Ingate Systems AB
Download
Report
Transcript Ingate Systems AB
The Need for Enterprise Session Border
Controller
The E-SBC allows the enterprise to control its SIP implementation
®
The Ingate SIParator
1
Why does the Enterprise need an SBC?
Normalization of the SIP signaling
NAT and Firewall traversal
Eliminate single points of failure
Quality of Service
•
Protect against Denial of Service attacks
Disaster recovery
Reduce opportunity for theft of services
Intrusion Prevention / Detection
Avoid delivery of mal-formed packets
Control through authentication
•
To enable SIP to the enterprise
To permit placement of the PBX behind the firewall
Security through deep packet inspection
To insure interoperability with the service provider
To deliver the highest quality voice
Performance metrics
Encryption for private communications
Two Ways to Connect to a SIP Trunk
Over a Managed Line
Over the Public Internet
PSTN
PSTN
Public
Internet
SIP Trunking
Provider Network
SIP System
Public
Internet
SIP Trunking
Provider Network
SIP System
SIP Trunk
over Internet
Managed
SIP Trunk
IPPBX
IPPBX
Data & VoIP LAN
Data & VoIP LAN
Confirmed Interoperability
Service providers
360 Networks
Airespring
AT&T
BandTel
Bandwidth.com
Bell Canada
Broadvox
Cablevision
Cbeyond
Cellip
Cordia
Deltacom
Excel
Gamma
Global Crossing
IP-Only
Nectar
Level 3
Netlogic
NetSolutions
Nexvortex
Nuvox
OneCommunications
Paetec
Primus
Qwest
RNK Telecom
Skype
SoTel
TDC
Tele2
Toplink
Verizon
VoEX
VoIP Unlimited
Windstream
Voxbone
More in pipeline.....
Ingate SIParator®
-orIngate Firewall
SIP Trunk
Compliant with
Carrier Equipment
Acme Packet
Broadsoft
GenBand
Sonus
IP-PBXs
Aastra
Aastra MX-One
Adtran Netvanta UC
Avaya CM & SM
Cisco Call Manager
Digium / Asterisk
Fonality
HP VCX
Innovaphone
Interactive Intelligence
Iwatsu
Microsoft OCS 2007
Mitel
NEC / Sphere
Nortel BCM / SCS / CS1K
Panasonic
SER
Shoretel
Siemens
SIP-Gear
Swyx
NAT and Firewall Traversal Problem
Public
Internet
SIP Trunking
Provider
PSTN
SIP System
SIP Trunking does not pass a
SIP unaware NAT/firewall!
IP-PBX
… and the firewall cannot even be
opened enough to make it work.
Data LAN
E-SBC Functions
Ingate SIP Proxy
SIP Proxy/Registrar
SIP Signaling
168.x.xx
10.x.xx
Media
IP-Phone
ITSP
1.Check the SIP signaling, packet inspection
-Full flexibility to handle future threats
2.Rewrite for the different address spaces
3.Forward the signaling to the correct SIP proxy or client
4.Open ports (UDP/TCP) in the firewall for the media
-Only for the duration of the call
-Only between the exact endpoints
5.Media flows through the ports
6.Close ports after the call
DOS Protection
Dynamically allow
authenticated users
Mobile user
Spammer
IP-PBX
Internet
ITSP
Block non
authenticated users
Monitor traffic and
block end-points with
a un-normal behavior
Encryption
• Encrypted SIP signalling
– Support for TLS
• Encrypted media
– Support for SRTP (Sdescriptions)
Termination , Pass through or Transcoding
IP-Phone
TLS
TLS
In
Inthe
the
clear
clear
SRTP
SRTP
RTP
SRTP
__SRTP__
Ingate Firewall or SIParator
IP-PBX / SIP Server
Extensive SIP Feature Set
Far-End
NAT Traversal
and STUN
Sol. for Remote
Workers
Encryption
Security
SIP Filtering
SIP Proxy,
ALG, B2BUA,
Registrar
Firewall & NAT
Flexible Control
SIP Trunking
Tool Set
SIP Trunking
ENUM Support
Near-End
Traversal
Authentication
Taffic
QoS,
Mgmt
Termination / Transcoding
SIP-ALG-only
Firewalls
can only do
this much
Network Installation Options
Why does the Enterprise need an SBC?
Eliminate interoperability issues
Resolve NAT traversal through the firewall
Security
Place the PBX in the private IP space
Authenticate to prevent theft of services
Protect against Denial of Service attacks
Eliminate single points of failure
Manage bandwidth for optimal voice experience
Measure quality of the voice
Encryption of Signaling and Media for privacy
Please contact me at any time:
Steve Johnson
President
Mail & SIP: [email protected]
Direct: 1-603-883-6569