugging configuration to SIP entities and a SIP private header that
triggers logging of SIP signalling and identifies logs at mulitiple
SIP entities as belonging to a single end-to-end session.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3
3. Motivating Scenario . . . . . . . . . . . . . . . . . . . . . 4
4. Signalling for Example Scenario . . . . . . . . . . . . . . . 4
4.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 4
4.2. Originating Session . . . . . . . . . . . . . . . . . . . 4
4.3. Terminating Sessions . . . . . . . . . . . . . . . . . . . 8
5. Avoiding Configuring all Entities on the Signalling Path . . . 9
5.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 9
5.2. Originating Sessions . . . . . . . . . . . . . . . . . . . 10
5.3. Terminating Sessions . . . . . . . . . . . . . . . . . . . 10
6. Multiple Simultaneous Events . . . . . . . . . . . . . . . . . 10
7. P-Debug-ID in SIP Requests . . . . . . . . . . . . . . . . . . 12
7.1. Forked Requests . . . . . . . . . . . . . . . . . . . . . 12
7.2. Back-to-Back User Agents . . . . . . . . . . . . . . . . . 12
8. P-Debug-ID in SIP Responses . . . . . . . . . . . . . . . . . 12
9. Multiple Service Providers . . . . . . . . . . . . . . . . . . 12
9.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 12
10. Configuration for Multiple AORs . . . . . . . . . . . . . . . 12
11. Retrieving Debugging Logs . . . . . . . . . . . . . . . . . . 13
12. Security Considerations . . . . . . . . . . . . . . . . . . . 13
12.1. Trust Domain . . . . . . . . . . . . . . . . . . . . . . . 13
12.2. Security Threats . . . . . . . . . . . . . . . . . . . . . 13
12.3. Security Mechanisms . . . . . . . . . . . . . . . . . . . 14
13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
13.1. Normative References . . . . . . . . . . . . . . . . . . . 14
13.2. Informative References . . . . . . . . . . . . . . . . . . 14
Appendix A. Additional Stuff . . . . . . . . . . . . . . . . . . 15
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 15
Dawes Expires July 13, 2009 [Page 2]
Internet-Draft P-Debug-ID January 2009
1. Introduction
If users experience problems with setting up sessions using SIP,
their service provider needs to find out why by examining the SIP
signalling. This draft defines an event package to configure SIP
entities with conditions for starting and stopping logging of SIP
signalling a SIP header field that allows a service provider to link
signalling logged at various SIP entities in order to troubleshoot
session setup.
The skeleton of the debugging procedure is as follows:
o The user's terminal is prompted to enrol to debug configuration,
supplied from a debug event package
o The first proxy the terminal connects to, at the edge of the
network, either is already configured to log the user's
signalling, because it is permanenently enrolled to receive
configuration for all users, or is prompted to enrol in the same
way as the terminal.
o The user's terminal receives configuration that indicates when to
start and stop logging signalling
o The user's terminal sends a SIP request that triggers logging to
start at the user's terminal, the first proxy the terminal
connects to, and any other SIP entity within the trust domain that
receives the request.
o Subsequent responses and requests in the same dialog are logged.
o Logging stops, because either the dialog has ended or the event
defined in the debug configuration that causes the terminal to
stop logging occurred
o The user's terminal, the proxy, and any other SIP entity that has
logged signalling sends its logs to the debug server
2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Dawes Expires July 13, 2009 [Page 3]
Internet-Draft P-Debug-ID January 2009
3. Motivating Scenario
Alice has a SIP client on her laptop, which she has been using for
some time to make video calls to work colleagues inside her company,
FooCorp, including making video calls and sending pager-mode
messages. Last week, her company became able to contact staff
working for its principal customer BarCorp, which recently installed
a SIP-based network. Today, she tried to set up a call to Bob at
BarCorp who uses an audio-only SIP phone, but the call failed and
Alice does not know why. Also, she tried sending an instant message
to her friend Carol, also working at BarCorp, and her terminal
displayed 'message failed'. She contacts those who manage the SIP
network within FooCorp to ask them to investigate the problem.
This draft discusses the properties of a solution for debugging such
a scenario, and outlines one possible solution.
4. Signalling for Example Scenario
4.1. General
The network administrators at FooCorp are first interested in whether
the problem is within FooCorp or BarCorp. They would like to log the
SIP signalling from Alice's client to the edge of the FooCorp
network. In order to do this, Alice's client, the SIP entity at the
border between FooCorp and BarCorp, and all of the SIP entities in
between must log signalling for both the audio call and the instant
message. The network administrators can then examine the logs to
determine the cause of the problem.
4.2. Originating Session
The first step is to provide Alice's SIP client with configuration
information that instructs the SIP client when to log SIP signalling.
All debug configuration information at FooCorp is hosted on a single
logical debug server, debug.foocorp.com, which hosts an event package
that provides configuration using SUBSCRIBE and NOTIFY methods.
Usually, SIP clients are not subscribed to this event package, since
debugging is rarely used. Because debugging is rare, the debug event
package should only be subscribed to when required, which is achieved
by triggering subscription when Alice refreshes her registration.
The administrators cause Alice to re-register by notifying her UA
that its subscription has expired. When Alice's UA re-registers, an
empty P-Debug-ID header field is included in the 200 OK response to
the REGISTER request. This empty P-Debug-ID header field causes
Alice's UA to subscribe to Alice's debug event package at the debug
server, which returns an XML document containing her debugging
Dawes Expires July 13, 2009 [Page 4]
Internet-Draft P-Debug-ID January 2009
configuration.
Alice Proxy Registrar Debug Server
u1.foocorp.com p1.foocorp.com r1.foocorp.com d1.foocorp.com
| | | |
| | | |
|(1) NOTIFY (Alice's registration terminated) |
| Event: reg | | |
|<-------------------------------------------------------|
| | | |
|(2) REGISTER (Alice re-registers) | |
|----------------->| | |
| |(3) REGISTER | |
| |----------------->| |
| | | |
| |(4) 200 OK | |
| | P-Debug-ID: | |
| |<-----------------| |
|(5) 200 OK | | |
| P-Debug-ID: | | |
|<-----------------| | |
| | | |
|(6) ACK | | |
|------------------------------------>| |
| | | |
|(7) SUBSCRIBE | | |
| Event: debug | | |
|------------------------------------------------------->|
|(8) 200 OK | | |
|<-------------------------------------------------------|
| | | |
|(9) NOTIFY (debug configuration in body) |
|<-------------------------------------------------------|
|(10)200 OK | | |
|------------------------------------------------------->|
| | | |
Figure 1: Prompting Client to Retrieve Debugging Configuration
The XML document returned to Alice's terminal contains the debugging
configuration shown below. This configuration instructs the terminal
when to start logging, when to stop, and a value to put in the
inserted P-Debug-ID header field.
Dawes Expires July 13, 2009 [Page 5]
Internet-Draft P-Debug-ID January 2009
bob@barcorp.com
T0H2M0S
1A346D
Figure 2: Minimal Debugging Configuration for UA
The start-trigger element instructs Alice's terminal to begin to log
signalling for any SIP request that contains bob@barcorp.com in the
To: header field. The stop-trigger element instructs Alice's
terminal end logging signalling after a time period of two minutes.
Alice's terminal inserts a P-Debug-ID header field in all logged SIP
requests, and the debug-control element contains the value that
Alice's terminal will include in the P-Debug-ID header field.
Proxy p1.foocorp.com is supplied with similar configuration, shown
below, with one important difference, that the value in the
P-Debug-ID header field is part of the start trigger, thereby
ensuring that the session from Alice is logged, not simply any
request sent to Bob.
bob@barcorp.com
1A346D
T0H2M0S
Figure 3: Minimal Debugging Configuration for Proxy
For all entities, debug configuration is used for a single dialog and
then discarded, which means that once Alice's UA has started the
dialog with Bob, the debug configuration shown above is not re-used
for any subsequent dialogs. The scope of logging is the dialog for
which logging started, logging is not done of any other dialog that
was in progress or is started while logging the dialog with Bob.
The FooCorp network is organized such that all SIP clients route
requests through the first SIP proxy they connect to, and their
Dawes Expires July 13, 2009 [Page 6]
Internet-Draft P-Debug-ID January 2009
registrar, by using the path: and Service-Route: header fields.
Other SIP proxies may also be on the signalling path.
The debugging configuration causes Alice's UA and the first SIP proxy
connected to Alice's terminal to log SIP signalling the next time she
sends an INVITE request to bob@barcorp.com. Alice retries calling
Bob and signalling is logged for two minutes. Later examination of
these logs shows that although requests and responses are correctly
exchanged with Bob, Alice's SIP client is not accepting audio-only
sessions and is sending BYE immediately. This problem had not come
to light previously as all calls within Alice's company are video
calls.
The outline call flow below illustrates how debugging works.
Signalling logged at Alice's UA and the Proxy shows that requests and
responses are successfully exchanged, but Alice's UA will not set up
an audio-only session and sends BYE immediately.
Dawes Expires July 13, 2009 [Page 7]
Internet-Draft P-Debug-ID January 2009
Alice Proxy Bob
|(1) INVITE | |
| m = audio | |
| m = video | |
| From:alice at atlanta.com |
| P-Debug-ID:A076D1 | |
| Alice's UA starts logging |
|--------------------->| |
| | (2) INVITE |
| | P-Debug-ID: and From: |
| | match debugging config|
| | so proxy starts |
| | logging |
| |---------------------->|
| | |
| | (3) 200 OK |
| | m = audio |
| |<----------------------|
|(4) 200 OK | |
|<---------------------| |
| | |
|(5) ACK | |
|--------------------->| |
| | (6) ACK |
| |---------------------->|
| | |
|(7) BYE | |
|--------------------->| |
| | (8) BYE |
| |---------------------->|
| | |
| | (9) 200 OK |
| |<----------------------|
| | Dialog has ended so |
| | Proxy stops logging |
| (10) 200 OK | |
|<---------------------| |
| Dialog has ended, so | |
| Alice's UA stops | |
| logging | |
Figure 4: Example of Debugging
4.3. Terminating Sessions
Logging of a terminating session should start at the SIP proxy at the
incoming edge of a network. For example, Bob has been told by Alice
that her calls are not getting through and therefore asks the BarCorp
Dawes Expires July 13, 2009 [Page 8]
Internet-Draft P-Debug-ID January 2009
network administrators to check any incoming calls from Alice. The
proxy at the edge of the BarCorp network is provided with the
configuration below to log any incoming calls from Alice. The
element contains the value for the P-Debug-ID header field
that the proxy will insert.
bob@barcorp.com
alice@foocorp.com
T0H2M0S
2B346D
Figure 5: Minimal Debugging Configuration for Proxy
When Alice calls Bob, the proxy at the edge of the BarCorp network
begins logging and inserts a P-Debug-ID: header field with the value
2B346D taken from the configuration data.
5. Avoiding Configuring all Entities on the Signalling Path
5.1. General
It is desirable to minimize the need for SIP entities to enrol for
debug configuration for two reasons. Firstly, each enrollment
results in state maintained in the entity that enrols and in the
debug server. Secondly, the path through proxies of a SIP request
cannot always be predicted, therefore an indication in the signalling
itself that this signalling should be logged is needed.
The requirements above can be met by one proxy policing the
P-Debug-ID: header field on behalf of all other proxies downstream.
Two cases are possible, a sesssion originated at a terminal, and a
session that enters a network which will be terminated at a terminal
attached to that network.
Dawes Expires July 13, 2009 [Page 9]
Internet-Draft P-Debug-ID January 2009
5.2. Originating Sessions
Both the terminal and the proxy that it connects to at the edge of
the FooCorp network are configured with debug data. Since the
terminal is outside the trust domain, the edge proxy checks the
P-Debug-ID: header field inserted by the terminal, if any, against
the debug configuration data it has been supplied for that terminal.
If P-Debug-ID should not have been inserted by the terminal, or
contains an incorrect value, the proxy removes the header field. If
the SIP request has no P-Debug-ID header field but matches the debug
configuration data in the proxy, the proxy inserts a P-Debug-ID:
header field with the configured value.
5.3. Terminating Sessions
The SIP registrar for the address of record being debugged and the
terminating user's UA are provided with debug configuration. The SIP
request passes through this registrar on its way to the terminating
UA and the registrar inserts a P-Debug-ID: header field. SIP
entities in the same trust domain and downstream of the registrar can
trust that the presence of the P-Debug-ID header field indicates that
they should log that SIP request or response. The terminating user's
UA is outside the trust domain and therefore requires its own
configuration data.
6. Multiple Simultaneous Events
At the same time as looking into the problem with calling Bob, the
administrators at FooCorp also want to find out why the message sent
to Carol caused an error display on Alice's terminal. In order to do
this, they add the configuration below to the debug event package
hosted on the debug server. The configuration is a new session that
has a different id attribute to the previous session. This
configuration is supplied to the terminal, and the terminal adds it
to the session with id="u01" for debugging the problem with calling
Bob.
Dawes Expires July 13, 2009 [Page 10]
Internet-Draft P-Debug-ID January 2009
carol@barcorp.com
T0H2M0S
1A346E
Figure 6: Debugging Configuration for Instant Message
Alice then re-sends a message request to Carol and the call flow
below is recorded.
Alice Proxy Carol
|(1) MESSAGE | |
| From:alice@foocorp.com | |
| P-Debug-ID:1A346E | |
| Alice's UA starts logging |
|----------------------->| |
| | (2) MESSAGE |
| | P-Debug-ID: and To: |
| | match debugging config |
| | so proxy starts |
| | logging |
| |------------------------>|
| | |
| | (3) 501 Not Implemented |
| | P-Debug-ID:1A346E |
| |<------------------------|
|(4) 501 Not Implemented | Dialog has ended, so |
| P-Debug-ID:1A346E | proxy stops |
|<-----------------------| logging |
| Dialog has ended, so | |
| Alice's UA stops | |
| logging | |
Figure 7: Example of Debugging a MESSAGE Request
The signalling flow shows that Carol's SIP UA is not able to process
MESSAGE requests. In fact, Carol has an audio-only black phone.
Logging for the MESSAGE request sent to Carol and the INVITE request
sent to Bob happens simultaneously.
Dawes Expires July 13, 2009 [Page 11]
Internet-Draft P-Debug-ID January 2009
7. P-Debug-ID in SIP Requests
7.1. Forked Requests
Since forked requests are part of the same intention of the user to
communicate, the P-Debug-ID header field is copied unchanged from a
single SIP request into all SIP requests that result from the
forking.
7.2. Back-to-Back User Agents
Since requests generated by a B2BUA as a result of an incoming
request that is being debugged are part of the same intention of the
user to communicate, the P-Debug-ID header field is copied unchanged
from a SIP request into all new outgoing SIP requests that a B2BUA
generates as a result of the incoming SIP request that contained the
P-Debug-ID header.
8. P-Debug-ID in SIP Responses
The P-Debug-ID header field is copied unchanged from a single SIP
request into all responses, provisional and final, to that SIP
request.
9. Multiple Service Providers
9.1. General
Foocorp is able to check signalling in its own network, but not in
the network of Barcorp. Two solutions are possible, either entities
in Barcorp are allowed to retrieve debugging configuration by sending
a SUBSCRIBE request to the debug server in Foocorp, or Foocorp asks
Barcorp to setup similar debugging in its own network to investigate
why the MESSAGE request to Carol is failing. The debugging
configuration in Barcorp would consist of logging signalling for
requests that are incoming to Carol (i.e., with carol@barcorp.com in
the From: header field.
10. Configuration for Multiple AORs
Any entity may subscribe to a URI that identifies a group of AORs.
If multiple NOTIFY requests carry configuration information about the
same AOR then the most recent configuration document is used. It
might be that a new NOTIFY request adds a session to existing
configuration for an AOR and otherwise leaves its existing
Dawes Expires July 13, 2009 [Page 12]
Internet-Draft P-Debug-ID January 2009
configuration untouched.
11. Retrieving Debugging Logs
When logging finishes, either because the stop trigger event
occurred, or because the dialog being logged has ended, the SIP
entity sends logged signalling in the body of a PUBLISH request sent
to the debug event server. If this PUBLISH request will cross a
trust domain boundary, it MUST use authentication, integrity
protection, and privacy protection.
The debug event server reconstructs the flow of signalling using the
dialog identity (Call-ID: header field and the tags in the To: and
From: header fields) and the CSeq: and Max-Forwards: header fields.
12. Security Considerations
All drafts are required to have a security considerations section.
See RFC 3552 [RFC3552] for a guide.
12.1. Trust Domain
Since a non-empty P-Debug-ID header may cause a SIP entity to log the
SIP header and body of a request or response, P-Debug-ID must be
removed at a trust domain boundary. If BarCorp is outside the trust
domain of FooCorp, then BarCorp will not receive the P-Debug-ID
header. However, the SIP entity at the edge of the BarCorp network
can attempt to subscribe to the debug configuration for
alice@foocorp.com and use this configuration to cause logging in the
BarCorp network.
12.2. Security Threats
The identity carried by the P-Debug-ID header is not sensitive
information, although it will sometimes indicate that a particular
device is experiencing problems. If the value in the header is
maliciously changed, this will disrupt troubleshooting.
The presence of a P-Debug-ID header field will cause some SIP
entities to log signalling. Therefore, this header field must be
removed at the earliest opportunity if it has been incorrectly
inserted.
Debug configuration affects the operation of a terminal, therefore it
must be supplied by an authorized server to an authorized terminal,
it must not be altered in transit, and it must not be readable by an
Dawes Expires July 13, 2009 [Page 13]
Internet-Draft P-Debug-ID January 2009
unauthorized third party.
Logged signalling is privacy-sensitive data, therefore it must be
passed to an authorized server, it must not be altered in transit,
and it must not be readable by an unauthorized third party.
12.3. Security Mechanisms
Security considerations are very similar to those in
draft-ietf-sipping-config-framework
[I-D.ietf-sipping-config-framework], so the same mechanisms can be
used to secure debugging configuration and logged signalling.
13. References
13.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[draft-dawes-sipping-debug-event]
Dawes, P., "A Session Initiation Protocol (SIP) Event
Package for Debugging", 2008.
13.2. Informative References
[I-D.ietf-sipping-config-framework]
Channabasappa, S., "A Framework for Session Initiation
Protocol User Agent Profile Delivery",
draft-ietf-sipping-config-framework-15 (work in progress),
February 2008.
[I-D.narten-iana-considerations-rfc2434bis]
Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs",
draft-narten-iana-considerations-rfc2434bis-09 (work in
progress), March 2008.
[RFC2234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, November 1997.
[RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629,
June 1999.
[RFC2976] Donovan, S., "The SIP INFO Method", RFC 2976,
October 2000.
Dawes Expires July 13, 2009 [Page 14]
Internet-Draft P-Debug-ID January 2009
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261,
June 2002.
[RFC3262] Rosenberg, J. and H. Schulzrinne, "Reliability of
Provisional Responses in Session Initiation Protocol
(SIP)", RFC 3262, June 2002.
[RFC3265] Roach, A., "Session Initiation Protocol (SIP)-Specific
Event Notification", RFC 3265, June 2002.
[RFC3311] Rosenberg, J., "The Session Initiation Protocol (SIP)
UPDATE Method", RFC 3311, October 2002.
[RFC3428] Campbell, B., Rosenberg, J., Schulzrinne, H., Huitema, C.,
and D. Gurle, "Session Initiation Protocol (SIP) Extension
for Instant Messaging", RFC 3428, December 2002.
[RFC3515] Sparks, R., "The Session Initiation Protocol (SIP) Refer
Method", RFC 3515, April 2003.
[RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC
Text on Security Considerations", BCP 72, RFC 3552,
July 2003.
Appendix A. Additional Stuff
This becomes an Appendix.
Author's Address
Peter Dawes
Vodafone Group
The Connection
Newbury, Berkshire RG14 2FN
UK
Phone: +44 7717 275009
Email: peter.dawes@vodafone.com
Dawes Expires July 13, 2009 [Page 15]