SIP Trunking
The Provider’s Perspective
Presented by
Advanced SIP Session Overview
1. Open Systems Interconnection Model (OSI) is
more than a model
2. Quality of Service (QoS)
• IP Peering
3. SIP Trunking– so what is it?
4. SIP Trunking Security
5. SIP Trunking CPE Architectures
6. The ITSP
• The Architecture
1. Open Systems Interconnection (OSI)
Understanding Where You Are
2. QoS and the Internet
• The Economics of IP peering
- why it works in North
America
QoS and the Internet: The Economics of IP peering
and why it works in North America
NET-A dropping packets makes NET-B
retransmit, and lowers NET-B’s throughput. That’s lost revenue for NET-B.
IP NET B
Tier N -1data
retransmit
End UserIP NET A
Tier N Bandwidth Rigorously LimitedIn North America, we see a great call:
•Packet Delay: < 100 msecs •Packet loss < 4%
QoS and the Internet: It is over
provisioned and managed
MPLS
MPLS
MPLS
MPLS
3.
SIP Trunking: So what is it?
• SIP trunking means
X voice paths to Y stations where
Y/X > 1; generally the ratio would be 4-10
• SIP trunking competes
economically, and generally
beats T1 trunking cost wise to the PBX.
• Hosted VoIP can’t scale,
either economically or
SIP Trunking Basic Features
SIP Trunking Applications:
• Bandwidth QoS
provided via SIP-Aware Firewall
(SAFW) and or MPLS
• Security
provided via SAFW and ITSP POP Border
Controllers and Proxies
• 411
Directory Assistance
• 911
Services Access
• Dialing-
Local, DID, 800, 1+, and 011+ dialing
• Converge-
Allows enterprise bulk traffic to merge
4.SIP Trunking Security and Reliability
•
LAN VoIP Design-
Need to Ensure Enterprise LAN is Correctly Designed
for VoIP (i.e. a SIP-Aware Firewall Needs to be in Place)
•
CPE Protection-
SIP-Aware Firewall that allows L5 Security (i.e. no L2
pinholes)
•
Requires ITSP MD5-
or IP Authentication for Account Authorization
•
ITSP Should Split Media and Signaling
to Different Redundant Locations,
Making Taps Virtually Impossible
•
ITSP Must Have Secure POPs
That Can Fend Off all Outside Attacks:
- DoS (Denial of Service)
- Registration Spoofing
- IP Spoofing (source-route bridging spoofing)
- Eavesdropping
SIP Trunking Security, Reliability - Hot Spots
MPLS
Internet
Hot Spot: The ITSP Demarc
The Backbone
Now back to getting serious…
5.
SIP Trunking CPE Architectures
Type 1– Dedicated IP Pipe for VoIP
Type 2– Merged MPLS-Pipe with LER Tagging VoIP
Type 3– Merged IP pipe with SIP-Aware Firewall (SAFW)
Type 4– Separate IP Pipe for VoIP with Existing Non-SIP Firewall and SIP-Aware Firewall (SOFW)
Type 5– Merged IP Pipe with Incumbent Non-SIP-Aware Firewall, No DMZ Port and SIP-aware Firewall
Type 6– Looks like Type 5 but Merged IP Pipe with Incumbent Non-SIP-Aware Firewall, No DMZ Port and SIP-Aware Firewall
Type 7– Merged IP Pipe with Incumbent Non-SIP-Aware Firewall with a DMZ Port
Type 1
–
Dedicated IP Pipe for VoIP
1- The IP pipe is dedicated to VoIP so no QoS arrangements are needed with the carrier.
2 - No firewall is needed as there are no LAN connections with other enterprise devices.
3 - This is a common architecture for dedicated media gateway deployments.
Type 2
–
Merged MPLS-Pipe with LER Tagging VoIP
1 – VoIP and enterprise data share the same IP pipe. MPLS tags the VoIP as the highest priority via the LER-Label Edge Router.
2 – The SAFW handles all SIP addressing transformation issues between the LAN and WAM demarc.
3 – Architecture offers full QoS for VoIP.
Type 3
–
Merged IP pipe with SIP-aware Firewall (SAFW)
1 – VoIP and bulk enterprise share the same IP pipe.
2 – The SAFW-SIP-Aware Firewall handles all the QoS issues by prioritizing VoIP traffic over the bulk enterprise network.
3 – The SAFW handles all SIP addressing transformation issues between the LAN and WAM demarc. 4 – Architecture offers partial QoS for VoIP (no inbound UDP QoS).
Type 8 –
Merged IP Pipe with Incumbent Un-SIP-Aware Firewall
1 – VoIP and bulk enterprise share the same IP pipe.
2 – QoS is not realized for VoIP since there is no QoS feature in the SAFE.
3 – The UA handles all SIP addressing transformation issues between the LAN and WAN demarc via SIP NAT transversal features and/or by using STUN-Simple Transversal of User datagram protocol with an external STUN server.
4 – The USAFW security is breached by having ports opened for SIP UDP traffic. 5 – Full utilization of incumbent IP pipe for VoIP realized.
6 – Architecture does not scale well for anything beyond a few VoIP calls.
7 – This is architecture is suited only for hosted VoIP services with a small number of end-user stations in the LAN space.
6. The ITSP behind the SIP Trunk
• Getting to the ITSP proxy
• Resiliency in the event of failure
• Load to the ITSP proxy (dynamic routing to)
• When an ITSP element fails (real-time
dynamic fault switchover)
Special ITSP Services for SIP Trunkers
• Online Traffic monitoring (TotalView)
• Online Billing
• Traffic re-routing (Total Reroute)
• Silent Running – Bandwidth
ITSP Summary
•
SIP Trunking Competes-
and beats T1 Trunking on price and
features
•
QoS-
SAFW and or MPLS needed for bandwidth QoS
•
SIP CPE Architecture-
critical for creating a secure clear call
•
The ITSP Behind the SIP Trunk-
an architecture is needed
•
SIP Security–
private or public, it can be made secure…
About BandTel
• Headquartered in Newport Beach, California, BandTel is a leading worldwide
provider of SIP Trunking services. The company is dedicated to ensuring its customers and partners alike have access to the most reliable, end-to-end VoIP service available on the market today.
• Its N-Plus™ network architecture is designed to solve the throughput and
redundancy problems on high-capacity SIP-based networks and eliminate any single point of failure.
• Currently servicing customers worldwide, including Call Centers, Enterprise
customers and IVR providers.
• BandTel continues to develop strong partnerships with leading carriers and
telecommunications companies, including Global Crossing, XO
Communications, Level 3, Qwest Communications, Verizon Business, ArbiNet, and Primus.