October 30, 2023
by Bhagirath Sindhav / October 30, 2023
VoIP traffic comprises a variety of codecs and protocols leading to mismatches affecting communications, areas superbly handled by the session border controller’s (SBC) ability to transcode codecs and translate protocols.
VoIP providers can help resolve these mismatches and provide a seamless experience. It can have other functions such as control and monitoring and NAT traversal besides hiding internal topology, proving to be the proverbial Swiss army knife for VoIP functionality.
A session border controller is a device that regulates and protects IP communications. It sits at the frontier of your VoIP network and plays a multidimensional role covering: security regulation, connectivity, quality of service, and compliance.
Session border controllers are used to control a user’s IP communications sessions. SBCs were originally created for VoIP networks, but they are now used to regulate all forms of online communication: VoIP text, VoIP instant messaging, VoIP video, and other collaboration formats.
Voice over Internet Protocol (VoIP) is worlds apart from the standard legacy public switched telephone network (PSTN) lines, which are traditional circuit-switched telephone networks or a collection of voice-oriented public telephones.
Voice is “packetized” and uses IP to travel over open internet lanes until it reaches the final destination where the packets are reassembled. That makes voice traffic vulnerable to malicious attacks such as Denial of Service (DoS).
There’s also the other aspect of media codecs and protocol handling to enable seamless communication. The third is to hide internal network topology from external view and thus maintain security as well as facilitate communications. There are lesser but no less important tasks like scaling and prioritizing traffic that the SBC handles with ease.
In order to understand one of the many roles the SBC plays, one must take a look at the session initiation protocol (SIP). Over time several flavors of SIP developed, bringing in their wake issues in VoIP communications. One would have to go into a lengthy explanation of how SIP works.
In brief, what happens when a SIP session is established is that endpoints carry information of IP addresses of point of origin and destination. The SIP messages carry “open” headers that proxies in the chain use. This means malicious attackers can use this information to attack proxies and gateways. It is easy to tunnel into networks and launch any kind of attack such as:
What does a session border controller do in this scenario? When the SIP messages go through the SBC it replaces addresses of internal components and encrypts information, making it difficult for hackers to target networks.
Apart from the fact that there are several variations of SIP, the main drawback is that SIP ignores the issue of network address traversal or NAT. Most business-level networks are behind a firewall and devices use private IP addresses not routable on the internet. One may use solutions such as STUN and ICE but with mixed results.
On the other hand, SBC acts as the public interface, replacing user agent information with its own. Without the SBC in place, there will be issues such as not being able to connect outgoing calls or receive incoming ones. It goes further and sends media for the user back to the origination point in a symmetrical way to work around NAT.
VoIP is not just voice calls. Networks must handle media and emerging communication services such as OTT services, VoLTE, and WebRTC. Traffic becomes complex and connectivity can become an issue, especially when points of origin and destination use different media codecs and protocols.
What happens is that a call may not be received, there may be glitches, and you cannot make yourself audible or visible to the other party and, generally, experience issues.
Here again, the session border controller plays a key role:
The SBC network needs to evolve to be future-proof and deliver the highest levels of quality of service.
You may have your own definition of quality of service. For those using voice calls, the criterion may be the ability to get through on the first attempt. For some, it is important that audio quality and speech come across crystal clear.
The SBC solution should be able to use the transport protocol in use by the destination and use IPv4 or IPv6 as the case may be and translate incoming and outgoing protocols.
System administrators may insist that the SBC be capable of integrating signals and media and maintaining session state besides being able to handle any load and conduct deep packet inspection to ensure compliance with safety protocols.
Managers may wish to derive MOS scores or know routing performance and derive information on usage. Telecom operators and service providers may wish to have billing and accounting linked to calls and derive statistics.
The SBC is capable of all this and more to ensure the highest levels of services that the VoIP system must handle.
Telecom operations are subject to a variety of regulations. One such aspect is to monitor calls, track calls, record calls, and even intercept calls that you suspect are unauthorized.
It is not only calls that must be tracked; you may even need to keep a watch over the media. If you use only the SIP model then you have access to only the signaling component. Incorporate SBC into the network and you have a handle on media and signals.
It can go further in letting you set up your configuration to give access control and prevent fraud. This can be done by way of whitelist and blacklist. The SBC replaces the SDP address with its own to support NAT and, in the process, permits only authorized users can send media traffic.
Service providers may offer flat fee packages that can be misused by a subscriber who resells such availability and lead to an overload of the network besides causing a loss. The SBC tracks user behavior, number of parallel calls, and other activities as well as frauds.
Tip: Get even more information on why you need a session border controller to stay informed.
You can regulate your VoIP system and you can stay compliant with local regulations, especially as regards confidentiality and security as is insisted upon in specific fields like healthcare.
The SBC solution, if you choose the right one from the right vendor, can do a lot in different areas. How to do it is also something you must know to extract maximum mileage.
You might want to go a step further and use the configuration feature to set up custom security for your network. This can be done in a few different ways.
The session border controller can be configured to handle only calls from a defined user list and reject calls from others. You can set it up to monitor calls and gather user data such as numbers dialed, frequency of such usage, and time spent on each call.
This will help you define limits of usage. Policing will also detect malicious attempts at simultaneous calls with the intent to flood the network.
One of the benefits of having the SBC in place is that you can allocate resources to specific users ranking high in importance, prioritize calls from certain numbers, and distribute bandwidth to ensure quality of service. For instance, you can prioritize signals over media so that voice calls do not face issues.
Depending on the type of SBC solution in use the system may be able to handle a certain amount of concurrent calls and media traffic but it is also dependent on available bandwidth and internet speed.
In such cases, the system may be configured to limit the number of simultaneous calls. The SBC may limit registration requests through static means or permit registration for multiple phones. You could also separate signaling and media planes in the softswitch to permit the scaling of calls and media.
One way to guard against Denial of Service attacks is to set up call admission control policies. These are based on monitored traffic profiles of registered users and parsing of headers to identify the authenticity of calls. It is common to set up a transport layer and secure RTP encryption to protect traffic over open networks.
If an attack happens then the system responds by shutting traffic completely. However, AI-powered SBCs can distinguish between legitimate and suspicious activity and permit the flow of authenticated traffic.
Another way to have better security is to focus on Type of Service (ToS) and set up DSCP marking. The ToS information is available as four-bit flags in the IP header and you can set only one bit at a time for minimum delay, for maximum throughput, for maximum reliability or for minimum cost. This supports media like audio, video, image, text and data based on protocols like SIP, H.245, and H.225.
The ToS values lets you create media type combination. You can be quite specific by defining and manipulating parameters such as media manager, media policy, and settings among others.
RFC 1349 underlies ToS but you can also use RFC 4594 underlying Differentiated Services to define ToS. However, it may apply only to RTP packets. You can map DSCP (DiffServ Code Point) values to ToS values and then pick on ToS setting in the IP bearer profile to fine-tune the security aspect.
It is best left to an expert to fine-tune the system for optimal security and performance based on SBC applications and the SBC network.
In its earlier avatar, the SBC had just one main application and that was to provide security for VoIP calls. However, as VoIP usage spread and codecs as well as protocols proliferated, it had to take on another role as facilitator.
Session border controllers may be available in the form of hardware or software, the latter becoming more popular by the day since there is a predefined limit in hardware device whereas software scales. Further, the trend is towards virtualization as a way towards better assimilation and reduced costs.
It is possible to customize SBC to suit specific application areas. For instance, SBCs used between two carriers may have emphasis laid on security, media codec transcoding and high volume of calls. Normalizing SIP is another function that the SBC takes care of effortlessly.
The SBC stands at the edge of network between operator and subscriber.
An enterprise may opt for SBC to safeguard its network and improve performance of calls and media interoperability besides putting in place controls, fraud detection and other measures to control costs and provide security. It also comes in handy for topology hiding and NAT traversal. One concern is to ensure security of the IP PBX system and the SBC addresses this admirably.
The SBC plays a variety of roles when used in the telecom carrier and VoIP service provider segment:
Enterprises are switching over to VoIP based PBX but they may still have existing PSTN lines. Apart from IP PBX there may be unified communications covering email, fax, SMS, voice and video calls and chat. However, phone is the mainstay and even here the flow and usage is complex when there are hundreds or thousands of users trying to call at the same time. So the SBC must be able to handle concurrent calls without any loss in quality of service.
Since the internal network contains precious and sensitive data, it is a prime imperative that the SBC hide the topology and close sessions on call termination while permitting NAT traversal. The PBX connects to the private interface and the public address is used to connect with telecom operator.
Enterprises are increasingly becoming subject to hacking attacks. The SBC simply anticipates and rejects such attempts at DoS, eavesdropping, tunneling, injection and so on, keeping its internal network secure while also encrypting media packets to prevent theft of voice data.
Many consider the SBC to be an unnecessary expense. The assumption is that if the telecom operator or the enterprise at the other end has SBC why bother with one here at this end? This is fallacious reasoning since the SBC at the other end protects that network, not yours. Besides, without the session border controller you will experience issues like call connectivity, media codecs transcoding and protocol handling which take the joy out of internet telephony and video.
The greatest benefit is security of your VoIP network and data in your internal network. The SBC handles all these with ease, never letting you know it is there but working day in and day out to facilitate communications at a lower cost, adding to your revenues. It is an investment, not an expense.
This article was originally published in 2020. It has been updated with new information.
Bhagirath Sindhav is a Digital Marketing Executive at Ecosmob Technologies Pvt. Ltd. He has been in this field for 3 years and is curious about technology updates and loves to pen down his thoughts about the same. He has also prepared a link-building strategy following SEO tactics.
As a golf course owner or manager, you want to create an exceptional experience for your...
For most people, networking is a complex, nuanced knowledge space; the only thing more...
Imagine a world without communication: business would grind to a halt, governments would be...
As a golf course owner or manager, you want to create an exceptional experience for your...
For most people, networking is a complex, nuanced knowledge space; the only thing more...