Reliability of services in the long-distance communication networks are provided by a number of hardware, software and network facilities.
Reliability in the case of a gatekeeper failure is provided by a backup gatekeeper, which is installed in the area using the Hot Standby Router Protocol (HSRP) protocol. The backup gatekeeper monitors the state of the main gatekeeper and, in the case of its failure, takes over its workload, accepting the registration of its gateways. In this case, emergency pickup of active calls occurs unnoticed for subscribers.
Configuration using a backup gatekeeper
Reliability of VoIP services is also increased in the case of using redundant RADIUS servers. RADIUS accounts can be transferred to backup servers if necessary, which ensures voice traffic accounting and subscriber authentication even in the case of a server failure. Syslog accounting can also serve for redundancy and emergency pickup of accounting functions in the event of RADIUS equipment failure.
To ensure high resistance to adverse environmental conditions, both the gateway and gatekeeper can be installed on platforms meeting the NEBS standard. Regional operators (Regional Bell Operating Companies – RBOC) to ensure the equipment is stable to extreme temperatures, high humidity, high altitude conditions, fires, earthquakes, high vibration, power surges, interruption of electricity supply and electromagnetic interference use this standard.
Call routing options allow several gateways to be allocated for one subscriber called. In this case, if the first gateway is unavailable, the gatekeeper can forward the call to other gateways.
Finally, the manufacturer of the software can provide even more reliability due to the use of dynamic routing technology, as a result, traffic can bypass bad parts of the WAN, and even PSTN channels can be used to bypass if necessary.
What Are The Features Of Security And Encryption In SIP And How To Provide It
• The SIP protocol has many undeniable advantages such as:
• low cost of equipment;
• ease of administration and deployment;
• Low tariffs, multiple support operators.
However, in the standard form, this protocol does not provide encryption. SIP – (Session Initiation Protocol) is used only for terminating calls and determines the method of data exchange channel opening between customers on the basis of transport
Real-time traffic protocol (RTP or other protocol), most often RTP. In the corporate networks, where security issues are not in the last place, you do not need to encrypt it.
Only the conversation itself (RTP), but also the initiation session
(SIP) containing DTMF, numbers and names of subscribers, etc.
The simplest and most versatile encryption mechanism is the Building an IPsec tunnel from an endpoint (for example, office IP PBX) to the Central soft switch of the company. Use of IPsec increases the speed of the channel by 30 – 50%, which is necessary for satisfactory operation of the VoIP, and increases the time of the packet delay.
This disadvantage of this encryption method does not allow using it in the conditions described in the previous section.
Another way to encrypt is to combine the SRTP + TLS protocols. SRTP (Secure Real-time) Transport Protocol – secure protocol of
Data transmission in real time) is RTP protocol with AES support.
Using the SRTP protocol does not increase the amount of data transmitted. There is an SRTP version using the keys exchange method according to the Diffie-Helman algorithm (an algorithm that allows two sides to get a common secret key, using the communication channel that is unprotected from listening, but protected from the substitution. This protocol version is called ZRTP, but it is a commercial, which contradicts the minimum financial cost condition.
To encrypt SIP messages, you can use the SIPS (SIP with encryption protocol with the signaling traffic encryption at the transport level using TLS (Transport Layer Security – crypto-
Graphic protocols that ensure shared data transfer between nodes in the TCP / IP network)). This bundle is the most successful, but not supported by a large equipment, and the purchase of a new one contradicts the condition of minimal financial cost.
When building a VoIP communication system based on available IP network without its reorganization, there is a serious problem of its protection from the access to VoIP equipment (Central software switch, IP PBX, IP phones etc.) in the corporate network. Since SIP software the switch does not require high-performance server hardware for work, if there is free access from the corporate network, it can be disabled by a simple DDoS attack by an internal bot-network.