FreeSWITCH as a Kickass SBC

Moises Silva
Moises SilvaStaff Software Engineer, LogMeIn at LogMeIn Inc
FreeSWITCH as a Kickass SBC Moises Silva <moy@sangoma.com> Manager, Software Engineering
FreeSWITCH as a Kickass SBC Moises Silva <moy@sangoma.com> Manager, Software Engineering Moises Silva <moy@sangoma.com> Manager, Software Engineering
SBC: The Mythical Beast • No precise technical definition • Not standardized anywhere • B2BUA or Proxy? • Handles signaling or media? • More of a marketing term than technical? © Sangoma Technologies Inc. 8/11/2012 3
SBC: The Mythical Beast © Sangoma Technologies Inc. 8/11/2012 4
SBC: The Mythical Beast Enterprise Network Internet PSTN IP-PBX SBC SIP trunk Telco Intranet ITSP Internal Firewall External Firewall DMZ SIP-Endpoints © Sangoma Technologies Inc. 8/11/2012 5
SBC: The Mythical Beast • Carrier SBC sits at the edge of service provider networks • Enterprise SBC sits at the edge between customer and service provider © Sangoma Technologies Inc. 8/11/2012 6
SBC: Definition • Recently loosely described by RFC 5853 © Sangoma Technologies Inc. 8/11/2012 7
SBC: Definition • Topology Hiding • Media Traffic Management • Fix capability mismatches • SIP NAT • Access Control • Protocol Repair • Media Encryption • Threat protection (ie: DoS, Malformed packets) © Sangoma Technologies Inc. 8/11/2012 8
Topology Hiding • Hide the service provider or enterprise network implementation details • Use of RFC 3323 (privacy) not enough • B2BUA required in most cases © Sangoma Technologies Inc. 8/11/2012 9
Topology Hiding • INVITE before topology hiding © Sangoma Technologies Inc. 8/11/2012 10
Topology Hiding • INVITE after topology hiding © Sangoma Technologies Inc. 8/11/2012 11
Topology Hiding in FreeSWITCH • FreeSWITCH is a B2BUA • Header manipulation using SIP dialplan variables • Do not enable SDP pass-thru (bypass_media=true) © Sangoma Technologies Inc. 8/11/2012 12
Topology Hiding Cons • It is a B2BUA! • Breaks end to end security mechanisms such as RFC 4474 • Obviously no difference from a MITM attack © Sangoma Technologies Inc. 8/11/2012 13
Media Traffic Management • SBC may modify SDP to stay in media path • Operators enforce the use of certain codecs • Single point for audition (ie Lawful Interception) © Sangoma Technologies Inc. 8/11/2012 14
Media Traffic Management • SDP before media management © Sangoma Technologies Inc. 8/11/2012 15
Media Traffic Management • SDP after media management • Session attribute removed enforcing a policy © Sangoma Technologies Inc. 8/11/2012 16
Media Traffic Management • Allows operators to use different billing model according to the media type (Voice, Video, Text) • Fix „lost‟ or „ignored‟ BYE issue • QoS based routing © Sangoma Technologies Inc. 8/11/2012 17
Media Traffic Management in FreeSWITCH • Flexible codec configuration in SIP profiles or dialplan • Media timeout via SIP profile configuration or channel variable “rtp_timeout_sec” • Flexible SDP manipulation thru variables © Sangoma Technologies Inc. 8/11/2012 18
Media Traffic Management in FreeSWITCH • Set codec preferences • SDP manipulation © Sangoma Technologies Inc. 8/11/2012 19
Media Traffic Management in FreeSWITCH • Use record_session for local recordings • Use oreka_record to send media to recording server (pending merge on official git repo) – git@github.com:moises-silva/freeswitch.git © Sangoma Technologies Inc. 8/11/2012 20
Media Traffic Management in FreeSWITCH G.722 G.729 SIP UA FreeSWITCH SIP UA G.711 Oreka Recording Server (orkaudio) © Sangoma Technologies Inc. 8/11/2012 21
Media Traffic Management Cons • Increase length of media path • SBC must be aware of all types of media, slowing adoption of new media features © Sangoma Technologies Inc. 8/11/2012 22
Fix Capability Mismatches • Allow interconnection of user agents with different capabilities (ie: codecs) • IPv4 to IPv6 internetworking • SIP over UDP to TCP etc © Sangoma Technologies Inc. 8/11/2012 23
Fix Capability Mismatches in FreeSWITCH • Virtually every codec in the industry • HD voice codecs such as G.722 and Siren 7 • Hardware transcoding available © Sangoma Technologies Inc. 8/11/2012 24
Fix Capability Mismatches in FreeSWITCH • SIP over UDP/TCP/TLS • IPv4 and IPv6 support © Sangoma Technologies Inc. 8/11/2012 25
Fix Capability Mismatches G.729 / G.711 / TLS / UDP / IPv6 IPv4 SIP UA FreeSWITCH PRI GW © Sangoma Technologies Inc. 8/11/2012 26
SIP NAT • Detect when a UA is behind NAT • Help maintain NAT bindings alive • Provides a publicly reachable IP address © Sangoma Technologies Inc. 8/11/2012 27
SIP NAT in FreeSWITCH • Automatic RTP adjustment when media comes from different address than advertised on SDP • Aggressive NAT detection • STUN and ICE support © Sangoma Technologies Inc. 8/11/2012 28
Access Control • It‟s all about control, yes, sys admins are control freaks • The network edge of the operator or enterprise is a convenient place to enforce policies • All SIP and RTP traffic to/from a single point (the SBC) © Sangoma Technologies Inc. 8/11/2012 29
Access Control in FreeSWITCH • Flexible ACL configuration available • mod_limit for call rate and general resource limiting per IP or „realm‟ • Distributed limits across servers © Sangoma Technologies Inc. 8/11/2012 30
Protocol Repair • The world isn‟t perfect, broken devices are everywhere • Not feasible to throw all broken equipment to the garbage (that‟d be too easy wouldn‟t it?) © Sangoma Technologies Inc. 8/11/2012 31
Protocol Repair in FreeSWITCH • Allows matching and fixing of SIP header values • Allows modifying SDP contents • Not always possible, SIP stack may discard messages if deemed malformed (ie FUBAR) © Sangoma Technologies Inc. 8/11/2012 32
Media Encryption • Desirable to perform encryption on public network • Internal network may need un-encrypted media (ie, lawful interception, endpoints without SRTP support) © Sangoma Technologies Inc. 8/11/2012 33
Media Encryption in FreeSWITCH • TLS / SRTP support • ZRTP / SRTP support © Sangoma Technologies Inc. 8/11/2012 34
Threat Protection • DoS • Malformed and/or malicious packets • SIP REGISTER scans (ie: sipvicious) • SIP INVITE scans © Sangoma Technologies Inc. 8/11/2012 35
Threat Protection for FreeSWITCH • DoS limitation using iptableshashlimit (Kristian‟s famous script) • iptableshashlimit does not work on TLS obviously • iptableshashlimit does not help with malformed packets © Sangoma Technologies Inc. 8/11/2012 36
Threat Protection for FreeSWITCH • Fail2ban for registration scans • Depends on log line format, good enough? • mod_fail2ban makes things easier (by kyconquers on github) © Sangoma Technologies Inc. 8/11/2012 37
Threat Protection • Use SIP ACLs • Even trusted networks can become compromised • IP spoofing on UDP traffic makes things complicated © Sangoma Technologies Inc. 8/11/2012 38
Sofia Limits • Extension to mod_sofia to specify SIP message limits, per host optionally (no ACL yet ) • Uses mod_hash (or any limit interface) to keep track of messages • Launch ESL event when limit is exceeded • Malformed packets are accounted for as well © Sangoma Technologies Inc. 8/11/2012 39
Sofia Limits © Sangoma Technologies Inc. 8/11/2012 40
Conclusion • Yes, SBCs get in the way, and that‟s a useful and desirable feature in some businesses • FreeSWITCH core foundations go a long way in implementing most common SBC features © Sangoma Technologies Inc. 8/11/2012 41
THANK YOU. © Sangoma Technologies Inc. 8/11/2012 42
1 of 42

FreeSWITCH as a Kickass SBC

Download to read offline
Technology

How to use FreeSWITCH as an SBC

Moises Silva
Moises SilvaStaff Software Engineer, LogMeIn at LogMeIn Inc

Recommended

SIP Testing with FreeSWITCH by
SIP Testing with FreeSWITCHSIP Testing with FreeSWITCH
SIP Testing with FreeSWITCHMoises Silva
11.3K views46 slides
Scaling FreeSWITCH Performance by
Scaling FreeSWITCH PerformanceScaling FreeSWITCH Performance
Scaling FreeSWITCH PerformanceMoises Silva
14.6K views39 slides
Introduction to FreeSWITCH by
Introduction to FreeSWITCHIntroduction to FreeSWITCH
Introduction to FreeSWITCHChien Cheng Wu
2.5K views18 slides
Media Handling in FreeSWITCH by
Media Handling in FreeSWITCHMedia Handling in FreeSWITCH
Media Handling in FreeSWITCHMoises Silva
9.3K views35 slides
FreeSWITCH as a Microservice by
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceEvan McGee
3.4K views24 slides
rtpengine and kamailio - or how to simulate calls at scale by
rtpengine and kamailio - or how to simulate calls at scalertpengine and kamailio - or how to simulate calls at scale
rtpengine and kamailio - or how to simulate calls at scaleAndreas Granig
984 views17 slides

More Related Content

What's hot

Kamailio on Docker by
Kamailio on DockerKamailio on Docker
Kamailio on DockerChien Cheng Wu
3.4K views16 slides
Kamailio - Load Balancing Load Balancers by
Kamailio - Load Balancing Load BalancersKamailio - Load Balancing Load Balancers
Kamailio - Load Balancing Load BalancersDaniel-Constantin Mierla
4.1K views28 slides
Astricon 10 (October 2013) - SIP over WebSocket on Kamailio by
Astricon 10 (October 2013) - SIP over WebSocket on KamailioAstricon 10 (October 2013) - SIP over WebSocket on Kamailio
Astricon 10 (October 2013) - SIP over WebSocket on KamailioCrocodile WebRTC SDK and Cloud Signalling Network
6.4K views28 slides
Why is Kamailio so different? An introduction. by
Why is Kamailio so different? An introduction.Why is Kamailio so different? An introduction.
Why is Kamailio so different? An introduction.Olle E Johansson
5.8K views27 slides
Homer - Workshop at Kamailio World 2017 by
Homer - Workshop at Kamailio World 2017Homer - Workshop at Kamailio World 2017
Homer - Workshop at Kamailio World 2017Giacomo Vacca
1.7K views45 slides
Kamailio with Docker and Kubernetes by
Kamailio with Docker and KubernetesKamailio with Docker and Kubernetes
Kamailio with Docker and KubernetesPaolo Visintin
1.7K views40 slides

What's hot(20)

Kamailio on Docker by Chien Cheng Wu
Kamailio on DockerKamailio on Docker
Kamailio on Docker
Chien Cheng Wu3.4K views
Kamailio - Load Balancing Load Balancers by Daniel-Constantin Mierla
Kamailio - Load Balancing Load BalancersKamailio - Load Balancing Load Balancers
Kamailio - Load Balancing Load Balancers
Daniel-Constantin Mierla4.1K views
Astricon 10 (October 2013) - SIP over WebSocket on Kamailio by Crocodile WebRTC SDK and Cloud Signalling Network
Astricon 10 (October 2013) - SIP over WebSocket on KamailioAstricon 10 (October 2013) - SIP over WebSocket on Kamailio
Astricon 10 (October 2013) - SIP over WebSocket on Kamailio
Crocodile WebRTC SDK and Cloud Signalling Network6.4K views
Why is Kamailio so different? An introduction. by Olle E Johansson
Why is Kamailio so different? An introduction.Why is Kamailio so different? An introduction.
Why is Kamailio so different? An introduction.
Olle E Johansson5.8K views
Homer - Workshop at Kamailio World 2017 by Giacomo Vacca
Homer - Workshop at Kamailio World 2017Homer - Workshop at Kamailio World 2017
Homer - Workshop at Kamailio World 2017
Giacomo Vacca1.7K views
Kamailio with Docker and Kubernetes by Paolo Visintin
Kamailio with Docker and KubernetesKamailio with Docker and Kubernetes
Kamailio with Docker and Kubernetes
Paolo Visintin1.7K views
FreeSWITCH on Docker by 建澄 吳
FreeSWITCH on DockerFreeSWITCH on Docker
FreeSWITCH on Docker
建澄 吳6.2K views
Kamailio - Secure Communication by Daniel-Constantin Mierla
Kamailio - Secure CommunicationKamailio - Secure Communication
Kamailio - Secure Communication
Daniel-Constantin Mierla3.6K views
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se... by ALTANAI BISHT
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...
ALTANAI BISHT26.1K views
Aynchronous Processing in Kamailio Configuration File by Daniel-Constantin Mierla
Aynchronous Processing in Kamailio Configuration FileAynchronous Processing in Kamailio Configuration File
Aynchronous Processing in Kamailio Configuration File
Daniel-Constantin Mierla2.2K views
SIPREC RTPEngine Media Forking by Hossein Yavari
SIPREC RTPEngine Media ForkingSIPREC RTPEngine Media Forking
SIPREC RTPEngine Media Forking
Hossein Yavari676 views
GoBGP : yet another OSS BGPd by Pavel Odintsov
GoBGP : yet another OSS BGPdGoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPd
Pavel Odintsov6.9K views
Kamailio :: A Quick Introduction by Olle E Johansson
Kamailio :: A Quick IntroductionKamailio :: A Quick Introduction
Kamailio :: A Quick Introduction
Olle E Johansson46.7K views
Kamalio and Asterisk: What, Why & How by Fred Posner
Kamalio and Asterisk: What, Why & HowKamalio and Asterisk: What, Why & How
Kamalio and Asterisk: What, Why & How
Fred Posner201 views
Three Ways Kamailio Can Help Your FreeSWITCH Deployment by Fred Posner
Three Ways Kamailio Can Help Your FreeSWITCH DeploymentThree Ways Kamailio Can Help Your FreeSWITCH Deployment
Three Ways Kamailio Can Help Your FreeSWITCH Deployment
Fred Posner898 views
Session Initiation Protocol by Matt Bynum
Session Initiation ProtocolSession Initiation Protocol
Session Initiation Protocol
Matt Bynum7.3K views
An SFU/MCU integration for heterogeneous environments by Giacomo Vacca
An SFU/MCU integration for heterogeneous environmentsAn SFU/MCU integration for heterogeneous environments
An SFU/MCU integration for heterogeneous environments
Giacomo Vacca5.1K views
Asterisk High Availability Design Guide by Michelle Dupuis
Asterisk High Availability Design GuideAsterisk High Availability Design Guide
Asterisk High Availability Design Guide
Michelle Dupuis1.2K views
Introduction to SIP(Session Initiation Protocol) by William Lee
Introduction to SIP(Session Initiation Protocol)Introduction to SIP(Session Initiation Protocol)
Introduction to SIP(Session Initiation Protocol)
William Lee10.3K views
Diameter Processing with Kamailio by Carsten Bock
Diameter Processing with KamailioDiameter Processing with Kamailio
Diameter Processing with Kamailio
Carsten Bock767 views

Similar to FreeSWITCH as a Kickass SBC

Mellanox's Technological Advantage by
Mellanox's Technological AdvantageMellanox's Technological Advantage
Mellanox's Technological AdvantageMellanox Technologies
1.4K views18 slides
Sangoma SS7 Gateway Training by
Sangoma SS7 Gateway TrainingSangoma SS7 Gateway Training
Sangoma SS7 Gateway TrainingEmpatiq İletişim Teknolojileri AŞ.
2.2K views32 slides
Sangoma SBC Training Presentation by
Sangoma SBC Training PresentationSangoma SBC Training Presentation
Sangoma SBC Training PresentationEmpatiq İletişim Teknolojileri AŞ.
4.6K views94 slides
DESIGN OF BARE METAL FABRICS - Built with SDN, Bare Metal Switches, and Merch... by
DESIGN OF BARE METAL FABRICS - Built with SDN, Bare Metal Switches, and Merch...DESIGN OF BARE METAL FABRICS - Built with SDN, Bare Metal Switches, and Merch...
DESIGN OF BARE METAL FABRICS - Built with SDN, Bare Metal Switches, and Merch...Open Networking Summits
864 views20 slides
Día Neocenter | Sangoma Portfolio Product Update by
Día Neocenter | Sangoma Portfolio Product UpdateDía Neocenter | Sangoma Portfolio Product Update
Día Neocenter | Sangoma Portfolio Product UpdateNeocenter SA de CV
986 views33 slides
QoS for Media Networks by
QoS for Media NetworksQoS for Media Networks
QoS for Media NetworksAmine Choukir
1K views59 slides

Similar to FreeSWITCH as a Kickass SBC(20)

Mellanox's Technological Advantage by Mellanox Technologies
Mellanox's Technological AdvantageMellanox's Technological Advantage
Mellanox's Technological Advantage
Mellanox Technologies1.4K views
Sangoma SS7 Gateway Training by Empatiq İletişim Teknolojileri AŞ.
Sangoma SS7 Gateway TrainingSangoma SS7 Gateway Training
Sangoma SS7 Gateway Training
Empatiq İletişim Teknolojileri AŞ.2.2K views
Sangoma SBC Training Presentation by Empatiq İletişim Teknolojileri AŞ.
Sangoma SBC Training PresentationSangoma SBC Training Presentation
Sangoma SBC Training Presentation
Empatiq İletişim Teknolojileri AŞ.4.6K views
DESIGN OF BARE METAL FABRICS - Built with SDN, Bare Metal Switches, and Merch... by Open Networking Summits
DESIGN OF BARE METAL FABRICS - Built with SDN, Bare Metal Switches, and Merch...DESIGN OF BARE METAL FABRICS - Built with SDN, Bare Metal Switches, and Merch...
DESIGN OF BARE METAL FABRICS - Built with SDN, Bare Metal Switches, and Merch...
Open Networking Summits864 views
Día Neocenter | Sangoma Portfolio Product Update by Neocenter SA de CV
Día Neocenter | Sangoma Portfolio Product UpdateDía Neocenter | Sangoma Portfolio Product Update
Día Neocenter | Sangoma Portfolio Product Update
Neocenter SA de CV986 views
QoS for Media Networks by Amine Choukir
QoS for Media NetworksQoS for Media Networks
QoS for Media Networks
Amine Choukir1K views
ProSBC a Deep Dive by Alan Percy
ProSBC a Deep DiveProSBC a Deep Dive
ProSBC a Deep Dive
Alan Percy458 views
UC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdf by Wlamir Molinari
UC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdfUC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdf
UC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdf
Wlamir Molinari5 views
ProSBC a Deep Dive by TelcoBridges Inc.
ProSBC a Deep DiveProSBC a Deep Dive
ProSBC a Deep Dive
TelcoBridges Inc.8 views
[cb22] Tales of 5G hacking by Karsten Nohl by CODE BLUE
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl
CODE BLUE94 views
Cisco vnp workshop 16-17 april v1-0 by liemgpc2
Cisco vnp workshop 16-17 april v1-0Cisco vnp workshop 16-17 april v1-0
Cisco vnp workshop 16-17 april v1-0
liemgpc26.3K views
An hour with WebRTC FIC UDC by Quobis
An hour with WebRTC FIC UDCAn hour with WebRTC FIC UDC
An hour with WebRTC FIC UDC
Quobis1.8K views
MX Deep Dive PPT by omar awad
MX Deep Dive PPTMX Deep Dive PPT
MX Deep Dive PPT
omar awad4.7K views
SIP2SIP - Direcciones SIP gratuitas para las masas by PaloSanto Solutions
SIP2SIP - Direcciones SIP gratuitas para las masasSIP2SIP - Direcciones SIP gratuitas para las masas
SIP2SIP - Direcciones SIP gratuitas para las masas
PaloSanto Solutions2.3K views
Vo ip overview by viroj tanggasemsun
Vo ip overviewVo ip overview
Vo ip overview
viroj tanggasemsun365 views
The Role Of SIP In Smart Grid Networks by bleslie
The Role Of SIP In Smart Grid NetworksThe Role Of SIP In Smart Grid Networks
The Role Of SIP In Smart Grid Networks
bleslie537 views
Kamailio World 2013 - SIP and MSRP over WebSocket by Crocodile WebRTC SDK and Cloud Signalling Network
Kamailio World 2013 - SIP and MSRP over WebSocketKamailio World 2013 - SIP and MSRP over WebSocket
Kamailio World 2013 - SIP and MSRP over WebSocket
Crocodile WebRTC SDK and Cloud Signalling Network1.6K views
RCA OCORA: Safe Computing Platform using open standards by AdaCore
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
AdaCore282 views
How Cisco Provides World-Class Technology Conference Experiences Using Automa... by InfluxData
How Cisco Provides World-Class Technology Conference Experiences Using Automa...How Cisco Provides World-Class Technology Conference Experiences Using Automa...
How Cisco Provides World-Class Technology Conference Experiences Using Automa...
InfluxData597 views
RCA OCORA: Safe Computing Platform using open standards by AdaCore
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
AdaCore21 views

More from Moises Silva

FreeSWITCH Monitoring by
FreeSWITCH MonitoringFreeSWITCH Monitoring
FreeSWITCH MonitoringMoises Silva
6.1K views48 slides
Interfaces de Scripting para librerias en C by
Interfaces de Scripting para librerias en CInterfaces de Scripting para librerias en C
Interfaces de Scripting para librerias en CMoises Silva
1.3K views41 slides
Vulnerabilidades en Aplicaciones Web PHP by
Vulnerabilidades en Aplicaciones Web PHPVulnerabilidades en Aplicaciones Web PHP
Vulnerabilidades en Aplicaciones Web PHPMoises Silva
3.6K views20 slides
Manejo de Medios en FreeSWITCH by
Manejo de Medios en FreeSWITCHManejo de Medios en FreeSWITCH
Manejo de Medios en FreeSWITCHMoises Silva
1.3K views42 slides
Implementation Lessons using WebRTC in Asterisk by
Implementation Lessons using WebRTC in AsteriskImplementation Lessons using WebRTC in Asterisk
Implementation Lessons using WebRTC in AsteriskMoises Silva
28.8K views39 slides
FreeSWITCH Modules for Asterisk Developers by
FreeSWITCH Modules for Asterisk DevelopersFreeSWITCH Modules for Asterisk Developers
FreeSWITCH Modules for Asterisk DevelopersMoises Silva
3.9K views41 slides

More from Moises Silva(12)

FreeSWITCH Monitoring by Moises Silva
FreeSWITCH MonitoringFreeSWITCH Monitoring
FreeSWITCH Monitoring
Moises Silva6.1K views
Interfaces de Scripting para librerias en C by Moises Silva
Interfaces de Scripting para librerias en CInterfaces de Scripting para librerias en C
Interfaces de Scripting para librerias en C
Moises Silva1.3K views
Vulnerabilidades en Aplicaciones Web PHP by Moises Silva
Vulnerabilidades en Aplicaciones Web PHPVulnerabilidades en Aplicaciones Web PHP
Vulnerabilidades en Aplicaciones Web PHP
Moises Silva3.6K views
Manejo de Medios en FreeSWITCH by Moises Silva
Manejo de Medios en FreeSWITCHManejo de Medios en FreeSWITCH
Manejo de Medios en FreeSWITCH
Moises Silva1.3K views
Implementation Lessons using WebRTC in Asterisk by Moises Silva
Implementation Lessons using WebRTC in AsteriskImplementation Lessons using WebRTC in Asterisk
Implementation Lessons using WebRTC in Asterisk
Moises Silva28.8K views
FreeSWITCH Modules for Asterisk Developers by Moises Silva
FreeSWITCH Modules for Asterisk DevelopersFreeSWITCH Modules for Asterisk Developers
FreeSWITCH Modules for Asterisk Developers
Moises Silva3.9K views
FreeSWITCH: Asterisk con Esteroides by Moises Silva
FreeSWITCH: Asterisk con EsteroidesFreeSWITCH: Asterisk con Esteroides
FreeSWITCH: Asterisk con Esteroides
Moises Silva7.1K views
Negociacion de Codecs en Asterisk by Moises Silva
Negociacion de Codecs en AsteriskNegociacion de Codecs en Asterisk
Negociacion de Codecs en Asterisk
Moises Silva765 views
Sangoma en el Ecosistema Open Source by Moises Silva
Sangoma en el Ecosistema Open SourceSangoma en el Ecosistema Open Source
Sangoma en el Ecosistema Open Source
Moises Silva1.1K views
FreeTDM PRI Passive Recording by Moises Silva
FreeTDM PRI Passive RecordingFreeTDM PRI Passive Recording
FreeTDM PRI Passive Recording
Moises Silva2.3K views
Asterisk PRI Passive Call Recording by Moises Silva
Asterisk PRI Passive Call RecordingAsterisk PRI Passive Call Recording
Asterisk PRI Passive Call Recording
Moises Silva3.3K views
OpenR2 in Asterisk by Moises Silva
OpenR2 in AsteriskOpenR2 in Asterisk
OpenR2 in Asterisk
Moises Silva1.5K views

Recently uploaded

Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P... by
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...ShapeBlue
196 views62 slides
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti... by
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...ShapeBlue
141 views29 slides
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ... by
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...ShapeBlue
129 views10 slides
Qualifying SaaS, IaaS.pptx by
Qualifying SaaS, IaaS.pptxQualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptxSachin Bhandari
1.1K views8 slides
Optimizing Communication to Optimize Human Behavior - LCBM by
Optimizing Communication to Optimize Human Behavior - LCBMOptimizing Communication to Optimize Human Behavior - LCBM
Optimizing Communication to Optimize Human Behavior - LCBMYaman Kumar
38 views49 slides
The Role of Patterns in the Era of Large Language Models by
The Role of Patterns in the Era of Large Language ModelsThe Role of Patterns in the Era of Large Language Models
The Role of Patterns in the Era of Large Language ModelsYunyao Li
91 views65 slides

Recently uploaded(20)

Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P... by ShapeBlue
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
ShapeBlue196 views
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti... by ShapeBlue
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
ShapeBlue141 views
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ... by ShapeBlue
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
ShapeBlue129 views
Qualifying SaaS, IaaS.pptx by Sachin Bhandari
Qualifying SaaS, IaaS.pptxQualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptx
Sachin Bhandari1.1K views
Optimizing Communication to Optimize Human Behavior - LCBM by Yaman Kumar
Optimizing Communication to Optimize Human Behavior - LCBMOptimizing Communication to Optimize Human Behavior - LCBM
Optimizing Communication to Optimize Human Behavior - LCBM
Yaman Kumar38 views
The Role of Patterns in the Era of Large Language Models by Yunyao Li
The Role of Patterns in the Era of Large Language ModelsThe Role of Patterns in the Era of Large Language Models
The Role of Patterns in the Era of Large Language Models
Yunyao Li91 views
"Surviving highload with Node.js", Andrii Shumada by Fwdays
"Surviving highload with Node.js", Andrii Shumada "Surviving highload with Node.js", Andrii Shumada
"Surviving highload with Node.js", Andrii Shumada
Fwdays58 views
"Node.js Development in 2024: trends and tools", Nikita Galkin by Fwdays
"Node.js Development in 2024: trends and tools", Nikita Galkin "Node.js Development in 2024: trends and tools", Nikita Galkin
"Node.js Development in 2024: trends and tools", Nikita Galkin
Fwdays33 views
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit... by ShapeBlue
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
ShapeBlue162 views
Redefining the book supply chain: A glimpse into the future - Tech Forum 2023 by BookNet Canada
Redefining the book supply chain: A glimpse into the future - Tech Forum 2023Redefining the book supply chain: A glimpse into the future - Tech Forum 2023
Redefining the book supply chain: A glimpse into the future - Tech Forum 2023
BookNet Canada44 views
Business Analyst Series 2023 - Week 4 Session 7 by DianaGray10
Business Analyst Series 2023 - Week 4 Session 7Business Analyst Series 2023 - Week 4 Session 7
Business Analyst Series 2023 - Week 4 Session 7
DianaGray10146 views
CryptoBotsAI by chandureddyvadala199
CryptoBotsAICryptoBotsAI
CryptoBotsAI
chandureddyvadala19942 views
Generative AI: Shifting the AI Landscape by Deakin University
Generative AI: Shifting the AI LandscapeGenerative AI: Shifting the AI Landscape
Generative AI: Shifting the AI Landscape
Deakin University67 views
Digital Personal Data Protection (DPDP) Practical Approach For CISOs by Priyanka Aash
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash162 views
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ... by ShapeBlue
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
ShapeBlue120 views
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R... by ShapeBlue
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...
ShapeBlue178 views
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And... by ShapeBlue
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
ShapeBlue108 views
Transcript: Redefining the book supply chain: A glimpse into the future - Tec... by BookNet Canada
Transcript: Redefining the book supply chain: A glimpse into the future - Tec...Transcript: Redefining the book supply chain: A glimpse into the future - Tec...
Transcript: Redefining the book supply chain: A glimpse into the future - Tec...
BookNet Canada41 views
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue by ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlueCloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
ShapeBlue137 views
"Package management in monorepos", Zoltan Kochan by Fwdays
"Package management in monorepos", Zoltan Kochan"Package management in monorepos", Zoltan Kochan
"Package management in monorepos", Zoltan Kochan
Fwdays34 views

FreeSWITCH as a Kickass SBC

  • 1. FreeSWITCH as a Kickass SBC Moises Silva <moy@sangoma.com> Manager, Software Engineering
  • 2. FreeSWITCH as a Kickass SBC Moises Silva <moy@sangoma.com> Manager, Software Engineering Moises Silva <moy@sangoma.com> Manager, Software Engineering
  • 3. SBC: The Mythical Beast • No precise technical definition • Not standardized anywhere • B2BUA or Proxy? • Handles signaling or media? • More of a marketing term than technical? © Sangoma Technologies Inc. 8/11/2012 3
  • 4. SBC: The Mythical Beast © Sangoma Technologies Inc. 8/11/2012 4
  • 5. SBC: The Mythical Beast Enterprise Network Internet PSTN IP-PBX SBC SIP trunk Telco Intranet ITSP Internal Firewall External Firewall DMZ SIP-Endpoints © Sangoma Technologies Inc. 8/11/2012 5
  • 6. SBC: The Mythical Beast • Carrier SBC sits at the edge of service provider networks • Enterprise SBC sits at the edge between customer and service provider © Sangoma Technologies Inc. 8/11/2012 6
  • 7. SBC: Definition • Recently loosely described by RFC 5853 © Sangoma Technologies Inc. 8/11/2012 7
  • 8. SBC: Definition • Topology Hiding • Media Traffic Management • Fix capability mismatches • SIP NAT • Access Control • Protocol Repair • Media Encryption • Threat protection (ie: DoS, Malformed packets) © Sangoma Technologies Inc. 8/11/2012 8
  • 9. Topology Hiding • Hide the service provider or enterprise network implementation details • Use of RFC 3323 (privacy) not enough • B2BUA required in most cases © Sangoma Technologies Inc. 8/11/2012 9
  • 10. Topology Hiding • INVITE before topology hiding © Sangoma Technologies Inc. 8/11/2012 10
  • 11. Topology Hiding • INVITE after topology hiding © Sangoma Technologies Inc. 8/11/2012 11
  • 12. Topology Hiding in FreeSWITCH • FreeSWITCH is a B2BUA • Header manipulation using SIP dialplan variables • Do not enable SDP pass-thru (bypass_media=true) © Sangoma Technologies Inc. 8/11/2012 12
  • 13. Topology Hiding Cons • It is a B2BUA! • Breaks end to end security mechanisms such as RFC 4474 • Obviously no difference from a MITM attack © Sangoma Technologies Inc. 8/11/2012 13
  • 14. Media Traffic Management • SBC may modify SDP to stay in media path • Operators enforce the use of certain codecs • Single point for audition (ie Lawful Interception) © Sangoma Technologies Inc. 8/11/2012 14
  • 15. Media Traffic Management • SDP before media management © Sangoma Technologies Inc. 8/11/2012 15
  • 16. Media Traffic Management • SDP after media management • Session attribute removed enforcing a policy © Sangoma Technologies Inc. 8/11/2012 16
  • 17. Media Traffic Management • Allows operators to use different billing model according to the media type (Voice, Video, Text) • Fix „lost‟ or „ignored‟ BYE issue • QoS based routing © Sangoma Technologies Inc. 8/11/2012 17
  • 18. Media Traffic Management in FreeSWITCH • Flexible codec configuration in SIP profiles or dialplan • Media timeout via SIP profile configuration or channel variable “rtp_timeout_sec” • Flexible SDP manipulation thru variables © Sangoma Technologies Inc. 8/11/2012 18
  • 19. Media Traffic Management in FreeSWITCH • Set codec preferences • SDP manipulation © Sangoma Technologies Inc. 8/11/2012 19
  • 20. Media Traffic Management in FreeSWITCH • Use record_session for local recordings • Use oreka_record to send media to recording server (pending merge on official git repo) – git@github.com:moises-silva/freeswitch.git © Sangoma Technologies Inc. 8/11/2012 20
  • 21. Media Traffic Management in FreeSWITCH G.722 G.729 SIP UA FreeSWITCH SIP UA G.711 Oreka Recording Server (orkaudio) © Sangoma Technologies Inc. 8/11/2012 21
  • 22. Media Traffic Management Cons • Increase length of media path • SBC must be aware of all types of media, slowing adoption of new media features © Sangoma Technologies Inc. 8/11/2012 22
  • 23. Fix Capability Mismatches • Allow interconnection of user agents with different capabilities (ie: codecs) • IPv4 to IPv6 internetworking • SIP over UDP to TCP etc © Sangoma Technologies Inc. 8/11/2012 23
  • 24. Fix Capability Mismatches in FreeSWITCH • Virtually every codec in the industry • HD voice codecs such as G.722 and Siren 7 • Hardware transcoding available © Sangoma Technologies Inc. 8/11/2012 24
  • 25. Fix Capability Mismatches in FreeSWITCH • SIP over UDP/TCP/TLS • IPv4 and IPv6 support © Sangoma Technologies Inc. 8/11/2012 25
  • 26. Fix Capability Mismatches G.729 / G.711 / TLS / UDP / IPv6 IPv4 SIP UA FreeSWITCH PRI GW © Sangoma Technologies Inc. 8/11/2012 26
  • 27. SIP NAT • Detect when a UA is behind NAT • Help maintain NAT bindings alive • Provides a publicly reachable IP address © Sangoma Technologies Inc. 8/11/2012 27
  • 28. SIP NAT in FreeSWITCH • Automatic RTP adjustment when media comes from different address than advertised on SDP • Aggressive NAT detection • STUN and ICE support © Sangoma Technologies Inc. 8/11/2012 28
  • 29. Access Control • It‟s all about control, yes, sys admins are control freaks • The network edge of the operator or enterprise is a convenient place to enforce policies • All SIP and RTP traffic to/from a single point (the SBC) © Sangoma Technologies Inc. 8/11/2012 29
  • 30. Access Control in FreeSWITCH • Flexible ACL configuration available • mod_limit for call rate and general resource limiting per IP or „realm‟ • Distributed limits across servers © Sangoma Technologies Inc. 8/11/2012 30
  • 31. Protocol Repair • The world isn‟t perfect, broken devices are everywhere • Not feasible to throw all broken equipment to the garbage (that‟d be too easy wouldn‟t it?) © Sangoma Technologies Inc. 8/11/2012 31
  • 32. Protocol Repair in FreeSWITCH • Allows matching and fixing of SIP header values • Allows modifying SDP contents • Not always possible, SIP stack may discard messages if deemed malformed (ie FUBAR) © Sangoma Technologies Inc. 8/11/2012 32
  • 33. Media Encryption • Desirable to perform encryption on public network • Internal network may need un-encrypted media (ie, lawful interception, endpoints without SRTP support) © Sangoma Technologies Inc. 8/11/2012 33
  • 34. Media Encryption in FreeSWITCH • TLS / SRTP support • ZRTP / SRTP support © Sangoma Technologies Inc. 8/11/2012 34
  • 35. Threat Protection • DoS • Malformed and/or malicious packets • SIP REGISTER scans (ie: sipvicious) • SIP INVITE scans © Sangoma Technologies Inc. 8/11/2012 35
  • 36. Threat Protection for FreeSWITCH • DoS limitation using iptableshashlimit (Kristian‟s famous script) • iptableshashlimit does not work on TLS obviously • iptableshashlimit does not help with malformed packets © Sangoma Technologies Inc. 8/11/2012 36
  • 37. Threat Protection for FreeSWITCH • Fail2ban for registration scans • Depends on log line format, good enough? • mod_fail2ban makes things easier (by kyconquers on github) © Sangoma Technologies Inc. 8/11/2012 37
  • 38. Threat Protection • Use SIP ACLs • Even trusted networks can become compromised • IP spoofing on UDP traffic makes things complicated © Sangoma Technologies Inc. 8/11/2012 38
  • 39. Sofia Limits • Extension to mod_sofia to specify SIP message limits, per host optionally (no ACL yet ) • Uses mod_hash (or any limit interface) to keep track of messages • Launch ESL event when limit is exceeded • Malformed packets are accounted for as well © Sangoma Technologies Inc. 8/11/2012 39
  • 40. Sofia Limits © Sangoma Technologies Inc. 8/11/2012 40
  • 41. Conclusion • Yes, SBCs get in the way, and that‟s a useful and desirable feature in some businesses • FreeSWITCH core foundations go a long way in implementing most common SBC features © Sangoma Technologies Inc. 8/11/2012 41
  • 42. THANK YOU. © Sangoma Technologies Inc. 8/11/2012 42