Sangoma Session Border Controllers Frederic Dickey Shaunt Libarian October 17, 2013
Inside this Deck About Sangoma Technologies Reasons for Session Border Controllers Sangoma s SBC product portfolio Use Cases Walkthrough Closing 2
About Sangoma Industry pioneer with over 25 years of experience in communications hardware and software Publicly traded company since 2000 TSXV: STC One of the most financially healthy companies in our industry Growing, Profitable, Cash on the Balance Sheet, No Debt Mid-market sized firm with just under 100 staff in all global territories Offices in Canada (Toronto), US (CA, NJ), EU (UK & Holland), APAC (India), CALA (Miami) World wide customer base Selling direct to carriers and OEMs Selling to the enterprise through a network of distribution partners 3
World Class Customers 4
World Class Products Voice Telephony Boards Analog/digital/hybrid, WAN, ADSL Session border controllers Portfolio of Lync Server 2013 Products Lync Express Session Border Controllers Gateways VoIP Gateways Net Border Carrier Gateways SS7, PRI, R2 Vega Enterprise Gateways PRI, PR2, Analog, BRI Call Center Software NetBorder Express, Call Progress Analyzer Transcoding (boards/appliances) Fiber connectivity (STM1) Wireless products 5
DRIVERS FOR SESSION BORDER CONTROLLERS
Why Session Border Controllers SBC are installed at the edge of VoIP Networks to facilitate end to end VoIP transmission without compromising network security Several reasons: New security issues introduced with protocol Fix Interoperability issues Implementation of UC/Collaboration feature SBC are typically implemented as Back to Back User Agents (B2BUA) All and Media (voice) traffic transit through SBCs 7
B2BUA Explained SBC Eth pipe port RTP ports Media Normalization Security Transcoding CDRs RTCP QoS report Call Access Control Management GUI / config DSP resources Etc. Media port RTP ports Eth pipe Because the SBC sees all and RTP traffic coming from both sides, it can analyze, fix, control, etc. 8
Where are the User Agents (UA)? SBC UA UA Eth pipe port RTP ports Media Normalization Security Transcoding CDRs RTCP QoS report Call Access Control Management GUI / config DSP resources Etc. They are back to back! Media port RTP ports Eth pipe 9
Looks can be deceiving: Sessions vs Calls Some vendors rate their SBCs with Sessions counts 1 Session = 1 User Agent 1 Call = 2 User Agents An SBC with 1000 sessions capacity really carries only 500 calls end to end Sangoma: 1 Session = 1 Call = 2 User Agents A Sangoma SBC rated for 1000 Sessions means it can carry 1000 calls 10
Initial Drive for Session Border Controllers Traverse firewalls for end-to-end VoIP telephony Without SBCs protocol does not work with NAT functions in firewalls Forward /RTP ports on firewalls Opens up security issues Set-up VPNs Costly to manage/bandwidth limitations/subscriber mgmt Firewall Application Layer Gateways (ALG) OK, brings other limitations for other issues SBCs fix this issue by remapping IP and Ports in Messages and RTP port addressing 11
Security Issues Connectivity to other IP Networks introduces security issues Denial of Service (DoS) attacks Toll Fraud by manipulating media Topology hiding ( via s, hops, etc.) Firewalls cannot act on all these security issues unless it is aware ( ALG) Some firewall vendors offer ALGs, but it is not enough 12
Interoperability Challenges RFC3261 Largest RFC Not a tight specification like ITU specs for instance Uses Should, Can, May, Option a lot It is a recommendation, not a hard rule, lots of room for interpretation Result Everyone is compliant to RFC3261 But hard time to interop! For end to end VoIP Interworking, SBCs come to the rescue by fixing these differences 13
Additional Interop Challenges It s not just signaling Media can also need fixing for end to end communications to become possible: Codecs mismatch Fax T.38/Inband Fax RFC2833/INFO/Inband DTMF Methods RTP and SRTP IPV6 vs IPV4 UDP vs TCP (example with MS Lync) TLS/SRTP interop with /RTP Firewalls cannot address these do not have DSPs to process media 14
Integration at the edge has its advantages Because SBC see all traffic, they have evolved to be much more than interop/security devices Magnet for core VoIP functionnality! Migration Intelligent call routing for VoIP Lawful intercept call forking for recording devices Quality of Service reporting Billing Intrusion Management Session Border Controllers have become essential in VoIP deployments! 15
Rule of Thumb/Best Practices Everywhere a VoIP Network needs to interface to another VoIP Network, you need an SBC Same rule with IP Networking and Firewalls really SBC are required in both Carriers and Enterprise Networks RTP IP RTP Softswitch Carrier VoIP Network Enterprise VoIP Network IP-PBX 16
PRODUCT PORTFOLIO OF SESSION BORDER CONTROLLERS
Vega Enterprise SBC Appliance 25-250 Sessions H/W DSP acceleration 1U / 2 x 1 GE ports Software Version 25-500 Sessions/Self-Contained ISO VM requirements 1 Core/1 GB RAM/Bridged Software/Hybrid Version - UNIQUE 25-500 Sessions/Self-Contained ISO VM requirements 1 Core/1 GB RAM/Bridged H/W DSP acceleration D150 18
NetBorder Carrier SBC Appliance 400-4000 Sessions H/W DSP acceleration 1U / 2 x 1 GE ports RAID 1 19
Product Highlights All SBCs Efficient Scaling from 25 to 4000 Sessions/Calls 1 session per voice call Registrations do not consume sessions Web GUI for ease of Configuration and Deployment Session-based licensing, no hidden costs or fees Cost-Effective Carrier-Class Features and Performance Network Interconnect Point for Trunking QOS & QOE (Quality of Experience) for Enterprise Networks Encryption and Security Topology Hiding for Fraud Protection DoS/DDoS Attack Protection Far End NAT traversal Voice, Video, Fax, IM and Presence Support - Interworking & protocol normalization Certifications for 20
Product Highlights All SBCs Intrusion Prevention Registration Scan Attack Detection Request Rate Limiting Load Limitation Registration Pass-thru Header Normalization Malformed Packet Protection Intelligent media anchoring/release RTCP Statistics Reports Call Access Control Limits call rate and total calls per user or IP Call Security with TLS / SRTP RTP Transcoding G.711, G.722, G.729, G.726, G.723.1, ilbc, AMR, G.722.1 T.38 Fax Relay RADIUS CDR and Authentication VLAN QoS (ToS or Diffserv) RESTful WEB APIs 21
Advanced XML Routing Engine Dynamic Load Balancing and Call Routing Least Cost Routing ENUM Routing Know your regular expressions! Joke aside Sangoma can help you with your dial plans via Professional Services Future releases to have GUI routing rules 22
Browser-Based GUI 23
Rear View Display, USB DSP resources External GigE port Internal GigE port 24
NetBorder Series SBC CARRIER/SERVICE PROVIDER APPLICATIONS AND USE CASES
Carrier SBC for dial tone Residential Softswitch NAT/FW ITSP SBC Broadband NAT/FW ATA Residential SBC: Performs Security functions Far End NAT Traversal Peering with other providers harmonization Media harmonization Call Admission Control NAT/FW SOHO 26
Trunking This NetBorder SBC protects the ITSPs network 27
Network Peering/ IP Carrier Interconnect Use IP for inter-carrier links No TDM conversion required: Decrease complexity Better voice quality, less delay, less transcoding 28
Carrier Interconnect Mediation Secure carrier network Normalise messaging (ease interop) Transcoding between carriers 29
Vega Series SBC BUSINESS APPLICATIONS AND USE CASES
Enterprise Trunking DMZ Deployment External FW/NAT Internal FW Vega esbc IP-PBX ITSP IP Direct Deployment on Public IP address Vega esbc IP-PBX ITSP IP 31
Secure Access Control for Remote users or Telecommuters External FW/NAT Internal FW Vega esbc IP-PBX ITSP IP Ext 101 Home Office, Mobile Users, Telecommuters Ext 102 Vega esbc: Pass-through registration on IP-PBX Remote FW/NAT traversal Call Admission Control Topology Hiding 32
Multi-Site Consolidation Vega esbc IP-PBX ITSP IP SBC: Large Central trunk Economies of scale Remove Multi-Sites PRIs Intelligent Call Routing Sophisticated dial plans Performs Security functions harmonization Media harmonization WAN WAN IP-PBX IP-PBX 33
Signaling Conversion Convert over TCP to over UDP Some devices require /TCP e.g. Microsoft Lync 34
Legacy PBX migration to Microsoft Lync IP-PBX ITSP Vega esbc Mediation Server Lync Server Active Directory SBC: Performs Security functions UDP/TCP Translation harmonization Media harmonization Intelligent Call Routing Active Directory Routing Unified Dial Plan Lync User 35
Microsoft Lync Transition with Analog Lines Vega 5000 5000 Analog Vega esbc ITSP Mediation Server Lync Server Lync User Active Directory SBC: Performs Security functions UDP / TCP translation harmonization Media harmonization Intelligent Call Routing Active Directory Routing Unified Dial Plan 36
CONFIGURATION WALKTHROUGH
Documentation http://wiki.sangoma.co m/netborder-session- Controller Frequently updated wiki HTML/pdf based documentation Includes: Admin guide Step-by-step configuration Technical documents Quick Start Guide 38
SBC Configuration Steps / Panels Signalling Interfaces Media Interfaces Domain Profile Domain User Accounts Media Profile Profile Trunk Call Routing 39
Browser-Based GUI Now switch to Live GUI walkthrough 40
CLOSING
Summary Sangoma has a wide range of flexible SBCs, saleable from small enterprise to large carrier Easy licensing and field upgradeable Full feature set Cost effective compared to competition 42
For More Info Guide to Session Border Controllers http://wiki.sangoma.com/netborder-session-controller For future training, visit http://www.sangoma.com/resources/training 43
Contact Us Sangoma Technologies 100 Renfrew Drive, Suite 100 Markham, Ontario L3R 9R6 Canada Website http://www.sangoma.com/ Telephone +1 905 474 1990 x2 (for Sales) Email sales@sangoma.com 44
THANK YOU