Add to collection(s) Add to saved
  1. Business

SBCs vs Firewalls

advertisement 
The leader
in session border control
for trusted, first class
interactive communications
Comparison of SBCs
to SIP firewall/ALGs
Summary comparison:
SBCs vs. Firewalls with SIP ALGs
SBC
Firewall with SIP ALG
Back-to-back user agent
Maintains single session
– Fully state-aware at
layers 2-7
– Fully state-aware at
layers 3 & 4 only
– Inspects and modifies any
application layer header info
(SIP, SDP, etc.)
– Inspects and modifies only
application layer addresses
(SIP, SDP, etc.)
– Can terminate, initiate,
re-initiate signaling & SDP
– Unable to terminate, initiate,
re-initiate signaling & SDP
– Static & dynamic ACLs
– Static ACLs only
Data center
SIP trunking
Data center
IP PBX
UC server
SIP trunking
Acme Packet
IP PBX
UC server
3
SBC vs. firewall w/ SIP ALG comparison
Security scenarios
Use case
scenario
SBC/FW
DoS/DDoS
self-protection
Business challenge
Technical requirements
Prevent malicious or
non-malicious SIP
signaling or media
attacks & overloads
from making the SBC
or FW non-responsive
* Dynamically block attacks
* Detect/reject non-compliant
*
*
Network abuse
control
Prevent unauthorized
or fraudulent network
usage
(signaling, protocol, traffic
levels) SIP sessions
Initiate SIP BYEs to tear
down core-side sessions
Statefully control legitimate
SIP registrations during
overloads
SBC
FW w/
ALG

* Control number & bandwidth
*
*
of simultaneous sessions
Strip unauthorized codecs
from SDP headers
Scan SIP header
attachments for
unauthorized content
Acme Packet

4
SBC vs. firewall w/ SIP ALG comparison
Application reach, regulatory scenarios
Use case
scenario
IP PBX and
UC protocol
interworking
Business challenge
Technical requirements
Translate dissimilar
signaling (SIP, H.323),
transport (UDP, TCP,
SCTP) & encryption
(none, TLS, SRTP,
IPsec)
* Terminate SIP sessions
Enable users behind
Remote site
NAT traversal FW/NATs to originate
*
* Keep FW pinholes open by
resetting SIP registration
interval to less than FW
port TTL and caching SIP
registrations by FW IP/port
and receive VoIP calls
and UC sessions
Session
replication
for recording
Comply with regulatory
requirements and
maximize customer
service quality
and translate layer 2-7
protocol information
Fix protocol anomalies &
inconsistencies
SBC
FW w/
ALG


* Replicate all SIP signaling
*
and media to recording
server(s) in addition to
intended recipient
Replicate selective or all
sessions
Acme Packet

5
SBC vs. firewall w/ SIP ALG comparison
Availability scenarios
Use case
scenario
Data center
disaster
recovery
Business challenge
Technical requirements
Assure constant service
availability and quality
* Network SBC – detect
*
Remote site
survivability
Provide alternative path
for VoIP/UC traffic when
primary path becomes
unavailable
Ensure no loss of active
sessions or session state
during failover
FW w/
ALG

* Monitor link and routing
*
High
availability
operation
failure of datacenter SIP
session agents and reroute SIP sessions
Datacenter SBC – translate
phone numbers in SIP
headers for SIP trunk
geo-redundancy
SBC
state of upstream router &
SIP registration state of
remote IP PBX/UC server
Re-route SIP signaling and
media to alternative
trunking provider, PSTN
media gateway or Internet
* Checkpointing of SIP
signaling, media and
configuration state between
active & standby elements
Acme Packet


6
SBC vs. firewall w/ SIP ALG comparison
SLA assurance scenarios
Use case scenario
QoE-based
routing
Business
challenge
Technical requirements
Maximize voice
quality and reliability
of services and
applications
Ensure continuous
service availability
and quality, even
under adverse traffic
loads and/or attack
FW w/
ALG
* Actively monitor voice QoS
*
*
IP PBX/UC
server session
admission &
overload control
SBC
thresholds and ASR
Re-route or redistribute
traffic as needed
Release media within
access network to optimize
quality
* Dynamically monitor server
status and control SIP
signaling flows to IP
PBX/UC servers accordingly
Acme Packet


7
The leader
in session border control
for trusted, first class
interactive communications
Related documents
CONTENTS Project Title Tools Used
CONTENTS Project Title Tools Used
VoIP%2BUnlimited%2B-%2BSWERN%2BUser
VoIP%2BUnlimited%2B-%2BSWERN%2BUser
project ppt
project ppt
Vocalcom Technical Voice Architecture
Vocalcom Technical Voice Architecture
ECSECC Powerpoint Template - The Eastern Cape ICT Summit
ECSECC Powerpoint Template - The Eastern Cape ICT Summit
SONUS-Avaya Users Group 2012-08
SONUS-Avaya Users Group 2012-08
CenturyLink SIP Trunk Overview,FINAL
CenturyLink SIP Trunk Overview,FINAL
Comma Quiz
Comma Quiz
Media - TMCnet
Media - TMCnet
辅导系
辅导系
(ASBU) methodology - Summary of Block 0 modules
(ASBU) methodology - Summary of Block 0 modules
summer study on energy efficiency in buildings
summer study on energy efficiency in buildings
Zeacom
Zeacom
sip trunk overview for sales final
sip trunk overview for sales final
Esperance business development presentation
Esperance business development presentation
Securing Enterprise Voice
Securing Enterprise Voice
SIP - Michael McNamara
SIP - Michael McNamara
1.7 FoundationsofPractice
1.7 FoundationsofPractice
Office 365 Advanced Scenario
Office 365 Advanced Scenario
Powerpoint for new Charter School SIP development
Powerpoint for new Charter School SIP development
3CX Corporate Presentation
3CX Corporate Presentation
File
File
Download
advertisement