The Five Key Questions About Session Border Controllers
After establishing their position in the consumer market, IP telephony services are poised to make the jump into the enterprise space. Certainly the growing use of IP-based PBX systems has paved the way for that migration, but the growing interest in SIP trunking services indicates that the shift to IP telephony is extending into network services as well. That change is bringing the session border controller (SBC) into the lexicon of telecom services, and it is a device that will play a critical role in the deployment of those services.
A session border controller is a device that sits at the interface (i.e. border) between two IP networks and supports voice, data and other real time connections (i.e. sessions) while providing a set of services for security, signaling and media compatibility (controller). Up until now, the primary market for SBCs has been service providers who found them essential in providing IP-based telephony services. Acme Packet is the largest manufacturer of SBCs, and the company’s equipment is used by over 750 IP telephony service providers and 160 enterprises worldwide. With the advent of SIP trunking services, the application of SBCs is expanding into the enterprise, and its use has raised a number of questions.
We will take a look at the major questions surrounding the functions, capabilities, and application of SBCs.
1. Can a session border controller save me money?
A session border controller won’t save you money directly, but SIP trunking can, and a well-designed SIP trunking service should include session border controllers at every interface to the IP network. Before we look at the SBC itself, it is important to examine the potential for SIP trunking in enterprise networking.
SIP trunking is the next logical step in the migration to an end-to-end IP telephony infrastructure. The service providers’ networks have already transitioned their long haul networks to IP and use time division multiplexed (TDM) based technologies like T-1 and PRI solely to connect to legacy interfaces on customer PBX systems. The fundamental idea of SIP trunking is to extend IP telephony all the way to the user, thereby simplifying the user-network interface, reducing cost, and increasing functionality. There are a number of areas where SIP trunking can impact the cost profile:
- Access Costs: Rather than purchasing access trunks in groups of 23 or 24 using PRI or DS-1 connections, SIP trunking allows customers to subscribe to the actual number of access trunks they actually require. Further, with voice compression (e.g. G.729a) you can pack several times the number of trunks onto the same physical access link.
- Per-Minute Charges: SIP-based services are generally offered at rates far below traditional circuit switched services.
- Consolidated Trunking: On SIP trunks, local, long distance, and toll-free services can be combined on the same access rather than requiring separate trunk groups for each.
- Centralized Trunking: In a multi-site IP PBX configuration, geographically dispersed locations are typically interconnected over an internal IP or MPLS network in one or more central locations. In that centralized configuration, all of the organization’s voice traffic can be supported on a far smaller number of access trunks. Fewer trunks are required because site-to-site traffic is carried on the internal network, and one single set of consolidated trunks is more efficient than a several smaller groups of service specific trunks.
2. Why can’t I just use a gateway?
Gateways and session border controllers provide different sets of functions. The primary role of a gateway is to provide a conversion between a traditional circuit-based interface like tip and ring, DS-1, or PRI and a packet-based service like a SIP trunk. SBCs sit at the interface or border between two packet-based networks.
SBCs and gateways may include some similar functions like voice transcoding (e.g. converting voice from G.711 to G.729A), but SBCs provide a number of additional functions unique to the IP telephony world. Key among those functions are signaling translation (e.g. H.323 to SIP) and security protection.
3. If it’s about security, can’t I just depend on my data firewall?
Early on in IP telephony, users discovered that the security functions required for a voice service are decidedly different than those required for data services. Data firewalls examine packets and either delete them or pass them on to the internal network based on a set of rules that are triggered by the TCP or UDP port address and a static set of rules. Voice traffic over an IP interface is far more dynamic, and UDP port addresses are assigned for the duration of a call; typically six ports are opened for each call: two for the media (i.e. inbound and outbound voice packets), two for the signaling, and two for the Real Time Control Protocol (RTCP) packets.
Data firewalls would have to leave large numbers of voice ports open continuously to support the requirements of voice traffic, opening the potential for hackers to launch attacks through those open ports. SBCs on the other hand operate as SIP back-to-back user agents (B2BUAs) that manage one SIP call over the Internet and a second to the terminating device. This configuration provides a better approach to VoIP security. The SBC monitors for call requests (i.e. SIP Invites), opens the required ports for the duration of the call, inspects each packet carried on that connection, and then closes the ports when the call is terminated. Those functions are standard in a SBC but not available in a data firewall.
4. Are all SBC’s created equal?
Session border controllers are complex devices offering significant internal processing capabilities. Among the major factors that differentiate them are capacity, scalability, and functionality. For example, Acme Packet builds SBCs with the capacity to support from as few as 25 to 128,000 simultaneous connections with full functionality. Functions such as call recording are critical in emergency and financial services as well as call center applications. Multi-site call center implementations often require the ability to overflow calls between sites, and SIP referral is a key function to provide that capability cost effectively.
There are also advantages to using the same SBC equipment as the service provider. Enterprise customers expect fast, easy turn-up and trouble free ongoing operations, regardless of the complexity of the interface. With the largest base of public installations worldwide, Acme Packet will likely be the device at the service provider end of the connection, virtually guaranteeing a smooth installation.
5. So is SIP trunking just about cheaper phone calls (where do we go from here)?
The advent of IP Telephony is just the first step in a revolution that is sweeping through real time communications. Early VoIP implementations were hampered by issues of complexity, security, and multi-vendor compatibility for both signaling and media. The adoption of SIP as the standard for session establishment and parameter selection has opened the door to the possibility for multi-function inter-company communications. That vision goes far beyond simple voice calls to encompass the full functionality of unified communications.
While session border controllers were initially introduced to address the requirements for IP voice, we are already starting to see the potential impact of SIP-based network services. The first outgrowth is video. Offering a richer communications experience, the use of traditional video teleconferencing and newer telepresence systems has been growing by leaps and bounds. However, the variety of signaling and media formats have generally restricted the use of telepresence to internal communications. Packet-based video involves many of the same challenges as VoIP, and session border controllers can provide the same type of security, translation, and recording interface functions. Acme Packet has been testing inter-carrier video through its systems, which should make it easier for inter-company video and telepresence usage.
The SIP standards address far more than real time voice and video connections. With SIMPLE (“SIP with IM and Presence Leveraging Extensions”), SIP functionality can be expanded to extend unified communications (UC) functions securely across public wide area networks and across company boundaries. Leading UC providers like Cisco, Microsoft, and IBM are actively working on federation where their UC solutions with presence, collaboration, and multi-function communications will interoperate seamlessly. The initial architectures assume simple point-to-point network connections, but with open SIP-based network services, federation could be extended across public networks as well.
Up until now, mobile networks have stood as separate standalone islands of circuit switching. However, with the move to all-IP fourth generation (4G) mobile networks, the mobile environment will become part of that all-IP environment. SIP-based interfaces to mobile operators could allow texting, presence, and even mobile location capabilities to be interfaces to an enterprise’s wired UC implementation.
Conclusion
At the outset, SIP trunking is addressing the simple and immediate problem of efficiently and securely allowing cost-effective IP-based telephony services to be delivered to the enterprise. Session border controllers will be a key element in supporting those installations with features and capabilities that do not exist in IP PBXs, gateways, routers, data firewalls, or the other elements we find in place today. While the role of the SBC is important in these early applications, the real key is the long-term vision. IP-based services for voice are only the tip of the iceberg when we look at the overall capabilities afforded by a SIP-enabled IP network. Enterprises are laying the foundation for an environment where the power of UC can be extended to all companies worldwide, across public networks both wired and wireless to improve business effectiveness.
This paper is sponsored by Acme Packet.