Session Border Controllers & UC Gateways

The Enterprise Session Border Controller market is dominated by Ribbon Communications and Audiocodes who both spend a good percentage of revenue of research and development ensuring they stay ahead of the curve.  While these vendors are certified to work with all major IP, UC and Video providers including Skype for Business, Cisco, Avaya, Mitel etc., vendors like Avaya and Cisco provide Session Border Controllers which are tightly integrated into their own offering.

If you are deploying SIP or UC and choose not to deploy an SBC you are taking too many risks and losing out on an opportunity to save money.

Understanding the need for an SBC

The most talked about driver for deploying an SBC is security.

SBCs were initially deployed within service provider networks to ensure that RTC traffic was properly routed between network providers, calls were secured and differing protocols understood so they could be delivered across different networks.

VoIP is an application that, by its very nature, is exposed to devices and networks that are out of the control of an enterprise. As VoIP adoption became more common in the enterprise, SBCs were increasingly deployed at the border between an enterprise’s network and the carrier’s network.

In the old days when you placed a phone call, the call was placed on an approved device and carried across the phone companies’ PRIVATE network. Like other IP applications, VoIP can be carried over public networks — often across several public networks — and calls can be initiated or completed on devices that aren’t under the control and regulation of the phone company, for example, personal computers (PCs) or smartphones. This makes the VoIP world considerably more vulnerable leading to some common VoIP attacks.

Some common VoIP attacks include

  • Service theft and fraud: Attackers accessing a VoIP system to route traffic and use network resources without paying for them. Here at CTI one of in-house systems which was not secured by a SBC was compromised. Luckily for us, the far end, assuming we needed to dial 0 for an outside line which was incorrect, ended up dialling the emergency department on 000 (0 + 0011) and the police were despatched to our registered address to investigate.
  • Spoofing: Deliberately modifying or disguising an identity (for example, caller ID) on the network
  • DoS/Distributed Denial‐of‐Service (DDoS) attacks: Flooding a server or SBC with requests to overwhelm its available resources
  • Registration storms: Like a DDoS attack, in which many devices (typically hundreds of thousands to millions) simultaneously attempt to register with a SIP server in a UC network

Why do I need a Session Border Controller when I have a firewall?

A firewall can be configured to allow VoIP sessions to pass through the network to client devices within the network. The problem is that VoIP (and UC Sessions are set up and torn down frequently and in large numbers. Additional services are often added during the middle of a call (for example, when someone begins to instant message another user during a conference call, or when someone shares a picture or video during a voice call). Typically, a firewall just isn’t set up to handle this kind of dynamic service provisioning.

Besides security, what other functions does an SBC provide?

Consolidate Policy Management:SBCs can also provide centralized policy control, so routing and policy changes can be delivered globally across multi‐ vendor networks from a single management point. These policy engine capabilities enable organizations to implement and manage many policies including:

✓Intelligent call routing

✓ Custom dialling plans

✓ Call blocking and screening

✓ Emergency call routing

✓ Local number portability lookups

✓ Calling name delivery

Secure Remote Workers: A SBC provides the opportunity for remote user to register securely over the public internet without requiring VPN.

Endpoint interoperability: Many organizations have deployed communication endpoints created by different manufacturers or software developed by different vendors, such as Cisco Jabber and Microsoft Skype for Business. Different video systems may support different video codecs, so the SBC must be able negotiate with each device so the same video codec is used, thereby ensuring interoperability between devices. Even if all the endpoints in a video call use the same video codec, the SIP protocol implementations used by Cisco, Microsoft, Avaya, Polycom, and others differ enough to require a translation device to make sure the signalling works to connect to all the devices.

SBCs solve this problem by modifying the signalling information contained in the SIP packets so that endpoints can communicate with each other through a process known as protocol normalization. Protocol normalization allows organizations to keep their hardware and software investments, while making video solutions from different vendors work together so they don’t have to get all their network components from a single vendor.

Video Support

Businesses regularly conduct virtual meetings using voice, video streaming, and other rich‐media communication services. Still, some challenges remain:

Intercompany communication: Enterprise routers and firewalls are vital for securing a network, but they often wreak havoc on video communications because they block all incoming calls and session requests, hide the IP addresses of internal devices, and degrade performance by inspecting packets that traverse the firewall. You can get around NAT and firewall‐related issues by deploying a video‐friendly firewall or a video bridge with dual network ports, but each of these options potentially compromises security and performance and adds cost and complexity.

Interoperability issues: A wide range of video conferencing standards exists, but despite these standards, interoperability issues still prevail due to different protocols (SIP, H.323) or video/audio compression Some other issues also include basic connectivity and interoperability with devices that provide a less than optimal experience due to call speed and device type.

An SBC can provide video proxy services, NAT/firewall services, protocol conversion and transcoding, Quality of Service (QoS) monitoring and more. SBCs can also perform protocol translation between SIP and H.323 as well as H.264, H.263, G.722, and many other video and audio protocols.

Transcoding Calls Another one of the SBC’s jobs is to transcode, or change, codecs as media sessions pass through the SBC. The SBC knows which codecs are supported on each side of the network border and is required and decode then re‐encode the voice or video signal as it crosses the network border. A good example might be compressing SIP traffic from you carrier using G729a(8k) to preserve bandwidth and presenting this to users on the LAN in a higher quality codec such as G711(64k)