The VoIP Peering Puzzle�Part 44: SBC Architectures�Network Equipment Technologies
With extensive deployments in the U.S. military and defense industries, NET's voice products are highly secure.
Network Equipment Technologies, Inc., or NET, as the company is frequently called, is headquartered in Fremont, California, and has been providing multi-service communications platforms for government, enterprise, and carrier networks for over 20 years. NET's product architecture has been characterized as Any Service over Any Network, delivering data, voice, and video services across diverse transport networks including IP, frame relay, ISDN, and ATM infrastructures. Their product deployments is also diverse, with General Dynamics, Microsoft, Reuters, the U.S. Navy, and the Marine Corps among their installed base of customers. NET has also positioned its products as systems for migrating a legacy voice network into a unified messaging/unified communications environment, with the company also holding several key patents related to secure voice technologies. The company has offices in the United States, England, France, and Japan, employs 300 individuals, and posted $84 million in revenue for the fiscal year ending in March 2007.
NET has two product lines: the NX Series for network exchange solutions, and the VX Series for voice exchange solutions. The NX products are based on high-performance networking platforms that provide high-grade data transfer between SANs, WANs, and secure grid computing environments. This platform enables geographically distributed computing and storage resources to operate as if they were co-located within the same LAN or data center, with data rates of at least 10Gbps, and scalable up to 160 Gbps.
The VX products are multifunction VoIP voice switching solutions that allow public and private network operators to unify their PBX voice traffic onto a single converged data network. NET claims that the VX is also the first IP telephony platform to offer a Session Border Controller (SBC) that integrates with many other functions, including SIP and H.323 call control, interoperability and protocol conversion, SS7/C7 signaling, interactive voice response, TDM/Ethernet media conversion, and billing record generation. It also incorporates remote survivability and secure voice through its encrypted secure telephone unit (STU), which is beneficial for government networks and tactical deployments. The VX platform supports analog, digital, and native IP voice, and combines the processes of a session border controller, media gateway, signaling control point, H.323/SIP interworking device, media server, and voice/data multiplexer in a single chassis.
The primary use of a VX platform as a session border controller is to provide a secure interconnect between the enterprises voice infrastructure and the carriers voice infrastructure. The use of a secure tunnel to the carrier provides the highest level of security without the need to open UDP ports on the firewall, and multiple carriers can be supported with the systems advanced virtual trunk groups. The VX SBC will also function in a topology-hiding mode, with each network simply viewing the VX as a SIP or H.323 endpoint. If the far end device is behind a NAT (Network Address Translation) device, the VX will detect the translation and apply a NAT traversal algorithm to ensure that the call sets up and the audio flows.
However, one of the main differentiating features of the VX is that it is more than just a session border controller ― it provides SBC and gateway functionality in the same box. This allows the customer to install the system as the single voice communications hub for the enterprise. PSTN and SIP-trunks can be connected to the same device, with least cost routing then applied to select the best route for the call. If bandwidth constraints exist, the VX can control the number of voice sessions, and also allow different session limits to be placed on different providers. In addition, the system provides a real-time GUI monitoring tool called Vxwatch that allows the user to see at a glance exactly how many calls are up, and where they are going.
Since the unit is also designed for military applications, it incorporates strong security features. These include support for the Secure Real Time Protocol (SRTP, described in RFC 3711, see ftp://ftp.rfc-editor.org/in-notes/pdfrfc/rfc3711.txt.pdf ), and IP Security (IPsec, described in RFC 4301, see ftp://ftp.rfc-editor.org/in-notes/pdfrfc/rfc4301.txt.pdf), which allow for a completely secure voice environment. These features have been tested to the U.S. National Information Assurance Certification and Accreditation Process (NIACAP) standards, with support for security on every connection from call setup to management and audio.
There are three models in the VX Series product line, the VX900, the VX1200, and the VX2500. These support up to two Ethernet ports, up to 32 T1/E1 ports, up to 16 FXS (foreign exchange station), and up to four serial ports, depending on the configuration. All of the units are designed for a 19-inch rack-mounted installation, and support network management interfaces using the Simple Network Management Protocol (SNMP) for traps, alarms, and statistics.
Further details on the NET architecture and products can be found at www.net.com. Our next tutorial will continue our examination of vendors SBC architectures.
Copyright Acknowledgement: © 2007 DigiNet Corporation ®, All Rights Reserved
Mark A. Miller, P.E., is President of DigiNet Corporation®, a Denver-based consulting engineering firm. He is the author of many books on networking technologies, including Voice over IP Technologies, and Internet Technologies Handbook, both published by John Wiley & Sons.