Solutions for SIP Trunking The SIP trunking enabler

Solutions for SIP Trunking

The SIP trunking enabler

Benefits of Ingate SIP Trunking Products for Service Providers

Support for all SIP PBX’s in the market Expansion of Service Provider market of opportunity

Service Provider Demarcation Point Clear point of demarcation towards customer

Resolution of NAT traversal issues Security and Control Easy expansion to support Unified Communications Ingate Element Management System

Efficient provisioning and monitoring

SIP Trunking and BeyondCore Functionality: NAT/Firewall traversal Interoperability between PBX and Service

Provider Networks Quality of Service (QoS)` Security Service Provider Demarcation Point

An Ingate solution can also enable: Connecting remote users to the PBX Secure interoffice connection WiFi mobile phone communication Multimedia communication

Benefits of SIP Trunking Monthly cost savings Single network for all communications Lower cost of Moves, Adds and Changes Disaster Recovery / Business Continuity User provisioning First step in achieving Unified

Communications Voice, Video, IM, Presence, etc. Remote workers WiFi mobile phone communication

SIP is the future of Telecommunications

The Ingate ProductsEnabling General NAT/firewall Traversal for SIP

Complete Firewalls Add-on to Existing Firewalls

Firewall & NAT/PAT SIP Proxy SIP Back to Back User Agent SIP Registrar

DMZ

Existing Firewall

SIParator®

The Ingate Family

Firewall® 1190or

SIParator® 19

Firewall® 1900or

SIParator® 90

50 Calls*50 Mbit/s

4500 Packets/s

Firewall® 1500or

SIParator®50

Firewall® 1550or

SIParator®55

150 Calls*330 Mbit/s

28500 Packets/s


75000 Packets/s

1 500 Calls*2 600 Mbit/s

230 000 Packets/sPossible to SW upgrade


125 000 Packets/s

Firewall® 1650or

SIParator® 65

*) Calls = Concurrent RTP Sessions = SIP Trunks

Confirmed Interoperability

SIP Trunk

Ingate SIParator®

-or-Ingate Firewall

3ComAastraDigium / AsteriskAvayaCisco Call ManagerEricsson MX-OneFonalityInnovaphoneInteractive IntelligenceIwatsuMicrosoftMitelNEC / SphereNortelObjectworldSERShoretelSiemensSIP-GearSwyxMore in pipeline....

Compliant with

360 NetworksAirespringAT&TBandTel Bandwidth.com BroadvoxCbeyond CellipCordia CorporationExcel SwitchingGammaGlobal Crossing IP-Only Juma Networks

Level 3 NetlogicNexvortexNuvoxO1 PaetecPrimus RNK TelecomTDC Tele2ToplinkVoEX VoIP UnlimitedVoxboneMore in pipeline.....

Service providers

IP-PBXs

Carrier EquipmentAcme PacketBroadsoftNexPointSonusSylantro

See: www.siptrunk.org

The Live IP Communication Problem of the Decennium

LAN

LAN

FW FW

FWFW

InternetInternet

A common Network and common Protocols changed our lives:

SMTP gave us global email! HTTP gave us the WEB!

email web

SIP is the Internet standard for Live IP Communication: The next step of Internet usage!

Find each other and do something in real time. Telephony being just one application.

IMS

(SIP based)

IMS

(SIP based)

However, SIP does not traverse the common NATs and firewalls* separating the LANs from the Internet .

* Live IP Communication Requires: - Locate the person - Set up a session - Open real time media streams

The Ingate SIP Architecture

SIPProxy

SIP Proxy Server, capable of routing to/from various address spaces (NAT)

The routing SIP Proxy Server controls the media through the NAT & Firewall

UserLocation

SIP Registrar for user location information

Firewall & NAT Router

Dynamic NAT & Firewall Engine

Security

Extensive SIP Feature Set

EncryptionTermination / Transcoding

Au

the

nticatio

nSIP

Filt

erin

g

Flexible Control

Near-EndTraversal

Firewall & NAT

Sol. for Remote Workers

SIP Proxy,ALG, B2BUA,

Registrar

IP-C

entre

x

Backu

p

OEM Toolset

Far-EndNAT Traversal

and STUN

SIP Trunking Tool Set

QoS

,

T

affic

Mgm

t

IP-PBX

Compatibility

SIP Trunking

Servic

e Pro

vider

Compa

tibilit

y

EN

UM

Support

SIP-ALG-onlyFirewalls

can only dothis much

SIP Proxy,ALG, B2BUA,

Registrar

Data LAN only

PBX with PBX with system system phonesphones

PBX Type 1.5

IP-PBX Trunk Must Meet Service Provider Trunk

VoIP & Data LAN

PBX Type 2

IPIP-- PBXPBX

Few PBXs are of this type. Asterisk with firewall (IPtables /NETfilter) can be compiled and configured this way, but requires a lot.

Why may Ingate be required to connect a PBX?1) NAT/Firewall Traversal – Must NAT to same address space!

2) Basic SIP and Network Interoperability - E.g. Authentication, Registrations, UDP/TLS/TCP, Dynamic IP address, etc.

3) SIP Repair - E.g. Call Transfer, Fragmented packets, Bugs, etc. 4) Features - E.g. Remote Users, Administration (remote and local)

5) Security - E.g. Will LAN be opened? Is the PBX designed to be public?

VoIP & Data LAN

IPIP-- PBXPBX

PBX Type 1

Modern IP-PBXs are of this type. Media goes directly between phone and SIP Trunk.

SIP Trunk Interface

Signaling:Media:

SIP Trunk

1)1) 2) 3) 4) 5)2) 3) 4) 5)

PSTN

SIP Trunking Provider NetworkGW

SIP System

2) 3) 4) 5)2) 3) 4) 5)2) 3) 4) 5)2) 3) 4) 5)

Data LAN

NAT/Firewall Traversal Problem when SIP Trunking over the Internet

PSTNPublic

Internet

SIP Trunking Provider

GW

IP-PBX Firewall

SIP Trunking does not pass a SIP unaware NAT/firewall!

…and the firewall cannot be opened enough to make it work because of NAT.

SIP System

?? UC?

With a SIP Trunk over the Internet, it is not really an option to just connect it to a VoIP LAN.

Data LAN

Firewall

IP-PBX

SIP TrunkOver the Internet

VoIP LAN

No Soft or Multimedia Clients!

Severe Security Warning!No one wants the whole Voice LAN exposed to the Internet. Any extra firewall here needs to be SIP aware or widely open.

PSTNPublic

Internet


GWSIP System

Who will issue a public white IP addresses to every Phone?

Data LAN

Ingate Firewall® Creating a Common Data andVoIP LAN for SIP-Trunking over the Internet

PSTNPublic

Internet


GWSIP System

IP PBX Firewall

Soft Clients and Multimedia Terminals

Demarcation point and bringing SIP communication to the LAN

Data & VoIP LAN with QoS

SIP Trunk over Internet

Ingate Firewall®

Remote Users

Data LAN

Ingate SIParator® Used with Existing Firewall for SIP Trunking Service over Internet

PSTNPublic

Internet


GWSIP System

IP-PBX Firewall


Demarcation point and bringing SIP communication to the LAN

Data & VoIP LAN


Ingate SIParator®

Remote Users

Managed SIP Trunk Connected to Separate Enterprise VoIP LAN in Operator’s Space

PSTNPublic Internet

SIP Trunking Provider Network GW

SIP System

Data LAN

Firewall

IP-PBX

ManagedSIP Trunk

No Remote Users!

VoIP LAN

Provider: Security Warning!

Enterprise: Security Warning!

?? UC?

No Soft or Multimedia Clients!

Will Service Provider issue IP addresses to every Phone?

SIP Trunking Provider Network

Managed SIP Trunking with SBC Adapting SIP to NAT:ed Space of the Enterprise LAN

PSTNPublic Internet

GW

SIP System

VoIP& Data LAN

Firewall

IP-PBX

No Remote Users!

ManagedSIP Trunk

Enterprise: Do we dare let the Service Provider have full access to our LAN?

Other customers


Ingate SIParator® Used with Existing Firewall for Managed SIP Trunking Service

PSTNPublic Internet

GW

SIP System

Data & VoIP LAN

IP-PBXDemarcation point and SIP communication via both WAN pipes.


ManagedSIP Trunk

Ingate SIParator®

Remote Users

Firewall


Ingate Firewall® Creating a Common Data andVoIP LAN for Managed SIP Trunking Service

PSTNPublic Internet

GW

SIP System

Data & VoIP LAN



Remote Users Managed

SIP Trunk

Ingate Firewall®


Public Internet

SIP Trunking Over on a Dedicated Access, with a Central SBC doing Far End NAT Traversal through NAT/FW

PSTNGW

VoIP& Data LAN

Firewall

IP-PBX

No Remote Users!

Far end NAT traversal through NAT/FW by keep alive packets etc. from Operator SBC.

SIP System

Dedicated access for QoS.Does not work with all NATs & Firewalls. No PBX SIP normalization.

Customer NAT/FW


Ingate SIParator® Used with Existing Firewall for Managed SIP Trunking Service

PSTNPublic Internet

GW

SIP System

Data & VoIP LAN


ManagedSIP Trunk

Ingate SIParator®

Remote Users

Firewall

No far end NAT traversal workaround required.


Ingate Firewall® Creating a Common Data andVoIP LAN for Managed SIP Trunking Service

PSTNPublic Internet

GW

SIP System

Data & VoIP LAN


Remote Users Managed

SIP Trunk

Ingate Firewall®



SIP Trunking Over a Dedicated or Internet Access, with a Central SBC doing Far End NAT Traversal through CPE NAT

PSTNPublic Internet

GW

VoIP& Data LAN

Firewall

IP-PBX

No Remote Users!

Far end NAT traversal through CPE router by keep alive packets etc. from Operator SBC.

SIP System

Dedicated access for QoS.Does not work with all NATs & Firewalls. No PBX SIP normalization.

ADSL NAT Router


SIP Trunking Over on an Internet Access, using an Ingate/Intertex CPE (Firewall/SIParator) with ADSL

PSTNPublic Internet

GW

VoIP & Data LAN

Firewall

IP-PBX


SIP System

ADSL 2+ Annex A/B/MBuilt in E-SBC with SIP NAT/Firewall Traversal, QoS and SIP normalization.

ADSL FWwith E-SBC

Remote Users

Separate Internet data access is optional.Combined Data & VoIP Service with QoS possible.

Two Ways to Provide a SIP Trunk

Over a Managed Line PSTN

Public Internet


SIP System

Data & VoIP LAN

FirewallIP- PBX

ManagedSIP Trunk

Over the Public InternetPSTN

Public Internet


SIP System

Data & VoIP LAN

IP- PBX


Firewall

SIP Trunking plug-and-playStep 1 – Address provisioning

B. Type MAC address and IP address of the Ingate unit.

C. Select a password. No password is set default.

E. When done the SIP Trunking tool can be launched.

D. Press Next and the tool will automatically provide an IP address to the Ingate.

A. Connect Your Ingate according to the picture

Status information

SIP Trunking plug-and-play Step 2 – Trunking configuration

C. Select SIParator type (only available for SIParators).

G. Configure netmask for the internal network

F. Configure external inter-face using DHCP or static IP

A. Select ITSP from drop down menu and provide necessary account information

B. Select IP PBX brand & IP address on your internal network.

D. DNS servers to use. Optional

E. Optional to add and remove prefixes.

H. When done, the tool will generate a configuration based on your input and you will automatically be redirected to the Ingate and only need to apply the configuration and you are done!

Please contact me at any time:

Steve JohnsonPresident

Mail & SIP: [email protected]: 1-603-557-7918Direct: 1-603-883-6569

Documents

Solutions for SIP Trunking The SIP trunking enabler