|Building A Strong Foundation
For SIP-Based Networks
BY ERIK GIESA AND MATT LAZARO
Carriers are looking for ways to tap into the tremendous market
potential for terminating PC and phone-based, SIP-based voice and data
traffic to the public switched telephone network (PSTN). And one of the
most compelling examples of just how large this market potential has
become was released on Oct. 25, 2001, when Microsoft unveiled its Windows
XP operating system and its new SIP-based Messenger client, which included
PC-to-phone calling capabilities. While this PC-to-phone termination
market will offer strong rewards for carriers offering wholesale
termination/origination services, these carriers will need to have the
flexibility to support their customers with new business models such as
application hosting and new SIP-based services that go beyond simply
terminating Messenger-based traffic.
As they build networks to support the revenue streams enabled by
Messenger termination traffic, service providers should take this
opportunity to deploy an infrastructure solution that goes beyond the
immediate Messenger opportunity and sets the stage for maximum future
revenues at the minimum incremental cost. Service providers can maximize
revenues by offering a rich set of converged services on a retail or
wholesale basis to consumer or enterprise markets, or by offering hosted
or wholesale services to other service providers. At the same time,
providers can minimize their costs by implementing a network
infrastructure that supports best-in-class products from industry-leading
In designing and implementing SIP-capable networks, core carriers will
be required to achieve superior levels of performance, five-nines
reliability, and scalability in order to guarantee call quality and ensure
application integrity. For example, SIP-based networks should be designed
to handle large volumes of traffic where an individual SIP gateway can
scale linearly to support more than three million busy calls per hour.
Carriers must meet or exceed the benchmarks set by legacy equipment on the
traditional telephony network.
Carriers should be ready to offer enhanced services that go beyond
wholesale SIP origination and termination, with new services like calling
card, conferencing, unified messaging, and presence-enabled applications.
Facilities-based service providers are looking to provide whole SIP-based
origination (routing PSTN calls to IP-devices such as Windows Messenger
clients) and termination (routing IP-based calls to the PSTN). By
outsourcing their IP-to-PSTN interconnection to wholesale carriers,
Internet telephony service providers and other enhanced service providers
can avoid building their own VoIP networks, and instead focus on
developing applications and serving their subscribers.
In order to efficiently meet these demands, however, a strong
foundation is first required. Which products are needed, and what are the
steps that service providers need to take to ensure their success in this
enormous market opportunity? And whatï¿½s the big deal about SIP,
The Dawn of A New Era
The market anticipates heavy volumes of SIP voice traffic generated by the
Windows Messenger features incorporated in the Microsoft Windows XP
operating system. In recent reviews, Windows Messenger has been seen as a
ï¿½killer appï¿½ because of its comprehensive unified and real-time
messaging functions in an easy to use interface. As a result, adoption is
expected to be rapid: We estimate that monthly SIP minutes terminated to
the PSTN by Messenger users will rise from less than 500 million in 2001
to nearly 3 billion by 2005, a 70 percent combined annual growth rate. SIP
also provides a framework for developing an enriched mobile communications
experience in the all-IP third generation (3G) mobile networks, for which
SIP has been designated as the signaling and call control standard.
The key considerations in designing and deploying a SIP-based
communications network should be scalability, extensibility, reliability,
and performance. Or, put another way, a converged communications network
must be able to evolve in three key areas: Application growth, capacity
growth, and changes in the overall business model.
Application growth: Messenger termination is only one of many
SIP-based services that wholesale carriers can offer. The network must
enable the rapid deployment of feature-rich applications that can be
quickly developed with todayï¿½s application server development
environments. Applications can include enhanced applications such as
presence-enabled conference calling as well as revenue-generating
traditional voice applications such as one-number or prepaid calling
Capacity growth: Networks designed to support converged services
such as voice, presence, instant messaging (IM), and unified messaging
must be able to scale in a near-linear manner to handle expected growth.
This scalability must apply to the three main functional planes (or
requirements) of a SIP network: Security, accounting, and routing. An
increase in overall network traffic will drive capacity needs at the
routing core. An increase in the number of applications supported will
require an application platform that can support multiple applications,
while providing incremental capacity for those applications as usage
grows. An important consideration here is that each of these functional
areas -- security, accounting, and routing -- must be able to scale
Business model growth: Since a service providerï¿½s business
goals will change over time, its SIP infrastructure must be flexible
enough to support these evolving goals. Specifically, the SIP network must
be able to support four critical changes: Separation of applications from
the network facilities, ownership of applications (which must be dictated
by business considerations, not network considerations), separation of
subscribers from network facilities, and flexibility in subscriber
Building The Foundation: A Windows Messenger Example
With these architectural considerations in mind, letï¿½s take a look at
some of the key network elements that a wholesale carrier might deploy to
build a converged network infrastructure. Such a ï¿½future proofï¿½
network could be used to deliver Microsoft Messenger termination services
as well as many other enhanced applications.
A routing engine offers programmable routing intelligence, a small
footprint and centralized, aggregate administration, resulting in a
powerful and economical carrier-class solution. To allow for the
manageability and scalability demanded in todayï¿½s voice networks, the
engine is typically deployed as part of a fault-tolerant node consisting
of two or more engines and SIP-aware load balancers. When deployed in a
redundant network, the engines can discover network outages and be
configured to automatically route around them and rediscover routes
without human intervention. The key idea here is that as many routing
engines as necessary, in conjunction with SIP-aware load balancers, can be
deployed to deliver carrier-grade performance. The aggregate manager
allows the entire cluster of routing engines and load balancers to be
monitored and managed as a single node, greatly simplifying network
Load Balancer/Traffic Manager
Considered the ï¿½glueï¿½ of a SIP-enabled network, the load balancer
should front-end all redundant mission-critical elements of a SIP
origination and termination solution -- beginning at the firewall, and
flowing through the proxies and route engines, all the way back to the
application servers. An intelligent traffic management and load balancing
solution ensures high availability and reliability of SIP-based services.
By intelligently distributing SIP traffic among multiple SIP proxy
servers, an intelligent load balancer can enhance the performance and
availability of the solution, providing carrier-class uptime (five-nines)
and reliability. Look for a solution that provides carrier-grade
performance and effectively scales SIP traffic by intercepting,
inspecting, transforming, and directing traffic flowing through SIP proxy
servers. It should load-balance SIP traffic and provide application
persistence based on the unique SIP caller ID to ensure application and
transaction integrity. An intelligent load balancer/traffic manager
ensures application and call integrity by making sure that traffic
persists to the correct destination and by providing session state
fail-over in the event of failure on back-end proxies or route engines.
Additionally, to ensure reliability and availability of SIP services, the
product should be able to check their health and availability of these
proxies or route engines before routing traffic.
We should note that the combination of a core routing engine and a
SIP-aware load balancer is an ideal example of what we mean by linear
scalability at each functional plane -- in this case, the routing plane.
For example, proxy servers have built-in load-balancing capabilities that
are used mainly for lower-density situations. Proxy vendors work with
leading vendors who provide hardware-based SIP load balancers for
high-density applications. The result of SIP load balancing is that
networks can grow linearly to keep pace with additional utilization. This
ï¿½pay as you growï¿½ strategy is possible at multiple layers of the
network. For example, the access network can be grown linearly to support
new sources of network traffic. As the traffic from individual access
networks grows, a wholesale service provider could also sign up additional
access network providers.
As SIP-based network deployment grows, the need for a robust security
solution will become a paramount issue for the service provider. SIP
network security is based upon several leading technologies
collaboratively working to keep potential attackers from harming the
network: An edge proxy, a firewall control proxy, and a media-enabled
firewall. Components of a comprehensive SIP security solution include:
Edge Proxy: An edge proxy serves as a network sentry, acting as
the single point of contact for outside SIP signaling traffic and as the
final egress point for exiting traffic. It provides authentication and
authorization services through a TLS connection to ensure that only
authorized SIP traffic enters and leaves the network. The edge proxy
performs the important function of ï¿½hidingï¿½ the downstream proxies
from the outside and is configured to forward all calls from trusted peers
to the next internal hop.
Firewall Control Proxy: A firewall-control proxy works closely
with the edge proxy and firewall to maintain network security and remain
hidden from outside the network. The main function of the firewall control
proxy is to dynamically open and close pinhole pairs in the firewall for
each authorized media stream. The firewall control proxies also work
closely with the firewall to perform Network Address Translation (NAT).
The proxy remotely manages firewall policy and message routing. The
failover and dynamic control capabilities of the firewall control proxies
introduce resilience and reliability into a service provider network.
Media-Enabled Firewall: This component fronts the SIP network.
It is a transparent, non-addressable VoIP firewall that prohibits access
to all internal network elements except for the edge proxy.
High-performance, carrier-class firewalls are capable of limiting incoming
traffic to the edge proxy, ensuring outside traffic arrives via a
persistent, secure TLS connection and ensuring only media traffic for
authorized calls is permitted to enter the network.
Providing A Foundation For Growth
As we have seen, Microsoftï¿½s recent rollout of a widely available, easy
to use, and robust SIP client for Internet telephony presents immediate
revenue opportunities to ITSPs whose networks meet the demands of this
large-scale PC-to-phone service deployment. In building a SIP-based
network to seize this opportunity, an ITSP must ensure that the network
solution deployed will enable ongoing revenue opportunities beyond
Messenger-to-phone service, by cost-effectively supporting capacity,
application, and business model growth.
Deploying a SIP-based infrastructure as described in this article will
help ensure a truly extensible network -- one that can be easily extended
to support new revenue-ready solutions such as conferencing, unified
messaging and calling card services. This enables a rapid return on
investment for new services, as costs are shared across many applications
and services. Just as IP networks provide application convergence at the
transport layer, SIP networks enable service providers to deploy many
SIP-based services over a common infrastructure.
Creating a deployment-ready solution -- a scaleable and reliable SIP
foundation -- enables quick time-to-market for Messenger Termination
service, while enabling a network infrastructure designed to deliver
unlimited potential for profitability.
Erik Giesa is director of Product Management for F5 Networks, of
Seattle, WA. F5 is a leading provider of integrated products and services
that manage, control and optimize Internet traffic and content. For more
information, visit www.f5.com.
Matt Lazaro is solutions manager for dynamicsoft Inc., of East
Hanover, NJ. dynamicsoft is a leading provider of SIP solutions for
communications networks. For more information, visit www.dynamicsoft.com.
To The February 2002 Table Of Contents ]