Suche senden
Hochladen
FreeSWITCH as a Kickass SBC
•
Als PPTX, PDF herunterladen
•
7 gefällt mir
•
12,843 views
Moises Silva
Folgen
How to use FreeSWITCH as an SBC
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 42
Jetzt herunterladen
Empfohlen
SIP Testing with FreeSWITCH
SIP Testing with FreeSWITCH
Moises Silva
Media Handling in FreeSWITCH
Media Handling in FreeSWITCH
Moises Silva
FreeSWITCH as a Microservice
FreeSWITCH as a Microservice
Evan McGee
Scaling FreeSWITCH Performance
Scaling FreeSWITCH Performance
Moises Silva
Kamailio :: A Quick Introduction
Kamailio :: A Quick Introduction
Olle E Johansson
Kamailio - Secure Communication
Kamailio - Secure Communication
Daniel-Constantin Mierla
Introduction to FreeSWITCH
Introduction to FreeSWITCH
Chien Cheng Wu
rtpengine and kamailio - or how to simulate calls at scale
rtpengine and kamailio - or how to simulate calls at scale
Andreas Granig
Empfohlen
SIP Testing with FreeSWITCH
SIP Testing with FreeSWITCH
Moises Silva
Media Handling in FreeSWITCH
Media Handling in FreeSWITCH
Moises Silva
FreeSWITCH as a Microservice
FreeSWITCH as a Microservice
Evan McGee
Scaling FreeSWITCH Performance
Scaling FreeSWITCH Performance
Moises Silva
Kamailio :: A Quick Introduction
Kamailio :: A Quick Introduction
Olle E Johansson
Kamailio - Secure Communication
Kamailio - Secure Communication
Daniel-Constantin Mierla
Introduction to FreeSWITCH
Introduction to FreeSWITCH
Chien Cheng Wu
rtpengine and kamailio - or how to simulate calls at scale
rtpengine and kamailio - or how to simulate calls at scale
Andreas Granig
Kamailio, FreeSWITCH, and You
Kamailio, FreeSWITCH, and You
Fred Posner
SIP - The Basics
SIP - The Basics
Jonas Borjesson
SIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer world
Olle E Johansson
Kamailio - Load Balancing Load Balancers
Kamailio - Load Balancing Load Balancers
Daniel-Constantin Mierla
Kamailio on Docker
Kamailio on Docker
Chien Cheng Wu
Homer - Workshop at Kamailio World 2017
Homer - Workshop at Kamailio World 2017
Giacomo Vacca
Scaling Asterisk with Kamailio
Scaling Asterisk with Kamailio
Fred Posner
SIP Attack Handling (Kamailio World 2021)
SIP Attack Handling (Kamailio World 2021)
Fred Posner
Introduction into SIP protocol
Introduction into SIP protocol
Michal Hrncirik
Kamailio - API Based SIP Routing
Kamailio - API Based SIP Routing
Daniel-Constantin Mierla
Kamailio with Docker and Kubernetes
Kamailio with Docker and Kubernetes
Paolo Visintin
FreeSWITCH Monitoring
FreeSWITCH Monitoring
Moises Silva
Expanding Asterisk with Kamailio
Expanding Asterisk with Kamailio
Fred Posner
Sipwise rtpengine
Sipwise rtpengine
Andreas Granig
Session Initiation Protocol
Session Initiation Protocol
Matt Bynum
Avaya VoIP on Cisco Best Practices by PacketBase
Avaya VoIP on Cisco Best Practices by PacketBase
PacketBase, Inc.
FreeSWITCH on Docker
FreeSWITCH on Docker
建澄 吳
SIP - Introduction to SIP Protocol
SIP - Introduction to SIP Protocol
LivePerson
rtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and Beyond
Andreas Granig
An SFU/MCU integration for heterogeneous environments
An SFU/MCU integration for heterogeneous environments
Giacomo Vacca
Mellanox's Technological Advantage
Mellanox's Technological Advantage
Mellanox Technologies
Sangoma SS7 Gateway Training
Sangoma SS7 Gateway Training
Empatiq İletişim Teknolojileri AŞ.
Weitere ähnliche Inhalte
Was ist angesagt?
Kamailio, FreeSWITCH, and You
Kamailio, FreeSWITCH, and You
Fred Posner
SIP - The Basics
SIP - The Basics
Jonas Borjesson
SIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer world
Olle E Johansson
Kamailio - Load Balancing Load Balancers
Kamailio - Load Balancing Load Balancers
Daniel-Constantin Mierla
Kamailio on Docker
Kamailio on Docker
Chien Cheng Wu
Homer - Workshop at Kamailio World 2017
Homer - Workshop at Kamailio World 2017
Giacomo Vacca
Scaling Asterisk with Kamailio
Scaling Asterisk with Kamailio
Fred Posner
SIP Attack Handling (Kamailio World 2021)
SIP Attack Handling (Kamailio World 2021)
Fred Posner
Introduction into SIP protocol
Introduction into SIP protocol
Michal Hrncirik
Kamailio - API Based SIP Routing
Kamailio - API Based SIP Routing
Daniel-Constantin Mierla
Kamailio with Docker and Kubernetes
Kamailio with Docker and Kubernetes
Paolo Visintin
FreeSWITCH Monitoring
FreeSWITCH Monitoring
Moises Silva
Expanding Asterisk with Kamailio
Expanding Asterisk with Kamailio
Fred Posner
Sipwise rtpengine
Sipwise rtpengine
Andreas Granig
Session Initiation Protocol
Session Initiation Protocol
Matt Bynum
Avaya VoIP on Cisco Best Practices by PacketBase
Avaya VoIP on Cisco Best Practices by PacketBase
PacketBase, Inc.
FreeSWITCH on Docker
FreeSWITCH on Docker
建澄 吳
SIP - Introduction to SIP Protocol
SIP - Introduction to SIP Protocol
LivePerson
rtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and Beyond
Andreas Granig
An SFU/MCU integration for heterogeneous environments
An SFU/MCU integration for heterogeneous environments
Giacomo Vacca
Was ist angesagt?
(20)
Kamailio, FreeSWITCH, and You
Kamailio, FreeSWITCH, and You
SIP - The Basics
SIP - The Basics
SIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer world
Kamailio - Load Balancing Load Balancers
Kamailio - Load Balancing Load Balancers
Kamailio on Docker
Kamailio on Docker
Homer - Workshop at Kamailio World 2017
Homer - Workshop at Kamailio World 2017
Scaling Asterisk with Kamailio
Scaling Asterisk with Kamailio
SIP Attack Handling (Kamailio World 2021)
SIP Attack Handling (Kamailio World 2021)
Introduction into SIP protocol
Introduction into SIP protocol
Kamailio - API Based SIP Routing
Kamailio - API Based SIP Routing
Kamailio with Docker and Kubernetes
Kamailio with Docker and Kubernetes
FreeSWITCH Monitoring
FreeSWITCH Monitoring
Expanding Asterisk with Kamailio
Expanding Asterisk with Kamailio
Sipwise rtpengine
Sipwise rtpengine
Session Initiation Protocol
Session Initiation Protocol
Avaya VoIP on Cisco Best Practices by PacketBase
Avaya VoIP on Cisco Best Practices by PacketBase
FreeSWITCH on Docker
FreeSWITCH on Docker
SIP - Introduction to SIP Protocol
SIP - Introduction to SIP Protocol
rtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and Beyond
An SFU/MCU integration for heterogeneous environments
An SFU/MCU integration for heterogeneous environments
Ähnlich wie FreeSWITCH as a Kickass SBC
Mellanox's Technological Advantage
Mellanox's Technological Advantage
Mellanox Technologies
Sangoma SS7 Gateway Training
Sangoma SS7 Gateway Training
Empatiq İletişim Teknolojileri AŞ.
Sangoma SBC Training Presentation
Sangoma SBC Training Presentation
Empatiq İletişim Teknolojileri AŞ.
DESIGN OF BARE METAL FABRICS - Built with SDN, Bare Metal Switches, and Merch...
DESIGN OF BARE METAL FABRICS - Built with SDN, Bare Metal Switches, and Merch...
Open Networking Summits
Día Neocenter | Sangoma Portfolio Product Update
Día Neocenter | Sangoma Portfolio Product Update
Neocenter SA de CV
QoS for Media Networks
QoS for Media Networks
Amine Choukir
ProSBC a Deep Dive
ProSBC a Deep Dive
Alan Percy
UC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdf
UC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdf
Wlamir Molinari
ProSBC a Deep Dive
ProSBC a Deep Dive
TelcoBridges Inc.
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl
CODE BLUE
Cisco vnp workshop 16-17 april v1-0
Cisco vnp workshop 16-17 april v1-0
liemgpc2
An hour with WebRTC FIC UDC
An hour with WebRTC FIC UDC
Quobis
MX Deep Dive PPT
MX Deep Dive PPT
omar awad
SIP2SIP - Direcciones SIP gratuitas para las masas
SIP2SIP - Direcciones SIP gratuitas para las masas
PaloSanto Solutions
Vo ip overview
Vo ip overview
viroj tanggasemsun
The Role Of SIP In Smart Grid Networks
The Role Of SIP In Smart Grid Networks
bleslie
Kamailio World 2013 - SIP and MSRP over WebSocket
Kamailio World 2013 - SIP and MSRP over WebSocket
Crocodile WebRTC SDK and Cloud Signalling Network
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
AdaCore
How Cisco Provides World-Class Technology Conference Experiences Using Automa...
How Cisco Provides World-Class Technology Conference Experiences Using Automa...
InfluxData
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
AdaCore
Ähnlich wie FreeSWITCH as a Kickass SBC
(20)
Mellanox's Technological Advantage
Mellanox's Technological Advantage
Sangoma SS7 Gateway Training
Sangoma SS7 Gateway Training
Sangoma SBC Training Presentation
Sangoma SBC Training Presentation
DESIGN OF BARE METAL FABRICS - Built with SDN, Bare Metal Switches, and Merch...
DESIGN OF BARE METAL FABRICS - Built with SDN, Bare Metal Switches, and Merch...
Día Neocenter | Sangoma Portfolio Product Update
Día Neocenter | Sangoma Portfolio Product Update
QoS for Media Networks
QoS for Media Networks
ProSBC a Deep Dive
ProSBC a Deep Dive
UC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdf
UC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdf
ProSBC a Deep Dive
ProSBC a Deep Dive
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl
Cisco vnp workshop 16-17 april v1-0
Cisco vnp workshop 16-17 april v1-0
An hour with WebRTC FIC UDC
An hour with WebRTC FIC UDC
MX Deep Dive PPT
MX Deep Dive PPT
SIP2SIP - Direcciones SIP gratuitas para las masas
SIP2SIP - Direcciones SIP gratuitas para las masas
Vo ip overview
Vo ip overview
The Role Of SIP In Smart Grid Networks
The Role Of SIP In Smart Grid Networks
Kamailio World 2013 - SIP and MSRP over WebSocket
Kamailio World 2013 - SIP and MSRP over WebSocket
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
How Cisco Provides World-Class Technology Conference Experiences Using Automa...
How Cisco Provides World-Class Technology Conference Experiences Using Automa...
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
Mehr von Moises Silva
Interfaces de Scripting para librerias en C
Interfaces de Scripting para librerias en C
Moises Silva
Vulnerabilidades en Aplicaciones Web PHP
Vulnerabilidades en Aplicaciones Web PHP
Moises Silva
Manejo de Medios en FreeSWITCH
Manejo de Medios en FreeSWITCH
Moises Silva
Implementation Lessons using WebRTC in Asterisk
Implementation Lessons using WebRTC in Asterisk
Moises Silva
FreeSWITCH Modules for Asterisk Developers
FreeSWITCH Modules for Asterisk Developers
Moises Silva
FreeSWITCH: Asterisk con Esteroides
FreeSWITCH: Asterisk con Esteroides
Moises Silva
Negociacion de Codecs en Asterisk
Negociacion de Codecs en Asterisk
Moises Silva
Sangoma en el Ecosistema Open Source
Sangoma en el Ecosistema Open Source
Moises Silva
FreeTDM PRI Passive Recording
FreeTDM PRI Passive Recording
Moises Silva
Asterisk PRI Passive Call Recording
Asterisk PRI Passive Call Recording
Moises Silva
OpenR2 in Asterisk
OpenR2 in Asterisk
Moises Silva
Mehr von Moises Silva
(11)
Interfaces de Scripting para librerias en C
Interfaces de Scripting para librerias en C
Vulnerabilidades en Aplicaciones Web PHP
Vulnerabilidades en Aplicaciones Web PHP
Manejo de Medios en FreeSWITCH
Manejo de Medios en FreeSWITCH
Implementation Lessons using WebRTC in Asterisk
Implementation Lessons using WebRTC in Asterisk
FreeSWITCH Modules for Asterisk Developers
FreeSWITCH Modules for Asterisk Developers
FreeSWITCH: Asterisk con Esteroides
FreeSWITCH: Asterisk con Esteroides
Negociacion de Codecs en Asterisk
Negociacion de Codecs en Asterisk
Sangoma en el Ecosistema Open Source
Sangoma en el Ecosistema Open Source
FreeTDM PRI Passive Recording
FreeTDM PRI Passive Recording
Asterisk PRI Passive Call Recording
Asterisk PRI Passive Call Recording
OpenR2 in Asterisk
OpenR2 in Asterisk
Kürzlich hochgeladen
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Antenna Manufacturer Coco
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
Evaluating the top large language models.pdf
Evaluating the top large language models.pdf
ChristopherTHyatt
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
Kürzlich hochgeladen
(20)
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Evaluating the top large language models.pdf
Evaluating the top large language models.pdf
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
FreeSWITCH as a Kickass SBC
1.
FreeSWITCH as a
Kickass SBC Moises Silva <moy@sangoma.com> Manager, Software Engineering
2.
FreeSWITCH as a
Kickass SBC Moises Silva <moy@sangoma.com> Manager, Software Engineering Moises Silva <moy@sangoma.com> Manager, Software Engineering
3.
SBC: The Mythical
Beast • No precise technical definition • Not standardized anywhere • B2BUA or Proxy? • Handles signaling or media? • More of a marketing term than technical? © Sangoma Technologies Inc. 8/11/2012 3
4.
SBC: The Mythical
Beast © Sangoma Technologies Inc. 8/11/2012 4
5.
SBC: The Mythical
Beast Enterprise Network Internet PSTN IP-PBX SBC SIP trunk Telco Intranet ITSP Internal Firewall External Firewall DMZ SIP-Endpoints © Sangoma Technologies Inc. 8/11/2012 5
6.
SBC: The Mythical
Beast • Carrier SBC sits at the edge of service provider networks • Enterprise SBC sits at the edge between customer and service provider © Sangoma Technologies Inc. 8/11/2012 6
7.
SBC: Definition • Recently
loosely described by RFC 5853 © Sangoma Technologies Inc. 8/11/2012 7
8.
SBC: Definition •
Topology Hiding • Media Traffic Management • Fix capability mismatches • SIP NAT • Access Control • Protocol Repair • Media Encryption • Threat protection (ie: DoS, Malformed packets) © Sangoma Technologies Inc. 8/11/2012 8
9.
Topology Hiding • Hide
the service provider or enterprise network implementation details • Use of RFC 3323 (privacy) not enough • B2BUA required in most cases © Sangoma Technologies Inc. 8/11/2012 9
10.
Topology Hiding • INVITE
before topology hiding © Sangoma Technologies Inc. 8/11/2012 10
11.
Topology Hiding • INVITE
after topology hiding © Sangoma Technologies Inc. 8/11/2012 11
12.
Topology Hiding in
FreeSWITCH • FreeSWITCH is a B2BUA • Header manipulation using SIP dialplan variables • Do not enable SDP pass-thru (bypass_media=true) © Sangoma Technologies Inc. 8/11/2012 12
13.
Topology Hiding Cons •
It is a B2BUA! • Breaks end to end security mechanisms such as RFC 4474 • Obviously no difference from a MITM attack © Sangoma Technologies Inc. 8/11/2012 13
14.
Media Traffic Management •
SBC may modify SDP to stay in media path • Operators enforce the use of certain codecs • Single point for audition (ie Lawful Interception) © Sangoma Technologies Inc. 8/11/2012 14
15.
Media Traffic Management •
SDP before media management © Sangoma Technologies Inc. 8/11/2012 15
16.
Media Traffic Management •
SDP after media management • Session attribute removed enforcing a policy © Sangoma Technologies Inc. 8/11/2012 16
17.
Media Traffic Management •
Allows operators to use different billing model according to the media type (Voice, Video, Text) • Fix „lost‟ or „ignored‟ BYE issue • QoS based routing © Sangoma Technologies Inc. 8/11/2012 17
18.
Media Traffic Management
in FreeSWITCH • Flexible codec configuration in SIP profiles or dialplan • Media timeout via SIP profile configuration or channel variable “rtp_timeout_sec” • Flexible SDP manipulation thru variables © Sangoma Technologies Inc. 8/11/2012 18
19.
Media Traffic Management
in FreeSWITCH • Set codec preferences • SDP manipulation © Sangoma Technologies Inc. 8/11/2012 19
20.
Media Traffic Management
in FreeSWITCH • Use record_session for local recordings • Use oreka_record to send media to recording server (pending merge on official git repo) – git@github.com:moises-silva/freeswitch.git © Sangoma Technologies Inc. 8/11/2012 20
21.
Media Traffic Management
in FreeSWITCH G.722 G.729 SIP UA FreeSWITCH SIP UA G.711 Oreka Recording Server (orkaudio) © Sangoma Technologies Inc. 8/11/2012 21
22.
Media Traffic Management
Cons • Increase length of media path • SBC must be aware of all types of media, slowing adoption of new media features © Sangoma Technologies Inc. 8/11/2012 22
23.
Fix Capability Mismatches •
Allow interconnection of user agents with different capabilities (ie: codecs) • IPv4 to IPv6 internetworking • SIP over UDP to TCP etc © Sangoma Technologies Inc. 8/11/2012 23
24.
Fix Capability Mismatches
in FreeSWITCH • Virtually every codec in the industry • HD voice codecs such as G.722 and Siren 7 • Hardware transcoding available © Sangoma Technologies Inc. 8/11/2012 24
25.
Fix Capability Mismatches
in FreeSWITCH • SIP over UDP/TCP/TLS • IPv4 and IPv6 support © Sangoma Technologies Inc. 8/11/2012 25
26.
Fix Capability Mismatches
G.729 / G.711 / TLS / UDP / IPv6 IPv4 SIP UA FreeSWITCH PRI GW © Sangoma Technologies Inc. 8/11/2012 26
27.
SIP NAT • Detect
when a UA is behind NAT • Help maintain NAT bindings alive • Provides a publicly reachable IP address © Sangoma Technologies Inc. 8/11/2012 27
28.
SIP NAT in
FreeSWITCH • Automatic RTP adjustment when media comes from different address than advertised on SDP • Aggressive NAT detection • STUN and ICE support © Sangoma Technologies Inc. 8/11/2012 28
29.
Access Control • It‟s
all about control, yes, sys admins are control freaks • The network edge of the operator or enterprise is a convenient place to enforce policies • All SIP and RTP traffic to/from a single point (the SBC) © Sangoma Technologies Inc. 8/11/2012 29
30.
Access Control in
FreeSWITCH • Flexible ACL configuration available • mod_limit for call rate and general resource limiting per IP or „realm‟ • Distributed limits across servers © Sangoma Technologies Inc. 8/11/2012 30
31.
Protocol Repair • The
world isn‟t perfect, broken devices are everywhere • Not feasible to throw all broken equipment to the garbage (that‟d be too easy wouldn‟t it?) © Sangoma Technologies Inc. 8/11/2012 31
32.
Protocol Repair in
FreeSWITCH • Allows matching and fixing of SIP header values • Allows modifying SDP contents • Not always possible, SIP stack may discard messages if deemed malformed (ie FUBAR) © Sangoma Technologies Inc. 8/11/2012 32
33.
Media Encryption • Desirable
to perform encryption on public network • Internal network may need un-encrypted media (ie, lawful interception, endpoints without SRTP support) © Sangoma Technologies Inc. 8/11/2012 33
34.
Media Encryption in
FreeSWITCH • TLS / SRTP support • ZRTP / SRTP support © Sangoma Technologies Inc. 8/11/2012 34
35.
Threat Protection • DoS •
Malformed and/or malicious packets • SIP REGISTER scans (ie: sipvicious) • SIP INVITE scans © Sangoma Technologies Inc. 8/11/2012 35
36.
Threat Protection for
FreeSWITCH • DoS limitation using iptableshashlimit (Kristian‟s famous script) • iptableshashlimit does not work on TLS obviously • iptableshashlimit does not help with malformed packets © Sangoma Technologies Inc. 8/11/2012 36
37.
Threat Protection for
FreeSWITCH • Fail2ban for registration scans • Depends on log line format, good enough? • mod_fail2ban makes things easier (by kyconquers on github) © Sangoma Technologies Inc. 8/11/2012 37
38.
Threat Protection • Use
SIP ACLs • Even trusted networks can become compromised • IP spoofing on UDP traffic makes things complicated © Sangoma Technologies Inc. 8/11/2012 38
39.
Sofia Limits • Extension
to mod_sofia to specify SIP message limits, per host optionally (no ACL yet ) • Uses mod_hash (or any limit interface) to keep track of messages • Launch ESL event when limit is exceeded • Malformed packets are accounted for as well © Sangoma Technologies Inc. 8/11/2012 39
40.
Sofia Limits
© Sangoma Technologies Inc. 8/11/2012 40
41.
Conclusion • Yes, SBCs
get in the way, and that‟s a useful and desirable feature in some businesses • FreeSWITCH core foundations go a long way in implementing most common SBC features © Sangoma Technologies Inc. 8/11/2012 41
42.
THANK YOU. © Sangoma
Technologies Inc. 8/11/2012 42
Jetzt herunterladen