Escolar Documentos
Profissional Documentos
Cultura Documentos
sonusnetworks.com
Table of Contents
Introduction Session Control: Measuring for Success Real-World Performance Factors Number of Subscribers Number of Concurrent Calls Call Attempts Per Second (CAPS) Codec and Sample Rates Performance Under Attack Performance Under Load Transcoding Signaling Manipulation The Performance Impact of NAT Traversal The Performance Impact of Presence Encryption SIP Call Flows High Availability Centralized vs. Distributed Routing Use Case Scenarios Residential Broadband VoIP SIP Trunking Carrier-to-Carrier Peering Scalability in the Real World Conclusion 2 2 3 3 3 3 4 5 5 6 6 6 8 9 9 9 9 10 10 11 12 12 13
sonusnetworks.com
Introduction
Session Border Controllers (SBCs) will play a vital role in the next generation of IP network architectures. Thats the consensus from global service providers polled in a recent survey by Infonetics Research (SBC Deployment Strategies, October 2009). The survey found that capacity, scalability, and performance were the #1 considerations of service providers when selecting a session border solution. And theyll have plenty to consider, as IP traffic is expected to double over the next four years. While network operators know that IP voice and multimedia traffic will grow for the foreseeable future, planning a session border strategy around that growth has proven problematic. SBC vendors have historically underestimated the complexity of IP session control when publishing their performance and capacity numbers, often basing those figures on simplistic SIP call flows, erroneous bandwidth figures, and a limited subset of factors. As a result, network operators may find it necessary to deploy more boxes than anticipated, thereby increasing deployment complexity and cost despite their best efforts to predict capacity and bandwidth. At Sonus Networks, we believe that the typical approach to evaluating SBC capacity based on number of subscribers, concurrent sessions, and Call Attempts Per Second (CAPS) is a good beginning, but its only a beginning. Network operators need to look beyond these basic metrics to weigh other key factors such as the network application, media transcoding, Network Address Translation (NAT) traversal, and encryptionfactors that can heavily influence SBC performance. This white paper seeks to explore SBC capacity and performance measurements by sharing the lessons learned from Sonus Networks decade-plus leadership in VoIP and IP session control. In particular, well highlight performance factors that every network operator should consider, how those factors change in various application settings, and the SBC features/functions that separate the true performers from the underperformers.
Traditionally, SBC vendors measure capacity and performance using basic metrics such as number of subscribers, maximum concurrent sessions, and CAPS. Capacity planning then follows the simple logic of aligning box capacity with network requirements. If an SBC claims to support X number of concurrent sessions, the logic goes, then two boxes should support a network with a maximum of 2X concurrent sessions. This approach is flawed in its presumption of a very simplified SIP session with no concessions for the network environment or additional features like transcoding and encryption. Planning a VoIP network based on an idealized expectation of IP session requirements can have dire consequences including overloads, outages, lost transactions, and compromised network integrity.
Number of Subscribers
For access network environments, an obvious metric for capacity is the maximum number of subscribers that can be supported by an SBC. But be careful: this number often fails to take into consideration factors like NAT traversal or quality assurance measures, which can boost SIP session complexity considerably and dramatically reduce the number of subscribers that can be supported.
sonusnetworks.com
Using the estimated bandwidth figure for G.711 (20 ms sample rate) would give us a session capacity of 11,467 sessions over GigE. However, using the actual bandwidth as shown above (95.2 kbps), that number drops to 10,504 sessions. From there, we need to calculate the link utilization rate. A 100% utilization rate would produce intolerable packet queues and poor performance. If we modify the capacity measurement by taking into account a more sustainable link utilization rate of 90%, we arrive at a figure of 9,454 maximum concurrent sessions more than 2,000 sessions less than our initial capacity formula indicated. Calculating CAPS then becomes a matter of multiplying the actual concurrent sessions figure by the ACHT.
Voice codecs also have different sample rates, which can affect the total bandwidth. G.711, for example, has a base sample rate of 10 ms and can be delivered in voice payloads of 10x multiples (e.g., 20 ms, 40 ms) in a single packet, which reduces packet header sizes per payload and thus overall bandwidth. Of course, longer sample rates also introduce potential issues in regard to latency and packet loss, so network operators need to weigh all considerations carefully when choosing an ideal sample rate. The chart below illustrates the actual bandwidth differences between G.711 in 10-40 ms samples. Codec G.711 G.711 G.711 Sample rate 10 ms 20 ms 40 ms 100 50 25 PPS Payload 80 bytes 160 bytes 320 bytes Actual bandwidth 126.4 kbps 95.2 kbps 79.6 kbps
Finally, network operators need to consider the transport protocol for the media. Transport Control Protocol (TCP) or RTCP, for example, require more processing than UDP. If this processing is done on the main SBC processor, call processing performance will logically degrade. It may be only a small degradation in and of itself, but compounded by other processing requirements (IPsec encryption, media transcoding, signal interworking, CDR collection, etc.) the impact on SBC performance can be quite significant.
sonusnetworks.com
Transcoding
VoIP sessions passing through an SBC often require some level of transcoding. However, not all SBCs deal with transcoding the same way; some, for example, hand off transcoding functionality to an external device. While this device may be dedicated to the SBC, it remains a distinct element that is managed separately in the network, requires additional rack space, and adds one more hop in the session media path. Other SBCs perform transcoding as a software function of the main processor. This reduces the available processing (and thus the performance) for primary SBC functions like session handling and security, and can have a significant impact on performance and call quality. The method that Sonus has embraced for audio/media transcoding in an SBC is a dedicated Digital Signal Processor (DSP) embedded with the SBC hardware itself. This provides committed transcoding resources without affecting the performance of other SBC functions or burdening the operations teams with the cost of deploying, managing, and maintaining separate transcoding elements.
Signaling Manipulation
VoIP networks employ a variety of signaling protocols including H.323, SIP, and SIP-ISUP (SIP-I). In order to enable calls and maintain call features between H.323 and SIP endpoints, for example, the SBC is expected to provide signaling interworking between both endpoints. Considerable signaling manipulation also takes place between SIP endpoints and the VoIP network for call control. These tasks can be processing intensive and significantly impact the media/session handling capabilities of the SBC. Many SBC vendors assume simple SIP-to-SIP interworking when quoting performance rather than the more processing-intensive SIP-to-H.323 scenario, so network operators would be wise to question signaling protocol interworking when measuring SBC performance.
SIP Session Requirements in a Non-NAT Environment SIP Centrex subscribers Contention Ratio Maximum number of concurrent calls Average Call Hold Time CAPS SIP messages per call flow SIP messages per second SIP signaling messages per second Total SIP call/signaling messages per second 250,000 10:1 25,000 100 seconds 250 10 2,500 140 2,640
Now lets look at an environment where NAT traversal is a requirement for 200,000 subscribers (and where 50,000 subscribers will not need NAT traversal). In order to keep a SIP session open through a NAT firewall, a pinhole will have to be created by sending frequent SIP REGISTER messages. The message frequency is determined by the time it typically takes a NAT firewall to close a session after the last message is sent; in our example, 50 seconds. This would add an additional 8,000 messages per second for registration handling (REGISTER and 200 OK messages) for our 200,000 NAT-enabled subscribers, plus a relatively inconsequential 28 messages per second for the remaining 50,000 non-NAT subscribers (as in our previous example, presuming one SIP REGISTER message every 60 minutes). This calculation now gives us a dramatically different number for session requirements than before: SIP Session Requirements in a NAT-Enabled Environment Subscribers requiring NAT traversal Subscribers not requiring NAT traversal Maximum number of concurrent calls Contention Ratio Average Call Hold Time CAPS SIP message per call flow SIP messages per second (call media) NAT SIP signaling messages per second Total SIP call/signaling messages per second 200,000 50,000 25,000 10:1 100 seconds 250 10 2,500 8,000 10,528
sonusnetworks.com
Clearly, the introduction of NAT traversal in the network environment has a dramatic effect on the number of SIP call/signaling messages: from 2,640 per second to 10,528 per second. This is a good illustration of why network operators need to look beyond CAPS, subscribers, and concurrent calls when determining SBC capacity. In the case where an allowance for NAT traversal had not been made, the network operator would be forced to reduce the number of subscribers and calls in order to accommodate the bandwidth demands for frequent SIP registration and re-registration.
Now, lets explore the impact of implementing a full Unified Communications environment. In this case, subscriber usage is likely ubiquitous with each user possessing a much larger list of contacts, and statuses will update more frequently due to the inclusion of in a meeting, on the phone, etc. SIP Messages in a LOW usage Presence Environment Subscribers Number of subscribers using presence Average number of buddies per subscriber Average time between status changes per sub. Status changes 25,000 25,000 100 15 min 2,778 msg / sec
As you can see, the messages related to presence can quickly explodewith nearly a 400x increase seen in this example. If you are using session border control in the midst of this communication, the scalability requirements to support presence can rapidly eclipse that of voice and must be factored into any network design decisions.
Encryption
As a security function, SBCs are expected to encrypt network connections, IP packets, and specific media via Transport Layer Security (TLS), Internet Protocol Security (IPsec), Secure Real-Time Transport Protocol (SRTP), and other security protocols. Encryption can be a processing-intensive step, however, and degrade SBC performance if it is performed as a software function by the SBCs main processor. In order to provide optimal call handling capacity during encryption, this function is better handled by dedicated hardware such as a separate but embedded network processor.
High Availability
As critical network components, SBCs are expected to deliver high availability, even during adverse conditions such as DoS/DDoS attacks, overloads, and systems failure. Most SBCs have a redundancy scheme in place, yet not all SBCs handle this transition in a seamless and elegant manner. In the contingency of a system failure, for example, call states will be passed between the in-service and redundant pair of SBCs, which can significantly impact SBC processing. How well an SBC handles these contingencies should be considered when estimating and evaluating SBC performance.
sonusnetworks.com
SIP Trunking
A second access scenario with different session characteristics is SIP trunking between a service provider and an enterprise customer. Here, the SBC would provide a secure access entrypoint and session border between the service providers core network and the enterprises PBX. Because of the greater need for security at the enterprise level and the likelihood of legacy PBX systems, there are different considerations to take into account when measuring SBC performance and capacity for SIP trunking, including: CAPS, SIP-to-H.323 interworking, encryption (e.g., TLS, SRTP), DoS/DDoS protection, high availability, and SIP call flows. When measuring SBC performance in this environment, network operators need to take a close look at the devices support for SIP-to-H.323 interworking. Encryption is also important, specifically where the SBC performs the encryptionin the main processor or a separate processoras this can negatively impact call handling performance. Finally, its important that the SBCs perform stateful call handling during DoS/DDoS attacks, which again depends largely on where the security functions of the SBC reside. Because the Sonus NBS performs transcoding and encryption in a dedicated, embedded DSP, call handling performance in the main processor is not impacted, even during DoS/DDoS attacks.
sonusnetworks.com
Carrier-to-Carrier Peering
In the case of carrier-to-carrier peering, the SBC resides between two service provider (or peer) networks and handles the IP sessions between them. Key SBC considerations in a peering application are the number of trunks and concurrent calls, SIP-to-SIP interworking (including SIP-I), encryption, SIP call flows, security, high availability, and media transcoding. The absence of directly connected subscribers means that CAPS is now generated by simply dividing the maximum number of concurrent sessions with the ACHT. Here, the focus of the SBCs performance shifts from serving subscribers to maximizing bandwidth utilization. Protocol interworking and transcoding are again important factors in a peering environment. Where SBCs lack these as embedded functions or perform them as a software function from the main processor, call handling performance will be negatively impacted. The Sonus NBS addresses peering requirements in a more efficient manner by embedding a dedicated DSP to perform these roles independent of the call handling processor.
that scales elegantly in an all-IP environment (the Sonus NBS5200). Both feature embedded DSPs that preserve call handling capacity even as media manipulation demands such as transcoding and security increase.
Conclusion
When comparing session border solutions, network operators need to take a hard look at the numbers and the underlying architecture to avoid making a faulty apples vs. oranges comparison. Specifically, when evaluating a session border solution, potential buyers should ask for numbers derived from use cases that reflect:
> > > > > > > >
More than just featureless vanilla SIP sessions Different peering and access configurations Performance under attack Security-enabled SIP transactions NAT traversal Heterogeneous networks (legacy gateways, multivendor PBXs) Media transcoding Complex call routing
Capacity measurements based on fair-weather assumptions or select functionality dont offer a true measure of performance, and only serve to box network operators into an SBC strategy that will ultimately be costly to manage and maintain as IP traffic grows. Session border solutions should be evaluated from a holistic viewpoint that includes call handling, call routing, security, and media transcoding. Only when network operators look at SBC performance under real-world conditions will they be able to accurately assess and implement a scalable, reliable border solution for the all-IP world of tomorrow. To learn more, call your Sonus sales representative or visit us online at sonusnetworks.com.
Westford, MA 01886
978.614.8100
The content in this document is for informational purposes only and is subject to change by Sonus Networks without notice. While reasonable efforts have been made in the preparation of this publication to assure its accuracy, Sonus Networks assumes no liability resulting from technical or editorial errors or omissions, or for any damages resulting from the use of this information. Unless specifically included in a written agreement with Sonus Networks, Sonus Networks has no obligation to develop or deliver any future release or upgrade or any feature, enhancement or function. Copyright 2010 Sonus Networks, Inc. All rights reserved. Sonus is a registered trademark and NBS9000 and NBS5200 are trademarks of Sonus Networks, Inc. All other trademarks, service marks, registered trademarks or registered service marks may be the property of their respective owners. Printed in the USA 08/10 WP-1100 Rev. A