sip trunking workshop for service providers with real life considerations and practical solutions...

SIP Trunking Workshop for Service Providers

With real life considerations and practical solutions for offering SIP Trunks using Ingate and Intertex E-SBCs

The Ingate SIP Trunk-Unified Communications Summit

© Intertex Data AB, Ingate Systems, February 2011

1

Karl Erik StåhlPresident and CTO, IntertexChairman and CTO, Ingate

© 2011 Intertex Data and Ingate Systems 2

1. The Case for SIP Trunking

1:00pm-1:30pmModerator: None

Opening remarks and overview of the benefits of SIP trunking and UC for service providers, by Ingate Systems.


2. Delivering SIP to the Enterprise

1:30pm-2:30pmModerator: Maloff NetResults

1:30-1:35 Moderator 1:35-2:00 Broadvox 2:00-2:30 Intertex Data AB – Practical solutions


There is more to it…

Voice only, or Voice & Data on the pipe?

Internet or Private Pipe?

Quality Measures on the Pipe?

Is there a (data) Firewall in the way?

Delivery to just a PBX? … or to a UC LAN

Is an E-SBC required? When?

Who provides/owns the E-SBC?

Just SIP Trunking of PBXs or also Remote users Hosted services

PSTN

SIP Trunking Provider

GW

SIP System

PBX with PBX with system system phonesphones

S

IP T

run

k

In

terf

ac

e

5

This Would be Simple

PSTNPublic

Internet

SIP Trunking Provider Network GW

SIP System

Data LAN

FirewallIP-PBX

SIP Trunk

VoIP LAN


But This is What We Want

PSTNPublic

Internet


GWSIP System

Data & VoIP LAN

IP-PBX

Demarcation point of service and bringing SIP communication to the LAN

Soft Clients and Multimedia Terminals

Intertex IX78

Remote Users

7

So this is Not a Good Solution, at least not for a General Service

PSTNPublic

Internet

SIP Trunking Provider Network GW

SIP System

Data LAN

FirewallIP-PBX

Managed

SIP Trunk

No Remote Users!

VoIP LAN

Provider: Security Warning!

Enterprise: Security Warning!

?? UC?

No Soft or Multimedia Clients!

Will Service Provider issue IP addresses to every Phone?

8

And there is Often a Non SIP Capable Firewall in Place

PSTN


GWSIP System

Data & VoIP LAN

IP-PBX

Remote Users

SIParator®Firewall

Ingate/Intertex E-SBCs enable SIP based Live UC Across the Borders!

(SIP does not traverse ordinary NAT/Firewalls.)


9

And There are Different Types of PBXs to Consider

Data LAN only


PBX Type 1.5

VoIP & Data LAN

PBX Type 2

IPIP-- PBXPBX

Few PBXs are of this type. Asterisk with firewall (IPtables /NETfilter) can be compiled and configured this way, but requires a lot.

A Good E-SBC Should Provide:1) NAT/Firewall Traversal – Must NAT to same address space!

2) Basic SIP and Network Interoperability - E.g. Authentication, Registrations, UDP/TLS/TCP, Dynamic IP address, etc.

3) SIP Repair - E.g. Call Transfer, Fragmented packets, Bugs, etc. 4) Features - E.g. Remote Users, Administration (remote and local)

5) Security - LAN/PBX/VoIP network protection, Service attack protection

VoIP & Data LAN

IPIP-- PBXPBX

PBX Type 1

Modern IP-PBXs are of this type. Media goes directly between phone and SIP Trunk.

SIP Trunk Interface

Signaling:Media:

SIP Trunk

PSTNSIP Trunking

Provider NetworkGW

SIP System

2) 3) 4) 5)2) 3) 4) 5)IX78

1)1) 2) 3) 4) 5)2) 3) 4) 5) 2) 3) 4) 5)2) 3) 4) 5)

© 2010 Intertex Data AB 10

NAT & Firewalls are a Severe Infrastructure Problem…

LAN

LAN

FW FW

FWFW

InternetInternet

email web

SIP does not traverse the common NATs and firewalls protecting the LANs .

IMS

(SIP based)

IMS

(SIP based)

What about SIP for Live Person-to-Person Communication?

A common Network and common Protocols changed our lives:

SMTP gave us global email!

HTTP gave us the Web!

NATs and Firewalls were designed to allow such protocols.


Why are NATs and Firewalls Such Obstacles

Typical Internet protocol (SMTP, HTTP…)

Internet

HOSTSERVER

SIP (and H.323…) connects Person-to-Person

Internet

PERSONPERSON

SIP is the Protocol for IP Communication Person-to-Person,

BUT IT DOES NOT REACH THE USER’s!

Locate the person Set up a session+ Open real time media streams+


Ordinary Voice IADs – Good for Telephony Replication…

InternetInternet

The 5060 SIP-port is just grabbed on the outside to the FXS ports!

Lower level SIP ALGs often cause problems and do not handle more than basic scenarios.

• SIP to the LAN or WiFi• Calls between SIP clients on LAN • Calls between internal ATA ports and LAN clients• Call transfers, 3-party calls, etc.• Using SIP generally over the Internet (Operator “took all the SIP”) (Users must not be deprived of general SIP-functionality!)

Often problems with, or total lack of:

Telephone ports (FXS) on the CPE is a popular way to deploy IP telephony. By logically placing the SIP clients on the outside of the NAT/Firewall, unreliable work-around methods like STUN, TURN and ICE become unnecessary. However, this only gives POTS replication, often even stopping general SIP based services!


No battery draining of WiFi mobile phones, otherwise caused by keep-alive packets* inhibiting sleep mode.* Work-around methods for SIP NAT-traversal like STUN, TURN, ICE and Far End NAT Traversal use frequent keep-alive packets to keep holes in the NAT/Firewall open.

Our CPEs are SIP Capable NAT/Router/Firewalls

InternetInternet

Problems solved where they occur

Wired or wireless SIP clients (phones, soft clients, PDAs)

No special requirements on the SIP Client – Just standard SIP

SIP

All Intertex CPEs have a SIP Proxy based SIP aware Firewall/NAT

General, can handle complex call scenarios and all SIP services

Additional functionality available (SIP server, PBX functionality etc.)

IMSIMS


QoS: Common VoIP and Data Pipe

14

PSTNPublic

Internet


GWSIP System

Data & VoIP LAN

IP-PBX


E-SBC also Data Firewall

Using the Ingate or Intertex as the enterprise firewall allows both prioritization and traffic shaping.


QoS: Separate VoIP Pipe in Parallel with Data

PSTNPublic

Internet


GWSIP System

Data & VoIP LAN

IP-PBX


E-SBC SIParator®

Firewall

No prioritization or traffic shaping to be done by the E-SBC. But get a good pipe!

16

QoS: Common VoIP and Data Pipe with Firewall

PSTN

Public Internet

SIP Trunk Provider GW

SIP System

IP- PBX

NAT/ Firewall

Data & VoIP LAN

If common IP pipe, the existing firewall must restrict bandwidth usage to allow sufficient voice bandwidth. Often problematic.

PSTN

Public Internet


SIP System

IP- PBX

NAT/ Firewall

Bridge for Existing NAT/ Firewall (non SIP aware)

Data & VoIP LAN

WAN SIParator mode allows the Ingate or Intertex to control data usage on the Pipe to assure sufficient voice bandwidth!

WAN SIParator®SIParator®

16

17

Advanced QoS Configurations for Ingate

At a detailed level, for SIP and other traffic


Intertex IX78 Smart QoS Defaults

And for a specific SIP Trunk provider one can select for the voice:

For traffic shaping, just fill in your bandwidth!

(For internal ADSL it is mostly automatic.)

Data will be pushed back in favor of voice to keep the used bandwidth within the limit.


Carriers having Quality Separated Triple Networks can Preferably Reuse Those for SIP Trunking. Clouds may be Private or Globally Routable.

The Intertex IX78 Supports All of these Architectures!

Private Virtual Circuits

E.g. Telia

InternetInternet

ADSL

PVC1

IP-TV

VoD

IP-TV

VoD

IMS

VoIP

IMS

VoIP

PVC2 PVC3

E.g. Telia

InternetInternet

Ethernet

VLAN1

IP-TV

VoD

IP-TV

VoD

IMS

VoIP

IMS

VoIP

VLAN2 VLAN3

Virtual LANs (VLAN)

E.g. B2

InternetInternet

Ethernet

WAN1

IP-TV

VoD

IP-TV

VoD

IMS

VoIP

IMS

VoIP

WAN2 WAN3

IP QoS Separated Subnets IP Level QoS

E.g. BT

InternetInternet

ADSL or Ethernet

Priority3Priority2 Priority1

IMSVoIP

IP-TVVoD

20

On Telia’s (Sweden’s Incumbent Telco) Network, the IX78 Delivers a Multimedia LAN, Ready for UC PBXs, Hosted Services and End-to-End SIP Services

TR-069TR-069InternetInternet

IP-TV

VoD

IP-TV

VoD

IMS

VoIP

IMS

VoIP

PDA

VLANs or ADSL Virtual Circuits

All services must be available to multimedia terminals! – Over

controlled high QoS pipes as well as over the Internet.

The Multimedia LAN

The Multimedia LAN

WiFi

InternetInternet

Application Innovation Requires it!

Telepresence

IP- PBX


3. The Value of a Service Provider Demarcation Point


2:30-2:35 Moderator 2:35-3:00 EarthLink Business 3:00-3:30 Intertex Data AB – Practical solutions

22

Service Provider’s Demarcation Point

Service Provider Demarcation Point PSTN

Public Internet


SIP System

IP- PBX

NAT/ Firewall

IP Access

Delivery of Service:

To a PBX or UC LAN

Provisioning, Definition of Service:

Installation, Configuration, CAC

Monitoring:

Network performance, QoS MOS

Management:

Support, Debugging, Upgrade

Billing - Why not?

Here we know what is going on!

Data & VoIP LAN

THE POINTS


The Role of the E-SBC

To get SIP Trunking working: SIP NAT/Firewall Traversal

Must NAT SIP to the protected private address space!

Basic SIP and Network Interoperability E.g. Authentication, Registrations, UDP/TLS/TCP, Dynamic IP address, etc.

SIP Repair E.g. Call Transfer, Fragmented packets, Bugs, etc.

But don’t forget: Security

LAN/PBX/VoIP network protection, Service attack protection

QoS – Quality of Services Requirements depending on IP delivery and firewall

Features E.g. Remote Users, Administration (remote and local)

Provisioning, Monitoring, Management

24

All Types of PBXs has to be Supported

Data LAN only


PBX Type 1.5

VoIP & Data LAN

PBX Type 2

IPIP-- PBXPBX

Few PBXs are of this type. Asterisk with firewall (IPtables /NETfilter) can be compiled and configured this way, but requires a lot.

A Good E-SBC Should Provide:1) NAT/Firewall Traversal – Must NAT to same address space!

2) Basic SIP and Network Interoperability - E.g. Authentication, Registrations, UDP/TLS/TCP, Dynamic IP address, etc.

3) SIP Repair - E.g. Call Transfer, Fragmented packets, Bugs, etc. 4) Features - E.g. Remote Users, Administration (remote and local)

5) Security - LAN/PBX/VoIP network protection, Service attack protection

VoIP & Data LAN

IPIP-- PBXPBX

PBX Type 1

Modern IP-PBXs are of this type. Media goes directly between phone and SIP Trunk.

SIP Trunk Interface

Signaling:Media:

SIP Trunk

PSTNSIP Trunking

Provider NetworkGW

SIP System

2) 3) 4) 5)2) 3) 4) 5)IX78

1)1) 2) 3) 4) 5)2) 3) 4) 5) 2) 3) 4) 5)2) 3) 4) 5)


PSTNPublic

Internet


GWSIP System

Data & VoIP LAN

IP-PBX



Intertex IX78

Also Important to Support Multimedia and UC Terminals and Remote Users in a Modern UC PBX Environment

Firewall

Remote Users

26

Creating an Interface for ALL PBXs

Proxy Mode IP-PBX talks to SIP System

Registration/Authentication model must match

Little configuration in the IX78

Service credentials in the PBX

B2BUA Mode (Proxy still doing the basics) IP-PBX only talks to the IX78

Wider separation between PBX and SIP System

Service Credentials only in the IX78

More SIP Normalization possibilities (e.g. REFER)

Any new operator service platform only requires IX78 reconfiguration (the PBX configuration can remain)

IP- PBX

IP- PBX

27

Trunk-side Parameters

Read-only value set by Service Provider (in some cases). Regulates customer’s monthly fee!

SIP Connect 1.1 can be setup(for any PBX)

2828

PBX-side Parameters

29

Registration, Call Routing, CallerID

SIP Connect 1.1

Setup

30

Trouble Shooting & Debugging – Network Status

31

Trouble Shooting & Debugging – Logging!

32

Trouble Shooting & Debugging – Internal SIP Log

33

Packet Captures

Creates a WireShark PCAP network trace

Network Interface Selection – All Interfaces

Start – Stop - Download


Monitoring - Call Quality Statistics

Internal Call Log, containing CDRs with Quality Statistics. Can be output via SYSLOG, RADIUS (Ingate) or to the management system iEMS (see later).


Experience: Existing management systems often difficult to change

• Resistance against touching what has been built over the years

Remote GUI access to CPE often used Requirements

• Quite few functions and possibilities are actually used• Alive, Configured, Upgrades, New configuration - A must!• Often on wish list: Bad Sound (MOS) alarm, etc.

EMS (instead of NMS) is a trend Element Management System (EMS)

• Specially built for the Product• Interfaces to OSS and Fault Management System at high level.

Intertex and Ingate EMS in progress – iEMS• Easy to program and interface to • Highly scalable

Management of the CPE / E-SBC

Provisioning, Configuration, Monitoring, Reporting, Upgrade, Logging, Debugging, Diagnostics, Support…


Element Management System – The iEMS Functions for Provisioning, Monitoring, Reporting, Diagnostics, Logging,

Debugging, Support, Configuration and Upgrade. Available now with basic functionality.

Will handle both Ingate and Intertex Firewalls and SIParators.

Highly scalable, runs on PC servers under the Linux OS.

HTTPS/SOAP interface to the IX78. Can read and write all configuration parameters, as well as asynchronous reporting by the device (like SNMP traps).

Web based secure access to the iEMS. Customized portals for operators, installers and customers, for the purpose of administration, management and usage.

The iEMS has northbound interfaces for integrating with the operator’s OSS and Fault Management systems, using XML-RPC and/or SOAP.

36

37

iEMS – CDRs with Call Quality Metrics


iEMS Interfaces

<?xml version="1.0"?>

<methodCall>

<methodName>setTrunk</methodName>

<params><param><struct>

<member><name>version</name><value>1.0</value></member>

<member><name>ems</name><value><struct>

<member><name>username</name><value>installer</value> <member><name>password</name><value>foobar123</value></

</struct></value></member>

<member><name>service</name><value><struct>

<member><name>registrar</name><value>sip.intertex.se</ <member><name>proxy</name><value>proxy.intertex.se</value </struct></value></member>

<member><name>trunk</name><value>

<array><data>

<value><struct>

<member><name>identity</name><value>5162809890</val <member><name>password</name><value>foobar</value></membe

</struct></value>

<value><struct>

<member><name>identity</name><value>5162809895</val

<member><name>password</name><value>barfoo</value>

</struct></value>

</data></array>

</value></member>

</struct></param></params>

</methodCall>

CPE

WAN

OSS, Fault Management, etc.

Northbound API

CPE

CPECPE

CPECPE

CPE

Southbound API

WEB GUI DB DB DB

XML-RPC (or SOAP) (GET/SET/EVENTS)

39

SIP Trunking Made Easy

Installation Wizard

40

Assign IP Addresses, the tool will config the Ingate.

Select the deployment according to the picture

Status Information, helpful for troubleshooting

SIP Trunk-UC Workshop Startup Tool – Network Topology

41

Select IP-PBX Vendor and Model


Assign the IP-PBX Domain (if required)

Assign the IP-PBX IP Address For every IP-PBX

vendor on the List Ingate has captured the programming requirements to ensure quick and easy config

SIP Trunk-UC Workshop Startup Tool – IP-PBX Selection

42

Select ITSP Vendor


Assign the ITSP IP Address

For every ITSP vendor on the List Ingate has captured the programming requirements to ensure quick and easy config

User Account Information, DID Assignment and Registration Authentication

SIP Trunk-UC Workshop Startup Tool – ITSP Selection


4. Ensuring Interoperability – The Key to Service Revenue Growth


3:30-3:35 Moderator 3:35-3:50 Bandwidth.com 4:00-4:30 Intertex Data AB – Practical solutions


PBX and ITSP Interoperability

Large variation among PBX:s

Even larger variation towards ITSP:s

“SIP Connect” recommendation by SIP Forum… helps and improves, but is not implemented yet.

Installation tools Ix78 Wizard live demo Ingate Start UP Tool – See Provision section!


Confirmed Interoperability: Ingate & IntertexSIP Trunk Providers already interoperate with most IP-PBXs

SIP Trunk

3Com AastraAastra MX One Digium/Asterisk Avaya IP Office Avaya SES/CM Avaya QE Brekeke Broadsoft Cisco Call Manager Ericsson MX-One Fonality Innovaphone Interactive Intelligence Iwatsu LG Nortel Microsoft Mitel NEC / Sphere Nortel BCM Nortel SCS Objectworld Panasonic Pingtel Samsung SER Shoretel Siemens 8000 SIP-Gear Sonus Sphere Communications SwyxMore in pipeline....

360 Networks Airespring AT&T BandTel Bandwidth.com Broadvox BT (British Telecom) Cablecom Cbeyond Cellip Comm Partners Cordia Corporation Excel Switching Gamma Telecom Global Crossing IP-OnlyNectart Juma Networks Level 3

Netlogic Nexvortex Nuvox O1 Paetec Primus RNK Telecom TDC Telavox Tele2 Tele Pacific Teletek Telia ToplinkTritel VoEX Voice Flex VoIP Unlimited Voxbone Voxitas XeloQMore in pipeline.....

Carrier Equipment Acme Packet Broadsoft NexPointMore in pipeline.....

Sonus Sylantro SER

Compliant with


Is there a SIP Connect Compliant IP-PBX + ITSP?

If any, the E-SBC could just be SIP proxy, with only simple network setup, and perform:

NAT / Firewall traversal QoS (Quality of Service) SIP Security (Attack Protection) Monitoring and Debugging

Ingate & Intertex E-SBCs can be SIP Connect towards the ITSP, but specific towards the PBXs

Ingate & Intertex E-SBCs can be SIP Connect towards the PBXs, but specific towards the ITSP

But usually, we have to be specific to both the ITSP and the PBX

47

Trunk-side Parameters

SIP Connect 1.1 can be setup(for any PBX)

4848

PBX-side Parameters

49

Registration, Call Routing, CallerID

SIP Connect 1.1

Setup

50

If More is Required – There is plenty...

51

... ........and More


... and if that is not enough

There is Generic Header Manipulation

E. g. add Diversion header: sip:[email protected]?Diversion=%3csip%3a $(from.user)%40192.168.1.1%3e

To cope with not foreseen behavior Can fix much – not all Needs SIP expertise

How do we know what to configure and how to set it up?


Roll-out and Maintenance

Initial configuration SIP Trunking requires input from 3 “places”

• Numbers and credentials from Service Provider

• Information/Knowledge about the PBX and ITSP

• Information about the customer network and setup

More complex than usual • And all compiled at installation time

Upgrades New configuration Exchange of hardware

Ease and security of role out and maintenance, are main Service Provider concerns

54

Ingate has the Startup Toolfor a very wide variety of PBXs and ITSPs

“Out of the Box” setup and commissioning of the Firewall and SIParator products

Update current configuration

Product Registration and unit Upgrades, including Software and Licenses.

Automatic selection of ITSP and IP-PBX

Backup of Startup Tool database

Located at www.ingate.com FREE!


For Volume Deployment there Must be Provisioning The IX78 has Several Provisioning Methods

In the two latter methods, URL’s to the Provider’s provisioning server and iEMS are preloaded in the IX78, or fetched via DHCP.

Web Wizard adapted to Provider’s Trunk Service No Provider integration needed Installer inputs trunk side and PBX side data

Configuration fetched from Provider’s Web Server Configuration, Upgrades, Licenses At boot, by timer, or by kick (on request) Installer runs small Wizard for PBX side

Via Element Management System: iEMS Provider inputs Trunk Data manually or

automatically via OSS (via XML-RPC or SOAP) IX78 connects automatically Installer runs small Wizard for PBX side

Or a combination can be used (on request)

The SIP Trunking Configuration Wizard

jkjjk


5. Addressing Security Issues


4:30-4:35 Moderator 4:35-5:00 Ingate – Presenting a case study. 5:00-5:30 Intertex Data AB – Practical solutions


Security

Privacy – little concern today

Theft of Service & Toll Fraud

Denial of Service (DoS)

Protecting the PBX

Protecting the Service Provider

59

Privacy – Similar to PSTN

SIP Trunking and SIP UC can be more private than traditional PSTN solutions (POTS and PRI)

Compromising Privacy of POTS and PRI requires physical presence, and these are never encrypted

SIP signalling and media rarely encrypted, but can be

60

Signaling Encryption TLS is Transport Layer encryption and certificate check

Both Ingate and Intertex E-SBCs can transcode between UDP, TCP and TLS for any call

61

Privacy - Media

SRTP is encryption of the media (voice)

The Ingate E-SBCs can transcode between RTP (in the clear) and SRTP (encrypted) media

62

Theft of Service & Toll Fraud

What is Theft of Service? (or Intrusion of Service) A Third Party attempting to defraud either the

Enterprise or the Carrier Devices attempting “Spoof” a Client device in an

attempt to look like an extension (or enterprise) and gain services directly

63

Theft of Service & Toll Fraud Now a Real World Problem

But only a Problem when: Authentication is not used. There are:

Digest Authentication (password) IP address

Relies on that packets must return to the caller

MTLS (TLS is not sufficient) The Caller must be authenticated

Too weak passwords are used Most common cause! Typical 1234, admin, demo, test or the extension number

The methods are good – The usage may be poor..

64

Trend for Theft Protection

Service providers provision the credentials for their service, so the customer never sees them.

Service Providers are starting to own CPE edge equipment (E-SBCs) and provision the security credentials for their own access to that CPE.


IX78 Preventing Unauthorized Usage

Simple General Default Configuration in the Intertex IX78

Remote users to the PBX can be authenticated by the IX78 (also)


Allowed Usage of the SIP Trunk


Protection Against Password Guessing

Brute Force Attack Protection

Attackers are nowadays trying to find simple passwords by brute force testing. 10 – 100 trials/second have been seen (e.g. SipVicious / friendli-scanner). After 3 trial we pretend all attempts are wrong, so the correct one is never found.

68

Denial of Service (DoS)

What is Denial of Service? A Third Party makes a communications resource

unavailable to its intended users

Generally consists of the concerted efforts to prevent SIP communications service from functioning efficiently or at all, temporarily or indefinitely

One common method of attack involves saturating the target (victim) IP-PBX with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable

69

Denial of Service

Nowadays Real DoS Attacks are Occurring Few pure DoS attacks, but scanning for open SIP

servers and trying passwords (e.g. SIPvicious.org / friendly-scanner) may become a DoS attack.

Attacked SIP devices can simply choke from overload, when requesting authentication

Or SMB with limited IP bandwidth can have that consumed

Communication Servers have direct relationships with revenue and should be isolated from DoS

70

SIP DoS Detection and Prevention

Intrusion Detection System (IDS) for SIP

Intrusion Prevention System (IPS) for SIP Ingate has an IDS / IPS system that identifies

intrusions by examining network traffic. Ingate is located at choke points in the network to

be monitored, often in the demilitarized zone (DMZ) or at network borders/edges.

Ingate captures all SIP traffic and analyzes the content of individual packets for malicious traffic, that will be stopped.

71

Ingate SIP IDS/IPS: Attack Recognition

IDS/IPS - Rule Packs

Predefined Rule Packs (signatures) for filtering known industry DoS patterns specific for SIP applications

72

Ingate SIP IDS/IPS: Rate Limiting

SIP signaling late limiting is generally effective

Untrusted Network

SIP Protocol Method, Response Code

Matching/Filtering Traffic RateBlacklist

Policy


IX78 Preventing SIP DoS Attack

Signature Recognition

If the internal SIP proxy detects known signatures in SIP headers from attackers, it instructs the internal firewall to block attacking IP address for 60 seconds. New signatures can be added manually or provisioned automatically.

SIP Rate Limiting:

If there are more than 20 SIP packets/seconds from the same IP-address, the internal firewall blocks that IP-address for 20 seconds and does not respond to that IP address until the SIP packed rate is below 3 packets/seconds.

74

Protecting the PBX and Carrier SIP Protocol Packet Error Detection and Correction

SIP Signaling are only passed through the Internal SIP proxy in Ingate and Intertex products.

Malformed SIP Packets will not reach the PBXs or Service Providers from our side.

Standardized SIP Interface in both directions


6. Generating Revenue from HD Video


5:30-5:35 Moderator 5:35-6:00 UCIF – Polycom 6:00-6:30 Intertex Data AB – Reusing the E-SBC SIP trunking

infrastructure.


Global Video Calling Using the E-SBC

Telco Opportunity

Video Calling

High Quality, Chargeable, Global Video CallingReady to go, using SIP Trunking Infrastructure

• High Quality (Telepresence) Video Calling• Routed and Billed (CDRs produced) by the E-SBC• Simple settlement free IP Peering between Telcos


What’s Special About Video Calling?

We have been building islands – again… But there is no old Video PSTN to connect those together

However, there is a standard (SIP) and a network (Internet) We have seen such video calls for a long time

What more is needed? High quality – Teleprecense; Guaranteed bandwidth and QoS? Global; Not only within a company and not only within one carrier’s

network Telephone numbers (in addition to sip addresses) Allow Telcos to Bill (being more than just Bandwidth Providers)?


There is a Solution!

Do More at the Enterprise Edge! We can route here – The earlier the better We can produce CDR’s for billing here We can do number resolution here (or the ITSP can do it)

The Good News: Reuse the SIP Trunking infrastructure (using E-SBCs) Simple peering between carriers


Reusing the SIP Trunking E-SBC

Telco owned E-SBCs are already used for (voice) SIP Trunking Full operator control Service provider’s demarcation point Enables the SIP Trunking – Video is not different from voice for:

NAT/Firewall traversal, PBX interoperability and Security

Reuse the same E-SBC for Video Calling!

In the Ingate and Intertex E-SBCs, it is all there: Classify outgoing calls (as Video, HD voice or plain voice) Assure right quality pipe and/or quality marking is used Route the call directly to the other party (or

• Use ENUM (public or private) for E.164 number to SIP address resolution• Only settlement free IP peering between operators required• Can fallback to best effort IP peering (Internet) in operator network

Produce and deliver CDRs for each call• Report Minutes and Data used • Include video and voice quality metrics (including MOS scores)• Deliver via Radius, Syslog, Management system (TR-069 informs) or method by choice


Simple For the Carrier

Qwest Internet AT&T Internet

SIParator IX78

ENUM

QoS IP Network QoS IP Network

CDR

CDR

MPLSMPLS


Quality Separated Networks Out to the Customer Edge is Not NewWidely Used for Triple Play Services

The Intertex IX78 Supports All of these Architectures!

Private Virtual Circuits

E.g. Telia

InternetInternet

ADSL

PVC1

IP-TV

VoD

IP-TV

VoD

IMS

VoIP

IMS

VoIP

PVC2 PVC3

E.g. Telia

InternetInternet

Ethernet

VLAN1

IP-TV

VoD

IP-TV

VoD

IMS

VoIP

IMS

VoIP

VLAN2 VLAN3

Virtual LANs (VLAN)

E.g. B2

InternetInternet

Ethernet

WAN1

IP-TV

VoD

IP-TV

VoD

IMS

VoIP

IMS

VoIP

WAN2 WAN3

IP QoS Separated Subnets IP Level QoS

E.g. BT

InternetInternet

ADSL or Ethernet

Priority3Priority2 Priority1

IMSVoIP

IP-TVVoD


iEMS – CDRs with Call Quality Metrics


For the Telcos To Do

Provide high quality IP pipes for Video and HD Voice (e.g. MPLS) If on separate layer 2 networks for quality, still make them routable to the Internet

(for fallback to “best effort peered” = Internet)

Enter users in ENUM (public or private) E.164 numbers to SIP address resolution

Settlement Free Peering between carriers for high QoS IP networks Just like for the Internet - Now also for high quality IP network (e.g. by MPLS)

Deploy same CPEs (E-SBCs) as for SIP Trunking Can also be general SIP enablers (at least Intertex’ and Ingate’s) for offering all

types of SIP based services

Process the CDRs from the E-SBC as usual for Billing


What’s out there 1? - Cisco TIP

http://newsroom.cisco.com/dlls/2010/prod_012610.html Telepresence Interoperability(?) Protocol (TIP) “Cisco already supports H.323, which allows Cisco…”

Don’t we already have SIP, SDP, RTP, RTCP and Codec standards? … And don’t they define interoperability far beyond Cisco?

Is there more than how to transfer to several screens?


What’s out there 2? – The IMS World

Fine – But when? Stuck in its own complexity… Where is the Multimedia and Interoperability? And the IMS world still has to find out how reach the users on the fixed network -

the LANs behind NATs and Firewalls – Or stay with POTSoIP on FXS-ports

A “OneVoice” initiative to create VoLTE AT&T, Bell Canada, China Mobile, Deutsche Telekom/T-Mobile,

KDDI, mobilkom austria, MTS, NTT DoCoMo, Orange, SKT,

SoftBank, Telecom Italia, Telecom New Zealand, Telefónica,

Telenor, TeliaSonera, Verizon Wireless, Vodafone, Acme Packet,

Alcatel-Lucent, Aylus, Camiant, Cisco, Colibra, Communigate,

Comneon, Ericsson, Fujitsu, Genband, Huawei, LG, Motorola,

Movial, Mu, NEC, Nokia, Nokia Siemens Networks, Qualcomm,

RADVISION, Samsung, Sony Ericsson and Tekelec

Isn’t VoIP already invented?

“OneVideo” initiative can be expected…

Until then: Route at the edge by the E-SBC! E-SBC still needed to reach users on LAN and for UC PBX interoperability The IMS can still be the SIP registrar and billing server…


What’s out there 3? Juniper, Polycom...

Juniper, Polycom forge telepresence, video conferencing alliance

http://www.zdnet.com/blog/btl/juniper-polycom-forge-telepresence-video-conferencing-alliance/29868

“a counterweight to Cisco Systems and its recent acquisition of Tandberg” “optimize their platforms so service providers can offer video and telepresence

cheaply. The argument: It’s cheaper for enterprises to deploy telepresence as a service from their network providers instead of building out their own networks.”

Sure!

http://www.juniper.net/us/en/local/pdf/solutionbriefs/3510358-en.pdf

About pre-reservation of capacity for high bandwidth calls

87

SIP Capable Firewalls and SIParators®

Intertex Data ABwww.intertex.seContact: Karl [email protected]:[email protected]: +46 8 12205629Mob: +46 70 7254532

Ingate Systems Inc.www.ingate.comContact: Steve [email protected]:[email protected]: +1 603 883 6569Mob: +1603 557 7918

Thank You!

sip trunking workshop for service providers with real life considerations and practical solutions...

Documents