VoIP

TCXC Adds Subspace support to its Carrier Digital Platform

Subspace TelecomsXChange

Introduction

Modern telco carriers interconnect over SIP protocol for voice and SMPP protocol for SMS using the public internet, it is common that each carrier has their session border controllers (SBCs) or Short Message Service Center (SMSC) at different geographical locations. Let’s start with voice, For example, if you send a call to Bharti Airtel to India, likely you’re pointing your traffic to their SBC in the UK, so all traffic is being proxied through the United Kingdom then sent back to their gateways in India for final termination. For topology hiding it is also common that your RTP/Media will be proxied as well and the. sent over the public internet to India

What is subspace

Subspace is a dedicated, secure network for delivering tomorrow’s internet today. From mission-critical real-time applications to in-network applications, Subspace helps companies create the best possible real-time experiences. Subspace offers the world’s best connectivity for real-time applications.

Ashton Kutcher on Subspace

The Public Network Challenges

As we know the public internet was designed for reliability and did not promise certain quality for real-time applications like voice, video, say you’re interconnecting to a Mobile Network Operator (MNO) Session border controller (SBC) over IP located in the UK for transit to route calls to India for example. if anything happens in the public internet between the UK and India the call quality will be degraded, or dropped. If internet routing is managed by the MNO manually, all calls to India will suffer from degraded quality until this route is fixed. Handling the global network connectivity problems in realtime is not an easy task and dropping for a few minutes or even seconds can result in users to immediately switch from your service.

Subspace as a Solution

To be proactive and solve this challenge, with a few clicks, UK MNO can send the media traffic to Airtel India via Subspace’s network by adding an entry in Subspace portal or API that will automatically provide them with a unique IP:Port that redirects to their SIP network in india.

After pointing via Subspace the traffic will be accelerated using best routes, solving any internet backbone, middle mile or last mile issues.

Subspace SIP Teleport’s proprietary algorithms ensure that your real-time application has the ability to deliver consistent voice, free of stutters, jitters, or lag, under even the most challenging network conditions, with up to 80% reduction in packet loss.

“Every millisecond counts for real-time applications. What if your users could interact with your application without network-induced lag, jitter, disconnects, and screen freezes?” Subspace.com

Adding native support for Subspace in the TCXC Stack

For the telecom wholesale industry & peering Contact Centers to benefit from the value that Subspace provides, we had to do this ! Let me explain, there is a limitation by design that can lead to causing subspace use case become not applicable for wholesale carrier traffic scenario due to authentication and authorization reasons. For example when initiating a call via Subspace network using SIP Teleport, the src IP where the call will be coming from is the subspace IP (CIDR 129.203.31.1/24), this is usually fine if the customer is using SIP registration method, however in wholesale (carrier to carrier) this means that the originators using SIP peering for authentication won’t be able to authenticate successfully by default, TCXC Authentication, Authorization, Accounting (AAA) will rejects the SIP request and send SIP error 403 to the customer.

To solve this problem, TCXC parses from SIP Teleport by subspace the real-IP that the call is coming from, so we have to challenge the special SIP header `X-Subspace-Forwarded-For` during authenticating, authorizing and accounting for this work properly.

To achieve this, we had to add support for the subspace special SIP header that SIP teleport uses to communicate the real IP address that the call came from in five components:

B2bua

Authentication

Authorization

Accounting

Web UI

In TCXC web portal we added a new checkbox for carriers that use subspace SIP Teleport to send their traffic via TCXC Network, once checked if the call is coming from subspace IP network and SIP header is set, the IPv4 authentication will use the value of the header as remote ip. If the box is unchecked the incoming call will use the regular authentication logic.

Currently this new feature is in BETA, we welcome all existing and future TCXC CSP members to take it for a test drive.

For Call centers, CPaaS providers that want to re-route to TCXC via subspace simply set your subspace network IP in outbound SIP proxy settings.

Block unwanted SIP traffic efficiently

Block unwanted SIP traffic

Blocking SIP traffic manually is a reactive procedure, in the absence of smart tools, being pro-active is nearly impossible, it is common if you’re only reacting to a SIP attack then the damage of different types is already done.

The Challenge of blocking SIP traffic

It is no secret that attackers are pretty smart programmers, commonly attackers use sophisticated tools that scan virtually any network and perform the SIP attacks automatically.

in this context, the same attacker IP address is usually seen by several servers and networks, once these tools identify a vulnerability it’ll start attacking you immediately.

When manually blocking unwanted SIP traffic, our internal data shows that we are more likely to perform SIP blocking after an alert is triggered, for example, alarms start triggering on your resources for Disk space, CPU, Memory utilization while the legit traffic has not increased.

Another operational challenge is when a SIP provider has many nodes that they manually manage, blocking an IP address one node means you have to re-deploy the same rules across the board. Management by hand is a time-consuming process whereas software-defined Automation is fast

Case Study

Recently while working with a vendor and had the sngrep tool open, we noticed many hits coming from unknown IPs, all the attempts were rejected by TCXC‘s `Authentication, Authorizations ` module, however, those attempts still consumed Disk space, CPU, and memory as they kept coming.

We went ahead and blocked the unwanted IP address manually in IP tables and repeated the same across our servers, that’s when we thought it would be a good opportunity to verify and test if this attacker’s IP was already detected by APIBan’s SIP honeypots, an open-source project that we recently heard about at Tadhack 2021.

Continue reading…

TelecomsXChange (TCXC) a Founding Member of the API3 Alliance, To Offer First-Party Oracle Services on Web3.0

TelecomsXChange (TCXC) a founding Member of the API3 Alliance, To Offer First-Party Oracle Services on Web3

Leading Web API provider to provide data and services to the next generation of decentralized applications via Airnode

Miami, Florida– August 10, 2021 — TCXC, a leading Telecom digital transformation solution provider today joined with API3, a “first-party oracle” solution empowering data providers to offer APIs directly to Web3 applications, to launch the API3 Alliance 2. The API3 Alliance represents a strategic coalition of API providers who believe that we should be able to share the same data and services we currently offer to web applications directly to Web3 consumers, without having to rely on third-party middlemen. Traditionally, APIs have been forced to either build their own facilities or pay external oracle operators to implement the middleware necessary to make their data and services compatible with the blockchain. API3 offers the tools and individualized support to our growing community — already more than 100 API providers — to go direct to the consumers of our APIs on Web3.

Continue reading…

STIR/SHAKEN SIP headers support and more..

A few important updates will land to TCXC production environment today.

STIR/SHAKEN

TelecomsXChange (TCXC) is now officially registered in the Federal Communications Commission Robocall Mitigation Database holding number RMD0004338. We have already added the support for the STIR/SHAKEN required SIP headers last week. We have also exposed some UI/API tools for sellers to help them take action in real-time to stop/mitigate any suspicious traffic.

The new SIP Identity headers required by STIR/SHAKEN are now added to TCXC SIP stack. All members are welcome to start testing.

New CLID (Caller ID) policy for sellers

We have released a new policy for sellers which enable them to have full control over the CLID policy to be used for each SIP connection (route). For instance a seller can now define a default Deny all caller ids except defined entries in the table, this can come in handy for virtual number providers who wish to offer a local sip trunk but at same time allow it only to be used from DIDs that are sold via the platform.

New CLID policy for sellers

Go Lang SMPP LB & Bind Proxy

We are at final stages of QA testing of the new SMPP load balancer and Bind proxy written in Go Lang, the test results were satisfying and in some areas very impressive. We will be posting a dedicated update regarding this topic.

If you have any questions or concerns regarding these updates , please write to support@telecomsxchange.com .

New Payout Method, Unlimited Possibilities

Beta!

We are excited to announce in the first week of 2019 Telecomsxchange new Payout method for seller members that sell Voice, SMS, DID numbers on TelecomsXChange Platform.

When requesting a payout you can now choose to get paid using Visa Prepaid Card that is accepted at of any merchant that accepts visa, or you can redeem it right on your virtual or physical credit card terminal.

How It Works ?

The process is very simple, when requesting a payout from your seller account, all you have to do is choose Prepaid Visa option and click send request, in few minutes you will receive an email with an attachment (Password protected) that contains your newly generated Visa Card which looks like this:

The phone number on file will receive an SMS message with the attachment secret password.

You can then use the card number and expiration date and security code to charge the card.

Continue reading…

%d bloggers like this: