SlideShare ist ein Scribd-Unternehmen logo

Fosdem2012 sayer-sems-sbc

S
stefansayer

SEMS, the SIP Express Media Server, is the media and application server counterpart to SIP Express Router aka Kamailio/OpenSER, the leading open source SIP Signalling server from iptel.org. Since 2004 SEMS has been used to implement classical value added services in VoIP networks like announcements, conferencing, voicemail and RBT, and converged services as web conferencing and voice message broadcasting. More recently, its integrated Back-to-Back User Agent has been extended and improved for flexibility and high performance, making it one of the few open source solutions for high volume session border control. But there's more to it: Thanks to its flexibility, it can also be used as core call routing element, and be a useful tool in various situations for the VoIP platform engineer. The talk will present the SEMS SBC functionality and typical performance numbers, and then show how developers can use the internal call control API to create custom call routing in the SBC with two examples: Using a RESTful interface, a web app server implemented with the Play! framework is used for user controlled call routing, and by accessing a blacklist database in REDIS, SEMS' SBC can be used to block SPIT.

Technologie
1 von 31
Downloaden Sie, um offline zu lesen
SEMS SBC Stefan Sayer CEO, FRAFOS GmbH FOSDEM 2012, 05.02.2012
Contents ● SEMS project ● The flexible, open SBC ● SBC programmability 2
The SIP Express Media Server ● Media, application server from iptel.org ● Only 1 year younger than SER (*2002) ● Widely used by carriers, ITSPs, OEMs, Universities, hobbyists 3
SEMS use cases 4
SEMS: The VAS platform ● C++, Python APIs ● DSM: State charts scripting engine 5
SBCs – what? “SBCs are SIP application servers with focus on security and isolation” 6
SBCs – the need ● Security requirements are rising → Policy enforcement and control at UNI/NNI ● Topology hiding is necessary → NAT and security ● Core call controls become big and slow → Routing and service management at NNI ● SIP implementations are buggy → “SIP normalization”, translation 7
SBCs – the special case ● On signaling and media plane ● Call stateful – high requirements for availability and scalability ● Interworking with all “SIP dialects” 8
The SEMS SBC ● Widely deployed SIP technology ● Broad range of media capabilities ● Configurable transparency ● Policy programmability – “SBC platform” 9
Signaling Features ● Topology hiding ● From, To, RURI, Contact, Call-ID manipulation ● Header and message filter ● Adding headers ● Reply code translation ● SIP authentication ● SIP Session Timer, Call Timer ● Prepaid accounting 10
Media features ● RTP anchoring / media steering ● Physical network separation ● NAT traversal, symmetric RTP (comedia style) ● Codec filter ● SDP normalization 11
Flexible profile based control sbc.conf iptelecho.sbcprofile.conf load_profiles=iptelecho URI=sip:echo@iptel.org active_profile=iptelecho From=<anonymous@mynet.net> ... To=<sip:echo@iptel.org> ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:echo@iptel.org SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <anonymous@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:echo@iptel.org> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: y76IIPf4UD68bb ... ... ● define SBC behaviour in profiles 12
Set RURI, From, To, Call-ID ... set_fromto.sbcprofile.conf URI=$tU@sbc1.mypeer.net From=<$fU@mynet.net> known To=<sip:$tU@mypeer.net> SER Call-ID=$ci_leg2 pseudo-variables ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:+49123@sbc1.mypeer.net SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <+431556221@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:+49123@mypeer.net> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: 3cde5d1a960a-dez6oz34llo4_leg2 ... ... 13
Replacement patterns ● RURI, From, To, PAI, PPI ($r, $f, $t, $a, $p) ● Call-ID ($ci) ● src, dst IP address/port ($si, $pi, $Ri, $Rp) ● P-App-Param hdr parameter ($P(myparam)) ● Header value ($H(P-My-Header)) ● Map any value via regexp ($M(val=>map)) 14
Control SBC from proxy dynamic_rtprelay_sst.sbcprofile.conf ... enable_rtprelay=$H(P-Enable-RTPRrelay) enable_session_timer=$H(P-Enable-SST) ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:+49123@sbc1.mypeer.net SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <+431556221@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:+49123@mypeer.net> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: 3cde5d1a960a-dez6oz34llo4_leg2 P-Enable-RTPRelay: no Session-Expires: 300 P-Enable-SST: yes ... ... 15
Profile selection ● Static ● active_profile=static_config ● Pseudo-var ipmap.conf ● active_profile=$rU ^10.0..*=>internal1 ^10.1..*=>internal2 ● Mapping urimap.conf iptel.org=>iptel ● active_profile=$M(val=>map) fliptel.com=>fliptel ● Select first matched ● active_profile=$M($si=>ipmap), $M($ru=>urimap),$H(P-SBCProfile),refuse 16
Manage SBC ● sems-sbc-* tools ● get and set active profile ● load and reload profiles ● load and reload mappings ● Track profile versions with MD5 hash ● Get statistics from monitoring 17
Processing model UDP other receiver/msg parser event sources threads Session Container RTP processing session pool event queues event processing ● Signaling: Async, one thread per call or thread pool ● Media: Sync, Thread pool 18
SEMS B2BUA architecture DIALOG DIALOG SIP message event SIP message ● Two complete, separate instances of dialog handling: Locally SIP correct 19
E.g.: Session Timers SST: refresh! Re-INVITE SDP changed? 200 Re-INVITE event: session changed 200 ● Use UPDATE or re-INVITE for refresh ● SST and timer values per leg ● Try to have e2e refresh 20
SBC programmability ● Pluggable Call Control modules for custom SBC application scenario ● e.g. policing with external data source Call control Call control Call control SBC SEMS core 21
Call control SBC-API ● V1: connect(...), start(...), end(...) ● Control SBC through call profile object ● Pattern replacements (provisioning) in both input and output ● Modules: CDR generation, call timer, prepaid, parallel calls limit, REST/http, REDIS blacklist 22
Programmability example (1) ● Call Forward settings via Web App ● Destination queried via REST interface 23
Minimal Play! Web app 24
...with CRUD module 25
REST call control module ● Using libcurl for http request ● Result expected as JSON or TEXT (key=valuen) 26
Programmability example (2) ● In-memory Blacklist DB: REDIS ● Connection pool ● Configurable command ● SMEMBER blacklist $fU ● rate limiting with ZRANGE ● More complex logic in lua ● ... 27
Programmability example (3) FRAFOS: SBC with Provisioning and OAM GUI 28
FRAFOS: SBC high availability ● Replication of call state to hot standby ● Transparent fail-over 29
SBC performance 30
Thank You. http://iptel.org/sems

Empfohlen

Getting started with SIP Express Media Server SIP app server and SBC - workshop
Getting started with SIP Express Media Server SIP app server and SBC - workshopGetting started with SIP Express Media Server SIP app server and SBC - workshop
Getting started with SIP Express Media Server SIP app server and SBC - workshopstefansayer
 
SIP Express Media Server SBC application as powerful SBC and SIP toolbox
SIP Express Media Server SBC application as powerful SBC and SIP toolboxSIP Express Media Server SBC application as powerful SBC and SIP toolbox
SIP Express Media Server SBC application as powerful SBC and SIP toolboxstefansayer
 
Asterisk: the future is at REST
Asterisk: the future is at RESTAsterisk: the future is at REST
Asterisk: the future is at RESTPaloSanto Solutions
 
Todo lo lo que necesita saber para implementar FreePBX
Todo lo lo que necesita saber para implementar FreePBXTodo lo lo que necesita saber para implementar FreePBX
Todo lo lo que necesita saber para implementar FreePBXPaloSanto Solutions
 
LinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellLinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellMatt Bynum
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !Francesco Prior
 
Asa pixfwsm multicast tips and common problems
Asa pixfwsm multicast tips and common problemsAsa pixfwsm multicast tips and common problems
Asa pixfwsm multicast tips and common problemsIT Tech
 
Spoto updated new
Spoto updated newSpoto updated new
Spoto updated newAmolDhoke3
 

Empfohlen

Getting started with SIP Express Media Server SIP app server and SBC - workshop
Getting started with SIP Express Media Server SIP app server and SBC - workshopGetting started with SIP Express Media Server SIP app server and SBC - workshop
Getting started with SIP Express Media Server SIP app server and SBC - workshopstefansayer
 
SIP Express Media Server SBC application as powerful SBC and SIP toolbox
SIP Express Media Server SBC application as powerful SBC and SIP toolboxSIP Express Media Server SBC application as powerful SBC and SIP toolbox
SIP Express Media Server SBC application as powerful SBC and SIP toolboxstefansayer
 
Asterisk: the future is at REST
Asterisk: the future is at RESTAsterisk: the future is at REST
Asterisk: the future is at RESTPaloSanto Solutions
 
Todo lo lo que necesita saber para implementar FreePBX
Todo lo lo que necesita saber para implementar FreePBXTodo lo lo que necesita saber para implementar FreePBX
Todo lo lo que necesita saber para implementar FreePBXPaloSanto Solutions
 
LinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellLinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellMatt Bynum
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !Francesco Prior
 
Asa pixfwsm multicast tips and common problems
Asa pixfwsm multicast tips and common problemsAsa pixfwsm multicast tips and common problems
Asa pixfwsm multicast tips and common problemsIT Tech
 
Spoto updated new
Spoto updated newSpoto updated new
Spoto updated newAmolDhoke3
 
Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall NetProtocol Xpert
 
Nat
NatNat
NatMohamed Gamel
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !Francesco Prior
 
The 12 tasks of Asterisk
The 12 tasks of AsteriskThe 12 tasks of Asterisk
The 12 tasks of AsteriskElio Rojano
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructorSalem Trabelsi
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_trainingvideos
 
Best practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionBest practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionWestermo Network Technologies
 
Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraudFlavio Eduardo de Andrade Goncalves
 
No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014Flavio Eduardo de Andrade Goncalves
 
Telephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformTelephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformHamid Fadishei
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Cisco Security
 
Pf sense 2.0
Pf sense 2.0Pf sense 2.0
Pf sense 2.0OpenFest team
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...Salem Trabelsi
 
3. configuring a compute node for nfv
3. configuring a compute node for nfv3. configuring a compute node for nfv
3. configuring a compute node for nfvvideos
 
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونیاسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونیMohammad Reza Kamalifard
 
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01Duane Bodle
 
Bundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPMBundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPMAlexander Shopov
 
Designing High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDesigning High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDaniel-Constantin Mierla
 
Banog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as codeBanog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as codeDamien Garros
 
Configure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfConfigure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfBT Digital
 
Kamailio - SIP Servers Everywhere
Kamailio - SIP Servers EverywhereKamailio - SIP Servers Everywhere
Kamailio - SIP Servers EverywhereDaniel-Constantin Mierla
 

Weitere ähnliche Inhalte

Was ist angesagt?

Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall NetProtocol Xpert
 
The 12 tasks of Asterisk
The 12 tasks of AsteriskThe 12 tasks of Asterisk
The 12 tasks of AsteriskElio Rojano
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructorSalem Trabelsi
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_trainingvideos
 
Best practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionBest practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionWestermo Network Technologies
 
Telephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformTelephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformHamid Fadishei
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Cisco Security
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...Salem Trabelsi
 
3. configuring a compute node for nfv
3. configuring a compute node for nfv3. configuring a compute node for nfv
3. configuring a compute node for nfvvideos
 
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونیاسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونیMohammad Reza Kamalifard
 
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01Duane Bodle
 
Bundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPMBundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPMAlexander Shopov
 

Was ist angesagt? (18)

Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall
 
Nat
NatNat
Nat
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !
 
The 12 tasks of Asterisk
The 12 tasks of AsteriskThe 12 tasks of Asterisk
The 12 tasks of Asterisk
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training
 
Best practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionBest practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protection
 
Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraud
 
No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014
 
Telephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformTelephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk Platform
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)
 
Pf sense 2.0
Pf sense 2.0Pf sense 2.0
Pf sense 2.0
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NAT
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
 
3. configuring a compute node for nfv
3. configuring a compute node for nfv3. configuring a compute node for nfv
3. configuring a compute node for nfv
 
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونیاسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
 
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
 
Bundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPMBundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPM
 

Ähnlich wie Fosdem2012 sayer-sems-sbc

Designing High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDesigning High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDaniel-Constantin Mierla
 
Banog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as codeBanog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as codeDamien Garros
 
Configure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfConfigure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfBT Digital
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
OSMC 2021 | Icinga-Installer – the easy way to your Icinga
OSMC 2021 | Icinga-Installer – the easy way to your IcingaOSMC 2021 | Icinga-Installer – the easy way to your Icinga
OSMC 2021 | Icinga-Installer – the easy way to your IcingaNETWAYS
 
SecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAPSecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAPChris John Riley
 
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleVoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleFaisal Khan
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiYossi Sassi
 
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical NagiosNagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical NagiosNagios
 
ZTE FL NGN ZXSS10 Induction training manual.pdf
ZTE FL NGN ZXSS10 Induction training manual.pdfZTE FL NGN ZXSS10 Induction training manual.pdf
ZTE FL NGN ZXSS10 Induction training manual.pdfmengistuyirga
 
CCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management AutomationCCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management AutomationE.S.G. JR. Consulting, Inc.
 
SAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAPSAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAPChris John Riley
 
Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Daniele Albrizio
 
CI/CD and TDD in deploying kamailio
CI/CD and TDD in deploying kamailioCI/CD and TDD in deploying kamailio
CI/CD and TDD in deploying kamailioAleksandar Sosic
 
r2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCyr2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCyRay Song
 
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全維泰 蔡
 
Introduction to VoIP using SIP
Introduction to VoIP using SIPIntroduction to VoIP using SIP
Introduction to VoIP using SIPKundan Singh
 

Ähnlich wie Fosdem2012 sayer-sems-sbc (20)

Designing High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDesigning High Performance RTC Signaling Servers
Designing High Performance RTC Signaling Servers
 
Banog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as codeBanog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as code
 
Configure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfConfigure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdf
 
Kamailio - SIP Servers Everywhere
Kamailio - SIP Servers EverywhereKamailio - SIP Servers Everywhere
Kamailio - SIP Servers Everywhere
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
OSMC 2021 | Icinga-Installer – the easy way to your Icinga
OSMC 2021 | Icinga-Installer – the easy way to your IcingaOSMC 2021 | Icinga-Installer – the easy way to your Icinga
OSMC 2021 | Icinga-Installer – the easy way to your Icinga
 
SecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAPSecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAP
 
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleVoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
 
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical NagiosNagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
 
Sc manual
Sc manualSc manual
Sc manual
 
ZTE FL NGN ZXSS10 Induction training manual.pdf
ZTE FL NGN ZXSS10 Induction training manual.pdfZTE FL NGN ZXSS10 Induction training manual.pdf
ZTE FL NGN ZXSS10 Induction training manual.pdf
 
CCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management AutomationCCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management Automation
 
SAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAPSAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAP
 
Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi
 
CI/CD and TDD in deploying kamailio
CI/CD and TDD in deploying kamailioCI/CD and TDD in deploying kamailio
CI/CD and TDD in deploying kamailio
 
Setting ubuntu server sebagai pc router
Setting ubuntu server sebagai pc routerSetting ubuntu server sebagai pc router
Setting ubuntu server sebagai pc router
 
r2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCyr2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCy
 
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
 
Introduction to VoIP using SIP
Introduction to VoIP using SIPIntroduction to VoIP using SIP
Introduction to VoIP using SIP
 

Mehr von stefansayer

The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway stefansayer
 
WebRTC: Why and How?
WebRTC: Why and How?WebRTC: Why and How?
WebRTC: Why and How?stefansayer
 
FRAFOS ABC Session Border Controller
FRAFOS ABC Session Border ControllerFRAFOS ABC Session Border Controller
FRAFOS ABC Session Border Controllerstefansayer
 
Understanding Session Border Controllers
Understanding Session Border ControllersUnderstanding Session Border Controllers
Understanding Session Border Controllersstefansayer
 
Frafos ABC SBC - Secure peering
Frafos ABC SBC - Secure peeringFrafos ABC SBC - Secure peering
Frafos ABC SBC - Secure peeringstefansayer
 
FRAFOS Secure Session Border Control
FRAFOS Secure Session Border ControlFRAFOS Secure Session Border Control
FRAFOS Secure Session Border Controlstefansayer
 
12 vladimir.broz-sems-sbc
12 vladimir.broz-sems-sbc12 vladimir.broz-sems-sbc
12 vladimir.broz-sems-sbcstefansayer
 

Mehr von stefansayer (7)

The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway
 
WebRTC: Why and How?
WebRTC: Why and How?WebRTC: Why and How?
WebRTC: Why and How?
 
FRAFOS ABC Session Border Controller
FRAFOS ABC Session Border ControllerFRAFOS ABC Session Border Controller
FRAFOS ABC Session Border Controller
 
Understanding Session Border Controllers
Understanding Session Border ControllersUnderstanding Session Border Controllers
Understanding Session Border Controllers
 
Frafos ABC SBC - Secure peering
Frafos ABC SBC - Secure peeringFrafos ABC SBC - Secure peering
Frafos ABC SBC - Secure peering
 
FRAFOS Secure Session Border Control
FRAFOS Secure Session Border ControlFRAFOS Secure Session Border Control
FRAFOS Secure Session Border Control
 
12 vladimir.broz-sems-sbc
12 vladimir.broz-sems-sbc12 vladimir.broz-sems-sbc
12 vladimir.broz-sems-sbc
 

Kürzlich hochgeladen

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Kürzlich hochgeladen (20)

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Fosdem2012 sayer-sems-sbc

  • 1. SEMS SBC Stefan Sayer CEO, FRAFOS GmbH FOSDEM 2012, 05.02.2012
  • 2. Contents ● SEMS project ● The flexible, open SBC ● SBC programmability 2
  • 3. The SIP Express Media Server ● Media, application server from iptel.org ● Only 1 year younger than SER (*2002) ● Widely used by carriers, ITSPs, OEMs, Universities, hobbyists 3
  • 5. SEMS: The VAS platform ● C++, Python APIs ● DSM: State charts scripting engine 5
  • 6. SBCs – what? “SBCs are SIP application servers with focus on security and isolation” 6
  • 7. SBCs – the need ● Security requirements are rising → Policy enforcement and control at UNI/NNI ● Topology hiding is necessary → NAT and security ● Core call controls become big and slow → Routing and service management at NNI ● SIP implementations are buggy → “SIP normalization”, translation 7
  • 8. SBCs – the special case ● On signaling and media plane ● Call stateful – high requirements for availability and scalability ● Interworking with all “SIP dialects” 8
  • 9. The SEMS SBC ● Widely deployed SIP technology ● Broad range of media capabilities ● Configurable transparency ● Policy programmability – “SBC platform” 9
  • 10. Signaling Features ● Topology hiding ● From, To, RURI, Contact, Call-ID manipulation ● Header and message filter ● Adding headers ● Reply code translation ● SIP authentication ● SIP Session Timer, Call Timer ● Prepaid accounting 10
  • 11. Media features ● RTP anchoring / media steering ● Physical network separation ● NAT traversal, symmetric RTP (comedia style) ● Codec filter ● SDP normalization 11
  • 12. Flexible profile based control sbc.conf iptelecho.sbcprofile.conf load_profiles=iptelecho URI=sip:echo@iptel.org active_profile=iptelecho From=<anonymous@mynet.net> ... To=<sip:echo@iptel.org> ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:echo@iptel.org SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <anonymous@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:echo@iptel.org> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: y76IIPf4UD68bb ... ... ● define SBC behaviour in profiles 12
  • 13. Set RURI, From, To, Call-ID ... set_fromto.sbcprofile.conf URI=$tU@sbc1.mypeer.net From=<$fU@mynet.net> known To=<sip:$tU@mypeer.net> SER Call-ID=$ci_leg2 pseudo-variables ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:+49123@sbc1.mypeer.net SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <+431556221@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:+49123@mypeer.net> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: 3cde5d1a960a-dez6oz34llo4_leg2 ... ... 13
  • 14. Replacement patterns ● RURI, From, To, PAI, PPI ($r, $f, $t, $a, $p) ● Call-ID ($ci) ● src, dst IP address/port ($si, $pi, $Ri, $Rp) ● P-App-Param hdr parameter ($P(myparam)) ● Header value ($H(P-My-Header)) ● Map any value via regexp ($M(val=>map)) 14
  • 15. Control SBC from proxy dynamic_rtprelay_sst.sbcprofile.conf ... enable_rtprelay=$H(P-Enable-RTPRrelay) enable_session_timer=$H(P-Enable-SST) ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:+49123@sbc1.mypeer.net SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <+431556221@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:+49123@mypeer.net> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: 3cde5d1a960a-dez6oz34llo4_leg2 P-Enable-RTPRelay: no Session-Expires: 300 P-Enable-SST: yes ... ... 15
  • 16. Profile selection ● Static ● active_profile=static_config ● Pseudo-var ipmap.conf ● active_profile=$rU ^10.0..*=>internal1 ^10.1..*=>internal2 ● Mapping urimap.conf iptel.org=>iptel ● active_profile=$M(val=>map) fliptel.com=>fliptel ● Select first matched ● active_profile=$M($si=>ipmap), $M($ru=>urimap),$H(P-SBCProfile),refuse 16
  • 17. Manage SBC ● sems-sbc-* tools ● get and set active profile ● load and reload profiles ● load and reload mappings ● Track profile versions with MD5 hash ● Get statistics from monitoring 17
  • 18. Processing model UDP other receiver/msg parser event sources threads Session Container RTP processing session pool event queues event processing ● Signaling: Async, one thread per call or thread pool ● Media: Sync, Thread pool 18
  • 19. SEMS B2BUA architecture DIALOG DIALOG SIP message event SIP message ● Two complete, separate instances of dialog handling: Locally SIP correct 19
  • 20. E.g.: Session Timers SST: refresh! Re-INVITE SDP changed? 200 Re-INVITE event: session changed 200 ● Use UPDATE or re-INVITE for refresh ● SST and timer values per leg ● Try to have e2e refresh 20
  • 21. SBC programmability ● Pluggable Call Control modules for custom SBC application scenario ● e.g. policing with external data source Call control Call control Call control SBC SEMS core 21
  • 22. Call control SBC-API ● V1: connect(...), start(...), end(...) ● Control SBC through call profile object ● Pattern replacements (provisioning) in both input and output ● Modules: CDR generation, call timer, prepaid, parallel calls limit, REST/http, REDIS blacklist 22
  • 23. Programmability example (1) ● Call Forward settings via Web App ● Destination queried via REST interface 23
  • 26. REST call control module ● Using libcurl for http request ● Result expected as JSON or TEXT (key=valuen) 26
  • 27. Programmability example (2) ● In-memory Blacklist DB: REDIS ● Connection pool ● Configurable command ● SMEMBER blacklist $fU ● rate limiting with ZRANGE ● More complex logic in lua ● ... 27
  • 28. Programmability example (3) FRAFOS: SBC with Provisioning and OAM GUI 28
  • 29. FRAFOS: SBC high availability ● Replication of call state to hot standby ● Transparent fail-over 29