"Secure" origination
Hi all, Can anyone advise on SIP origination providers / wholesalers who can work with you to tick compliance boxes by handing the traffic off over a tunnel, or a private circuit, or AWS Direct Connect perhaps? This is for the cases when TLS + SRTP over public Internet won't do to satisfy some particular security requirement. The main ask would be that this be relatively off the shelf and turn-key for the provider to do, not some ultra-bespoke custom deal that takes 6 months to organise and engineer. Cheers, -- Alex — Sent from mobile, apologies for brevity and errors.
Hey Alex, so far, I have seen this only as bespoke contracts with larger carriers when you hit a certain volume of minutes/month or similar (in Europe). Setup times were not so bad (maybe some weeks), if you (and your partner) were already located on a large Internet Exchange, for example this one: https://www.de-cix.net/en/partners/partner-directory Have a look for similar exchanges in the USA maybe, they should offer similar direct private interconnection. Cheers, Henning -- Kamailio & VoIP services – https://gilawa.com
-----Original Message----- From: Alex Balashov via VoiceOps <voiceops@voiceops.org> Sent: Dienstag, 3. Februar 2026 22:01 To: VoiceOps <voiceops@voiceops.org> Subject: [VoiceOps] "Secure" origination
Hi all,
Can anyone advise on SIP origination providers / wholesalers who can work with you to tick compliance boxes by handing the traffic off over a tunnel, or a private circuit, or AWS Direct Connect perhaps?
This is for the cases when TLS + SRTP over public Internet won't do to satisfy some particular security requirement.
The main ask would be that this be relatively off the shelf and turn-key for the provider to do, not some ultra-bespoke custom deal that takes 6 months to organise and engineer.
Cheers,
-- Alex
— Sent from mobile, apologies for brevity and errors. _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
Pretty sure Telin does, and I could ask or send over contacts. They have an SD-WAN option that I’m sure is encrypted. Easy to work with too. On Feb 3, 2026 at 2:01:18 PM, Alex Balashov via VoiceOps < voiceops@voiceops.org> wrote:
Hi all,
Can anyone advise on SIP origination providers / wholesalers who can work with you to tick compliance boxes by handing the traffic off over a tunnel, or a private circuit, or AWS Direct Connect perhaps?
This is for the cases when TLS + SRTP over public Internet won't do to satisfy some particular security requirement.
The main ask would be that this be relatively off the shelf and turn-key for the provider to do, not some ultra-bespoke custom deal that takes 6 months to organise and engineer.
Cheers,
-- Alex
— Sent from mobile, apologies for brevity and errors. _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
Alex We run client traffic over AWS Direct Connect... and over private layer 2/3 links for larger customers (although we've been doing less and less of this). Private links will take what they take to get in place (via Lumen, Zayo, etc) AWS DC is off the shelf. Thanks, Ivan Kovacevic On Tue, Feb 3, 2026 at 4:18 PM Alex Balashov via VoiceOps < voiceops@voiceops.org> wrote:
Hi all,
Can anyone advise on SIP origination providers / wholesalers who can work with you to tick compliance boxes by handing the traffic off over a tunnel, or a private circuit, or AWS Direct Connect perhaps?
This is for the cases when TLS + SRTP over public Internet won't do to satisfy some particular security requirement.
The main ask would be that this be relatively off the shelf and turn-key for the provider to do, not some ultra-bespoke custom deal that takes 6 months to organise and engineer.
Cheers,
-- Alex
— Sent from mobile, apologies for brevity and errors. _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
-- NOTE: This email message and any attachments are for the sole use of the intended recipient(s) and may contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by replying to this email, and destroy all copies of the original message.
I believe, although I could be mistaken that Lumen/CenturyLink, AT&T, Verizion, or whoever the fiber owner in your local area is will be able to do this. I know an organization which has it's voice service delivered over a dedicated CenturyLink circuit, but they have about 8,000 numbers with CL, so I'm not sure what the volume requirement would be for that kind of arrangement. I do find this kind of odd however, as I could easily set up a IPsec tunnel to do SIP traffic over, but it would go back over the public internet when it goes to my upstream carrier, and it would be difficult to determine how a provider interconnects with their upstream. You might want to look for a provider which will guarantee that it will drop your traffic onto one of the T1 IXCs after it receives it. Thank you, Enzo Damato On 2/3/26 3:01 PM, Alex Balashov via VoiceOps wrote:
Hi all,
Can anyone advise on SIP origination providers / wholesalers who can work with you to tick compliance boxes by handing the traffic off over a tunnel, or a private circuit, or AWS Direct Connect perhaps?
This is for the cases when TLS + SRTP over public Internet won't do to satisfy some particular security requirement.
The main ask would be that this be relatively off the shelf and turn-key for the provider to do, not some ultra-bespoke custom deal that takes 6 months to organise and engineer.
Cheers,
-- Alex
— Sent from mobile, apologies for brevity and errors. _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
On Feb 3, 2026, at 4:38 PM, Enzo via VoiceOps <voiceops@voiceops.org> wrote:
I believe, although I could be mistaken that Lumen/CenturyLink, AT&T, Verizion, or whoever the fiber owner in your local area is will be able to do this. I know an organization which has it's voice service delivered over a dedicated CenturyLink circuit, but they have about 8,000 numbers with CL, so I'm not sure what the volume requirement would be for that kind of arrangement.
Fair; if you walk into any LEC with a sufficiently large, lottery-winner sized novelty check, and given eough time and effort, it turns out all things are possible. :-) The question was about who offers this out of the box, more or less, and what I learned from the feedback is that it's a lot more common than I might have thought, particularly if the ask is to cater to AWS Direct Connect specifically.
I do find this kind of odd however, as I could easily set up a IPsec tunnel to do SIP traffic over, but it would go back over the public internet when it goes to my upstream carrier, and it would be difficult to determine how a provider interconnects with their upstream. You might want to look for a provider which will guarantee that it will drop your traffic onto one of the T1 IXCs after it receives it.
Sadly, rational solutions for an inherently irrational requirement are ill-fitting... Cheers, -- Alex -- Alex Balashov Principal Consultant Evariste Systems LLC Web: https://evaristesys.com, https://www.csrpswitch.com Tel: +1-706-510-6800
participants (5)
-
Alex Balashov -
Carlos Alvarez -
Enzo -
Henning Westerholt -
Ivan Kovacevic