Session Border Controllers in Enterprise

A Light Reading Webinar

Speakers

Natasha Tamaskar

VP Product Marketing - Genband

Mykola Konrad

Director Enterprise Product Management

Sonus Networks

Tori Downes

Agenda

•

Introduction

•

Why SBCs for Enterprise

Why SBCs?

• Migration to IP / decline of TDM

• New IP services - voice (SIP Trunking), video,

conferencing, social networking, cloud computing, …

• Creates “Islands of IP” between

• Enterprises and Service Providers

• Service Providers - partners and peers

• Technologies - IP and TDM, SIP and H.323

• Need to manage at the boundaries

• Protect resources

• Facilitate connectivity

SBC Deployment Scenarios

Typical SBC Functions

• Security

• Hosted NAT, DoS/DDoS Prevention, Authentication, SPIT

Detection, Topology Hiding, Privacy, Lawful Intercept, …

• Interworking

• SIP/H.323, VPN Bridging, IPv4-IPv6, Transcoding/ Transrating, DTMF Interworking, IMS Interworking, …

• Call Policy

• Call Admission Control, QoS, Bandwidth Management,

ENUM, Call Routing, Number Analysis…

• Accounting

Why SBCs for Enterprise?

• Becoming “Islands of IP”

• Deploying more diverse services - beyond data

• Same core requirements - but differences in detailed function

• No requirement for (say) Lawful Intercept, Billing

• Likely to require (say) QoS, Bandwidth Management,

H.323-SIP Interworking, SIP Interworking, VPN bridging, Transcoding, Encryption, …

• Drivers

• SIP Trunking

• Video

• Inhibitors

Enterprise SBC Architecture

• Enterprise alone (Integrated SBC)

• Hybrid = managed service - media in Enterprise,

signaling/policy at Service Provider (Distributed SBC)

• Service Provider alone = hosted service (Integrated SBC)

• Enterprise considerations

• Survivability - system failover (expensive!), multiple SIP trunks, PSTN failover, local routing

• Compute/DSP power for DoS/DDoS, QoS/policy

management, transcoding / transrating, …

Enterprise SBC Architecture

Service Provider 1

Enterprise Network

Hosted Enterprise

Enterprise SBC Cost Benefits

• Enables lower carrier access and feature

rates from SIP Trunking

• Lower monthly recurring port charge

• Lower physical access charges

• Lower metered charges

• Fewer ports needed

• Network-wide Least Cost Routing (LCR)

reduces telephony expenses

• Can route traffic across Corporate data network

• Can automatically choose among multiple providers

• Reduces labor required to support

configuration and maintenance of dial plans across disparate PBXs

Enterprise SBC Cost Benefits

• Provides evidence for SLA enforcement (loss recovery)

• Session Detail Records

• QoS Reporting

• Reduces cost of Session Detail Record (SDR) collection /

aggregation

• No need to go to disparate PBX

• All SDRs consolidated from SBCs

• Enables carrier bypass through enterprise to enterprise VoIP

peering

Internet

Enterprise Enterprise

Enterprise SBC Cost Benefits

• Leverages existing PBX

investments through protocol and vendor interworking

• IP interface ports typically cost less than TDM ports

• Over-provisioning to ensure

network supports real-time data is no longer necessary (fewer ports required)

• Centralized Call Admission Control

• Policy Decision-based routing

SBC Enterprise Service

From Distributed PRI to Centralized SIP Trunking

• Limited intra site connectivity

• Services are provided to locations not users

• Every change requires carrier action

• Hard to aggregate bills

• Management challenges – many touch points

• Services are tied to users not location

• Equipment can be centralized

• Web based provisioning

• Single billing solution, ability track call performance

SBC Enterprise Service

Centralized Call Recording

SIP Endpoint Application Server Call SIP, H.323, PRI Recording Device SIP Dialog (Original Call / Dialog

/ Session SIP Dialog Information about Call Copy of the original RTP Streams (Tx and Rx) SIP Dialog Information about the

SBC Enterprise Service Scenarios

• Today can block sessions and allow video based on commonly set policies

• Future – Video interworking, SIP Video features (Find me, follow me, conferencing,)

SBCs as center of video communications

SBC Enterprise Service Scenarios

Enterprise Site Peering

HQ Joint Venture Partner SIP Trunk Internet SIP Trunk

Audience Poll

SBC Implementation Considerations

SBCs create a new kind of communication network

• Interworking with legacy equipment (H.323)

• Managing time sensitive traffic on “data” network(QoS, VLAN)

• Supporting a wide range of SIP base services

• Voice • IM/ Chat • Presence • Video • As always security • Topology hiding

• Use of DMZ to “siphon off” SIP traffic)

• Encryption for signalling, media

SBC Implementation Considerations

• Create secure, QoS enabled, connection to NOC

• Router Changes

• Interoperability and Legacy Regulatory Support

• Support centralized routing

• Ability to route calls globally based on least cost

• Ability to connect via IP to carriers around the world

• Ability to offer short digit dialing across the enterprise

• Regardless of infrastructure at the location

• Regardless of what the user actual dials

• Security Considerations

• Who owns the SBC? IT? Security? Voice

engineering?

• Balancing Security vs. Performance (QoS)

• Jitter, Lag, Bandwidth, Call Admission Control

• Use of bandwidth may increase

• How to troubleshoot?

• PBX troubleshooting tools may not be enough

• VoIP troubleshooting tools

SBC Implementation Considerations

Wan Routing and QOS concerns

PBX

9-1-212-555-1001

100’s of different possible callroutes

Corporate NOC & WAN

Call Media & Session are analyzed

Digits are analyzed, policies applied and

route is defined

NBS

• Protection against attacks and threats • Layer 2/3/4 security and DoS / DDoS protection

• Protection against SIP and H.323 protocol vulnerabilities

• Protection against media vulnerabilities such as malicious RTP

• Intrusion Detection and Prevention: Black list, white list management • Deep Packet Inspection for Layer 7 protection

• Data confidentiality and privacy

• Screen user identities to protect against identity theft

• Data protection and privacy – encryption of all multimedia sessions • Topology hiding for corporate infrastructure

• Protection against unauthorized access

• Authentication, authorization of sessions and access control • Preventing unauthorized bandwidth consumption

• Protection against theft of service and toll frauds

• Secure management of network elements (SNMP, HTTPS, SSH)

Enterprise Survivability – Failover

Scenarios

Scenario-1: SIP Trunk Failure

• Option A: Alternate POP from the

Same Service Provider

• Option B: Alternate Service Provider

• Option C: Intra-enterprise session

routing & management over SIP-aware Corporate VPN

Scenario-2: WAN Link Failure

• Options A-C above if diverse

physical routes are in place

• Options D PSTN Fall-back for

emergency calls Service provider A POP #1 SIP Trunk Service provider A POP #2 Service provider B SIP _T ru nk S IP T ru_n k

Enterprise SBC provides automatic detection of link failure & Intelligent Routing Options

Corporate VPN

Enterprise Survivability – Failover

Scenarios

Scenario-3: Site Hardware Failure

• Co-located High Availability pair

• State information replicated on

hot standby node

• All active calls are switched from

the active node to the hot

standby node with NO LOSS of signaling and media states

• Applies to both voice and

multi-media sessions (i.e. video, web collaboration)

S

A S

A S

Conclusion

• Enterprise SBCs provide essential interworking with legacy networks during IP transition.

• Enable Enterprise peering.

• Deliver significant cost and operational benefits.

• Are optimized to support video services.

• Incorporate necessary security features.