Intertex Data AB, Sweden
advertisement
The IX78 for SMB Deployments both for Hosted SIP Services and SIP Trunking Intertex Data AB, March 2012 © 2012 Intertex Data AB 1 What’s in the IX78? ADSL2+ modem with Annex A/B/M (24 Mbps DS, 3 Mbps US), or Ethernet WAN (VLAN capable) Triple play and various routing configuration possibilities Router with any port, any service capability and 4-5 port Ethernet Switch Wireless 802.11b/g as Access Point (3 SSID for separate WLANs) Business Firewall Advanced QoS for voice, IP-TV etc. VPN (IPsec with certificate handling) TR-069 and proprietary flexible provision system and in addition to VoIP things like 2 FXS ports for analog telephones and FAX with T.38 support FXO port: Real SIP/PSTN gateway + Fallback on WAN loss there are outstanding features enabling new applications and services Unique support for standard SIP phones and soft clients on the LAN and WLAN SIP Trunking of PBXs – unequalled interoperability list Let’s have closer look SIP Proxy, Registrar and PBX-like functionality what can be achieved! and more… © 2012 Intertex Data and Ingate Systems 2 SIP is the Most Important Protocol, but… A common Network and common Protocols changed our lives: SMTP gave us global email! HTTP gave us the WEB! IMS SIP is the Internet standard for Live IP Communication: The next step of Internet usage! Find each other and do something in real time. Telephony being just one application. However, SIP does not traverse the common NATs and firewalls* separating the LANs from the Internet . (SIP based) Internet email FW FW FW FW LAN * Live IP Communication Requires: - Locate the person - Set up a session - Open real time media streams © 2012 Intertex Data and Ingate Systems web LAN We Need a Future of Live All IP Connectivity! IMS Global IP Connectivity VoIP++ All SIP Services In the world of Unified Communication and global IP-communication, SIP must be used as general as SMTP for email and HTTP for the Web! © 2012 Intertex Data and Ingate Systems The Intertex & Ingate SIP Architecture To get general NAT/Firewall SIP traversal: Firewall & NAT Router Dynamic NAT & Firewall Engine Used for NAT/Firewall traversal and also as: SIP Proxy Server, capable - Outbound proxy of routing to/from various address - Inbound proxy spaces (NAT) - SIP Server The routing SIP Proxy Server controls - PBX (The SIP Switch) the media through the NAT & Firewall Most of for these SIP Registrar userelements location used when SIP Trunking information User SIP B2BUA invoked in addition when required Proxy Location UA | UA | © 2012 Intertex Data and Ingate Systems 5 The Many Faces of the IX78 In addition to being a router, a firewall, a wireless access point, an ADSL modem etc., the IX78 has several SIP and Telephony related functions: SIP ATA device (2 FXS ports, 1 FXO port) SIP E-SBC Gateway for hosted services – LAN and WLAN SIP devices have global SIP connectivity IX78 for Hosted SIP Services SIP Trunking E-SBC – Connecting IP PBXs directly to operator’s SIP Telephony Services Unique SIP support including proxy and registrar, various VoIP network architectures supported, advanced SIP and Telephony routing, built in PBX All these functions can be used together and at the same time! © 2012 Intertex Data and Ingate Systems 6 Ordinary Voice IADs – Good for Telephony Replication… Telephone ports (FXS) on the CPE is a popular way to deploy IP telephony. By logically placing the SIP clients on the outside of the NAT/Firewall, unreliable work-around methods like STUN, TURN and ICE become unnecessary. However, this only gives POTS replication, often even stopping general SIP based services! Internet The 5060 SIP-port is just grabbed on the outside to the FXS ports! Lower level SIP ALGs often cause problems and do not handle more than basic scenarios. Often problems with, or total lack of: • SIP to the LAN or WiFi • Calls between SIP clients on LAN • Calls between internal ATA ports and LAN clients • Call transfers, 3-party calls, etc. • Using SIP generally over the Internet (Operator “took all the SIP”) (Users must not be deprived of general SIP-functionality!) © 2012 Intertex Data and Ingate Systems 7 Intertex’ IADs are SIP Capable NAT/Router/Firewalls IMS Internet SIP No battery draining of WiFi mobile phones, otherwise caused by keep-alive packets* inhibiting sleep mode. * Work-around methods for SIP NAT-traversal like STUN, TURN, ICE and Far End NAT Traversal use frequent keep-alive packets to keep holes in the NAT/Firewall open. Problems solved where they occur Wired or wireless SIP clients (phones, soft clients, PDAs) No special requirements on the SIP Client – Just standard SIP All Intertex CPEs have a SIP Proxy based SIP aware Firewall/NAT General, can handle complex call scenarios and all SIP services Additional functionality available (SIP server, PBX functionality etc.) © 2012 Intertex Data and Ingate Systems 8 Full Support for all SIP Applications SIP offers so much more than just telephony Go beyond POTS replacement! © 2012 Intertex Data and Ingate Systems 9 The Many Faces of the IX78 In addition to being a router, a firewall, a wireless access point, an ADSL modem etc., the IX78 has several SIP and Telephony related functions: SIP ATA device (2 FXS ports, 1 FXO port) SIP E-SBC Gateway for hosted services – LAN and WLAN SIP devices have global SIP connectivity SIP Trunking E-SBC – Connecting IP PBXs directly to operator’s SIP Telephony Services IX78 for SIP Trunking Unique SIP support including proxy and registrar, various VoIP network architectures supported, advanced SIP and Telephony routing, built in PBX All these functions can be used together and at the same time! © 2012 Intertex Data and Ingate Systems 10 SIP-Trunking for the IX78 Connecting IP PBXs to Operators’ SIP Services The era of replacing T1/E1/PRI lines for IP connections to operators’ SIP telephony services has begun. Most IP PBXs require SIP traversal of the enterprise firewall and some special additions. Intertex’ sister company Ingate has taken the SIP-Trunking lead. http://www.ingate.com/SIP_Trunk_UC_Summit_LA_2010.php Ingate Confidential 29 IX78 can enable E-SBC (Enterprise Session Border Controller) functions for SIP Trunking IX78 includes the same SIP Trunking functionality as the Ingate Enterprise line of E-SBCs! IX78 E-SBC Enterprise Line of E-SBCs Ingate Firewalls and SIParators® – E-SBC From 50 to 3 000 simultaneous calls (with media) Used in a wide variety of SIP Trunking installations NAT/Firewall traversal Superior SIP Normalization Multi level security, incl. SIP IDS/IPS QoS (Quality of Service) 150/400/1000 Calls* Failover configurations 500/700/900 Mbit/s 40 000/80 000/160 000 Packets/s Ingate IX78 for operator volume deployments 1800/3000/8000 Calls* 4 500/ 4 500/ 5 000 Mbit/s 300 000/500 000/900 000 Packets/s Software Firewall/SIParator ® 25 - 10 000 Calls* 50 Calls* 200 Mbit/s 30 000 Packets/s 50 Calls* 90 Mbit/s 10 000 Packets/s Can be installed on a virtual machine or natively x86 Linux Servers (industry-standard PC architecture) *) Calls = Concurrent RTP Sessions = SIP Trunks 12 Confirmed Interoperability: Ingate & Intertex SIP Trunk Providers Nexvortex 360 Networks Nuvox Airespring O1 AT&T One Communications BandTel Paetec Bandwidth.com Primus Broadvox RNK Telecom BT (British Telecom) Skype Cablevision TDC Cbeyond Telavox Cellip Tele2 Comm Partners Tele Pacific Cordia Corporation Teletek Deltacom TeliaSonera Excel Switching Toplink Gamma Telecom Tritel GEOS VoEX Global Crossing Voice Flex IP-Only VoIP Unlimited Nectar Voxbone Level 3 Voxitas Netlogic XeloQ Netsolutions More in pipeline... SIP Trunk Compliant with Carrier Equipment Acme Packet Broadsoft Genband Sonus IP-PBXs Sylantro SER NSN More in pipeline… © 2012 Intertex Data and Ingate Systems Aastra Aastra/Ericsson MX One Adtran UC Server Digium/Asterisk Avaya Aura Avaya IP Office Avaya SES/CM Avaya QE Brekeke Broadsoft Cisco Fonality HP/3Com -VCX Innovaphone Interactive Intelligence Iwatsu LG Nortel Microsoft OCS Mitel NEC / Sphere Nortel BCM Nortel SCS Objectworld Panasonic Samsung SER Shoretel Siemens SIP-Gear Swyx More in pipeline.... The IP-PBX Trunk Must Meet Service Provider Trunk PSTN Why may an IX78 be required to connect a PBX? 1) NAT/Firewall Traversal – Must NAT to same address space! 2) Basic SIP and Network Interoperability - E.g. SIP Trunking Provider Network Authentication, Registrations, UDP/TLS/TCP, Dynamic IP address, etc. SIP System 3) SIP Repair - E.g. Call Transfer, Fragmented packets, Bugs, etc. 4) Features - E.g. Remote Users, Administration (remote and local) 5) Security - E.g. Will LAN be opened? Is the PBX designed to be public? SIP Trunk 1) 2) 3) 4) 5) IX78 IPPBX 2) 3) 4) 5) 2) 3) 4) 5) SIP Trunk Interface Modern IP-PBXs are of this type. Media goes directly between phone and SIP Trunk. PBX with system phones IPPBX Few PBXs are of this type. Asterisk with firewall (IPtables /NETfilter) can be compiled and configured this way, but requires a lot. VoIP & Data LAN VoIP & Data LAN Data LAN only PBX Type 1 Signaling: Media: PBX Type 1.5 PBX Type 2 Intertex IX78 Simply Presents the SIP Trunking Service on the Customer’s Protected Combined VoIP & Data LAN, Ready for any PBX to Use Public Internet SIP Trunking Provider PSTN SIP System Remote Users Intertex IX78 Demarcation point of service and bringing SIP communication to the LAN IP-PBX Data & VoIP LAN Soft Clients and Multimedia Terminals © 2012 Intertex Data and Ingate Systems 15 … or from an Extra IP Connection, still in Parallel with an Existing, non SIP Aware Firewall Public Internet SIP Trunking Provider PSTN SIP System Remote Users Intertex IX78 Demarcation point of service and bringing SIP communication to the LAN IP-PBX Data & VoIP LAN Soft Clients and Multimedia Terminals © 2012 Intertex Data and Ingate Systems 16 … or the Intertex IX78 can be the Company Firewall, presenting the Customer with a Protected Combined VoIP & Data LAN, Ready to use! Public Internet SIP Trunking Provider PSTN SIP System Remote Users Intertex IX78 Demarcation point of service and bringing SIP communication to the LAN IP-PBX Data & VoIP LAN Soft Clients and Multimedia Terminals © 2012 Intertex Data and Ingate Systems 17 …and the IX78 can Support Many WAN Layer 2 and Layer 3 Architectures with QoS Separated WAN Interfaces (inherited from it’s triple play capabilities) E.g. Telia E.g. Telia Internet IP-TV VoD Internet IMS IP-TV VoIP VoD IMS VoIP PVC1 VLAN1 PVC3 PVC2 ADSL Virtual LANs (VLAN) Ethernet Private Virtual Circuits E.g. B2 VLAN3 VLAN2 E.g. BT Internet IP-TV VoD IMS IP-TV Priority2 VoIP VoD Internet Priority3 IMS VoIP Priority1 WAN1 WAN2 Ethernet WAN3 IP QoS Separated Subnets ADSL or Ethernet IP Level QoS The Intertex IX78 Supports All of these Architectures! © 2012 Intertex Data and Ingate Systems 18 Proposed Setup for the DOCSIS Network PSTN SIP Trunk Provider Public Internet SIP System Easy and advantageous installation using advanced WAN SIParator mode Plug in existing firewall to Ethernet port 4 on the IX78 (bridged connection to the WAN) CMTS IX78 WAN SIParator will handle QoS (backing off firewall’s data traffic if required) Bridge for Existing NAT/ Firewall (non SIP aware) Cable Modem IX78 E-SBC IPPBX WAN SIParator 2 – requires two IP addresses, one for the firewall, another for the IX78 WAN SIParator 1 – requires only one IP address, shared between the IX78 and the firewall Data & VoIP LAN DHCP or fixed WAN IP address(es) SIP Trunking Made Easy Installation Wizard © 2012 Intertex Data and Ingate Systems 20 SIP Trunking in Proxy Mode or B2BUA Mode Proxy Mode IP-PBX talks to Service Registration/Authentication model must match Little configuration in the IX78 Service credentials in the PBX IPPBX B2BUA Mode (Proxy still doing the basics) IP-PBX only talks to the IX78 Wider separation between PBX and Service Service Credentials only in the IX78 More SIP Normalization possibilities (e.g. REFER) Any new operator service platform only requires IX78 reconfiguration (the PBX configuration can remain) © 2012 Intertex Data and Ingate Systems IPPBX 21 Trunk-side Parameters (B2BUA Mode) © 2012 Intertex Data and Ingate Systems 22 PBX-side Parameters (B2BUA Mode) © 2012 Intertex Data and Ingate Systems 23 Registration, Call Routing, CallerID (B2BUA Mode) © 2012 Intertex Data and Ingate Systems 24 The Many Faces of the IX78 In addition to being a router, a firewall, a wireless access point, an ADSL modem etc., the IX78 has several SIP and Telephony related functions: SIP ATA device (2 FXS ports, 1 FXO port) SIP E-SBC Gateway for hosted services – LAN and WLAN SIP devices have global SIP connectivity SIP Trunking E-SBC – Connecting IP PBXs directly to operator’s SIP Telephony Services Unique SIP support including proxy and registrar, various VoIP network architectures supported, advanced SIP and Telephony routing, built in PBX All these functions can be used together and at the same time! © 2012 Intertex Data and Ingate Systems 25 Add SIP Clients, Use as Basic PBX, Move on to Full PBX There are many PBXs out there that do not allow Soft Clients, Remote Users or Standard SIP Phones. Registrar Remote Users PBX with non-SIP phones Soft Client WiFi Mobile PBX Retire the old PBX… The PBX – Simple and Capable Administrator’s Overview and Configuration © 2012 Intertex Data and Ingate Systems 27 The PBX – The things you need Personal Settings Ready and In Use! IX78 E-SBC used in volume by Sweden’s incumbant TeliaSonera in SIP Trunking Services: Over ADSL (built-in ADSL modem, multiple PVC) Over Managed Internet ”Prolane” service (IP QoS) Over Fiber LAN (multiple VLANs) Others in progress Ingate products are used in a wide variety of SIP Trunking installations Ready and used for more than POTS Replacement VoIP++ = Global IP Connectivity & All types of SIP services Multimedia and Unified Communications Element Managemen System - iEMS (more later) Basics available now – Continously extended – Adaptions to operator requests iEMS will later also be used for Ingate’s larger products More managed services via the iEMS (SIP Trunking, PBX, Firewall, VPN) © 2012 Intertex Data and Ingate Systems 29 Performance and Call Handling Capacity Over 50 simultaneous calls (20 ms voice packets) carrying media Call rate of 8 calls/s in proxy mode and 3 calls/s in B2BUA mode. (way above the requirement to support 24 or 50 simultaneous calls) Up to 255 registrations. SIP end-points can be more. CPU Usage: Signaling 6% Signaling 3% Free CPU 32% Media 30% Free CPU 67% 24 calls, 5 min/call, 20 ms packets Media 62% 50 calls, 5 min/call, 20 ms packets © 2012 Intertex Data and Ingate Systems 30 From Conventional Services Over New Wires Telephony TV Internet to The Multimedia LAN New terminals (PCs, Mobile Phones etc) will handle everything and must get all the accesses with Reliability and Quality. It’s time to get it together and add more! © 2012 Intertex Data and Ingate Systems 31 Advanced Triple Play Architecture IMS and VoIP Services for ALL Terminals over ALL Pipes! The Multimedia LAN Internet IMS TR-069 VoIP IP-TV All services must be available to multimedia terminals! – Over controlled high QoS pipes as well as the Internet. Application Innovation Requires it! VoD VLANs or ADSL Virtual Circuits WLAN Internet The Multimedia LAN PDA Telepresence © 2012 Intertex Data and Ingate Systems Lots of new CPE requirements to meet IX78 Architecture and Functionality A user attractive architecture for multimedia services and terminals. Plug-in compatible CPE, without changed network architecture! All services on different WAN-pipes made available to all terminals on a single LAN / WLAN • • • • All QoS advantages preserved from the conventional port the based architecture Network clouds may be NATed or in the public address space Firewall protection on all WAN pipes (PVCs, VLANs etc.) QoS based routing, in addition to traditional address based routing Special IP TV requirements • • • IGMP proxy for multicast IP-TV, with fast leave and multi- to unicast conversion RTSP proxy for VoD (Video on Demand) Horsepower and intelligent packet dropping to maintain priority on critical video streams Full SIP Based Live IP Communication Support • • • • • • • Much more than POTS replication via FXS ports Full support for SIP on LAN and globally, without unreliable work-around methods QoS applied to all SIP signaling and media – No client setup required SIP clients can use either Quality Assured operator service or the Internet. SIP communication can be separated and routed universally, with best QoS on each network Support for all SIP services (not just telephony) Equal treatment and full connectivity between telephony ports (FXS), LAN or WLAN connected clients as well as outside clients SIP and IMS supported over the VoIP and IMS pipe as well as over the Internet and routed globally © 2012 Intertex Data and Ingate Systems 33 Powerful Provisioning Systems Use standardized TR-069 and TR-104 or Intertex’ provisioning - easy to integrate with existing customer handling system Initial automated configuration to get up and running THEREAFTER: Continued Configuring – New or updated settings easily distributed Firmware Upgrade – The CPE can look for new firmware releases and upgrade itself Customer Purchases – Software options, licenses and even hardware accessories, can be ordered and delivered from IG Shop. Provisioner sells to his customer as usual. Unlocking of subsidized CPE can also be sold this way. © 2012 Intertex Data and Ingate Systems 34 The SIP Trunking Installation Wizard jkjjk Element Management System – The iEMS Functions for Provisioning, Monitoring, Reporting, Diagnostics, Logging, Debugging, Support, Configuration and Upgrade. Available now with basic functionality. Will handle both Ingate and Intertex Firewalls and SIParators. Highly scalable, runs on PC servers under the Linux OS. HTTPS/SOAP interface to the IX78. Can read and write all configuration parameters, as well as asynchronous reporting by the device (like SNMP traps). Web based secure access to the iEMS. Customized portals for operators, installers and customers, for the purpose of administration, management and usage. The iEMS has northbound interfaces for integrating with the operator’s OSS and Fault Management systems, using XML-RPC and/or SOAP. © 2012 Intertex Data and Ingate Systems 36 iEMS – CDRs with Call Quality Metrics © 2012 Intertex Data and Ingate Systems 37 Billing – CDRs for Efficient Processing Now also with Video Call Metrics and Pipe Used! CDRs with Call Quality Metrics – View from iEMS (our TR-69 management system) © 2012 Intertex Data and Ingate Systems iEMS Interfaces OSS, Fault Management, etc. XML-RPC (or SOAP) (GET/SET/EVENTS) Northbound API WEB GUI DB DB DB Southbound API WAN CPE CPE CPE <?xml version="1.0"?> <methodCall> <methodName>setTrunk</methodName> <params><param><struct> <member><name>version</name><value>1.0</value></member> <member><name>ems</name><value><struct> <member><name>username</name><value>installer</value> <member><name>password</name><value>foobar123</value></ </struct></value></member> <member><name>service</name><value><struct> <member><name>registrar</name><value>sip.intertex.se</ <member><name>proxy</name><value>proxy.intertex.se</value </struct></value></member> <member><name>trunk</name><value> <array><data> <value><struct> <member><name>identity</name><value>5162809890</val <member><name>password</name><value>foobar</value></membe </struct></value> <value><struct> <member><name>identity</name><value>5162809895</val <member><name>password</name><value>barfoo</value> </struct></value> </data></array> </value></member> CPE </struct></param></params> </methodCall> CPE CPE CPE © 2012 Intertex Data and Ingate Systems 39 Technology and Competence "Intertex specialises in the development of communication and security products.“ "Extensive experience of real-time and application programming as well as analogue and digital hardware design." Anders Business Awards: Challenger of the Year 1995 Rookie of the Year 1996 The Award of Electronics 1997 The Golden Mouse 1998 Trippel A (AAA) 1999 and 2000 Editor's Choice Networking EXHardware 2002 World of ADSL Golden Award 2002 Internet Telephony Product of the Year 2002 Internet Telephony Product of the Year 2003 Communication Solutions – P. of the Year 2003 European IST Prize 2004 Internet Telephony Product of the Year 2004 Pulver 100, numerous Internet Telephony Editors’ Choice Award 2006 Best in Test Mikrodatorn 2006 Internet Telephony Product of the Year 2007, 2008 © 2012 Intertex Data and Ingate Systems 40 SIP Capable Firewalls and SIParators® Thank You! Ingate Systems Inc. Intertex Data AB www.ingate.com Contact: Steve Johnson steve@ingate.com sip:steve@ingate.com Tel: +1 603 883 6569 Mob: +1603 557 7918 www.intertex.se Contact: Karl Stahl karl.stahl@intertex.se sip:kalle@intertex.se Tel: +46 8 12205629 Mob: +46 70 7254532 © 2012 Intertex Data and Ingate Systems 41 Making the E-SBC do it – WAN Quality IP Network Connects to High Quality OVCC Network and the Internet (If you wish) Handles Multimedia and Data (If you wish) with advanced QoS Connects via DSL (IX78 only) or Ethernet (VLAN tagged or not) Extra High Quality WAN Interface over PVC or VLAN Ethernet Or hook it into a separate Ethernet Interface Classified traffic (Teleprecense, Voice…) takes the fine pipe © 2012 Intertex Data and Ingate Systems Making the E-SBC do it – Classify Traffic Outgoing calls shall take the right pipe (Incoming – signaling and media - stays where it came in) Classifying in the E-SBC Outbound Proxy is a good way Devices Registered to own registrar/PBX OVCC MSP1 Registered Devices Devices registered to Internet connected ITSP Classified traffic (Telepresence, Voice…) takes the quality pipe Can also classify based on other criteria, e.g. IP address, DSCP bits, protocol from device © 2012 Intertex Data and Ingate Systems Making the E-SBC do it – QoS, Prioritization Quality of Service setup can be easy (default in the IX78) Or detailed as in the Ingate line © 2012 Intertex Data and Ingate Systems
