sip session border controls
DESCRIPTION
Telecommunications Session Border ControlsTRANSCRIPT
Session Border Controls:Long term solution or short term stop gap?
Jonathan CummingDirector of VoIP Product Management
Data [email protected]
Copyright © 2005 Data Connection Limited
Agenda
• What is Session Border Control?
• Pros and Cons
• SBCs and IMS
• The Future
Copyright © 2005 Data Connection Limited
Data Connection Overview
• Background• Founded in 1981• Headquarters in Enfield• 300 employees across 7 worldwide
locations
• Stable and Independent• Steady, profitable growth• Privately held & self-funded by
Employee Benefit Trust• No plans for IPO or sale
• World Class Team• Recruit, invest, retain• Retention: <2% turnover
• Portable network protocols• VoIP - SIP, MGCP, Megaco/H.248,
Session Border Controller• MPLS - RVSP-TE, LDP, CR-LDP, VPN• IP Routing - Unicast and Multicast• ATM - UNI, PNNI, IPOA, ILMI
• Messaging/Directory/Conferencing• MetaSwitch
05
10
15
20
25
30
35
40
45
50
55
82 84 86 88 90 92 94 96 98 00 02 04
$M
REVENUEEARNINGS Data Connection
Group Results, 1982-2004
Copyright © 2005 Data Connection Limited
What is Session Border Control?
• The set of behaviour required at the network boundary when handling media sessions
Lawful interceptBillingSLA compliance
checks
Monitoring
IPv4/v6 interworkingSignalling Protocol Interworking:
SIP↔H.323, MGCP↔H.248,different protocol variants.
Firewall/NAT traversalVPN bridging and overlapping address
resolutionBad protocol detection / correctionMedia transcodingDTMF interworkingPolicy interworking (QoS, Identity, Charging)
Interoperability / Reach
Topology hidingAnonymisationEncryption
AuthenticationDoS protectionBandwidth theft
protectionEmergency call
prioritisationSLA policingNetwork congestion
avoidancePolicy based routing
PrivacyQoS and Access Control
• Required to provide managed service• But there are side effects …
Copyright © 2005 Data Connection Limited
Where are SBCs used?
Switch
ApplicationServer
Enterprise
Residential Line
Service Provider 1
PSTN
Session BorderController
Media Gateway
Edge Router /Aggregator
Session BorderController
FirewallSwitch
ApplicationServer
Service Provider 2
Session BorderController
Session BorderController
Copyright © 2005 Data Connection Limited
Why people like SBCs
• Carriers• Replicates traditional network model
• QoS and Access Control, Privacy, Monitoring• Security is a serious concern with increasing scope for attacks
• Interoperability • Hides access network complexity from core services
• e.g. VPNs and IPv4 issues, Firewall traversal• Provides gateways to non-standard networks
• Enterprise• Voice/media friendly firewall• Platform for voice SPAM filter• May be used to check billing from service provider
They solve today’s problems
Copyright © 2005 Data Connection Limited
SBC Side Effects
• SIP headers and IP addresses in SDP modified• Reasons
• NAPT and privacy of end-user location• Media transcoding and monitoring
• Effect• Breaks end-to-end security (authentication and encryption)• Prevents the endpoints communicating directly with each other• Requires SBC changes to understand most protocol enhancements
• SIP routing rules overridden• Reason
• NAT and firewall traversal• Effect
• Adds a single point of failure
They limit flexibility and slow service evolution
Copyright © 2005 Data Connection Limited
How SBCs fit into IMS
• Session Border Control is necessary in IMS• IPX Proxy adds another SBC
• Concerns:• SBCs turn each carrier into a separate island• IMS-based networks will evolve more slowly than a more open network
SIP signalling PolicyMedia path
Home Network
IMScore
Called Network
IMScore
IMScore
NNI
Bord
er C
ontro
l
Visited Network
UNI
Bord
er C
ontro
l
AccessControl
NNI
Bord
er C
ontro
l
UNI
Bord
er C
ontro
l
AccessControl
NNI
Bord
er C
ontro
l
NNI
Bord
er C
ontro
l
Caller Callee
Copyright © 2005 Data Connection Limited
SBC
P-CSCF
Gq
GGSN /PDG
SBC
RACSGq'
BGF
P-CSCF
SPDFA-RACS
Ia
SIP
DiameterH.248
Access Policy
MediaR7 Access Network
I-CSCFInternal Signaling
Internal Media
R6 Access Network
SBC function in IMS architecture
• IMS is evolving to incorporate SBC function• Adding access network control, NAT function, interworking between SIP versions
Copyright © 2005 Data Connection Limited
What of the future?
• Some function will become unnecessary• Firewall and NAT traversal can be resolved without an SBC
• Firewalls will become more SIP friendly (longer pinhole timeouts)• IPv6 will (hopefully) remove the need for NAT, particularly in the core• STUN and reduced use of symmetric NATs
• Device interoperability will improve
• BUT the requirement for SBC functionality will not go away• Security and Access Control
• Security at all network boundaries will increase• Protocol-aware function (ALG) is likely to increase as part of this battle
• Monitoring• Legislation will require increasing sophisticated monitoring capabilities
• But this will not be an SBC on a network diagram, as the functionality will migrate into many devices
• Edge router, P-CSCF, BGCF, I-BCF, IPX Proxy, …