sangoma session border controllers€¢ qos & qoe (quality of experience) for enterprise...

Sangoma Session Border Controllers

Ernesto Casas Fernando Alfaro

Moisés Silva October 29, 2013

Inside this Deck

• About Sangoma Technologies

• Reasons for Session Border Controllers

• Sangoma’s SBC product portfolio

• Use Cases

• Walkthrough

• Closing

2

© 2013 Sangoma Technologies

About Sangoma

• Industry pioneer with over 25 years of experience in communications hardware and software

• Publicly traded company since 2000 – TSXV: STC

• One of the most financially healthy companies in our industry – Growing, Profitable, Cash on the Balance Sheet, No Debt

• Mid-market sized firm with just under 100 staff in all global territories – Offices in Canada (Toronto), US (CA, NJ), EU (UK & Holland), APAC (India), CALA

(Miami)

• World wide customer base – Selling direct to carriers and OEMs – Selling to the enterprise through a network of distribution partners

3


4


World Class Customers

World Class Products

• Voice Telephony Boards – Analog/digital/hybrid, WAN, ADSL

• Session border controllers • Portfolio of Lync Server 2013 Products

– Lync Express – Session Border Controllers – Gateways

• VoIP Gateways – Net Border Carrier Gateways

• SS7, PRI, R2

– Vega Enterprise Gateways • PRI, PR2, Analog, BRI

• Call Center Software – NetBorder Express, Call Progress Analyzer

• Transcoding (boards/appliances) • Fiber connectivity (STM1) • Wireless products

5


DRIVERS FOR SESSION BORDER CONTROLLERS

Why Session Border Controllers

• SBC are installed at the edge of VoIP Networks to facilitate end to end VoIP transmission without compromising network security

• Several reasons: – New security issues introduced with SIP protocol – Fix Interoperability issues – Implementation of UC/Collaboration feature

• SBC are typically implemented as Back to Back User Agents (B2BUA) – All SIP and Media (voice) traffic transit through SBCs

7


8


B2BUA Explained

• SIP Normalization

• Security • Transcoding • CDRs • RTCP QoS

report • Call Access

Control • Management • GUI / config • DSP resources • Etc.

Eth pipe

SIP port

RTP ports

SIP port

RTP ports

Eth pipe SIP

Media

SIP

Media

SBC

Because the SBC ‘sees’ all SIP and RTP traffic coming from both sides, it can analyze, fix, control, etc.

9


Where are the User Agents (UA)?

• SIP Normalization

• Security • Transcoding • CDRs • RTCP QoS

report • Call Access

Control • Management • GUI / config • DSP resources • Etc.

Eth pipe

SIP port

RTP ports

SIP port

RTP ports

Eth pipe SIP

Media

SIP

Media

SBC SIP UA SIP UA

They are back to back!

Looks can be deceiving: Sessions vs Calls

• Some vendors rate their SBCs with Sessions counts – 1 Session = 1 User Agent

– 1 Call = 2 User Agents

– An SBC with 1000 sessions capacity really carries only 500 calls end to end

• Sangoma: – 1 Session = 1 Call = 2 User Agents

– A Sangoma SBC rated for 1000 Sessions means it can carry 1000 calls

10


Initial Drive for Session Border Controllers

• Traverse firewalls for end-to-end VoIP telephony • Without SBCs

– SIP protocol does not work with NAT functions in firewalls – Forward SIP/RTP ports on firewalls

• Opens up security issues

– Set-up VPNs • Costly to manage/Bandwidth limitations/subscriber mgmt

– Firewall Application Layer Gateways (ALG) • OK, brings other limitations for other SIP issues

• SBCs fix this issue by remapping IP and Ports in SIP Messages and RTP port addressing

11


Security Issues

• Connectivity to other IP Networks introduces security issues – Denial of Service (DoS) attacks

– Toll Fraud by manipulating media

– Topology hiding (SIP via’s, hops, etc.)

• Firewalls cannot act on all these security issues unless it is SIP aware (SIP ALG) – Some firewall vendors offer SIP ALGs, but it is not

enough

12


SIP Interoperability Challenges

• SIP RFC3261 – Largest RFC – Not a tight specification like ITU

specs for instance – Uses Should, Can, May, Option a lot – It is a recommendation, not a hard

rule, lots of room for interpretation

• Result – Everyone is compliant to RFC3261 – But hard time to interop!

• For end to end VoIP Interworking, SBCs come to the rescue by ‘fixing’ these differences

13


Additional Interop Challenges

• It’s not just SIP signaling • Media can also need fixing for end to end communications to

become possible: – Codecs mismatch – Fax T.38/Inband Fax – RFC2833/INFO/Inband DTMF Methods – RTP and SRTP

• IPV6 vs IPV4 • UDP vs TCP (example with MS Lync) • TLS/SRTP interop with SIP/RTP • Firewalls cannot address these – do not have DSPs to process

media

14


Integration at the edge has its advantages

• Because SBC ‘see’ all traffic, they have evolved to be much more than interop/security devices – Magnet for core VoIP functionality!

• Migration – Intelligent call routing for VoIP • Lawful intercept – call forking for recording devices • Quality of Service reporting • Billing • Intrusion Management • Session Border Controllers have

become essential in VoIP deployments! 15


Rule of Thumb/Best Practices

• Everywhere a VoIP Network needs to interface to another VoIP Network, you need an SBC

• Same rule with IP Networking and Firewalls really

• SBC are required in both Carriers and Enterprise Networks

16


IP

Softswitch IP-PBX

SIP

RTP

Enterprise VoIP Network Carrier VoIP Network

SIP

RTP

PRODUCT PORTFOLIO OF SESSION BORDER CONTROLLERS

Vega Enterprise SBC

• Appliance – 25-250 Sessions – H/W DSP acceleration – 1U / 2 x 1 GE ports

• Software Version – 25-500 Sessions/Self-Contained ISO – VM requirements

• 1 Core/1 GB RAM/Bridged

• Software/Hybrid Version - UNIQUE – 25-500 Sessions/Self-Contained ISO – VM requirements

• 1 Core/1 GB RAM/Bridged

– H/W DSP acceleration

18

D150


NetBorder Carrier SBC

• Appliance

– 400-4000 Sessions

– H/W DSP acceleration

– 1U / 2 x 1 GE ports

– RAID 1

19


Product Highlights – All SBCs

• Efficient Scaling from 25 to 4000 Sessions/Calls – 1 session per voice call – SIP Registrations do not consume

sessions

• Web GUI for ease of Configuration and Deployment

• Session-based licensing, no hidden costs or fees

• Cost-Effective Carrier-Class Features and Performance

• Network Interconnect Point for SIP Trunking

• QOS & QOE (Quality of Experience) for Enterprise Networks

• Encryption and Security • Topology Hiding for Fraud

Protection • DoS/DDoS Attack Protection • Far End NAT traversal • Voice, Video, Fax, IM and

Presence Support • SIP-SIP Interworking & protocol

normalization • Certifications for

20


Product Highlights – All SBCs

• SIP Intrusion Prevention • SIP Registration Scan Attack

Detection • SIP Request Rate Limiting • SIP Load Limitation • SIP Registration Pass-thru • SIP Header Normalization • SIP Malformed Packet

Protection • Intelligent media

anchoring/release

• RTCP Statistics Reports • Call Access Control

– Limits call rate and total calls per user or IP

• Call Security with TLS / SRTP • RTP Transcoding

– G.711, G.722, G.729, G.726, G.723.1, iLBC, AMR, G.722.1

• T.38 Fax Relay • RADIUS CDR and Authentication • VLAN • QoS (ToS or Diffserv) • RESTful WEB APIs

21


Advanced XML Routing Engine

• Dynamic Load Balancing and Call Routing

• Least Cost Routing

• ENUM Routing

• Know your regular expressions! – ‘Joke’ aside Sangoma can help you

with your dial plans via Professional Services

– Future releases to have GUI routing rules

22


23


Browser-Based GUI

24


Rear View

DSP resources

‘Internal’ GigE port ‘External’ GigE port

Display, USB

CARRIER/SERVICE PROVIDER APPLICATIONS AND USE CASES

NetBorder Series SBC

Carrier SBC for SIP ‘dial tone’

26

ITSP

Softswitch

SBC Broadband

NAT/FW

NAT/FW

SIP

SIP

SIP SIP

ATA

NAT/FW

SIP

SIP

SBC: • Performs SIP Security functions • Far End NAT Traversal • Peering with other SIP providers • SIP harmonization • Media harmonization • Call Admission Control

Residential

Residential

SOHO

SIP


SIP Trunking

27


This NetBorder SBC

protects the ITSPs network

SIP Network Peering/ IP Carrier Interconnect

• Use IP for inter-carrier links

• No TDM conversion required: – Decrease complexity

– Better voice quality, less delay, less transcoding

28


Carrier Interconnect Mediation

• Secure carrier network

• Normalise SIP messaging (ease interop)

• Transcoding between carriers

29


BUSINESS APPLICATIONS AND USE CASES

Vega Series SBC

Enterprise SIP Trunking

Vega eSBC

ITSP SIP SIP

IP-PBX

IP SIP

Vega eSBC

ITSP SIP SIP

IP-PBX

IP SIP

DMZ Deployment

Direct Deployment on Public IP address

31


External FW/NAT

Internal FW

Secure Access Control for Remote users or Telecommuters

Vega eSBC

ITSP SIP SIP

IP-PBX

IP SIP

32


External FW/NAT

Internal FW

Home Office, Mobile Users, Telecommuters

SIP

Vega eSBC: • Pass-through SIP registration on IP-PBX • Remote FW/NAT traversal • Call Admission Control • Topology Hiding

Ext 101

Ext 102

Multi-Site Consolidation

Vega eSBC

ITSP SIP SIP

IP-PBX

IP SIP

33

IP-PBX

IP-PBX

SIP

SIP WAN

WAN

SBC: • Large Central SIP trunk

• Economies of scale • Remove Multi-Sites PRIs

• Intelligent Call Routing • Sophisticated dial plans

• Performs SIP Security functions • SIP harmonization • Media harmonization


• Convert SIP over TCP to SIP over UDP

• Some devices require SIP/TCP

– e.g. Microsoft Lync

SIP Signaling Conversion

34


Legacy PBX migration to Microsoft Lync

35

Vega eSBC

Mediation Server

Lync Server

Lync User

ITSP SIP

SIP

SIP

IP-PBX

Active Directory

SBC: • Performs SIP Security functions • UDP/TCP Translation • SIP harmonization

• Media harmonization • Intelligent Call Routing

• Active Directory Routing • Unified Dial Plan


Vega eSBC

Mediation Server

Lync Server

Lync User

ITSP SIP

SIP

SIP

Vega 5000

Active Directory

Analog 5000

Microsoft Lync Transition with Analog Lines

36

SBC: • Performs SIP Security functions • UDP / TCP translation • SIP harmonization

• Media harmonization • Intelligent Call Routing

• Active Directory Routing • Unified Dial Plan


CONFIGURATION WALKTHROUGH

Documentation

• http://wiki.sangoma.com/NetBorder-Session-Controller

• Frequently updated wiki – HTML/pdf based

documentation

• Includes: – Admin guide

– Step-by-step configuration

– Technical documents

– Quick Start Guide

38


http://wiki.sangoma.com/NetBorder-Session-Controller







SBC Configuration Steps/Panels

39


Signalling Interfaces

Media Interfaces

Domain Profile

Media Profile

Call Routing SIP Trunk SIP Profile

Domain User Accounts

40


Browser-Based GUI

Now switch to Live GUI walkthrough

CLOSING

Summary

• Sangoma has a wide range of flexible SBCs, saleable from small enterprise to large carrier

• Easy licensing and field upgradeable

• Full feature set

• Cost effective compared to competition


42

For More Info

• Guide to Session Border Controllers http://wiki.sangoma.com/NetBorder-Session-Controller

• For future training, visit http://www.sangoma.com/resources/training

43







http://sangoma.com/resources/training

http://sangoma.com/resources/training

Contact Us

44

• Sangoma Technologies 100 Renfrew Drive, Suite 100 Markham, Ontario L3R 9R6 Canada

• Website http://www.sangoma.com/

• Telephone +1 905 474 1990 x2 (for Sales)

• Email [email protected]


http://www.sangoma.com/

mailto:[email protected]

THANK YOU

sangoma session border controllers€¢ qos & qoe (quality of experience) for enterprise...

Documents