eSBCs: Required for Secure, Interoperable Real Time Unified Communications

Share

Tweet

July 12, 2017

By Biju Oommen

In the Digital Age, as a part of the digital transformation for unified communications (UC), organizations worldwide are retiring legacy ISDN/TDM primary rate interface (PRI) voice systems. They are replacing it with Session Initiation Protocol (News - Alert) (SIP) based voice and real-time-communications (RTC) services.

Whether you are an Over the Top (OTT) provider of SIP trunking or an Internet Telephony Service Provider (ITSP)—or even a subscriber—  the enterprise session border controller (eSBC) is a multifunction platform that can provide valuable services for SIP interconnections  (real-time communications).  The acronym SBC breaks down as follows:

• Session refers to the RTC session between two endpoints.
• Border refers to the crossing point between two networks with disparate trust levels:  e.g. your enterprise network and the service-provider network.
• Controller refers to the ability of the platform to control the signaling and media sessions flowing through it.

So, at a minimum, the eSBC should provide session control and interoperability in a secure manner for the SIP interconnections between the various entities. Additionally, as a multifunction platform, an eSBC can provide such valuable services as transcoding, call admission control (CAC), encryption and authentication for secure connections to the SIP trunks, as well as network topology hiding.

While controlling the signaling and media streams, an eSBC can provide SIP mediation services, i.e. protocol normalization between the various SIP variants while normalizing and translating among the different media types. The eSBC also serve as a demarcation point between the carrier network and the subscriber network.

We summarily reviewed the features of the eSBCs from the Patton SmartNode VoIP family of appliances. We wanted to prove they deliver network security, assured voice quality and integration with legacy voice systems for SIP trunk deployments, while also keeping an eye on the total cost of ownership (TCO).

Given the continued dominant role of SIP in real-time communications, Patton’s eSBCs are well placed to serve it.

For our discussion and functional testing we will consider the Patton SmartNode 5570 VoIP ESBR Session Border Controller + Router platform. It broadly offers features such as: 30 simultaneous calls [G.722, T.38 or G.711 ISDN to VoIP calls…includes support for SIP TLS and SRTP support], 16 SIP-to-SIP transcoded calls (e.g. G711 to G722 or RTP to SRTP), SIP Registrar function, access link ,access redundancy [using the USB port and 3G/4G modems for cellular connectivity], Ethernet Layer 2 switching and bridging, access router with NAT, Policy Based Routing, Stateful Firewall, PPPoE, DHCP, DynDNS etc. For VoIP it supports: SIPv2, SIPv2 over TLS, ISDN, DSS1, NI-2, QSIG, T.38, G.722 HD voice, RTP Security with SRTP, fax and modem bypass, DTMF relay. SIP to SIP transcoding for up to 15 calls and with non-transcoding sessions up to 512 calls [Transcoding, debugging, and/or IP routing reduce processing capacity]. The Session Router allows flexible call routing and numbering plan adaptations, CLIP/CLIR, hold, transfer, etc. The chassis is equipped with 2 auto MDI (News - Alert)-X 10/100/1000 Ethernet ports, 1 or 2 ISDN E1/T1 PRI ports and a USB port.

Significantly, the T1/E1 interfaces on the SN5570 unit could lend a helping hand if you want to deploy SIP trunking while there is still a major requirement for retaining legacy TDM PBX (News - Alert) systems or let us say hybrid deployments. Many enterprises need or want a mixture of SIP trunks integrated with connectivity to the PSTN via TDM trunks. Patton’s SN5570 supports the old PRIs and the new SIP trunks on the same platform. As such, the SN5570 could also aid you in your business continuity posture for PSTN fallback. Or it could provide connection to your ISDN PRI PBX interface. The ports can be configured as TE or NT.

To aid in the provisioning and management of the unit, the device offers such features as Web-based management, Patton’s Web Wizard configuration tool, SNMPv3, CLI interface, and secure provisioning for configuration and software upgrades.

Having summarily reviewed the features of the Patton SmartNode 5570 VoIP ESBR, we will continue with our functional and operational testing...

Operational Testing

For our testing we used the Patton SmartNode 5570 VoIP ESBR along with the following SIP endpoints (multivendor SIP entities):

• 3CX softphone running on MS Windows 10
• Smartphones equipped with 3CX VoIP client for Apple (News - Alert) iOS and Zoiper for Apple iOS for VoIP over Wi-Fi
• The Patton SIP-based M-ATA equipped with a FXS interface to test analog phone connectivity and a SIP trunk.

Our first task was to identify the network topology (see Figure 1).  Then we set about creating the configuration files for the SN5570 and the SIP endpoints. Before testing, we registered the SIP end points directly with the SIP trunk provider (without the SN 5570) to validate that the SIP trunk was working satisfactorily for both inbound/outbound calls. We updated the SN5570 to Patton’s latest software release: Trinity 3.11.1-17042. Then we configured the SN5570 with the appropriate codecs (g729, g711ulaw, g711alaw), outbound registration SIP server, SIP VoIP Connection with protocols UDP (News - Alert) and TCP (ports 5060 and 5062), and location service.

We ensured that the telnet server, SSH-server, Web server, DNS server and relay DNS Client services, NTP (with the correct clock offset) were running. The SIP clients and the M-ATA were configured with: SIP credentials, codecs, and SIP port, and then we pointed them to the SN5570. The SIP clients running in MS Windows 10 and the smartphones as well as the M-ATA registered successfully with the SN5570. Debug on the SIP phone showed that the phone connected to the SN5570 using SIP port 5060.

We were able to successfully place inbound/outbound calls from the various above mentioned SIP end points through the SN5570.    

Conclusion

Moving to SIP-based voice  RTC services can lead to reduced costs, reliability, scalability, etc., and that is where the eSBC can ensure interoperability, and provide session control/session management and security between the carrier SIP trunks and your enterprise communication platforms. It is important to carry out a pilot deployment for certification and interoperability before an actual roll out. 

About the Author

Brad (Biju) Oommen is a Telecommunications & Networking Solutions Consultant with a special focus on enterprise products and solutions. 

 

Article comments powered by Disqus

Home