07-16-2013 02:30 PM - edited 03-16-2019 06:23 PM
Where is the best place to terminate a SIP trunk to a telecoms provider? CUBE or on CUCM itself
Something is telling me CUBE but I'm not sure why
Sent from Cisco Technical Support iPhone App
Solved! Go to Solution.
07-16-2013 03:53 PM
Some time ago this was discussed, I kept this in a notepad:
A direct SIP trunk is certainly technically feasible, but it is an inflexible and insecure solution and therefore strongly NOT recommended.
Reasons to terminate a SIP trunk on an enterprise demarc such as CUBE include but are not limited to:
- Lack of call admission control (SLA enforcement and DOS attack mitigation) on the SIP trunk
- Visibility of the CUCM and endpoint IP addresses to the SP network (and therefore to potential hackers)
- Very limited SIP trunk load balancing and redundancy capabilities
- No SIP trunk sharing between multiple CUCM clusters or other IP-PBX/proxy call agents in the enterprise
- No SIP malformed packet or other protocol level attack mitigation for your CUCM
- No way to troubleshoot voice quality problems to determine if it's your network or the SPs network at fault
- Much more limited toll fraud prevention techniques on the SIP trunk
- No way to control IP QoS settings on the incoming packets from the SP, and no way to customize them on the outgoing packets
- No way to manipulate SIP msging from the SP before it hits your CUCM to customize it to what CUCM/IP-PBX prefers to see
- Limited means of complying to the SP UNI (SIP msg manipulation on outbound msgs to the SP, and capabilities such as early-offer)
- Having to implement the SP UNI on CUCM instead of your enterprise preferred policies (and having to replicate this on every CUCM and IP-PBX routing calls to the SIP trunk)
- Having no way of doing a SIP registration to the SP when this is required on the SIP trunk
HTH
java
if this helps, please rate
www.cisco.com/go/pdihelpdesk
07-16-2013 03:53 PM
Some time ago this was discussed, I kept this in a notepad:
A direct SIP trunk is certainly technically feasible, but it is an inflexible and insecure solution and therefore strongly NOT recommended.
Reasons to terminate a SIP trunk on an enterprise demarc such as CUBE include but are not limited to:
- Lack of call admission control (SLA enforcement and DOS attack mitigation) on the SIP trunk
- Visibility of the CUCM and endpoint IP addresses to the SP network (and therefore to potential hackers)
- Very limited SIP trunk load balancing and redundancy capabilities
- No SIP trunk sharing between multiple CUCM clusters or other IP-PBX/proxy call agents in the enterprise
- No SIP malformed packet or other protocol level attack mitigation for your CUCM
- No way to troubleshoot voice quality problems to determine if it's your network or the SPs network at fault
- Much more limited toll fraud prevention techniques on the SIP trunk
- No way to control IP QoS settings on the incoming packets from the SP, and no way to customize them on the outgoing packets
- No way to manipulate SIP msging from the SP before it hits your CUCM to customize it to what CUCM/IP-PBX prefers to see
- Limited means of complying to the SP UNI (SIP msg manipulation on outbound msgs to the SP, and capabilities such as early-offer)
- Having to implement the SP UNI on CUCM instead of your enterprise preferred policies (and having to replicate this on every CUCM and IP-PBX routing calls to the SIP trunk)
- Having no way of doing a SIP registration to the SP when this is required on the SIP trunk
HTH
java
if this helps, please rate
www.cisco.com/go/pdihelpdesk
07-16-2013 04:02 PM
Fantastic, and into evernote it goes
Sent from Cisco Technical Support iPhone App
07-17-2013 01:23 AM
Steven,
In your excitement..you forgot to rate this fantastic post from Jamie.
Please rate all useful posts
"opportunity is a haughty goddess who waste no time with those who are unprepared"
07-17-2013 01:43 AM
noted and rated
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide