My recent column on Voice over IP (VoIP) protocols covered the major players: H.323, Session Initiation Protocol (SIP), Megaco (H.248), Media Gateway Control Protocol (MGCP), and RTP. What we didn't cover were proprietary VoIP protocols such as the peer-to-peer VoIP protocols used by Skype, the Skinny Client Control Protocol (SCCP, also known as Skinny) used by Cisco, and the Inter-Asterisk Exchange (IAX) protocol used by Asterisk. This week, we'll take a look at these and other proprietary protocols used in various vendors' implementations of VoIP.
Skype is a highly popular "soft phone" implementation of VoIP that runs on Windows, Macintosh OS X, and Linux. The same folks who brought us the popular Kazaa file sharing application (now owned by eBay) created the program. Because its basic computer to computer service is free, it provides a way for consumers to try IP telephony without much commitment or hassle. Users can also use Skype for videoconferencing in addition to voice.
Unfortunately, the Skype protocols and software are closed source, so we don't know nearly as much about how they work under the hood as we do about the H.323 and SIP; the widely known International Telecommunication Union (ITU) and Internet Engineering Task Force (IETF) standards define those two protocols. We do know that Skype differs from most VoIP technologies in that it uses a peer-to-peer model rather than the centralized call server model used by other, more standard VoIP applications.
To say that Skype operates without a server, though, would be inaccurate. Users log on to a Skype login server to verify their public keys; this connection uses 256-bit Advanced Encryption Standard (AES) encryption with 1536-bit or 2048-bit (available to paid users) keys for security. Users connect to their destinations by going through "supernodes," or other Skype users with public IP addresses—hence the peer-to-peer model. Peers, rather than centralized servers, handle bandwidth-intensive tasks. Each packet uses encryption to protect the confidentiality of calls routed through peers.
To make calls to a public switched telephone network (PSTN) phone (with the exception of toll-free numbers) with Skype, you must use their paid service, called SkypeOut, which is billed on a per-minute basis. A companion service, called SkypeIn, allows Skype users to receiving incoming calls from PSTN phones. SkypeIn encrypts calls to PSTN numbers until they reach the PSTN gateway.
The SCCP is Cisco's proprietary VoIP protocol, used to connect Cisco VoIP phones to the Cisco Call Manager server. The Cisco Call Manager is an H.323 proxy that communicates with Skinny clients (the Cisco phones), resulting in much less overhead than with H.323. As the name suggests, SCCP is a "lite" client that reduces the processing load on the hardware.
When calling a non-Skinny client, the clients establish a connection through the Call Manager using TCP and then the two endpoints communicate using UDP. When Skinny phones connect to each other, they use RTP over UDP.
Some vendors in addition to Cisco also support SCCP, and Cisco Call Manager 4.0 supports a secure version of SCCP, which uses Transport Layer Security (TLS) to encrypt communications and provide for confidentiality of voice conversations.
IAX is the Inter-Asterisk Exchange protocol that establishes connections between clients and Asterisk servers or between two Asterisk PBX units. The current version is IAX2. Asterisk is a free open source call server (IP PBX) licensed under the GNU General Public License (GNU GPL). Users can run Asterisk on Linux, Solaris, FreeBSD, and Windows. You need special hardware (a PCI expansion card) for interfacing phone lines and T1 lines. Asterisk also supports SIP and H.323 and works with SIP hard phones.
IAX works much like SIP, but it is designed to address the problem that SIP has with Network Address Translation (NAT) by sending both session setup/teardown and the voice message over one User Datagram Protocol (UDP) stream. It also uses less bandwidth because it combines the data from more than one call into one group of packets.
IAX2 usually operates on port 4569 (the first version of IAX used port 5036), and can handle streaming video as well as voice. It also supports RSA public key cryptography to authenticate users.
Other proprietary protocols
Other vendors have developed their own protocols. Nortel created UNIStim for handling the communications between their own IP phones and Nortel Call Servers. Nortel has some low-cost (under $500) PBXs for small businesses that rely on the UNIStim protocol. Mitel uses a proprietary protocol called MiNet (its products also support SIP) for call signaling. The Mitel protocol provides extra security, with traffic going into the Mitel controllers encrypted with Secure Sockets Layer (SSL) and Secure Shell.
Although SIP and H.323 are the best known VoIP protocols, they are by no means the only ones. One of the biggest challenges to widespread adoption of VoIP today is the lack of standardization. The fact that many VoIP vendors use proprietary protocols, resulting in a confusing array of products that don't interoperate with one another and a maze of protocols to choose from when planning a VoIP deployment, reflects this lack of standardization.
There are some advantages to proprietary protocols: Those that are closed source can provide a kind of "security through obscurity" that open standard protocols don't enjoy. Vendors can build in features to address specific problems, as IAX has done to make it easier for VoIP to work through firewalls and overcome incompatibilities with NAT devices. Manufacturers can enhance performance, as Cisco has done with Skinny, and use unconventional models, as Skype has done with the peer-to-peer concept.
On the other hand, many in the industry are in favor of standardization, and while it appears that SIP is emerging as the winner of the VoIP protocol race, there are still a number of proprietary protocols in use. Be familiar with them and be well equipped to make the best choice for your own VoIP implementation.
Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 additional books on subjects such as the Windows 2000 and Windows 2003 MCSE exams, CompTIA Security+ exam, and TruSecure's ICSA certification.