Demystifying SIP Trunking

By Steven Johnson

Back in the days of wireline telephony, when all phone calls went over the PSTN, businesses would purchase “trunks” — a dedicated line or a bundle of circuits — from their service provider. Today, we have adapted the concept of “trunking” into the IP-enabled landscape.

A SIP trunk is the use of SIP to set up communications between an enterprise IP-PBX and a service provider where voice becomes just another application over the Internet. Unlike in traditional telephony, where bundles of physical wires were once delivered from the service provider to a business, a SIP trunk is a logical connection from one point to another over an IP connection, like the public Internet.

No More BRIs, PRIs or PSTN Gateways

SIP trunking offers immediate ways for businesses to reduce communications costs. They make it unnecessary to purchase ISDN, BRIs (Basic Rate Interfaces), PRIs (Primary Rate Interfaces) or local PSTN gateways. SIP trunks also produce long-term savings by supporting business growth. Using IP, there is typically excess bandwidth already included in the Internet connection, making it unnecessary to purchase additional capacity. There is often more than enough bandwidth to handle VoIP calls.

SIP trunking also reduces costs by eliminating the need for separate voice and data connections, and expands the potential for communications convergence using both voice and data together. Further, as a company grows, all necessary infrastructure to handle additional voice/data traffic is already in place.

A single corporate SIP trunking account can serve an entire enterprise, no matter the size. This solution is more flexible compared to traditional PRI options when it comes to accommodating additional employees as there is no need to buy new hardware as the enterprise grows. Also, multi-site enterprises can use a single SIP trunking account rather than multiple sub PRI connections.

SIP Trunking: Extending the Benefits of Your IP-PBX

The emergence of service providers offering SIP trunks to enterprises means that enterprises can outsource their PSTN connectivity to a third party — the service provider. All calls including long distance calls are carried over the Internet and the breakout point to the PSTN is as close as possible to the party you are trying to reach. The call is passed over the PSTN from that breakout point to its final destination. For companies doing business globally on a regular basis, this can have a significant impact on long distance communications costs.

Connecting Remote Workers to the SIP Trunk without a VPN

Business professionals are some of the earliest adopters of convergence technology; most, in fact, find themselves connected to the Internet around the clock, whether they are working from their homes or any other place in the world. VPN tunnels are frequently the first thought for connecting remote users. Although this may be one solution, VPN tunnels are not the best way to connect remote workers in today’s 24/7 connected environment, because:

• It does not scale well as all traffic

to and from remote workers has to be routed to a central point for further processing

• They create isolated VoIP islands which do not allow calls from any external parties over IP.

• They work best where you have control over the infrastructure (in home offices, for instance).

• They do not always work from hotels, etc. (in our experience about 50% of the cases).

• WiFi phones and dual Mobile/ WiFi phones don’t normally support VPN clients.

• QoS (Quality of Service) can be taken out of play in some VPN implementations where the headers are encrypted.

• They can pose a threat if the

client device is compromised by malicious code.

SIP trunking, when used in conjunction with SIP-specific remote connectivity solutions, allows remote users to traverse most SIP-unaware firewalls and NAT (Network Address Translation) devices found in residential, hotel and similar locations and use all the IP-PBX functions installed in the enterprise. There are several types of solutions to these issues. The IETF has recommended ICE (Interactive Connectivity Establishment) to resolve NAT traversal issues. However, more secure methods of traversing common NATs are available on SIP-aware firewalls which employ far end NAT traversal techniques to open the necessary ports at a remote site to establish a connection with the remote party. These solutions work for most common remote NATs, even symmetric ones, remote residential firewalls and from behind business firewalls that permit access to the Internet.

Infrastructure

A relatively small investment is necessary to benefit from the use of SIP-based communications and to enjoy the cost savings that accrue from using a SIP trunking service provider. For the enterprise, converting to VoIP usually involves the purchase of an IP-PBX, IP Phones or soft clients (those which operate on typical PCs or laptops), and a SIP-aware firewall to maintain security while admitting VoIP traffic.

Delivery and Quality of Service

Although the IP pipeline can carry much more traffic than a traditional connection, it is important to employ proper quality of service (QoS). Voice and video are very susceptible to delay, which means that some QoS procedures should be in place to guarantee priority delivery of these packets vs. other information downloaded to the converged network.

To deal with this issue, many providers offer private networks based on Multiprotocol Label Switching (MPLS) which gives the carrier flexibility in how calls are routed and bandwidth is used. For the enterprise, private connections offer the opportunity to hold the service provider accountable for delivering a certain level of quality. However, the enterprise is then tied into the specific service provider’s PSTN connections and calling rates. The enterprise cannot reduce calling costs by connecting to several service providers offering alternate local PSTN breakouts over the Internet.

Despite some perceptions to the contrary, the core network of the Internet is often not a bottleneck today. The last mile and the customer network can be. But with the right QoS prioritization and admission control at the enterprise edge, this is more a theoretical than a practical problem. These capabilities are available on a true proxy-based, SIP-capable firewall solution which offers capabilities not incorporated into IP-PBXs, and the enterprise that adopts a SIP trunking strategy is advised to install such a device to optimize the VoIP experience at the lowest cost and provide edge security against malicious use of the network.

Security over the Public Internet

Security is a top priority for every business. Using a firewall that’s specifically designed to handle SIP communications will provide the best defense against unwanted activity. Full SIP proxy technology allows for advanced filtering, verification and routing, as well as dynamic control of the opening and closing of media ports. Some products offer encryption of the signaling using Transport Layer Security (TLS) and of the media (voice, video, etc.) using Secure RTP (SRTP) or other algorithms. With encryption, the sessions are kept private with no chance of eavesdropping.

Authentication with the service provider is also critical. While some IP-PBX equipment can support this natively, others cannot. A full SIP proxy firewall or other edge device may offer this capability as well, meaning that enterprises with non-authenticating IP-PBXs can still take advantage of SIP trunking to reduce communications costs.

Many enterprises have traditional firewalls--ones that do not support SIP--installed, but still want to adopt SIP based communications also outside the enterprise. In that case, a customer premises, add-on solution offers the enterprise all the advantages of a proxy-based SIP security and control device, without the need for replacing the existing firewall.

Another security-related issue is redundancy. A fully SIP-capable firewall or customer premise device can provide a robust system for securing full VoIP redundancy, as traffic can be routed to a back-up carrier if the primary carrier is unavailable. And with a proxy based firewall solution, the enterprise may be able to use it to provide local call management if the service provider cannot be reached and if installed at the enterprise could route calls to a local PSTN gateway in the event that all service provider connections are unavailable.

Summary

Internet Service Providers (ISPs), both large and small, are offering SIP trunks to businesses for connection to the PSTN. This service permits businesses to adopt voice-over-IP with its attendant benefits and remain connected to others who rely on the PSTN.

SIP trunking offers enterprises the benefits of converged communications and saves substantial expense by having the calls terminated closer to the called party. It also eliminates the need to purchase BRIs, PRIs or PSTN gateways. A robust enterprise solution combined with a SIP trunk from an ISP results in the promise of global connectivity, over the Internet, so long envisioned by the voice-over-IP pioneers.

Steven Johnson is President of Ingate Systems. For more information, visit the company online at www.ingate.com.

Internet Telephony Magazine Table of Contents