Download - Sangoma SBC Training Presentation
![Page 1: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/1.jpg)
Sangoma Session Border Controllers:
Support Training Presentation
Aykut [email protected] Turkey Distributor
![Page 2: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/2.jpg)
Contents Part 1• Why Session Border Controllers?• Product Portfolio of the Session Border Controller• Business Applications and Use Cases (Vega ESBC)• Carrier/Service Provider Applications and Use Cases
(NetBorder SBC)• Sangoma SBC Load Balancing and Failover Techniques• SBC Walkthrough
© 2014 Sangoma Technologies 2
![Page 3: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/3.jpg)
Contents Part 2• Conceptual Overview of the SBC Call Processing Components• Introduction and Configuration of SIP Profiles• Introduction and Configuration of Domain Profiles• Introduction and Configuration of Media Profiles• Introduction and Configuration of SIP Trunks• Introduction and Configuration of Call Routing• Walkthrough• Questions
© 2014 Sangoma Technologies 3
![Page 4: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/4.jpg)
Reasons for Session Border Controllers
![Page 5: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/5.jpg)
Problems Found in VoIP without an SBC
• Firewalls need to be traversed for end-to-end VoIP telephony– SIP protocol does not work through NAT functions in firewalls
• Without SBCs– Forward SIP/RTP ports on firewalls
• Opens up security issues
– Set-up VPNs• Costly to manage/bandwidth limitations/subscriber mgmt.
– Firewall Application Layer Gateways (ALG)• OK, brings other limitations for other SIP issues
© 2014 Sangoma Technologies 5
![Page 6: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/6.jpg)
SIP Interoperability Challenges
• SIP RFC3261– Largest RFC– Not a tight specification like ITU specs for instance– Uses “Should”,“Can”,“May”,“Option” many many
times– It is a recommendation, not a hard rule, lots of
room for interpretation
• Result– Everyone is compliant to RFC3261– But hard time to interop!
• For end to end VoIP Interworking, SBCs come to the rescue by ‘fixing’ these differences
© 2014 Sangoma Technologies 6
![Page 7: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/7.jpg)
Additional Interop Challenges• It’s not just SIP signaling• Media can also need fixing for end to end communications to become
possible:– Codecs mismatch– Fax T.38/Inband Fax– RFC2833/INFO/Inband DTMF Methods– RTP and SRTP
• IPV6 vs IPV4• UDP vs. TCP (example with MS Lync)• TLS/SRTP interop with SIP/RTP• Firewalls cannot address these – do not have DSPs to process media
© 2014 Sangoma Technologies 7
![Page 8: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/8.jpg)
Security Issues• Connectivity to other IP Networks introduces
security issues– Denial of Service (DoS) attacks– Toll Fraud by manipulating media– Topology hiding (SIP vias, hops, etc.)
• Firewalls cannot act on all these security issues unless it is SIP aware (SIP ALG)– Some firewall vendors offer SIP ALGs, but it is not enough
© 2014 Sangoma Technologies 8
![Page 9: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/9.jpg)
What is an SBC and Why have one?• SBCs are installed at the edge of VoIP Networks to facilitate
end to end VoIP transmission without compromising network security
• Essential for several reasons:– New security issues introduced with SIP protocol– Fix interoperability issues
• SBC are typically implemented as Back to Back User Agents (B2BUA)– All SIP and media (voice) traffic transit through SBCs
© 2014 Sangoma Technologies 9
![Page 10: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/10.jpg)
B2BUA Explained• A back to back user agent (B2BUA) is a logical network
element in the Session Initiation Protocol (SIP) applications
• It operates between two endpoints in a communication session and divides the communication channel into two different call legs
• It mediates SIP signaling between both ends of the call• B2BUAs are often implemented within media gateways
© 2014 Sangoma Technologies 10
![Page 11: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/11.jpg)
B2BUA Explained
© 2013 Sangoma Technologies 11
• SIP Normalization• Security• Transcoding• CDRs• RTCP QoS report• Call Access
Control• Management• GUI / config• DSP resources• Etc.
Eth pipeSIPport
RTP ports
SIPport
RTP ports
Eth pipeSIP
Media
SIP
Media
SBC
Because the SBC ‘sees’ all SIP and RTP traffic coming from both sides, it can analyze, fix, control, etc.
![Page 12: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/12.jpg)
• SIP Normalization• Security• Transcoding• CDRs• RTCP QoS report• Call Access
Control• Management• GUI / config• DSP resources• Etc.
Eth pipeSIPport
RTP ports
SIPport
RTP ports
Eth pipeSIP
Media
SIP
Media
SBC
Where are the User Agents (UA)?
© 2013 Sangoma Technologies 12
SIP UA SIP UA
They are back to back!
![Page 13: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/13.jpg)
Product Portfolio of theSession Border Controller
![Page 14: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/14.jpg)
Vega Enterprise SBC• Appliance
– 25-250 Sessions– H/W DSP acceleration– 1U/2 x 1 GE ports
• Software Version– 25-500 Sessions/Self-Contained ISO– VM requirements
• 1 Core/1 GB RAM/Bridged
• Software/Hybrid Version – UNIQUE– 25-500 Sessions/Self-Contained ISO– VM requirements
• 1 Core/1 GB RAM/Bridged
– H/W DSP acceleration
© 2014 Sangoma Technologies 14
D150
![Page 15: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/15.jpg)
NetBorder Carrier SBC
• Appliance– 250-4000 Sessions– H/W DSP acceleration– 1U/2 x 1 GE ports– RAID 1
© 2014 Sangoma Technologies 15
![Page 16: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/16.jpg)
© 2014 Sangoma Technologies 16
Product Highlights – All SBCs• Ease of Use
– WebGUI configuration, operation, backup and restore, REST API– Simplified licensing, field upgradable, all features one SKU
• Session Policy and Media– Advanced WebGUI or XML header manipulation, upper registration– NAT traversal, call forking
• Security– DDOS attack protection, advanced firewall for signaling and data
• Advanced Call Routing– Advanced WebGUI or XML dialplan, database routing, load balancing
• Troubleshooting– PCAP signaling and media capture on the SBC, email notifications
• Redundancy/HA– Active - Active or Active - Standby
![Page 17: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/17.jpg)
Ease of Use• WebGUI configuration, operation, backup and restore
– Golden master configuration used to configure multiple SBCs
• REST API– Integrate Sangoma SBC into a business process – Programmatic SIP trunk and user configuration
• Simplified licensing, field upgradable– All features one SKU. No feature limitations. – Transcoding, SRTP, voice quality features all included– Sessions are software upgradable from 20 to 250 sessions
• Email Notifications– Notifications on error conditions, failures, security or capacity
© 2014 Sangoma Technologies 17
![Page 18: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/18.jpg)
Session Policy• Advanced Header Manipulation
– GUI or XML based manipulation of any SIP header on any SIP packet. INVITE, 180,183,200, etc…
• Upper Registration – Remote Users– Pass-through registration with in and/or out of dialog support– Advanced call flow scenarios to support remote users
• NAT Traversal– Auto IP detection
• Call Forking– Multiple outgoing dialogs per call
• First 200 Ok receives the call, rest of the calls get hung-up• Support for busy, unregistered or inactive user agents
• Unlimited SIP Interfaces• Unlimited SIP Trunking• SIP and Media Transports
– TCP, UDP, TLS, RTP, SRTP
© 2014 Sangoma Technologies 18
![Page 19: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/19.jpg)
Media and Networking• Hardware Media Processing
– Sangoma SBCs use hardware network DSPs to process RTP– Low latency media pass through– High capacity any to any transcoding and encryption– Voice quality enhancements
• Echo cancellation, noise reduction, auto gain control
• Networking– Single IP address for signaling and media– Separated signaling and media planes – VLAN and ethernet bonding
© 2014 Sangoma Technologies 19
![Page 20: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/20.jpg)
Security• Signaling Security
– Adaptive and time based firewall blocking based on SIP flood attacks • Malformed packet, registration storms, invite floods, authentication errors
– SIP scanner detection and blocking– Rule based detection and blocking
• Using standards based rules and known exploits and blacklists
• Media Security– RTP media port pin hole based on active session
• RTP ports are only opened when session is active
– RTP port overload detection. In case of RTP flood attack on a specific port.
• Data Firewall– Advanced state full data firewall – Port forwarding and NAT
• DDOS– Adaptive and time based firewall blocking based on IP flood attacks– Detection of known IP sniffers and DDOS attack generators
© 2014 Sangoma Technologies 20
![Page 21: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/21.jpg)
Advanced Call Routing (‘Softswitch’)• Advanced GUI or XML Dialplan
– Route calls based on any sip header or DID or IP– Nested dialplan support with advanced regex matching
• Database Routing– Routing based on remote database lookup using HTTP/HTTPS– Routing based on ODBC database connection– Mongo DB support
• Load Balancing– Weighed or round robin load balancing between multiple SIP interfaces within a domain
• Least Cost Routing– Support for local LCR database. GUI LCR Import/export.
• DNS/SRV Routing• DHCP Options
© 2014 Sangoma Technologies 21
![Page 22: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/22.jpg)
© 2014 Sangoma Technologies
Troubleshooting• GUI Error Reporting and Notification
– GUI dashboard with time based graphing– System, session, capacity errors– Error message counts
• PCAP Tracing– Ability to trace both signaling and media on the SBC. Self contained No need to use external port mirrors or hub– Decode PCAP files using Wireshark– Huge disk space to store large circular PCAP buffer for long term debugging
• RTCP Search– Search for calls with bad RTCP thresholds. Email notifications on each bad RTCP call.
• SSH and CLI Console– Ability to perform real time log analysis and tracing on the console– Multiple screen support
• Logging– Extensive logging per call tagged using UUID– Remote syslog support
• Hardware Crash Protection– Automatic reboot on system lockup or HW fault
22
![Page 23: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/23.jpg)
Business Applications and Use Cases
Vega Series SBC
![Page 24: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/24.jpg)
Enterprise SIP Trunking
© 2014 Sangoma Technologies 24
Vega eSBC
ITSP SIP SIP
IP-PBX
IPSIP
DMZ Deployment
Vega eSBC
ITSP SIP SIP
IP-PBX
IPSIP
Direct Deployment on Public IP address
![Page 25: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/25.jpg)
Secure Access Control for Remote Users or Telecommuters
© 2014 Sangoma Technologies 25
Vega eSBC
ITSP SIP SIP
IP-PBX
IPSIP
ExternalFW/NAT
InternalFW
Home Office,Mobile Users, Telecommuters
SIP
Vega eSBC:• Pass-through SIP registration on IP-PBX• Remote FW/NAT traversal• Call Admission Control• Topology Hiding• TLS and SRTP encryption• No VPN required
Ext 101
Ext 102
![Page 26: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/26.jpg)
Multi-Site Consolidation
© 2014 Sangoma Technologies 26
SBC:• Remove Multi-Sites PRIs• Performs SIP Security Functions• SIP Harmonization• Media Harmonization• Intelligent Call Routing
• Sophisticated Dial Plans
Vega eSBC
ITSP SIP SIP
IP-PBX
IPSIP
IP-PBX
IP-PBX
SIP
SIPWAN
WAN
![Page 27: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/27.jpg)
Carrier SBC For Hosted PBX• Advantages
– Known demarcation point– Reduces interoperability issues/resource with core– Transcoding if required
© 2014 Sangoma Technologies 27
IP Phones
IP Network
VoIP ServiceProvider
LAN VoIP
Multi-TenantIP PBX
![Page 28: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/28.jpg)
Legacy PBX Migration to Microsoft Lync
© 2014 Sangoma Technologies 28
SBC:• Performs SIP Security Functions• UDP/TCP Translation• SIP Harmonization
• Media Harmonization
• Intelligent Call Routing• Active Directory Routing• Unified Dial Plan
Vega eSBC
MediationServer
LyncServer
LyncUser
ITSP SIP
SIP
SIP
IP-PBX
ActiveDirectory
![Page 29: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/29.jpg)
Microsoft Lync Transition with Analog Lines
© 2014 Sangoma Technologies 29
SBC:• Performs SIP Security Functions• UDP/TCP Translation• SIP Harmonization
• Media Harmonization
• Intelligent Call Routing• Active Directory Routing• Unified Dial Plan
Vega eSBC
MediationServer
LyncServer
LyncUser
ITSP SIP
SIP
SIP
Vega 5000
ActiveDirectory
Analog5000
![Page 30: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/30.jpg)
SIP Signaling Conversion
• Convert SIP over TCP to SIP over UDP• Some devices require SIP/TCP
– e.g. Microsoft Lync
© 2014 Sangoma Technologies 30
![Page 31: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/31.jpg)
Carrier/Service Provider Applications and Use
Cases
NetBorder Series SBC
![Page 32: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/32.jpg)
Carrier SBC for SIP Carrier
ITSP
Softswitch
SBCBroadban
d
NAT/FW
NAT/FW
SIPSIP
SIP SIP
ATA
NAT/FW
SIP
SIP
SBC:• Performs SIP Security Functions• Peering with Other SIP Providers• SIP Harmonization• Media Harmonization• Far End NAT Traversal• Call Admission Control
Residential
Residential
SOHO
SIP
© 2014 Sangoma Technologies 32
![Page 33: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/33.jpg)
SIP Trunking
© 2014 Sangoma Technologies 33
This NetBorder SBC
protects the ITSP’s network
![Page 34: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/34.jpg)
SIP Network Peering/IP Carrier Interconnect
• Use IP for inter-carrier links• No TDM conversion required:
– Decrease complexity– Better voice quality, less delay, less transcoding
© 2014 Sangoma Technologies 34
![Page 35: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/35.jpg)
Carrier Interconnect Mediation• Secure carrier network• Normalize SIP messaging (easy interop)• Transcoding between carriers
© 2014 Sangoma Technologies 35
![Page 36: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/36.jpg)
SBC Load Balancing and Failover Techniques
![Page 37: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/37.jpg)
Typical Service Provider SBC Deployment
• Hosted PBX Service• SBC Protects SP’s Network; performs far end NAT traversal, etc.• Each VoIP phone sends all SIP protocol messages to SP’s
Softswitch via SBC (phone’s outbound proxy settings) • SBC is critical; if it fails no service for 1000s of users
© 2014 Sangoma Technologies 37
Internet
Softswitch
RouterNATFW
ServiceProvider
![Page 38: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/38.jpg)
Load Balancing SBCs with DNS SRV
© 2014 Sangoma Technologies 38
Internet
Softswitch
RouterNATFW
ServiceProvider
DNS Server
sbc110.10.0.10
sbc210.10.0.20
DNS SRV Record Query for ‘carrier.com’
_sip._udp.carrier.com 60 IN SRV 10 50 5060 sbc1.carrier.com_sip._udp.carrier.com 60 IN SRV 10 50 5060 sbc2.carrier.com
DNS A Record Query
sbc1.carrier.com = 10.10.0.10sbc2.carrier.com = 10.10.0.20
Same priority and weight entries:• sbc1 and sbc2 would each get
50% of the traffic load• If one SBC becomes
unavailable, remaining machine takes the load
1
2
Domain: carrier.com
![Page 39: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/39.jpg)
Failover SBCs with DNS SRV
© 2014 Sangoma Technologies 39
Internet
Softswitch
RouterNATFW
ServiceProvider
DNS Server
sbc110.10.0.10
sbc210.10.0.20
DNS SRV Record Query for ‘carrier.com’
_sip._udp.carrier.com 60 IN SRV 10 50 5060 sbc1.carrier.com_sip._udp.carrier.com 60 IN SRV 20 50 5060 sbc2.carrier.com
DNS A Record Query
sbc1.carrier.com = 10.10.0.10sbc2.carrier.com = 10.10.0.20
• Different Priorities• Lower Priority tried first:
sbc1.carrier.com•If sbc1.carrier.com unavailable:
sbc2.carrier.com
1
2
Domain: carrier.com
![Page 40: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/40.jpg)
DNS SRV: Countless Other Scenarios• DNS SRV records not limited to 2 lines• Could implement several scenarios:
– M-ways load balancing– M-ways load balancing; N-way failover
• Example:
• _sip._udp.carrier.com 60 IN SRV 10 60 5060 sbc1.carrier.com • _sip._udp.carrier.com 60 IN SRV 10 20 5060 sbc2.carrier.com • _sip._udp.carrier.com 60 IN SRV 10 10 5060 sbc3.carrier.com • _sip._udp.carrier.com 60 IN SRV 10 10 5060 sbc4.carrier.com • _sip._udp.carrier.com 60 IN SRV 20 0 5060 sbc5.carrier.com
• The first 4 SBC would share the load at 60%, 20%, 10% and 10% respectively• If the first 4 SBCs should become unavailable, sbc5 would take the load
© 2014 Sangoma Technologies 40
![Page 41: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/41.jpg)
SBC Walkthrough
![Page 42: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/42.jpg)
SBC Walkthrough
• For the walkthrough, we will cover the following topics:– Logging into your SBC– System Overview and Services– Configuring your Signaling Interfaces– Configuring your Media Interfaces
© 2014 Sangoma Technologies 42
![Page 43: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/43.jpg)
The SBC System Status
© 2014 Sangoma Technologies 43
![Page 44: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/44.jpg)
Signaling Interfaces – Highlights
© 2014 Sangoma Technologies 44
• Each interface used for signaling is displayed, with the ability to edit that interface• User can create multiple virtual interfaces
• Multiple virtual interfaces can be created and applied to a single physical interface• User can create VLAN interfaces if the SBC is sitting in a specific VLAN
• Multiple VLAN interfaces can be applied to a single physical interface
![Page 45: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/45.jpg)
Signaling Interfaces – Configuring an Interface
© 2014 Sangoma Technologies 45
• Simplistic Configuration of signaling interface• Select from either a static IP assignment or a dynamic DHCP assignment• Apply an appropriate IP address and Network Mask to the interface• Options can be an variation of any Linux Ethernet ethtool options
• Ex. speed 1000 duplex full autoneg off
![Page 46: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/46.jpg)
Signaling Interfaces – sngdsp Interface
• The SNGDSP interface is a special interface within the SBC
• The interface controls all the interactions between the media adapters and the SBC
• When configuring the SBC, the sngdsp interface must be on a “non-routable” network or a WAN/DMZ IP address– IP address configuration depends on whether you will be
configuring the media adapters in exposed or hidden mode. This will be explained when looking at the media interfaces.
© 2014 Sangoma Technologies 46
![Page 47: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/47.jpg)
Media Interfaces – Highlights
© 2014 Sangoma Technologies 47
• Outlines the way the media interfaces are configured and details information on each Media DSP adapter
• Media Server configuration is the method in which the DSPs are configured • Hidden mode hides the DSPs from the environment• Exposed mode exposes the DSPs to the environment. If in exposed mode, each DSP must have
a routable IP address configured.• Software mode identifies that no SngDsp interface is installed. Transcoding and TLS/SRTP are
disabled. This is found only in the software only version of the SBC.• Each SngDsp interface will come with preinstalled adapters. This will depend on which hardware
version of the SBC is purchased.• The DSP version, MAC address, and assigned IP and RTP ports will be displayed. You can edit
each individually if required.
![Page 48: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/48.jpg)
Media Interfaces – Configuration
© 2014 Sangoma Technologies 48
![Page 49: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/49.jpg)
First Practical
© 2014 Sangoma Technologies 49
• Log in to SBC default details:– User : root– Password: sangoma– Default IP address 192.168.2.2
• Configure Signaling & Media Interfaces– Structure of WebUI
![Page 50: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/50.jpg)
Expected Break for Lunch
© 2014 Sangoma Technologies 50
![Page 51: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/51.jpg)
Recap of Session 1
![Page 52: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/52.jpg)
What is an SBC and why have one?• SBCs are installed at the edge of VoIP Networks to facilitate
end to end VoIP transmission without compromising network security
• Essential for several reasons:– New security issues introduced with SIP protocol– Fix interoperability issues
• SBC are typically implemented as Back to Back User Agents (B2BUA)– All SIP and media (voice) traffic transit through SBCs
© 2014 Sangoma Technologies 52
![Page 53: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/53.jpg)
Vega Enterprise SBC• Appliance
– 25-250 Sessions– H/W DSP acceleration– 1U/2 x 1 GE ports
• Software Version– 25-500 Sessions/Self-Contained ISO– VM requirements
• 1 Core/1 GB RAM/Bridged
• Software/Hybrid Version –UNIQUE– 25-500 Sessions/Self-Contained ISO– VM requirements
• 1 Core/1 GB RAM/Bridged
– H/W DSP acceleration
© 2014 Sangoma Technologies 53
D150
![Page 54: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/54.jpg)
NetBorder Carrier SBC
• Appliance– 250-4000 Sessions– H/W DSP acceleration– 1U/2 x 1 GE ports– RAID 1
© 2014 Sangoma Technologies 54
![Page 55: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/55.jpg)
Failover SBCs with DNS SRV
© 2014 Sangoma Technologies 55
Internet
Softswitch
RouterNATFW
ServiceProvider
DNS Server
sbc110.10.0.10
sbc210.10.0.20
DNS SRV Record Query for ‘carrier.com’
_sip._udp.carrier.com 60 IN SRV 10 50 5060 sbc1.carrier.com_sip._udp.carrier.com 60 IN SRV 20 50 5060 sbc2.carrier.com
DNS A Record Query
sbc1.carrier.com = 10.10.0.10sbc2.carrier.com = 10.10.0.20
• Different Priorities• Lower Priority tried first:
sbc1.carrier.com•If sbc1.carrier.com unavailable:
sbc2.carrier.com
1
2
Domain: carrier.com
![Page 56: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/56.jpg)
Signaling Interfaces – Highlights
© 2014 Sangoma Technologies 56
• Each interface used for signaling is displayed, with the ability to edit that interface
• User can create multiple virtual interfaces• Multiple virtual interfaces can be created and applied to a single
physical interface• User can create VLAN interfaces if the SBC is sitting in a specific VLAN
• Multiple VLAN interfaces can be applied to a single physical interface
![Page 57: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/57.jpg)
Signaling Interfaces – sngdsp Interface
• The SNGDSP interface is a special interface within the SBC
• The interface controls all the interactions between the media adapters and the SBC
• When configuring the SBC, the sngdsp interface must be on a “non-routable” network or a WAN/DMZ IP address– IP address configuration depends on whether you will be
configuring the media adapters in exposed or hidden mode. This will be explained when looking at the media interfaces.
© 2014 Sangoma Technologies 57
![Page 58: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/58.jpg)
Media Interfaces – Highlights
© 2014 Sangoma Technologies 58
• Outlines the way the media interfaces are configured and details information on each Media DSP adapter
• Media Server configuration is the method in which the DSPs are configured • Hidden mode hides the DSPs from the environment• Exposed mode exposes the DSPs to the environment. If in exposed mode, each DSP
must have a routable IP address configured.• Software mode identifies that no SngDsp interface is installed. Transcoding and
TLS/SRTP are disabled. This is found only in the software only version of the SBC.• Each SngDsp interface will come with preinstalled adapters. This will depend on which
hardware version of the SBC is purchased.• The DSP version, MAC address, and assigned IP and RTP ports will be displayed. You
can edit each individually if required.
![Page 59: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/59.jpg)
SBC Call Processing Components
Conceptual Overview
![Page 60: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/60.jpg)
Conceptual Overview
© 2014 Sangoma Technologies 60
Carrier SIP Trunk
External SIP Profile
External Media Profile
Domain Profile
Inbound Call Routing
Internal SIP Trunk
Internal SIP Profile
Internal Media Profile
Outbound Call Routing
![Page 61: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/61.jpg)
SIP ProfilesIntroduction to
![Page 62: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/62.jpg)
Carrier SIP Trunk
SIP Profile Overview
© 2014 Sangoma Technologies 62
1External
SIP ProfileExternal
Media Profile
Domain Profile
Inbound Call Routing
Internal SIP Trunk
Internal SIP Profile
Internal Media Profile
Outbound Call Routing
![Page 63: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/63.jpg)
What is a SIP Profile?• A SIP Profile defines a SIP interface in the SBC • The SIP profile defines a set of SIP attributes that are
associated to the SIP interface on the SBC• The SIP Profile is used as a portal external endpoints or
Trunks which connect to the SBC• An IP interface address and port are bound exclusively to the
SIP Profile• As part of the config call routing plans, domain profiles,
media profiles, and SIP trunks are bound to the SIP profiles
© 2014 Sangoma Technologies 63
![Page 64: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/64.jpg)
SIP Profile Overview• Any call, whether inbound or outbound, gets
processed within a SIP profile• Profile has a choice where to send the call based on
call routing• In general, there is always a minimum of 2 profiles
within an SBC– One is internal– One is external
© 2014 Sangoma Technologies 64
![Page 65: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/65.jpg)
SIP Profiles
© 2014 Sangoma Technologies 65
• SIP Profiles can be managed from the SIP Profile menu option which is contained under Configuration
• A list of all the configured SIP Profiles is listed, with the ability of modifying a profile or removing it entirely
• The ability to sort and search is also available to users who have multiple SIP Profiles• This would happen if the SBC is being used in a multi-tenant or carrier situation
![Page 66: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/66.jpg)
Domain ProfilesIntroduction to
![Page 67: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/67.jpg)
Carrier SIP Trunk
Domain Profile Overview
© 2014 Sangoma Technologies 67
12
External SIP Profile
External Media Profile
Domain Profile
Inbound Call Routing
Internal SIP Trunk
Internal SIP Profile
Internal Media Profile
Outbound Call Routing
![Page 68: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/68.jpg)
What is a Domain Profile?• A domain, or a SIP realm, is a component within SIP which is
used to authenticate users within the SIP Registration process• Domain profiles are used to define the way users will
authenticate with the SBC– Local authentication is used when users will register with the SBC– Upper registration is used when users will register to a softswitch or a
IP-PBX through a SBC• This enables topology hiding so that no one outside of the corporate network
knows about the equipment sitting behind the SBC
• If using IP authentication, you will not require a domain profile
© 2014 Sangoma Technologies 68
![Page 69: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/69.jpg)
Domain Profile Overview• When a registration arrives into a SIP profile, the SIP profile
then sends off that request to the domain profile which is bound to it
• The domain profile details where to send the registration request– Local authentication challenges the registration from within the SBC
• User information is stored within the SBC
– Upper registration proxies the request to an IP-PBX or softswitch so that the registration request can be validated
• User information is stored within the IP-PBX or the softswitch
© 2014 Sangoma Technologies 69
![Page 70: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/70.jpg)
Domain Profiles
• Domain profiles can be managed from the Domain Profile menu option within the Configuration menu
• Domain profiles can be either a domain name (ex. Sangoma.com) or an IP address (ex. 10.82.1.254)
• The name of the domain profile must correspond to the way users register to either the SBC
– If the users will register to a domain name, the name of the domain profile MUST be that domain name (i.e. [email protected])
– If the users will register with an IP address, the name of the domain profile MUST be the IP address (i.e. [email protected])
© 2014 Sangoma Technologies 70
![Page 71: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/71.jpg)
Media ProfilesIntroduction to
![Page 72: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/72.jpg)
Carrier SIP Trunk
Media Profile Overview
© 2014 Sangoma Technologies 72
12External
SIP ProfileExternal
Media Profile
Domain Profile
Inbound Call Routing
Internal SIP Trunk
Internal SIP Profile
Internal Media Profile
Outbound Call Routing
![Page 73: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/73.jpg)
What is a Media Profile?
• A media profile is a list of attributes which defines what audio codecs are used on a per call basis
• It also describes how DTMF (Dual Tone Multiple Frequency) will be handled within the SIP profile
© 2014 Sangoma Technologies 73
![Page 74: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/74.jpg)
Media Profile Overview• The media profile deals with the codec negotiation which occurs
before a call is established• Media profiles have a list of codecs within them, and detail how
the process will occur– Either the remote end will choose the codec or the SBC will choose the
codec
• Codec negotiation is usually performed within the SIP SDP (Session Description Protocol)– The SDP is usually found in the SIP 200 OK message which is sent prior
to call establishment and the flow of RTP
© 2014 Sangoma Technologies 74
![Page 75: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/75.jpg)
Media Profiles
• Media profiles are used to determine which audio codecs will be used with SIP profiles– Multiple codecs are only available on the Carrier, Enterprise, or Hybrid SBCs– The software version of the SBC will only allow G.711
• You can also choose the codec negotiation mode, DTMF (Dual-Tone Multi Frequency) mode, and whether to enable/disable silence suppression
• By default, only 1 profile is created– Multiple profiles can be created– No limit to the amount of profiles– You can create an inbound profile and outbound profile, then use that in your SIP profiles– Possibilities are endless…
© 2014 Sangoma Technologies 75
![Page 76: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/76.jpg)
Media Profile – Codecs• An audio codec is a program implemented as an algorithm that
compresses and decompresses digital audio data• 5 codecs can be configured per media profile
– 10 different codecs to choose from with multiple variations of each codec– Codecs available:
• G.711 PCMU • G.711 PCMA• G.729• AMR• iLBC• GSM• G.722• G.722.1• G.723• G.726
© 2014 Sangoma Technologies 76
![Page 77: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/77.jpg)
SIP TrunksIntroduction to
![Page 78: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/78.jpg)
Carrier SIP Trunk
Internal SIP Trunk
External Media Profile
SIP Trunk Overview1
4
External SIP Profile
Domain Profile
Inbound Call Routing
Internal SIP Profile
Internal Media Profile
Outbound Call Routing
3
2
© 2014 Sangoma Technologies 78
![Page 79: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/79.jpg)
What is a SIP Trunk?
• SIP trunks are used to create a communication path between 2 SIP aware endpoints
• Trunks can be used to communicate with SIP carriers or with IP-PBXs– It is the description of how the SBC will
communicate with that endpoint– Example: IP address, port, etc.
© 2014 Sangoma Technologies 79
![Page 80: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/80.jpg)
SIP Trunk Overview
• In a scenario where a call is trying to be established, the SIP profiles need to know about the endpoints
• SIP trunking allows for the profiles to be aware of where calls may originate from– Calls will arrive from a trunk, then are processed
within the profile, then are sent to call routing in order to redirect to a different trunk
© 2014 Sangoma Technologies 80
![Page 81: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/81.jpg)
SIP Trunks
• SIP trunks attach to SIP profiles from within the trunk configuration
• Multiple SIP trunks can be created– A SIP profile can control multiple SIP trunks, but a SIP
trunk can only be bound to a single SIP profile
© 2014 Sangoma Technologies 81
![Page 82: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/82.jpg)
Call RoutingIntroduction to
![Page 83: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/83.jpg)
What is Call Routing• Call routing is the process used to route telephone
calls across a telephony network• The process is the same whether calls are made
between two phones in the same locality, or across two different continents
© 2014 Sangoma Technologies 83
![Page 84: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/84.jpg)
Call Routing Concepts
© 2014 Sangoma Technologies 84
Carrier SIP Trunk
External SIP Profile
External Media Profile
Domain Profile
Internal SIP Trunk
Internal SIP Profile
Ingress Header Manipulation
Ingress Header Manipulation
Internal Media Profile
Inbound Call Routing
Egress Header Manipulation
Outbound Call Routing
Egress Header Manipulation
1
2
4
3
![Page 85: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/85.jpg)
Call Routing Concepts• There are three concepts to call routing:
1. Condition• The outcome this routing rule is addressing • The condition statement is used to determine how the call will be dealt if the rule
turns out to be true or false• Example: Check the destination number is +19054741990
2. Action to be performed if true• What action will be performed if the condition is found to be true?• Example: Bridge to a different SIP trunk
3. Action to be performed if false• What action will be performed if the condition is found to be false?• Example: Send the originator a 503 service unavailable message
© 2014 Sangoma Technologies 85
![Page 86: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/86.jpg)
Call Routing Explained• Routing rules are created in order to direct calls received from one
interface, and bridge it out to the next interface– SIP profiles or SIP trunks are used to bridge calls
• Routing rules can be as simple as bridging between trunks, or as complicated as choosing from a different carrier due to costs of routing
• There are two different methods for creating routing rules within the SBC– Basic Routing– Advanced Routing
© 2014 Sangoma Technologies 86
![Page 87: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/87.jpg)
Basic Call Routing• Basic call routing uses the graphic user interface of the SBC
to allow users to create routing rules• It is modeled so that anyone would be able to create almost
any type of scenario without the need to learn XML• Each basic dialplan can have multiple rules associated with it
– Each rule deals with a specific condition which needs to be met– You can program the rule to continue to the next rule if it passes or
fails
© 2014 Sangoma Technologies 87
![Page 88: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/88.jpg)
Basic Dialplan Aggregated View
• First section deals with default parameters for that particular dialplan• Second section deals with the specific rules which will be processed
within the dialplan– Each rule is described based on the selections chosen within the rule
configuration
© 2014 Sangoma Technologies 88
![Page 89: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/89.jpg)
Advanced Call Routing• For advanced users, there is a way to build dialplans using the advanced
call routing engine• Advanced call routing is based on XML• There is no need to build multiple rules
– All rules are added into a single XML file– Rules are separated by the different conditions
• There are different editors built into the advanced dialplan that a user may choose from:– Standard text editor– Vim editor– Emacs editor
© 2014 Sangoma Technologies 89
![Page 90: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/90.jpg)
Advance Call Routing
© 2014 Sangoma Technologies 90
![Page 91: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/91.jpg)
Walkthrough
![Page 92: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/92.jpg)
SBC Walkthrough
• Will cover the following configurable sections within the SBC:– SIP Profiles– SIP Trunks– Domain Profiles– Call Routing
© 2014 Sangoma Technologies 92
![Page 93: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/93.jpg)
Questions?
![Page 94: Sangoma SBC Training Presentation](https://reader035.vdocuments.mx/reader035/viewer/2022081513/55b4c1a1bb61eb54668b469d/html5/thumbnails/94.jpg)
THANK YOU!