ACME- Session Border Controllers – podstawa udanych i efektywnych implementacji rozwiązań VoIP i...
-
Upload
biznes-to-rozmowy -
Category
Technology
-
view
540 -
download
2
description
Transcript of ACME- Session Border Controllers – podstawa udanych i efektywnych implementacji rozwiązań VoIP i...
SBCs – The Key to Successful VoIP Deployments
Geraint EvansTechnical Director – Enterprise Solutions, EMEAAcme Packet
Disclaimer
Acme Packet has made no commitments or promises orally or in writing with respect to delivery of any future software features or functions. All presentations, RFP responses and/or product roadmap documents, information or discussions, either prior to or following the date herein, are for informational purposes only, and Acme Packet has no obligation to provide any future releases or upgrades or any features, enhancements or functions, unless specifically agreed to in writing by both parties.
Agenda
Market Overview
What is an SBC?
SBC Applications
Case Studies
Conclusion
Market Overview
SIP Trunking Trends
APKT service provider customers lead the way
80 deployments and trials today
30 countries
Many different IP PBX/UC environments supported
SIP Trunking still in early stages
CY08, $130M in revenue, 208,000 SIP trunks
North America leads deployment
Driven by cost
EMEA market more fragmented, but growing rapidly
Large number of providers emerging
Characterised by value – not price NA21%
EMEA41%
CALA26%
APAC12%
SIP Trunking - BenefitsImproved network efficiency to control and reduce costs
Consolidate traffic from small remote sitesEconomies of scale, remove need for PSTN access at each remote branch
Leverage IP technologies for operational efficiency gainsSIP VoIP becomes just another overlay application
Lower operational costsEliminate TDM gatewaysImproved bandwidth utilisation = fewer circuits for the same number of calls
Improve voice quality Eliminate unnecessary IP-to-TDM-to-IP translations and associated latencyExploiting high fidelity IP codecs
Deploy new applications to increase efficiencySimplifies integration with hosted services
The time is now – In the current economy cost savings are critical
What is an SBC?
SBCs overcome UC obstacles
Support regulatory compliance
Enable call recording, call privacy, functional segregation
Secure the borders of a VoIP or UC network
Protect VoIP, video and UC sessions
Fix protocol interworking issues
Bridge incompatible systems
Connect remote workers easily and securely
Alternative to VPN Tunnels
Assure and measure session quality
Disaster recovery and survivability
SBCs overcome UC obstacles
On premise Hybrid Hosted/Centrex
SBC Applications
When do customers need an SBC?
SIP trunking
SBCs essential for security, interoperability, SLA management, diverse routing
Remote worker
Security, encryption, NAT traversal, QoS control
Branch office connections
Protocol interworking, QoS control, encryption termination, overlapping IP addressing schemes
Hosted services e.g. contact centre, Microsoft OCS
SBCs essential for security, interoperability, SLA management, diverse routing
Enterprise FMC
Security, encryption, topology hiding, NAT traversal
Direct connect deployment model
Many PBX and UC vendors have SIP interfaces or other methods for connecting PBX and UC elements to a carrier SIP trunk service
So Enterprise telephony managers ask:
Why can’t I just connect this interface directly to the carrier SIP trunk service?
Why do you need an enterprise SBC for SIP Trunking?
This presentation will address this question and others such as:
Why do I need an enterprise SBC for SIP trunking interoperability?
Why do I need an enterprise SBC for SIP trunking security?
Why do I need an enterprise SBC for SIP trunking control?
How does using an enterprise SBC enhance my disaster recovery, troubleshooting, and monitoring capabilities?
“Enterprise SBC” Reference Model (PBX* connects to Service Provider SBC via Enterprise SBC)
An enterprise SBC helps with SIP trunking interoperability
PBXs may not interwork directly to carrier SIP trunks due to differences in SIP implementations or when H.323 is the only available IP interfaceAcme Packet solves this problem by providing:
Complete SIP header manipulation rule (HMR) capabilities to interwork different SIP dialects between PBX and carrier SIP trunking elements
Full H.323 – SIP interworking
Media transcoding & DTMF format (INFO / 2833) interworking
Signaling transport (UDP / TCP / TLS) and media encryption (RTP/SRTP) interworking
These capabilities enable virtually any SIP or H.323 capable PBX or UC platform to talk to any carrier SIP trunk service
Proven interoperability with all of the major PBX and UC vendors
An enterprise SBC helps with SIP trunk security
Service Providers use SBCs to protect their network – enterprises should do the same
The VOIP FirewallEnterprise Security Managers will not connect to public data networks without a firewall on their premisesThey won’t connect to public VoIP services without an SBCEnterprise SBCs fit into the “Defence in Depth” model for IP security
The Enterprise SBC provides complete topology hiding and DoS protection of SIP signaling and media traffic for the Enterprise
Just like Application Layer Gateways (ALG) used for other enterprise IT applications todayFeatures include dynamic port control, dynamic trust management, encryption and overload protection
An enterprise SBC helps with SIP trunk control
In the simplest model, the enterprise SBC routes inbound and outbound calls between the PBX and the carrier SIP trunk via static dial plans
Many enterprises use SBCs for more advanced routing and control scenarios including:
Least cost routing, call quality-based routing, time-of-date routing
Connection Admission Control (CAC)
Failover & load-balancing routing
Called & calling number digit normalization
Routing Decisions Can Be Based On: Called or Called Party Number (or any field in the SIP header)Cost metrics, Time-of-day, CAC loadsMedia codec or type (voice vs. video)PBX or carrier trunk availabilityCall quality requirements (best effort or high MOS score)
An enterprise SBC helps with disaster recovery
Some enterprises are moving to SIP trunks for improved network resiliency in disaster recovery (DR) scenarios
The enterprise SBC plays a key role in a DR architecture with support for the following capabilities:
1+1 High Availability clustering between SBC elements
Signaling and media state preserved in the event of a failover
Automatic detection and reroute around failed PBX or carrier links
No operator intervention or PBX reconfiguration required
An enterprise SBC helps with SIP trunk troubleshooting
A challenge for many enterprise telephony managers is to how to apply traditional TDM troubleshooting methods to SIP trunks
The enterprise SBC helps by providing an embedded probe that allows you to monitor all SIP & H.323 signaling and media traffic
Provides full signaling traces, ladder diagrams, and media statisticsInformation is automatically collected and can be retrieved via EMS and can be sorted based on calling or called party number, SIP call ID, time-of-call, etc.An embedded call recording utility is also providedEMS allows partitioned access to control who can view what information
Call Diagram = Ladder Diagram & Detailed Message Trace
Statistics = Media Quality Stats with MOS, packet loss, etc.
Play = Bi-directional Media Recording Capability (on-platform Session Replication for Recording (SRR))
Example Deployments
Case Study – Financial Services
ApplicationReduce Telco connect costs by moving from TDM to IP trunking for two data centers and 43 remote sitesExtend life of legacy IP-PBXDeploy secure network infrastructure to support current and future SIP applications
Problems overcomeInterop between a range of Avaya and Cisco PBX versions and protocols
SIP-H323 InterworkingAcme Packet advantage
A common platform in the data centres and 43 remote sites as the heart of an IP-centric, cost-optimized network-wide transformation
Case Study - Government
Acme Packet Advantage Dynamic trust management for DoS attack mitigation
Application SIP trunking for UCInterconnection data centre and remote usersNet-Net SBC at un-trusted access border
Problems Overcome Prevent DoS attacks and overloadsSignaling and media interworking issuesProvide phone service for small “critical” site via secure access to centralised SIP trunking services
Solution Overview Acme Packet Net-Net 4250Avaya Communication ManagerSIP trunking serviceROI anticipated: 6 months
Case Study – International Oil/Gas Company
Application Multivendor PBX interoperabilityCall recording Interconnection of data centre and remote site PBXs and usersSecure remote worker access over Internet
Problems Overcome Prevent DoS attacks and overloadsSignaling and media Interworking issuesProvide media steering to support QoSOverlapping IP addresses and dial plans
Acme Packet Advantage Dynamic trust management for DoS attack mitigationPeering featuresNormalize protocol differencesExtensive security features ensure security and continued operations
Summary
Acme Packet at a glance
Session Border Control (SBC) category creator & leader with 50-60% market share, founded August 2000
Top tier customers worldwideOver 835 customers in 95 countries48 of the top 50 service providers8 of Fortune Top 25
430+ employees in 25 countries Burlington, MA headquarters
Expanding focus Large enterprise & contact centreMultiservice security gateway, session routing proxy
Public company (NASDAQ: APKT) w/ strong revenue growth, profits & balance sheetAcquisition in April ‘09 of Covergence strengthens Enterprise presence
$3.3
$16.0
$36.1
$84.1
$113.1$116.4
2003 2004 2005 2006 2007 2008
Annual revenue($M)
Acme Packet Net-Net Product Family
Multi-protocol
SecurityRevenue & cost optimization
Service reachmaximization
Net-Net OS SLA assuranceRegulatory compliance
High availability
Embedded GUINet-Net EMS & SAS
Net-Net 2600 Net-Net 3800
Net-Net 4250 &Net-Net 4500
Net-Net 9200
Net-NetOS-E
(software-only)
Capacity 25 - 500 (NNOS-E) 150 - 4,000 (NN2600)
150 - 4,000 250 - 16,000 (SD4250)500 - 32,000 (SD4500)
4,000 - 72,000+
SBC Feature Summary
Security – Net-SAFE ArchitectureSBC DoS/DDoS protection, access control, topology hiding, VPN separation, privacy; virus & SPIT protection; service infrastructure DoS prevention; fraud prevention; monitoring & reporting
SLA assurance and measurementCall admission control, signalling overload control, QoS marking/VLAN mapping, QoS & ASR reporting
Remote worker support Hosted NAT Traversal, signalling and media encryption
AT&T IPTrunking
Multi-protocol – SIP, H.323, MGCP/NCS, H.248…
InterworkingSIP Protocol Fix-up, SIP-H323, Overlapping IP Addresses, VPN separation, encryption protocols, DTMF…
Regulatory complianceCall replication, emergency service support
High availabilityActive/standby model with full state synchronisation means no calls are lost
The value of the Enterprise SBC for SIP Trunking?
Provides features for disaster recovery, troubleshooting, and monitoring
Enhances Security Topology hiding, DoS Protection, Encryption, Intrusion Detection, SPIT control
Ensures interoperability with different IP-PBXs and UC systemsSpeeds up deployment times and reduces dependence on equipment vendors’ certification
Improves controlRouting, number manipulation
“Enterprise SBC” Reference Model (PBX* connects to Service Provider SBCvia Enterprise SBC)
thank you