SlideShare ist ein Scribd-Unternehmen logo

Fosdem2012 sayer-sems-sbc

S
stefansayer

SEMS, the SIP Express Media Server, is the media and application server counterpart to SIP Express Router aka Kamailio/OpenSER, the leading open source SIP Signalling server from iptel.org. Since 2004 SEMS has been used to implement classical value added services in VoIP networks like announcements, conferencing, voicemail and RBT, and converged services as web conferencing and voice message broadcasting. More recently, its integrated Back-to-Back User Agent has been extended and improved for flexibility and high performance, making it one of the few open source solutions for high volume session border control. But there's more to it: Thanks to its flexibility, it can also be used as core call routing element, and be a useful tool in various situations for the VoIP platform engineer. The talk will present the SEMS SBC functionality and typical performance numbers, and then show how developers can use the internal call control API to create custom call routing in the SBC with two examples: Using a RESTful interface, a web app server implemented with the Play! framework is used for user controlled call routing, and by accessing a blacklist database in REDIS, SEMS' SBC can be used to block SPIT.

Technologie
1 von 31
Downloaden Sie, um offline zu lesen
SEMS SBC Stefan Sayer CEO, FRAFOS GmbH FOSDEM 2012, 05.02.2012
Contents ● SEMS project ● The flexible, open SBC ● SBC programmability 2
The SIP Express Media Server ● Media, application server from iptel.org ● Only 1 year younger than SER (*2002) ● Widely used by carriers, ITSPs, OEMs, Universities, hobbyists 3
SEMS use cases 4
SEMS: The VAS platform ● C++, Python APIs ● DSM: State charts scripting engine 5
SBCs – what? “SBCs are SIP application servers with focus on security and isolation” 6
SBCs – the need ● Security requirements are rising → Policy enforcement and control at UNI/NNI ● Topology hiding is necessary → NAT and security ● Core call controls become big and slow → Routing and service management at NNI ● SIP implementations are buggy → “SIP normalization”, translation 7
SBCs – the special case ● On signaling and media plane ● Call stateful – high requirements for availability and scalability ● Interworking with all “SIP dialects” 8
The SEMS SBC ● Widely deployed SIP technology ● Broad range of media capabilities ● Configurable transparency ● Policy programmability – “SBC platform” 9
Signaling Features ● Topology hiding ● From, To, RURI, Contact, Call-ID manipulation ● Header and message filter ● Adding headers ● Reply code translation ● SIP authentication ● SIP Session Timer, Call Timer ● Prepaid accounting 10
Media features ● RTP anchoring / media steering ● Physical network separation ● NAT traversal, symmetric RTP (comedia style) ● Codec filter ● SDP normalization 11
Flexible profile based control sbc.conf iptelecho.sbcprofile.conf load_profiles=iptelecho URI=sip:echo@iptel.org active_profile=iptelecho From=<anonymous@mynet.net> ... To=<sip:echo@iptel.org> ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:echo@iptel.org SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <anonymous@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:echo@iptel.org> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: y76IIPf4UD68bb ... ... ● define SBC behaviour in profiles 12
Set RURI, From, To, Call-ID ... set_fromto.sbcprofile.conf URI=$tU@sbc1.mypeer.net From=<$fU@mynet.net> known To=<sip:$tU@mypeer.net> SER Call-ID=$ci_leg2 pseudo-variables ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:+49123@sbc1.mypeer.net SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <+431556221@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:+49123@mypeer.net> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: 3cde5d1a960a-dez6oz34llo4_leg2 ... ... 13
Replacement patterns ● RURI, From, To, PAI, PPI ($r, $f, $t, $a, $p) ● Call-ID ($ci) ● src, dst IP address/port ($si, $pi, $Ri, $Rp) ● P-App-Param hdr parameter ($P(myparam)) ● Header value ($H(P-My-Header)) ● Map any value via regexp ($M(val=>map)) 14
Control SBC from proxy dynamic_rtprelay_sst.sbcprofile.conf ... enable_rtprelay=$H(P-Enable-RTPRrelay) enable_session_timer=$H(P-Enable-SST) ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:+49123@sbc1.mypeer.net SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <+431556221@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:+49123@mypeer.net> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: 3cde5d1a960a-dez6oz34llo4_leg2 P-Enable-RTPRelay: no Session-Expires: 300 P-Enable-SST: yes ... ... 15
Profile selection ● Static ● active_profile=static_config ● Pseudo-var ipmap.conf ● active_profile=$rU ^10.0..*=>internal1 ^10.1..*=>internal2 ● Mapping urimap.conf iptel.org=>iptel ● active_profile=$M(val=>map) fliptel.com=>fliptel ● Select first matched ● active_profile=$M($si=>ipmap), $M($ru=>urimap),$H(P-SBCProfile),refuse 16
Manage SBC ● sems-sbc-* tools ● get and set active profile ● load and reload profiles ● load and reload mappings ● Track profile versions with MD5 hash ● Get statistics from monitoring 17
Processing model UDP other receiver/msg parser event sources threads Session Container RTP processing session pool event queues event processing ● Signaling: Async, one thread per call or thread pool ● Media: Sync, Thread pool 18
SEMS B2BUA architecture DIALOG DIALOG SIP message event SIP message ● Two complete, separate instances of dialog handling: Locally SIP correct 19
E.g.: Session Timers SST: refresh! Re-INVITE SDP changed? 200 Re-INVITE event: session changed 200 ● Use UPDATE or re-INVITE for refresh ● SST and timer values per leg ● Try to have e2e refresh 20
SBC programmability ● Pluggable Call Control modules for custom SBC application scenario ● e.g. policing with external data source Call control Call control Call control SBC SEMS core 21
Call control SBC-API ● V1: connect(...), start(...), end(...) ● Control SBC through call profile object ● Pattern replacements (provisioning) in both input and output ● Modules: CDR generation, call timer, prepaid, parallel calls limit, REST/http, REDIS blacklist 22
Programmability example (1) ● Call Forward settings via Web App ● Destination queried via REST interface 23
Minimal Play! Web app 24
...with CRUD module 25
REST call control module ● Using libcurl for http request ● Result expected as JSON or TEXT (key=valuen) 26
Programmability example (2) ● In-memory Blacklist DB: REDIS ● Connection pool ● Configurable command ● SMEMBER blacklist $fU ● rate limiting with ZRANGE ● More complex logic in lua ● ... 27
Programmability example (3) FRAFOS: SBC with Provisioning and OAM GUI 28
FRAFOS: SBC high availability ● Replication of call state to hot standby ● Transparent fail-over 29
SBC performance 30
Thank You. http://iptel.org/sems

Empfohlen

Getting started with SIP Express Media Server SIP app server and SBC - workshop
Getting started with SIP Express Media Server SIP app server and SBC - workshopGetting started with SIP Express Media Server SIP app server and SBC - workshop
Getting started with SIP Express Media Server SIP app server and SBC - workshopstefansayer
 
SIP Express Media Server SBC application as powerful SBC and SIP toolbox
SIP Express Media Server SBC application as powerful SBC and SIP toolboxSIP Express Media Server SBC application as powerful SBC and SIP toolbox
SIP Express Media Server SBC application as powerful SBC and SIP toolboxstefansayer
 
Asterisk: the future is at REST
Asterisk: the future is at RESTAsterisk: the future is at REST
Asterisk: the future is at RESTPaloSanto Solutions
 
Todo lo lo que necesita saber para implementar FreePBX
Todo lo lo que necesita saber para implementar FreePBXTodo lo lo que necesita saber para implementar FreePBX
Todo lo lo que necesita saber para implementar FreePBXPaloSanto Solutions
 
LinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellLinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellMatt Bynum
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !Francesco Prior
 
Asa pixfwsm multicast tips and common problems
Asa pixfwsm multicast tips and common problemsAsa pixfwsm multicast tips and common problems
Asa pixfwsm multicast tips and common problemsIT Tech
 
Spoto updated new
Spoto updated newSpoto updated new
Spoto updated newAmolDhoke3
 

Empfohlen

Getting started with SIP Express Media Server SIP app server and SBC - workshop
Getting started with SIP Express Media Server SIP app server and SBC - workshopGetting started with SIP Express Media Server SIP app server and SBC - workshop
Getting started with SIP Express Media Server SIP app server and SBC - workshopstefansayer
 
SIP Express Media Server SBC application as powerful SBC and SIP toolbox
SIP Express Media Server SBC application as powerful SBC and SIP toolboxSIP Express Media Server SBC application as powerful SBC and SIP toolbox
SIP Express Media Server SBC application as powerful SBC and SIP toolboxstefansayer
 
Asterisk: the future is at REST
Asterisk: the future is at RESTAsterisk: the future is at REST
Asterisk: the future is at RESTPaloSanto Solutions
 
Todo lo lo que necesita saber para implementar FreePBX
Todo lo lo que necesita saber para implementar FreePBXTodo lo lo que necesita saber para implementar FreePBX
Todo lo lo que necesita saber para implementar FreePBXPaloSanto Solutions
 
LinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellLinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellMatt Bynum
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !Francesco Prior
 
Asa pixfwsm multicast tips and common problems
Asa pixfwsm multicast tips and common problemsAsa pixfwsm multicast tips and common problems
Asa pixfwsm multicast tips and common problemsIT Tech
 
Spoto updated new
Spoto updated newSpoto updated new
Spoto updated newAmolDhoke3
 
Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall NetProtocol Xpert
 
Nat
NatNat
NatMohamed Gamel
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !Francesco Prior
 
The 12 tasks of Asterisk
The 12 tasks of AsteriskThe 12 tasks of Asterisk
The 12 tasks of AsteriskElio Rojano
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructorSalem Trabelsi
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_trainingvideos
 
Best practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionBest practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionWestermo Network Technologies
 
Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraudFlavio Eduardo de Andrade Goncalves
 
No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014Flavio Eduardo de Andrade Goncalves
 
Telephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformTelephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformHamid Fadishei
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Cisco Security
 
Pf sense 2.0
Pf sense 2.0Pf sense 2.0
Pf sense 2.0OpenFest team
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...Salem Trabelsi
 
3. configuring a compute node for nfv
3. configuring a compute node for nfv3. configuring a compute node for nfv
3. configuring a compute node for nfvvideos
 
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونیاسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونیMohammad Reza Kamalifard
 
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01Duane Bodle
 
Bundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPMBundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPMAlexander Shopov
 
Designing High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDesigning High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDaniel-Constantin Mierla
 
Banog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as codeBanog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as codeDamien Garros
 
Configure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfConfigure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfBT Digital
 
Kamailio - SIP Servers Everywhere
Kamailio - SIP Servers EverywhereKamailio - SIP Servers Everywhere
Kamailio - SIP Servers EverywhereDaniel-Constantin Mierla
 

Weitere ähnliche Inhalte

Was ist angesagt?

Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall NetProtocol Xpert
 
The 12 tasks of Asterisk
The 12 tasks of AsteriskThe 12 tasks of Asterisk
The 12 tasks of AsteriskElio Rojano
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructorSalem Trabelsi
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_trainingvideos
 
Best practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionBest practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionWestermo Network Technologies
 
Telephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformTelephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformHamid Fadishei
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Cisco Security
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...Salem Trabelsi
 
3. configuring a compute node for nfv
3. configuring a compute node for nfv3. configuring a compute node for nfv
3. configuring a compute node for nfvvideos
 
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونیاسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونیMohammad Reza Kamalifard
 
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01Duane Bodle
 
Bundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPMBundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPMAlexander Shopov
 

Was ist angesagt? (18)

Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall
 
Nat
NatNat
Nat
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !
 
The 12 tasks of Asterisk
The 12 tasks of AsteriskThe 12 tasks of Asterisk
The 12 tasks of Asterisk
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training
 
Best practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionBest practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protection
 
Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraud
 
No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014
 
Telephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformTelephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk Platform
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)
 
Pf sense 2.0
Pf sense 2.0Pf sense 2.0
Pf sense 2.0
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NAT
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
 
3. configuring a compute node for nfv
3. configuring a compute node for nfv3. configuring a compute node for nfv
3. configuring a compute node for nfv
 
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونیاسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
 
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
 
Bundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPMBundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPM
 

Ähnlich wie Fosdem2012 sayer-sems-sbc

Designing High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDesigning High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDaniel-Constantin Mierla
 
Banog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as codeBanog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as codeDamien Garros
 
Configure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfConfigure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfBT Digital
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
OSMC 2021 | Icinga-Installer – the easy way to your Icinga
OSMC 2021 | Icinga-Installer – the easy way to your IcingaOSMC 2021 | Icinga-Installer – the easy way to your Icinga
OSMC 2021 | Icinga-Installer – the easy way to your IcingaNETWAYS
 
SecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAPSecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAPChris John Riley
 
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleVoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleFaisal Khan
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiYossi Sassi
 
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical NagiosNagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical NagiosNagios
 
ZTE FL NGN ZXSS10 Induction training manual.pdf
ZTE FL NGN ZXSS10 Induction training manual.pdfZTE FL NGN ZXSS10 Induction training manual.pdf
ZTE FL NGN ZXSS10 Induction training manual.pdfmengistuyirga
 
CCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management AutomationCCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management AutomationE.S.G. JR. Consulting, Inc.
 
SAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAPSAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAPChris John Riley
 
Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Daniele Albrizio
 
CI/CD and TDD in deploying kamailio
CI/CD and TDD in deploying kamailioCI/CD and TDD in deploying kamailio
CI/CD and TDD in deploying kamailioAleksandar Sosic
 
r2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCyr2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCyRay Song
 
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全維泰 蔡
 
Introduction to VoIP using SIP
Introduction to VoIP using SIPIntroduction to VoIP using SIP
Introduction to VoIP using SIPKundan Singh
 

Ähnlich wie Fosdem2012 sayer-sems-sbc (20)

Designing High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDesigning High Performance RTC Signaling Servers
Designing High Performance RTC Signaling Servers
 
Banog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as codeBanog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as code
 
Configure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfConfigure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdf
 
Kamailio - SIP Servers Everywhere
Kamailio - SIP Servers EverywhereKamailio - SIP Servers Everywhere
Kamailio - SIP Servers Everywhere
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
OSMC 2021 | Icinga-Installer – the easy way to your Icinga
OSMC 2021 | Icinga-Installer – the easy way to your IcingaOSMC 2021 | Icinga-Installer – the easy way to your Icinga
OSMC 2021 | Icinga-Installer – the easy way to your Icinga
 
SecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAPSecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAP
 
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleVoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
 
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical NagiosNagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
 
Sc manual
Sc manualSc manual
Sc manual
 
ZTE FL NGN ZXSS10 Induction training manual.pdf
ZTE FL NGN ZXSS10 Induction training manual.pdfZTE FL NGN ZXSS10 Induction training manual.pdf
ZTE FL NGN ZXSS10 Induction training manual.pdf
 
CCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management AutomationCCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management Automation
 
SAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAPSAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAP
 
Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi
 
CI/CD and TDD in deploying kamailio
CI/CD and TDD in deploying kamailioCI/CD and TDD in deploying kamailio
CI/CD and TDD in deploying kamailio
 
Setting ubuntu server sebagai pc router
Setting ubuntu server sebagai pc routerSetting ubuntu server sebagai pc router
Setting ubuntu server sebagai pc router
 
r2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCyr2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCy
 
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
 
Introduction to VoIP using SIP
Introduction to VoIP using SIPIntroduction to VoIP using SIP
Introduction to VoIP using SIP
 

Mehr von stefansayer

The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway stefansayer
 
WebRTC: Why and How?
WebRTC: Why and How?WebRTC: Why and How?
WebRTC: Why and How?stefansayer
 
FRAFOS ABC Session Border Controller
FRAFOS ABC Session Border ControllerFRAFOS ABC Session Border Controller
FRAFOS ABC Session Border Controllerstefansayer
 
Understanding Session Border Controllers
Understanding Session Border ControllersUnderstanding Session Border Controllers
Understanding Session Border Controllersstefansayer
 
Frafos ABC SBC - Secure peering
Frafos ABC SBC - Secure peeringFrafos ABC SBC - Secure peering
Frafos ABC SBC - Secure peeringstefansayer
 
FRAFOS Secure Session Border Control
FRAFOS Secure Session Border ControlFRAFOS Secure Session Border Control
FRAFOS Secure Session Border Controlstefansayer
 
12 vladimir.broz-sems-sbc
12 vladimir.broz-sems-sbc12 vladimir.broz-sems-sbc
12 vladimir.broz-sems-sbcstefansayer
 

Mehr von stefansayer (7)

The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway
 
WebRTC: Why and How?
WebRTC: Why and How?WebRTC: Why and How?
WebRTC: Why and How?
 
FRAFOS ABC Session Border Controller
FRAFOS ABC Session Border ControllerFRAFOS ABC Session Border Controller
FRAFOS ABC Session Border Controller
 
Understanding Session Border Controllers
Understanding Session Border ControllersUnderstanding Session Border Controllers
Understanding Session Border Controllers
 
Frafos ABC SBC - Secure peering
Frafos ABC SBC - Secure peeringFrafos ABC SBC - Secure peering
Frafos ABC SBC - Secure peering
 
FRAFOS Secure Session Border Control
FRAFOS Secure Session Border ControlFRAFOS Secure Session Border Control
FRAFOS Secure Session Border Control
 
12 vladimir.broz-sems-sbc
12 vladimir.broz-sems-sbc12 vladimir.broz-sems-sbc
12 vladimir.broz-sems-sbc
 

Kürzlich hochgeladen

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Kürzlich hochgeladen (20)

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

Fosdem2012 sayer-sems-sbc

  • 1. SEMS SBC Stefan Sayer CEO, FRAFOS GmbH FOSDEM 2012, 05.02.2012
  • 2. Contents ● SEMS project ● The flexible, open SBC ● SBC programmability 2
  • 3. The SIP Express Media Server ● Media, application server from iptel.org ● Only 1 year younger than SER (*2002) ● Widely used by carriers, ITSPs, OEMs, Universities, hobbyists 3
  • 5. SEMS: The VAS platform ● C++, Python APIs ● DSM: State charts scripting engine 5
  • 6. SBCs – what? “SBCs are SIP application servers with focus on security and isolation” 6
  • 7. SBCs – the need ● Security requirements are rising → Policy enforcement and control at UNI/NNI ● Topology hiding is necessary → NAT and security ● Core call controls become big and slow → Routing and service management at NNI ● SIP implementations are buggy → “SIP normalization”, translation 7
  • 8. SBCs – the special case ● On signaling and media plane ● Call stateful – high requirements for availability and scalability ● Interworking with all “SIP dialects” 8
  • 9. The SEMS SBC ● Widely deployed SIP technology ● Broad range of media capabilities ● Configurable transparency ● Policy programmability – “SBC platform” 9
  • 10. Signaling Features ● Topology hiding ● From, To, RURI, Contact, Call-ID manipulation ● Header and message filter ● Adding headers ● Reply code translation ● SIP authentication ● SIP Session Timer, Call Timer ● Prepaid accounting 10
  • 11. Media features ● RTP anchoring / media steering ● Physical network separation ● NAT traversal, symmetric RTP (comedia style) ● Codec filter ● SDP normalization 11
  • 12. Flexible profile based control sbc.conf iptelecho.sbcprofile.conf load_profiles=iptelecho URI=sip:echo@iptel.org active_profile=iptelecho From=<anonymous@mynet.net> ... To=<sip:echo@iptel.org> ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:echo@iptel.org SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <anonymous@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:echo@iptel.org> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: y76IIPf4UD68bb ... ... ● define SBC behaviour in profiles 12
  • 13. Set RURI, From, To, Call-ID ... set_fromto.sbcprofile.conf URI=$tU@sbc1.mypeer.net From=<$fU@mynet.net> known To=<sip:$tU@mypeer.net> SER Call-ID=$ci_leg2 pseudo-variables ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:+49123@sbc1.mypeer.net SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <+431556221@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:+49123@mypeer.net> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: 3cde5d1a960a-dez6oz34llo4_leg2 ... ... 13
  • 14. Replacement patterns ● RURI, From, To, PAI, PPI ($r, $f, $t, $a, $p) ● Call-ID ($ci) ● src, dst IP address/port ($si, $pi, $Ri, $Rp) ● P-App-Param hdr parameter ($P(myparam)) ● Header value ($H(P-My-Header)) ● Map any value via regexp ($M(val=>map)) 14
  • 15. Control SBC from proxy dynamic_rtprelay_sst.sbcprofile.conf ... enable_rtprelay=$H(P-Enable-RTPRrelay) enable_session_timer=$H(P-Enable-SST) ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:+49123@sbc1.mypeer.net SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <+431556221@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:+49123@mypeer.net> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: 3cde5d1a960a-dez6oz34llo4_leg2 P-Enable-RTPRelay: no Session-Expires: 300 P-Enable-SST: yes ... ... 15
  • 16. Profile selection ● Static ● active_profile=static_config ● Pseudo-var ipmap.conf ● active_profile=$rU ^10.0..*=>internal1 ^10.1..*=>internal2 ● Mapping urimap.conf iptel.org=>iptel ● active_profile=$M(val=>map) fliptel.com=>fliptel ● Select first matched ● active_profile=$M($si=>ipmap), $M($ru=>urimap),$H(P-SBCProfile),refuse 16
  • 17. Manage SBC ● sems-sbc-* tools ● get and set active profile ● load and reload profiles ● load and reload mappings ● Track profile versions with MD5 hash ● Get statistics from monitoring 17
  • 18. Processing model UDP other receiver/msg parser event sources threads Session Container RTP processing session pool event queues event processing ● Signaling: Async, one thread per call or thread pool ● Media: Sync, Thread pool 18
  • 19. SEMS B2BUA architecture DIALOG DIALOG SIP message event SIP message ● Two complete, separate instances of dialog handling: Locally SIP correct 19
  • 20. E.g.: Session Timers SST: refresh! Re-INVITE SDP changed? 200 Re-INVITE event: session changed 200 ● Use UPDATE or re-INVITE for refresh ● SST and timer values per leg ● Try to have e2e refresh 20
  • 21. SBC programmability ● Pluggable Call Control modules for custom SBC application scenario ● e.g. policing with external data source Call control Call control Call control SBC SEMS core 21
  • 22. Call control SBC-API ● V1: connect(...), start(...), end(...) ● Control SBC through call profile object ● Pattern replacements (provisioning) in both input and output ● Modules: CDR generation, call timer, prepaid, parallel calls limit, REST/http, REDIS blacklist 22
  • 23. Programmability example (1) ● Call Forward settings via Web App ● Destination queried via REST interface 23
  • 26. REST call control module ● Using libcurl for http request ● Result expected as JSON or TEXT (key=valuen) 26
  • 27. Programmability example (2) ● In-memory Blacklist DB: REDIS ● Connection pool ● Configurable command ● SMEMBER blacklist $fU ● rate limiting with ZRANGE ● More complex logic in lua ● ... 27
  • 28. Programmability example (3) FRAFOS: SBC with Provisioning and OAM GUI 28
  • 29. FRAFOS: SBC high availability ● Replication of call state to hot standby ● Transparent fail-over 29