A Slice of TADSummit: Open Source

In this series of weblogs, A Slice of TADSummit, we review some of the important themes from TADSummit EMEA Americas 2020. This slice focuses on Open Source.

Thank you to all the presenters and our sponsors: Automat BerlinGoContactRadisys, and Sangoma for making TADSummit possible.

In putting this slice together I realized how many sessions included open source. It’s a component of almost every presentation given at TADSummit this year.

Programmable Telecoms inside a Telco. Jesus Cruz Manjavacas, VAS Development Expert at PLAY

PLAY in Poland has been part of TADSummit since 2014, and a sponsor of TADHack Warsaw in 2016. The PlayAPI is one of the longest running Telco API programs, since 2011.

Jesus’s experience in moving from SIP servlets on Sailfin is a great example of how technology decisions can be changed. In fact, this should be expected as technology develops.

Moving to Kamailio and FreeSWITCH is a wise move. And having Kamailio in their architecture enables not only the migration from legacy stacks, but also other open source application servers like Asterisk, FONOS, and Drachtio to be brought in as well. Further minimizing technology risk. And even Kamailio can be changed out for OpenSIPS. So PLAY have created a flexible, low risk, modern architecture which many communication service providers should copy. OVOO are PLAY’s partner for the Virtual PBX service, and its open source experts, a point Jesus highlights in his presentation.

More telcos should highlight the important role open source plays in their network and services.

Cloud Native Function for 5G success. Grzegorz Sikora, Business Development at OVOO

Greg provided an introduction to OVOO and the blueprint they use for cloud native, predominantly open source based, which he presented last year at TADSummit EMEA 2019. For this session OVOO builds on the CNCF (Cloud Native Computing Foundation) webinar demo, the step by step migration from VNF (Virtual Network Function) to CNF (Cloud Network Function) for a messaging gateway (one of OVOO’s products).

Project Fonos: An open-source framework for CPaaS building. Pedro Sanders, Project Leader Fonos

Project FONOS is a framework for CPaaS building. It aims to help organizations of all sizes reduce time to market, protect private data, and avoid vendor lock-in. Project Fonos has been engineered to run in cloud environments such as Kubernetes and be scalable and modular — it is up to you to decide which components to use. Best of all, it is open-source!

This talk presents the project’s architecture, its benefits, and the current roadmap. It will also demonstrate advanced use-cases, such as creating Conversational Programmable Voice Applications (C-PVAs).

The Difference Between Your Project Succeeding or Burning To A Crisp Is Actually You. Dan Jenkins, Founder at Nimble Ape & Director at CommCon Events

This is a fun and insightful presentation. I love Dan’s multiple rants on Zoom, “Zoom is a virus!” It’s entertaining, and done to highlight the scale of the problem open source RTC projects face – the Zoom Effect.

Most developers are short on time, things must be EASY. Dan demonstrates just how easy Jitsi Meet is to set up, not Jitsi video bridge. Almost a one line install, after the download, and follow the installation guide (UI needs to be slick with the noob options as default) to get a fully functional video conferencing service.

Security and Real-time Communications – a maze of twisty little passages, that all look alike. Olle E. Johansson, Consultant in network security and real-time communication – PKI, webrtc, SIP , XMPP, Kamailio and Asterisk expert.

Because Olle has worked on this topic for 30+ years, he’s able present the current situation in an insightful context. SIP brought the telecom and datacom worlds together. Those world’s have very different trust models.  Which has resulted in the problems we see today.

This is a long presentation (50 mins) but well worth your time, do take advantage of the fika (coffee) breaks Olle includes in the presentation. Even listening at 2X, there’s much covered, so you need to take a break to consolidate all the insights. I learned much, and Olle freely shares his views on the security standards and their strengths and weaknesses.

Getting offensive: a different approach to RTC security. Sandro Gauci, CEO / Senior Penetration Tester / Chief mischief officer at Enable Security GmbH

Sandro explains how defensive security needs the offensive side of security to have the desired effect. There are practical examples of how a purely defensive approach to RTC security fails.

Sandro provides a great review of the current status of RTC security, with some very revealing stories from the trenches across VoIP and WebRTC. His comments on STIR/SHAKEN increasing the attack surface because of its complexity makes sense, especially as its designed by committee and while adopting many of the latest techniques lacks the battle testing from the trenches.

His core recommendation is using threat modelling and offensive security (think evil) together to deliver better protection across CIA (Confidentiality, Integrity, and Availability). As penetration testing does not mean your infrastructure is secure.

The importance of cloud-native core services in a Telco World. Carsten Bock, Managing Director CTO, ng-voice GmbH

ng-voice started back in 2011 as a group of open source VoIP pioneers, their initial focus was VoLTE, see “Kamailio Open Source VoLTE”  demo Carsten gave in 2015. Today they are a full 4G/ 5G cloud supplier for telcos and private LTE networks.

The two deployment examples Carsten reviews of scaling voice and HSS (Home Subscriber Server) are very interesting. Highlighting the importance of DevOps, the challenges with voice, and making the case for why you need to scale each interface of a HSS independently (micro-services). Which is all backed up by ng-voice’s extensive IMS core deployment experiences using open source telecom software.

Daniel-Constantin Mierla, co-founder and core developer of the Kamailio SIP Server, co-organizer of Kamailio World, and world-renowned consultant in SIP, VoIP and WebRTC at Asipto.

This was a fun review of the state of play across RTC (Real Time Communications). There’s still much work to do on open source education, and making the projects accessible to ever more developers and technologists.

The role of global cloud providers falls into ‘frenemy’ territory. They use many open source telecom projects, and make them more accessible to developers around the world. But they also are focused on locking developers into their services.

VoIP Monitoring As A Code With SIP3. Oleg Agafonov (Co-founder and CTO at SIP3)

I’m really pleased Oleg from SIP3 is able to be part of TADSummit EMEA Americas 2020. His presentation was a great education for me. The keys to visibility are monitoring, troubleshooting, and tracing.

I’d not appreciated just how vast the metrics for SIP and RTP monitoring were. Plus how programmatic SIP3 has made them with custom attributes for your situation.

Alerting rather than customer trouble tickets is often an aspiration ? But the grouping of attributes, the use of operators, and inspiration from Wireshark for advanced search impressed me in their state of the art approach.

Oleg shares the broader vision of SIP3’s role across analysis/design, implementation, test, deployment and maintenance. Please check out SIP3.

Open Source Telecom Software Survey 2020. Alan Quayle, Founder TADSummit and TADHack, Independent Consultant

I’ll just mention two of the conclusions, to not pre-empt most of the presentation:

  • Telecom open source projects need to globalize (India, rest of Asia, Middle East, Russia) and adopt web best practices (documentation (expert), examples, code samples, training).
  • A cricket analogy: We’ve just completed the first innings in Telecom OSS (20 years), there are at least 3 more (60 years) to go! Today’s situation is temporary, we’ve got much work ahead of us! Young projects today could dominate in 5-8 years, also work in the decentralized web could prove to become quite influential.

Amandine Le Pape, COO & co-founder at Element; Co-founder at The Matrix.org Foundation; and Matthew Hodgson, Technical Co-founder at Matrix.org

We saw recently Slack was bought for $28B on $234M quarterly revenue by SFDC. Open source communications standard Matrix / Element is getting closer in user experience to Slack. That gap can be insignificant for some use cases, e.g. collaboration during TADHack Global.  I think Matrix has the potential to impact communications more than most open source projects to date. And will definitely impact the future of Slack within SFDC.

We cover lots of topics in the interview including P2P Matrix and some interesting future business ideas. The final question on threats to Matrix, come from governments. In this recent weblog Matthew discusses the broken thinking in backdoor access to end-to-end encryption. Matthew’s request is to get out there and blog / tweet / contact your elected representative on this issue.