More Related Content

Similar to Open Source Telecom Software Survey 2022, Alan Quayle(20)

More from Alan Quayle(20)


Open Source Telecom Software Survey 2022, Alan Quayle

  1. Open Source Telecom Software Survey 2022
  2. 2022 Survey Introduction ● Back in 2019 we created a survey to gather people’s experiences and opinions on using Open Source Telecom Software. ○ We share an anonymized aggregate view of the survey with those that compete the survey as soon as the results are prepared, usually in July; and present a summary for everyone at TADSummit in November. ● This year we’ve focused on general questions: DDoS, Security, STIR/SHAKEN, IP Messaging and SMS, IPv6, broader open source usage, impact of the recession and investment plans, accelerators, RTC device lifecycle management, and vCon. ● 120 responses (2022) versus 114 (2021) © Alan Quayle, 2022
  3. 2022 Results: What Region are you based? © Alan Quayle, 2022 2020 Africa and North America responses doubled from 2021. Likely interest in the more general question than focus on specific projects. While Russia, China and Middle East did not respond. 2021
  4. 2022 Results: Business Category © Alan Quayle, 2022 Fewer consultants and resellers, but a leap in XaaS and Telcos. More service providers based on open source, than implementors. 2021
  5. What open source software do you use (Telecom)? © Alan Quayle, 2022 Voice OpenSIPS 24 Kamailio 23 FreeSWITCH 22 Asterisk 21 Homer 18 rtpengine 18 drachtio / jambonz 18 wazo 15 RTPproxy 15 freepbx 12 SIPp 11 Matrix 11 VICIDial 9 Jitsi 8 ASTPP 8 XiVO 7 Janus 5 Sippy/b2bua 5 WSO2 3 Restcomm 2 Asterisk 87 Kamailio 66 OpenSIPS 65 Homer 63 FreeSWITCH 61 rtpengine 61 SIPp 43 VICIDial 38 dratchio / jambonz 25 Janus 24 Jitsi 22 freepbx 21 RTPproxy 17 Matrix 12 Sippy/b2bua 7 wazo 2 Mediasoup 1 pjsip 1 Erlang 1 2021 2022 The large difference in votes given total number of responses is 120 (2022) versus 114 (2021), shows general survey needs to standalone, as project surveys are the focus of participants. Plus we’re getting better at question design – it has an impact. We’ll do the General survey one year (2022), and project surveys the other (2023).
  6. What open source software do you use (Web/Enterprise)? © Alan Quayle, 2022 Web/ Enterprise Part 1 Ansible 19 Confluent Kafka 19 Apache 18 Node.js 16 Docker 14 nginx 12 Grafana 12 HAProxy 11 RabbitMQ 9 PHP 8 Prometheus 7 suitecrm 7 Puppet 7 Web/ Enterprise Part 2 Jenkins 6 Zabbix 5 GnuCash 5 Perl 4 vscode 4 Kibana 4 SpagoBI 4 Elasticsearch 3 EspoCRM 3 QGIS 3 FRRouting 3 D3 2 Thunderbird 2 ActiveMQ 2 odoo 2 Karaf 1 Passbolt 1 Univention 1 Docker 89 PHP 69 Apache 68 Grafana 61 HAProxy 61 Node.js 59 nginx 57 Ansible 45 Many many tools: Ruby on Rails, C# .Net Core, Trivvy, Zeek, Suricata, Kubernetes, Istio, etcd, Patroni, Palumi 45 Elasticsearch 44 vscode 40 Prometheus 39 RibbitMQ 39 Kibana 31 Jenkins 28 Zabbix 25 Confluent Kafka 21 Perl 21 Puppet 19 FRRouting 10 Thunderbird 10 D3 6 odoo 6 ActiveMQ 4 Karaf 3 QGIS 3 suitecrm 3 EspoCRM 0 GnuCash 0 Passbolt 0 SpagoBI 0 Univention 0 2021 2022 Please let me know if we’re missing packages in the 2022 list and I’ll break them out. I’d like to keep this question as a ‘popularity index’ of packages. Let me know if we should break this into a couple of sub- categories to stop this list getting too long.
  7. What open source software do you use (Linux/DB)? © Alan Quayle, 2022 Linux Linux 15 debian linux 15 OpenSuS E Linux 9 centos 9 linux mint 8 Manjaro 7 Percona 4 Ubuntu 3 DB Postgres 19 MariaDB 9 REDIS 5 MongoDB 4 MySQL 4 CouchDB 4 Ubuntu 77 centos 61 Linux 49 debian linux 47 OpenSuSE Linux 17 linux mint 8 Fedora Server 1 RockyLinux 1 Manjaro 0 Percona 0 REDIS 68 MariaDB 58 Postgres 51 TimescaleDB 1 Influx 1 ClickHouse 1 CouchDB 0 Question design helped greatly on response rate. More North American and XaaS provider responses likely caused the Ubuntu and centos jump. I have seen REDIS grow in popularity through the pandemic.
  8. Accelerators. Subspace, AWS Global Accelerator © Alan Quayle, 2022 New Question, 58 responses. Voice is commoditized, so the pricing needs to be low. Geographically Africa, South America, and parts of Asia see a need, in part this is linked to the lack of AWS PoPs in the region. BUT coupled with the commoditization of voice makes pricing particularly difficult those regions. AWS Global Accelerator is bundled in standard pricing, which has created a perception of a low / no price point. The responses showed the challenges Subspace faced.
  9. SMS versus IP for A2P © Alan Quayle, 2022 New Question, 106 responses. Clearly there are two camps, SMS or IP. I thought we would have seen more “both” votes for the situation today and in the future. Today SMS dominates A2P in most markets, the exception being Asia (LINE, WeChat). Please take these results with a grain of salt, being frank, its not the right audience.
  10. End2end security/encryption for Real Time Platforms? © Alan Quayle, 2022 New Question, 100 responses. This one clearly touched a nerve in the emotion of the responses. The ‘No camp’ considers TLS and SRTP for SIP adequate or thinks the PSTN will never try so why bother for SIP or clients are too simple to implement encryption. Yes camp offer a range of solutions such as copying approach of the messaging folks like Matrix and Olm (Double Ratchet cryptographic ratchet), or list the challenges an end2end solution for RTC needs to address.
  11. Current State of IPv6 Deployment © Alan Quayle, 2022 New question. 76 responses. Seems reasonable, no obvious geographic differences, e.g. NA and EU similar results. Provides a metric to track in subsequent surveys. IPv4/6 question is more appropriate to this community than the SMS/IP question. Format of legend is: Support IPv4/6 – most deployments IPv4
  12. RTC Device lifecycle management (DLM) should we do more? © Alan Quayle, 2022 New question, 80 responses Most of the Yes answers were working on something in the absence of standards. A common justification is RTC devices need special treatment as they are an easy attack vector. No and not sure answers were not justified. This shows there is already DLM work in place, albeit not through standards.
  13. What is the one most important feature of vCon? © Alan Quayle, 2022 New question, 92 responses. An open standard, with both open source and commercial ecosystems. Tamper proof, yet easy to update and add additional information such as labels. Standard tools can be written to process, clean, mask and manage conversation data.
  14. Over the next 2 years which companies do you expect to © Alan Quayle, 2022 New question. This was a fun question to see what people thought. 74 responses. Like the financial analysts, Twilio had its bulls and bears. Meta is seen as on the wrong track, and Apple / Google squeezing their ad revenue. Cisco is being squeezed by RingCentral in Telco, and other UCaaS/CCaaS in the enterprise. CPaaS is seen as being squeezed by the those UCaaS/CCaaS focused on cost saving. Carriers could be stable, or squeezed as there is little new revenue from 5G and consumer and enterprise customers migrate to better value offers. Do Well Struggle Microsoft, Amazon, Google Meta, Cisco, Slack Twilio Sangoma Vonage CPaaS as UC/CCaaS offer cheaper bundle Carriers should be stable IDT, MNOs will struggle Stable UC/CCaaS focused on cost savings
  15. Do you have a solution in place for volumetric DDoS attacks (i.e. bandwidth saturation)? © Alan Quayle, 2022 New question. 74 responses. Solutions mentioned include Cloudflare magic transit (17), Google Cloud Armor (5), hoster provides (8) AT&T (1), Colt (1). Given all the attacks through 2019-2022 I thought more would have implemented DDoS protections. However, to counter DDoS, the changes required have friction. It is not simply a matter of buying a product; changes to the Internet presence is required. And some of the ‘Yes’ are because their service provider offers DDoS protection.
  16. Do you have a solution in place for application-level DDoS attacks? © Alan Quayle, 2022 New question. 81 responses. Application-level protections are more mature. Volumetric DDoS were only implemented by 30 participants, versus 81 for application-level. Given WebRTC has a greater web attack surface I was surprised at how few had implemented. I think this is linked to the revenue at risk versus APIs and SIP.
  17. If there is a solution in place for application-level DDoS attacks for SIP, is it… © Alan Quayle, 2022 New question. 28 responses. Given the maturity and specialized nature of SIP, this topic has been studied for over one decade. Hence in-house / custom dominate.
  18. If there is a solution in place for application-level DDoS attacks for HTTP / API, is it © Alan Quayle, 2022 New question. 39 responses. Given the wide availability of HTTP/API application-level DDoS solutions I was expecting Hosted to dominate. While in- house / custom remain dominant. I think there is a concern on the security issues of passing traffic through a 3rd party. Plus when will Cloudflare be hacked? Examining protections between XaaS providers and telco / ISP both showed the same split between hosted and in- house. For next year we should examine how the in-house solutions are tested.
  19. Do you have a solution in place for application-level DDoS attacks? © Alan Quayle, 2022 New question. 22 responses. I’m not sure why for this question we had more responses than those that implement WebRTC- only. I think the question wording should be changed to allow multiple implementations. Similar split to API between in- house and hosted. All groups had a similar split.
  20. When where your DDoS attacks? © Alan Quayle, 2022 New question. 85 responses. There was a gap between how the question was asked and how people responded. They included multiple years, which was allowed. Clearly the number of DDoS are increasing. We’re halfway through 2022 and could achieve 50 attacks across the participants About 25% have avoided being attacked, though most are consultancies rather than service providers. We estimate >80% of service providers have been attacked. We should ask for next year the purpose of the attacks: ransom or something else?
  21. Volumetric or Application? © Alan Quayle, 2022 New question. 88 responses. Given all the attention given to volumetric attacks, the level of application attacks surprised me. Though the number of responses to both Volumetric and Application-level attacks backs up this even split. In examining the type of participant there was no clear trend. XaaS, CSP, and Telco/ISPs were all attacked equally.
  22. Security: Internal Security Teams © Alan Quayle, 2022 Starkly different answers this year. In part due to the mix and region of participants. But also the growing security threats raises its importance. 78 Responses. 2021 2022
  23. Security ● If you are using security testing tools for RTC, please list them ○ 2021: None 75%, SIPVicious / SIPVicious Pro 13%, Sipp 4%. Sipcrack suite 4%, Test RTC 4% © Alan Quayle, 2022 Better question design delivered richer response. Plus different mix of participants with greater security concerns. 83 Responses.
  24. Security: ● How much of the security efforts are reactive / proactive? © Alan Quayle, 2022 2021 2022 Starkly different answers this year. In part due to the mix and region of participants. But also the growing security threats raises its importance. 98 Responses.
  25. STIR/SHAKEN ● When do you plan to implement STIR/SHAKEN? © Alan Quayle, 2022 2021 2022 Given its one year later and there are roughly double the NA participants, results seem to be inline with 2021. Where there is no local market need, international drives need to implement. 83 Responses.
  26. In your opinion, is STIR/SHAKEN proving effective? © Alan Quayle, 2022 Reasons for No include: SLOW - Speed of process, implementation, FCC enforcement (80%) Same effect could have been achieved by database dip, similar to LRN or CNAM. Frustration at how it’s been implemented by the NA carriers. 72 Responses.
  27. Where are your STIR/SHAKEN projects discussions? © Alan Quayle, 2022 Growing area is carriers outside NA needing to terminate traffic there. Seeing discussions pop up in other countries (UK, France, India) 54 Responses.
  28. THANK YOU Please LMK what we should ask in 2023