Remember a decade or so ago when the "routing vs. switching" debates were raging? After expending a sizable amount of carbon dioxide and newsprint, a good portion of the networking industry concluded that the net result of both devices (forwarding packets) was pretty similar, and that it was time to move on to more pressing topics of discussion.
Perhaps a similar conclusion could be reached regarding the functions that are associated with devices that are typically called session border controllers. While most SBCs are designed with carrier-to-carrier peering applications in mind, there is nothing to preclude the migration of these technologies to large enterprise applications, thus allowing another sector of the industry to benefit from peering technologies.
A good example of a company that is spearheading this type of system migration is Stockholm, Sweden-based Ingate Systems. Ingate is a joint venture between Cendio Systems AB, an open source consultancy and producer of firewalls for the Scandinavian market since 1997, and Intertex AB, a successful provider of communications and security technology to the European market since 1982.
In 2001, Intertex developed the IX66, a SIP-aware firewall for the SOHO market that is available in Europe and North America. Ingate Systems was spun-off from Intertex and Cendio in June 2001 to develop SIP-capable firewalls for the enterprise marketfirewalls that are designed to maintain control and security at the network edge. Ingate's market focus is on enterprises that are looking to utilize SIP-based real-time communications, while maintaining network control and security.
The company's products currently protect the networks of retail companies, financial institutions, industrial firms, government agencies and small to large enterprises throughout Europe, Asia, and North America. A wholly owned subsidiary, Ingate Systems Inc., is located in Hollis, New Hampshire, with a U.S. technology center in Frisco, Texas.
Ingate markets three types of products that provide SBC-related functions. First are their SIP-capable Firewalls, which provide enterprise access to SIP-based communications such as presence, instant messaging, audio/video conferencing, and VoIP. These firewalls prevent unauthorized access to and from enterprise networks while allowing SIP-based communications to be completed. All messages entering and leaving the network are routed through the firewall, which examines each packet and blocks those not explicitly authorized to pass through. Ingate's firewall products include a SIP proxy and a SIP registrar, support Network Address Translation and Private Address Translation (NAT and PAT). They have Transport Layer Security (TLS), support for encrypted SIP signaling, and Secure Real Time Protocol (SRTP) to support encrypted media. Four different models are available that range in processing performance capacity from 6,300 to 231,000 packet per second (46-octet packets).
The second product is called the SIParator®, a device that connects to an existing network firewall to seamlessly enable SIP communications. The SIParator sits at the enterprise edgenot at the carrier like most SBCsand thus acts as an enterprise SBC, solving the SIP traffic traversal of the NAT/firewall. The product features a dial plan that enables extensive routing functions of SIP-based calls, and also supports SRTP and transcoding between SRTP and RTP.
Ingate also offers the MEDIAtor, a configuration of the Ingate SIParator that enables companies using a Microsoft Office Live Communications Server (LCS) Access Proxy to support media traversal for Federated and Remote users. The MEDIAtor, in combination with the Ingate Remote SIP Connectivity software module, extends the use of all Live Communications functions like Internet telephony, video, etc. to destinations outside the company or Local Area Network (LAN).
In addition to hardware solutions, the third product is a suite of software modules that help enterprises leverage the full potential of SIP, and may be added to either the Firewall or SIParator products. These software application modules include:
- SIP Trunking: provides the advanced routing capabilities necessary for enterprises to connect to SIP trunks, employing Ingate's proxy-based traversal and security solutions.
- Remote SIP Connectivity: enables home office workers and road warriors the ability to leverage the benefits of SIP-based communications already integrated into the company's network. Ingate claims that RSC is the only product available today that delivers far-end NAT traversal within the firewall itself, eliminating the need for costly session border controllers in the corporate environment.
- VoIP Survival: for hosted VoIP communications services that secures full redundancy in a SIP-based hosted PBX environment all the way out to the customer premises. It can be used with any hosted VoIP service, and ensures continued communications even if the hosted server goes offline due to connection failure or malfunction.
- Advanced SIP Routing: provides increased functionality for controlling and routing SIP media, both for incoming and outgoing communications. It features least-cost routing options; ENUM lookup; transcoding of transport protocols like TCP, UDP, and TLS; and support for emergency calls as well as regular expressions.
- VPN: enables secure encrypted connections between authorized offsite computers and office networks, using IPSec, 3DES, or AES encryption, and can communicate with any VPN clients, firewalls, and other products supporting IPSec and IKE protocols.
- Quality of Service: allows businesses of all sizes to prioritize firewall traffic and limit the bandwidth for certain types of traffic (e.g. image downloading) to speed communications throughout the network.
Further details on the Ingate Systems architecture and products can be found at www.ingate.com. Our next tutorial will continue our examination of vendors' SBC architectures.
Copyright Acknowledgement: © 2007 DigiNet Corporation ®, All Rights Reserved
Mark A. Miller, P.E. is President of DigiNet Corporation®, a Denver-based consulting engineering firm. He is the author of many books on networking technologies, including Voice over IP Technologies, and Internet Technologies Handbook, both published by John Wiley & Sons.