SIP Trunking

1
SIP Trunking
2
What is SIP Trunking?

• Termination of SIP calls directly to Service
  Provider(s) via IP.
• For Session Initiation Protocol (SIP) based
  IP-PBXs
• For legacy PBXs with a gateway to SIP.
• Benefits for the Enterprise
• No need to have local PSTN Gateways on the LAN.
• No need to pay expensive monthly fees for PRI/BRI
  lines
• Flexible growth in of lines up to the capacity
  of the link
• No need to invest in more capacity in PSTN
  Gateways.
• No need to add another BRI/PRI just to get one
  more line.
• Benefits for the Service Provider
• Able to deliver both data and voice services in
  same link.
• More services means lower churn.
• Compelling and competitive offering.

3
Ingate SIP Proxy firewall
Normal Firewalls
Ingate Firewall
With SIP-Proxy and -Registrar
SIP
TLS
SIP
SIP
4
Ingate SIParator
No Need to Replace your Firewall!
SIP
Normal Firewalls
Ingate SIParator
DMZ
SIP-enables any firewall
SIP
Ports that need to be open -SIP Signaling
port 5060 -Range of UDP/TCP ports
SIP
5
Ingate takes care of the Interoperability issues
Service provider
Enterprise

• Confirmed IP-PBX interoperability
• 3Com
• Asterisk
• Avaya
• Broadsoft
• Cisco Call Manager
• Mitel
• Pingtel
• SER
• Shoretel
• Sphere
• Swyx
• More in pipeline....

SIP Trunk
SIP Connect compliant
Ingate SIParator -or- Ingate Firewall
Click here for more Technical details
6
Assumptions Return On Investment Calculations

• Customer have already a SIP compliant IP-PBX
• SIP Trunking Ingate replaces existing PRI
  PSTN Gateway
• Only additional - not existing PSTN Gateways
  are regarded as a cost
• All figures are based on monthly cost
• Subscriptions are monthly fees.
• Investment in HW/SW are distributed over 36
  months.
• Hardware and Software prices are list prices in
  Sweden
• The prices are converted from SEK to USD
• Subscription fees are taken from Tele2 (Swedish
  SP)
• Offers both TDM and SIP Trunking
• Same minute rates for calls in both TDM and SIP
  Trunking
• The call volume is not meeting the qualifying
  limit for free PRI.
• 1600 USD per month and PRI
• Prices and currency as of September 2006

7
ROI example SMB

• Existing TDM
• Internet 2 Mbit 253 USD
• BRI x 4 8 lines 165 USD
• Total per month 418 USD
• 8 lines with G.711, 80 Kbit/s per line
• 14 employees, average 64 Kbit/s Internet
• Internet overcapacity, only 0,9 Mbit/s used

Replace with SIP Trunk SIP/Data trunk 2
Mbit 253 USD Total per month 253 USD
Monthly savings 165 USD
If new installation!
0
Return On Investment 10,6 months
250 USD saving on the initial investment
8
TDM - Waste of Bandwidth
Max

• Realtime critical
• Peak hour

TDM 4 x BRI 512 Kbit/s Dedicated
Number of calls
Share of time
Bought capacity
Min
Needed capacity
Max
Wasted bandwidth

• Data can often wait!
• Often bursty traffic

Data Mbit/s
Internet 2 Mbit/s
Share of time
Min
9
TDM - Waste of Bandwidth
Convergence Optimal Bandwidth
TDM 4 x BRI 512 Kbit/s Dedicated
Share of time
SIP and Data Trunk 2 Mbit/s
Lowest
Peak
Internet 2 Mbit/s
Share of time
10
Convergence Optimal Bandwidth
Bought capacity
Needed capacity
Flexibility to use extra capacity
0
2
8
SIP and Data Trunk 2 Mbit/s
VoIP
Data
Number of calls
1
Mbit/s
16
25
0
Data uses free capacity with the help of QoS
settings
11
ROI example Enterprise
Existing TDM Internet 100 Mbit/s1 1 600 USD 4
x PRI 30 lines2 1 147 USD Total per month
2 747 USD
Replace with SIP Trunk SIP/Data trunk 100
Mbit/s1 1 600 USD Total per month 1 600 USD
Monthly savings 1 147 USD

• 550 employees, average 40 Kbit/s data
• That is 22 Mbit/s for data 1) More economical
  with one 100 Mbit/s than 2x20
• 110 lines with G.711, 80 Kbit/s per line
  2) More economical with 4xPRI than 3xPRI 10xBRI

If new installation!
0
Not good enough? Please WAIT!
Return On Investment 5,3 months
15 190 USD saving on the initial investment
All figures based on Swedish operator Tele 2
offering September 2006
12
What about growth in lines?
WAIT!
Growth this much over 3 years costs 65.845
USD more with TDM
Subscr. ac
PRI
Internet 100 M
SIP/Data 100 M
4
8
5
7
6
1
TDM
1
More Invest. ac
Cisco 2811
2811 30 lines
Upgrade to 45
10 Traversals
1
2
SIP Trunk
2
1
1
9
1
2
4
6
8
11
13
14
All investments distributed over 36 month.
All figures based on Swedish operator Tele 2
offering September 2006
13
What about line utilization?
WAIT!
Use the SIP Trunk flexibility and QoS to handle
peaks
14
What about branch offices?
WAIT!
The TDM way
The SIP Trunking way
Centralized PRI Trunks
SIP Data trunk from each office
HQ
HQ
PSTN
PBX
PBX
Service Provider
PBX
PBX
PBX
PBX
PBX
PBX
PBX
PBX
Exactely the capacity you need when you need it!
VPN to HQ PSTN Gateways
15
What if.............
WAIT!
We have been very conservative in the ROI
calculations!

• You could use codecs with compression ?
• You could get cheaper minutes from SIP SP ?
• You could support remote users ?
• Transfering x of your mobile calls to VoIP calls
• For remote users with PCs and softphone SIP
  clients.
• For remote users with dual handsets WiFI/SIP and
  mobile.
• Terminating calls at the most cost effective
  operator
• Terminate calls directly in the destination
  country
• Global calls to local fees.
• Improve communication and collaboration with
• Video, IM, Precense, File sharing, Filetransfer
  etc

What would the ROI then be ?
16
Connect to multiple Service Providers
PSTN
PSTN
Service Provider France
Service Provider A USA
PSTN
PSTN
Service Provider Japan
Service Provider B USA

• Authentication
• Least cost routing

81
1
33

• Fail over to secondary

IP-PBX
Ingate SIParator
Swedish office
SIP-unaware Firewall
Swedish Office
17
Authentication with Service Providers

• TLS Authentication with SP
• Prevent unauthorized use of your SIP Trunk
• Register the Ingate box at single user accounts
• Let all users use the single user account service
  for outgoing calls.
• Useful for example as a low cost back-up SIP
  Trunk.

18
Different Service levels for different users
PSTN
PSTN
Service Provider B
Service Provider A
Call From 603 883 6045
Call From 603 883 5003
Ingate SIParator
IP-PBX
SIP-unaware Firewall
Call Center
Back Office
Numbers
603 883 6000 to 603 883 6900
603 883 5000 to 603 883 5040
19
ENUM
Yes steve_at_ingate.com
No !
IP-clients and IP-PBXs
PSTN
ENUM
Service Provider
1-603 883 6569 SIP steve_at_ingate.com
Any entry for 9.6.5.6.3.8.8.3.0.6.1.e164.arpa ?
Any entry for 4.6.4.0.8.7.6.2.7.9.1.e164.arpa ?
Call to 1-972-678-0464
Call to 1-603 883 6569
SIP-unaware Firewall
Ingate SIParator
ENUM emulates the DNS hierarchy by reversing the
phone number including the country code with a
dot between each digit and adding e164.arpa as
the top domain. x.x.x.x.x.x.x.x.e164.arpa Top
domain for US is 1.e164.arpa
IP-PBX
20
Now you dare to connect over Internet

• The basic architecture of all Ingate products is
  an enterprise firewall.
• SIP specific Security features includes
• Topology hiding of private IP addresses
  information
• Validation of the SIP signalling with strict SIP
  parser
• Prevents admission of malformed and possibly
  malicious packets
• Dynamically open media ports
• Only for the duration of the session
• Only between the parties of the call
• Termination, transcoding and pass-through of TLS
  (signaling) and SRTP (media)
• To encrypt some or all sessions to insure
  privacy.
• Extensive SIP filtering
• Extensive SIP logging

21
The Ingate family
Firewall 1900 SIParator 90
Firewall 1600 SIParator 60
1 500 Calls 2 600 Mbit/s
Firewall 1450 SIParator45
500 Calls 385 Mbit/s
240 Calls 310 Mbit/s
Firewall 1450 SIParator45
150 Calls 120 Mbit/s
Firewall 1180 SIParator 18
30 Calls 30 Mbit/s
) Calls Concurrent RTP Sessions
22
The function of Ingate SIP Proxy
Ingate SIP Proxy
SIP Proxy/Registrar
SIP Signaling
Media
1.Check the SIP signaling, packet
inspection -Full flexibility to handle future
threats
2.Rewrite for the different address spaces
3.Forward the signaling to the correct SIP proxy
or client
4.Open ports (UDP/TCP) in the firewall for the
media -Only for the duration of the call -Only
between the exact endpoints
5.Media flows through the ports
6.Close ports after the call
23
Most Service Providers cant handle domain names
Ingate SIP Trunking module solves this problem !
What if the Service Provider cant handle domains
?
With domain name, no problem !
SIP-unaware Firewall
IP-PBX
6038836569_at_168.105.45.19
6038836569_at_pbx.ingate.com
Rewrites the domain part
IP 10.200.10.16
DMZ
IP 168.203.30.11
IP 10.500.10.13
IP 168.105.45.19
Ingate SIParator
with
6038836569_at_168.105.45.19
10.200.10.16
24
Many IP-PBXs cant handle outbound Proxy
Click here to go back
IP-packets to destinations outside the logical
network is sent to the Default Gateway for
routing.
Configure IP-PBX to pretend that Ingate is the
Service Provider
SIP-unaware Firewall
9726780464_at_10.500.10.13 Default Gwy
10.500.10.11 Outb. Proxy -
9726780464_at_168.203.30.11 Default Gwy
10.500.10.11 Outb. Proxy 10.500.10.13
9726780464_at_168.203.30.11 Default Gwy
10.500.10.11 Outb. Proxy -
IP-PBX
Rewrites the domain part
Default GatewayIP 10.200.10.11
IP 10.200.10.16
DMZ
IP 168.203.30.11
Outbound Proxy IP 10.500.10.13
IP 168.105.45.19
Outbound Proxy is the equivalence to Default
Gateway, but for SIP.
Ingate SIParator
with
9726780464_at_10.500.10.13
168.203.30.11