sangoma session border controllers€¢ qos & qoe (quality of experience) for enterprise...
TRANSCRIPT
Inside this Deck
• About Sangoma Technologies
• Reasons for Session Border Controllers
• Sangoma’s SBC product portfolio
• Use Cases
• Walkthrough
• Closing
2
© 2013 Sangoma Technologies
About Sangoma
• Industry pioneer with over 25 years of experience in communications hardware and software
• Publicly traded company since 2000 – TSXV: STC
• One of the most financially healthy companies in our industry – Growing, Profitable, Cash on the Balance Sheet, No Debt
• Mid-market sized firm with just under 100 staff in all global territories – Offices in Canada (Toronto), US (CA, NJ), EU (UK & Holland), APAC (India), CALA
(Miami)
• World wide customer base – Selling direct to carriers and OEMs – Selling to the enterprise through a network of distribution partners
3
© 2013 Sangoma Technologies
World Class Products
• Voice Telephony Boards – Analog/digital/hybrid, WAN, ADSL
• Session border controllers • Portfolio of Lync Server 2013 Products
– Lync Express – Session Border Controllers – Gateways
• VoIP Gateways – Net Border Carrier Gateways
• SS7, PRI, R2
– Vega Enterprise Gateways • PRI, PR2, Analog, BRI
• Call Center Software – NetBorder Express, Call Progress Analyzer
• Transcoding (boards/appliances) • Fiber connectivity (STM1) • Wireless products
5
© 2013 Sangoma Technologies
Why Session Border Controllers
• SBC are installed at the edge of VoIP Networks to facilitate end to end VoIP transmission without compromising network security
• Several reasons: – New security issues introduced with SIP protocol – Fix Interoperability issues – Implementation of UC/Collaboration feature
• SBC are typically implemented as Back to Back User Agents (B2BUA) – All SIP and Media (voice) traffic transit through SBCs
7
© 2013 Sangoma Technologies
8
© 2013 Sangoma Technologies
B2BUA Explained
• SIP Normalization
• Security • Transcoding • CDRs • RTCP QoS
report • Call Access
Control • Management • GUI / config • DSP resources • Etc.
Eth pipe
SIP port
RTP ports
SIP port
RTP ports
Eth pipe SIP
Media
SIP
Media
SBC
Because the SBC ‘sees’ all SIP and RTP traffic coming from both sides, it can analyze, fix, control, etc.
9
© 2013 Sangoma Technologies
Where are the User Agents (UA)?
• SIP Normalization
• Security • Transcoding • CDRs • RTCP QoS
report • Call Access
Control • Management • GUI / config • DSP resources • Etc.
Eth pipe
SIP port
RTP ports
SIP port
RTP ports
Eth pipe SIP
Media
SIP
Media
SBC SIP UA SIP UA
They are back to back!
Looks can be deceiving: Sessions vs Calls
• Some vendors rate their SBCs with Sessions counts – 1 Session = 1 User Agent
– 1 Call = 2 User Agents
– An SBC with 1000 sessions capacity really carries only 500 calls end to end
• Sangoma: – 1 Session = 1 Call = 2 User Agents
– A Sangoma SBC rated for 1000 Sessions means it can carry 1000 calls
10
© 2013 Sangoma Technologies
Initial Drive for Session Border Controllers
• Traverse firewalls for end-to-end VoIP telephony • Without SBCs
– SIP protocol does not work with NAT functions in firewalls – Forward SIP/RTP ports on firewalls
• Opens up security issues
– Set-up VPNs • Costly to manage/Bandwidth limitations/subscriber mgmt
– Firewall Application Layer Gateways (ALG) • OK, brings other limitations for other SIP issues
• SBCs fix this issue by remapping IP and Ports in SIP Messages and RTP port addressing
11
© 2013 Sangoma Technologies
Security Issues
• Connectivity to other IP Networks introduces security issues – Denial of Service (DoS) attacks
– Toll Fraud by manipulating media
– Topology hiding (SIP via’s, hops, etc.)
• Firewalls cannot act on all these security issues unless it is SIP aware (SIP ALG) – Some firewall vendors offer SIP ALGs, but it is not
enough
12
© 2013 Sangoma Technologies
SIP Interoperability Challenges
• SIP RFC3261 – Largest RFC – Not a tight specification like ITU
specs for instance – Uses Should, Can, May, Option a lot – It is a recommendation, not a hard
rule, lots of room for interpretation
• Result – Everyone is compliant to RFC3261 – But hard time to interop!
• For end to end VoIP Interworking, SBCs come to the rescue by ‘fixing’ these differences
13
© 2013 Sangoma Technologies
Additional Interop Challenges
• It’s not just SIP signaling • Media can also need fixing for end to end communications to
become possible: – Codecs mismatch – Fax T.38/Inband Fax – RFC2833/INFO/Inband DTMF Methods – RTP and SRTP
• IPV6 vs IPV4 • UDP vs TCP (example with MS Lync) • TLS/SRTP interop with SIP/RTP • Firewalls cannot address these – do not have DSPs to process
media
14
© 2013 Sangoma Technologies
Integration at the edge has its advantages
• Because SBC ‘see’ all traffic, they have evolved to be much more than interop/security devices – Magnet for core VoIP functionality!
• Migration – Intelligent call routing for VoIP • Lawful intercept – call forking for recording devices • Quality of Service reporting • Billing • Intrusion Management • Session Border Controllers have
become essential in VoIP deployments! 15
© 2013 Sangoma Technologies
Rule of Thumb/Best Practices
• Everywhere a VoIP Network needs to interface to another VoIP Network, you need an SBC
• Same rule with IP Networking and Firewalls really
• SBC are required in both Carriers and Enterprise Networks
16
© 2013 Sangoma Technologies
IP
Softswitch IP-PBX
SIP
RTP
Enterprise VoIP Network Carrier VoIP Network
SIP
RTP
Vega Enterprise SBC
• Appliance – 25-250 Sessions – H/W DSP acceleration – 1U / 2 x 1 GE ports
• Software Version – 25-500 Sessions/Self-Contained ISO – VM requirements
• 1 Core/1 GB RAM/Bridged
• Software/Hybrid Version - UNIQUE – 25-500 Sessions/Self-Contained ISO – VM requirements
• 1 Core/1 GB RAM/Bridged
– H/W DSP acceleration
18
D150
© 2013 Sangoma Technologies
NetBorder Carrier SBC
• Appliance
– 400-4000 Sessions
– H/W DSP acceleration
– 1U / 2 x 1 GE ports
– RAID 1
19
© 2013 Sangoma Technologies
Product Highlights – All SBCs
• Efficient Scaling from 25 to 4000 Sessions/Calls – 1 session per voice call – SIP Registrations do not consume
sessions
• Web GUI for ease of Configuration and Deployment
• Session-based licensing, no hidden costs or fees
• Cost-Effective Carrier-Class Features and Performance
• Network Interconnect Point for SIP Trunking
• QOS & QOE (Quality of Experience) for Enterprise Networks
• Encryption and Security • Topology Hiding for Fraud
Protection • DoS/DDoS Attack Protection • Far End NAT traversal • Voice, Video, Fax, IM and
Presence Support • SIP-SIP Interworking & protocol
normalization • Certifications for
20
© 2013 Sangoma Technologies
Product Highlights – All SBCs
• SIP Intrusion Prevention • SIP Registration Scan Attack
Detection • SIP Request Rate Limiting • SIP Load Limitation • SIP Registration Pass-thru • SIP Header Normalization • SIP Malformed Packet
Protection • Intelligent media
anchoring/release
• RTCP Statistics Reports • Call Access Control
– Limits call rate and total calls per user or IP
• Call Security with TLS / SRTP • RTP Transcoding
– G.711, G.722, G.729, G.726, G.723.1, iLBC, AMR, G.722.1
• T.38 Fax Relay • RADIUS CDR and Authentication • VLAN • QoS (ToS or Diffserv) • RESTful WEB APIs
21
© 2013 Sangoma Technologies
Advanced XML Routing Engine
• Dynamic Load Balancing and Call Routing
• Least Cost Routing
• ENUM Routing
• Know your regular expressions! – ‘Joke’ aside Sangoma can help you
with your dial plans via Professional Services
– Future releases to have GUI routing rules
22
© 2013 Sangoma Technologies
24
© 2013 Sangoma Technologies
Rear View
DSP resources
‘Internal’ GigE port ‘External’ GigE port
Display, USB
Carrier SBC for SIP ‘dial tone’
26
ITSP
Softswitch
SBC Broadband
NAT/FW
NAT/FW
SIP
SIP
SIP SIP
ATA
NAT/FW
SIP
SIP
SBC: • Performs SIP Security functions • Far End NAT Traversal • Peering with other SIP providers • SIP harmonization • Media harmonization • Call Admission Control
Residential
Residential
SOHO
SIP
© 2013 Sangoma Technologies
SIP Network Peering/ IP Carrier Interconnect
• Use IP for inter-carrier links
• No TDM conversion required: – Decrease complexity
– Better voice quality, less delay, less transcoding
28
© 2013 Sangoma Technologies
Carrier Interconnect Mediation
• Secure carrier network
• Normalise SIP messaging (ease interop)
• Transcoding between carriers
29
© 2013 Sangoma Technologies
Enterprise SIP Trunking
Vega eSBC
ITSP SIP SIP
IP-PBX
IP SIP
Vega eSBC
ITSP SIP SIP
IP-PBX
IP SIP
DMZ Deployment
Direct Deployment on Public IP address
31
© 2013 Sangoma Technologies
External FW/NAT
Internal FW
Secure Access Control for Remote users or Telecommuters
Vega eSBC
ITSP SIP SIP
IP-PBX
IP SIP
32
© 2013 Sangoma Technologies
External FW/NAT
Internal FW
Home Office, Mobile Users, Telecommuters
SIP
Vega eSBC: • Pass-through SIP registration on IP-PBX • Remote FW/NAT traversal • Call Admission Control • Topology Hiding
Ext 101
Ext 102
Multi-Site Consolidation
Vega eSBC
ITSP SIP SIP
IP-PBX
IP SIP
33
IP-PBX
IP-PBX
SIP
SIP WAN
WAN
SBC: • Large Central SIP trunk
• Economies of scale • Remove Multi-Sites PRIs
• Intelligent Call Routing • Sophisticated dial plans
• Performs SIP Security functions • SIP harmonization • Media harmonization
© 2013 Sangoma Technologies
• Convert SIP over TCP to SIP over UDP
• Some devices require SIP/TCP
– e.g. Microsoft Lync
SIP Signaling Conversion
34
© 2013 Sangoma Technologies
Legacy PBX migration to Microsoft Lync
35
Vega eSBC
Mediation Server
Lync Server
Lync User
ITSP SIP
SIP
SIP
IP-PBX
Active Directory
SBC: • Performs SIP Security functions • UDP/TCP Translation • SIP harmonization
• Media harmonization • Intelligent Call Routing
• Active Directory Routing • Unified Dial Plan
© 2013 Sangoma Technologies
Vega eSBC
Mediation Server
Lync Server
Lync User
ITSP SIP
SIP
SIP
Vega 5000
Active Directory
Analog 5000
Microsoft Lync Transition with Analog Lines
36
SBC: • Performs SIP Security functions • UDP / TCP translation • SIP harmonization
• Media harmonization • Intelligent Call Routing
• Active Directory Routing • Unified Dial Plan
© 2013 Sangoma Technologies
Documentation
• http://wiki.sangoma.com/NetBorder-Session-Controller
• Frequently updated wiki – HTML/pdf based
documentation
• Includes: – Admin guide
– Step-by-step configuration
– Technical documents
– Quick Start Guide
38
© 2013 Sangoma Technologies
SBC Configuration Steps/Panels
39
© 2013 Sangoma Technologies
Signalling Interfaces
Media Interfaces
Domain Profile
Media Profile
Call Routing SIP Trunk SIP Profile
Domain User Accounts
Summary
• Sangoma has a wide range of flexible SBCs, saleable from small enterprise to large carrier
• Easy licensing and field upgradeable
• Full feature set
• Cost effective compared to competition
© 2013 Sangoma Technologies
42
For More Info
• Guide to Session Border Controllers http://wiki.sangoma.com/NetBorder-Session-Controller
• For future training, visit http://www.sangoma.com/resources/training
43
© 2013 Sangoma Technologies
Contact Us
44
• Sangoma Technologies 100 Renfrew Drive, Suite 100 Markham, Ontario L3R 9R6 Canada
• Website http://www.sangoma.com/
• Telephone +1 905 474 1990 x2 (for Sales)
• Email [email protected]
© 2013 Sangoma Technologies