SlideShare a Scribd company logo

Fosdem2012 sayer-sems-sbc

S
stefansayer

SEMS, the SIP Express Media Server, is the media and application server counterpart to SIP Express Router aka Kamailio/OpenSER, the leading open source SIP Signalling server from iptel.org. Since 2004 SEMS has been used to implement classical value added services in VoIP networks like announcements, conferencing, voicemail and RBT, and converged services as web conferencing and voice message broadcasting. More recently, its integrated Back-to-Back User Agent has been extended and improved for flexibility and high performance, making it one of the few open source solutions for high volume session border control. But there's more to it: Thanks to its flexibility, it can also be used as core call routing element, and be a useful tool in various situations for the VoIP platform engineer. The talk will present the SEMS SBC functionality and typical performance numbers, and then show how developers can use the internal call control API to create custom call routing in the SBC with two examples: Using a RESTful interface, a web app server implemented with the Play! framework is used for user controlled call routing, and by accessing a blacklist database in REDIS, SEMS' SBC can be used to block SPIT.

Technology
1 of 31
Download to read offline
SEMS SBC Stefan Sayer CEO, FRAFOS GmbH FOSDEM 2012, 05.02.2012
Contents ● SEMS project ● The flexible, open SBC ● SBC programmability 2
The SIP Express Media Server ● Media, application server from iptel.org ● Only 1 year younger than SER (*2002) ● Widely used by carriers, ITSPs, OEMs, Universities, hobbyists 3
SEMS use cases 4
SEMS: The VAS platform ● C++, Python APIs ● DSM: State charts scripting engine 5
SBCs – what? “SBCs are SIP application servers with focus on security and isolation” 6
SBCs – the need ● Security requirements are rising → Policy enforcement and control at UNI/NNI ● Topology hiding is necessary → NAT and security ● Core call controls become big and slow → Routing and service management at NNI ● SIP implementations are buggy → “SIP normalization”, translation 7
SBCs – the special case ● On signaling and media plane ● Call stateful – high requirements for availability and scalability ● Interworking with all “SIP dialects” 8
The SEMS SBC ● Widely deployed SIP technology ● Broad range of media capabilities ● Configurable transparency ● Policy programmability – “SBC platform” 9
Signaling Features ● Topology hiding ● From, To, RURI, Contact, Call-ID manipulation ● Header and message filter ● Adding headers ● Reply code translation ● SIP authentication ● SIP Session Timer, Call Timer ● Prepaid accounting 10
Media features ● RTP anchoring / media steering ● Physical network separation ● NAT traversal, symmetric RTP (comedia style) ● Codec filter ● SDP normalization 11
Flexible profile based control sbc.conf iptelecho.sbcprofile.conf load_profiles=iptelecho URI=sip:echo@iptel.org active_profile=iptelecho From=<anonymous@mynet.net> ... To=<sip:echo@iptel.org> ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:echo@iptel.org SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <anonymous@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:echo@iptel.org> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: y76IIPf4UD68bb ... ... ● define SBC behaviour in profiles 12
Set RURI, From, To, Call-ID ... set_fromto.sbcprofile.conf URI=$tU@sbc1.mypeer.net From=<$fU@mynet.net> known To=<sip:$tU@mypeer.net> SER Call-ID=$ci_leg2 pseudo-variables ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:+49123@sbc1.mypeer.net SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <+431556221@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:+49123@mypeer.net> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: 3cde5d1a960a-dez6oz34llo4_leg2 ... ... 13
Replacement patterns ● RURI, From, To, PAI, PPI ($r, $f, $t, $a, $p) ● Call-ID ($ci) ● src, dst IP address/port ($si, $pi, $Ri, $Rp) ● P-App-Param hdr parameter ($P(myparam)) ● Header value ($H(P-My-Header)) ● Map any value via regexp ($M(val=>map)) 14
Control SBC from proxy dynamic_rtprelay_sst.sbcprofile.conf ... enable_rtprelay=$H(P-Enable-RTPRrelay) enable_session_timer=$H(P-Enable-SST) ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:+49123@sbc1.mypeer.net SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <+431556221@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:+49123@mypeer.net> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: 3cde5d1a960a-dez6oz34llo4_leg2 P-Enable-RTPRelay: no Session-Expires: 300 P-Enable-SST: yes ... ... 15
Profile selection ● Static ● active_profile=static_config ● Pseudo-var ipmap.conf ● active_profile=$rU ^10.0..*=>internal1 ^10.1..*=>internal2 ● Mapping urimap.conf iptel.org=>iptel ● active_profile=$M(val=>map) fliptel.com=>fliptel ● Select first matched ● active_profile=$M($si=>ipmap), $M($ru=>urimap),$H(P-SBCProfile),refuse 16
Manage SBC ● sems-sbc-* tools ● get and set active profile ● load and reload profiles ● load and reload mappings ● Track profile versions with MD5 hash ● Get statistics from monitoring 17
Processing model UDP other receiver/msg parser event sources threads Session Container RTP processing session pool event queues event processing ● Signaling: Async, one thread per call or thread pool ● Media: Sync, Thread pool 18
SEMS B2BUA architecture DIALOG DIALOG SIP message event SIP message ● Two complete, separate instances of dialog handling: Locally SIP correct 19
E.g.: Session Timers SST: refresh! Re-INVITE SDP changed? 200 Re-INVITE event: session changed 200 ● Use UPDATE or re-INVITE for refresh ● SST and timer values per leg ● Try to have e2e refresh 20
SBC programmability ● Pluggable Call Control modules for custom SBC application scenario ● e.g. policing with external data source Call control Call control Call control SBC SEMS core 21
Call control SBC-API ● V1: connect(...), start(...), end(...) ● Control SBC through call profile object ● Pattern replacements (provisioning) in both input and output ● Modules: CDR generation, call timer, prepaid, parallel calls limit, REST/http, REDIS blacklist 22
Programmability example (1) ● Call Forward settings via Web App ● Destination queried via REST interface 23
Minimal Play! Web app 24
...with CRUD module 25
REST call control module ● Using libcurl for http request ● Result expected as JSON or TEXT (key=valuen) 26
Programmability example (2) ● In-memory Blacklist DB: REDIS ● Connection pool ● Configurable command ● SMEMBER blacklist $fU ● rate limiting with ZRANGE ● More complex logic in lua ● ... 27
Programmability example (3) FRAFOS: SBC with Provisioning and OAM GUI 28
FRAFOS: SBC high availability ● Replication of call state to hot standby ● Transparent fail-over 29
SBC performance 30
Thank You. http://iptel.org/sems

Recommended

Getting started with SIP Express Media Server SIP app server and SBC - workshop
Getting started with SIP Express Media Server SIP app server and SBC - workshopGetting started with SIP Express Media Server SIP app server and SBC - workshop
Getting started with SIP Express Media Server SIP app server and SBC - workshopstefansayer
 
SIP Express Media Server SBC application as powerful SBC and SIP toolbox
SIP Express Media Server SBC application as powerful SBC and SIP toolboxSIP Express Media Server SBC application as powerful SBC and SIP toolbox
SIP Express Media Server SBC application as powerful SBC and SIP toolboxstefansayer
 
Asterisk: the future is at REST
Asterisk: the future is at RESTAsterisk: the future is at REST
Asterisk: the future is at RESTPaloSanto Solutions
 
Todo lo lo que necesita saber para implementar FreePBX
Todo lo lo que necesita saber para implementar FreePBXTodo lo lo que necesita saber para implementar FreePBX
Todo lo lo que necesita saber para implementar FreePBXPaloSanto Solutions
 
LinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellLinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellMatt Bynum
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !Francesco Prior
 
Asa pixfwsm multicast tips and common problems
Asa pixfwsm multicast tips and common problemsAsa pixfwsm multicast tips and common problems
Asa pixfwsm multicast tips and common problemsIT Tech
 
Spoto updated new
Spoto updated newSpoto updated new
Spoto updated newAmolDhoke3
 

Recommended

Getting started with SIP Express Media Server SIP app server and SBC - workshop
Getting started with SIP Express Media Server SIP app server and SBC - workshopGetting started with SIP Express Media Server SIP app server and SBC - workshop
Getting started with SIP Express Media Server SIP app server and SBC - workshopstefansayer
 
SIP Express Media Server SBC application as powerful SBC and SIP toolbox
SIP Express Media Server SBC application as powerful SBC and SIP toolboxSIP Express Media Server SBC application as powerful SBC and SIP toolbox
SIP Express Media Server SBC application as powerful SBC and SIP toolboxstefansayer
 
Asterisk: the future is at REST
Asterisk: the future is at RESTAsterisk: the future is at REST
Asterisk: the future is at RESTPaloSanto Solutions
 
Todo lo lo que necesita saber para implementar FreePBX
Todo lo lo que necesita saber para implementar FreePBXTodo lo lo que necesita saber para implementar FreePBX
Todo lo lo que necesita saber para implementar FreePBXPaloSanto Solutions
 
LinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellLinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellMatt Bynum
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !Francesco Prior
 
Asa pixfwsm multicast tips and common problems
Asa pixfwsm multicast tips and common problemsAsa pixfwsm multicast tips and common problems
Asa pixfwsm multicast tips and common problemsIT Tech
 
Spoto updated new
Spoto updated newSpoto updated new
Spoto updated newAmolDhoke3
 
Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall NetProtocol Xpert
 
Nat
NatNat
NatMohamed Gamel
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !Francesco Prior
 
The 12 tasks of Asterisk
The 12 tasks of AsteriskThe 12 tasks of Asterisk
The 12 tasks of AsteriskElio Rojano
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructorSalem Trabelsi
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_trainingvideos
 
Best practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionBest practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionWestermo Network Technologies
 
Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraudFlavio Eduardo de Andrade Goncalves
 
No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014Flavio Eduardo de Andrade Goncalves
 
Telephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformTelephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformHamid Fadishei
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Cisco Security
 
Pf sense 2.0
Pf sense 2.0Pf sense 2.0
Pf sense 2.0OpenFest team
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...Salem Trabelsi
 
3. configuring a compute node for nfv
3. configuring a compute node for nfv3. configuring a compute node for nfv
3. configuring a compute node for nfvvideos
 
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونیاسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونیMohammad Reza Kamalifard
 
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01Duane Bodle
 
Bundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPMBundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPMAlexander Shopov
 
Designing High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDesigning High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDaniel-Constantin Mierla
 
Banog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as codeBanog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as codeDamien Garros
 
Configure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfConfigure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfBT Digital
 
Kamailio - SIP Servers Everywhere
Kamailio - SIP Servers EverywhereKamailio - SIP Servers Everywhere
Kamailio - SIP Servers EverywhereDaniel-Constantin Mierla
 

More Related Content

What's hot

Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall NetProtocol Xpert
 
The 12 tasks of Asterisk
The 12 tasks of AsteriskThe 12 tasks of Asterisk
The 12 tasks of AsteriskElio Rojano
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructorSalem Trabelsi
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_trainingvideos
 
Best practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionBest practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionWestermo Network Technologies
 
Telephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformTelephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformHamid Fadishei
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Cisco Security
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...Salem Trabelsi
 
3. configuring a compute node for nfv
3. configuring a compute node for nfv3. configuring a compute node for nfv
3. configuring a compute node for nfvvideos
 
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونیاسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونیMohammad Reza Kamalifard
 
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01Duane Bodle
 
Bundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPMBundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPMAlexander Shopov
 

What's hot (18)

Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall
 
Nat
NatNat
Nat
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !
 
The 12 tasks of Asterisk
The 12 tasks of AsteriskThe 12 tasks of Asterisk
The 12 tasks of Asterisk
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training
 
Best practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionBest practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protection
 
Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraud
 
No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014
 
Telephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformTelephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk Platform
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)
 
Pf sense 2.0
Pf sense 2.0Pf sense 2.0
Pf sense 2.0
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NAT
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
 
3. configuring a compute node for nfv
3. configuring a compute node for nfv3. configuring a compute node for nfv
3. configuring a compute node for nfv
 
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونیاسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
 
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
 
Bundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPMBundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPM
 

Similar to Fosdem2012 sayer-sems-sbc

Designing High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDesigning High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDaniel-Constantin Mierla
 
Banog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as codeBanog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as codeDamien Garros
 
Configure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfConfigure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfBT Digital
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
OSMC 2021 | Icinga-Installer – the easy way to your Icinga
OSMC 2021 | Icinga-Installer – the easy way to your IcingaOSMC 2021 | Icinga-Installer – the easy way to your Icinga
OSMC 2021 | Icinga-Installer – the easy way to your IcingaNETWAYS
 
SecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAPSecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAPChris John Riley
 
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleVoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleFaisal Khan
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiYossi Sassi
 
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical NagiosNagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical NagiosNagios
 
ZTE FL NGN ZXSS10 Induction training manual.pdf
ZTE FL NGN ZXSS10 Induction training manual.pdfZTE FL NGN ZXSS10 Induction training manual.pdf
ZTE FL NGN ZXSS10 Induction training manual.pdfmengistuyirga
 
CCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management AutomationCCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management AutomationE.S.G. JR. Consulting, Inc.
 
SAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAPSAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAPChris John Riley
 
Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Daniele Albrizio
 
CI/CD and TDD in deploying kamailio
CI/CD and TDD in deploying kamailioCI/CD and TDD in deploying kamailio
CI/CD and TDD in deploying kamailioAleksandar Sosic
 
r2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCyr2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCyRay Song
 
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全維泰 蔡
 
Introduction to VoIP using SIP
Introduction to VoIP using SIPIntroduction to VoIP using SIP
Introduction to VoIP using SIPKundan Singh
 

Similar to Fosdem2012 sayer-sems-sbc (20)

Designing High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDesigning High Performance RTC Signaling Servers
Designing High Performance RTC Signaling Servers
 
Banog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as codeBanog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as code
 
Configure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfConfigure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdf
 
Kamailio - SIP Servers Everywhere
Kamailio - SIP Servers EverywhereKamailio - SIP Servers Everywhere
Kamailio - SIP Servers Everywhere
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
OSMC 2021 | Icinga-Installer – the easy way to your Icinga
OSMC 2021 | Icinga-Installer – the easy way to your IcingaOSMC 2021 | Icinga-Installer – the easy way to your Icinga
OSMC 2021 | Icinga-Installer – the easy way to your Icinga
 
SecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAPSecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAP
 
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleVoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
 
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical NagiosNagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
 
Sc manual
Sc manualSc manual
Sc manual
 
ZTE FL NGN ZXSS10 Induction training manual.pdf
ZTE FL NGN ZXSS10 Induction training manual.pdfZTE FL NGN ZXSS10 Induction training manual.pdf
ZTE FL NGN ZXSS10 Induction training manual.pdf
 
CCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management AutomationCCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management Automation
 
SAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAPSAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAP
 
Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi
 
CI/CD and TDD in deploying kamailio
CI/CD and TDD in deploying kamailioCI/CD and TDD in deploying kamailio
CI/CD and TDD in deploying kamailio
 
Setting ubuntu server sebagai pc router
Setting ubuntu server sebagai pc routerSetting ubuntu server sebagai pc router
Setting ubuntu server sebagai pc router
 
r2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCyr2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCy
 
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
 
Introduction to VoIP using SIP
Introduction to VoIP using SIPIntroduction to VoIP using SIP
Introduction to VoIP using SIP
 

More from stefansayer

The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway stefansayer
 
WebRTC: Why and How?
WebRTC: Why and How?WebRTC: Why and How?
WebRTC: Why and How?stefansayer
 
FRAFOS ABC Session Border Controller
FRAFOS ABC Session Border ControllerFRAFOS ABC Session Border Controller
FRAFOS ABC Session Border Controllerstefansayer
 
Understanding Session Border Controllers
Understanding Session Border ControllersUnderstanding Session Border Controllers
Understanding Session Border Controllersstefansayer
 
Frafos ABC SBC - Secure peering
Frafos ABC SBC - Secure peeringFrafos ABC SBC - Secure peering
Frafos ABC SBC - Secure peeringstefansayer
 
FRAFOS Secure Session Border Control
FRAFOS Secure Session Border ControlFRAFOS Secure Session Border Control
FRAFOS Secure Session Border Controlstefansayer
 
12 vladimir.broz-sems-sbc
12 vladimir.broz-sems-sbc12 vladimir.broz-sems-sbc
12 vladimir.broz-sems-sbcstefansayer
 

More from stefansayer (7)

The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway
 
WebRTC: Why and How?
WebRTC: Why and How?WebRTC: Why and How?
WebRTC: Why and How?
 
FRAFOS ABC Session Border Controller
FRAFOS ABC Session Border ControllerFRAFOS ABC Session Border Controller
FRAFOS ABC Session Border Controller
 
Understanding Session Border Controllers
Understanding Session Border ControllersUnderstanding Session Border Controllers
Understanding Session Border Controllers
 
Frafos ABC SBC - Secure peering
Frafos ABC SBC - Secure peeringFrafos ABC SBC - Secure peering
Frafos ABC SBC - Secure peering
 
FRAFOS Secure Session Border Control
FRAFOS Secure Session Border ControlFRAFOS Secure Session Border Control
FRAFOS Secure Session Border Control
 
12 vladimir.broz-sems-sbc
12 vladimir.broz-sems-sbc12 vladimir.broz-sems-sbc
12 vladimir.broz-sems-sbc
 

Recently uploaded

Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 

Fosdem2012 sayer-sems-sbc

  • 1. SEMS SBC Stefan Sayer CEO, FRAFOS GmbH FOSDEM 2012, 05.02.2012
  • 2. Contents ● SEMS project ● The flexible, open SBC ● SBC programmability 2
  • 3. The SIP Express Media Server ● Media, application server from iptel.org ● Only 1 year younger than SER (*2002) ● Widely used by carriers, ITSPs, OEMs, Universities, hobbyists 3
  • 5. SEMS: The VAS platform ● C++, Python APIs ● DSM: State charts scripting engine 5
  • 6. SBCs – what? “SBCs are SIP application servers with focus on security and isolation” 6
  • 7. SBCs – the need ● Security requirements are rising → Policy enforcement and control at UNI/NNI ● Topology hiding is necessary → NAT and security ● Core call controls become big and slow → Routing and service management at NNI ● SIP implementations are buggy → “SIP normalization”, translation 7
  • 8. SBCs – the special case ● On signaling and media plane ● Call stateful – high requirements for availability and scalability ● Interworking with all “SIP dialects” 8
  • 9. The SEMS SBC ● Widely deployed SIP technology ● Broad range of media capabilities ● Configurable transparency ● Policy programmability – “SBC platform” 9
  • 10. Signaling Features ● Topology hiding ● From, To, RURI, Contact, Call-ID manipulation ● Header and message filter ● Adding headers ● Reply code translation ● SIP authentication ● SIP Session Timer, Call Timer ● Prepaid accounting 10
  • 11. Media features ● RTP anchoring / media steering ● Physical network separation ● NAT traversal, symmetric RTP (comedia style) ● Codec filter ● SDP normalization 11
  • 12. Flexible profile based control sbc.conf iptelecho.sbcprofile.conf load_profiles=iptelecho URI=sip:echo@iptel.org active_profile=iptelecho From=<anonymous@mynet.net> ... To=<sip:echo@iptel.org> ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:echo@iptel.org SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <anonymous@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:echo@iptel.org> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: y76IIPf4UD68bb ... ... ● define SBC behaviour in profiles 12
  • 13. Set RURI, From, To, Call-ID ... set_fromto.sbcprofile.conf URI=$tU@sbc1.mypeer.net From=<$fU@mynet.net> known To=<sip:$tU@mypeer.net> SER Call-ID=$ci_leg2 pseudo-variables ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:+49123@sbc1.mypeer.net SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <+431556221@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:+49123@mypeer.net> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: 3cde5d1a960a-dez6oz34llo4_leg2 ... ... 13
  • 14. Replacement patterns ● RURI, From, To, PAI, PPI ($r, $f, $t, $a, $p) ● Call-ID ($ci) ● src, dst IP address/port ($si, $pi, $Ri, $Rp) ● P-App-Param hdr parameter ($P(myparam)) ● Header value ($H(P-My-Header)) ● Map any value via regexp ($M(val=>map)) 14
  • 15. Control SBC from proxy dynamic_rtprelay_sst.sbcprofile.conf ... enable_rtprelay=$H(P-Enable-RTPRrelay) enable_session_timer=$H(P-Enable-SST) ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:+49123@sbc1.mypeer.net SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <+431556221@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:+49123@mypeer.net> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: 3cde5d1a960a-dez6oz34llo4_leg2 P-Enable-RTPRelay: no Session-Expires: 300 P-Enable-SST: yes ... ... 15
  • 16. Profile selection ● Static ● active_profile=static_config ● Pseudo-var ipmap.conf ● active_profile=$rU ^10.0..*=>internal1 ^10.1..*=>internal2 ● Mapping urimap.conf iptel.org=>iptel ● active_profile=$M(val=>map) fliptel.com=>fliptel ● Select first matched ● active_profile=$M($si=>ipmap), $M($ru=>urimap),$H(P-SBCProfile),refuse 16
  • 17. Manage SBC ● sems-sbc-* tools ● get and set active profile ● load and reload profiles ● load and reload mappings ● Track profile versions with MD5 hash ● Get statistics from monitoring 17
  • 18. Processing model UDP other receiver/msg parser event sources threads Session Container RTP processing session pool event queues event processing ● Signaling: Async, one thread per call or thread pool ● Media: Sync, Thread pool 18
  • 19. SEMS B2BUA architecture DIALOG DIALOG SIP message event SIP message ● Two complete, separate instances of dialog handling: Locally SIP correct 19
  • 20. E.g.: Session Timers SST: refresh! Re-INVITE SDP changed? 200 Re-INVITE event: session changed 200 ● Use UPDATE or re-INVITE for refresh ● SST and timer values per leg ● Try to have e2e refresh 20
  • 21. SBC programmability ● Pluggable Call Control modules for custom SBC application scenario ● e.g. policing with external data source Call control Call control Call control SBC SEMS core 21
  • 22. Call control SBC-API ● V1: connect(...), start(...), end(...) ● Control SBC through call profile object ● Pattern replacements (provisioning) in both input and output ● Modules: CDR generation, call timer, prepaid, parallel calls limit, REST/http, REDIS blacklist 22
  • 23. Programmability example (1) ● Call Forward settings via Web App ● Destination queried via REST interface 23
  • 26. REST call control module ● Using libcurl for http request ● Result expected as JSON or TEXT (key=valuen) 26
  • 27. Programmability example (2) ● In-memory Blacklist DB: REDIS ● Connection pool ● Configurable command ● SMEMBER blacklist $fU ● rate limiting with ZRANGE ● More complex logic in lua ● ... 27
  • 28. Programmability example (3) FRAFOS: SBC with Provisioning and OAM GUI 28
  • 29. FRAFOS: SBC high availability ● Replication of call state to hot standby ● Transparent fail-over 29