Unified Communications and SBCs in an IPv6 World

In writing last month’s paper on Federation Gateways, I started thinking about Session Border Controllers (SBCs) in general. A comment on that paper (from Hamid Nabavi) and an amusing and informative article about IPv6 posted around about the same time by my UCStrategies colleague, Dave Michels, caused me to consider SBCs in light of IPv6. Based on my (then) limited understanding of IPv6, it occurred to me that SBCs may not actually be needed in an IPv6 world. So I started to dig deeper into this and what I found was surprising.

A Brief History of IPv6

As I’m sure that you know, IPv6 is the next version of the Internet Protocol standard, intended primarily to address (pun intended) the exhaustion of the IPv4 address space. IPv6 was originally specified nearly 13 years ago and its impending deployment has been forecasted pretty much ever since. It turns out that the life of IPv4 was extended by the implementation of private networks operating behind Network Address Translators (NATs), but they were just a "Band-Aid solution" to a much bigger problem. The growth of the internet being what it is, the final blocks of IPv4 addresses were allocated by the Internet Assigned Numbers Authority (IANA) to the Regional Internet Registries (RIR) last February. The first RIR to deplete its address allocation was the Asia Pacific RIR (APNIC) in April. Given that:

• Internet endpoints such as tablets and smartphones are selling faster than free t-shirts;
• APNIC represents 53% of the world’s population but is allocated only 18% of the IPv4 address space:
  • Yet this half of the world is the fastest developing and fastest to adopt internet technology (includes India and China).

…it’s a reasonable assumption that IPv6 deployment might actually be imminent. So what are the implications of IPv6 for UC?

IPv6 and UC

IPv6 extends the internet address space from 2³² (4.2bn) addresses to 2¹²⁸ (340 undecillion, or 340 with 36 zeros after it) addresses. According to Cisco, that is 100 IP addresses for every atom on the face of the Earth; so IPv6 should keep us going at least until the iPhone 5 is launched. Humor aside, this makes it possible for all digital media services, including UC, to be presented on as many "devices" as we have access to at any given moment (including cars, TVs, entertainment systems in aircraft seats, etc.). However, IPv6 has other benefits; many that are relevant to UC implementations:

• The elimination of the primary need for NATs (i.e. the size limitation of the public address space);
• An increase in privacy and security, by mandating Internet Protocol Security (IPsec);
• An elimination of the need for MAC addresses (another privacy issue);
• Multicasting is inherent in the design (thereby making conferencing implementation easier);
• An expansion of the IP packet size (MTU) to reduce packet fragmentation.

Many of these benefits are concerned with the way that UC traverses the boundary between the enterprise network and the public network. This is normally the domain of the SBC so, at face value, it would seem that the SBC business is about to be disrupted.

IPv6 and SBCs

The primary role of SBCs in a UC implementation is threefold:

• Facilitating the transmission of UC signaling and media through NATs and firewalls;
• Maintaining network and communications security and privacy;
• Intermediating incompatible protocols and media, including addressing SIP over UDP packet fragmentation (as a B2BUA, SBCs are compelled to do this).

Comparing these to the IPv6 benefits above, the main features of the SBC appear to be at least partially invalidated by IPv6. However, the diminishment of the role of the SBC by IPv6 assumes several things:

• A global "flash-cut" from IPv4 to IPv6, which we know isn’t going to happen;
• The elimination of the DMZ, NATs and internal topology hiding that currently provide defense against internet-borne malfeasance;
• The implementation of end-to-end authentication and encryption between all networked devices:
  • This would encompass all clients and servers that are within the DMZ and which would traverse the DMZ (e.g. UC clients);
  • This is something we are not even seeing now in all UC implementations and deployments (either by design or by policy) or in SIP Trunking (see my previous paper on this).

Therefore it is reasonable to assume that the SBC will survive at the very least until both the ISP and the enterprise have each transitioned to IPv6, and maybe longer. There may (or may not) be an additional role for the SBC in IPv4-IPv6 conversion, particularly if the Federation Gateway role becomes a reality (i.e. to make transparent the timing of the conversion to IPv6 of your federation partners).

Implications for the UC vendor and the UC customer

As you can tell, I don’t have all (or even any) of the answers: this paper is really just a list of questions. However, these are probably questions that readers are asking themselves. Therefore, in keeping with the mission of my consulting and analysis firm, I am setting myself the task of providing some IPv6 UC Insights. I intend to conduct a deeper investigation into the implications for IPv6 for UC and to conduct a survey of UC vendors, including SBC vendors, on their plans for IPv6 and the role that their products play in an IPv6 world. The timeline for publication is mid-late Q4 ’11.

If you are interested in seeing a copy of this survey, have suggestions or comments, or would like to participate, please contact russell@ucinsights.com.

6 Responses to "Unified Communications and SBCs in an IPv6 World" - Add Yours

Art Rosenberg 8/9/2011 6:39:26 PM

Russel,

Thanks for moving the UC ball along with your questions about tomorrow's network infrastructure implications. I have similar issues with the future of contact centers that must support customers and customer-facing staff who may all be mobile or working away from an "office.".

The flexibility of UC needs to have the network decks cleared for such activity to be more cost efficient and mobile endpoints, which benefit end users the most, will not be as controllable as legacy, location-based telephony. See article on "Reverse" Call Centers at:

http://connectedplanetonline.com/independent/news/reverse-call-center-outsourcing-driven-by-broadband-could-create-one-hundred-thousand-us-jobs-0804/

Obviously, there will be a "migration" issue to be dealt with and service providers will play a key role in those solutions. So, it will be interesting to see the responses to your survey that you will be getting from technology providers of all types.

Art Rosenberg
The Unified-View
(310) 395-2360

Hamid Nabavi 8/12/2011 5:08:13 PM

Thanks Russell for looking into this and for your follow up plan. With your background and interests, I think you are in a good position to take on this task and help bring together some of these efforts that may not be in tune with one another. As I mentioned in my earlier comment, I also wonder where the ITU NGN activities are; and if there is any communications between them and the UC community.

danny loeb 8/17/2011 10:10:08 AM

Russel, i am a bit confused. I didt ever see the role of the sbc as - solving the ipv4 address space problem, but rather as an entity that enables enforcing cross domain policy. In that scope you can find security and acceleration functions, which i dont expect to see disappearing ...

Hamid Nabavi 8/18/2011 2:51:18 PM

According to the following article IPv6 security cannot be taken for granted either:

http://www.lightreading.com/document.asp?doc_id=211183&f_src=lrweeklynewsletter

Russell Bennett 8/18/2011 7:53:51 PM

Danny & Hamid - thanks for your comments, which are completely in line with my thinking, which is why I am looking further into this. Specifically:

Although I currently view IPv4/IPv6 interworking as a router function, it appears that SBC vendors are claiming IPv4/IPv6 interworking as a feature, see: www.acmepacket.com/Collateral/Documents/.../APKT_Interconnect2011.pdf

I agree, and mention above, that IPv6 security is predicated on end-to-end encryption and authentication, which many enterprise security professionals will find inadequate, even if implemented. This is one reason why I think that SBCs will survive the IPv6 transition.

Art Rosenberg 9/5/2011 9:18:53 AM

Russell,

I am starting to see the role of SBCs being extended to the domain of network-based analytics. That is, rather than looking at communication activities with people from just a device, application, or single network perspective, individual user end-to-end activity can be tracked by an SBC that is a gateway for all cross-network interactions.

So, in keeping with the goals of UC to support all forms of multi-modal contact initiation and contact reception/response with people, network access can become a practical focal point for collecting the analytical activity data that is rapidly becoming key to business process planning and management.

Perhaps, as you have indicated, IPv6 will become the vehicle for the extended role of SBCs in the future of UC.