What is an SBC? A look at the role of the Session Border Controller
113 views
36 slides
Jul 31, 2023
Slide 1 of 36
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
About This Presentation
IP communications systems are becoming an ever-more critical part of business and consumer communications. As a result, they are increasingly becoming the target for fraudsters, trolls and hackers, requiring a comprehensive security solution. These are the reasons behind the birth of the Session Bo...
Slide Content
What is an SBC?
A look at the role of the
Session Border Controller
Alan D. Percy
[email protected]
November 2018
1
A look at the role of the
Session Border Controller
Alan D. Percy
[email protected]
November 2018
1
2
What are the Risks?
•Extortion
•DOS / DDOS Attacks
•Registration Floods
•Malformed SIP Headers
•Call Floods
•Intrusion
•Network Scanning
•Account Hacking
•Theft of Services
What are the Risks?
•Extortion
•DOS / DDOS Attacks
•Registration Floods
•Malformed SIP Headers
•Call Floods
•Intrusion
•Network Scanning
•Account Hacking
•Theft of Services
3
Agenda
Session Border Controllers
•What are they?
•How do they work?
•How are they used?
•Where to get free
SBC software?
•Where to learn more?
Agenda
Session Border Controllers
•What are they?
•How do they work?
•How are they used?
•Where to get free
SBC software?
•Where to learn more?
4
Firewall = SBC?
Internet
LANWAN
SIP
“A SBC is just a Firewall for SIP, right?”
RTP
Firewall = SBC?
Internet
LANWAN
SIP
“A SBC is just a Firewall for SIP, right?”
RTP
5
SIP Server = SBC?
Answer: No –SIP Servers don’t have a B2BUA and have
no media handling security
SIP Server = SBC?
Answer: No –SIP Servers don’t have a B2BUA and have
no media handling security
6
Other Needs?
•SIP-aware Security
•Resolve SIP incompatibility
issues
•Convert media formats
•Facilitate call recording
•Measure voice/video quality
•Call Routing
•Billing By KorolevAlexandr
RFC 3261
Other Needs?
•SIP-aware Security
•Resolve SIP incompatibility
issues
•Convert media formats
•Facilitate call recording
•Measure voice/video quality
•Call Routing
•Billing By KorolevAlexandr
RFC 3261
What is a SBC?
Local Area
Network
Network
Border
Wide Area
Network SBC
•Anywhere two SIP networks intersect
•Software-based “Network Function”
•Most often between a WAN and a LAN
SIP SIP
Local Area
Network
Network
Border
Wide Area
Network SBC
•Anywhere two SIP networks intersect
•Software-based “Network Function”
•Most often between a WAN and a LAN
SIP SIP
Topology Hiding
Network
Border
Internet SBC
Application
10.X.X.X34.Y.Y.Y
“Back to Back User Agent”
B2BUA
Network
Border
Internet SBC
Application
10.X.X.X34.Y.Y.Y
“Back to Back User Agent”
B2BUA
DOS/DDOS/Intrusion Prevention
Network
Border
Internet SBC
Application
Detects and deflects
DOS/DDOS and Registration Floods
Network
Border
Internet SBC
Application
Detects and deflects
DOS/DDOS and Registration Floods
Encryption Demarcation
Network
Border
Service
Provider SBC
Application
ClearEncrypted
Encryption of session control (SIP/TLS)
and/or media (SRTP)
Network
Border
Service
Provider SBC
Application
ClearEncrypted
Encryption of session control (SIP/TLS)
and/or media (SRTP)
11
NAT Traversal
Tasks:
NAT Detection
Address Translation
NAT Pinhole Maintenance
SMB/Enterprise
IAD/Router
NAT
Service Provider
Application
SBC
192.x.x.x 34.x.x.x
SIP
NAT Traversal
Tasks:
NAT Detection
Address Translation
NAT Pinhole Maintenance
SMB/Enterprise
IAD/Router
NAT
Service Provider
Application
SBC
192.x.x.x 34.x.x.x
SIP
Media Services
•Codec conversion (Transcoding)
•Tones and Announcements
•Legal Intercept
•Voice quality measurement
Network
Border
Service
Provider SBC
Application
G.711G.729
Law
Enforcement
•Codec conversion (Transcoding)
•Tones and Announcements
•Legal Intercept
•Voice quality measurement
Network
Border
Service
Provider SBC
Application
G.711G.729
Law
Enforcement
SIP Interoperability
Service
Provider
Network
Border
Privacy modification SIP From: Alice SIP From: Anonymous
SIP X-Header : Op-A SIP P-Header: No-chargeCustom header
SIP SIP-I
Carrier InteroperabilityProtocol
conversion
Multi-vendor Compatibility
Privacy enforcement
Service
Provider
Digit Manipulation SIP To: 555-1212 SIP To: +1 800 555-1212Privacy enforcement
SBC
Service
Provider
Network
Border
Privacy modification SIP From: Alice SIP From: Anonymous
SIP X-Header : Op-A SIP P-Header: No-chargeCustom header
SIP SIP-I
Carrier InteroperabilityProtocol
conversion
Multi-vendor Compatibility
Privacy enforcement
Service
Provider
Digit Manipulation SIP To: 555-1212 SIP To: +1 800 555-1212Privacy enforcement
SBC
Traffic Management & Routing
•Call Rate Limiting
•Load Balancing
•Route by called/calling #
•Route by availability
•External/Custom/Third-party Algorithms
SBC
SIP Traffic
•Call Rate Limiting
•Load Balancing
•Route by called/calling #
•Route by availability
•External/Custom/Third-party Algorithms
SBC
SIP Traffic
15
How does a SBC work?
Functions of a Session Border Controller
•Security
•Intrusion Protection
•“Line Rate” Inspection
•Topology Hiding
•B2BUA Interoperability
•Media Services
•Routing/Traffic Mgmt.
•More…
Session Border Controller
Functions
Intrusion
Detection
& Security
B2BUA Routing
Media
How does a SBC work?
Functions of a Session Border Controller
•Security
•Intrusion Protection
•“Line Rate” Inspection
•Topology Hiding
•B2BUA Interoperability
•Media Services
•Routing/Traffic Mgmt.
•More…
Session Border Controller
Functions
Intrusion
Detection
& Security
B2BUA Routing
Media
USE CASES
16
16
17
Use Cases -Peering
Tasks:
Call routing
Mediation
Billing functions
Retail Service Provider
SoftSwitch
Wholesale VoIP Provider
SBC
SBC
Billing
Use Cases -Peering
Tasks:
Call routing
Mediation
Billing functions
Retail Service Provider
SoftSwitch
Wholesale VoIP Provider
SBC
SBC
Billing
18
Use Cases –Access
Tasks:
DOS/DDOS Protection
NAT Traversal
SIP Registration screening
Analytics and Billing
QOS Monitoring & Reporting
SMB/Enterprise
IAD/Router
Service Provider
Softswitch
SBC
Billing
Use Cases –Access
Tasks:
DOS/DDOS Protection
NAT Traversal
SIP Registration screening
Analytics and Billing
QOS Monitoring & Reporting
SMB/Enterprise
IAD/Router
Service Provider
Softswitch
SBC
Billing
19
Use Cases –Redundancy
Tasks:
Failure Detection
Traffic Redirection and Routing
Performance Measurement
Service Provider
SBC
SBC
Wholesale
Provider(s)
Use Cases –Redundancy
Tasks:
Failure Detection
Traffic Redirection and Routing
Performance Measurement
Service Provider
SBC
SBC
Wholesale
Provider(s)
20
Use Cases –CPaaS Providers
Tasks:
SIP Trunking Interoperability
FQDN Mapping
Intelligent Call Routing
Media By-pass
Cloud Hosted
Cloud-based Communications Provider as a Service (CPaaS)
SIP Trunking
Provider(s)
CPaaS
SBC
Use Cases –CPaaS Providers
Tasks:
SIP Trunking Interoperability
FQDN Mapping
Intelligent Call Routing
Media By-pass
Cloud Hosted
Cloud-based Communications Provider as a Service (CPaaS)
SIP Trunking
Provider(s)
CPaaS
SBC
Emergence of the E-SBC
Service Provider SBC
•Protect service provider’s network
•High density / Large capacity
•Billing Interfaces
•NAT Traversal
•SIP Trunking and Access
•Central Office / Cloud Deployment
•1+1 Redundancy
•Legal Intercept (CALEA)
•Wireline and Wireless SPs
•Sold through Systems Integrators
Enterprise SBC
21
•Protect enterprise’s network
•Low to medium density
•Quality of Service measurement
•Intrusion Protection
•UC or IP-PBX Interoperabililty
•Customer Premises (CPE)
•Lower cost
•SIPREC for Call Recording
•Mid-market and Enterprises
•Sold through Resellers/Channels
Service Provider SBC
•Protect service provider’s network
•High density / Large capacity
•Billing Interfaces
•NAT Traversal
•SIP Trunking and Access
•Central Office / Cloud Deployment
•1+1 Redundancy
•Legal Intercept (CALEA)
•Wireline and Wireless SPs
•Sold through Systems Integrators
Enterprise SBC
21
•Protect enterprise’s network
•Low to medium density
•Quality of Service measurement
•Intrusion Protection
•UC or IP-PBX Interoperabililty
•Customer Premises (CPE)
•Lower cost
•SIPREC for Call Recording
•Mid-market and Enterprises
•Sold through Resellers/Channels
22
Use Cases –E-SBC
Tasks:
Security
SIP Trunking Interoperability
ANI/Caller-ID Substitution
Cause Code Mapping
IP-PBX / UC / Contact Center with SIP Trunking
SIP Trunking
Provider(s)
UC or
Contact Center
SBC
Use Cases –E-SBC
Tasks:
Security
SIP Trunking Interoperability
ANI/Caller-ID Substitution
Cause Code Mapping
IP-PBX / UC / Contact Center with SIP Trunking
SIP Trunking
Provider(s)
UC or
Contact Center
SBC
23
Use Cases –E-SBC
Tasks:
Security
SIP Trunking Interoperability
Registration Forwarding
IP-PBX / UC / Contact Center with SIP Trunking and Remote Users
SIP Trunking
Provider(s)
UC or
Contact Center
SBC
Work-at-home users
SBC
Use Cases –E-SBC
Tasks:
Security
SIP Trunking Interoperability
Registration Forwarding
IP-PBX / UC / Contact Center with SIP Trunking and Remote Users
SIP Trunking
Provider(s)
UC or
Contact Center
SBC
Work-at-home users
SBC
DEPLOYMENT
METHODS
24
METHODS
24
25
SBCs “Back in the Day”
•SBCs were based on specialized
“purpose-built” hardware platforms
•Packet processing H/W
•DSP Modules
•DC Power
•High Availability in hardware
SBCs “Back in the Day”
•SBCs were based on specialized
“purpose-built” hardware platforms
•Packet processing H/W
•DSP Modules
•DC Power
•High Availability in hardware
Changing Economics
“Old Way”
Hardware-centric
Proprietary appliances
EOL Hardware
Capital Expenditure + Maintenance
“Cloud Way”
26
Software-centric
COTS Hardware, Virtual or Cloud
Software-as-a-Service
“Pay-as-you-Grow”
TCO
Years
TCO
Years
“Old Way”
Hardware-centric
Proprietary appliances
EOL Hardware
Capital Expenditure + Maintenance
“Cloud Way”
26
Software-centric
COTS Hardware, Virtual or Cloud
Software-as-a-Service
“Pay-as-you-Grow”
TCO
Years
TCO
Years
27
SBCs as Software
“Service providers have been deploying session
border controllers (SBCs) predominantly as
standalone devices, but by 2019 they will
increasingly implement SBCs as software in
virtualized environments and on commercial
servers…”, Diane Myers, IHSMarkit
Source: IHS Markit’sIMS and SBC Strategies and Vendor
Leadership Service Provider Survey, September 2019
SBCs as Software
“Service providers have been deploying session
border controllers (SBCs) predominantly as
standalone devices, but by 2019 they will
increasingly implement SBCs as software in
virtualized environments and on commercial
servers…”, Diane Myers, IHSMarkit
Source: IHS Markit’sIMS and SBC Strategies and Vendor
Leadership Service Provider Survey, September 2019
28
SBC Deployment Models –COTS
•Highest performance and scale
•Most predictable performance
•Scales down to small CPE appliances
•Required dedicated hardware
SBC Deployment Models –COTS
•Highest performance and scale
•Most predictable performance
•Scales down to small CPE appliances
•Required dedicated hardware
29
SBC Deployment Models -Virtualized
•Deployed in CPE, Data Center, Private and Public
Cloud
SBC Deployment Models -Virtualized
•Deployed in CPE, Data Center, Private and Public
Cloud
30
SBC Deployment Models -VNF
•Deployed as a Virtualized
Network Function (VNF)
•Core of a Service Provider
or
Edge of a SP network on
uCPE
•Managed by Orchestration
S/W
SBC
SBC Deployment Models -VNF
•Deployed as a Virtualized
Network Function (VNF)
•Core of a Service Provider
or
Edge of a SP network on
uCPE
•Managed by Orchestration
S/W
SBC
31
SBC Deployment Models -Cloud
•“Pay as you Grow”
•Variety of platform choices
and operating systems
•Flexible scaling
SBC Deployment Models -Cloud
•“Pay as you Grow”
•Variety of platform choices
and operating systems
•Flexible scaling
32
Introducing…
Learn more at: www.FreeSBC.com
Introducing…
Learn more at: www.FreeSBC.com
33
Congratulations!
•You now know enough to
be dangerous!
•How do you continue
your knowledge?
Congratulations!
•You now know enough to
be dangerous!
•How do you continue
your knowledge?
34
More on SBCs at The SIP School
More on SBCs at The SIP School
35
Learn More…
Learn More…
36
Q&A
The SIP School
www.thesipschool.com
Free copy of SBC software:
www.freesbc.com
Other Recorded webinars at:
freesbc.com/video-library
Q/A?
Q&A
The SIP School
www.thesipschool.com
Free copy of SBC software:
www.freesbc.com
Other Recorded webinars at:
freesbc.com/video-library
Q/A?
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 113
- Slides 36
- Age 854 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views