SBCs (Session Border Controllers) are the key to successful VoIP deployments. An SBC overcomes obstacles like securing borders, fixing protocol issues, and assuring session quality. For SIP trunking, an enterprise SBC provides security, interoperability with different PBX systems, control over routing and numbers, and features for disaster recovery, troubleshooting and monitoring. Case studies show how SBCs help financial, government and oil/gas companies reduce costs through SIP trunking while ensuring security, interoperability and quality of service.
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
ACME- Session Border Controllers – podstawa udanych i efektywnych implementacji rozwiązań VoIP i Unified Communications.
1.
2. SBCs – The Key to Successful
VoIP Deployments
Geraint Evans
Technical Director – Enterprise Solutions, EMEA
Acme Packet
3. Disclaimer
Acme Packet has made no commitments or promises orally or in
writing with respect to delivery of any future software features or
functions. All presentations, RFP responses and/or product roadmap
documents, information or discussions, either prior to or following the
date herein, are for informational purposes only, and Acme Packet has
no obligation to provide any future releases or upgrades or any
features, enhancements or functions, unless specifically agreed to in
writing by both parties.
6. SIP Trunking Trends
SIP Trunking still in early stages
CY08, $130M in revenue, 208,000
SIP trunks
North America leads deployment
Driven by cost
EMEA market more fragmented, but
growing rapidly
Large number of providers emerging
Characterised by value – not price NA APAC
12%
21%
APKT service provider customers
CALA
lead the way 26%
80 deployments and trials today
EMEA
30 countries 41%
Many different IP PBX/UC
environments supported
7. SIP Trunking - Benefits
Improved network efficiency to control and reduce costs
Consolidate traffic from small remote sites
Economies of scale, remove need for PSTN access at each remote
branch
Leverage IP technologies for operational efficiency gains
SIP VoIP becomes just another overlay application
Lower operational costs
Eliminate TDM gateways
Improved bandwidth utilisation = fewer circuits for the same number of
calls
Improve voice quality
Eliminate unnecessary IP-to-TDM-to-IP translations and associated
latency
Exploiting high fidelity IP codecs
Deploy new applications to increase efficiency
Simplifies integration with hosted services
The time is now – In the current economy cost savings are critical
9. SBCs overcome UC obstacles
Secure the borders of a VoIP or UC
network
Protect VoIP video and UC
,
sessions
Fix protocol interworking issues
Bridge incompatible systems
Connect remote workers easily and
securely
Alternative to VPN Tunnels
Assure and measure session quality
Disaster recovery and survivability
Support regulatory compliance
Enable call recording, call privacy,
functional segregation
12. When do customers need an SBC?
SIP trunking
SBCs essential for security, interoperability, SLA management,
diverse routing
Remote worker
Security, encryption, NAT traversal, QoS control
Branch office connections
Protocol interworking, QoS control, encryption termination,
overlapping IP addressing schemes
Hosted services e.g. contact centre, Microsoft OCS
SBCs essential for security, interoperability, SLA management,
diverse routing
Enterprise FMC
Security, encryption, topology hiding, NAT traversal
13. Direct connect deployment model
Many PBX and UC vendors have SIP interfaces or other methods
for connecting PBX and UC elements to a carrier SIP trunk service
So Enterprise telephony managers ask:
Why can’t I just connect this interface directly to the carrier SIP
trunk service?
14. Why do you need an enterprise SBC for
SIP Trunking?
This presentation will address this question and others such as:
Why do I need an enterprise SBC for SIP trunking
interoperability?
Why do I need an enterprise SBC for SIP trunking security?
Why do I need an enterprise SBC for SIP trunking control?
How does using an enterprise SBC enhance my disaster
recovery, troubleshooting, and monitoring capabilities?
“Enterprise SBC” Reference Model (PBX* connects to Service Provider SBC via
Enterprise SBC)
15. An enterprise SBC helps with SIP
trunking interoperability
PBXs may not interwork directly to carrier SIP trunks due to differences in SIP
implementations or when H.323 is the only available IP interface
Acme Packet solves this problem by providing:
Complete SIP header manipulation rule (HMR) capabilities to interwork
different SIP dialects between PBX and carrier SIP trunking elements
Full H.323 – SIP interworking
Media transcoding & DTMF format (INFO / 2833) interworking
Signaling transport (UDP / TCP / TLS) and media encryption (RTP/SRTP)
interworking
These capabilities enable virtually any SIP or H.323 capable PBX or UC
platform to talk to any carrier SIP trunk service
Proven interoperability with all of the major PBX and UC vendors
16. An enterprise SBC helps with SIP trunk
security
The VOIP Firewall
Enterprise Security Managers will not connect to public data networks
without a firewall on their premises
They won’t connect to public VoIP services without an SBC
Enterprise SBCs fit into the “Defence in Depth” model for IP security
The Enterprise SBC provides complete topology hiding and DoS protection of
SIP signaling and media traffic for the Enterprise
Just like Application Layer Gateways (ALG) used for other enterprise IT
applications today
Features include dynamic port control, dynamic trust management,
encryption and overload protection
Service Providers use SBCs to protect their network – enterprises should do
the same
17. An enterprise SBC helps with SIP trunk
control
In the simplest model, the enterprise SBC routes inbound and outbound calls
between the PBX and the carrier SIP trunk via static dial plans
Many enterprises use SBCs for more advanced routing and control scenarios
including:
Least cost routing, call quality-based routing, time-of-date routing
Connection Admission Control (CAC)
Failover & load-balancing routing
Called & calling number digit normalization
Routing Decisions Can Be Based On:
Called or Called Party Number (or any field in the SIP header)
Cost metrics, Time-of-day, CAC loads
Media codec or type (voice vs. video)
PBX or carrier trunk availability
Call quality requirements (best effort or high MOS score)
18. An enterprise SBC helps with disaster
recovery
Some enterprises are moving to SIP trunks for improved network resiliency in
disaster recovery (DR) scenarios
The enterprise SBC plays a key role in a DR architecture with support for the
following capabilities:
1+1 High Availability clustering between SBC elements
Signaling and media state preserved in the event of a failover
Automatic detection and reroute around failed PBX or carrier links
No operator intervention or PBX reconfiguration required
19. An enterprise SBC helps with SIP trunk
troubleshooting
A challenge for many enterprise telephony managers is to how to apply traditional
TDM troubleshooting methods to SIP trunks
The enterprise SBC helps by providing an embedded probe that allows you to
monitor all SIP & H.323 signaling and media traffic
Provides full signaling traces, ladder diagrams, and media statistics
Information is automatically collected and can be retrieved via EMS and can be
sorted based on calling or called party number, SIP call ID, time-of-call, etc.
An embedded call recording utility is also provided
EMS allows partitioned access to control who can view what information
Statistics = Media Quality Stats with MOS, packet loss, etc.
Call Diagram = Ladder Diagram & Detailed Message Trace
Play = Bi-directional Media Recording Capability (on-platform
Session Replication for Recording (SRR))
21. Case Study – Financial Services
Application
Reduce Telco connect costs by moving from TDM to IP trunking for two
data centers and 43 remote sites
Extend life of legacy IP-PBX
Deploy secure network infrastructure to support current and future SIP
applications
Problems overcome
Interop between a range of Avaya and Cisco PBX versions and protocols
SIP-H323 Interworking
Acme Packet advantage
A common platform in the data centres and 43 remote sites as the heart of
an IP-centric, cost-optimized network-wide transformation
22. Case Study - Government
Application
SIP trunking for UC
Interconnection data centre and remote
users
Net-Net SBC at un-trusted access
border
Problems Overcome
Prevent DoS attacks and overloads
Signaling and media interworking issues
Provide phone service for small “critical”
site via secure access to centralised SIP
trunking services
Acme Packet Advantage
Dynamic trust management for DoS
attack mitigation
Solution Overview
Acme Packet Net-Net 4250
Avaya Communication Manager
SIP trunking service
ROI anticipated: 6 months
23. Case Study – International Oil/Gas
Company
Application
Multivendor PBX interoperability
Call recording
Interconnection of data centre
and remote site PBXs and users
Secure remote worker access over Internet
Problems Overcome
Prevent DoS attacks and overloads
Signaling and media Interworking issues
Provide media steering to support QoS
Overlapping IP addresses and dial plans
Acme Packet Advantage
Dynamic trust management for DoS attack
mitigation
Peering features
Normalize protocol differences
Extensive security features ensure security
and continued operations
25. Acme Packet at a glance
Session Border Control (SBC) category
creator & leader with 50-60% market share, Annual revenue($M)
founded August 2000
Expanding focus
Large enterprise & contact centre $116.4
$113.1
Multiservice security gateway, session
routing proxy
Top tier customers worldwide $84.1
Over 835 customers in 95 countries
48 of the top 50 service providers
8 of Fortune Top 25
$36.1
430+ employees in 25 countries
Burlington, MA headquarters $16.0
Public company (NASDAQ: APKT) $3.3
w/ strong revenue growth, profits & balance
sheet 2003 2004 2005 2006 2007 2008
Acquisition in April ‘09 of Covergence
strengthens Enterprise presence
27. SBC Feature Summary
Multi-protocol – SIP H.323, MGCP/NCS, H.248…
,
Security – Net-SAFE Architecture
SBC DoS/DDoS protection, access control, topology hiding, VPN
separation, privacy; virus & SPIT protection; service infrastructure DoS
prevention; fraud prevention; monitoring & reporting
Interworking
SIP Protocol Fix-up, SIP-H323, Overlapping IP Addresses, VPN separation,
encryption protocols, DTMF…
SLA assurance and measurement
Call admission control, signalling overload control, QoS marking/VLAN
mapping, QoS & ASR reporting
Remote worker support
Hosted NAT Traversal, signalling and media encryption
Regulatory compliance
Call replication, emergency service support
High availability
Active/standby model with full state IPsynchronisation means no calls are lost
AT&T
Trunking
28. The value of the Enterprise SBC for SIP
Trunking?
Enhances Security
Topology hiding, DoS Protection, Encryption, Intrusion Detection, SPIT
control
Ensures interoperability with different IP-PBXs and UC systems
Speeds up deployment times and reduces dependence on equipment
vendors’ certification
Improves control
Routing, number manipulation
Provides features for disaster recovery, troubleshooting, and monitoring
“Enterprise SBC” Reference Model (PBX* connects to Service Provider SBC
via Enterprise SBC)