What is SIP Trunking? ebook

Similar documents
Ingate Firewall & SIParator Product Training. SIP Trunking Focused

Application Note. Microsoft OCS 2007 Configuration Guide

Application Note 3Com VCX Connect with SIP Trunking - Configuration Guide

Ingate SIParator /Firewall SIP Security for the Enterprise

Application Note Asterisk BE with SIP Trunking - Configuration Guide

White Paper. SIP Trunking: Deployment Considerations at the Network Edge

Application Note Configuration Guide for ShoreTel and Ingate

Application Note Startup Tool - Getting Started Guide

Startup Tool TG - Getting Started Guide

Application Note Asterisk BE with Remote Phones - Configuration Guide

Cisco Webex Cloud Connected Audio

Networking interview questions

NGN: Carriers and Vendors Must Take Security Seriously

v2.0 September 30, 2013

WHITE PAPER. Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS. Starting Points

Frequently Asked Questions (Dialogic BorderNet 500 Gateways)

Firewalls for Secure Unified Communications

Fusion360: Static SIP Trunk Programming Guide

Network Configuration Guide

Application Note Configuration Guide for ShoreTel and Ingate with PAETEC

SIP as an Enabling Technology

Transporting Voice by Using IP

ZyXEL V120 Support Notes. ZyXEL V120. (V120 IP Attendant 1 Runtime License) Support Notes

Avaya PBX SIP TRUNKING Setup & User Guide

Configuration Guide IP-to-IP Application

Q-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ

Brochure. Dialogic BorderNet Session Border Controller Solutions

How to Install an Ingate E-SBC in Stand-alone Firewall mode or DMZ / LAN mode for an Aastra Teleworker Solution.

Never Drop a Call With TecInfo SIP Proxy White Paper

Telecommunications Glossary

Broadvox Fusion Platform Version 1.2 ITSP Setup Guide

SIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA)

Spectrum Enterprise SIP Trunking Service Cisco Unified Communication Mgr Firmware 6.01 IP PBX Configuration Guide

Enabling Trusted Unified Communications. Steven J. Johnson President, Ingate Systems Inc.

Application Notes for Configuring SIP Trunking between the Skype SIP Service and an Avaya IP Office Telephony Solution Issue 1.0

VOXOX. A Tell-All Guide EVERYTHING YOU NEED TO KNOW ABOUT HOSTED PBX. a VOXOX ebook VOXOX, Inc A Comprehensive Guide

Secure VPNs for Enterprise Networks

Spectrum Enterprise SIP Trunking Service Vertical TM Wave IP500TM / Wave IP2500 TM Release 4.0, 4.5 IP PBX Configuration Guide

Allstream NGNSIP Security Recommendations

Virtual Private Networks (VPNs)

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

CyberP3i Course Module Series

Cisco 5921 Embedded Services Router

Introduction. H.323 Basics CHAPTER

SIP Trunking Seminar Introduction to SIP Trunking

ITP 140 Mobile Applications Technologies. Networks

VG422R. User s Manual. Rev , 5

VoIP Basics Guide A COMPREHENSIVE GUIDE FOR VOIP BEGINNERS. Call Us at

Spectrum Enterprise SIP Trunking Service ShoreTel 14.2 IP PBX Configuration Guide

Converged Voice Service Summary

Putting the right SIP Trunk solution in place. A best practice guide for IT Professionals

Communications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise

Abstract. Avaya Solution & Interoperability Test Lab

31270 Networking Essentials Focus, Pre-Quiz, and Sample Exam Answers

The leader in session border control. for trusted, first class interactive communications

Innovative Solutions. Trusted Performance. Intelligently Engineered. Comparison of SD WAN Solutions. Technology Brief

Spectrum Enterprise SIP Trunking Service Avaya (Nortel) BCM50 Firmware IP PBX Configuration Guide

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

Ch. 4 - WAN, Wide Area Networks

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

Configure Basic Firewall Settings on the RV34x Series Router

Position Paper SIP trunking: The what, how and why

Digital Advisory Services Professional Service Description SIP SBC with Field Trial Endpoint Deployment Model

Spectrum Enterprise SIP Trunking Service FORTINET - Fortivoice FVE 200D-T Software Verison: V5.0 B156 IP PBX Configuration Guide

TREND REPORT. Hosted VoIP: What IT Decision-Makers Really Think

: Microsoft. Updated : 7/24/2009 READ THIS BEFORE YOU PROCEED

itel MPLS (IP VPN) Maximum Network Potential

Contact Center SIP Migration SYNERGY DRIVES SUCCESS

Unified Communications Manager Express Toll Fraud Prevention

ABSTRACT. that it avoids the tolls charged by ordinary telephone service

Polycom Video Border Proxy (VBP ) 7301

Competitive Public Switched Telephone Network (PSTN) Wide- Area Network (WAN) Access Using Signaling System 7 (SS7)

Leveraging Amazon Chime Voice Connector for SIP Trunking. March 2019

Application Note. Deploying Survivable Unified Communications Solutions with the Dialogic 2000 Media Gateway Series

Application Notes for Computer Instruments eone with Avaya IP Office Server Edition - Issue 1.0

Changing the Voice of

VoIP Basics. 2005, NETSETRA Corporation Ltd. All rights reserved.

CompTIA Network+ Study Guide Table of Contents

Security for SIP-based VoIP Communications Solutions

Patton Electronics Co Rickenbacker Drive, Gaithersburg, MD 20879, USA tel: fax:

Glossary of Unified Communications Terms

GLOSSARY OF UNIFIED COMMUNICATIONS TERMS

Configuration Guide. Ingate SIParator /Firewall E-SBC with Microsoft Office 365 Unified Messaging (UM)

Application Notes for Presence OpenGate with Avaya IP Office 9.0 Issue 1.0

[MS-TURNBWM]: Traversal using Relay NAT (TURN) Bandwidth Management Extensions

Unofficial IRONTON ITSP Setup Guide

ITdumpsFree. Get free valid exam dumps and pass your exam test with confidence

VeriSign Communications Services. IP Network Solutions. Outsourcing the Softswitch Functionality. Where it all comes together.

Metro Ethernet for Government Enhanced Connectivity Drives the Business Transformation of Government

Page 2 Skype Connect Requirements Guide

2FXS Analog Telephone Adapter

Application Notes for Phonect SIP Trunk Service and Avaya IP Office 7.0 Issue 1.0

One-Voice Resiliency with SIP Trunking

Introduction to VoIP. Cisco Networking Academy Program Cisco Systems, Inc. All rights reserved. Cisco Public. IP Telephony

Cisco Technologies, Routers, and Switches p. 1 Introduction p. 2 The OSI Model p. 2 The TCP/IP Model, the DoD Model, or the Internet Model p.

Clearspan 911/E911 Overview RELEASE 22

Network Services Internet VPN

Troubleshooting Voice Over IP with WireShark

This is a sample chapter of WebRTC: APIs and RTCWEB Protocols of the HTML5 Real-Time Web by Alan B. Johnston and Daniel C. Burnett.

Truffle Broadband Bonding Network Appliance

Transcription:

What is SIP Trunking? ebook A vast resource for information about all things SIP including SIP, security, VoIP, SIP trunking and Unified Communications.

Table of Contents 3 4 5 6 7 8 9 10 11 What is the SIP protocol? The Basics of SIP Trunking What is NAT? SIP Trunking Bring Your Own Bandwidth Managed SIP Trunking Service Providers The Role of an Ingate in a Managed Services Environment What is SIPconnect and How Does Ingate Work with It? SIP Security Routing Rules and Policies

What is the SIP Protocol? SIP is an Application Layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants. These sessions include telephone calls, multimedia distribution,multimedia conferences and presence. The SIP Protocol is defined as part of IETF RFC 3261, located at www.ietf.org. SIP invitations are used to create sessions that carry session descriptions, which allow participants to agree on a set of compatible media types. SIP makes use of elements called proxy servers to help route requests to the user's current location, authenticate and authorize users for services, implement provider call-routing policies, and provide features for users. SIP also offers a registration function that allows users to upload their current locations for use by proxy servers. SIP runs on top of several different transport protocols, such as UDP, TCP and TLS. The SIP requests and responses are written in plain text within the datagram of the IP Header. Contained in the SIP requests and responses are the addresses of the source and the destination of the participants. These addresses are SIP URI s, which have a UserInfo and Host Address, and this host address can either be an IP address or a domain name. For example, a SIP URI can look like sip:scott@ingate.com. Therefore, the routing of SIP is done using IPv4 addresses at the Application layer and does not route at the Transport or Network layer. As the addressing and routing of SIP are done at the Application layer, the biggest problem the SIP protocol now has is the disconnect between the IPv4 addressing and routing at the Application layer versus the IPv4 addressing and routing at the Transport and Network layers. Network Address Translation (NAT) occurs at the Transport and Network layers, and thus the challenge. 3

The Basics of SIP trunking SIP Trunking is a term applied to the services offered by LECs (Local Exchange Carriers), ILECs (Independent Local Exchange Carriers), CLECs (Competitive Local Exchange Carriers) and ITSPs (Internet Telephony Service Providers) to terminate Voice over IP (VoIP) calls to the Public Switched Telephone Network (PSTN). SIP Trunking allows enterprises and small businesses to eliminate a PSTN gateway at their site and outsource that function to a carrier. It is typically a lower-cost alternative to Primary Rate Interfaces (PRIs) because SIP trunks can be purchased in single-trunk increments (as compared to 23 channel increments for a PRI). Other ways in which SIP trunks decrease costs: With SIP trunks, a single network can be maintained within the organization, rather than having both a voice and data network. Internet bandwidth can be used more efficiently. Moves, Adds and Changes can be completed without major wiring upgrades. SIP Trunks are delivered in several ways: Over the Public Internet SIP Trunking Anywhere Allows any enterprise, anywhere, to adopt SIP Trunking and assign some, possibly unused, bandwidth to voice at no extra charge for the connection, and providing the highest ROI. Managed Services Carriers supply a dedicated, fully managed connection from their Point of Presence to the enterprise site. This service offers quality of service guarantees, but is somewhat more expensive. MPLS Delivery The carrier, usually an LEC, ILEC or CLEC, will deliver a managed service using Multi-Protocol Label Switching to insure the highest voice quality and reliability. The voice quality, even over an un-managed public Internet connection, is excellent. Typical savings over PRIs range from 40-60% with the payback period for the equipment required, which may include an upgrade to the IP-PBX and the installation of an Ingate SIParator or Firewall, has been shown to range from 4 12 months. With these facts in mind, there is no question that SIP Trunking offers compelling advantages for businesses large and small. 4

What is NAT? Network address translation (NAT) We often hear of problems with NAT Traversal and SIP. Following we provide a short synopsis of Network Address Translation and its purpose on the network and why this is a problem when bringing SIP into a network. Since the addressing and routing of SIP is done at the application layer, the biggest problem the SIP protocol now has is the disconnect between the IPv4 addressing and routing at the application layer versus the IPv4 addressing and routing at the transport and network layers. Network Address Translation (NAT)occurs at the transport and network layers, and thus the challenge. The purpose of a Network Address Translation (NAT) firewall for businesses is to provide the translation between a single public IP address on the WAN and multiple private IP addresses for all of the workstations, servers and other IP equipment within the LAN. The router running NAT should never advertise the LAN network addresses to the WAN network backbone. Only the networks with global addresses may be known outside the router. However, global information that NAT receives from the border router can be advertised in the LAN network the usual way. Typical or traditional firewalls apply NAT to the TCP/IP protocol at the transport and network layers. NAT's basic operation is as follows. The network addresses inside a private domain can be reused by any other private domain. For instance, a single Class A address could be used by many private domains. At each exit point between a private domain and the public WAN backbone, NAT is installed. If there is more than one exit point it is of great importance that each NAT has the same translation table. In order for SIP to work effectively, the NAT issue must be resolved, and that is where the Session Border Element such as the firewalls and SIParators offered by Ingate, are very important for enabling SIP services to an enterprise network. 5

SIP Trunking Bring Your Own Bandwidth Internet telephony service providers (ITSPs) provide SIP trunking services to all who have Internet connectivity. VoIP communications is just another application provided over the Internet alongside Web, e-mail, FTP and other services commonly found on the Internet. ITSP companies like Bandwidth, Broadvox, BandTel, BBTelsys, Excel and Babytel provide open access to their telephony services over the Internet. The enterprise leases telephony services such as SIP trunking to provide PSTN numbers and access. The ISP (Internet Service Provider) is simply the service to gain access to the Internet. The physical connection to the Internet can vary according the enterprise s needs; it can be as small as DSL or grow to T1, T3, Ethernet, OCx, and more. The advantage is the consolidation of both voice and data traffic on the same physical connection, thus maximizing bandwidth utilization and minimizing monthly reoccurring costs. Ingate Firewalls and SIParators are critical in this deployment, providing voice and data traffic security to the enterprise: solving the NAT traversal issues through the corporate firewall, monitoring and providing security to SIP traffic, and protecting the IP-PBX from malicious attacks. The downside is that the voice communication is only as good as the Internet connection that is being used because that link is not managed from end to end. The advantages of this type of delivery is that it is available anywhere and typically is offered at very attractive rates. With an Internet connection, an Ingate SIParator or Ingate Firewall at the edge to resolve routing and security concerns, and a good ITSP, SIP trunking may be delivered anywhere in the world. 6

Managed SIP Trunking Service Providers Managed SIP Trunking service is offered by facilities-based providers who have local Points of Presence (POPs) from which the last mile is delivered to the enterprise customer. Because the service provider has end-to-end control of the network, the quality can be monitored and controlled. The physical connection to the service provider can vary according to the needs of the enterprise and may range from a single T1 with 1.5Mbps of bandwidth which is sufficient for 23 simultaneous calls, up to and including fiber optic connections with very large capacities. Since voice is very susceptible to delay, often the Managed SIP Trunking Service Provider will deliver service using MPLS (Multi-Protocol Label Switching) which assures that the voice packets will receive delivery precedence over other services being delivered on the same physical connection. For both of the above reasons, many service providers are willing to write Service Level Agreements (SLAs) that guarantee a certain level of service quality and managed SIP Trunks are often more expensive than those services which are offered over the Public Internet. The Ingate remains critical in this application as a security device between a foreign network and the enterprise network. The Ingate Firewall/SIParator provides voice and data security for the enterprise, from other foreign networks. Ingate also monitors and secures the SIP traffic, protecting the IP-PBX from malicious attacks which may range from theft of service to Denial of Service attacks. This is important because any malicious issues on foreign networks can quickly become enterprise issues without a security device in between. Managed SIP Trunks offer the advantage of a closely monitored network maintained to deliver the highest voice quality. The enterprise needs to ensure that its network is robust and that no internal bottlenecks exist that could reduce voice quality. Enterprises should also consider establishing its own security perimeter to maintain control of its network and who is allowed to use the SIP Trunking services. 7

The Role of an Ingate in a Managed Services Environment Previously we outlined managed SIP trunk service offerings, what they were and their advantages. Following we will drill down even further and look at why Ingate is an important part of these deployments to normalize SIP traffic, maintain network security and bridge the voice and data LANs for more effective use of SIP in the enterprise. In a managed service offering, often the service provider delivers an MPLS (Multi-Protocol Label Switching) interface and delivers a private address space into the organization from their network. This resolves the NAT traversal issues. However, it does not solve SIP normalization issues between the IP-PBX and ITSP. It also doesn t address security. Despite the actual delivery mechanism of the SIP trunks, the Ingate unit is still required to normalize the traffic between the business and the service provider when those two implementations are not identical. From a security point of view, since the service provider is offering the Local Area Network and the private IP addresses from their network space, business must ask themselves: Do I trust the service provider to protect my IP-PBX and other parts of my network from harm? If the answer is not a definitive yes then the company will be well advised to install an Ingate SIParator or Firewall to perform this very important function. Finally, by delivering service this way, the service provider is in effect creating separate voice and data networks in the customer premise. This means that personal computers are not going to be connected to the same LAN segment and cannot be used for such services as Presence and Instant Messaging, soft clients cannot be used and the PC cannot be used to self-configure user accounts. In these instances, the Ingate can act as a bridge between the two networks allowing the full capabilities of SIP to be realized, including the promise of Unified Communications. 8

What is SIPconnect and How Does Ingate Work with It? SIPconnect is a set of technical recommendations or best practices for SIP trunking. SIPconnect was developed by the SIP Forum to provide a common method for enterprises to connect to a SIP trunking service provider. SIPconnect establishes basic minimum supported functionality for both service providers and IP-PBXs, and establishes the preferred method of negotiating those functions where multiple, legitimate options exist within the SIP standard. SIPconnect enables enterprises and SIP trunking service providers to more easily connect with one another using a reference architecture. Several service providers have adopted the SIPconnect standard and many more are expected to implement SIPconnect in their networks soon. However, not all IP-PBXs are compliant with the requirements of SIPconnect. Ingate supports SIPconnect. Ingate is committed to the adoption of SIP-based communications and SIP trunking for enterprises. SIPconnect is a major step forward toward standardizing interoperability among all of the components of a SIP trunking implementation. Since not all IP-PBXs have enabled all of the features necessary to comply with SIPconnect, Ingate can provide that functionality on behalf of the IP-PBX, allowing the enterprise to successfully connect to SIPconnect-compliant SIP trunking service providers quickly, easily and securely. The major benefit, of course, is seamless interoperability. Another important benefit is security: when the ITSP and IP-PBX are both truly interoperable, security risks are minimized. 9

SIP Security Like any application over Voice-over-IP and all similar applications should be implemented in a way that ensures the continued security and integrity of the enterprise network. With the proper protections in place, SIP applications are very secure. In fact, VoIP calls can be more secure than those made on the PSTN. That s just an example of how, with the right measures, any SIP application can be secure enough for enterprise use. The SIP protocol resides in the Application Layer; it is written in clear text within the datagram of a UDP or TCP transport. Because it is in clear text, it is readily readable to any malicious efforts to compromise your VoIP or data traffic. Sensitive IP address information, port address information, contact addresses, usernames, SIP compliance capabilities, media stream attributes and more are all contained in the SIP protocol. In addition, the VoIP media stream is also unencrypted. Common media streams such as G711, G723, and G729 are open for malevolent efforts to record conversations over the Internet. Given that SIP is a relatively new protocol for VoIP deployment, there have been very few malicious SIP attacks to date. But as popularity grows and SIP becomes more widespread, the possibility for these kinds of events increases. But since the SIP protocol has been developed by the IETF it has built in capabilities to ensure that the security and control of the enterprise network is maintained, and that measures can be taken to protect the integrity of all Internet-based communications, even for the most sensitive conversations. The IP-PBX should be deemed a Mission Critical server. The IP-PBX is the controller for all of the VoIP phones and SIP applications. Any service outage or degradation would result in the loss of communication and ultimately the loss of business revenue. The IP-PBX must be protected from the Internet and foreign or unknown networks just as any other mission-critical server on the network. That means that the PBX should never be assigned a publicly routable IP address. The Network Address Translation to the private address space provides a layer of security that must be maintained for the IP-PBX. Measures such as deep packet inspection, encryption and support for TLS and SRTP, authentication, intrusion detection and prevention (IDS/IPS) functionality, DoS attack detection and even SIP (and SIPconnect) compliance are all necessary ways to protect not just the SIP traffic, but also the network. 10

Routing Rules and Policies The Deep Packet Inspection capability of Ingate SIParators and Firewalls offer the ability to apply Routing and Dial Plan rules to all incoming SIP traffic. As the Ingate product has the ability to look at Layer 2 through Layer 7 of the OSI model, Routing and Dial Plan rules can combine the use of several layers at once. Combining such things as the TCP/IP (Transport Layer) with the SIP protocol (Application Layer) ensures that only predefined SIP traffic is processed. Routing Rules The Ingate Dial Plan has three main attributes: 1. Match From Header, where the Ingate can match on the From Header SIP URI, (the person making the call). In addition the Ingate can separate the Transport whether UDP, TCP or TLS, and further we can specify which IP address or range of IP addresses at the Network layer from which we can accept calls. 2. Matching Request URI. The Request URI Header is a routable header of any SIP Request. The Ingate can Match & Remove a Prefix, Match any specific Alpha/Numeric characters or even range of characters. This also includes Domain matching. 3. Forward To. The Forward To section defines where to 'actually' send the call perhaps to a predefined account, with Registration and/or Header Replacement requirements/behavior; or to an IP address or Domain. It can also change the call request to a different Transport and port if required, and even dynamically assign the use of our B2BUA if needed. The actual Ingate Dial Plan, then, combines these three attributes to provide the ultimate in flexibility and security in defining A) accepting where the call is coming from and B) where the call is going. If the SIP traffic is not predefined it will be denied. This also gives the ability to have multiple different IP-PBX vendors and multiple different ITSP accounts. N+1 ITSPs to N+1 IP-PBXs. There is no limit to the customization of call routing in the Ingate. Policies Policies related to SIP have to do with allowing or disallowing SIP traffic based on SIP Methods, SIP Mime Content, SIP Domains and other higher-level rules. 11

Case Study Case Study -- Kool Smiles - a children s dental management practice in the U.S The ROI on SIP Trunking Secure VoIP Technology Cuts Phone Costs Forty Percent for Kool Smiles Kool Smiles, a children s dental man agement practice in the U.S., was an early adopter of SIP trunking technol ogy. SIP trunks have become a simple, cost-effective way for businesses to transition from traditional telephony to Voice-over-IP (or VoIP), which essentially shifts all phone calls to the Internet. www.ingate.com

Ingate Systems info@ingate.com P: (603) 883-6569 www.ingate.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback