Upload
maryam-oneal
View
31
Download
0
Embed Size (px)
DESCRIPTION
SIP trunk Problems & Solutions ShoreTel & INGATE Siparator Jerome Joanny Sr Product Manager - ShoreTel. IP Cloud. Company A. SIP Trunk - What are the advantages?. Lower recurring costs from the carrier Flexible calling plans – bundled minutes, no long distance charges - PowerPoint PPT Presentation
Citation preview
ShoreTel CONFIDENTIAL(c) ShoreTel, Inc. 2007 -- ALL RIGHTS RESERVED
Enterprise Pure IPTelephony Solutions
SIP trunk Problems & SolutionsShoreTel & INGATE Siparator
Jerome Joanny Sr Product Manager - ShoreTel
ShoreTel CONFIDENTIAL (c) ShoreTel, Inc. 2007 -- ALL RIGHTS RESERVED
• Lower recurring costs from the carrier• Flexible calling plans – bundled minutes, no long distance
charges• More feature offering – virtual numbers• Deployment flexibility
– Incremental provisioning vs. block provisioning– Self serve portals – buy services without meeting your rep– Quicker increments – no waiting for a truck roll
• Dual use of data pipe, voice and data
Company A
SIP Trunk - What are the advantages?
IP CloudCallsData
ShoreTel CONFIDENTIAL (c) ShoreTel, Inc. 2007 -- ALL RIGHTS RESERVED
SIP trunking problems
• NAT traversal for SIP– NAT resides at L3/L4 – SIP at L7– NAT processing “breaks” SIP addressing
• Network & SIP Communication security– Physical medium is the IP pipe – Firewalls control what goes in or out such pipe
• SIP Protocol Normalization & translation– Not all SIP are created equal … and compatible– Open Standard …open to interpretations
ShoreTel CONFIDENTIAL (c) ShoreTel, Inc. 2007 -- ALL RIGHTS RESERVED
The ‘NAT’ and SIP Story
• The Details of port and private IP address are encapsulated in the SIP header message
• Application Layer messages contain information that isn’t relevant outside of the enterprise network
Company A
Client B
Client Y
IP 192.168.1.57
Public IP 64.72.1.31
Public IP 66.63.1.23
Public IP 65.73.1.34
SIP HeaderInvite From: 192.168.1.To: 65.73.1.34:5060
Client A
IP 192.168.1.55
?SIP HeaderInvite From: 192.168.1.To: 65.73.1.34:5060
ShoreTel CONFIDENTIAL (c) ShoreTel, Inc. 2007 -- ALL RIGHTS RESERVED
Network & SIP security issues
Carrier SIPTrunk Cloud
Company A
Company B
Firewall
• SIP trunks use IP infrastructure• IP networks are ‘protected domains’ connected by untrusted
‘public’ connections.• Reliable method is required that allows communication
between domains protected by Firewalls
FirewallOuch! Ouch!
Firewalls block the prime function of a trunk – Allow
systems from different enterprises connect
ShoreTel CONFIDENTIAL (c) ShoreTel, Inc. 2007 -- ALL RIGHTS RESERVED
Call-ID: X
PSTN Gwy
Service Provider
PSTN
The SIP Normalization situation
IP 168.203.30.11
603-883-6569 972-678-0464
ALG
John
603-883-6580
Jane
Bob
Call-ID: X
Hi John !May I speakwith Jane ?
Sure! I will transfer you to Jane
?
REFER?603-883-6580@
shoretel.comWhat's that?
(Jane)
ShoreTel
‘REFER’ to Jane
ShoreTel CONFIDENTIAL (c) ShoreTel, Inc. 2007 -- ALL RIGHTS RESERVED
ShoreTel & Ingate : delivering a solution that Works !
• Solve SIP firewall and NAT traversal issues with a consistent solution
– NAT traversal problems are the source of 90% initial setup issues • Ensure customers can keep total ownership of network security
when SIP is introduced• Provide SIP normalization if/when required
• Provide partners and customers validated ‘end to end’ multi-vendor solutions in the SIP ‘plug and pray’ era
ShoreTel CONFIDENTIAL (c) ShoreTel, Inc. 2007 -- ALL RIGHTS RESERVED
603-883-6569
INGATE Siparator addressing the NAT issue
Firewall
PSTN Gwy
Service Provider
PSTN
IP 10.200.10.16
IP 168.203.30.11
972-678-0464
ShoreTel
IP 168.105.45.19
To:972-678-0464@ IP 168.105.45.19From: 603-883-6569 @10.200.10.16
To/URI:972-678-0464@ IP 168.105.45.19
From: 603-883-6569 @10.200.10.16
IP 168.203.30.11
For calls to route successfully internal IP addresses have to bere-written
The SBC handles the Network Address Translation (NAT)
Address re-write
ShoreTel CONFIDENTIAL (c) ShoreTel, Inc. 2007 -- ALL RIGHTS RESERVED
972-678-0464
ITSPs can’t reach the IPBX in the LAN
Firewall
PSTN Gwy
Service Provider
PSTN
IP 10.200.10.16
IP 168.203.30.11
603-883-6569
ShoreTel
IP 168.105.45.19
From:972-678-0464@ IP 168.203.30.11To:[email protected]
Address re-write
To/URI:[email protected] 10.200.10.16
For calls to route successfully IP addresses have to be re-written
The SBC again handles the Network Address Translation (NAT)
Service Provider can only address the known public IP-address of the Enterprise
ShoreTel CONFIDENTIAL (c) ShoreTel, Inc. 2007 -- ALL RIGHTS RESERVED
No Need to Replace the Existing Firewall!
Siparator
How does the Siparator help?
DMZ
SIP-enables any firewall
It works with existing firewallsDynamically manages ports need for SIP: -SIP Signaling port 5060 -Range of UDP/TCP ports
Provides a B2BUA & SIP Proxy
Normal Firewalls
SIP
ShoreTel CONFIDENTIAL (c) ShoreTel, Inc. 2007 -- ALL RIGHTS RESERVED
B2BUA handles the “REFER” SIP method locally and a new media stream is set up to Jane
Call-ID: X
PSTN Gwy
Service Provider
PSTN
The ITSP SIP transfer problem
SBC with B2BUA
IP 168.203.30.11DMZ
603-883-6569 972-678-0464
ALG
John
603-883-6580
Jane
Bob
Call-ID: X
Hi John !May I speakwith Jane ?
Sure! I will transfer you to Jane
*) The REFER SIP method
?
ShoreTel
Re-INVITE
Call-ID: Y
ITSP sees a RE-INVITE with the same Call ID
REFER to Jane
ShoreTel CONFIDENTIAL (c) ShoreTel, Inc. 2007 -- ALL RIGHTS RESERVED
ShoreTel’s philosophy on integration
• Provide partners and customers with validated ‘end to end’ multi-vendor solutions in the SIP ‘plug and pray’ era
– Making it all work together can be as complex as solving a third order differential equation
– Allow partners to work with ‘known entities’
• Solve SIP firewall and NAT traversal issues with a consistent solution
– Allow support to be clear on the components of the solution and isolate problems easily
ShoreTel CONFIDENTIAL (c) ShoreTel, Inc. 2007 -- ALL RIGHTS RESERVED
Summary
• SIP trunking works
• The ‘solution’ is about more than just connectivity
• There are many flavors of SIP out there
– Be sure you only use those validated as working together
ShoreTel CONFIDENTIAL (c) ShoreTel, Inc. 2007 -- ALL RIGHTS RESERVED
Backup
ShoreTel CONFIDENTIAL (c) ShoreTel, Inc. 2007 -- ALL RIGHTS RESERVED
15
SIP Trunks Misconceptions
• They must be the same as it says ‘trunk’• They are IP so they require less HW • They are cheaper – really? – Depends on what your counting• You can just connect directly – Security? – What’s that?
Company A
Carrier SIP Trunk Cloud
SIP Trunk
Call 408 348 8545
ShoreTel CONFIDENTIAL (c) ShoreTel, Inc. 2007 -- ALL RIGHTS RESERVED
16
Template page
• Single image system with best in class
Carrier SIPTrunk Cloud
Company A
Company B
ShoreTel CONFIDENTIAL (c) ShoreTel, Inc. 2007 -- ALL RIGHTS RESERVED
• Each device has its own private IP address.
Company A
Client B
Client A
Client X
Client Y
IP 192.168.1.55
IP 192.168.1.56
IP 192.168.1.57
IP 192.168.1.1
Public IP 64.72.1.31
Public IP 66.63.1.23
Public IP 65.73.1.33From: 64.72.1.31:2000
To: 65.73.1.33:80