<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><br></div><div><div><div>On Jan 7, 2009, at 9:47 AM, Jiri Kuthan wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div>Adrian Georgescu wrote:<br><blockquote type="cite">I beg to differ, but this is just my humble opinion based on my experience with my particular customers.<br></blockquote><blockquote type="cite">The most economic and future-proof way to perform accounting for SIP sessions is the SIP Proxy server alone.<br></blockquote><br>This may be probably ok, as long as you don't intend to use such accounting<br>data for billing. (which may be still useful)<br><br></div></blockquote><div><br></div></div><div>I really mean accounting for billing purpose.</div><div><br></div><div><blockquote type="cite"><div>The trouble is that proxy-produced accounting data is remarkable incomplete and<br>inaccurate. It does not include QoS info, PSTN info, and they are sensitive to<br>the attacks mentioned before that make a BYE work for a GW but not for a proxy<br>and vice versa, or other ways how BYE can be broken due to an error or fraud.</div></blockquote><div><br></div><div>Again these are issue that need to be addressed and do not imply that SIP Proxy accounting is not possible or undesirable.</div><div><br></div><blockquote type="cite"><div><blockquote type="cite">My personal experience is that gateways come and go in a provider configuration and they are in many cases under the control of a third-party that provides the PSTN termination service. When you do LCR across many different gateways, which are not even yours the only aggregation point for traffic is the SIP proxy that authenticates and authorizes the requests. Over time, the gateways change hands, get upgraded or removed much more often then the proxy itself, which maintains its central role over time. <br></blockquote><br>There is certainly some invariable in a system but to my best knowledge<br>that's the DB backend (for example RADIUS) which gets almost never touched,<br>not a proxy server. The DB is the piece that is invariable, untouchable,<br>central in every respect, and therefore used for aggregation of usage data,<br>as directly as possible. I see little value on putting a SIP proxy on the<br>way from the service box knowing ALL call data and the final destination<br>of the usage data (some database).</div></blockquote><div><br></div><div>When I referred to the accounting of the SIP Proxy server my intention was to denominate "The accounting server (like Radius) associated with the SIP Proxy and its DB backend" as in your example. So we talk about the same thing.</div><div><br></div><blockquote type="cite"><div>(I agree proxy is the best place for authorization and authentication but that's<br>a different story than accounting.)<br><br><blockquote type="cite">Secondly, once you<br></blockquote><blockquote type="cite">do more the voice like video and other services that require billing and are not PSTN related, the SIP Proxy is the only network element that has access to the signalling and is able to generate accounting tickets.<br></blockquote><br>That seems appealing indeed, it is just that I have encountered very few (still some<br>though) who would be seriously billing for on-net calls on a per-minute basis.<br>(they haven't found a way to do sell credibly a single usrloc lookup<br>on a per-minute basis or didn't consider the on-net share of traffic significant or<br>thought the CDR producing expense was just not worth it) It makes sense as you say<br>to produce CDRs in a proxy if termination is provided by a third party, but to my<br>best knowledge these are based on their inaccuracy used for reconciliation rather<br>than as source of authoritative data.</div></blockquote><div><br></div><div>There are SIP service numbers that are not available on PSTN and charged per minute like PSTN destinations. Then there are peering agreements that allow calls to be routed based on results of ENUM lookups and still charged per minute. No gateway involved just an ENUM lookup. Only the SIP Proxy knows this information.</div><div><br></div><blockquote type="cite"><div><blockquote type="cite">Solving the accounting related problems at the SIP Proxy level is a worthwhile investment <br></blockquote><br><br>Yes, but only if you don't care about accuracy and completeness of the usage data,<br>i.e., you don't do billing. Otherwise the customer-care cost is unpayable in addition<br>to the expense of doing it at all. The per-minute margins are so poor and accurate<br>CDR processing is such an expense, </div></blockquote><div><br></div><div>I beg to differ. The accounting can be as accurate as any other source like the PSTN gateway if you consider that a relevant comparison factor. The fact that a particular implementation does not address the flaws mentioned here does not rule out SIP Proxy accounting is not good. </div><div><br></div><blockquote type="cite"><div>that it alone explains the increasing flat-rate<br>offerings. We have been doing it only in the reconciliation case you mentioned,<br>merely as non-authoritative data.<br><br>If you however do have a scenario, in which accuracy and completeness matters for<br>billing sake, investment in proxy-based CDR production seems to me only likely to<br>produce liability.<br><br></div></blockquote><div><br></div><div>So is no debate here.</div><br><blockquote type="cite"><div><br>-jiri<br><br><blockquote type="cite">while other options are just temporary fixes that<br></blockquote><blockquote type="cite">work in a particular case for a limited amount of time and that is a waste of money.<br></blockquote><blockquote type="cite">Adrian<br></blockquote><blockquote type="cite">On Jan 7, 2009, at 2:25 AM, Jiri Kuthan wrote:<br></blockquote><blockquote type="cite"><blockquote type="cite">authentication does not provide actually value here. dialog would not<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">either, since<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">the same trick can be achieved for example by low max-forwards. IMO the<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">proper<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">choice is accounting from the gateway, which provides the actual service.<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">A proxy can only provide an approximation which is inherentely to some<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">extent<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">more error-prone than the box doing the actual job.<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">-jiri<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Bogdan-Andrei Iancu wrote:<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Hi Iņaki,<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Have you consider requesting auth for the BYE ? from SIP point of view<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">is perfectly valid....<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Regards,<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Bogdan<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Iņaki Baz Castillo wrote:<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Hi, I'm thinking in the following flow in which the caller/attacker<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">would get an unlimited call (but a limited CDR duration):<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">--------------------------------------------------------------------------<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">attacker OpenSIPS (Acc) gateway<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">INVITE (CSeq 12) ------><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><-------- 407 Proxy Auth<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">INVITE (CSeq 13) ------><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"> INVITE (CSeq 13) ------><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"> <------------------- 200 Ok<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><------------------- 200 Ok<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"> << Acc START >><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">ACK (CSeq 13) -----------><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"> ACK (CSeq 13) -----------><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><******************* RTP ************************><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"># Fraudulent BYE !!!<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">BYE (CSeq 10) -----------><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"> << Acc STOP >><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"> BYE (CSeq 10) -----------><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"> <-- 500 Req Out of Order<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><-- 500 Req Out of Order<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">--------------------------------------------------------------------------<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">The call hasn't finished, but OpenSIPS has ended the accounting for<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">this call since it received a BYE. And this BYE will generate a<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">correct ACC Stop action (since it matches From_tag, To_tag and<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Call-ID).<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">I think this is *VERY* dangerous and I hope I'm wrong.<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Would help the dialog module here? does the dialog module check the<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">CSeq of the BYE in some way and could it prevent OpenSIPS from<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">generating the ACC STOP action? (I don't think so).<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Any idea?<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">_______________________________________________<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Users mailing list<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a> <<a href="mailto:Users@lists.opensips.org">mailto:Users@lists.opensips.org</a>><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">_______________________________________________<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Users mailing list<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a> <<a href="mailto:Users@lists.opensips.org">mailto:Users@lists.opensips.org</a>><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br></blockquote></blockquote></div></blockquote></div><br></div></body></html>