Deploying SIP on a Global Scale

1
(No Transcript)
2
Deploying SIP on a Global Scale

• Thom OConnor
• Director, Product and Services
• CommuniGate Systems
• January 25, 2007

3
VoIP in the News

• We are in the midst of a VoIP communications
  revolution - Jeff Pulver

The use of IP PBXs is poised to soar, according
to a study by In-Stat that predicts sales of
these devices will represent 51 of all PBX sales
this year and grow to 91 worldwide by 2009. -
Network World, August 2005
4
Long-term Benefits of VoIP

• Sophisticated call management presence, call
  forwarding/routing
• Integrated voice, video, file transfer, IM
• (Arguably) communications at lower cost and with
  richer media (although the cost benefits of are
  in transition and debatable)
• Consolidated identity management
• Granular policy/compliance capabilities
• ENUM for convergence of telephone numbers IP
  addresses
• Mobility, access, flexibility

5
Focusing on SIP-initiated VoIP

• VoIP is an ambiguous concept encompassing many
  protocols including H.323, MGCP, SIP, 3GPP/IMS
• VoIP provides the IP-based transfer of
• Audio Video (multimedia)
• Instant Messages
• Client-driven application sharing whiteboarding
• Session Initiation Protocol (RFC 3261) SIP
  provides for open and standards-based signaling
• SIP provides registration, authentication, and
  discovery - allows two or more clients to locate
  each other, select a media type define media
  sockets using SDP
• RTP used for audio/video payload, and often times
  directly between end devices

6
Diagram of SIP-initiated VoIP
7
Network Models for IP Communications

• Service-Provider Model
• Internet SIP usage with basic SIP Proxies
• Client-Server SIP model, trusted users only
• P2P Model
• Distributed SIP model

8
Service-Provider Model

• Advantages
• Easy to implement and use for end users
• Theoretical possibility of security within each
  provider
• Standardization not required
• Disadvantages
• Proprietary, (often) closed networks
• Many non-interop devices
• Relatively few providers, relatively little
  choice potential for oligopoly
• Actual security of data and accounts is unknown
• Little/no policy control

9
Internet SIP with basic SIP Proxies

• Advantages
• Stateless proxies can achieve high performance,
  but often not usable or secure
• Disadvantages
• Great difficulty in consistent signaling and
  media establishment with end users, especially
  those behind firewalls
• Little or no gateway session control (may be most
  significant for enterprise users)
• NAT traversal problems STUN/TURN provides some
  NAT capabilities
• Presence conflicts when more than one end-user
  agent per user

10
Client-Server SIP model, trusted users only

• Advantages
• Tight authentication and REGISTER control
• Little threat of Spam, Caller ID spoofing
• Mostly-secure internal communications
• Near-end and Far-end NAT traversal capable
  (if the SIP infrastructure is)
• Disadvantages
• Not truly a Internet-wide distributed SIP
  infrastructure
• All non-local sessions routed through PSTN or
  other public service providers (IM gateways, etc.)

11
P2P Model

• Advantages
• True IP-to-IP (as well as potentially IP-to-PSTN
  connectivity)
• Potentially free and unrestricted for IP-to-IP
• Cost
• Disadvantages
• Not appropriate for Enterprises with controls on
  security/privacy
• Implemented today as another closed network
• Skype authentication network would appear to be a
  single point of failure
• Current implementations are not open standards
  therefore restricted and unknown security
• Depending on viewpoint
• Very difficult to block

Ref http//arxiv.org/ftp/cs/papers/0412/0412017.p
df
12
Distributed SIP Model

• Advantages
• True Internet Communication
• Sophisticated SIP gateways with session control
  capabilities
• Reliable media streams
• Server-based presence agents
• Session border control capabilities allow for
  content scanning, policy control (such as being
  able to enforce SIPS and SRTP)
• Disadvantages
• Predictable addressing leads to same problems of
  spam
• Depending on your point of view, greater
  possibility of stream interception at gateway
  choke points (as compared to P2P

-gt Begins to look a whole lot like email today
13
Evolutionary Path for Internet Communications?

• Current IM and free VoIP model is similar to
  that of the PSTN phone network centralized
  services providing end-user accounts
• VoIP as a form of Internet Communications is far
  more powerful distributed, open, interoperable
  with many servers/clients
• Ultimately will look more like email does
  today?
• Move from IP-to-PSTN/PSTN-to-IP to end-to-end,
  IP-to-IP
• Trend towards distributed services out towards
  end-points (domain/DNS-based, maybe true P2P)
• WiFi/WiMAX phones may provide the last mile for
  end-to-end
• Conclusion SIP/RTP must be implemented via the
  standards and architectural best practices to be
  opened at the gateway points

14
Implications of Distributed VoIP

• Recipients must be given tools to manage
  accessibility and risks
• Strong requirements for user and domain-level
  authentication and ultimately, reputation
  services
• Requirements for relay protections, content
  filtering, gateway policies, anti-spoofing,
  lawful intercept
• Protection against DDoS, IP-based restrictions -
  RBLs, blacklists, whitelists
• User-based rules for protection
• Requirements for HA, clustering, and QOS
• Less reliance/dependence on service providers
  (acting as oligopolies)
• Policy management through sophisticated SIP
  gateway controls

15
Challenges of Implementing VoIP/SIP

• SIP protocol still in rolling development
• Many vendors adding non-standard methods that
  dont always interop
• QOS and bandwidth issues, lost/out-of-order
  packets
• Power over Ethernet (PoE) not widespread
• Each SIP end-user device may state its own
  presence
• Near-end and Far-end NAT traversal
• Little policy/compliance for end-to-end data
  transfer
• Scalability HA of VoIP infrastructure
• Emergency procedures (911)
• Security challenges (data capture, MITM, DDoS,
  virus?, encryption not commonly used)
• CALEA capturing end-point data and media
  (though not necessarily un-encrypted media)

16
Dynamic Cluster with SIP Farm

• Single-address for email, collaboration, and VoIP
• Email traffic can be separated from SIP Farm
• Consolidated Identity management but Frontends
  are specialized
• Protects voice QOS even in event of DDoS or spam

17
Implications of Presence Availability

• Far more invasive to be receiving voice calls
  unexpectedly than email/IM
• Requires assurance of identity in order to make
  presence and availability decisions
• Presence could reveal vulnerabilities, and must
  be granted granularly and selectively, especially
  outside the protected environment

18
Total Converged Solution with CGP
CommuniGate Pro

• Complete SIP-based infrastructure and
  applications
• Personalized voice and data services for
  thousands of domains
• All-Active Dynamic Cluster for 99.999 uptime for
  Messaging and Real-time traffic
• CGP handles all SBC and NAT traversal functions

19
Super Cluster

• Cluster of Clusters
• Used for scaling when regions are desired or
  when limited by storage subsystem
• Capable of sharing mailboxes between Backend
  clusters

20
CGP is not a Closed System

• The closed-network model for VoIP will inevitably
  end
• No one ever needs to ask whether their system can
  send an email to Yahoo
• Insecure for business relies on outside, often
  unknown vendors
• Susceptible to cost hikes
• Not based on standards
• Not a true end-to-end model for direct
  connectivity
• Not a real Internet model - based more on the
  PSTN of the past

21
CGP Embraces Open Standards

• Open, RFC-compliant standards ensure all users
  can communicate
• The distributed Internet model has been proven
  with email, and is inevitable with voice
• Businesses are empowered with the ability to
  define their security and privacy policies
• Service Providers can offer security and
  encryption as well as perform Lawful Interception
• All users can choose their own choice of client
  for email, collaboration, and voice and still
  interoperate with one another

22
EdgeGate Services

• In a Dynamic Cluster, the CommuniGate Pro
  Frontend Servers handle most EdgeGate Services
• In the Core Server, all functions handled on the
  same server
• Built-in Connection flow control, SPF, Reverse
  Connect, and Session Border Control
• Third-party plugins provided to complete the
  anti-spam/anti-virus defense
• - Mailshell SpamCatcher
• - Cloudmark Authority
• - McAfee VirusScan
• - Sophos Virus Scanner
• - Kaspersky Virus Scanner

23
Massively Scalable Clustering for VoIP
Media Session
Signaling Session
Media Session
Signaling Session
Media Session
Media Proxy
24
HP-CommuniGate-Navtel VoIP Benchmark
25
VoIP Benchmark Results - Navtel
26
VoIP Benchmark Results - sipp
27
(No Transcript)