January 23-26, 2007 Ft. Lauderdale, Florida Deploying SIP on a Global Scale Thom O’Connor Director, Product and Services CommuniGate Systems January 25, 2007

January 23-26, 2007 Ft. Lauderdale, Florida VoIP in the News “We are in the midst of a VoIP communications revolution“ - Jeff Pulver The use of IP PBXs is poised to soar, according to a study by In-Stat that predicts sales of these devices will represent 51% of all PBX sales this year and grow to 91% worldwide by Network World, August 2005

January 23-26, 2007 Ft. Lauderdale, Florida Long-term Benefits of VoIP Sophisticated call management – presence, call forwarding/routing Integrated voice, video, file transfer, IM (Arguably) communications at lower cost and with richer media (although the cost benefits of are in transition and debatable) Consolidated identity management Granular policy/compliance capabilities ENUM for convergence of telephone numbers & IP addresses Mobility, access, flexibility

January 23-26, 2007 Ft. Lauderdale, Florida Focusing on SIP-initiated VoIP VoIP is an ambiguous concept encompassing many protocols including H.323, MGCP, SIP, 3GPP/IMS VoIP provides the IP-based transfer of: –Audio & Video (multimedia) –Instant Messages –Client-driven application sharing & whiteboarding Session Initiation Protocol (RFC 3261): SIP provides for open and standards-based signaling SIP provides registration, authentication, and discovery - allows two or more clients to locate each other, select a media type & define media sockets using SDP RTP used for audio/video payload, and often times directly between end devices

January 23-26, 2007 Ft. Lauderdale, Florida Diagram of SIP-initiated VoIP

January 23-26, 2007 Ft. Lauderdale, Florida Network Models for IP Communications 1.Service-Provider Model 2.Internet SIP usage with basic SIP Proxies 3.Client-Server SIP model, trusted users only 4.P2P Model 5.Distributed SIP model

January 23-26, 2007 Ft. Lauderdale, Florida Service-Provider Model Advantages Easy to implement and use for end users Theoretical possibility of security within each provider Standardization not required Disadvantages Proprietary, (often) closed networks Many non-interop devices Relatively few providers, relatively little choice & potential for oligopoly Actual security of data and accounts is unknown Little/no policy control

January 23-26, 2007 Ft. Lauderdale, Florida Internet SIP with basic SIP Proxies Advantages Stateless proxies can achieve high performance, but often not usable or secure Disadvantages Great difficulty in consistent signaling and media establishment with end users, especially those behind firewalls Little or no gateway session control (may be most significant for enterprise users) NAT traversal problems – STUN/TURN provides some NAT capabilities Presence conflicts when more than one end-user agent per user

January 23-26, 2007 Ft. Lauderdale, Florida Client-Server SIP model, trusted users only Advantages Tight authentication and REGISTER control Little threat of Spam, Caller ID spoofing Mostly-secure internal communications “Near-end” and “Far- end” NAT traversal capable (if the SIP infrastructure is) Disadvantages Not truly a Internet- wide distributed SIP infrastructure All non-local sessions routed through PSTN or other public service providers (IM gateways, etc.)

January 23-26, 2007 Ft. Lauderdale, Florida P2P Model Ref: Advantages True IP-to-IP (as well as potentially IP-to-PSTN connectivity) Potentially free and unrestricted for IP-to-IP Cost Disadvantages Not appropriate for Enterprises with controls on security/privacy Implemented today as another closed network Skype authentication network would appear to be a single point of failure Current implementations are not open standards therefore restricted and unknown security Depending on viewpoint… Very difficult to block

January 23-26, 2007 Ft. Lauderdale, Florida Distributed SIP Model -> Begins to look a whole lot like today Advantages True “Internet Communication” Sophisticated SIP gateways with session control capabilities Reliable media streams Server-based presence agents Session border control capabilities allow for content scanning, policy control (such as being able to enforce SIPS and SRTP) Disadvantages Predictable addressing leads to same problems of spam Depending on your point of view, greater possibility of stream interception at gateway choke points (as compared to P2P

January 23-26, 2007 Ft. Lauderdale, Florida Evolutionary Path for Internet Communications? Current IM and “free VoIP” model is similar to that of the PSTN phone network – centralized services providing end-user accounts VoIP as a form of Internet Communications is far more powerful – distributed, open, interoperable with many servers/clients Ultimately – will look more like does today? Move from IP-to-PSTN/PSTN-to-IP to end-to-end, IP-to-IP Trend towards distributed services out towards end-points (domain/DNS-based, maybe true P2P) WiFi/WiMAX phones may provide the last mile for end-to-end Conclusion: SIP/RTP must be implemented via the standards and architectural best practices to be opened at the gateway points

January 23-26, 2007 Ft. Lauderdale, Florida Implications of Distributed VoIP Recipients must be given tools to manage accessibility and risks Strong requirements for user and domain-level authentication and ultimately, reputation services Requirements for relay protections, content filtering, gateway policies, anti-spoofing, lawful intercept Protection against DDoS, IP-based restrictions - RBLs, blacklists, whitelists User-based rules for protection Requirements for HA, clustering, and QOS Less reliance/dependence on service providers (acting as oligopolies) Policy management through sophisticated SIP gateway controls

January 23-26, 2007 Ft. Lauderdale, Florida Challenges of Implementing VoIP/SIP SIP protocol still in rolling development Many vendors adding non-standard methods that don’t always interop QOS and bandwidth issues, lost/out-of-order packets Power over Ethernet (PoE) not widespread Each SIP end-user device may state its own presence “Near-end” and “Far-end” NAT traversal Little policy/compliance for end-to-end data transfer Scalability & HA of VoIP infrastructure Emergency procedures (911) Security challenges (data capture, MITM, DDoS, virus?, encryption not commonly used) CALEA – capturing end-point data and media (though not necessarily un-encrypted media)

January 23-26, 2007 Ft. Lauderdale, Florida Dynamic Cluster with SIP Farm Single-address for , collaboration, and VoIP traffic can be separated from SIP Farm Consolidated Identity management but Frontends are “specialized” Protects voice QOS even in event of DDoS or spam

January 23-26, 2007 Ft. Lauderdale, Florida Implications of Presence & Availability Far more invasive to be receiving voice calls unexpectedly than /IM Requires assurance of identity in order to make presence and availability decisions Presence could reveal vulnerabilities, and must be granted granularly and selectively, especially outside the protected environment

January 23-26, 2007 Ft. Lauderdale, Florida Total Converged Solution with CGP Complete SIP- based infrastructure and applications Personalized voice and data services for thousands of domains All-Active Dynamic Cluster for % uptime for Messaging and Real-time traffic CGP handles all SBC and NAT traversal functions CommuniGate Pro

January 23-26, 2007 Ft. Lauderdale, Florida Super Cluster Cluster of Clusters Used for scaling when regions are desired or when limited by storage subsystem Capable of sharing mailboxes between Backend clusters

January 23-26, 2007 Ft. Lauderdale, Florida CGP is not a Closed System The closed-network model for VoIP will inevitably end No one ever needs to ask whether their system can send an to Yahoo Insecure for business – relies on outside, often unknown vendors Susceptible to cost hikes Not based on standards Not a true “end-to-end” model for direct connectivity Not a real Internet model - based more on the PSTN of the past

January 23-26, 2007 Ft. Lauderdale, Florida CGP Embraces Open Standards Open, RFC-compliant standards ensure all users can communicate The distributed Internet model has been proven with , and is inevitable with voice Businesses are empowered with the ability to define their security and privacy policies Service Providers can offer security and encryption as well as perform Lawful Interception All users can choose their own choice of client for , collaboration, and voice and still interoperate with one another

January 23-26, 2007 Ft. Lauderdale, Florida EdgeGate Services In a Dynamic Cluster, the CommuniGate Pro “Frontend Servers” handle most EdgeGate Services In the Core Server, all functions handled on the same server Built-in Connection flow control, SPF, Reverse Connect, and Session Border Control Third-party plugins provided to complete the anti- spam/anti-virus defense: - Mailshell SpamCatcher - Cloudmark Authority - McAfee VirusScan - Sophos Virus Scanner - Kaspersky Virus Scanner

January 23-26, 2007 Ft. Lauderdale, Florida Massively Scalable Clustering for VoIP Signaling Session Media Session Media Session Media Proxy Media Session

January 23-26, 2007 Ft. Lauderdale, Florida HP-CommuniGate-Navtel VoIP Benchmark

January 23-26, 2007 Ft. Lauderdale, Florida VoIP Benchmark Results - Navtel

January 23-26, 2007 Ft. Lauderdale, Florida VoIP Benchmark Results - sipp

January 23-26, 2007 Ft. Lauderdale, Florida