SlideShare ist ein Scribd-Unternehmen logo

FreeSWITCH as a Kickass SBC

Als PPTX, PDF herunterladen
Moises Silva
Moises Silva

How to use FreeSWITCH as an SBC

Technologie
1 von 42
FreeSWITCH as a Kickass SBC Moises Silva <moy@sangoma.com> Manager, Software Engineering
FreeSWITCH as a Kickass SBC Moises Silva <moy@sangoma.com> Manager, Software Engineering Moises Silva <moy@sangoma.com> Manager, Software Engineering
SBC: The Mythical Beast • No precise technical definition • Not standardized anywhere • B2BUA or Proxy? • Handles signaling or media? • More of a marketing term than technical? © Sangoma Technologies Inc. 8/11/2012 3
SBC: The Mythical Beast © Sangoma Technologies Inc. 8/11/2012 4
SBC: The Mythical Beast Enterprise Network Internet PSTN IP-PBX SBC SIP trunk Telco Intranet ITSP Internal Firewall External Firewall DMZ SIP-Endpoints © Sangoma Technologies Inc. 8/11/2012 5
SBC: The Mythical Beast • Carrier SBC sits at the edge of service provider networks • Enterprise SBC sits at the edge between customer and service provider © Sangoma Technologies Inc. 8/11/2012 6
SBC: Definition • Recently loosely described by RFC 5853 © Sangoma Technologies Inc. 8/11/2012 7
SBC: Definition • Topology Hiding • Media Traffic Management • Fix capability mismatches • SIP NAT • Access Control • Protocol Repair • Media Encryption • Threat protection (ie: DoS, Malformed packets) © Sangoma Technologies Inc. 8/11/2012 8
Topology Hiding • Hide the service provider or enterprise network implementation details • Use of RFC 3323 (privacy) not enough • B2BUA required in most cases © Sangoma Technologies Inc. 8/11/2012 9
Topology Hiding • INVITE before topology hiding © Sangoma Technologies Inc. 8/11/2012 10
Topology Hiding • INVITE after topology hiding © Sangoma Technologies Inc. 8/11/2012 11
Topology Hiding in FreeSWITCH • FreeSWITCH is a B2BUA • Header manipulation using SIP dialplan variables • Do not enable SDP pass-thru (bypass_media=true) © Sangoma Technologies Inc. 8/11/2012 12
Topology Hiding Cons • It is a B2BUA! • Breaks end to end security mechanisms such as RFC 4474 • Obviously no difference from a MITM attack © Sangoma Technologies Inc. 8/11/2012 13
Media Traffic Management • SBC may modify SDP to stay in media path • Operators enforce the use of certain codecs • Single point for audition (ie Lawful Interception) © Sangoma Technologies Inc. 8/11/2012 14
Media Traffic Management • SDP before media management © Sangoma Technologies Inc. 8/11/2012 15
Media Traffic Management • SDP after media management • Session attribute removed enforcing a policy © Sangoma Technologies Inc. 8/11/2012 16
Media Traffic Management • Allows operators to use different billing model according to the media type (Voice, Video, Text) • Fix „lost‟ or „ignored‟ BYE issue • QoS based routing © Sangoma Technologies Inc. 8/11/2012 17
Media Traffic Management in FreeSWITCH • Flexible codec configuration in SIP profiles or dialplan • Media timeout via SIP profile configuration or channel variable “rtp_timeout_sec” • Flexible SDP manipulation thru variables © Sangoma Technologies Inc. 8/11/2012 18
Media Traffic Management in FreeSWITCH • Set codec preferences • SDP manipulation © Sangoma Technologies Inc. 8/11/2012 19
Media Traffic Management in FreeSWITCH • Use record_session for local recordings • Use oreka_record to send media to recording server (pending merge on official git repo) – git@github.com:moises-silva/freeswitch.git © Sangoma Technologies Inc. 8/11/2012 20
Media Traffic Management in FreeSWITCH G.722 G.729 SIP UA FreeSWITCH SIP UA G.711 Oreka Recording Server (orkaudio) © Sangoma Technologies Inc. 8/11/2012 21
Media Traffic Management Cons • Increase length of media path • SBC must be aware of all types of media, slowing adoption of new media features © Sangoma Technologies Inc. 8/11/2012 22
Fix Capability Mismatches • Allow interconnection of user agents with different capabilities (ie: codecs) • IPv4 to IPv6 internetworking • SIP over UDP to TCP etc © Sangoma Technologies Inc. 8/11/2012 23
Fix Capability Mismatches in FreeSWITCH • Virtually every codec in the industry • HD voice codecs such as G.722 and Siren 7 • Hardware transcoding available © Sangoma Technologies Inc. 8/11/2012 24
Fix Capability Mismatches in FreeSWITCH • SIP over UDP/TCP/TLS • IPv4 and IPv6 support © Sangoma Technologies Inc. 8/11/2012 25
Fix Capability Mismatches G.729 / G.711 / TLS / UDP / IPv6 IPv4 SIP UA FreeSWITCH PRI GW © Sangoma Technologies Inc. 8/11/2012 26
SIP NAT • Detect when a UA is behind NAT • Help maintain NAT bindings alive • Provides a publicly reachable IP address © Sangoma Technologies Inc. 8/11/2012 27
SIP NAT in FreeSWITCH • Automatic RTP adjustment when media comes from different address than advertised on SDP • Aggressive NAT detection • STUN and ICE support © Sangoma Technologies Inc. 8/11/2012 28
Access Control • It‟s all about control, yes, sys admins are control freaks • The network edge of the operator or enterprise is a convenient place to enforce policies • All SIP and RTP traffic to/from a single point (the SBC) © Sangoma Technologies Inc. 8/11/2012 29
Access Control in FreeSWITCH • Flexible ACL configuration available • mod_limit for call rate and general resource limiting per IP or „realm‟ • Distributed limits across servers © Sangoma Technologies Inc. 8/11/2012 30
Protocol Repair • The world isn‟t perfect, broken devices are everywhere • Not feasible to throw all broken equipment to the garbage (that‟d be too easy wouldn‟t it?) © Sangoma Technologies Inc. 8/11/2012 31
Protocol Repair in FreeSWITCH • Allows matching and fixing of SIP header values • Allows modifying SDP contents • Not always possible, SIP stack may discard messages if deemed malformed (ie FUBAR) © Sangoma Technologies Inc. 8/11/2012 32
Media Encryption • Desirable to perform encryption on public network • Internal network may need un-encrypted media (ie, lawful interception, endpoints without SRTP support) © Sangoma Technologies Inc. 8/11/2012 33
Media Encryption in FreeSWITCH • TLS / SRTP support • ZRTP / SRTP support © Sangoma Technologies Inc. 8/11/2012 34
Threat Protection • DoS • Malformed and/or malicious packets • SIP REGISTER scans (ie: sipvicious) • SIP INVITE scans © Sangoma Technologies Inc. 8/11/2012 35
Threat Protection for FreeSWITCH • DoS limitation using iptableshashlimit (Kristian‟s famous script) • iptableshashlimit does not work on TLS obviously • iptableshashlimit does not help with malformed packets © Sangoma Technologies Inc. 8/11/2012 36
Threat Protection for FreeSWITCH • Fail2ban for registration scans • Depends on log line format, good enough? • mod_fail2ban makes things easier (by kyconquers on github) © Sangoma Technologies Inc. 8/11/2012 37
Threat Protection • Use SIP ACLs • Even trusted networks can become compromised • IP spoofing on UDP traffic makes things complicated © Sangoma Technologies Inc. 8/11/2012 38
Sofia Limits • Extension to mod_sofia to specify SIP message limits, per host optionally (no ACL yet ) • Uses mod_hash (or any limit interface) to keep track of messages • Launch ESL event when limit is exceeded • Malformed packets are accounted for as well © Sangoma Technologies Inc. 8/11/2012 39
Sofia Limits © Sangoma Technologies Inc. 8/11/2012 40
Conclusion • Yes, SBCs get in the way, and that‟s a useful and desirable feature in some businesses • FreeSWITCH core foundations go a long way in implementing most common SBC features © Sangoma Technologies Inc. 8/11/2012 41
THANK YOU. © Sangoma Technologies Inc. 8/11/2012 42

Empfohlen

SIP Testing with FreeSWITCH
SIP Testing with FreeSWITCHSIP Testing with FreeSWITCH
SIP Testing with FreeSWITCHMoises Silva
 
Media Handling in FreeSWITCH
Media Handling in FreeSWITCHMedia Handling in FreeSWITCH
Media Handling in FreeSWITCHMoises Silva
 
FreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceEvan McGee
 
Scaling FreeSWITCH Performance
Scaling FreeSWITCH PerformanceScaling FreeSWITCH Performance
Scaling FreeSWITCH PerformanceMoises Silva
 
Kamailio :: A Quick Introduction
Kamailio :: A Quick IntroductionKamailio :: A Quick Introduction
Kamailio :: A Quick IntroductionOlle E Johansson
 
Kamailio - Secure Communication
Kamailio - Secure CommunicationKamailio - Secure Communication
Kamailio - Secure CommunicationDaniel-Constantin Mierla
 
Introduction to FreeSWITCH
Introduction to FreeSWITCHIntroduction to FreeSWITCH
Introduction to FreeSWITCHChien Cheng Wu
 
rtpengine and kamailio - or how to simulate calls at scale
rtpengine and kamailio - or how to simulate calls at scalertpengine and kamailio - or how to simulate calls at scale
rtpengine and kamailio - or how to simulate calls at scaleAndreas Granig
 

Empfohlen

SIP Testing with FreeSWITCH
SIP Testing with FreeSWITCHSIP Testing with FreeSWITCH
SIP Testing with FreeSWITCHMoises Silva
 
Media Handling in FreeSWITCH
Media Handling in FreeSWITCHMedia Handling in FreeSWITCH
Media Handling in FreeSWITCHMoises Silva
 
FreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceEvan McGee
 
Scaling FreeSWITCH Performance
Scaling FreeSWITCH PerformanceScaling FreeSWITCH Performance
Scaling FreeSWITCH PerformanceMoises Silva
 
Kamailio :: A Quick Introduction
Kamailio :: A Quick IntroductionKamailio :: A Quick Introduction
Kamailio :: A Quick IntroductionOlle E Johansson
 
Kamailio - Secure Communication
Kamailio - Secure CommunicationKamailio - Secure Communication
Kamailio - Secure CommunicationDaniel-Constantin Mierla
 
Introduction to FreeSWITCH
Introduction to FreeSWITCHIntroduction to FreeSWITCH
Introduction to FreeSWITCHChien Cheng Wu
 
rtpengine and kamailio - or how to simulate calls at scale
rtpengine and kamailio - or how to simulate calls at scalertpengine and kamailio - or how to simulate calls at scale
rtpengine and kamailio - or how to simulate calls at scaleAndreas Granig
 
Kamailio, FreeSWITCH, and You
Kamailio, FreeSWITCH, and YouKamailio, FreeSWITCH, and You
Kamailio, FreeSWITCH, and YouFred Posner
 
SIP - The Basics
SIP - The BasicsSIP - The Basics
SIP - The BasicsJonas Borjesson
 
SIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldSIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldOlle E Johansson
 
Kamailio - Load Balancing Load Balancers
Kamailio - Load Balancing Load BalancersKamailio - Load Balancing Load Balancers
Kamailio - Load Balancing Load BalancersDaniel-Constantin Mierla
 
Kamailio on Docker
Kamailio on DockerKamailio on Docker
Kamailio on DockerChien Cheng Wu
 
Homer - Workshop at Kamailio World 2017
Homer - Workshop at Kamailio World 2017Homer - Workshop at Kamailio World 2017
Homer - Workshop at Kamailio World 2017Giacomo Vacca
 
Scaling Asterisk with Kamailio
Scaling Asterisk with KamailioScaling Asterisk with Kamailio
Scaling Asterisk with KamailioFred Posner
 
SIP Attack Handling (Kamailio World 2021)
SIP Attack Handling (Kamailio World 2021)SIP Attack Handling (Kamailio World 2021)
SIP Attack Handling (Kamailio World 2021)Fred Posner
 
Introduction into SIP protocol
Introduction into SIP protocolIntroduction into SIP protocol
Introduction into SIP protocolMichal Hrncirik
 
Kamailio - API Based SIP Routing
Kamailio - API Based SIP RoutingKamailio - API Based SIP Routing
Kamailio - API Based SIP RoutingDaniel-Constantin Mierla
 
Kamailio with Docker and Kubernetes
Kamailio with Docker and KubernetesKamailio with Docker and Kubernetes
Kamailio with Docker and KubernetesPaolo Visintin
 
FreeSWITCH Monitoring
FreeSWITCH MonitoringFreeSWITCH Monitoring
FreeSWITCH MonitoringMoises Silva
 
Expanding Asterisk with Kamailio
Expanding Asterisk with KamailioExpanding Asterisk with Kamailio
Expanding Asterisk with KamailioFred Posner
 
Sipwise rtpengine
Sipwise rtpengineSipwise rtpengine
Sipwise rtpengineAndreas Granig
 
Session Initiation Protocol
Session Initiation ProtocolSession Initiation Protocol
Session Initiation ProtocolMatt Bynum
 
Avaya VoIP on Cisco Best Practices by PacketBase
Avaya VoIP on Cisco Best Practices by PacketBaseAvaya VoIP on Cisco Best Practices by PacketBase
Avaya VoIP on Cisco Best Practices by PacketBasePacketBase, Inc.
 
FreeSWITCH on Docker
FreeSWITCH on DockerFreeSWITCH on Docker
FreeSWITCH on Docker建澄 吳
 
SIP - Introduction to SIP Protocol
SIP - Introduction to SIP ProtocolSIP - Introduction to SIP Protocol
SIP - Introduction to SIP ProtocolLivePerson
 
rtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and Beyondrtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and BeyondAndreas Granig
 
An SFU/MCU integration for heterogeneous environments
An SFU/MCU integration for heterogeneous environmentsAn SFU/MCU integration for heterogeneous environments
An SFU/MCU integration for heterogeneous environmentsGiacomo Vacca
 
Mellanox's Technological Advantage
Mellanox's Technological AdvantageMellanox's Technological Advantage
Mellanox's Technological AdvantageMellanox Technologies
 
Sangoma SS7 Gateway Training
Sangoma SS7 Gateway TrainingSangoma SS7 Gateway Training
Sangoma SS7 Gateway TrainingEmpatiq İletişim Teknolojileri AŞ.
 

Weitere ähnliche Inhalte

Was ist angesagt?

Kamailio, FreeSWITCH, and You
Kamailio, FreeSWITCH, and YouKamailio, FreeSWITCH, and You
Kamailio, FreeSWITCH, and YouFred Posner
 
SIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldSIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldOlle E Johansson
 
Homer - Workshop at Kamailio World 2017
Homer - Workshop at Kamailio World 2017Homer - Workshop at Kamailio World 2017
Homer - Workshop at Kamailio World 2017Giacomo Vacca
 
Scaling Asterisk with Kamailio
Scaling Asterisk with KamailioScaling Asterisk with Kamailio
Scaling Asterisk with KamailioFred Posner
 
SIP Attack Handling (Kamailio World 2021)
SIP Attack Handling (Kamailio World 2021)SIP Attack Handling (Kamailio World 2021)
SIP Attack Handling (Kamailio World 2021)Fred Posner
 
Introduction into SIP protocol
Introduction into SIP protocolIntroduction into SIP protocol
Introduction into SIP protocolMichal Hrncirik
 
Kamailio with Docker and Kubernetes
Kamailio with Docker and KubernetesKamailio with Docker and Kubernetes
Kamailio with Docker and KubernetesPaolo Visintin
 
FreeSWITCH Monitoring
FreeSWITCH MonitoringFreeSWITCH Monitoring
FreeSWITCH MonitoringMoises Silva
 
Expanding Asterisk with Kamailio
Expanding Asterisk with KamailioExpanding Asterisk with Kamailio
Expanding Asterisk with KamailioFred Posner
 
Session Initiation Protocol
Session Initiation ProtocolSession Initiation Protocol
Session Initiation ProtocolMatt Bynum
 
Avaya VoIP on Cisco Best Practices by PacketBase
Avaya VoIP on Cisco Best Practices by PacketBaseAvaya VoIP on Cisco Best Practices by PacketBase
Avaya VoIP on Cisco Best Practices by PacketBasePacketBase, Inc.
 
FreeSWITCH on Docker
FreeSWITCH on DockerFreeSWITCH on Docker
FreeSWITCH on Docker建澄 吳
 
SIP - Introduction to SIP Protocol
SIP - Introduction to SIP ProtocolSIP - Introduction to SIP Protocol
SIP - Introduction to SIP ProtocolLivePerson
 
rtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and Beyondrtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and BeyondAndreas Granig
 
An SFU/MCU integration for heterogeneous environments
An SFU/MCU integration for heterogeneous environmentsAn SFU/MCU integration for heterogeneous environments
An SFU/MCU integration for heterogeneous environmentsGiacomo Vacca
 

Was ist angesagt? (20)

Kamailio, FreeSWITCH, and You
Kamailio, FreeSWITCH, and YouKamailio, FreeSWITCH, and You
Kamailio, FreeSWITCH, and You
 
SIP - The Basics
SIP - The BasicsSIP - The Basics
SIP - The Basics
 
SIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldSIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer world
 
Kamailio - Load Balancing Load Balancers
Kamailio - Load Balancing Load BalancersKamailio - Load Balancing Load Balancers
Kamailio - Load Balancing Load Balancers
 
Kamailio on Docker
Kamailio on DockerKamailio on Docker
Kamailio on Docker
 
Homer - Workshop at Kamailio World 2017
Homer - Workshop at Kamailio World 2017Homer - Workshop at Kamailio World 2017
Homer - Workshop at Kamailio World 2017
 
Scaling Asterisk with Kamailio
Scaling Asterisk with KamailioScaling Asterisk with Kamailio
Scaling Asterisk with Kamailio
 
SIP Attack Handling (Kamailio World 2021)
SIP Attack Handling (Kamailio World 2021)SIP Attack Handling (Kamailio World 2021)
SIP Attack Handling (Kamailio World 2021)
 
Introduction into SIP protocol
Introduction into SIP protocolIntroduction into SIP protocol
Introduction into SIP protocol
 
Kamailio - API Based SIP Routing
Kamailio - API Based SIP RoutingKamailio - API Based SIP Routing
Kamailio - API Based SIP Routing
 
Kamailio with Docker and Kubernetes
Kamailio with Docker and KubernetesKamailio with Docker and Kubernetes
Kamailio with Docker and Kubernetes
 
FreeSWITCH Monitoring
FreeSWITCH MonitoringFreeSWITCH Monitoring
FreeSWITCH Monitoring
 
Expanding Asterisk with Kamailio
Expanding Asterisk with KamailioExpanding Asterisk with Kamailio
Expanding Asterisk with Kamailio
 
Sipwise rtpengine
Sipwise rtpengineSipwise rtpengine
Sipwise rtpengine
 
Session Initiation Protocol
Session Initiation ProtocolSession Initiation Protocol
Session Initiation Protocol
 
Avaya VoIP on Cisco Best Practices by PacketBase
Avaya VoIP on Cisco Best Practices by PacketBaseAvaya VoIP on Cisco Best Practices by PacketBase
Avaya VoIP on Cisco Best Practices by PacketBase
 
FreeSWITCH on Docker
FreeSWITCH on DockerFreeSWITCH on Docker
FreeSWITCH on Docker
 
SIP - Introduction to SIP Protocol
SIP - Introduction to SIP ProtocolSIP - Introduction to SIP Protocol
SIP - Introduction to SIP Protocol
 
rtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and Beyondrtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and Beyond
 
An SFU/MCU integration for heterogeneous environments
An SFU/MCU integration for heterogeneous environmentsAn SFU/MCU integration for heterogeneous environments
An SFU/MCU integration for heterogeneous environments
 

Ähnlich wie FreeSWITCH as a Kickass SBC

DESIGN OF BARE METAL FABRICS - Built with SDN, Bare Metal Switches, and Merch...
DESIGN OF BARE METAL FABRICS - Built with SDN, Bare Metal Switches, and Merch...DESIGN OF BARE METAL FABRICS - Built with SDN, Bare Metal Switches, and Merch...
DESIGN OF BARE METAL FABRICS - Built with SDN, Bare Metal Switches, and Merch...Open Networking Summits
 
Día Neocenter | Sangoma Portfolio Product Update
Día Neocenter | Sangoma Portfolio Product UpdateDía Neocenter | Sangoma Portfolio Product Update
Día Neocenter | Sangoma Portfolio Product UpdateNeocenter SA de CV
 
QoS for Media Networks
QoS for Media NetworksQoS for Media Networks
QoS for Media NetworksAmine Choukir
 
ProSBC a Deep Dive
ProSBC a Deep DiveProSBC a Deep Dive
ProSBC a Deep DiveAlan Percy
 
UC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdf
UC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdfUC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdf
UC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdfWlamir Molinari
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
 
Cisco vnp workshop 16-17 april v1-0
Cisco vnp workshop 16-17 april v1-0Cisco vnp workshop 16-17 april v1-0
Cisco vnp workshop 16-17 april v1-0liemgpc2
 
An hour with WebRTC FIC UDC
An hour with WebRTC FIC UDCAn hour with WebRTC FIC UDC
An hour with WebRTC FIC UDCQuobis
 
MX Deep Dive PPT
MX Deep Dive PPTMX Deep Dive PPT
MX Deep Dive PPTomar awad
 
SIP2SIP - Direcciones SIP gratuitas para las masas
SIP2SIP - Direcciones SIP gratuitas para las masasSIP2SIP - Direcciones SIP gratuitas para las masas
SIP2SIP - Direcciones SIP gratuitas para las masasPaloSanto Solutions
 
The Role Of SIP In Smart Grid Networks
The Role Of SIP In Smart Grid NetworksThe Role Of SIP In Smart Grid Networks
The Role Of SIP In Smart Grid Networksbleslie
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
How Cisco Provides World-Class Technology Conference Experiences Using Automa...
How Cisco Provides World-Class Technology Conference Experiences Using Automa...How Cisco Provides World-Class Technology Conference Experiences Using Automa...
How Cisco Provides World-Class Technology Conference Experiences Using Automa...InfluxData
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 

Ähnlich wie FreeSWITCH as a Kickass SBC (20)

Mellanox's Technological Advantage
Mellanox's Technological AdvantageMellanox's Technological Advantage
Mellanox's Technological Advantage
 
Sangoma SS7 Gateway Training
Sangoma SS7 Gateway TrainingSangoma SS7 Gateway Training
Sangoma SS7 Gateway Training
 
Sangoma SBC Training Presentation
Sangoma SBC Training PresentationSangoma SBC Training Presentation
Sangoma SBC Training Presentation
 
DESIGN OF BARE METAL FABRICS - Built with SDN, Bare Metal Switches, and Merch...
DESIGN OF BARE METAL FABRICS - Built with SDN, Bare Metal Switches, and Merch...DESIGN OF BARE METAL FABRICS - Built with SDN, Bare Metal Switches, and Merch...
DESIGN OF BARE METAL FABRICS - Built with SDN, Bare Metal Switches, and Merch...
 
Día Neocenter | Sangoma Portfolio Product Update
Día Neocenter | Sangoma Portfolio Product UpdateDía Neocenter | Sangoma Portfolio Product Update
Día Neocenter | Sangoma Portfolio Product Update
 
QoS for Media Networks
QoS for Media NetworksQoS for Media Networks
QoS for Media Networks
 
ProSBC a Deep Dive
ProSBC a Deep DiveProSBC a Deep Dive
ProSBC a Deep Dive
 
UC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdf
UC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdfUC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdf
UC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdf
 
ProSBC a Deep Dive
ProSBC a Deep DiveProSBC a Deep Dive
ProSBC a Deep Dive
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl
 
Cisco vnp workshop 16-17 april v1-0
Cisco vnp workshop 16-17 april v1-0Cisco vnp workshop 16-17 april v1-0
Cisco vnp workshop 16-17 april v1-0
 
An hour with WebRTC FIC UDC
An hour with WebRTC FIC UDCAn hour with WebRTC FIC UDC
An hour with WebRTC FIC UDC
 
MX Deep Dive PPT
MX Deep Dive PPTMX Deep Dive PPT
MX Deep Dive PPT
 
SIP2SIP - Direcciones SIP gratuitas para las masas
SIP2SIP - Direcciones SIP gratuitas para las masasSIP2SIP - Direcciones SIP gratuitas para las masas
SIP2SIP - Direcciones SIP gratuitas para las masas
 
Vo ip overview
Vo ip overviewVo ip overview
Vo ip overview
 
The Role Of SIP In Smart Grid Networks
The Role Of SIP In Smart Grid NetworksThe Role Of SIP In Smart Grid Networks
The Role Of SIP In Smart Grid Networks
 
Kamailio World 2013 - SIP and MSRP over WebSocket
Kamailio World 2013 - SIP and MSRP over WebSocketKamailio World 2013 - SIP and MSRP over WebSocket
Kamailio World 2013 - SIP and MSRP over WebSocket
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
How Cisco Provides World-Class Technology Conference Experiences Using Automa...
How Cisco Provides World-Class Technology Conference Experiences Using Automa...How Cisco Provides World-Class Technology Conference Experiences Using Automa...
How Cisco Provides World-Class Technology Conference Experiences Using Automa...
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 

Mehr von Moises Silva

Interfaces de Scripting para librerias en C
Interfaces de Scripting para librerias en CInterfaces de Scripting para librerias en C
Interfaces de Scripting para librerias en CMoises Silva
 
Vulnerabilidades en Aplicaciones Web PHP
Vulnerabilidades en Aplicaciones Web PHPVulnerabilidades en Aplicaciones Web PHP
Vulnerabilidades en Aplicaciones Web PHPMoises Silva
 
Manejo de Medios en FreeSWITCH
Manejo de Medios en FreeSWITCHManejo de Medios en FreeSWITCH
Manejo de Medios en FreeSWITCHMoises Silva
 
Implementation Lessons using WebRTC in Asterisk
Implementation Lessons using WebRTC in AsteriskImplementation Lessons using WebRTC in Asterisk
Implementation Lessons using WebRTC in AsteriskMoises Silva
 
FreeSWITCH Modules for Asterisk Developers
FreeSWITCH Modules for Asterisk DevelopersFreeSWITCH Modules for Asterisk Developers
FreeSWITCH Modules for Asterisk DevelopersMoises Silva
 
FreeSWITCH: Asterisk con Esteroides
FreeSWITCH: Asterisk con EsteroidesFreeSWITCH: Asterisk con Esteroides
FreeSWITCH: Asterisk con EsteroidesMoises Silva
 
Negociacion de Codecs en Asterisk
Negociacion de Codecs en AsteriskNegociacion de Codecs en Asterisk
Negociacion de Codecs en AsteriskMoises Silva
 
Sangoma en el Ecosistema Open Source
Sangoma en el Ecosistema Open SourceSangoma en el Ecosistema Open Source
Sangoma en el Ecosistema Open SourceMoises Silva
 
FreeTDM PRI Passive Recording
FreeTDM PRI Passive RecordingFreeTDM PRI Passive Recording
FreeTDM PRI Passive RecordingMoises Silva
 
Asterisk PRI Passive Call Recording
Asterisk PRI Passive Call RecordingAsterisk PRI Passive Call Recording
Asterisk PRI Passive Call RecordingMoises Silva
 
OpenR2 in Asterisk
OpenR2 in AsteriskOpenR2 in Asterisk
OpenR2 in AsteriskMoises Silva
 

Mehr von Moises Silva (11)

Interfaces de Scripting para librerias en C
Interfaces de Scripting para librerias en CInterfaces de Scripting para librerias en C
Interfaces de Scripting para librerias en C
 
Vulnerabilidades en Aplicaciones Web PHP
Vulnerabilidades en Aplicaciones Web PHPVulnerabilidades en Aplicaciones Web PHP
Vulnerabilidades en Aplicaciones Web PHP
 
Manejo de Medios en FreeSWITCH
Manejo de Medios en FreeSWITCHManejo de Medios en FreeSWITCH
Manejo de Medios en FreeSWITCH
 
Implementation Lessons using WebRTC in Asterisk
Implementation Lessons using WebRTC in AsteriskImplementation Lessons using WebRTC in Asterisk
Implementation Lessons using WebRTC in Asterisk
 
FreeSWITCH Modules for Asterisk Developers
FreeSWITCH Modules for Asterisk DevelopersFreeSWITCH Modules for Asterisk Developers
FreeSWITCH Modules for Asterisk Developers
 
FreeSWITCH: Asterisk con Esteroides
FreeSWITCH: Asterisk con EsteroidesFreeSWITCH: Asterisk con Esteroides
FreeSWITCH: Asterisk con Esteroides
 
Negociacion de Codecs en Asterisk
Negociacion de Codecs en AsteriskNegociacion de Codecs en Asterisk
Negociacion de Codecs en Asterisk
 
Sangoma en el Ecosistema Open Source
Sangoma en el Ecosistema Open SourceSangoma en el Ecosistema Open Source
Sangoma en el Ecosistema Open Source
 
FreeTDM PRI Passive Recording
FreeTDM PRI Passive RecordingFreeTDM PRI Passive Recording
FreeTDM PRI Passive Recording
 
Asterisk PRI Passive Call Recording
Asterisk PRI Passive Call RecordingAsterisk PRI Passive Call Recording
Asterisk PRI Passive Call Recording
 
OpenR2 in Asterisk
OpenR2 in AsteriskOpenR2 in Asterisk
OpenR2 in Asterisk
 

Kürzlich hochgeladen

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 

Kürzlich hochgeladen (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

FreeSWITCH as a Kickass SBC

  • 1. FreeSWITCH as a Kickass SBC Moises Silva <moy@sangoma.com> Manager, Software Engineering
  • 2. FreeSWITCH as a Kickass SBC Moises Silva <moy@sangoma.com> Manager, Software Engineering Moises Silva <moy@sangoma.com> Manager, Software Engineering
  • 3. SBC: The Mythical Beast • No precise technical definition • Not standardized anywhere • B2BUA or Proxy? • Handles signaling or media? • More of a marketing term than technical? © Sangoma Technologies Inc. 8/11/2012 3
  • 4. SBC: The Mythical Beast © Sangoma Technologies Inc. 8/11/2012 4
  • 5. SBC: The Mythical Beast Enterprise Network Internet PSTN IP-PBX SBC SIP trunk Telco Intranet ITSP Internal Firewall External Firewall DMZ SIP-Endpoints © Sangoma Technologies Inc. 8/11/2012 5
  • 6. SBC: The Mythical Beast • Carrier SBC sits at the edge of service provider networks • Enterprise SBC sits at the edge between customer and service provider © Sangoma Technologies Inc. 8/11/2012 6
  • 7. SBC: Definition • Recently loosely described by RFC 5853 © Sangoma Technologies Inc. 8/11/2012 7
  • 8. SBC: Definition • Topology Hiding • Media Traffic Management • Fix capability mismatches • SIP NAT • Access Control • Protocol Repair • Media Encryption • Threat protection (ie: DoS, Malformed packets) © Sangoma Technologies Inc. 8/11/2012 8
  • 9. Topology Hiding • Hide the service provider or enterprise network implementation details • Use of RFC 3323 (privacy) not enough • B2BUA required in most cases © Sangoma Technologies Inc. 8/11/2012 9
  • 10. Topology Hiding • INVITE before topology hiding © Sangoma Technologies Inc. 8/11/2012 10
  • 11. Topology Hiding • INVITE after topology hiding © Sangoma Technologies Inc. 8/11/2012 11
  • 12. Topology Hiding in FreeSWITCH • FreeSWITCH is a B2BUA • Header manipulation using SIP dialplan variables • Do not enable SDP pass-thru (bypass_media=true) © Sangoma Technologies Inc. 8/11/2012 12
  • 13. Topology Hiding Cons • It is a B2BUA! • Breaks end to end security mechanisms such as RFC 4474 • Obviously no difference from a MITM attack © Sangoma Technologies Inc. 8/11/2012 13
  • 14. Media Traffic Management • SBC may modify SDP to stay in media path • Operators enforce the use of certain codecs • Single point for audition (ie Lawful Interception) © Sangoma Technologies Inc. 8/11/2012 14
  • 15. Media Traffic Management • SDP before media management © Sangoma Technologies Inc. 8/11/2012 15
  • 16. Media Traffic Management • SDP after media management • Session attribute removed enforcing a policy © Sangoma Technologies Inc. 8/11/2012 16
  • 17. Media Traffic Management • Allows operators to use different billing model according to the media type (Voice, Video, Text) • Fix „lost‟ or „ignored‟ BYE issue • QoS based routing © Sangoma Technologies Inc. 8/11/2012 17
  • 18. Media Traffic Management in FreeSWITCH • Flexible codec configuration in SIP profiles or dialplan • Media timeout via SIP profile configuration or channel variable “rtp_timeout_sec” • Flexible SDP manipulation thru variables © Sangoma Technologies Inc. 8/11/2012 18
  • 19. Media Traffic Management in FreeSWITCH • Set codec preferences • SDP manipulation © Sangoma Technologies Inc. 8/11/2012 19
  • 20. Media Traffic Management in FreeSWITCH • Use record_session for local recordings • Use oreka_record to send media to recording server (pending merge on official git repo) – git@github.com:moises-silva/freeswitch.git © Sangoma Technologies Inc. 8/11/2012 20
  • 21. Media Traffic Management in FreeSWITCH G.722 G.729 SIP UA FreeSWITCH SIP UA G.711 Oreka Recording Server (orkaudio) © Sangoma Technologies Inc. 8/11/2012 21
  • 22. Media Traffic Management Cons • Increase length of media path • SBC must be aware of all types of media, slowing adoption of new media features © Sangoma Technologies Inc. 8/11/2012 22
  • 23. Fix Capability Mismatches • Allow interconnection of user agents with different capabilities (ie: codecs) • IPv4 to IPv6 internetworking • SIP over UDP to TCP etc © Sangoma Technologies Inc. 8/11/2012 23
  • 24. Fix Capability Mismatches in FreeSWITCH • Virtually every codec in the industry • HD voice codecs such as G.722 and Siren 7 • Hardware transcoding available © Sangoma Technologies Inc. 8/11/2012 24
  • 25. Fix Capability Mismatches in FreeSWITCH • SIP over UDP/TCP/TLS • IPv4 and IPv6 support © Sangoma Technologies Inc. 8/11/2012 25
  • 26. Fix Capability Mismatches G.729 / G.711 / TLS / UDP / IPv6 IPv4 SIP UA FreeSWITCH PRI GW © Sangoma Technologies Inc. 8/11/2012 26
  • 27. SIP NAT • Detect when a UA is behind NAT • Help maintain NAT bindings alive • Provides a publicly reachable IP address © Sangoma Technologies Inc. 8/11/2012 27
  • 28. SIP NAT in FreeSWITCH • Automatic RTP adjustment when media comes from different address than advertised on SDP • Aggressive NAT detection • STUN and ICE support © Sangoma Technologies Inc. 8/11/2012 28
  • 29. Access Control • It‟s all about control, yes, sys admins are control freaks • The network edge of the operator or enterprise is a convenient place to enforce policies • All SIP and RTP traffic to/from a single point (the SBC) © Sangoma Technologies Inc. 8/11/2012 29
  • 30. Access Control in FreeSWITCH • Flexible ACL configuration available • mod_limit for call rate and general resource limiting per IP or „realm‟ • Distributed limits across servers © Sangoma Technologies Inc. 8/11/2012 30
  • 31. Protocol Repair • The world isn‟t perfect, broken devices are everywhere • Not feasible to throw all broken equipment to the garbage (that‟d be too easy wouldn‟t it?) © Sangoma Technologies Inc. 8/11/2012 31
  • 32. Protocol Repair in FreeSWITCH • Allows matching and fixing of SIP header values • Allows modifying SDP contents • Not always possible, SIP stack may discard messages if deemed malformed (ie FUBAR) © Sangoma Technologies Inc. 8/11/2012 32
  • 33. Media Encryption • Desirable to perform encryption on public network • Internal network may need un-encrypted media (ie, lawful interception, endpoints without SRTP support) © Sangoma Technologies Inc. 8/11/2012 33
  • 34. Media Encryption in FreeSWITCH • TLS / SRTP support • ZRTP / SRTP support © Sangoma Technologies Inc. 8/11/2012 34
  • 35. Threat Protection • DoS • Malformed and/or malicious packets • SIP REGISTER scans (ie: sipvicious) • SIP INVITE scans © Sangoma Technologies Inc. 8/11/2012 35
  • 36. Threat Protection for FreeSWITCH • DoS limitation using iptableshashlimit (Kristian‟s famous script) • iptableshashlimit does not work on TLS obviously • iptableshashlimit does not help with malformed packets © Sangoma Technologies Inc. 8/11/2012 36
  • 37. Threat Protection for FreeSWITCH • Fail2ban for registration scans • Depends on log line format, good enough? • mod_fail2ban makes things easier (by kyconquers on github) © Sangoma Technologies Inc. 8/11/2012 37
  • 38. Threat Protection • Use SIP ACLs • Even trusted networks can become compromised • IP spoofing on UDP traffic makes things complicated © Sangoma Technologies Inc. 8/11/2012 38
  • 39. Sofia Limits • Extension to mod_sofia to specify SIP message limits, per host optionally (no ACL yet ) • Uses mod_hash (or any limit interface) to keep track of messages • Launch ESL event when limit is exceeded • Malformed packets are accounted for as well © Sangoma Technologies Inc. 8/11/2012 39
  • 40. Sofia Limits © Sangoma Technologies Inc. 8/11/2012 40
  • 41. Conclusion • Yes, SBCs get in the way, and that‟s a useful and desirable feature in some businesses • FreeSWITCH core foundations go a long way in implementing most common SBC features © Sangoma Technologies Inc. 8/11/2012 41
  • 42. THANK YOU. © Sangoma Technologies Inc. 8/11/2012 42