NetworkTester

Trends

Session Border Controllers (SBCs), also known as Session Controllers, offer VoIP peering between two service providers or between a service provider and a large enterprise network operator, without a TDM (PSTN) gateway. A relatively new type of device enjoying over 70% annual growth (sources: Infonetics, Forst & Sullivan), the SBC offers a range of security and proxy services to isolate, protect and ensure the reliable performance of VoIP networks.

SBCs started life offering little more than specialized firewalling, voice transcoding and admission control. Today's SBCs are much more powerful and scalable. Capabilities now include intrusion prevention, topology hiding, layer 4-7 network address translation (NAT/NAPT), protocol translation (H.323 to SIP) and QoS.

In a perfect world, an SBC only needs to deal with legitimate VoIP traffic. No IPsec encryption. No traffic from data applications. No Denial of Service (DoS) attacks.

One third of companies are now at risk from DoS attacks (source: Vnunet). Experts predict that the proliferation of Internet Telephony will spawn new types of threats, never seen before, that will damage the reputations of network operators and equipment manufacturers -- such as Trojan Horses that enable a hacker to eavesdrop on a VoIP conversation, or data attacks that flood TCP ports or attempt to insert voice packets into an RTP stream.

"Legacy VoIP test tools were not designed to subject SBCs to DoS attack and data traffic"

New Test Challenges

In the real world, SBCs must be resilient against DoS attacks and data traffic -- accidental or malicious -- focused on VoIP services.

• Denial of Service attacks can target the same addresses and port numbers used for signalling and voice flows. SBCs can mitigate DoS attacks but often at a huge cost to user traffic - it is important to measure the impact of DoS attacks on system performance and voice quality.
• Data traffic (such as Gaming and P2P file sharing) aimed maliciously or unintentionally at VoIP ports can degrade VoIP performance. It is important to measure the impact of data applications on VoIP and ensure that the SBC is capable of meeting QoS requirements.
• Voice encryption may prevent SBCs from inspecting VoIP packets. Legitimate IPsec and IPsecv6 (IPsec over IPv6) encrypted VoIP traffic is CPU-intensive. Rogue IPsec packets may sap the SBC's ability to process real voice streams.
• Network Address Translation (NAT/NAPT) and VoIP protocol translation (such as H.323 to SIP) are also hungry for SBC memory and CPU resources. It is vital to re-measure SBC scalability and performance with these capabilities enabled, particularly in the presence of data traffic and DoS attacks.
• IPv6 offers new challenges: New DoS attacks; variable-length headers, requiring more intensive packet processing; IPsecv6 encryption; and new types of DoS attacks.
• Proprietary VoIP protocols, such as Skype, are now processed or filtered by some devices.

NetworkTester – An Integrated Solution

NetworkTester complements your legacy VoIP test tools. By taking an integrated approach to testing, the Agilent NetworkTester accelerates the development or deployment of your next-generation Session Border Controllers.
The NetPressure application extends your test coverage, giving you confidence that your SBC is ready to face the real world:

• Emulate both H.323 and SIP calls (including both signaling and voice packets) on a single port for realistic system testing.
• Introduce DoS attacks and measure the impact on VoIP performance.
• Mix stateful VoIP and data application traffic over both IPv4 and IPv6 on each port to verify firewalling and intrusion prevention, and to ensure VoIP QoS.
• Scale VoIP traffic to emulate tens of thousands of calls per second and simultaneous calls to determine SBC performance limits.
• Simulate proprietary protocols by capturing bidirectional traffic, creating custom "protocol bricks", replaying the traffic in a stateful manner, and multiplying the traffic across multiple addresses to simulate many users to measure SBC scalability.
• Support for IPsec and and IPsecv6 are seamlessly integrated into the powerful Test Plan environment. Test your SBC with both voice-over-IPsec and rogue data-over-IPsec packets.
• Add SNMP traffic load to verify SBC stability and indifference to Management Plane stress.

Companion Products

• Agilent N2X Solution
  

More Information

• Technical Datasheets
  • VoIP Test Software (N4195A)
  • Module-based L4-7 Test Solution (N4190A/ N4190B/ N4191A/ N4191B)
  • IPv6 software (N4193A) – Adds VoIPv6 support
  • IPsecv4/v6 software (N4194A) – Adds support for VoIP over IPsec
    
    

  Brochures / Flyers

  • VoIP and IPv6 Flyer
    
    

Relevant Standards (Non Agilent Links)

• IETF RFC 1889 RTP: A Transport Protocol for Real-Time Applications (RTP/RTCP)
• IETF RFC 2327: Session Description Protocol (SDP)
• IETF RFC 3261 Session Initiation Protocol (SIP)
• IETF RFC 3266: Support for IPv6 in Session Description Protocol (SDP)
• ITU-T H.323: Packet-based multimedia communications systems
• ITU-T H.225: Call signalling protocols and media stream packetization for packet-based multimedia communication systems
• ITU-T H.245: Control protocol for multimedia communication
• ITU-T H.235: Security and encryption for H-Series multimedia terminals
• ITU-T G.711: Pulse code modulation (PCM) of voice frequencies at 56/64 kbps
• ETSI GSM 06.10: ETSI Global System for Mobile Communications
  

Related News

• Agilent Technologies’ Network Security Test Equipment First to Validate Firewall Performance for Voice over IPv6 : Nov 15, 2004
• Moon V6 Test Complete at University of New Hampshire (UNH) IPv6 Consortium : Nov 15, 2004
  
  

Events and Seminars

• NetworkTester Webinar: Preparing for Next Generation Services & Security Threats
• Agilent Technologies Enterprise Networking seminar 2004
• Other upcoming Event