Transcript Slide 1
The SIP trunking enabler
Solutions for SIP Trunking
Benefits of Ingate SIP Trunking
Products for Service Providers
Support for all SIP PBX’s in the market
Expansion of Service Provider market of opportunity
Service Provider Demarcation Point
Clear point of demarcation towards customer
Resolution of NAT traversal issues
Security and Control
Easy expansion to support Unified
Communications
Ingate Element Management System
Efficient provisioning and monitoring
SIP Trunking and Beyond
Core Functionality:
NAT/Firewall traversal
Interoperability between PBX and Service
Provider Networks
Quality of Service (QoS)`
Security
Service Provider Demarcation Point
An Ingate solution can also enable:
Connecting remote users to the PBX
Secure interoffice connection
WiFi mobile phone communication
Multimedia communication
Benefits of SIP Trunking
Monthly cost savings
Single network for all communications
Lower cost of Moves, Adds and Changes
Disaster Recovery / Business Continuity
User provisioning
First step in achieving Unified
Communications
Voice, Video, IM, Presence, etc.
Remote workers
WiFi mobile phone communication
SIP is the future of Telecommunications
The Ingate Products
Enabling General NAT/firewall Traversal for SIP
Complete Firewalls
Add-on to Existing Firewalls
Existing
Firewall
SIParator®
DMZ
Firewall & NAT/PAT
SIP Proxy
SIP Back to Back User
Agent
SIP Registrar
The Ingate Family
Firewall® 1650
or
SIParator® 65
Firewall® 1550
or
SIParator®55
Firewall® 1500
or
SIParator®50
Firewall® 1190
or
SIParator® 19
300 Calls*
380 Mbit/s
75000 Packets/s
150 Calls*
330 Mbit/s
28500 Packets/s
50 Calls*
50 Mbit/s
4500 Packets/s
*) Calls = Concurrent RTP Sessions = SIP Trunks
Firewall® 1900
or
SIParator® 90
650 Calls*
385 Mbit/s
125 000 Packets/s
1 500 Calls*
2 600 Mbit/s
230 000 Packets/s
Confirmed Interoperability
IP-PBXs
Service providers
360 Networks
Airespring
AT&T
BandTel
Bandwidth.com
Broadvox
Cbeyond
Cellip
Cordia Corporation
Excel Switching
Gamma
Global Crossing
IP-Only
Juma Networks
Ingate SIParator®
-orIngate Firewall
Level 3
Netlogic
Nexvortex
Nuvox
O1
Paetec
Primus
RNK Telecom
SIP Trunk
TDC
Tele2
Toplink
Compliant with
VoEX
VoIP Unlimited
Voxbone
More in pipeline.....
Carrier Equipment
Acme Packet
Broadsoft
NexPoint
Sonus
Sylantro
See: www.siptrunk.org
3Com
Aastra
Digium / Asterisk
Avaya
Cisco Call Manager
Ericsson MX-One
Fonality
Innovaphone
Interactive Intelligence
Iwatsu
Microsoft
Mitel
NEC / Sphere
Nortel
Objectworld
SER
Shoretel
Siemens
SIP-Gear
Swyx
More in pipeline....
The Live IP Communication Problem of the Decennium
A common Network and common Protocols changed our lives:
SMTP gave us global email! HTTP gave us the WEB!
IMS
SIP is the Internet standard for
Live IP Communication: The
next step of Internet usage!
Find each other and do something in real
time. Telephony being just one application.
However, SIP does not
traverse the common NATs
and firewalls* separating the
LANs from the Internet .
(SIP based)
Internet
email
FW
FW FW
FW
LAN
* Live IP Communication Requires:
- Locate the person
- Set up a session
- Open real time media streams
web
LAN
The Ingate SIP Architecture
Firewall & NAT Router
Dynamic NAT & Firewall Engine
SIP Proxy Server, capable of routing
to/from various address spaces (NAT)
The routing SIP Proxy Server controls
the media through the NAT & Firewall
SIP Registrar for user location
information
SIP
Proxy
User
Location
Extensive SIP Feature Set
Far-End
NAT Traversal
and STUN
Sol. for Remote
Workers
Security
Encryption
SIP Filtering
SIP Proxy,
ALG, B2BUA,
Registrar
Firewall & NAT
Flexible Control
SIP Trunking
Tool Set
SIP Trunking
ENUM Support
Near-End
Traversal
Authentication
Taffic
QoS,
Mgmt
Termination / Transcoding
SIP-ALG-only
Firewalls
can only do
this much
IP-PBX Trunk Must Meet Service Provider Trunk
PSTN
SIP Trunking
Provider Network
SIP System
SIP Trunk
1) 2) 3) 4) 5)
IPPBX
Why may Ingate be required to connect a PBX?
1) NAT/Firewall Traversal – Must NAT to same address space!
2) Basic SIP and Network Interoperability - E.g.
Authentication, Registrations, UDP/TLS/TCP, Dynamic IP address, etc.
3) SIP Repair - E.g. Call Transfer, Fragmented packets, Bugs, etc.
4) Features - E.g. Remote Users, Administration (remote and local)
5) Security - E.g. Will LAN be opened? Is the PBX designed to be public?
2) 3) 4) 5)
2) 3) 4) 5)
SIP Trunk Interface
Modern IP-PBXs are of
this type. Media goes
directly between phone
and SIP Trunk.
PBX with
system
phones
IPPBX
Few PBXs are of this type.
Asterisk with firewall
(IPtables /NETfilter) can be
compiled and configured
this way, but requires a lot.
VoIP & Data LAN
VoIP & Data LAN
Data LAN only
PBX Type 1
Signaling:
Media:
PBX Type 1.5
PBX Type 2
NAT/Firewall Traversal Problem
when SIP Trunking over the Internet
Public
Internet
SIP Trunking
Provider
PSTN
SIP System
SIP Trunking does not pass a
SIP unaware NAT/firewall!
IP-PBX
…and the firewall cannot be opened
enough to make it work because of NAT.
Data LAN
With a SIP Trunk over the Internet, it is not really
an option to just connect it to a VoIP LAN.
Public
Internet
SIP Trunking
Provider
SIP System
SIP Trunk
Over the
Internet
IP-PBX
Who will issue a
public white IP
addresses to
every Phone?
PSTN
Severe Security Warning!
No one wants the whole Voice
LAN exposed to the Internet. Any
extra firewall here needs to be
SIP aware or widely open.
Data LAN
VoIP LAN
?
?
No Soft or Multimedia Clients!
UC?
Ingate Firewall® Creating a Common Data and
VoIP LAN for SIP-Trunking over the Internet
Public
Internet
Remote
Users
IP PBX
SIP Trunking
Provider
PSTN
SIP System
SIP Trunk
over Internet
Ingate Firewall®
Demarcation point and
bringing SIP
communication to the LAN
Data LAN
Data & VoIP LAN with QoS
Soft Clients and Multimedia Terminals
Ingate SIParator® Used with Existing Firewall
for SIP Trunking Service over Internet
Public
Internet
Remote
Users
IP-PBX
SIP Trunking
Provider
PSTN
SIP System
SIP Trunk
over Internet
Ingate SIParator®
Demarcation point and
bringing SIP
communication to the LAN
Data LAN
Data & VoIP LAN
Soft Clients and Multimedia Terminals
Managed SIP Trunk Connected to Separate
Enterprise VoIP LAN in Operator’s Space
Public
Internet
No Remote
Users!
SIP Trunking
Provider Network
SIP System
Managed
SIP Trunk
Provider:
Security
Warning!
Enterprise:
Security
Warning!
IP-PBX
Will Service
Provider issue
IP addresses to
every Phone?
PSTN
Data LAN
VoIP LAN
?
?
No Soft or Multimedia Clients!
UC?
Managed SIP Trunking with SBC Adapting SIP to
NAT:ed Space of the Enterprise LAN
Public
Internet
No Remote
Users!
IP-PBX
SIP Trunking
Provider Network
PSTN
SIP System
Enterprise: Do we
dare let the Service
Provider have full
access to our LAN?
Managed
SIP Trunk
Other
customers
VoIP& Data LAN
Ingate SIParator® Used with Existing Firewall for
Managed SIP Trunking Service
Public
Internet
Remote
Users
IP-PBX
SIP Trunking
Provider Network
PSTN
SIP System
Managed
SIP Trunk
Ingate SIParator®
Demarcation point and
SIP communication via
both WAN pipes.
Data & VoIP LAN
Soft Clients and Multimedia Terminals
Ingate Firewall® Creating a Common Data and
VoIP LAN for Managed SIP Trunking Service
Public
Internet
Remote
Users
IP-PBX
SIP Trunking
Provider Network
PSTN
SIP System
Managed
SIP Trunk
Ingate Firewall®
Demarcation point and
SIP communication via
both WAN pipes.
Data & VoIP LAN
Soft Clients and Multimedia Terminals
SIP Trunking Over on a Dedicated Access, with a Central SBC
doing Far End NAT Traversal through NAT/FW
Public
Internet
No Remote
Users!
IP-PBX
SIP Trunking
Provider Network
PSTN
SIP System
Far end NAT traversal through
NAT/FW by keep alive packets
etc. from Operator SBC.
Dedicated access for QoS.
Does not work with all
NATs & Firewalls.
No PBX SIP normalization.
VoIP& Data LAN
Ingate SIParator® Used with Existing Firewall for
Managed SIP Trunking Service
Public
Internet
Remote
Users
IP-PBX
SIP Trunking
Provider Network
PSTN
SIP System
Managed
SIP Trunk
No far end NAT traversal
workaround required.
Ingate SIParator®
Demarcation point and
SIP communication via
both WAN pipes.
Data & VoIP LAN
Ingate Firewall® Creating a Common Data and
VoIP LAN for Managed SIP Trunking Service
Public
Internet
Remote
Users
IP-PBX
SIP Trunking
Provider Network
PSTN
SIP System
Managed
SIP Trunk
No far end NAT traversal
workaround required.
Ingate Firewall®
Demarcation point and
SIP communication via
both WAN pipes.
Data & VoIP LAN
SIP Trunking Over a Dedicated or Internet Access, with a
Central SBC doing Far End NAT Traversal through CPE NAT
Public
Internet
No Remote
Users!
IP-PBX
SIP Trunking
Provider Network
PSTN
SIP System
Far end NAT traversal
through CPE router by
keep alive packets etc.
from Operator SBC.
Dedicated access for QoS.
Does not work with all
NATs & Firewalls.
No PBX SIP normalization.
VoIP& Data LAN
SIP Trunking Over on an Internet Access, using an
Ingate/Intertex CPE (Firewall/SIParator) with ADSL
Public
Internet
Remote
Users
IP-PBX
SIP Trunking
Provider Network
Separate
Internet data
access is
optional.
Combined
Data & VoIP
Service with
QoS possible.
PSTN
SIP System
No far end NAT traversal
workaround required.
ADSL 2+ Annex A/B/M
Built in E-SBC with SIP
NAT/Firewall Traversal, QoS
and SIP normalization.
VoIP & Data LAN
Two Ways to Provide a SIP Trunk
Over a Managed Line
Over the Public Internet
PSTN
Public
Internet
SIP Trunking
Provider Network
SIP System
PSTN
Public
Internet
Managed
SIP Trunk
IPPBX
SIP Trunking
Provider Network
SIP System
SIP Trunk
over Internet
IPPBX
Data & VoIP LAN
Data & VoIP LAN
SIP Trunking plug-and-play
Step 1 – Address provisioning
A. Connect Your
Ingate according to
the picture
B. Type MAC
address and IP
address of the
Ingate unit.
D. Press Next and the
tool will automatically
provide an IP address
to the Ingate.
C. Select a
password. No
password is
set default.
E. When done the
SIP Trunking tool
can be launched.
Status information
SIP Trunking plug-and-play
A. Select
ITSP from
drop down
menu and
provide
necessary
account
information
Step 2 – Trunking configuration
B. Select
IP PBX brand
& IP address
on your
internal
network.
C. Select
SIParator type
(only available
for SIParators).
D. DNS servers
to use. Optional
E. Optional to
add and remove
prefixes.
F. Configure
external interface using
DHCP or static
IP
G. Configure
netmask for the
internal network
H. When done, the tool will generate a configuration based on
your input and you will automatically be redirected to the Ingate
and only need to apply the configuration and you are done!
Please contact me at any time:
Steve Johnson
President
Mail & SIP: [email protected]
Mobile: 1-603-557-7918
Direct: 1-603-883-6569