1 / 12

The Need for Enterprise Session Border Controller

The Need for Enterprise Session Border Controller. The E-SBC allows the enterprise to control its SIP implementation. The Ingate SIParator ®. Why does the Enterprise need an SBC?. Normalization of the SIP signaling To insure interoperability with the service provider

tyler
Download Presentation

The Need for Enterprise Session Border Controller

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Need for Enterprise Session Border Controller The E-SBC allows the enterprise to control its SIP implementation The Ingate SIParator ®

  2. Why does the Enterprise need an SBC? • Normalization of the SIP signaling • To insure interoperability with the service provider • NAT and Firewall traversal • To enable SIP to the enterprise • To permit placement of the PBX behind the firewall • Security through deep packet inspection • Avoid delivery of mal-formed packets • Control through authentication • Reduce opportunity for theft of services • Intrusion Prevention / Detection • Protect against Denial of Service attacks • Disaster recovery • Eliminate single points of failure • Quality of Service • To deliver the highest quality voice • Performance metrics • Encryption for private communications

  3. Two Ways to Connect to a SIP Trunk Over the Public Internet PSTN SIP System SIP System SIPTrunking Provider Network Public Internet GW GW SIPTrunk over Internet IP- PBX Firewall Firewall Data & VoIP LAN Over a Managed Line PSTN SIPTrunking Provider Network Public Internet Managed SIPTrunk IP- PBX Data & VoIP LAN

  4. 360 Networks • Airespring • AT&T • BandTel • Bandwidth.com • Bell Canada • Broadvox • Cablevision • Cbeyond • Cellip • Cordia • Deltacom • Excel • Gamma • Global Crossing • IP-Only • Nectar • Level 3 • Netlogic • NetSolutions • Nexvortex • Nuvox • OneCommunications • Paetec • Primus • Qwest • RNK Telecom • Skype • SoTel • TDC • Tele2 • Toplink • Verizon • VoEX • VoIP Unlimited • Windstream • Voxbone More in pipeline..... Compliant with Confirmed Interoperability Service providers IP-PBXs Ingate SIParator® -or- Ingate Firewall • Aastra • Aastra MX-One • Adtran Netvanta UC • Avaya CM & SM • Cisco Call Manager • Digium / Asterisk • Fonality • HP VCX • Innovaphone • Interactive Intelligence • Iwatsu • Microsoft OCS 2007 • Mitel • NEC / Sphere • Nortel BCM / SCS / CS1K • Panasonic • SER • Shoretel • Siemens • SIP-Gear • Swyx SIP Trunk Carrier Equipment • Acme Packet • Broadsoft • GenBand • Sonus

  5. SIP System GW SIP Trunking does not pass a SIP unaware NAT/firewall! … and the firewall cannot even be opened enough to make it work. Firewall DataLAN NAT and Firewall Traversal Problem SIPTrunking Provider Public Internet PSTN IP-PBX

  6. 168.x.xx 10.x.xx E-SBC Functions Ingate SIP Proxy SIP Proxy/Registrar SIP Signaling Media IP-Phone ITSP 1.Check the SIP signaling, packet inspection -Full flexibility to handle future threats 2.Rewrite for the different address spaces 3.Forward the signaling to the correct SIP proxy or client • 4.Open ports (UDP/TCP) in the firewall for the media • -Only for the duration of the call • -Only between the exact endpoints 5.Media flows through the ports 6.Close ports after the call

  7. DOS Protection Dynamically allow authenticated users Internet Mobile user Block non authenticated users ITSP Monitor traffic and block end-points with a un-normal behavior Spammer IP-PBX

  8. Termination , Pass through or Transcoding TLS In the clear In the clear TLS RTP SRTP SRTP __SRTP__ SRTP IP-Phone IP-PBX / SIP Server Ingate Firewall or SIParator Encryption • Encrypted SIP signalling • Support for TLS • Encrypted media • Support for SRTP (Sdescriptions)

  9. Far-End NAT Traversal and STUN Security Encryption Termination / Transcoding Near-EndTraversal SIP Proxy,ALG, B2BUA, Registrar SIP Proxy,ALG, B2BUA, Registrar SIP-ALG-only Firewalls can only do this much SIP Filtering Authentication Firewall & NAT Flexible Control SIPTrunking Tool Set Extensive SIP Feature Set Sol. for RemoteWorkers Extensive Diagnostic Tools Call Qualiity Statistics QoS, Taffic Mgmt ENUM Support Service Provider Compatibility IP-PBX Compatibility SIP Trunking

  10. Network Installation Options

  11. Why does the Enterprise need an SBC? • Eliminate interoperability issues • Resolve NAT traversal through the firewall • Security • Place the PBX in the private IP space • Authenticate to prevent theft of services • Protect against Denial of Service attacks • Eliminate single points of failure • Manage bandwidth for optimal voice experience • Measure quality of the voice • Encryption of Signaling and Media for privacy

  12. Please contact me at any time: Steve Johnson President Mail & SIP: steve@ingate.com Direct: 1-603-883-6569

More Related