ClearIP In-line Proxy
The ClearIP In-line Proxy enables easy integration between a SIP telecommunications network and ClearIP.
This software is not required in all ClearIP deployments. Some ClearIP customers prefer to use it because it can make deployment easier with their telecom network equipment and software.
The ClearIP In-line Proxy performs the following functions:
- Receives SIP messages from network elements within a telecommunications network
- Maintains a secure encrypted connection with ClearIP
- Sends information over this secure connection to ClearIP
- Receives information back from ClearIP based upon services performed
- Sends the formatted information to network elements.
In summary, the ClearIP In-line Proxy acts as secure message relay. It works with any SIP-based telecom system.
The ClearIP In-line Proxy can be configured in several different ways according to the preferences and requirements of the service provider. The following figure shows an illustrative configuration:
In this arrangement, the ClearIP In-line Proxy receives SIP INVITEs, sends them to ClearIP, receives the replies and sends the message to the appropriate network elements (e.g., switch, SBC).
The following figure shows the call flow for when ClearIP returns a SIP 302 Redirect response for routing and/or STIR/SHAKEN authentication:
- A Subscriber sends a call to the Switch over SIP or TDM.
- The Switch sends a SIP INVITE to the In-line Proxy.
- The In-line Proxy sends the SIP INVITE to ClearIP for services (e.g., STIR/SHAKEN authentication, routing, toll fraud prevention, robocall mitigation, etc.).
- ClearIP responds to the In-line Proxy with a SIP 302 Redirect message with STIR/SHAKEN Identity header and Contact header, including the IP address(es) of the Destination(s).
- The In-line Proxy inserts the Identity header into the SIP INVITE and sends a redirected SIP INVITE with Identity header to the first Destination.
- If the first Destination is unable to complete the call, then the In-Line Proxy would route the call to the second Destination listed in the SIP 302 Contact header.
ClearIP In-line Proxy installation and setup
- Create Virtual Machines (VMs) inside your private network with 4 GB of RAM and 2 cores running CentOS 7.x or Redhat 7.x.
- The VMs must have access to the internet.
- The VMs should not have public IP addresses. We recommend that you set up them up with Network Address Translation (NAT) through a firewall.
- No ports should be opened for external access.
- All connections to ClearIP from your network will be initiated through proxies running in the VMs. They will connect to ClearIP using TLS 1.2, so all traffic will be encrypted.
- The ClearIP In-line Proxies will accept SIP messages on all interfaces via UDP (5060), TCP (5060), and TLS 1.2 (5061).
- Only trusted devices should be able to send SIP messages to the ClearIP In-line Proxies. If untrusted devices exist on the same network as the ClearIP In-line Proxies, you must use a firewall to limit access.
- The ClearIP In-Line Proxy starts when installed and whenever its VM is rebooted. There is no starting/stopping or further configuration required.
- To install the ClearIP In-line Proxy on each VM, run this command:
curl https://files.transnexus.com/clearip/installProxy.sh | sh -s
Contact us today for more information on ClearIP and the ClearIP In-line Proxy.
This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.
ClearIP delivers the fastest, easiest, most-precise prevention of toll fraud, robocalls and TDoS attacks. It’s ready-to-go with STIR/SHAKEN.Learn more