1 / 21

Vocalcom High Availability Voice

Vocalcom High Availability Voice. Mediant 4000 SBC Configuration. Audiocodes HA Mechanisms. Audiocodes SBC High Availability provide : A 1+1 redundancy scheme A keep -alive mechanism to automatically switchover SBC in case of failure

zorion
Télécharger la présentation

Vocalcom High Availability Voice

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Vocalcom High Availability Voice Mediant 4000 SBC Configuration

  2. Audiocodes HA Mechanisms Audiocodes SBC High Availabilityprovide : • A 1+1 redundancyscheme • A keep-alive mechanism to automaticallyswitchover SBC in case of failure • A call contextsynchronizationin order to preserve active calls during a switchover • A method to upgrade SBC firmwarewithoutdisturbingcurrent calls (Hitless Software Upgrade) • A single configuration and auxiliary files repository for the M4K cluster

  3. VocalcomDeployment

  4. Mediant 4000 HA

  5. Mediant 4000 HA – Mode 1 – Local Deployment

  6. Mediant 4000 HA – Mode 2 – GeographicalRedundancy

  7. Mediant 4000 HA – Firewalls Config • The following table providerules to setup SBC firewall in case of security activation or, in case of geographical HA, for filteringnodeson the SBC’s MAINTENANCE vlan

  8. Mediant 4000 HA: PreRequisites • High AvailabilityFeature key (licensing) • Two Mediant 4000 SBC • Two Gigabit Ethernet ports per switch • Power ConsumptionM4K HA : • 2.5A @ 230VAC, 75W

  9. SBC Security

  10. AudioCodes Session Border Controller Main Tasks AudioCodes Session Border Controller

  11. AudioCodes Session Border Controller (SBC) - Key Roles

  12. How Does AudioCodes SBC Secure SIP Traffic Filter out SIP messages which do not belong to an open dialog Accept messages based on SIP header properties. For exp, request URI etc Call Admission Control SIP Digest Authentication Filter oversized SIP messages, unwanted SIP bodies, SIP syntax policing SIP Access List & Classification Context Identification SIP Message Policy Look at the IP addresses and ports to filter unwanted packets and throttles the incoming packet rate TCP/TLS Integrity and Authentication Overcome TCP vulnerabilities, perform TLS authentication Layer 3-4 Firewall and Rate Limiting Unauthorized Access UnClassified SIP Traffic Calls over Limit Protocol Vulnerabilities Brute force DoS SIP dialog Attacks Legitimate Traffic TCP attacks,Identity Spoofing

  13. Security : Topology Hiding • Topology hiding is important for hiding network internals and for privacy • Achieved through use of SIP B2BUA: • VIA stripping – each B2BUA leg will have its own VIA rules independent of the other leg • Independent Route/Record Route in each leg • Host name modification (e.g. To/From) • Inserting the SBC Contact in each leg • Different Call ID for each leg • NAT/Layer 3 Topology Hiding – modification of Src. IP address in IP Header • Restrict caller ID for un trusted legs AudioCodes Proprietary and Confidential Information

  14. Security : DoS/DDoS • Protection against DOS/SIP attacks • Access list within layer 3 and layer 5 • Layer 3 Rate limiting according to local and remote IP port and transport type • SIP Dialog rate and concurrent calls limiting • Rich message filtering rules: message size, number of headers, message body types, request type and more • Protection against SIP vulnerabilities • OS/IP stack vulnerabilities handling • Passed DoD tests and got FIPS140 certificate

  15. Security : Call Admission Control • Limit number of concurrent calls per Subnet/SIP trunk • Limit number of registered users per subnet • Limit call setup rate per Subnet/SIP trunk/user (average and burst) • VoIP codec policing and prioritizing • Self overload protection • Registration flood protection and throttling • Protocol Validation

  16. Security : Encryption • TLS • SSL 2.0, SSL 3.0, TLS 1.0 • Re handshake • Mutual authentication • Certificate Revocation Checking • Verify Subject Alt Name against the provisioned proxy name • SRTP-RFC 4568 sdes (voice, video) • SRTP enforcement • Best effort SRTP using two media lines • IPSEC – Control & management only • VPN (MSBG)

  17. Mediant 4000 SBC Highlights • Med to high-density SBC platform • 250 to 4000 SBC sessions and more… • Based on field proven AudioCodes SBC family • High availability with 2-box redundancy • State-of-the art AMC (MicroTCA) based platform • Cost effective compact footprint (1U)

  18. Mediant 4000 SBC Highlights • Strong DOS/DDOS and VoIP firewall protection • Easy SBC session capacity upgrades via software key • SIP TLS security and Media Encryption • Media handling including transcoding capabilities • Wide range of vocoders including Low Bit Rate (LBR), wireline, cellular and wideband vocoders • Decoupling of DSPs (Transcoding) from CPU (SBC sessions)

  19. TeleHouse 2Deployment of first SBC in production

  20. TeleHouse 2 Deployment : Rack Utilization & Power Consumption • 6U used in cabinet • Total power consumption: • 8 power connectors are needed to plugeach power supply

  21. TeleHouse 2 Deployment: Network Connections • Mediant 4000’s • Red Ethernet connection carries SIP signaling and media using a single IP address • Orange Ethernet connectionisused for OAMP purpose (remoteaccess, supervision…) • 2 ports perswitch and perMediant 4000 are needed

More Related