ACME- Session Border Controllers – podstawa udanych i efektywnych implementacji rozwiązań VoIP i Unified Communications.
SBCs – The Key to SuccessfulVoIP DeploymentsGeraint EvansTechnical Director – Enterprise Solutions, EMEAAcme Packet
DisclaimerAcme Packet has made no commitments or promises orally or inwriting with respect to delivery of any future software features orfunctions. All presentations, RFP responses and/or product roadmapdocuments, information or discussions, either prior to or following thedate herein, are for informational purposes only, and Acme Packet hasno obligation to provide any future releases or upgrades or anyfeatures, enhancements or functions, unless speciﬁcally agreed to inwriting by both parties.
Agenda Market Overview What is an SBC? SBC Applications Case Studies Conclusion
SIP Trunking Trends SIP Trunking still in early stages CY08, $130M in revenue, 208,000 SIP trunks North America leads deployment Driven by cost EMEA market more fragmented, but growing rapidly Large number of providers emerging Characterised by value – not price NA APAC 12% 21% APKT service provider customers CALA lead the way 26% 80 deployments and trials today EMEA 30 countries 41% Many different IP PBX/UC environments supported
SIP Trunking - Beneﬁts Improved network efﬁciency to control and reduce costs Consolidate trafﬁc from small remote sites Economies of scale, remove need for PSTN access at each remote branch Leverage IP technologies for operational efﬁciency gains SIP VoIP becomes just another overlay application Lower operational costs Eliminate TDM gateways Improved bandwidth utilisation = fewer circuits for the same number of calls Improve voice quality Eliminate unnecessary IP-to-TDM-to-IP translations and associated latency Exploiting high ﬁdelity IP codecs Deploy new applications to increase efﬁciency Simpliﬁes integration with hosted servicesThe time is now – In the current economy cost savings are critical
SBCs overcome UC obstacles Secure the borders of a VoIP or UC network Protect VoIP video and UC , sessions Fix protocol interworking issues Bridge incompatible systems Connect remote workers easily and securely Alternative to VPN Tunnels Assure and measure session quality Disaster recovery and survivability Support regulatory compliance Enable call recording, call privacy, functional segregation
When do customers need an SBC? SIP trunking SBCs essential for security, interoperability, SLA management, diverse routing Remote worker Security, encryption, NAT traversal, QoS control Branch ofﬁce connections Protocol interworking, QoS control, encryption termination, overlapping IP addressing schemes Hosted services e.g. contact centre, Microsoft OCS SBCs essential for security, interoperability, SLA management, diverse routing Enterprise FMC Security, encryption, topology hiding, NAT traversal
Direct connect deployment model Many PBX and UC vendors have SIP interfaces or other methods for connecting PBX and UC elements to a carrier SIP trunk service So Enterprise telephony managers ask: Why can’t I just connect this interface directly to the carrier SIP trunk service?
Why do you need an enterprise SBC forSIP Trunking? This presentation will address this question and others such as: Why do I need an enterprise SBC for SIP trunking interoperability? Why do I need an enterprise SBC for SIP trunking security? Why do I need an enterprise SBC for SIP trunking control? How does using an enterprise SBC enhance my disaster recovery, troubleshooting, and monitoring capabilities? “Enterprise SBC” Reference Model (PBX* connects to Service Provider SBC via Enterprise SBC)
An enterprise SBC helps with SIPtrunking interoperability PBXs may not interwork directly to carrier SIP trunks due to differences in SIP implementations or when H.323 is the only available IP interface Acme Packet solves this problem by providing: Complete SIP header manipulation rule (HMR) capabilities to interwork different SIP dialects between PBX and carrier SIP trunking elements Full H.323 – SIP interworking Media transcoding & DTMF format (INFO / 2833) interworking Signaling transport (UDP / TCP / TLS) and media encryption (RTP/SRTP) interworking These capabilities enable virtually any SIP or H.323 capable PBX or UC platform to talk to any carrier SIP trunk service Proven interoperability with all of the major PBX and UC vendors
An enterprise SBC helps with SIP trunksecurity The VOIP Firewall Enterprise Security Managers will not connect to public data networks without a ﬁrewall on their premises They won’t connect to public VoIP services without an SBC Enterprise SBCs ﬁt into the “Defence in Depth” model for IP security The Enterprise SBC provides complete topology hiding and DoS protection of SIP signaling and media trafﬁc for the Enterprise Just like Application Layer Gateways (ALG) used for other enterprise IT applications today Features include dynamic port control, dynamic trust management, encryption and overload protection Service Providers use SBCs to protect their network – enterprises should do the same
An enterprise SBC helps with SIP trunkcontrol In the simplest model, the enterprise SBC routes inbound and outbound calls between the PBX and the carrier SIP trunk via static dial plans Many enterprises use SBCs for more advanced routing and control scenarios including: Least cost routing, call quality-based routing, time-of-date routing Connection Admission Control (CAC) Failover & load-balancing routing Called & calling number digit normalization Routing Decisions Can Be Based On: Called or Called Party Number (or any ﬁeld in the SIP header) Cost metrics, Time-of-day, CAC loads Media codec or type (voice vs. video) PBX or carrier trunk availability Call quality requirements (best effort or high MOS score)
An enterprise SBC helps with disasterrecovery Some enterprises are moving to SIP trunks for improved network resiliency in disaster recovery (DR) scenarios The enterprise SBC plays a key role in a DR architecture with support for the following capabilities: 1+1 High Availability clustering between SBC elements Signaling and media state preserved in the event of a failover Automatic detection and reroute around failed PBX or carrier links No operator intervention or PBX reconﬁguration required
An enterprise SBC helps with SIP trunk troubleshooting A challenge for many enterprise telephony managers is to how to apply traditional TDM troubleshooting methods to SIP trunks The enterprise SBC helps by providing an embedded probe that allows you to monitor all SIP & H.323 signaling and media trafﬁc Provides full signaling traces, ladder diagrams, and media statistics Information is automatically collected and can be retrieved via EMS and can be sorted based on calling or called party number, SIP call ID, time-of-call, etc. An embedded call recording utility is also provided EMS allows partitioned access to control who can view what information Statistics = Media Quality Stats with MOS, packet loss, etc.Call Diagram = Ladder Diagram & Detailed Message Trace Play = Bi-directional Media Recording Capability (on-platform Session Replication for Recording (SRR))
Case Study – Financial Services Application Reduce Telco connect costs by moving from TDM to IP trunking for two data centers and 43 remote sites Extend life of legacy IP-PBX Deploy secure network infrastructure to support current and future SIP applications Problems overcome Interop between a range of Avaya and Cisco PBX versions and protocols SIP-H323 Interworking Acme Packet advantage A common platform in the data centres and 43 remote sites as the heart of an IP-centric, cost-optimized network-wide transformation
Case Study - Government Application SIP trunking for UC Interconnection data centre and remote users Net-Net SBC at un-trusted access border Problems Overcome Prevent DoS attacks and overloads Signaling and media interworking issues Provide phone service for small “critical” site via secure access to centralised SIP trunking services Acme Packet Advantage Dynamic trust management for DoS attack mitigation Solution Overview Acme Packet Net-Net 4250 Avaya Communication Manager SIP trunking service ROI anticipated: 6 months
Case Study – International Oil/GasCompany Application Multivendor PBX interoperability Call recording Interconnection of data centre and remote site PBXs and users Secure remote worker access over Internet Problems Overcome Prevent DoS attacks and overloads Signaling and media Interworking issues Provide media steering to support QoS Overlapping IP addresses and dial plans Acme Packet Advantage Dynamic trust management for DoS attack mitigation Peering features Normalize protocol differences Extensive security features ensure security and continued operations
Acme Packet at a glance Session Border Control (SBC) category creator & leader with 50-60% market share, Annual revenue($M) founded August 2000 Expanding focus Large enterprise & contact centre $116.4 $113.1 Multiservice security gateway, session routing proxy Top tier customers worldwide $84.1 Over 835 customers in 95 countries 48 of the top 50 service providers 8 of Fortune Top 25 $36.1 430+ employees in 25 countries Burlington, MA headquarters $16.0 Public company (NASDAQ: APKT) $3.3 w/ strong revenue growth, proﬁts & balance sheet 2003 2004 2005 2006 2007 2008 Acquisition in April ‘09 of Covergence strengthens Enterprise presence
SBC Feature Summary Multi-protocol – SIP H.323, MGCP/NCS, H.248… , Security – Net-SAFE Architecture SBC DoS/DDoS protection, access control, topology hiding, VPN separation, privacy; virus & SPIT protection; service infrastructure DoS prevention; fraud prevention; monitoring & reporting Interworking SIP Protocol Fix-up, SIP-H323, Overlapping IP Addresses, VPN separation, encryption protocols, DTMF… SLA assurance and measurement Call admission control, signalling overload control, QoS marking/VLAN mapping, QoS & ASR reporting Remote worker support Hosted NAT Traversal, signalling and media encryption Regulatory compliance Call replication, emergency service support High availability Active/standby model with full state IPsynchronisation means no calls are lost AT&T Trunking
The value of the Enterprise SBC for SIPTrunking? Enhances Security Topology hiding, DoS Protection, Encryption, Intrusion Detection, SPIT control Ensures interoperability with different IP-PBXs and UC systems Speeds up deployment times and reduces dependence on equipment vendors’ certiﬁcation Improves control Routing, number manipulation Provides features for disaster recovery, troubleshooting, and monitoring “Enterprise SBC” Reference Model (PBX* connects to Service Provider SBC via Enterprise SBC)