1 / 27

Deploying SIP on a Global Scale

Deploying SIP on a Global Scale. Thom O’Connor Director, Product and Services CommuniGate Systems January 25, 2007. VoIP in the News. “We are in the midst of a VoIP communications revolution“ - Jeff Pulver. The use of IP PBXs is poised to soar, according to a study by In-Stat that predicts

keola
Download Presentation

Deploying SIP on a Global Scale

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Deploying SIP on a Global Scale Thom O’Connor Director, Product and Services CommuniGate Systems January 25, 2007

  2. VoIP in the News “We are in the midst of a VoIP communications revolution“ - Jeff Pulver The use of IP PBXs is poised to soar, according to a study by In-Stat that predicts sales of these devices will represent 51% of all PBX sales this year and grow to 91% worldwide by 2009. - Network World, August 2005

  3. Long-term Benefits of VoIP • Sophisticated call management – presence, call forwarding/routing • Integrated voice, video, file transfer, IM • (Arguably) communications at lower cost and with richer media (although the cost benefits of are in transition and debatable) • Consolidated identity management • Granular policy/compliance capabilities • ENUM for convergence of telephone numbers & IP addresses • Mobility, access, flexibility

  4. Focusing on SIP-initiated VoIP • VoIP is an ambiguous concept encompassing many protocols including H.323, MGCP, SIP, 3GPP/IMS • VoIP provides the IP-based transfer of: • Audio & Video (multimedia) • Instant Messages • Client-driven application sharing & whiteboarding • Session Initiation Protocol (RFC 3261): SIP provides for open and standards-based signaling • SIP provides registration, authentication, and discovery - allows two or more clients to locate each other, select a media type & define media sockets using SDP • RTP used for audio/video payload, and often times directly between end devices

  5. Diagram of SIP-initiated VoIP

  6. Network Models for IP Communications • Service-Provider Model • Internet SIP usage with basic SIP Proxies • Client-Server SIP model, trusted users only • P2P Model • Distributed SIP model

  7. Service-Provider Model Advantages • Easy to implement and use for end users • Theoretical possibility of security within each provider • Standardization not required Disadvantages • Proprietary, (often) closed networks • Many non-interop devices • Relatively few providers, relatively little choice & potential for oligopoly • Actual security of data and accounts is unknown • Little/no policy control

  8. Internet SIP with basic SIP Proxies • Advantages • Stateless proxies can achieve high performance, but often not usable or secure • Disadvantages • Great difficulty in consistent signaling and media establishment with end users, especially those behind firewalls • Little or no gateway session control (may be most significant for enterprise users) • NAT traversal problems – STUN/TURN provides some NAT capabilities • Presence conflicts when more than one end-user agent per user

  9. Client-Server SIP model, trusted users only • Advantages • Tight authentication and REGISTER control • Little threat of Spam, Caller ID spoofing • Mostly-secure internal communications • “Near-end” and “Far-end” NAT traversal capable (if the SIP infrastructure is) • Disadvantages • Not truly a Internet-wide distributed SIP infrastructure • All non-local sessions routed through PSTN or other public service providers (IM gateways, etc.)

  10. P2P Model • Advantages • True IP-to-IP (as well as potentially IP-to-PSTN connectivity) • Potentially free and unrestricted for IP-to-IP • Cost • Disadvantages • Not appropriate for Enterprises with controls on security/privacy • Implemented today as another closed network • Skype authentication network would appear to be a single point of failure • Current implementations are not open standards therefore restricted and unknown security • Depending on viewpoint… • Very difficult to block Ref: http://arxiv.org/ftp/cs/papers/0412/0412017.pdf

  11. Distributed SIP Model • Advantages • True “Internet Communication” • Sophisticated SIP gateways with session control capabilities • Reliable media streams • Server-based presence agents • Session border control capabilities allow for content scanning, policy control (such as being able to enforce SIPS and SRTP) • Disadvantages • Predictable addressing leads to same problems of spam • Depending on your point of view, greater possibility of stream interception at gateway choke points (as compared to P2P -> Begins to look a whole lot like email today

  12. Evolutionary Path for Internet Communications? • Current IM and “free VoIP” model is similar to that of the PSTN phone network – centralized services providing end-user accounts • VoIP as a form of Internet Communications is far more powerful – distributed, open, interoperable with many servers/clients • Ultimately – will look more like email does today? • Move from IP-to-PSTN/PSTN-to-IP to end-to-end, IP-to-IP • Trend towards distributed services out towards end-points (domain/DNS-based, maybe true P2P) • WiFi/WiMAX phones may provide the last mile for end-to-end Conclusion: SIP/RTP must be implemented via the standards and architectural best practices to be opened at the gateway points

  13. Implications of Distributed VoIP • Recipients must be given tools to manage accessibility and risks • Strong requirements for user and domain-level authentication and ultimately, reputation services • Requirements for relay protections, content filtering, gateway policies, anti-spoofing, lawful intercept • Protection against DDoS, IP-based restrictions - RBLs, blacklists, whitelists • User-based rules for protection • Requirements for HA, clustering, and QOS • Less reliance/dependence on service providers (acting as oligopolies) • Policy management through sophisticated SIP gateway controls

  14. Challenges of Implementing VoIP/SIP • SIP protocol still in rolling development • Many vendors adding non-standard methods that don’t always interop • QOS and bandwidth issues, lost/out-of-order packets • Power over Ethernet (PoE) not widespread • Each SIP end-user device may state its own presence • “Near-end” and “Far-end” NAT traversal • Little policy/compliance for end-to-end data transfer • Scalability & HA of VoIP infrastructure • Emergency procedures (911) • Security challenges (data capture, MITM, DDoS, virus?, encryption not commonly used) • CALEA – capturing end-point data and media (though not necessarily un-encrypted media)

  15. Dynamic Cluster with SIP Farm • Single-address for email, collaboration, and VoIP • Email traffic can be separated from SIP Farm • Consolidated Identity management but Frontends are “specialized” • Protects voice QOS even in event of DDoS or spam

  16. Implications of Presence & Availability • Far more invasive to be receiving voice calls unexpectedly than email/IM • Requires assurance of identity in order to make presence and availability decisions • Presence could reveal vulnerabilities, and must be granted granularly and selectively, especially outside the protected environment

  17. Total Converged Solution with CGP CommuniGate Pro • Complete SIP-based infrastructure and applications • Personalized voice and data services for thousands of domains • All-Active Dynamic Cluster for 99.999% uptime for Messaging and Real-time traffic • CGP handles all SBC and NAT traversal functions

  18. Super Cluster • Cluster of Clusters • Used for scaling when regions are desired or when limited by storage subsystem • Capable of sharing mailboxes between Backend clusters

  19. CGP is not a Closed System • The closed-network model for VoIP will inevitably end • No one ever needs to ask whether their system can send an email to Yahoo • Insecure for business – relies on outside, often unknown vendors • Susceptible to cost hikes • Not based on standards • Not a true “end-to-end” model for direct connectivity • Not a real Internet model - based more on the PSTN of the past

  20. CGP Embraces Open Standards • Open, RFC-compliant standards ensure all users can communicate • The distributed Internet model has been proven with email, and is inevitable with voice • Businesses are empowered with the ability to define their security and privacy policies • Service Providers can offer security and encryption as well as perform Lawful Interception • All users can choose their own choice of client for email, collaboration, and voice and still interoperate with one another

  21. EdgeGate Services • In a Dynamic Cluster, the CommuniGate Pro “Frontend Servers” handle most EdgeGate Services • In the Core Server, all functions handled on the same server • Built-in Connection flow control, SPF, Reverse Connect, and Session Border Control • Third-party plugins provided to complete the anti-spam/anti-virus defense: • - Mailshell SpamCatcher • - Cloudmark Authority • - McAfee VirusScan • - Sophos Virus Scanner • - Kaspersky Virus Scanner

  22. Massively Scalable Clustering for VoIP Media Session Signaling Session Media Session Signaling Session Media Session Media Proxy

  23. HP-CommuniGate-Navtel VoIP Benchmark

  24. VoIP Benchmark Results - Navtel

  25. VoIP Benchmark Results - sipp

More Related