SIP Trunking The Provider s Perspective Presented by Pete Sandstrom, CTO BandTel
Advanced SIP Session Overview 1. Open Systems Interconnection Model (OSI) is more than a model 2. Quality of Service (QoS) IP Peering 3. SIP Trunking so what is it? 4. SIP Trunking Security 5. SIP Trunking CPE Architectures 6. The ITSP The Architecture Special Services and Features
1. Open Systems Interconnection (OSI) Understanding Where You Are
SIP is a Fully-Featured Protocol
RTP Carries SIP over UDP/IP/etc.
2. QoS and the Internet The Economics of IP peering- why it works in North America Tier I/II space- It is over provisioned and it is Managed
QoS and the Internet: The Economics of IP peering and why it works in North America IP NET A Tier N data retransmit IP NET B Tier N -1 NET-A dropping packets makes NET-B retransmit, and lowers NET-B s throughput. That s lost revenue for NET-B. End User Bandwidth Rigorously Limited In North America, we see a great call: Packet Delay: < 100 msecs Packet loss < 4% Jitter < less then 10 msecs
QoS and the Internet: It is over provisioned and managed MPLS MPLS INTERNET MPLS MPLS
3. SIP Trunking: So what is it? SIP trunking means X voice paths to Y stations where Y/X > 1; generally the ratio would be 4-10 SIP trunking competes economically, and generally beats T1 trunking cost wise to the PBX. Hosted VoIP can t scale, either economically or technically, so doesn t fit needs of the enterprise
SIP Trunking Basic Features SIP Trunking Applications: Bandwidth QoS provided via SIP-Aware Firewall (SAFW) and or MPLS Security provided via SAFW and ITSP POP Border Controllers and Proxies 411 Directory Assistance 911 Services Access Dialing- Local, DID, 800, 1+, and 011+ dialing Converge- Allows enterprise bulk traffic to merge with VoIP traffic
4.SIP Trunking Security and Reliability LAN VoIP Design- Need to Ensure Enterprise LAN is Correctly Designed for VoIP (i.e. a SIP-Aware Firewall Needs to be in Place) CPE Protection- SIP-Aware Firewall that allows L5 Security (i.e. no L2 pinholes) Requires ITSP MD5- or IP Authentication for Account Authorization ITSP Should Split Media and Signaling to Different Redundant Locations, Making Taps Virtually Impossible ITSP Must Have Secure POPs That Can Fend Off all Outside Attacks: - DoS (Denial of Service) - Registration Spoofing - IP Spoofing (source-route bridging spoofing) - Eavesdropping - SPIT (Spam over Internet Telephony)
SIP Trunking Security, Reliability - Hot Spots Hot Spot: The ITSP Demarc MPLS The Backbone Hot Spot: The CPE Demarc Internet
Now back to getting serious 5. SIP Trunking CPE Architectures Type 1 Dedicated IP Pipe for VoIP Type 2 Merged MPLS-Pipe with LER Tagging VoIP Type 3 Merged IP pipe with SIP-Aware Firewall (SAFW) Type 4 Separate IP Pipe for VoIP with Existing Non-SIP Firewall and SIP-Aware Firewall (SOFW) Type 5 Merged IP Pipe with Incumbent Non-SIP-Aware Firewall, No DMZ Port and SIP-aware Firewall Type 6 Looks like Type 5 but Merged IP Pipe with Incumbent Non-SIP-Aware Firewall, No DMZ Port and SIP-Aware Firewall Type 7 Merged IP Pipe with Incumbent Non-SIP-Aware Firewall with a DMZ Port Type 8 Merged IP Pipe with Incumbent Non-SIP-Aware Firewall
Type 1 Dedicated IP Pipe for VoIP 1- The IP pipe is dedicated to VoIP so no QoS arrangements are needed with the carrier. 2 - No firewall is needed as there are no LAN connections with other enterprise devices. 3 - This is a common architecture for dedicated media gateway deployments.
Type 2 Merged MPLS-Pipe with LER Tagging VoIP 1 VoIP and enterprise data share the same IP pipe. MPLS tags the VoIP as the highest priority via the LER-Label Edge Router. 2 The SAFW handles all SIP addressing transformation issues between the LAN and WAM demarc. 3 Architecture offers full QoS for VoIP. 4 Excellent utilization of IP pipe resources.
Type 3 Merged IP pipe with SIP-aware Firewall (SAFW) 1 VoIP and bulk enterprise share the same IP pipe. 2 The SAFW-SIP-Aware Firewall handles all the QoS issues by prioritizing VoIP traffic over the bulk enterprise network. 3 The SAFW handles all SIP addressing transformation issues between the LAN and WAM demarc. 4 Architecture offers partial QoS for VoIP (no inbound UDP QoS). 5 Excellent utilization of IP pipe resources.
Type 8 Merged IP Pipe with Incumbent Un-SIP-Aware Firewall 1 VoIP and bulk enterprise share the same IP pipe. 2 QoS is not realized for VoIP since there is no QoS feature in the SAFE. 3 The UA handles all SIP addressing transformation issues between the LAN and WAN demarc via SIP NAT transversal features and/or by using STUN-Simple Transversal of User datagram protocol with an external STUN server. 4 The USAFW security is breached by having ports opened for SIP UDP traffic. 5 Full utilization of incumbent IP pipe for VoIP realized. 6 Architecture does not scale well for anything beyond a few VoIP calls. 7 This is architecture is suited only for hosted VoIP services with a small number of end-user stations in the LAN space.
6. The ITSP behind the SIP Trunk Getting to the ITSP proxy Resiliency in the event of failure Load to the ITSP proxy (dynamic routing to) When an ITSP element fails (real-time dynamic fault switchover) Getting to the PSTN- PSTN carrier options
VoIP Network Architecture: N-Plus
Special ITSP Services for SIP Trunkers Online Traffic monitoring (TotalView) Online Billing Traffic re-routing (Total Reroute) Silent Running Bandwidth Conservation
Completed Call Percentages
Real-Time Call Activity
Accounting History
ITSP Summary SIP Trunking Competes- and beats T1 Trunking on price and features QoS- SAFW and or MPLS needed for bandwidth QoS SIP CPE Architecture- critical for creating a secure clear call The ITSP Behind the SIP Trunk- an architecture is needed SIP Security private or public, it can be made secure
Questions?
About BandTel Headquartered in Newport Beach, California, BandTel is a leading worldwide provider of SIP Trunking services. The company is dedicated to ensuring its customers and partners alike have access to the most reliable, end-to-end VoIP service available on the market today. Its N-Plus network architecture is designed to solve the throughput and redundancy problems on high-capacity SIP-based networks and eliminate any single point of failure. Currently servicing customers worldwide, including Call Centers, Enterprise customers and IVR providers. BandTel continues to develop strong partnerships with leading carriers and telecommunications companies, including Global Crossing, XO Communications, Level 3, Qwest Communications, Verizon Business, ArbiNet, and Primus.
For More Information About SIP Trunking Visit BandTel s New SIP Trunking Resource Center www.bandtel.com