Presentation is loading. Please wait.

Presentation is loading. Please wait.

SIP Trunking As a Managed Service Why an E-SBC Matters By: Alon Cohen, CTO Phone.com.

Published byCharity Robbins Modified over 9 years ago

Similar presentations

Presentation on theme: "SIP Trunking As a Managed Service Why an E-SBC Matters By: Alon Cohen, CTO Phone.com."— Presentation transcript:

1 SIP Trunking As a Managed Service Why an E-SBC Matters By: Alon Cohen, CTO Phone.com

2 Agenda Network Topology (Firewall, SBC, PBX) SBC as an abstraction Layer SBC Security – Fire Wall – Fraud protection – Encryption SBC Utility – Protocol conversion – Transcoding – Data capture – LCR – HA / Load Balancing – Statistics

3 Connecting a SIP Trunk and an SBC Internet Firewall SBC IP PBX Router Switch SIP Trunk Vendor

4 Connecting a SIP Trunk and an SBC

5 SBC as an Abstraction Layer Hides the implementation details of the PBX – Easy to replace vendors without touching the PBX – Easy to replace PBX without vendor coordination In simple words: – Easy to move forward – Easy to save money

6 Attacks on IP PBX (DOS/TDOS) IP PBX requires wide range of open ports – For the RTP media of the SIP Trunk – For external IP Phones registration – Hence it is open to DOS attacks – As well as TDOS (Telephony Denial of Service) TDOS Attacks have different attack vectors – SIP Registration flood – SIP Invite flood – Fraud (Make calls on your company’s dime) – Eavesdrop

7 SBC T/DOS Mitigation SBC can handle larger amounts of registrations and shield the PBX – Good for normal operations as well where you have large numbers of clients outside the enterprise SBC can ignore false or incomplete registrations or invites better than the PBX can Enforce IP blacklist, with variable blocking periods for Registrations, Subscribes, Option Pulls and protocol errors

8 Encryption Most UDP SIP Trunks installations today are non-encrypted SRTP = Secure RTP (Real Time Protocol) - UDP TLS = Transport Layer Security – TCP/IP An SBC will let you use encryption in the LAN regardless of vendor capabilities.

9 So far we saw that SBC can protect your infrastructure Let’s see what else the SBC is good for

10 Data Capture Important during installation Important when you encounter problems – Calls disconnect – QOS Simplify SIP packet analysis We mentioned Registration Cache-ing

11 Codec & Transcoding Most VOIP devices/trunks support G.711 (uLaw) G.711 is good over good networks What if you do not have a good network? – Transcode to G.729 – Transcode to OPUS Constant and variable bitrate From 6 kbit/s to 510 Kbit/s, Frame sizes from 2.5 ms to 60 ms, Sampling rates from 8 kHz to 48Khz (CD Quality) Packet loss concealment Fax T.38 translation DTMF Translations (if needed) Sometimes Video transcoding

12 Transcoding

13 Protocol Conversion UDP SIP / TCP SIP (Non Secure) UDP SIP / TCP SIP TLS & SRTP (Secure) Different variants of SDP UDP Fragmentation SIP / H.323 (Conversion)

14 SBC as Glue Logic Lync / SfB – Requires SIP over TCP – SRTP / TLS

15 SfB & SBC

16 LCR – Least Cost Routing An SBC with an LCR can provide major cost savings – Some vendors will pay you to terminate Toll Free – Local vendors have very low costs on their local footprint – International termination vary in cost and quality QOS Management by Managing the LCR – Increasing cost of low QOS routs

17 HA – High Availability Redundancy Modes – Hardware support HA pair – Vendor Termination Level Re-rout calls to other vendors – PSTN Backup T1 line, or Analog as alternate vendor – IP PBX Redundancy

18 Load Balancing Enterprises can stack IP PBXs. – HA – Capacity

19 CDR Generation In installations with multiple IP PBX systems, consolidating CDRs can become a pain The SBC as an aggregator of all in and outbound calls can act as CDR generator or collection point

20 Statistics & Monitoring Most measurable parameters let you set thresholds that trigger an alarm. Things you can measure vary and may include QOS: (Jitter, Packet Loss) CPS (Calls Per Second) Call Fail Rate Fraud Alarms – Usually triggered by velocity

21 Cost Considerations Could be high for a very small business If fitted correctly – Pays for itself via Uptime LCR CIO Reputation

22 Conclusions SBC provided the following benefits – Topology hiding Ability to keep improving (abstraction layer) – Reliability (vendor redundancy) – Cost reduction (LCR) – Protocol matching (SIP over TCP vs. UDP, H.323) – DOS Protection (Protect the PBX) – Data Security (using SRTP/TLS on the trunk) – QOS (by using better codecs and monitoring) – Even more…. NAT Traversal tools, FAX, CDR Collection CALEA, For Vendors – See FBI Booth

23 SIP Trunking As a Managed Service Why an E-SBC Matters By: Alon Cohen, CTO Phone.com By: Alon Cohen, CTO, Phone.com Acohen@phone.com

Download ppt "SIP Trunking As a Managed Service Why an E-SBC Matters By: Alon Cohen, CTO Phone.com."

Similar presentations

The leader in session border control for trusted, first class interactive communications.

The leader in session border control for trusted, first class interactive communications.
Ethernet Switch Features Important to EtherNet/IP

Ethernet Switch Features Important to EtherNet/IP
SIP, Firewalls and NATs Oh My!. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
S U C C E S S F U L L Y D E P L O Y I N G E N T E R P R I S E S I P T R U N K I N G Ingate SBC/E-SBC with Microsoft Lync Makes SIP Trunking Simple.

S U C C E S S F U L L Y D E P L O Y I N G E N T E R P R I S E S I P T R U N K I N G Ingate SBC/E-SBC with Microsoft Lync Makes SIP Trunking Simple.
SIP Trunking A VASP Perspective Thomas Roel Convergence Sales Engineer 651.796.7043

SIP Trunking A VASP Perspective Thomas Roel Convergence Sales Engineer
Addressing Security Issues IT Expo East 2011. Addressing Security Issues Unified Communications SIP Communications in a UC Environment.

Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.
What is SIP Trunking? Thomas Roel Convergence Sales Engineer 651.796.7043

What is SIP Trunking? Thomas Roel Convergence Sales Engineer
Sonus SBC1000, SBC 2000 Competitive Positioning

Sonus SBC1000, SBC 2000 Competitive Positioning
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP)

Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP)
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
Solutions for SIP The SIP enabler We enable SIP communication for business What the E-SBC can do for you.

Solutions for SIP The SIP enabler We enable SIP communication for business What the E-SBC can do for you.
Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony.

Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony.
Introduce SIP into the Operator Network with NO Pain David Aviv, Vice-President, Advanced Services, Radware.

Introduce SIP into the Operator Network with NO Pain David Aviv, Vice-President, Advanced Services, Radware.
CounterPath Corporation William Khris Kendrick: – Director of Business Development and Channel Marketing – www.counterpath.com www.counterpath.com –

CounterPath Corporation William Khris Kendrick: – Director of Business Development and Channel Marketing – –
Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes.

Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes.
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Testing SIP Services Over IP. Agenda  SIP testing – advanced scenarios  SIP testing - Real Life Examples.

Testing SIP Services Over IP. Agenda  SIP testing – advanced scenarios  SIP testing - Real Life Examples.
Application layer (continued) Week 4 – Lecture 2.

Application layer (continued) Week 4 – Lecture 2.

Similar presentations

Ads by Google