Presentation is loading. Please wait.

Presentation is loading. Please wait.

January 23-26, 2007 Ft. Lauderdale, Florida SIP Trunking for the Intermediate/Advanced Reseller The SIP Connection From A to Z Presented by Pete Sandstrom,

Published byJane Gaines Modified over 9 years ago

Similar presentations

Presentation on theme: "January 23-26, 2007 Ft. Lauderdale, Florida SIP Trunking for the Intermediate/Advanced Reseller The SIP Connection From A to Z Presented by Pete Sandstrom,"— Presentation transcript:

1

2

3 January 23-26, 2007 Ft. Lauderdale, Florida SIP Trunking for the Intermediate/Advanced Reseller The SIP Connection From A to Z Presented by Pete Sandstrom, CTO BandTel Janne Magnusson, Director Operations Ingate

4 January 23-26, 2007 Ft. Lauderdale, Florida Advanced SIP Session Overview 1. Open Systems Interconnection Model (OSI) is more than a model Real-Time Protocol (RTP Real-Time Control Protocol (RTCP) 2. Quality of Service (QoS) IP – Multi-Protocol Label Switching (MPLS) Peering for Performance 3. SIP Applications – the reason for doing anything 4. SIP Security – protecting what we have 5. SIP trunking CPE Architectures 6. The role of the ITSP – provider performance

5 January 23-26, 2007 Ft. Lauderdale, Florida 1. Open Systems Interconnection (OSI) Understanding Where You Are

6 January 23-26, 2007 Ft. Lauderdale, Florida SIP is a Fully-Featured Protocol

7 January 23-26, 2007 Ft. Lauderdale, Florida RTP Carries SIP over UDP/IP/etc.

8 January 23-26, 2007 Ft. Lauderdale, Florida RTCP Reports on Traffic Conditions Real-Time Control Protocol (RTCP) packets are used to provide QoS measurement reports and other information. The VoIP RTCP Extended Reports (XR) Metrics Report Block (MRB) provides measurements (metrics) for monitoring quality of VoIP calls and conversations. These measurements include packet loss and discard metrics, delay metrics, analog metrics, and voice quality metrics.

9 January 23-26, 2007 Ft. Lauderdale, Florida 2. QoS and the Internet The Economics of peering and why it works in North America Tier I/II space- It is over provisioned and it is Managed

10 January 23-26, 2007 Ft. Lauderdale, Florida QoS and the Internet: The Economics of peering and why it works in North America IP NET NET A drops packets making the other to retransmit, and lowers his overall throughput. That’s lost revenue for B.

11 January 23-26, 2007 Ft. Lauderdale, Florida QoS and the Internet: It is over provisioned and managed MPLS INTERNET

12 January 23-26, 2007 Ft. Lauderdale, Florida VoIP in Private and Public IP Space Local and remote phone stations in private space SIP trunking POPs in public space If MPLS then equipment costs are radically lowered.

13 January 23-26, 2007 Ft. Lauderdale, Florida IP-PBXs Migrate PBXs – ITSPs Emerge ITSP PTSN IP PBX SIP Services GW SAFW SIP-Aware FireWall (SAFW)

14 January 23-26, 2007 Ft. Lauderdale, Florida IP by Itself has No QoS

15 January 23-26, 2007 Ft. Lauderdale, Florida MPLS was Created to Provide QoS

16 January 23-26, 2007 Ft. Lauderdale, Florida 3. SIP Trunking Basic Features SIP Trunking Applications: Competes with and beats T1 trunking “Event notification” - disaster recovery options Add Bandwidth QoS and security provided via SAFW and or MPLS On demand N-way conferencing 411 Directory Assistance Enhanced 911 services Access Directory Listing Local and Inbound Calling Platform for personalized applications and rich media services

17 January 23-26, 2007 Ft. Lauderdale, Florida SIP Trunking Competes VoIP to compete economically, and beat, T1 trunking to a TDM PBX. Hosted can’t scale well and doesn’t fit needs of the enterprise SIP trunking means X voice paths to Y stations where Y/X > 1; generally the ratio would be 4 trunks to 10 stations

18 January 23-26, 2007 Ft. Lauderdale, Florida SIP Trunking Feature - Conferencing On demand business meetings, training, broadcast announcements, call-to-meeting notifications, even reverse 911 are enhanced with SIP trunking.

19 January 23-26, 2007 Ft. Lauderdale, Florida 4. SIP Security & Firewalls Before we explore viable architectures for SIP systems, let’s understand one more critical concept. While SIP brings advancement in VoIP call connections, SIP faces the same security attacks as other IP protocols such as HTTP and SMTP such as malformed message attacks, SPIT-SPam over Internet Telephony, buffer overflow attacks, DOS-Denial-of Service attacks, eavesdropping, hijacking, injection of malicious RTP packets into existing RTP flows and other known and yet to be created attacks. In other words, special SIP firewall and other protection systems are recommended.

20 January 23-26, 2007 Ft. Lauderdale, Florida SIP Trunking Security and Reliability Need to Ensure Enterprise LAN is Correctly Designed for VoIP (i.e. a SIP-Aware Firewall Needs to be in Place) CPE Protection: SIP-Aware Firewall that allows L5 Security (i.e. no L2 pinholes) Require ITSP MD5 or IP Authentication for Account Authorization ITSP Should Split Media and Signaling to Different Redundant Locations, Making Taps Virtually Impossible ITSP Must Have Secure POPs That Can Fend Off all Outside Attacks: - DOS (Denial of Service) - IP Spoofing - SPIT (Spam over Internet Telephony)

21 January 23-26, 2007 Ft. Lauderdale, Florida SIP Trunking Security and Reliability MPLS INTERNET HOT SPOTS DSL-CABLE MODEMS

22 January 23-26, 2007 Ft. Lauderdale, Florida Let’s take a break to understand how your customer may see the “project.”

23 January 23-26, 2007 Ft. Lauderdale, Florida

24

25

26 Now back to getting serious 5. SIP trunking CPE Architectures Type 1 – Dedicated IP Pipe for VoIP Type 2 – Merged MPLS-Pipe with LER Tagging VoIP Type 3 – Merged IP pipe with SIP-Aware Firewall (SAFW) Type 4 – Separate IP Pipe for VoIP with Existing Non-SIP Firewall and SIP-Aware Firewall (SOFW) Type 5 – Merged IP Pipe with Incumbent Non-SIP-Aware Firewall, No DMZ Port and SIP-aware Firewall Type 6 – Looks like Type 5 but Merged IP Pipe with Incumbent Non-SIP-Aware Firewall, No DMZ Port and SIP-Aware Firewall Type 7 – Merged IP Pipe with Incumbent Non-SIP-Aware Firewall with a DMZ Port Type 8 – Merged IP Pipe with Incumbent Non-SIP-Aware Firewall

27 January 23-26, 2007 Ft. Lauderdale, Florida Type 1 – Dedicated IP Pipe for VoIP 1- The IP pipe is dedicated to VoIP so no QoS arrangements are needed with the carrier. 2 - No firewall is needed as there are no LAN connections with other enterprise devices. 3 - This is a common architecture for dedicated media gateway deployments.

28 January 23-26, 2007 Ft. Lauderdale, Florida Type 2 – Merged MPLS-Pipe with LER Tagging VoIP 1 – VoIP and enterprise data share the same IP pipe. MPLS tags the VoIP as the highest priority via the LER-Label Edge Router. 2 – The SAFW handles all SIP addressing transformation issues between the LAN and WAM demarc. 3 – Architecture offers full QoS for VoIP. 4 – Excellent utilization of IP pipe resources.

29 January 23-26, 2007 Ft. Lauderdale, Florida Type 3 – Merged IP pipe with SIP-aware Firewall (SAFW) 1 – VoIP and bulk enterprise share the same IP pipe. 2 – The SAFW-SIP-Aware Firewall handles all the QoS issues by prioritizing VoIP traffic over the bulk enterprise network. 3 – The SAFW handles all SIP addressing transformation issues between the LAN and WAM demarc. 4 – Architecture offers partial QoS for VoIP (no inbound UDP QoS). 5 – Excellent utilization of IP pipe resources.

30 January 23-26, 2007 Ft. Lauderdale, Florida Type 4 – Separate IP Pipe for VoIP with Existing Non- SIP Firewall and SIP-Only Firewall (SOFW) 1 – A separate IP pipe deployed for VoIP traffic only. 2 – QoS for VoIP realized by separating VoIP and bulk traffic to separate IP pipe. 3 – The SIP-Aware Firewall (SAFW) handles all SIP addressing transformation issues between the LAN and WAN demarc. 4 – The SAFE configuration is untouched and handles no VoIP traffic. 5 – No utilization of existing IP pipe for VoIP.

31 January 23-26, 2007 Ft. Lauderdale, Florida Type 5 – Merged IP Pipe with Incumbent Non-SIP- Aware Firewall, No DMZ Port and SIP-Aware Firewall 1 – VoIP and bulk enterprise share the same IP pipe. 2 – QoS is not realized for VoIP as there is no single point to control traffic. Excessive bandwidth is needed for VoIP to function. 3 – The SAFW handles all SIP addressing transformation issues between the LAN and WAM demarc. 4 – The SAFE configuration is untouched and handles no VoIP traffic. 5 – Full utilization of incumbent IP pipe for VoIP realized.

32 January 23-26, 2007 Ft. Lauderdale, Florida 1 – VoIP and bulk enterprise share the same IP pipe. 2 – QoS is realized for VoIP as there is a single point to control traffic. 3 – The SAFW handles all SIP addressing transformation issues between the LAN and WAM demarc. 4 – The SAFE configuration is untouched and handles no VoIP traffic. 5 – Full utilization of incumbent IP pipe for VoIP realized. Type 6 – Looks like Type 5 but Merged IP Pipe with Incumbent Non-SIP-Aware Firewall, No DMZ Port and SIP- Aware Firewall

33 January 23-26, 2007 Ft. Lauderdale, Florida Type 7 – Merged IP Pipe with Incumbent Non-SIP-Aware Firewall with a DMZ Port 1 – VoIP and bulk enterprise share the same IP pipe. 2 – QoS is not realized for VoIP as there is no single point to control traffic. Excessive bandwidth is needed for VoIP to function. 3 – The SAFW handles all SIP addressing transformation issues between the LAN and WAM demarc. 4 – The USAFW configuration is touched to allow VoIP to utilize the SAFE DMZ resource. 5 – Full utilization of incumbent IP pipe for VoIP realized. 6 – Works with the SAFW as SIP traffic traverses twice.

34 January 23-26, 2007 Ft. Lauderdale, Florida Type 8 – Merged IP Pipe with Incumbent Non-SIP-Aware Firewall 1 – VoIP and bulk enterprise share the same IP pipe. 2 – QoS is not realized for VoIP since there is no QoS feature in the SAFE. 3 – The UA handles all SIP addressing transformation issues between the LAN and WAN demarc via SIP NAT transversal features and/or by using STUN- Simple Transversal of User datagram protocol with an external STUN server. 4 – The SAFE security is breached by having ports opened for SIP UDP traffic. 5 – Full utilization of incumbent IP pipe for VoIP realized. 6 – Architecture does not scale well for anything beyond a few VoIP calls. 7 – This is architecture is suited only for hosted VoIP services with a small number of end-user stations in the LAN space.

35 January 23-26, 2007 Ft. Lauderdale, Florida ??? About Architectures Type 1 – Dedicated IP Pipe for VoIP Type 2 – Merged MPLS-Pipe with LER Tagging VoIP Type 3 – Merged IP pipe with SIP-Aware Firewall (SAFW) Type 4 – Separate IP Pipe for VoIP with Existing Non-SIP Firewall and SIP-Aware Firewall (SOFW) Type 5 – Merged IP Pipe with Incumbent Non-SIP-Aware Firewall, No DMZ Port and SIP-aware Firewall Type 6 – Looks like Type 5 but Merged IP Pipe with Incumbent Non-SIP-Aware Firewall, No DMZ Port and SIP-Aware Firewall Type 7 – Merged IP Pipe with Incumbent Non-SIP-Aware Firewall with a DMZ Port Type 8 – Merged IP Pipe with Incumbent Non-SIP-Aware Firewall

36 January 23-26, 2007 Ft. Lauderdale, Florida 6. The ITSP behind the SIP Trunk Getting to the ITSP proxy Resiliency in the event of failure Load to the ITSP proxy (dynamic routing to) When an ITSP element fails (real-time dynamic fault switchover) Getting to the PSTN- PSTN carrier options

37 January 23-26, 2007 Ft. Lauderdale, Florida ITSPs “Peer” For Customer Performance

38 January 23-26, 2007 Ft. Lauderdale, Florida VoIP Network – N-Plus™

39 January 23-26, 2007 Ft. Lauderdale, Florida Special ITSP Services for SIP Trunkers Online Traffic monitoring (TotalView) Online Billing Traffic re-routing (Total Reroute) Silent Running – Bandwidth Conservation

40 January 23-26, 2007 Ft. Lauderdale, Florida Completed Call Percentages

41 January 23-26, 2007 Ft. Lauderdale, Florida Real-Time Call Activity

42 January 23-26, 2007 Ft. Lauderdale, Florida Accounting History

43 January 23-26, 2007 Ft. Lauderdale, Florida 101 Summary SIP trunking competes- and beats T1 Trunking on price and features QoS- SAFW and or MPLS needed for bandwidth QoS SIP Security – private or public, it can be made secure SIP CPE Architecture- critical for creating a secure clear call The ITSP behind the SIP Trunk

44 January 23-26, 2007 Ft. Lauderdale, Florida

45

46

47

48

49

50 Important to have a reliable and well dimensioned network –Consider delay and QoS As secure as the corporate network for e-mail etc. Possible to increase security by implementation of encrypted SIP signaling (TLS) and media (SRTP) Communication on the LAN

51 January 23-26, 2007 Ft. Lauderdale, Florida Without Support for OP With Support for OP 9726780464 @10.500.10.13 Default Gwy: 10.500.10.11 Outb. Proxy: - 9726780464 @168.203.30.11 Default Gwy: 10.500.10.11 Outb. Proxy: - 9726780464 @168.203.30.11 Default Gwy: 10.500.10.11 Outb. Proxy: 10.500.10.13 603-883-6569 Many IP-PBXs can’t handle outbound Proxy SIP-unaware Firewall IP-PBX Ingate SIParator ® IP 10.200.10.16 Outbound Proxy IP 10.500.10.13 IP 168.105.45.19 IP 168.203.30.11 DMZ Default Gateway IP 10.200.10.11 with IP-packets to destinations outside the logical network is sent to the Default Gateway for routing. Outbound Proxy is the equivalence to Default Gateway, but for SIP. 972-678-0464 SIP Trunking Module Configure IP-PBX to ”pretend” that Ingate is the Service Provider 9726780464@10.500.10.13 168.203.30.11 Rewrites the domain part

52 January 23-26, 2007 Ft. Lauderdale, Florida Important to have a reliable and high quality Internet connection –Consider delay to ITSP –Of your connection QoS (voice should have priority) Voice travels over public Internet (as e-mail) Possible to increase security by implementation of encrypted SIP signaling (TLS) and media (SRTP) Communications outside the LAN

53 January 23-26, 2007 Ft. Lauderdale, Florida Ingate SIP Trunking module solves this problem ! What if the Service Provider can’t handle domains ? Many Service Providers can’t handle domain names IP-PBX Ingate SIParator ® IP 10.500.10.13IP 168.105.45.19 IP 168.203.30.11 DMZ 603-883-6569 IP 10.200.10.16 with SIP Trunking Module 6038836569 @168.105.45.19 10.200.10.16 972-678-0464 SIP-unaware Firewall With domain name, no problem ! Can only address the known public IP-address of the SIParator. 6038836569 @168.105.45.19 Rewrites the domain part DNS record pbx.ingate.com resolves to IP 168.105.45.19 DNS override pbx.ingate.com  10.200.10.16 6038836569 @pbx.ingate.com

54 January 23-26, 2007 Ft. Lauderdale, Florida

55 Questions?

56 January 23-26, 2007 Ft. Lauderdale, Florida About BandTel Headquartered in Newport Beach, California, BandTel is a leading worldwide provider of SIP Trunking services. The company is dedicated to ensuring its customers and partners alike have access to the most reliable, end-to-end VoIP service available on the market today. Its N-Plus™ network architecture is designed to solve the throughput and redundancy problems on high-capacity SIP-based networks and eliminate any single point of failure. BandTel continues to develop strong partnerships with leading carriers and telecommunications companies, including Global Crossing, XO Communications, Level 3, Qwest Communications, Verizon Business, and Primus.

57 January 23-26, 2007 Ft. Lauderdale, Florida About Ingate Formed 2001 –Firewall technology from Cendio Systems Appliance firewalls since 1994 –Capital and SIP technology from Intertex Data AB Began SIP development in 1998 Released the worlds first SIP capable Firewall in 2001 Located in Stockholm and Linköping, Sweden with a subsidiary, Ingate Systems Inc., based in Hollis, NH. Confirmed IP-PBX interoperability: 3Com, Asterisk, Avaya, Broadsoft, Cisco Call Manager, Ericsson MX-One, Mitel, Pingtel, SER, Shoretel, Sphere, Swyx, Zultys Confirmed carrier interoperability: Bandtel, Broadband.com, Cbeyond, Global Crossing, IP-Only, O1, RNKTel, Tele2, VoEx

58 January 23-26, 2007 Ft. Lauderdale, Florida For More Information About SIP Trunking Visit BandTel’s New SIP Trunking Resource Center www.BandTel.com/siptrunking2.asp

Download ppt "January 23-26, 2007 Ft. Lauderdale, Florida SIP Trunking for the Intermediate/Advanced Reseller The SIP Connection From A to Z Presented by Pete Sandstrom,"

Similar presentations

January 23-26, 2007 Ft. Lauderdale, Florida VoIP Conversation Recording Methods and Applications Andrew Blakely.

January 23-26, 2007 Ft. Lauderdale, Florida VoIP Conversation Recording Methods and Applications Andrew Blakely.
The leader in session border control for trusted, first class interactive communications.

The leader in session border control for trusted, first class interactive communications.
S U C C E S S F U L L Y D E P L O Y I N G E N T E R P R I S E S I P T R U N K I N G Ingate SBC/E-SBC with Microsoft Lync Makes SIP Trunking Simple.

S U C C E S S F U L L Y D E P L O Y I N G E N T E R P R I S E S I P T R U N K I N G Ingate SBC/E-SBC with Microsoft Lync Makes SIP Trunking Simple.
SIP Trunking A VASP Perspective Thomas Roel Convergence Sales Engineer 651.796.7043

SIP Trunking A VASP Perspective Thomas Roel Convergence Sales Engineer
Addressing Security Issues IT Expo East 2011. Addressing Security Issues Unified Communications SIP Communications in a UC Environment.

Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.
1 What’s Next For SIP Trunking? Carriers Enabling and Bringing WebRTC Features With Their Trunks © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking,

1 What’s Next For SIP Trunking? Carriers Enabling and Bringing WebRTC Features With Their Trunks © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking,
1 The Need for Enterprise Session Border Controller The E-SBC allows the enterprise to control its SIP implementation.

1 The Need for Enterprise Session Border Controller The E-SBC allows the enterprise to control its SIP implementation.
Sonus SBC1000, SBC 2000 Competitive Positioning

Sonus SBC1000, SBC 2000 Competitive Positioning
ONE PLANET ONE NETWORK A MILLION POSSIBILITIES Barry Joseph Director, Offer and Product Management.

ONE PLANET ONE NETWORK A MILLION POSSIBILITIES Barry Joseph Director, Offer and Product Management.
Steven J. Johnson President Ingate Systems Inc. Enabling SIP to the Enterprise.

Steven J. Johnson President Ingate Systems Inc. Enabling SIP to the Enterprise.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Steven J. Johnson President Ingate Systems Inc. Enabling SIP to the Enterprise.

Steven J. Johnson President Ingate Systems Inc. Enabling SIP to the Enterprise.
The NAT/Firewall Problem! And the benefits of our cure… Prepared for:Summer VON Europe 2003 SIP Forum By: Karl Erik Ståhl President Intertex Data AB Chairman.

The NAT/Firewall Problem! And the benefits of our cure… Prepared for:Summer VON Europe 2003 SIP Forum By: Karl Erik Ståhl President Intertex Data AB Chairman.
January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.
Karl Stahl CEO/CTO Ingate Systems Ingate’s SBCs do more than POTSoIP SIP. They were developed.

Karl Stahl CEO/CTO Ingate Systems Ingate’s SBCs do more than POTSoIP SIP. They were developed.
Solutions for SIP The SIP enabler We enable SIP communication for business What the E-SBC can do for you.

Solutions for SIP The SIP enabler We enable SIP communication for business What the E-SBC can do for you.
1 SIP Trunking. What is SIP Trunking? Termination of SIP calls directly to Service Provider(s) via IP.  For Session Initiation Protocol (SIP) based IP-PBXs.

1 SIP Trunking. What is SIP Trunking? Termination of SIP calls directly to Service Provider(s) via IP.  For Session Initiation Protocol (SIP) based IP-PBXs.
Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony.

Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony.
SIP Trunking and the SMB Jason Walker Cbeyond. Cbeyond Solution Productivity Enhancing Applications for Entrepreneurial Business –Voice & Broadband –Mobile.

SIP Trunking and the SMB Jason Walker Cbeyond. Cbeyond Solution Productivity Enhancing Applications for Entrepreneurial Business –Voice & Broadband –Mobile.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Similar presentations

Ads by Google