APKT Enterprise SIP Trunking
Download
Report
Transcript APKT Enterprise SIP Trunking
The leader
in session border control
for trusted, first class
interactive communications
SIP trunking & enterprise SBCs
Revenue (US$B)
Still in early stages
– CY08, $130M in revenue,
208.5K SIP trunks
North America driving
SIP trunking
$4
6
SIP Trunking
2008-2013 CAGR of 91%
$3
$3
5
Trunks (M)
Positive outlook for SIP trunking
and SBCs through 2013
4
$2
3
$2
2
$1
– 74% total trunk shipments
in CY08
1
$1
$0
0
CY08
Region (All)
CY09
Frequency Annual
CY10
CY11
CY12
CY13
CategoryRevenue
Enterprise SBC Trunks
Metric (All)
Millions
Sessions
Two dominant SBC players –
Acme Packet and
Cisco Systems
68% of enterprise SBC
revenue from NA in 2008
350
300
Session Border Controller
2008-2013 CAGR of 49%
250
200
Drop Series
150
100
50
Infonetics: June 2009
0
CY08
CY09
CY10
CY11
Period
CY12
CY13
3
Acme Packet is leader in
delivering SIP trunking services
SIP trunking availability from
APKT service providers exploding
All IP trunking protocols supported
– RFC 3261 SIP, SIP-I, SIP-T
and H.323
70
APAC
12%
CALA
26%
60
50
EMEA
41%
40
30
20
10
0
Pl
an
ne
d
– Security
– SLA assurance
– Service reach/interoperability
NA
21%
Tr
ia
ls
Same border controls for
service provider & enterprise
80
ep
lo
ye
d
APKT in service provider network
+ APKT in enterprise network
= guaranteed interoperability
and faster time-to-trunk
APKT SIP trunking
service providers 1H'09
D
– 80 deployments and trials today
– 30 countries
– Many different IP PBX/UC
environments supported
4
Why do you need an enterprise SBC?
Many PBX and UC vendors have SIP interfaces or other methods
for connecting PBX and UC elements to a carrier SIP trunk service
This causes some enterprise telephony and UC managers to ask:
– If my PBX or UC platform supports a native SIP trunk interface, why
can’t I just connect this interface directly to the carrier SIP trunk
service?
This presentation will address this question and others such as:
–
–
–
–
Why do I need an enterprise SBC for SIP trunking interoperability?
Why do I need an enterprise SBC for SIP trunking security?
Why do I need an enterprise SBC for SIP trunking control?
How does using an enterprise SBC enhance my disaster recovery,
troubleshooting, and monitoring capabilities?
– How is the Acme Packet solution packaged?
5
Acme Packet enterprise SBC solution
controls four IP network borders
VoIP & UC security
SIP trunking
1. SIP trunking border
IP
subscribers
PSTN
4. Hosted services border
Contact center,
audio/video conferencing,
IP Centrex, etc.
SIP & H.323 interoperability
Data center disaster recovery
Service
providers
Remote site survivability
Data
centers
Contact center virtualization
IP PBX
UC
Remote site & worker connectivity
via the Internet
Regulatory compliance
– recording & privacy
Private network
H.323
Regional
site
SIP
Remote
site
Internet
SIP
HQ/
campus
2. Private network border
Nomadic/
mobile user
Teleworker
Remote
site
3. Internet border
6
SIPconnect - enterprise SIP trunking
profile accelerates time-to-trunk
SIP Forum spec ratified August 2006, now V1.13
Specifies RFCs that must be supported for SIP trunking
– SIP, TCP, TLS, RFC 4733 DTMF, G.711 20ms, E.164 & URI addresses,
SIP server discovery, response codes, IPv4 addresses
Service provider
Enterprise
PSTN
SIP RFC 3261
Media G.711, 20ms
TLS
7
SBCs assure
service availability & quality
Session admission control –
signaling element, network, user
– Signaling-based – number of call
/sessions, signaling rates
– Media (bandwidth)-based
1. SIP trunking border
IP
subscribers
PSTN
4. Hosted services border
Contact center,
audio/video conferencing,
IP Centrex, etc.
Overload control
– Non-malicious – load balancing,
SIP registration avalanches, mass
calling rejection/diversion
– Malicious
Service
providers
Data
centers
Failure detection & recovery
- data center redundancy,
remote site survivavbility
IP PBX
– L3 router
– IP PBX or UC server
– Service provider SIP trunk/SBC
UC
Transport control
– Packet marking and mapping
– Media release peer-peer
Quality of Experience (QoE)
Private network
H.323
SIP
SIP
– QoS & ASR monitoring, reporting
& routing
Regional
site
Remote
site
Internet
HQ/
campus
2. Private network border
Nomadic/
mobile user
Teleworker
Remote
site
3. Internet border
8
SBCs enable regulatory compliance
Call and session recording
– Replicate session (signaling and
media) for recording
Session privacy
– Secure signaling and/or media
1. SIP trunking border
IP
subscribers
PSTN
4. Hosted services border
Contact center,
audio/video conferencing,
IP Centrex, etc.
Service
providers
Emergency calls E-9-1-1
– Retrieve location information,
add to signaling
– Route based upon location
– Prioritize routing (SIP RPH)
& IP transport
– Exempt from admission control
polices
Data
centers
IP PBX
UC
Private network
H.323
Regional
site
SIP
Remote
site
Internet
SIP
HQ/
campus
2. Private network border
Nomadic/
mobile user
Teleworker
Remote
site
3. Internet border
9
SBCs control costs
Least cost routing
Accounting
Fraud prevention
1. SIP trunking border
IP
subscribers
PSTN
4. Hosted services border
Contact center,
audio/video conferencing,
IP Centrex, etc.
Service
providers
Encryption off-load – TLS, IPsec
Data
centers
IP PBX
UC
Private network
H.323
Regional
site
SIP
Remote
site
Internet
SIP
HQ/
campus
2. Private network border
Nomadic/
mobile user
Teleworker
Remote
site
3. Internet border
10
Why use SBC for
enterprises & contact centers?
Real-time IP communications is different
– Sessions initiated from inside or outside of firewall
– Continuous stream vs. traffic bursts, 2-way flows
– Latency & jitter very important, loss not so important
Security is paramount
– Multi-protocol and real-time nature of VoIP demands
sophisticated stateful defense strategy
– Signaling overloads occur with network outages,
attacks simple to launch
Today’s firewalls are insufficient, unable to:
–
–
–
–
–
Protect themselves or IP PBX/UC resources
Open / close RTP media ports in sync with SIP signaling
Perform VoIP signaling deep packet inspection
Track session state and provide uninterrupted service upon failure
Enable VoIP interoperability for all layers/protocols
SBCs deliver more than security using
back-to-back user agent approach vs. ALG
–
–
–
–
Service reach maximization
SLA assurance
Regulatory compliance
Cost control
11
Summary comparison:
SBC vs. firewall with SIP ALGs
SBC (B2BUA)
Data center
Firewall with SIP ALG
Data center
IP PBX
UC server
SIP trunk
IP PBX
UC server
SIP trunk
Terminates, re-initiates and
initiates signaling & SDP
Unable to terminate, initiate,
re-initiate signaling & SDP
Two sessions - one on each
side of system
Single session across system
Layer 2-7 state aware
Layer 2-4 state aware
Inspects and modifies any
application layer header info
(SIP, SDP, etc.)
Inspects and modifies only
application layer addresses
(SIP, SDP, etc.)
Static & dynamic ACLs
Static ACLs only
Acme Packet
12
Why use SBC for
enterprises & contact centers?
Real-time IP communications is different
– Sessions initiated from inside or outside of firewall
– Continuous stream vs. traffic bursts
– 2-way flows
Security is paramount
– Multi-protocol and real-time nature of VoIP demands
sophisticated stateful defense strategy
– Signaling attacks are simplest to launch
Today’s data focused solutions are not enough
–
–
–
–
–
Lack ability to dynamically correct VoIP connectivity issues
Unable to perform VoIP signaling/media deep packet inspection
Inability to track session state and provide uninterrupted service
Firewalls and routers cannot protect UC resources
Back-to-back user agent proven superior to ALG
SBCs deliver more than security
– Service reach maximization
– SLA assurance
– Cost optimization
13
SBC vs. alternative approaches
Function & feature examples
Acme Packet
SBC
Firewall w/
SIP ALG
IP PBX
SIP proxy
Router
Security
DoS/DDoS self-protection
√
IP PBX/SIP proxy DoS prevention
√
Access control-dynamic & static
√
Static only
Topology hiding
√
NAT leaks
Encryption – signaling & media
√
IPSec
tunnels only
Malware & SPIT mitigation
√
Static only
Software-based
signaling only
Software-based
signaling only
IPSec
tunnels
Application reach maximization
Remote NAT traversal
√
L3 & 5 OLIP/VPN bridging, IPv4-v6 interworking
√
Interworking; signaling, transport & encryption
protocols
√
Overlapping dial plan translations
√
L3 only
SLA assurance
Admission control – signaling resource & bandwidth
√
Signaling resource load balancing; QoS/ASR routing
√
Signaling overload control
√
QoS marking and reporting
√
Call counting
only
Call counting
only
No L5
awareness
14
La Quinta & Extended Stay hotels
– SIP trunking and session routing
Application
Remote worker
IP phones
PSTN
– SIP trunking for analog PBXs
to reduce PSTN costs
– Interconnect over 1,000 hotel properties
Service
providers
Internet
Problems overcome
– High costs and inefficient PRIs
for individual hotels
– Protect data center VoIP infrastructure
– NATs block remote worker IP phone calls
– Inbound call routing & outbound load
balancing
Data center
VM
MPLS backbone
Guest
phones
Guest
phones
Guest
phones
Hotel properties
15
Hanjin – SIP trunking
& unified communications
Hanjin offices
Application
– SIP trunking to service provider
– Unified communications across
Hanjin Group companies
Problems overcome
– Protect UC and VoIP infrastructure
– Interoperability with Microsoft
Solution for Enhanced VoIP
Services using Sylantro’s Synergy
– Unify offices, reduce complexity
MPLS WAN
Uniconverse
data center
AS
PSTN
AS
AS
MS
Local service
provider
16
Insurance – SIP trunking
& Internet access
Application
1. SIP trunking border
– Interconnection of HQ data center
to remote sites and agents
over Internet
– SIP trunking to rest of world
Problems overcome
– Protecting core IPT infrastructure
– Mediation of network differences overlapping IP addresses and
differing protocols
– Firewall/NAT traversal
– Privacy for Internet-transported calls
PSTN
Service
providers
Data
centers
IP PBX
Internet
SIP
Nomadic/
mobile user
Teleworker
Remote
site
3. Internet border
17
Financial services – SIP trunking
& remote worker
Application
SIP trunking border
– Connect 40 locations via
SIP trunking
– Multivendor IP-PBX interoperability
– Support nomadic mobile worker
Problems overcome
PSTN
Service
providers
– Security on SIP trunks
– Reduce access & toll costs by
changing
TDM trunking to SIP
– SIP-H.323 interoperability
– NAT traversal for remote workers
Data
centers
IP PBX
UC
Private network
H.323
Regional
site
SIP
Remote
site
Internet
SIP
HQ/
campus
Private network border
Nomadic/
mobile user
Teleworker
Remote
site
Internet border
18
Financial services – SIP trunking
& remote worker
Application
SIP trunking border
– Connect 40 locations via
SIP trunking
– Multivendor IP-PBX interoperability
– Support nomadic mobile worker
Problems overcome
PSTN
Service
providers
– Reduce access & toll costs by
changing TDM trunking to SIP
– Security on SIP trunks
– SIP-H.323 interoperability
– NAT traversal for remote workers
Data
centers
IP PBX
UC
Private network
H.323
Regional
site
SIP
Remote
site
Internet
SIP
HQ/
campus
Private network border
Nomadic/
mobile user
Teleworker
Remote
site
Internet border
19
SIP trunking savings spans access,
local and long distance costs
PRI trunking
SIP trunking
Savings
20
Net-Net
Enterprise and contact center are transitioning
to IP trunking and unified communications
– Driving need for increased security and connectivity
– Users pushing boundaries, creating need for increased control
Security, service reach and SLA assurance are major issues
– Voice is mission critical, solution must meet demands
– Intelligent, dynamic solution required to protect real-time
communications services – only SBCs provide this
Acme Packet is leading the way
– Category creator and industry leader
– Feature rich products led by real-world experience
– Channel and interop partners in place
21
The leader
in session border control
for trusted, first class
interactive communications