The leader in session border control
for trusted, first class interactive communications
SIP trunking & enterprise SBCs
3
Positive outlook for SIP trunking and SBCs through 2013
Still in early stages– CY08, $130M in revenue,
208.5K SIP trunksNorth America driving SIP trunking– 74% total trunk shipments
in CY08
Two dominant SBC players – Acme Packet and Cisco Systems 68% of enterprise SBC revenue from NA in 2008
Infonetics: June 20090
50
100
150
200
250
300
350
CY08 CY09 CY10 CY11 CY12 CY13
Mill
ions
Sessions
Session Border Controller2008-2013 CAGR of 49%
$0
$1
$1
$2
$2
$3
$3
$4
CY08 CY09 CY10 CY11 CY12 CY13
Reven
ue (
US
$B
)
0
1
2
3
4
5
6
Tru
nks (
M)
Revenue Trunks
SIP Trunking2008-2013 CAGR of 91%
4
Acme Packet is leader in delivering SIP trunking services
SIP trunking availability from APKT service providers exploding
– 80 deployments and trials today– 30 countries– Many different IP PBX/UC
environments supported
APKT in service provider network + APKT in enterprise network= guaranteed interoperability and faster time-to-trunk
Same border controls for service provider & enterprise
– Security– SLA assurance – Service reach/interoperability
All IP trunking protocols supported – RFC 3261 SIP, SIP-I, SIP-T and H.323
Deplo
yed
Trials
Planned
0
10
20
30
40
50
60
70
80
APKT SIP trunking service providers 1H'09
NA21%
EMEA41%
CALA26%
APAC12%
5
Why do you need an enterprise SBC?
Many PBX and UC vendors have SIP interfaces or other methods for connecting PBX and UC elements to a carrier SIP trunk service
This causes some enterprise telephony and UC managers to ask:– If my PBX or UC platform supports a native SIP trunk interface, why
can’t I just connect this interface directly to the carrier SIP trunk service?
This presentation will address this question and others such as:– Why do I need an enterprise SBC for SIP trunking interoperability?– Why do I need an enterprise SBC for SIP trunking security?– Why do I need an enterprise SBC for SIP trunking control?– How does using an enterprise SBC enhance my disaster recovery,
troubleshooting, and monitoring capabilities? – How is the Acme Packet solution packaged?
6
Acme Packet enterprise SBC solutioncontrols four IP network borders
VoIP & UC security
SIP trunking
SIP & H.323 interoperability
Data center disaster recovery
Remote site survivability
Contact center virtualization
Remote site & worker connectivity via the Internet
Regulatory compliance – recording & privacy
Data centers
Contact center, audio/video conferencing,
IP Centrex, etc.PSTN
Serviceproviders
SIP
IPsubscribers
Internet
Tele-worker
Nomadic/ mobile user
H.323
Regionalsite
SIP
Remotesite
Private network
1. SIP trunking border 4. Hosted services border
2. Private network border 3. Internet border
HQ/ campus
Remotesite
IP PBX UC
7
SIPconnect - enterprise SIP trunking profile accelerates time-to-trunk
SIP Forum spec ratified August 2006, now V1.13
Specifies RFCs that must be supported for SIP trunking
– SIP, TCP, TLS, RFC 4733 DTMF, G.711 20ms, E.164 & URI addresses, SIP server discovery, response codes, IPv4 addresses
SIP RFC 3261
Media G.711, 20ms
TLS
EnterpriseService provider
PSTN
8
SBCs assure service availability & quality
Session admission control – signaling element, network, user
– Signaling-based – number of call /sessions, signaling rates
– Media (bandwidth)-based
Overload control – Non-malicious – load balancing,
SIP registration avalanches, mass calling rejection/diversion
– Malicious
Failure detection & recovery - data center redundancy, remote site survivavbility
– L3 router– IP PBX or UC server– Service provider SIP trunk/SBC
Transport control– Packet marking and mapping– Media release peer-peer
Quality of Experience (QoE) – QoS & ASR monitoring, reporting
& routing
Data centers
Contact center, audio/video conferencing,
IP Centrex, etc.PSTN
Serviceproviders
SIP
IPsubscribers
Internet
Tele-worker
Nomadic/ mobile user
H.323
Regionalsite
SIP
Remotesite
Private network
1. SIP trunking border 4. Hosted services border
2. Private network border 3. Internet border
HQ/ campus
Remotesite
IP PBX UC
9
SBCs enable regulatory compliance
Call and session recording– Replicate session (signaling and
media) for recording
Session privacy– Secure signaling and/or media
Emergency calls E-9-1-1– Retrieve location information,
add to signaling– Route based upon location– Prioritize routing (SIP RPH)
& IP transport – Exempt from admission control
polices
Data centers
Contact center, audio/video conferencing,
IP Centrex, etc.PSTN
Serviceproviders
SIP
IPsubscribers
Internet
Tele-worker
Nomadic/ mobile user
H.323
Regionalsite
SIP
Remotesite
Private network
1. SIP trunking border 4. Hosted services border
2. Private network border 3. Internet border
HQ/ campus
Remotesite
IP PBX UC
10
SBCs control costs
Least cost routing
Accounting
Fraud prevention
Encryption off-load – TLS, IPsecData centers
Contact center, audio/video conferencing,
IP Centrex, etc.PSTN
Serviceproviders
SIP
IPsubscribers
Internet
Tele-worker
Nomadic/ mobile user
H.323
Regionalsite
SIP
Remotesite
Private network
1. SIP trunking border 4. Hosted services border
2. Private network border 3. Internet border
HQ/ campus
Remotesite
IP PBX UC
11
Why use SBC for enterprises & contact centers?
Real-time IP communications is different– Sessions initiated from inside or outside of firewall– Continuous stream vs. traffic bursts, 2-way flows– Latency & jitter very important, loss not so important
Security is paramount– Multi-protocol and real-time nature of VoIP demands
sophisticated stateful defense strategy– Signaling overloads occur with network outages,
attacks simple to launch
Today’s firewalls are insufficient, unable to:– Protect themselves or IP PBX/UC resources– Open / close RTP media ports in sync with SIP signaling – Perform VoIP signaling deep packet inspection– Track session state and provide uninterrupted service upon failure– Enable VoIP interoperability for all layers/protocols
SBCs deliver more than security using back-to-back user agent approach vs. ALG
– Service reach maximization– SLA assurance– Regulatory compliance– Cost control
12
SBC (B2BUA)
Terminates, re-initiates and initiates signaling & SDP
Two sessions - one on each side of system
Layer 2-7 state aware
Inspects and modifies any application layer header info (SIP, SDP, etc.)
Static & dynamic ACLs
Firewall with SIP ALG
Unable to terminate, initiate, re-initiate signaling & SDP
Single session across system
Layer 2-4 state aware
Inspects and modifies only application layer addresses (SIP, SDP, etc.)
Static ACLs only
12Acme Packet
Summary comparison:SBC vs. firewall with SIP ALGs
SIP trunk
IP PBXUC server
Data center
SIP trunk
IP PBXUC server
Data center
13
Why use SBC for enterprises & contact centers?
Real-time IP communications is different– Sessions initiated from inside or outside of firewall– Continuous stream vs. traffic bursts– 2-way flows
Security is paramount– Multi-protocol and real-time nature of VoIP demands
sophisticated stateful defense strategy– Signaling attacks are simplest to launch
Today’s data focused solutions are not enough– Lack ability to dynamically correct VoIP connectivity issues– Unable to perform VoIP signaling/media deep packet inspection– Inability to track session state and provide uninterrupted service– Firewalls and routers cannot protect UC resources– Back-to-back user agent proven superior to ALG
SBCs deliver more than security – Service reach maximization– SLA assurance– Cost optimization
14
SBC vs. alternative approaches
Function & feature examplesAcme Packet
SBCFirewall w/ SIP ALG IP PBX SIP proxy Router
Security
DoS/DDoS self-protection √
IP PBX/SIP proxy DoS prevention √
Access control-dynamic & static √ Static only Static only
Topology hiding √ NAT leaks
Encryption – signaling & media √ IPSec tunnels only
Software-basedsignaling only
Software-basedsignaling only
IPSec tunnels
Malware & SPIT mitigation √
Application reach maximization
Remote NAT traversal √
L3 & 5 OLIP/VPN bridging, IPv4-v6 interworking √ L3 only
Interworking; signaling, transport & encryption protocols
√
Overlapping dial plan translations √
SLA assurance
Admission control – signaling resource & bandwidth √ Call counting only
Call counting only
Signaling resource load balancing; QoS/ASR routing √
Signaling overload control √
QoS marking and reporting √ No L5 awareness
15
La Quinta & Extended Stay hotels – SIP trunking and session routing
Application– SIP trunking for analog PBXs
to reduce PSTN costs– Interconnect over 1,000 hotel properties
Problems overcome– High costs and inefficient PRIs
for individual hotels– Protect data center VoIP infrastructure– NATs block remote worker IP phone calls– Inbound call routing & outbound load
balancing
Serviceproviders
Data center
Guestphones
Guestphones
Guestphones
Remote workerIP phones
Hotel properties
VM
MPLS backbone
Internet
PSTN
16
Application– SIP trunking to service provider– Unified communications across
Hanjin Group companies
Problems overcome– Protect UC and VoIP infrastructure– Interoperability with Microsoft
Solution for Enhanced VoIP Services using Sylantro’s Synergy
– Unify offices, reduce complexity
Hanjin – SIP trunking & unified communications
Hanjin offices
AS MS
MPLS WAN
Uniconverse data center
Local service providerPSTN
AS AS
17
Insurance – SIP trunking & Internet access
Application– Interconnection of HQ data center
to remote sites and agents over Internet
– SIP trunking to rest of world
Problems overcome– Protecting core IPT infrastructure– Mediation of network differences -
overlapping IP addresses and differing protocols
– Firewall/NAT traversal – Privacy for Internet-transported calls
Data centers
PSTN
Serviceproviders
SIP
Internet
Tele-worker
Nomadic/ mobile user
1. SIP trunking border
3. Internet border
Remotesite
IP PBX
18
Data centers
Application– Connect 40 locations via
SIP trunking– Multivendor IP-PBX interoperability– Support nomadic mobile worker
Problems overcome– Security on SIP trunks– Reduce access & toll costs by
changing TDM trunking to SIP
– SIP-H.323 interoperability– NAT traversal for remote workers
Financial services – SIP trunking & remote worker
Serviceproviders
SIP
Internet
Tele-worker
Nomadic/ mobile user
H.323
Regionalsite
SIP
Remotesite
Private network
SIP trunking border
Private network border Internet border
HQ/ campus
Remotesite
IP PBX UC
PSTN
19
Data centers
Application– Connect 40 locations via
SIP trunking– Multivendor IP-PBX interoperability– Support nomadic mobile worker
Problems overcome– Reduce access & toll costs by
changing TDM trunking to SIP– Security on SIP trunks– SIP-H.323 interoperability– NAT traversal for remote workers
Financial services – SIP trunking & remote worker
Serviceproviders
SIP
Internet
Tele-worker
Nomadic/ mobile user
H.323
Regionalsite
SIP
Remotesite
Private network
SIP trunking border
Private network border Internet border
HQ/ campus
Remotesite
IP PBX UC
PSTN
20
SIP trunking savings spans access, local and long distance costs
SIP trunkingPRI trunking Savings
21
Net-Net
Enterprise and contact center are transitioning to IP trunking and unified communications– Driving need for increased security and connectivity– Users pushing boundaries, creating need for increased control
Security, service reach and SLA assurance are major issues– Voice is mission critical, solution must meet demands– Intelligent, dynamic solution required to protect real-time
communications services – only SBCs provide this
Acme Packet is leading the way– Category creator and industry leader– Feature rich products led by real-world experience– Channel and interop partners in place
The leader in session border control
for trusted, first class interactive communications