APKT PB Slides SBCs vs Firewalls 090608

8/9/2019 APKT PB Slides SBCs vs Firewalls 090608

http://slidepdf.com/reader/full/apkt-pb-slides-sbcs-vs-firewalls-090608 1/8

The leaderin session border control

for trusted, first class

interactive communications



Comparison of SBCsto SIP firewall/ALGs



Firewall with SIP ALG

Back-to-back user agent

– Fully state-aware at

layers 2-7

– Inspects and odi!ies anyapplication layer header in!o

"SIP# S$P# etc%&

– 'an terinate# initiate#

re-initiate signaling ( S$P

– Static ( dynaic A'Ls

)aintains single session

– Fully state-aware at

layers * ( + only

– Inspects and odi!ies onlyapplication layer addresses

"SIP# S$P# etc%&

– ,nable to terinate# initiate#

re-initiate signaling ( S$P

– Static A'Ls only

3 Acme Packet

Summar comparison!

SBCs vs" #irewalls with SIP ALGs

SIP trunking

$ata center

IP PB,' ser.er

SIP trunking

$ata center

IP PB,' ser.er

SB'



SBC vs" firewall w/ SIP ALG comparison

Securit scenarios

4 Acme Packet

,se casescenario Business challenge /echnical re0uireents SB'

F1 wALG

SB'F1$oS$$oSsel!-protection

Prevent malicious ornon-malicious SIPsignaling or mediaattacks & overloadsfrom making the SBCor F non-res!onsive

" #$namicall$ %lock attacks

" #etectre'ect non-com!liant(signaling) !rotocol) trafficlevels* SIP sessions

" Initiate SIP B+,s to tear

don core-side sessions" Statefull$ control legitimate

SIP registrations duringoverloads

3etwork abusecontrol

Prevent unauthori.edor fraudulent netork

usage

" Control num%er & %andidthof simultaneous sessions

" Stri! unauthori.ed codecsfrom S#P headers

" Scan SIP headerattachments forunauthori.ed content




Application reach, re$ulator scenarios

/ Acme Packet

,se casescenario Business challenge /echnical re0uireents SB'

F1 wALG

IP PB and,' protocolinterworking

0ranslate dissimilarsignaling (SIP) 1233*)trans!ort (#P) 0CP)SC0P* & encr$!tion(none) 05S) S60P)IPsec*

" 0erminate SIP sessionsand translate la$er -7!rotocol information

" Fi8 !rotocol anomalies &inconsistencies

4eote site3A/ tra.ersal

,na%le users %ehindF9A0s to originateand receive :oIP callsand C sessions

" ;ee! F !inholes o!en %$resetting SIP registrationinterval to less than F!ort 005 and caching SIPregistrations %$ F IP!ort

Sessionreplication!or recording

Com!l$ ith regulator$re<uirements andma8imi.e customerservice <ualit$

" 6e!licate all SIP signalingand media to recordingserver(s* in addition tointended reci!ient

" 6e!licate selective or allsessions




Availabilit scenarios

= Acme Packet

,se case

scenarioBusiness challenge /echnical re0uireents SB'

F1 w

ALG

$ata centerdisasterreco.ery

Assure constant serviceavaila%ilit$ and <ualit$

" 9etork SBC – detectfailure of datacenter SIPsession agents and re-route SIP sessions

" #atacenter SBC – translate!hone num%ers in SIP

headers for SIP trunkgeo-redundanc$

4eote sitesur.i.ability

Provide alternative !athfor :oIPC traffic hen!rimar$ !ath %ecomesunavaila%le

" >onitor link and routingstate of u!stream router &SIP registration state ofremote IP PB?C server

" 6e-route SIP signaling andmedia to alternativetrunking !rovider) PS09media gatea$ or Internet

5igha.ailabilityoperation

,nsure no loss of activesessions or session stateduring failover

" Check!ointing of SIPsignaling) media andconfiguration state %eteen

active & stand%$ elements




SLA assurance scenarios

7 Acme Packet

,se case scenarioBusinesschallenge /echnical re0uireents SB'

F1 wALG

6o-basedrouting

>a8imi.e voice<ualit$ and relia%ilit$of services anda!!lications

" Activel$ monitor voice @oSthresholds and AS6

" 6e-route or redistri%utetraffic as needed

" 6elease media ithin

access netork to o!timi.e<ualit$

IP PB,' ser.ersessionadission (o.erload control

,nsure continuousservice availa%ilit$and <ualit$) evenunder adverse trafficloads andor attack

" #$namicall$ monitor serverstatus and control SIPsignaling flos to IPPB?C servers accordingl$



The leaderin session border control

for trusted, first class

interactive communications

Documents

APKT PB Slides SBCs vs Firewalls 090608