What is an SBC? A look at the role of the Session Border Controller
AlanPercy1
2,142 views
36 slides
Nov 27, 2018
Slide 1 of 36
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
About This Presentation
IP communications systems are becoming an ever-more critical part of business and consumer communications. As a result, they are increasingly becoming the target for fraudsters, trolls and hackers, requiring a comprehensive security solution. These are the reasons behind the birth of the Session Bo...
Slide Content
What is an SBC? A look at the role of the Session Border Controller Alan D. Percy [email protected] November 2018 1
2 What are the Risks? Extortion DOS / DDOS Attacks Registration Floods Malformed SIP Headers Call Floods Intrusion Network Scanning Account Hacking Theft of Services “Within 10 minutes of taking our Asterisk system live, it was found by a scanner” - Regional Reseller
3 Agenda Session Border Controllers What are they? How do they work? How are they used? Where to get free SBC software? Where to learn more?
4 Firewall = SBC? Internet LAN WAN SIP “A SBC is just a Firewall for SIP, right?” RTP
5 SIP Server = SBC? Answer: No – SIP Servers don’t have a B2BUA and have no media handling security
6 Other Needs? SIP-aware Security Resolve SIP incompatibility issues Convert media formats Facilitate call recording Measure voice/video quality Call Routing Billing By Korolev Alexandr RFC 3261
What is a SBC? Local Area Network Network Border Wide Area Network SBC Anywhere two SIP networks intersect Software-based “Network Function” Most often between a WAN and a LAN SIP SIP
Topology Hiding Network Border Internet SBC Application 10.X.X.X 34.Y.Y.Y “Back to Back User Agent” B2BUA
DOS/DDOS/Intrusion Prevention Network Border Internet SBC Application Detects and deflects DOS/DDOS and Registration Floods
Encryption Demarcation Network Border Service Provider SBC Application Clear Encrypted Encryption of session control (SIP/TLS) and/or media (SRTP)
11 NAT Traversal Tasks: NAT Detection Address Translation NAT Pinhole Maintenance SMB/Enterprise IAD/Router NAT Service Provider Application SBC 192.x.x.x 34.x.x.x SIP
Media Services Codec conversion (Transcoding) Tones and Announcements Legal Intercept Voice quality measurement Network Border Service Provider SBC Application G.711 G.729 Law Enforcement
SIP Interoperability Service Provider Network Border Privacy modification SIP From: Alice SIP From: Anonymous SIP X-Header : Op-A SIP P-Header: No-charge Custom header SIP SIP-I Ü Carrier Interoperability Protocol conversion Ü Multi-vendor Compatibility Ü Privacy enforcement Service Provider Digit Manipulation SIP To: 555-1212 SIP To: +1 800 555-1212 Ü Privacy enforcement SBC
Traffic Management & Routing Call Rate Limiting Load Balancing Route by called/calling # Route by availability External/Custom/Third-party Algorithms SBC SIP Traffic
15 How does a SBC work? Functions of a Session Border Controller Security Intrusion Protection “Line Rate” Inspection Topology Hiding B2BUA Interoperability Media Services Routing/Traffic Mgmt. More… Session Border Controller Functions Intrusion Detection & Security B2BUA Routing Media
Use Cases 16
17 Use Cases - Peering Tasks: Call routing Mediation Billing functions Retail Service Provider SoftSwitch Wholesale VoIP Provider SBC SBC Billing
18 Use Cases – Access Tasks: DOS/DDOS Protection NAT Traversal SIP Registration screening Analytics and Billing QOS Monitoring & Reporting SMB/Enterprise IAD/Router Service Provider Softswitch SBC Billing
19 Use Cases – Redundancy Tasks: Failure Detection Traffic Redirection and Routing Performance Measurement Service Provider SBC SBC Wholesale Provider(s)
20 Use Cases – CPaaS Providers Tasks: SIP Trunking Interoperability FQDN Mapping Intelligent Call Routing Media By-pass Cloud Hosted Cloud-based Communications Provider as a Service (CPaaS) SIP Trunking Provider(s) CPaaS SBC
Emergence of the E-SBC Service Provider SBC Protect service provider’s network High density / Large capacity Billing Interfaces NAT Traversal SIP Trunking and Access Central Office / Cloud Deployment 1+1 Redundancy Legal Intercept (CALEA) Wireline and Wireless SPs Sold through Systems Integrators Enterprise SBC 21 Protect enterprise’s network Low to medium density Quality of Service measurement Intrusion Protection UC or IP-PBX Interoperabililty Customer Premises (CPE) Lower cost SIPREC for Call Recording Mid-market and Enterprises Sold through Resellers/Channels
22 Use Cases – E-SBC Tasks: Security SIP Trunking Interoperability ANI/Caller-ID Substitution Cause Code Mapping IP-PBX / UC / Contact Center with SIP Trunking SIP Trunking Provider(s) UC or Contact Center SBC
23 Use Cases – E-SBC Tasks: Security SIP Trunking Interoperability Registration Forwarding IP-PBX / UC / Contact Center with SIP Trunking and Remote Users SIP Trunking Provider(s) UC or Contact Center SBC Work-at-home users SBC
Deployment Methods 24
25 SBCs “Back in the Day” SBCs were based on specialized “purpose-built” hardware platforms Packet processing H/W DSP Modules DC Power High Availability in hardware $
Changing Economics “Old Way” Hardware-centric Proprietary appliances EOL Hardware Capital Expenditure + Maintenance “Cloud Way” 26 Software-centric COTS Hardware, Virtual or Cloud Software-as-a-Service “Pay-as-you-Grow” TCO Years TCO Years
27 SBCs as Software “Service providers have been deploying session border controllers (SBCs) predominantly as standalone devices, but by 2019 they will increasingly implement SBCs as software in virtualized environments and on commercial servers…”, Diane Myers, IHS Markit Source: IHS Markit’s IMS and SBC Strategies and Vendor Leadership Service Provider Survey , September 2019
28 SBC Deployment Models – COTS Highest performance and scale Most predictable performance Scales down to small CPE appliances Required dedicated hardware
29 SBC Deployment Models - Virtualized Deployed in CPE, Data Center, Private and Public Cloud
30 SBC Deployment Models - VNF Deployed as a Virtualized Network Function (VNF) Core of a Service Provider or Edge of a SP network on uCPE Managed by Orchestration S/W SBC
31 SBC Deployment Models - Cloud “Pay as you Grow” Variety of platform choices and operating systems Flexible scaling
32 Introducing… Learn more at: www.FreeSBC.com
33 Congratulations! You now know enough to be dangerous! How do you continue your knowledge?
34 More on SBCs at The SIP School
35 Learn More…
36 Q&A The SIP School www.thesipschool.com Free copy of SBC software: www.freesbc.com Other Recorded webinars at: freesbc.com/video-library Q/A?
Categories
BusinessDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 2,142
- Slides 36
- Favorites 1
- Age 2561 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
28 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
30 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
28 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
26 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
27 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
30 views