Upload
manuel-eliseo
View
248
Download
0
Embed Size (px)
Citation preview
8/3/2019 Acme Packet Session Border Controller
1/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
Session Border ControllersConnecting the IP World
Acme Packet and Avaya Lead The WayApril 9, 2009
Neil Segall, Business DevelopmentMargie Frasier, Channel Development
8/3/2019 Acme Packet Session Border Controller
2/35
EMEA TECHSHARE 2009
THE FUTURE BEGINSAgenda
Why should I care about SBCs?
What is an SBC?
Product Overview
Working together
8/3/2019 Acme Packet Session Border Controller
3/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
We are not Bugs Bunny!!
Beep Beep
Argh!~
8/3/2019 Acme Packet Session Border Controller
4/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
Why should I care about SBCs?
Reduce costDeliver business agility
Secure loyal customers
8/3/2019 Acme Packet Session Border Controller
5/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
Market Trends
Service providers
Making SIP value available to enterprises
Relying on SBCs for peering and secure access
Reselling or recommending CPE SBCs for security and interworking
Enterprises and contact centres
Embracing converged voice/data for UC, CC, & CEBP
Migrating increasingly to SIP
Moving to SIP trunking for lower costs & power consumption
Recognizing identity, trust and security as critical to UC success
Dealing with interworking and regulatory concerns
8/3/2019 Acme Packet Session Border Controller
6/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
Future of interactive communications?
The Internet
IIFF
The Federnet
FF FF
FF
FF
8/3/2019 Acme Packet Session Border Controller
7/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
Federnet: The eight driving factors
1. In IP, we trust no one
2. Addresses will forever be a collection of heterogeneous schemes
3. SIP is not the only signaling protocol
4. Codecs will never converge to a couple - audio & video
5. Unlimited bandwidth, QoS and signaling resourceswill forever be a myth
6. Some sessions are more valuable than others
7. IP IC regulation will increase
8. Business models will never be homogenous
8/3/2019 Acme Packet Session Border Controller
8/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
MX
Application Platform
Next Generation Communications
App
3rd Partyendpoints
Avaya CMBranch /
Stand alone
o o o
Remote workersOver Internet
o o o
Application Platform
G860
3rd Party PBXs
App
Avaya one-X
endpoints
PSTN Providers
OutsourcersFederated
SystemManager
App MMVP
CM
SM
SMSM
CommunicationManagerCore
SIPTrunks
MediaServers TDM
Trunks
Access
Connection
Application
Internet
Acme PacketSBC
8/3/2019 Acme Packet Session Border Controller
9/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
Joint Value Proposition
Acme Packet SBCs augment Avaya solutions for UC and CC
Defend SIP signaling elements against security threats, overloads
Eliminate border signaling and many other interoperability issues
Preserve session quality under load and adverse conditions
Extend Avaya application reach across IP network borders
Support regulatory compliance
Key Benefits
Faster Avaya solutions deployment at lower risk and cost
Safe use of cost-effective SIP trunks High-quality session delivery to workers across the enterprise
Improves customers options for customizing their networks
8/3/2019 Acme Packet Session Border Controller
10/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
What is an SBC?
8/3/2019 Acme Packet Session Border Controller
11/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
Session real-time, interactive communications voice, video & multimedia - using SIP,H.323, MGCP/NCS, H.248
Border IP-IP network borders
Interconnect/peering:between service providers
Subscriber access:enterprise, residentialor mobile services
Data center:retail or wholesale services
Enterprise: intra- &extra-enterprise
Control
Security
Service reach maximization
SLA assurance
Revenue & cost optimization
Regulatory compliance
What is a Session Border Controller?
Largeenterprise
Mobileservices
PSTN
PSTN origination& termination
Directory services
IPtransit
PSTNtermination
IP contact center
Residential& business
services
8/3/2019 Acme Packet Session Border Controller
12/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
Why SBCs Instead ofFirewalls?
Because traditional firewalls cannot:
Prevent SIP-specific overload conditions and malicious attacks
Open / close RTP media ports in sync with SIP signaling
Track session state and provide uninterrupted service
Perform interworking or security on encrypted sessions
Scale to handle many 1000s of real-time sessions
Provide carrier class availability
InfoSec deploy defence-in-depth model with application-level securityproxies for email and web applications
Same model applies for IP telephony, UC and IP contact centerapplications
8/3/2019 Acme Packet Session Border Controller
13/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
Completes Avayas cost effectiveend-to-end SIP architecture SIPtrunking and border interworking Remote site & worker connectivity Reduced maintenance costs
Provides best-in-class VoIP &UC security Integrated with Avaya SessionManager,
CommunicationManager and VoicePortal
Assures quality and high availability
Disaster recovery and survivability
Helps achieve regulatory compliance Emergency calls, privacy, recording
Acme Packet SBC secures & assuresAvaya unified communications
Redundant data centers
Contact center,audio/video conferencing,
IPCentrex, etc.
To PSTN
SIP
Tele-worker
Nomadic/mobile user
SIP
Remotesite
1. SIP
trunking border 2.H
osted services border
3. Internet border
HQ/campus
Remotesite
CCUC
H.323
Regionalsite
Federatedpartners
InternetPrivate network
ASM
APKTAPKT
APKTAPKTAPKTAPKT
APKTAPKT
APKTAPKT
APKTAPKT APKTAPKT
8/3/2019 Acme Packet Session Border Controller
14/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
Product Overview
8/3/2019 Acme Packet Session Border Controller
15/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
Acme Packet Products
4,000-72,0001,000-16,000250-8,000150-500# sessions
5,000-80,000
Data Center
LargeMediumSize
1,250-40,000
Data Center
750-2,500
Data Center /branch office
20,000-360,000# lines
# agents
Data Center
(w/transcoding)
Net-Net 4250
Net-Net 4500
Net-Net 9200
Net-Net 3800
75-250 125-4,000 500-8,000 2,000-36,000
UC
CC
8/3/2019 Acme Packet Session Border Controller
16/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
Net-SAFE Security Framework
SBC DoS/DDoS protection
Protect against SBC DoS/DDoS attacks & overloads
Access control & VPN separation
Dynamic, session-aware access control for signaling & media
Support for L2 and L3 VPN services & traffic separation
Topology hiding & privacy
Complete service infrastructure hiding &user privacy support
Viruses, malware & SPIT mitigation
Deep packet inspection enables protection against malicious orannoying traffic
Encryption and Authentication
TLS, IPSEC, SRTP
Monitoring and reporting
Record attacks & attackers
Provide audit trails
SBCDoS
protection
Fraudprevention
Accesscontrol
Topology hiding
& privacy
Serviceinfrastructure
DoS
preventionVirusesmalware& SPIT
mitigation
8/3/2019 Acme Packet Session Border Controller
17/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
Dynamic ACLs and Hardware Based Security
All Unauthorized traffic rejected by Hardware Authentication
NN-SD
XHttp Request
Dropped at WireSpeed!!
Unuauthorized Protocol or Destination port
Authorized Traffic Flows are based on:
Source IP address/range
Source IP Port
Protocol
Destination IP address
Destination IP port
VLAN + Physical Port
X
HARDWARE BASED AUTH:
Other Authorizations at WireSpeed:
DoS Blacklisted UsersRejected (matched onabove Flow Definitions)
SIP Invite
Blacklisted User
X
Software Based SBCscannot provide this!
8/3/2019 Acme Packet Session Border Controller
18/35
EMEA TECHSHARE 2009
THE FUTURE BEGINSSignaling Based Security
Stateful awareness of SIP sessions allows for fine-tuned securitymeasures a FW cannot provide:
Next Hop Device (i.e. Avaya SM) constraints exceeded
SIP Invite
Reject with 4xx UnauthorizedX
NN-SD
Bandwidth Exceeds Allowed LImit
SIP Invite
Reject with 503 Unavailable (configurable response)X
SOFTWARE/SIGNALING BASEDAUTHORIZATION:
Authorized Traffic Flows can be based on:
User Registration Status
SIP packet format (Legal?)
Traffic Filters based on SIPheader content
Source or Destination URI
format
Codec type
Bandwidth or SessionAdmission Control
Overload constraints (CPU andNext hop)
Signaling Rate Limit
Unregistered Users (Rejected at SIP level)
SIP Invite
Reject with 4xx Unauthorized
X
8/3/2019 Acme Packet Session Border Controller
19/35
EMEA TECHSHARE 2009
THE FUTURE BEGINSHandling of Ports forMedia
VoIP often requires a different media port per source for RTP flows
Net-Net SD Dynamically Opens ports for RTP/RTCP (Media streams) Secure Latching :
INVITESDPC= (Source): 10.0.0.1, port 1046
Open media port from Pool Y. Remember mapping from192.168.11.101 (Pool Y) to 10.0.0.1:1046;
Open a media port from pool X. Remember mapping from10.100.1.100(Pool X) to 136.2.7.100:4300
Net-Net10.100.1.100UDPPorts:
49152-65535(Pool X)
192.168.11.101UDPPorts:
49152-65535(Pool Y)
136.2.7.100
200OKSDPC= (Source): 136.2.7.100, port 4300
INVITESDPC= (Source): 192.168.11.101, port 49152
200OKSDPC= (Source): 10.100.1.100, port 49152
10.0.0.1
BYE
200OK
XClose Media Ports and Removed from SBC cache
FW MustKeep ports open at allTimes
8/3/2019 Acme Packet Session Border Controller
20/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
Its not just about security
Legacy data infrastructure is not enough
Signalling protocol interworking
Service reach maximization
QoS / Accounting
Session replication
High availability
8/3/2019 Acme Packet Session Border Controller
21/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
HeaderManipulation Rules
Benefit allows SBC to perform SIP header/parameter manipulation basedon regular expressions
Problem overcome interoperability issues, unique routing needs, protocolnormalization and fix-up
Details
Regular expression search and store capability
Ability to do repetitive search and replace
Boolean logic support
Supports operations on MIME body, e.g. SDP Allows codec re-ordering & stripping
Ability to insert information into Call Detail Record VSAs
HMR for ISUP (conversion between any variation of SIP, SIP-I, SIP-T)
8/3/2019 Acme Packet Session Border Controller
22/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
Hosted NAT traversal (HNT)
Problem: remote-user NAT traversal
Inbound VoIP/UC cant get through DSL/cable
modem firewall / NAT
Home worker cant reconfigure FW/NAT
NAT-T techniques (STUN / TURN / ICE) are
limited and vary widely by device: an IT support
headache
Solution: host NAT traversal in SBC
Standardizes NAT methodology
Proven solution: globally deployed
Scalable with very low latency
Benefit: lower cost, complexity of deployment, support
No end-user action required
One centralized box to manage
One methodology for NAT traversal
Remote User
IPT UC CC
Internet
CPENAT/FWmesses up secure
VoIP
Enterprise Data Centre
8/3/2019 Acme Packet Session Border Controller
23/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
QoS measurement & reporting
Benefits
Enables real-time evaluation of network & route performance
Enables Enterprises to validate SLAs from their service providers
QoS based call admission control Capabilities
Per-flow statistics including jitter, latency, packet loss, byte and packet counters
Hardware based RTP/RTCP header inspection no performance impact
Reported through call accounting interface (Radius) or via FTP
Segment A SegmentB
8/3/2019 Acme Packet Session Border Controller
24/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
IP Session Replication
Benefit reduces costs and decreasescomplexity
Problem overcome reduces thenumber of devices/interfaces involved incall capture and replication; SBC scalesbetter than alternative methods
Call recording servers (CRS) areprovisioned per ingress realm
SBC replicates and forwardssignaling and media
SBC load balances session across
recording servers
PBXAvayaACM/ASM
8/3/2019 Acme Packet Session Border Controller
25/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
High Availability
No loss of active sessions (mediaand signaling)
Supports new calls
1:1 Active Standby architecture
Failover for
Node failure, network failure,poor health, manualintervention
40 ms failover time
Checkpointing of configuration,media & signaling state
Preserves CDRs on failover
Shared virtual IP/MAC addresses
10.0.0.1
Find SDthrough DNS round-robin or configured proxy
sd0.co.jp
10.0.0.1
sd0.fc.co.jp
Active Standby
X
All sessions stay up. Process new sessions immediately
Active
New call
8/3/2019 Acme Packet Session Border Controller
26/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
Working together
8/3/2019 Acme Packet Session Border Controller
27/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
PBXAvaya CMHQ/Regional Data Center
UC Reference Architecture
27
Branch Office
PBXRouter
SIPTrunkingService
PBXACM / DO PBXAvaya SM
Analog,
Digital
SIP
SIP
SIP
SIP
SIP
SIPSIP
SIP
Customer choice of complete local call processing intelligence in branch or if desired, no survivability
Avaya Session Manager implements session routing for inter-branch and branch to HQ; managescentralized dial plan
Mini Border Element provides secure access to distributed SIP trunking services for branch/remotelocations
SBC provides secure access to centralized SIP trunking services forHQ/regional centers
SIP
Internet
RTP
Remote clients
SIPTrunkingServices
8/3/2019 Acme Packet Session Border Controller
28/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
Avaya / Acme Packet Interop
Acme Packet part of Avaya Development and SV models
Acme Packet equipment in Avaya R&D & Services labs
Avaya equipment in Acme Packet labs
Formal Interop Testing and Documentation
DevConnect - Acme Packet is a Platinum partner Peering and Access
ACM: NN4250 & NN4500 complete, NN3800 in progress
ASM: NN4250, NN4500 and NN3800 in progress
AVP/ICR: NN4250, NN4500 and NN3800 in progress
Online Application Notes and configuration guides
SITL will certify SIP trunks Testing ongoing in NA, CALA, EMEA, and APAC
8/3/2019 Acme Packet Session Border Controller
29/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
29Acme Packet - company overview Q3 2008
Revenue($M)
Revenue($M)
Acme Packet at a glance
Session Border Control (SBC) category creator & leaderwith 50-60% market share, founded August 2000
Top tier customers worldwide
600+ customers in 92 countries
29 of top 30, 89 of the top 100 service providers
Market focus: enterprise, contact centre, and service provider
400+ employees in 25 countries,
Burlington, MA headquarters
Public company (NASDAQ: APKT)w/ strong revenue growth, profits & balance sheet
Healthy, Profitable, Leading, Growing
$3.3
$16.0
$36.1
$84.1
$113.1$116.4
2003 2004 2005 2006 2007 2008
8/3/2019 Acme Packet Session Border Controller
30/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
Competition
Primary competitive threat: customer inertia
Ignorance of need for SBCs
IT security staffs must be educated
Next-best threat: Cisco Unified Border Element (CUBE)
All software: small scale, low performance
Lacks DoS protection, advanced routing, high availability
Years behindon features and protocol support Very limited non-Cisco product interoperability
8/3/2019 Acme Packet Session Border Controller
31/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
Go-to-market strategy
Channel focus in EMEA - over 60 people
Business and channel development provide commercial and technical support
Direct touch Sales and Engineering team directly supports opportunities
EMEA HQ in Madrid has training and lab facilities
Field systems engineering supports evaluations & trials, informal training
Technical support - 24x7x365 from Burlington,MA, USA headquarters
Protocol and platform focus areas
Telephone hotline for critical problems
Web portal
Training Configuration and troubleshooting courses
Boston, Madrid, Moscow, or at customer site
English, Spanish, Italian, French, German, Russian, Dutch, Portuguese
8/3/2019 Acme Packet Session Border Controller
32/35
EMEA TECHSHARE 2009
THE FUTURE BEGINSAcme Packet helps close more Avayabusiness faster
Minimize risk for migration to Avaya
Interworking and compliance / security / service quality
Reduce cost and increases value of Avaya solution Enables secure use of cost-effective SIP trunks
Supports Flatten Consolidate & Extend (FCE) model
Provide a competitive advantage over Cisco
Superior SBC solution
Strong relationships with service providers
Prevent Cisco from getting more foothold
8/3/2019 Acme Packet Session Border Controller
33/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
33Acme Packet confidential
The Managed Services Opportunity
Managed CPE SBCs enable multiple services to be safelydelivered through SIP Trunks
IP Contact Centres
Unified Communications Services
IP PBX connectivity
Business partner managed SBCs mean:
Annuity revenue
Account Control and opportunity to sell multiple services
Services Revenue Opportunity
8/3/2019 Acme Packet Session Border Controller
34/35
EMEA TECHSHARE 2009
THE FUTURE BEGINS
Value proposition
The: Acme Packet SBC solutions
is for: Mid- to large-size enterprises and contact centres across allvertical markets and geographies
who need to: Connect to public/private SIP Trunk Services, and support Remote/ Mobile Workers
in order to: Reduce cost
Deliver business agility
Secure loyal customers
Meet regulatory compliance mandates
8/3/2019 Acme Packet Session Border Controller
35/35
EMEA TECHSHARE 2009
THE FUTURE BEGINSAcme Packet Contacts - EMEA
Andreas Waechter, Sales Director, Enterprise, [email protected] (Germany)
Margie Frasier, Channel Development Manager, [email protected] (Italy)
GeraintEvans, Technical Director, [email protected] (UK)
HEADQUARTERS
RelationshipManager: Neil Segall [email protected]
Technical Director: Ray DeQuiroz, [email protected]
Chief Engineer: Mike Aglietti, [email protected]
Channel Development: Laurie Coppola [email protected]