Dialogic IMG 1010 / Radware AppDirector SIP Solution Guide

Dialogic IMG 1010 / Radware AppDirector SIP Solution Guide

Products:

Dialogic IMG 1010 Integrated Media Gateway

Radware AppDirector running APSOLUTE OS 1.05.06

Table of Contents

SIP OVERVIEW......................................................................................................3

DIALOGIC SIP SUPPORT OVERVIEW.................................................................3

RADWARE APPDIRECTOR SIP SUPPORT OVERVIEW....................................4

SECURITY..............................................................................................................4

Test Flow Description.....................................................................................................................................6

AppDirector Configuration...........................................................................................................................7Overview......................................................................................................................................................7Initial AppDirector Configuration...............................................................................................................8Farm Configuration......................................................................................................................................9Create Layer 4 Policy.................................................................................................................................11Configure L7 Persistency...........................................................................................................................12Adding Servers to the Farm.......................................................................................................................14Outbound SIP Support Configuration........................................................................................................15Server NAT Configuration........................................................................................................................16Health Monitoring Configuration..............................................................................................................16

.......................................................................................................................................................................23

Redundant AppDirector Configuration.....................................................................................................24General Notes.............................................................................................................................................24Active Device VRRP Configuration Steps................................................................................................25Backup AppDirector Redundancy Configuration......................................................................................29Backup AppDirector VRRP Redundancy Configuration..........................................................................38

Technical Support.........................................................................................................................................42

SIP Overview

Session Initiation Protocol (SIP) is a signaling protocol that establishes realtime, interactive communication sessions over Internet protocol (IP) networks. Because it is a textbased protocol similar to HTTP, it enables the seamless exchange of information between User Equipment and Application Servers from a variety of manufacturers.

The SIP primary protocol includes Real Time Protocol (RTP) and the Session Description Protocol (SDP). SIP also allows for the scalable and extensible implementation of an array of applications including audio, video, chat, instant messaging, collaborating & white boarding. It provides fast convergence for IP telephony. For VoIP applications, SIP requires much less overhead than its predecessor, the H.323 protocol.

SIP has been accepted as a standard by the Internet Engineering Task Force (IETF) as RFC3261 and is gaining rapid acceptance from major equipment providers, service providers, enterprises and software companies.

Dialogic SIP Support Overview

Dialogic® IMG 1010 Integrated Media Gateway is a carriergrade VoIP gateway that supports both media and signaling in a single chassis. It allows service providers to add new telephony services quickly, and gives them a clear migration path to an allIP network.

The IMG 1010 provides anytoany voice network connectivity and can deliver SIP services into legacy PRI, CAS, and SS7 networks, as well as IPtoIP transcoding for network peering applications. Its compact 1U highdensity design, integrated SS7 termination across multiple gateways, GUIbased management, and software licensing for inservice capacity expansion make the IMG 1010 an excellent option for VoIP.

The IMG 1010 also features the Dialogic® Programmable Protocol Language (PPL), which allows rapid implementation of SS7 ISUP variants and other signaling changes.

Radware AppDirector SIP Support Overview

The AppDirector can be used to manage various SIP services over a single public IP address. AppDirector is able to differentiate traffic by the required SIP service and forward the traffic to the relevant SIP servers, logically represented in groups referred to as farms. This saves public IP addresses, and provides transparent scalability allowing the addition of more services to an existing SIP service IP address. The service differentiation also allows for individual farm logic for the Application Servers who represent the individual services. This is important because dispatch methods and persistency requirements can vary per Application and the AppDirector is flexible enough to manage differentiated service requirements with a single switching engine while delivering the most granular traffic distribution possible.

The AppDirector constantly monitors the health of SIP servers using SIP Option requests. When a SIP server is detected to be down, based upon application responses, the AppDirector automatically switches to other available SIP servers.

The AppDirector maintains persistency of SIP sessions, typically based on SIP Call ID. The AppDirector makes sure that all signaling packets of the same call are sent to the same SIP server. Since SIP is used for session signaling only and not for the actual media transfer, maintaining persistency allows SIP servers to see both session initiation and session termination. This is critical for SIP services, such as accounting and billing, which are based on session duration. There are also many stateful elements within an IMS ecosystem that require bidirectional persistency for signaling functionality. For this reason, the AppDirector is also learning the persistency identifier, which can be any SIP header field, in both directions to ensure traffic originated from the server is also honored as if it was a session initiated like any User Equipment.

Security

With the convergence of the voice and data networks, security of network infrastructure has become a key issue. Security is considered by network managers to be the main impediment for implementing VoIP, and other rich media application services i.e. SMS, OMS & IMS. Fearing that their voice servers could be potential targets for Distributed Denial of Service (DDoS) attacks.

AppDirector’s comprehensive security suite ensures that voice services are not compromised by DoS attacks or other exploits of the SIP protocol, allowing reliable and continuous delivery of VoIP and related mix media services. The unique combination of signature and behavioral based protection provides a no touch zero day protection solution that mitigates DDoS attacks while managing the high availability and scalability of the services protected.

SIP Server Subsystem Architecture

SIP Servers are designed to provide a highly scalable and highly available subsystem for deploying SIP applications. The basic architecture consists of Diagram 1.0 below:

Diagram 1.0 SIP Server Subsystem Architecture

Test Flow Description

Diagram 2.0 below illustrates the flow of an INVITE request from UAC to the Virtual IP on the AppDirector and from there, to IMG1. Address translation (highlighted in red) is performed by the AppDirector on the inbound packet before forwarding it to the server. In the server’s reply, the source address is translated back to the Virtual IP before it is forwarded to the UAC. Although this illustration is for an INVITE request, the process is the same for other SIP packets as well.

Note: The AppDirector selects IMG1 or IMG2 for all new sessions, and maintains persistence based on the CallID for the duration of the session.

UA1 4.3.2.1 LB 10.129.50.13 IMG1 10.129.50.30| | || | ||(1) Invite (to UA2) | ||> | ||(4.3.2.1 > 10.129.50.13) |(2) Invite || |> || |(4.3.2.1 > 10.129.50.30) || | |

| |(3) 100 (Trying) || |< |

| |(4.3.2.1 > 10.129.50.30) ||(4) 100 (Trying) | || < | ||(4.3.2.1 > 10.129.50.13) | || |(5) 180 (Ringing)|| |< |

| |(4.3.2.1 > 10.129.50.30) ||(6) 180 (Ringing) | ||< | | |(4.3.2.1 > 10.129.50.13) || | | (7) 200 OK

|| |< || |(4.3.2.1 > 10.129.50.30 |

|(8) 200 OK | ||< | |

| (172.40.4.70 > 4.3.2.1) | || | ||(9) ACK | (10 ) ACK ||> |> || (4.3.2.1 > 172.40.4.70) | (4.3.2.1 > 10.129.50.30) |

Diagram 2.0 – Message Flow Description

AppDirector Configuration

Overview

This document details the step by step AppDirector configuration via the Web Based Management GUI needed to create the “IMGGTWY” Virtual IP (10.129.50.13) and its two Servers:

• IMG1 (10.129.50.30)• IMG2 (10.129.50.28)

The following diagram provides details about the configuration

Diagram 3.0 – Logical Topology

The following steps should be done in order due to configuration dependencies, e.g. a Farm has to be created before Servers can be added to it. If desired parameters are not found, then either a required configuration step was not first performed or the page has to be refreshed.

Initial AppDirector Configuration

Using a serial cable and a terminal emulation program, connect to the AppDirector.

The default console port settings are:

• Bits per Second: 19200

• Data Bits: 8• Parity: None• Stop Bits: 1• Flow Control: None

1. Assign the following management IP address to interface 1 of the AppDirector:

• 208.209.43.69/ 24

2. Create a default gateway route entry on the AppDirector pointing to 208.209.43.1.

3. Using a browser, connect to the management IP Address of the AppDirector (208.209.43.69) via HTTP or HTTPS. The default username and password are “radware” and “radware”.

Failure to establish a connection may be due to the following:

• Incorrect IP Address in the browser• Incorrect IP Address or default route configuration in the AppDirector• Failure to enable Web Based Management or Secure Web Based

Management in the AppDirector• If the AppDirector can be successfully pinged, attempt to connect to it

via Telnet or SSH. If the pinging or the Telnet/SSH connection are unsuccessful, reconnect to the AppDirector via its console port. Once connected, verify and correct the AppDirector’s configuration as needed.1

Farm Configuration

1. From the menu, select AppDirector Farms Farm Table to display the Farm Table page similar to the one shown below:

1 To enable webbased management from the console command line interface, use “manage web status set enable”

2. Click the Create button.

3. On the Farm Table Create page, enter the necessary parameters as shown below:2

4. Click the Set button to save parameters.

5. Verify that the new entry was created on the Farm Table page:

2 Items circled in red indicate settings that need to be entered or changed. Items not circled should be left to default settings.

Create Layer 4 Policy

1. From the menu, select AppDirector Layer 4 Farm Selection Layer 4 Policy Table to display the Layer 4 Policy Table page similar to the one shown below:


3. On the Layer 4 Policy Table Create page, enter the necessary parameters as shown below.

4. Click the Set button to save the parameters.

5. Verify that the new entry was created on the Layer 4 Policy Table page:

Configure L7 Persistency

1. From the menu, select AppDirector L7 Server Persistency Text Match to display the Text Match Session ID Persistency page similar to the one shown


3. On the Text Match Session ID Persistency Create page, enter the necessary parameters as shown below.


5. Verify that the new entry was created on the Text Match Session ID Persistency page:

Adding Servers to the Farm

1. From the menu, select AppDirector � Servers Application Servers to display the Server Table page similar to the one shown below:

2. On the Server Table Create page, enter the necessary parameters as shown below:


4. Verify that the new entry was created on the Server Table page:

5. Create the second server using the information below:

6. Verify that the second server entry was created on the Server Table page.

Outbound SIP Support Configuration

1. From the menu, select AppDirector Global Tweaks to display the Tweaks page.

2. On the Tweaks page, change the parameters as shown below:

Server NAT Configuration

3. From the menu, select AppDirector NAT Server NAT to display the Global Parameters page.

4. On the Global Parameters page, change the parameters as shown below:


Health Monitoring Configuration

6. From the menu, select Health Monitoring Global Parameters to display the Health Monitoring Global Parameters page.

7. On the Health Monitoring Global Parameters page, change the parameters as shown below:


9. Create the Health Monitoring Check for the First Server.

10.From the menu, select Health Monitoring Check Table to display the Health Monitoring Check Table page similar to the one shown below:

11.Click the Create button.

12.On the HM Check Table Create page, enter the necessary parameters as shown below:

13.Before clicking the Set button, choose the button next to Arguments to populate the specific settings for the rest of this check.

14.Enter the information below:

Request: [email protected]: [email protected]

mailto:[email protected].

15.Click the Set button for the Method Arguments and click the Set button again in the HM Check Table Create window.

16.You should have a single entry in the Health Monitoring Check Table:

The status of this check may display “Unknown” until the server replies successfully to the AppDirector’s check.

17.Create the Health Monitoring Check for the Second Server

18. If the Health Monitoring Check Table page is not already displayed from the previous step, select Health Monitoring Check Table from the menu.


20.On the HM Check Table Create page, enter the necessary parameters as shown below:

21.Click the button next to the Arguments text box to configure the check specific arguments:


22.Click the Set button to save the Method Argument parameters.

23.Verify that the Arguments text box has been populated.

24.Click the Set button to save the Health Check.

25.Verify that the new entry was created on the Health Monitoring Check Table page:


26.Binding Health Checks to Servers

27.Create the Health Monitoring Binding for the First Server

28.From the menu, select Health Monitoring Binding Table to display the Health Monitoring Binding Table page similar to the one shown below:


30.On the HM Binding Table Create page, enter the necessary parameters as shown below:

31.Click the Set button to save parameters.

32.Verify that the new entry was created on the Health Monitoring Table page:

33.Create the Health Monitoring Binding for the Second Server

34. If the Health Monitoring Binding Table page is not already displayed from the previous step, select Health Monitoring Binding Table from the menu.


36.On the HM Binding Table Create page, enter the necessary parameters as shown below:

37.Click the Set button to save parameters.

38.Verify that the new entry was created on the Health Monitoring Binding Table page:

This completes the AppDirector SIP Configuration.

Redundant AppDirector Configuration

For complete highavailability, Radware encourages implementing pairs of AppDirector units in an Active / Backup configuration. If your implementation of this architecture includes only a single AppDirector, then it is unnecessary to follow the steps in this section.

The following diagram provides details of such an architecture based on the same test environment:

Diagram 4.0 – Logical Redundancy Topology

General Notes

The overall configuration of a backup AppDirector is almost identical in many ways to that of the active device. There are, however, several important differences that are noted throughout these steps. Radware offers two means of redundancy and failover between pairs of devices – Proprietary and VRRP.

Since VRRP is a more commonly used method within the industry, this section will cover the steps to configure both AppDirectors using that method.3

There are separate configuration steps to be taken on both the Active and Backup AppDirector devices, and this section is divided into two parts – one for the active device and one for the backup device.

Active Device VRRP Configuration Steps

1. From the webbased management (WBM) screen, go to AppDirector Redundancy Global Configuration and set the parameters as noted below:

2. Click the Set button to save these changes.

3. Go to AppDirector Redundancy VRRP Virtual Routers and create a new entry.

3 For a detailed discussion of VRRP, see RFC 3768.


5. Go to AppDirector Redundancy VRRP Associated IP Addresses and create a new entry:

6. Click the Set button to save the parameters and you should have a single entry in the Associated IP Addresses window:

This address is that of the Active AppDirector’s physical interface. It is also the default gateway setting on the servers.

7. Create a second entry in the Associated IP Addresses table:

This is the Virtual IP Address.


9. When complete, you should have two entries in the Associated IP Addresses window:

10.Go to AppDirector Redundancy VRRP Virtual Routers and click on the link to If Index 1:

11.Change the Admin Status from down to up, but leave all other settings unchanged:

12.Click the Set button to save the parameters.

13.Make certain that the State of this VR is displayed as Master in the Virtual Router table:

This completes VRRP redundancy configuration on the Active AppDirector.

Backup AppDirector Redundancy Configuration

1. Using a serial cable, connect to the backup AppDirector with a terminal emulation program. The settings for the connection should be

• Bits per Second: 19200• Data Bits: 8• Parity: None• Stop Bits: 1• Flow Control: None

2. Assign the device a management IP address on Interface 16 of 208.209.43.70/ 24.

3. Create a default gateway router entry on the device pointing to 208.209.43.1.

4. Connect to the management IP address of the backup device using a browser. The default username and password is radware.

5. Go to AppDirector Farms Farm Table and create a new entry:


7. Go to AppDirector Layer 4 Farm Selection Layer 4 Policy Table and create a new entry:

Note that the Redundancy Status on this farm has been set to Backup.


9. Configure Layer 7 Persistency by going to AppDirector L7 Server Persistency Text Match and creating a new entry:


11.Add both servers to the SIP_TEST farm.

12.Go to AppDirector Servers Application Servers Table and create a new entry:


14.Create a second entry in the Server Table:


16.You should have two servers in the Server Table:

17.Enable Health Monitoring by going to Health Monitoring Global Parameters and changing the following setting:


19.Create the first Health Check by going to Health Monitoring Check Table and creating a new entry:

20.Before clicking the Set button, choose the button next to Arguments to populate the specific settings for the rest of this check:

Request: [email protected]


From: [email protected]

21.Click the Set button for the Method Arguments and click the Set button again in the HM Check Table Create window.

22.Create a second entry in the Health Checks table for the second server:

23.Click the button next to the Arguments text box to configure the check specific arguments:


24.Click the Set button to save the Method Argument parameters.

25.Click the Set button to save the Health Check.

26.You should have two entries in the Health Check Table:


27.Bind the Health Checks to the Servers by going to Health Monitoring Binding Table and creating a new entry:


29.Create a second entry in the Health Monitoring Binding Table:


31.Verify that you have two entries in the Health Monitoring Binding Table:

Backup AppDirector VRRP Redundancy Configuration

1. On the Backup AppDirector, go to AppDirector Redundancy Global Configuration and change the following setting:


3. Go to AppDirector VRRP Virtual Routers and create a new entry:

Note that the Priority on the Backup AppDirector is set to 254 while on the Active device, this value was set to 255. The device with the higher priority will be Master of this Virtual Router.


5. Go to AppDirector VRRP Associated IP Addresses and create a new entry:

Note that this is the interface address of the Active AppDirector. Since that IP address functions as the default gateway address for each of the farm servers, we will need to backup AppDirector to assume responsibility for this IP if the Active device fails.


7. Create a second entry in the Associated IP Addresses table:

This is the Virtual IP address.


9. Go to AppDirector Redundancy VRRP Virtual Routers and edit the existing entry by clicking on the link:

10.Change the Admin Status from down to up:


12.Note that the State on the Backup device for this Virtual Router is backup:

You can test redundancy by unplugging the network connection on the Active AppDirector to the switch. If you have a console connection established on the Backup AppDirector, you should see traps indicating that it has become Master

for the Virtual Router. You can also see that the State for the VR on the Backup AppDirector will change to master:

13.Replace the network cable for the Active AppDirector.

This concludes the section on redundancy configuration for AppDirectors.

Technical Support

Radware offers technical support for all of its products through the Radware Certainty Support Program. Please refer to your Certainty Support contract, or the Radware Certainty Support Guide available at:

http://www.radware.com/content/support/supportprogram/default.asp.

For more information, please contact your Radware Sales representative or:

http://www.radware.com/content/support/supportprogram/default.asp

U.S. and Americas: (866) 2345763International: +972(3) 7668666

Documents

Dialogic IMG 1010 / Radware AppDirector SIP Solution Guide