Delivering peak performance for premium interactive

Download Report

Transcript Delivering peak performance for premium interactive

Session border control:
CONTROL for service providers
to make money from IP IC services
Jim Hourihan
VP Marketing &
Product Management
Border control
– protecting the “goods” inside
Geo-political
Socio-economic
Transportation
Health
New requirements
IP data
web/Int**net
IP IC
voice, video,
multimedia
New
requirements
Evolution of
IP interactive communications
Phase 3
Valuable services $$$
Opportunity
Residential
Services
Phase
1
Free
Free PCPC Calls
Phase 2
Lower transport
costs
Business
Services
Trunking
Int’l Toll
Bypass
Internet
Offload
PSTN-IP
Time
IP-IP
Mobile
Services
Breaking boundaries to end-to-end
IP interactive communications
IP Centrex
Residential
services
Distance learning
Video
conferencing
Multimedia
collaboration
VoIP
origination/termination/transit
Business
Security
Presence
& IC
Residential
Wired
Service assurance
- SLA
- Revenue
- Profit
Gaming
Pay per view
video
Wireless
Law
enforcement
Security requirements
between IP networks
Service provider issues
─ Control service access
based upon L5 addresses
– names & telephone #s
─ Protect service infrastructure
from DoS attacks
O&T
HIP IC
Services
• Hide softswitches, gateways,
application & media servers
Transit
& O&T
• Protect against IP attacks, call overload
─ Hide customers from suppliers,
suppliers from customers
Customer/subscriber issues
─ Utilize private CPE addresses
with global reachability
─ Enable data firewall
traversal without CPE
or changes
HIP IC
Services
PSTN
SLA assurance requirements
across IP networks
Session admission control
on access/transit links
─ Guarantee session capacity
& quality on oversubscribed links
─ Gracefully reject sessions above
capacity limits
QoS mediation
─ Ensure high-quality QoS-based
backbone transport without trusting
QoS markings set by endpoints
or other networks
QoS-based routing to
transit/termination networks
QoS reporting - per session
─ Problem alerting & isolation
─ Admission control
─ SLA reporting
NONE
NONE
MPLS
PSTN
DiffServ-3
T1/E1
Frame
VLAN-2
VLAN-2/TOS
DSL
NONE
Revenue & profit assurance
requirements for IP service networks
Service reach
─ Interwork signaling protocols
to extend network reach & value
Service theft
H.323
SIP
─ QoS theft - eliminate need to
trust endpoint QoS markings
─ Bandwidth theft - prevent voice
call to become high-bandwidth
video call without authorization
SIP
PSTN
Service cost
─ Least cost routing to transit
or termination networks
Service accounting
─ Session activity including quality
─ Terminate & identify sessions
set-up or ending improperly
to minimize reconciliation
SIP
costs
SIP
MGCP
MGCP SIP
H.323
Law enforcement requirements
for IP access networks
Replicate and deliver specific
sessions to multiple authorized
law enforcement agencies
transparently
─ Signaling messages
─ Media flows
O&T
HIP IC
Services
Transit
& O&T
HIP IC
Services
PSTN
Session border control required for
high-quality interactive communications
New product category enables high quality
interactive communications across IP network borders
Session – real-time, interactive communications
using SIP, MGCP, H.323, Megaco/H.248
Border – IP-IP network border
─ Service provider-customer/subscriber
─ Service provider-service provider
Control
─ Security
─ SLA assurance
─ Revenue & profit assurance
─ Legal intercept
Session border controller applications
Security
Service assurance
- SLA, revenue, profit
Law
enforcement
PSTN
Peering VoIP providers
PSTN O&T
IP Transit
Voice ASP services
PSTN Origination
& Termination
Directory
PSTN
Termination
IP Transit
& PSTN O&T
Calling card
Calling card
Directory
Messaging
Customer care centers
Hosted IP IC services
Voice & video
Unified messaging
Conferencing
Presence & IC
Multimedia collaboration
Gaming
IP PBX transport
Business
Services
Residential
Services
Session border controller applications
Security
Service assurance
- SLA, revenue, profit
Law
enforcement
PSTN
Peering VoIP providers
PSTN O&T
IP Transit
Voice ASP services
PSTN Origination
& Termination
Directory
PSTN
Termination
IP Transit
& PSTN O&T
Calling card
Calling card
Directory
Messaging
Customer care centers
Hosted IP IC services
Voice & video
Unified messaging
Conferencing
Presence & IC
Multimedia collaboration
Gaming
IP PBX transport
Business
Services
Residential
Services
VoIP trunking network peering
SIP-T, H.323, SIP-H.323 interworking, MGCP B2BGW
Security - protect softswitch and gateways
─ Access control & topology hiding @ L3 & L5
─ DoS protection including
call rate limiting
USA
─ Overlapping address spaces
SLA assurance
─ Call admission control
- transit link bandwidth
&/ observed quality
─ QoS reporting
PSTN
A
SIP
IP
Europe 1 $.05
Europe 2 $.03
SIP
H.323
Revenue & profit
assurance
─ Accounting & session timers
─ Routing – least cost, ToD, ASR, etc.
B
Hosted IP IC services
– business & residential
Security
─ Access control & network topology hiding
─ DoS protection including call rate limiting
─ Hosted NAT traversal
IP O&T
or Transit
─ CPE address preservation
PSTN
Termination
Internet
PSTN
SLA assurance
─ Session admission control
- access & aggregated link bandwidth
─ QoS marking – 802.1p & q (VLAN)
ToS, DiffServ, MPLS
─ QoS reporting
Revenue & profit assurance
─ SIP, MGCP & H.323-SIP IWF
─ Bandwidth & QoS theft protection
SIP
─ Accounting & session timers
Legal intercept
SIP
T1
MGCP
MGCP
DSL
Frame
SIP
SIP &
MGCP
H.323
Voice ASP services
- calling card, directory services, messaging
Security
─ Data center topology hiding & access control
─ DoS protection including call rate limiting
─ Hosted NAT traversal
Data Center
SLA assurance
─ App/media server load balancing
─ All call set up & media
handled by Net-Net SD
─ Session admission control
- access link bandwidth
─ L2 QoS marking - 802.1p & q
─ QoS reporting
Database(s)
Accounting
SIP
Revenue & profit assurance
─ SIP, H.323 & SIP-H.323 interworking
─ Remote Net-Net SDs eliminate
media backhaul costs
─ Routing – cost, quality,
Call 1
media profile, etc.
─ Accounting & session timers
Call 2
SIP
PSTN
H.323
Legal intercept
Signaling
Media
Under the hood
- three technology architectures
Back-to-Back Session Agent (B2BSA)
Application Layer Gateway (ALG)
MIDCOM
Back-to-Back Session Agent
(B2BSA) architecture
SIP B2BUA, H.323 B2BGK/GW, MGCP B2B GW/CA
Breaks session into two segments for complete control
Terminates and reinitiates signaling message & SDP with
unique session IDs
CAN respond to and initiate signaling messages
e.g. REDIRECTs, reINVITEs, BYEs
Segment 1
B2BSA
Segment 2
Application Layer Gateway
(ALG) architecture
Maintains single session through system
Modifies addresses in signaling messages & SDP as they
pass thru system
CAN NOT respond to or initiate signaling messages
e.g. REDIRECTs, reINVITEs, BYEs
ALG
MIDCOM architecture
“Softswitch” for signaling – intelligent master
Middlebox for media control – dumb slave
MIDCOM protocol between for communication
Middlebox support for signaling requires complex
configuration
Softswitch can be B2BSA or proxy
Signaling arrives with L3 NAT completed by Middlebox, but
L5 NAT incomplete
Segment 1
Segment 2
MIDCOM
MB
Comparing features & benefits
- B2BSA vs. ALG vs. MIDCOM
Bandwidth and QoS optimization
Hosted NATand
traversal
release
Bandwidth
QoS w/media
optimization
Session
admission
control
– generate
Hosted NAT
traversal
w/media
release “busy” signal if no
bandwidth
&
media
prioritization
Session admission control – generate “busy” signal if no
bandwidth
& media prioritization
CODEC
stripping
Bandwidth
policing
CODEC stripping
Bandwidth policing
Service reach – endpoints, PBXs, other networks
VLANS/overlapping
addresses/VPN
bridging
Service
reach – endpoints,
PBXs,
other networks
Interworking
SIP-H.323,
H.323-H.323,bridging
MGCP-MGCP
VLANS/overlapping
addresses/VPN
DTMF
H.323 in-band
to SIP
out-of-band
(RFC2833)
Interworking
SIP-H.323,
H.323-H.323,
MGCP-MGCP
interworking
(for
H.323
PBX
integration)
DTMF H.323 in-band to SIP out-of-band (RFC2833)
interworking
(for H.323
PBXtranslations
integration)
Error
message/cause
code
Error message/cause code translations
Softswitch scalability & availability
Redirect support
Softswitch
scalability & availability
Softswitch
failover & load balancing
Redirect support
UDP-TCP
interworking
Softswitchsignaling
failover &
load balancing
TCP/TLS
UDP-TCPoff-load
signaling interworking
Encrypted
access-unencrypted backbone (signaling)
TCP/TLS off-load
Encrypted access-unencrypted backbone (signaling)
Other
Simultaneous L5 & L3 NAPT by same system (security)
Other
Route
stripping
or RECORD
ROUTE
(security)
Simultaneous
L5in&VIA
L3 NAPT
by same
system
(security)
Session
timers (generate
BYE for accounting)
Route stripping
in VIA or RECORD
ROUTE (security)
Legal
intercept
signalingBYE
& media
Session
timers -(generate
for accounting)
Legal intercept - signaling & media
B2BSA
ALG
MIDCOM
(w/ B2B signaling)
Y
Y
Y
Y
Y
Y
Y
N
N
N
N
N
N
N
N
N
N
N
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
N
N
N
N
N
N
N
N
Y
N
N
Y
N
N
N
Y
Y
Y
Y
Y
Y
Y
N
N
N
N
N
N
N
N
N
N
N
N
N
N
Y
Y
Y
Y
Y
Y
Y
N
Y
N
N
N
N
N
Y
N
N
Y
Y
N
Y
Net-Net
Extending network reach is critical to increasing value
Extending reach introduces new border control challenges
─ Security
─ Service assurance – SLA, revenue & profits
─ Law enforcement
Session border controllers give service providers
the CONTROL to deliver high quality and make money
Delivering
peak performance for
premium interactive communications
across IP network borders
Acme Packet Net-Net™
session border controllers