apkt pb slides sbcs vs firewalls 090608
TRANSCRIPT
8/9/2019 APKT PB Slides SBCs vs Firewalls 090608
http://slidepdf.com/reader/full/apkt-pb-slides-sbcs-vs-firewalls-090608 1/8
The leaderin session border control
for trusted, first class
interactive communications
8/9/2019 APKT PB Slides SBCs vs Firewalls 090608
http://slidepdf.com/reader/full/apkt-pb-slides-sbcs-vs-firewalls-090608 2/8
Comparison of SBCsto SIP firewall/ALGs
8/9/2019 APKT PB Slides SBCs vs Firewalls 090608
http://slidepdf.com/reader/full/apkt-pb-slides-sbcs-vs-firewalls-090608 3/8
Firewall with SIP ALG
Back-to-back user agent
– Fully state-aware at
layers 2-7
– Inspects and odi!ies anyapplication layer header in!o
"SIP# S$P# etc%&
– 'an terinate# initiate#
re-initiate signaling ( S$P
– Static ( dynaic A'Ls
)aintains single session
– Fully state-aware at
layers * ( + only
– Inspects and odi!ies onlyapplication layer addresses
"SIP# S$P# etc%&
– ,nable to terinate# initiate#
re-initiate signaling ( S$P
– Static A'Ls only
3 Acme Packet
Summar comparison!
SBCs vs" #irewalls with SIP ALGs
SIP trunking
$ata center
IP PB,' ser.er
SIP trunking
$ata center
IP PB,' ser.er
SB'
8/9/2019 APKT PB Slides SBCs vs Firewalls 090608
http://slidepdf.com/reader/full/apkt-pb-slides-sbcs-vs-firewalls-090608 4/8
SBC vs" firewall w/ SIP ALG comparison
Securit scenarios
4 Acme Packet
,se casescenario Business challenge /echnical re0uireents SB'
F1 wALG
SB'F1$oS$$oSsel!-protection
Prevent malicious ornon-malicious SIPsignaling or mediaattacks & overloadsfrom making the SBCor F non-res!onsive
" #$namicall$ %lock attacks
" #etectre'ect non-com!liant(signaling) !rotocol) trafficlevels* SIP sessions
" Initiate SIP B+,s to tear
don core-side sessions" Statefull$ control legitimate
SIP registrations duringoverloads
3etwork abusecontrol
Prevent unauthori.edor fraudulent netork
usage
" Control num%er & %andidthof simultaneous sessions
" Stri! unauthori.ed codecsfrom S#P headers
" Scan SIP headerattachments forunauthori.ed content
8/9/2019 APKT PB Slides SBCs vs Firewalls 090608
http://slidepdf.com/reader/full/apkt-pb-slides-sbcs-vs-firewalls-090608 5/8
SBC vs" firewall w/ SIP ALG comparison
Application reach, re$ulator scenarios
/ Acme Packet
,se casescenario Business challenge /echnical re0uireents SB'
F1 wALG
IP PB and,' protocolinterworking
0ranslate dissimilarsignaling (SIP) 1233*)trans!ort (#P) 0CP)SC0P* & encr$!tion(none) 05S) S60P)IPsec*
" 0erminate SIP sessionsand translate la$er -7!rotocol information
" Fi8 !rotocol anomalies &inconsistencies
4eote site3A/ tra.ersal
,na%le users %ehindF9A0s to originateand receive :oIP callsand C sessions
" ;ee! F !inholes o!en %$resetting SIP registrationinterval to less than F!ort 005 and caching SIPregistrations %$ F IP!ort
Sessionreplication!or recording
Com!l$ ith regulator$re<uirements andma8imi.e customerservice <ualit$
" 6e!licate all SIP signalingand media to recordingserver(s* in addition tointended reci!ient
" 6e!licate selective or allsessions
8/9/2019 APKT PB Slides SBCs vs Firewalls 090608
http://slidepdf.com/reader/full/apkt-pb-slides-sbcs-vs-firewalls-090608 6/8
SBC vs" firewall w/ SIP ALG comparison
Availabilit scenarios
= Acme Packet
,se case
scenarioBusiness challenge /echnical re0uireents SB'
F1 w
ALG
$ata centerdisasterreco.ery
Assure constant serviceavaila%ilit$ and <ualit$
" 9etork SBC – detectfailure of datacenter SIPsession agents and re-route SIP sessions
" #atacenter SBC – translate!hone num%ers in SIP
headers for SIP trunkgeo-redundanc$
4eote sitesur.i.ability
Provide alternative !athfor :oIPC traffic hen!rimar$ !ath %ecomesunavaila%le
" >onitor link and routingstate of u!stream router &SIP registration state ofremote IP PB?C server
" 6e-route SIP signaling andmedia to alternativetrunking !rovider) PS09media gatea$ or Internet
5igha.ailabilityoperation
,nsure no loss of activesessions or session stateduring failover
" Check!ointing of SIPsignaling) media andconfiguration state %eteen
active & stand%$ elements
8/9/2019 APKT PB Slides SBCs vs Firewalls 090608
http://slidepdf.com/reader/full/apkt-pb-slides-sbcs-vs-firewalls-090608 7/8
SBC vs" firewall w/ SIP ALG comparison
SLA assurance scenarios
7 Acme Packet
,se case scenarioBusinesschallenge /echnical re0uireents SB'
F1 wALG
6o-basedrouting
>a8imi.e voice<ualit$ and relia%ilit$of services anda!!lications
" Activel$ monitor voice @oSthresholds and AS6
" 6e-route or redistri%utetraffic as needed
" 6elease media ithin
access netork to o!timi.e<ualit$
IP PB,' ser.ersessionadission (o.erload control
,nsure continuousservice availa%ilit$and <ualit$) evenunder adverse trafficloads andor attack
" #$namicall$ monitor serverstatus and control SIPsignaling flos to IPPB?C servers accordingl$
8/9/2019 APKT PB Slides SBCs vs Firewalls 090608
http://slidepdf.com/reader/full/apkt-pb-slides-sbcs-vs-firewalls-090608 8/8
The leaderin session border control
for trusted, first class
interactive communications