170 likes | 914 Views
SIP trunk Problems & Solutions ShoreTel & INGATE Siparator Jerome Joanny Sr Product Manager - ShoreTel. IP Cloud. Company A. SIP Trunk - What are the advantages?. Lower recurring costs from the carrier Flexible calling plans – bundled minutes, no long distance charges
E N D
SIP trunk Problems & SolutionsShoreTel & INGATE Siparator Jerome Joanny Sr Product Manager - ShoreTel
IP Cloud Company A SIP Trunk - What are the advantages? • Lower recurring costs from the carrier • Flexible calling plans – bundled minutes, no long distance charges • More feature offering – virtual numbers • Deployment flexibility • Incremental provisioning vs. block provisioning • Self serve portals – buy services without meeting your rep • Quicker increments – no waiting for a truck roll • Dual use of data pipe, voice and data Calls Data
SIP trunking problems • NAT traversal for SIP • NAT resides at L3/L4 – SIP at L7 • NAT processing “breaks” SIP addressing • Network & SIP Communication security • Physical medium is the IP pipe • Firewalls control what goes in or out such pipe • SIP Protocol Normalization & translation • Not all SIP are created equal … and compatible • Open Standard …open to interpretations
Company A The ‘NAT’ and SIP Story • The Details of port and private IP address are encapsulated in the SIP header message • Application Layer messages contain information that isn’t relevant outside of the enterprise network SIP Header Invite From: 192.168.1. To: 65.73.1.34:5060 ? SIP Header Invite From: 192.168.1. To: 65.73.1.34:5060 Public IP 65.73.1.34 IP 192.168.1.55 Client B Client A Public IP 64.72.1.31 Public IP 66.63.1.23 Client Y IP 192.168.1.57
Carrier SIP Trunk Cloud Company B Company A Network & SIP security issues • SIP trunks use IP infrastructure • IP networks are ‘protected domains’ connected by untrusted ‘public’ connections. • Reliable method is required that allows communication between domains protected by Firewalls Firewall Firewall Ouch! Ouch! Firewalls block the prime function of a trunk – Allow systems from different enterprises connect
Hi John ! May I speak with Jane ? 603-883-6569 972-678-0464 603-883-6580 The SIP Normalization situation Sure! I will transfer you to Jane Bob ‘REFER’ to Jane John ALG ShoreTel Call-ID: X Call-ID: X ? REFER? 603-883-6580@ shoretel.com What's that? (Jane) IP 168.203.30.11 Jane
ShoreTel & Ingate : delivering a solution that Works ! • Solve SIP firewall and NAT traversal issues with a consistent solution • NAT traversal problems are the source of 90% initial setup issues • Ensure customers can keep total ownership of network security when SIP is introduced • Provide SIP normalization if/when required • Provide partners and customers validated ‘end to end’ multi-vendor solutions in the SIP ‘plug and pray’ era
603-883-6569 972-678-0464 IP 168.105.45.19 INGATE Siparator addressing the NAT issue Firewall To:972-678-0464@ IP 168.105.45.19 From: 603-883-6569@10.200.10.16 ShoreTel IP 10.200.10.16 IP 168.203.30.11 For calls to route successfully internal IP addresses have to bere-written Address re-write IP 168.203.30.11 To/URI:972-678-0464@ IP 168.105.45.19 From: 603-883-6569@10.200.10.16 The SBC handles the Network Address Translation (NAT) account@provider.com
972-678-0464 603-883-6569 Address re-write IP 168.105.45.19 ITSPs can’t reach the IPBX in the LAN Service Provider can only address the known public IP-address of the Enterprise Firewall From:972-678-0464@ IP 168.203.30.11 To:603-883-6569@168.105.45.19 ShoreTel IP 10.200.10.16 For calls to route successfully IP addresses have to be re-written IP 168.203.30.11 The SBC again handles the Network Address Translation (NAT) To/URI:603-883-6569@168.105.45.19 IP 10.200.10.16
No Need to Replace the Existing Firewall! How does the Siparator help? Normal Firewalls Siparator DMZ SIP-enables any firewall It works with existing firewalls Dynamically manages ports need for SIP: -SIP Signaling port 5060 -Range of UDP/TCP ports Provides a B2BUA & SIP Proxy SIP SIP
Hi John ! May I speak with Jane ? 603-883-6569 972-678-0464 603-883-6580 The ITSP SIP transfer problem B2BUA handles the “REFER” SIP method locally and a new media stream is set up to Jane Sure! I will transfer you to Jane Bob John ITSP sees a RE-INVITE with the same Call ID REFER to Jane ALG ShoreTel Call-ID: X Call-ID: X ? Call-ID: Y IP 168.203.30.11 DMZ Re-INVITE Jane SBC with B2BUA *) The REFER SIP method
ShoreTel’s philosophy on integration • Provide partners and customers with validated ‘end to end’ multi-vendor solutions in the SIP ‘plug and pray’ era • Making it all work together can be as complex as solving a third order differential equation • Allow partners to work with ‘known entities’ • Solve SIP firewall and NAT traversal issues with a consistent solution • Allow support to be clear on the components of the solution and isolate problems easily
Summary • SIP trunking works • The ‘solution’ is about more than just connectivity • There are many flavors of SIP out there • Be sure you only use those validated as working together
SIP Trunks Misconceptions They must be the same as it says ‘trunk’ They are IP so they require less HW They are cheaper – really? – Depends on what your counting You can just connect directly – Security? – What’s that? Carrier SIP Trunk Cloud Call 408 348 8545 SIP Trunk 15 Company A
Carrier SIP Trunk Cloud Company B Company A Template page • Single image system with best in class
Company A • Each device has its own private IP address. Public IP 65.73.1.33 From: 64.72.1.31:2000 To: 65.73.1.33:80 IP 192.168.1.1 IP 192.168.1.55 Client B Client A Public IP 64.72.1.31 Public IP 66.63.1.23 Client Y IP 192.168.1.57 Client X IP 192.168.1.56