Retronetworking » OCTOI - Osmocom Community TDM over IP

h1. Ladder Diagrams

Some ladder diagrams about the proposed OCTOI protocol.

h2. Initial connection setup (success without redirect)

Note: we might want to do something for DoS mitigation at the very initial step?

{{mscgen_link()

msc {

  hscale=2;

  client [label="Client"], server [label="Server (main port)"], hlr [label="HLR (database)"];

  |||;

  --- [label="Initial connection attempt from client to well-known server/port"];

  |||;

  client => server [label="SERVICE_REQ (user_id)"];

  server <=> hlr [label="Obtain auth vectors"];

  client <= server [label="AUTH_REQ (rand, autn)"];

  client => server [label="AUTH_RESP (res)"];

  server box server [label="Verify res == xres?"];

  client <= server [label="SERVICE_ACK"];

  ...;

  client <=> server [label="TDMoIP"];

  ...;

}

}}

h2. Initial connection setup (success with redirect)

Note: we might want to do something for DoS mitigation at the very initial step?

{{mscgen_link()

msc {

  hscale=2;

  client [label="Client"], server [label="Server (main port)"], worker [label="Server (worker port)"], hlr [label="HLR (database)"];

  |||;

  --- [label="Initial connection attempt from client to well-known server/port"];

  |||;

  client => server [label="SERVICE_REQ (user_id)"];

  server <=> hlr [label="Obtain auth vectors"];

  client <= server [label="AUTH_REQ (rand, autn)"];

  client => server [label="AUTH_RESP (res)"];

  server box server [label="Verify res == xres?"];

  server => worker [label="Create worker socket"];

  server note server [label="Server accepts client + redirects to worker IP+Port"];

  client <= server [label="REDIR_CMD (worker IP:Port, token)"];

  ...;

  client => worker [label="SERVICE_REQ (user_id, token)"];

  worker box worker [label="Verify user_id + token, or\nperform AUTH_REQ/AUTH_CMD again"];

  client <= worker [label="SERVICE_ACK"];

  ...;

  client <=> worker [label="TDMoIP"];

  ...;

}

}}

Both sides operate timeouts, if those occur, the entire procedure is aborted.

h2. Initial connection setup (failure)

Note: we might want to do something for DoS mitigation at the very initial step?

{{mscgen_link()

msc {

  hscale=2;

  client [label="Client"], server [label="Server (main port)"], hlr [label="HLR (database)"];

  |||;

  --- [label="Initial connection attempt from client to well-known server/port"];

  |||;

  client => server [label="SERVICE_REQ (user_id)"];

  server <=> hlr [label="Obtain auth vectors"];

  client <= server [label="AUTH_REQ (rand, autn)"];

  client => server [label="AUTH_RESP (res)"];

  server box server [label="Verify res == xres?"];

  client <= server [label="SERVICE_REJ"];

  ...;

}

}}

h2. subsequent re-authentication

{{mscgen_link()

msc {

  hscale=2;

  client [label="Client"], server [label="Server (main port)"], worker [label="Server (worker port)"], hlr [label="HLR (database)"];

  |||;

  --- [label="At any later point in time, whenever the server wants"];

  worker <=> hlr [label="Obtain auth vectors"];

  client <= worker [label="AUTH_REQ (rand, autn)"];

  client => worker [label="AUTH_RESP (res)"];

  worker box worker [label="Verify res == xres?"];

}

}}

If there is no response to the AUTH_REQ within a timeout, up to three re-transmissions are attempted, before declaring the link as dead.

h2. dead peer detection

Procedure operates on on both sides:

* Every time a packet is received, a timer is re-started.  If the timer expires, the link is declared dead, and no further TDMoIP packets are transmitted.

** On the server side, a dead link means the worker port is closed.

** On the client side, a dead link means the client needs to start like in an initial connection attempt by contacting the well-known server port with a HELLO_REQ.