sip session border controls

Session Border Controls:Long term solution or short term stop gap?

Jonathan CummingDirector of VoIP Product Management

Data [email protected]

http://www.dataconnection.com

Copyright © 2005 Data Connection Limited

Agenda

• What is Session Border Control?

• Pros and Cons

• SBCs and IMS

• The Future



Data Connection Overview

• Background• Founded in 1981• Headquarters in Enfield• 300 employees across 7 worldwide

locations

• Stable and Independent• Steady, profitable growth• Privately held & self-funded by

Employee Benefit Trust• No plans for IPO or sale

• World Class Team• Recruit, invest, retain• Retention: <2% turnover

• Portable network protocols• VoIP - SIP, MGCP, Megaco/H.248,

Session Border Controller• MPLS - RVSP-TE, LDP, CR-LDP, VPN• IP Routing - Unicast and Multicast• ATM - UNI, PNNI, IPOA, ILMI

• Messaging/Directory/Conferencing• MetaSwitch

05

10

15

20

25

30

35

40

45

50

55

82 84 86 88 90 92 94 96 98 00 02 04

$M

REVENUEEARNINGS Data Connection

Group Results, 1982-2004



What is Session Border Control?

• The set of behaviour required at the network boundary when handling media sessions

Lawful interceptBillingSLA compliance

checks

Monitoring

IPv4/v6 interworkingSignalling Protocol Interworking:

SIP↔H.323, MGCP↔H.248,different protocol variants.

Firewall/NAT traversalVPN bridging and overlapping address

resolutionBad protocol detection / correctionMedia transcodingDTMF interworkingPolicy interworking (QoS, Identity, Charging)

Interoperability / Reach

Topology hidingAnonymisationEncryption

AuthenticationDoS protectionBandwidth theft

protectionEmergency call

prioritisationSLA policingNetwork congestion

avoidancePolicy based routing

PrivacyQoS and Access Control

• Required to provide managed service• But there are side effects …



Where are SBCs used?

Switch

ApplicationServer

Enterprise

Residential Line

Service Provider 1

PSTN

Session BorderController

Media Gateway

Edge Router /Aggregator


FirewallSwitch

ApplicationServer

Service Provider 2





Why people like SBCs

• Carriers• Replicates traditional network model

• QoS and Access Control, Privacy, Monitoring• Security is a serious concern with increasing scope for attacks

• Interoperability • Hides access network complexity from core services

• e.g. VPNs and IPv4 issues, Firewall traversal• Provides gateways to non-standard networks

• Enterprise• Voice/media friendly firewall• Platform for voice SPAM filter• May be used to check billing from service provider

They solve today’s problems



SBC Side Effects

• SIP headers and IP addresses in SDP modified• Reasons

• NAPT and privacy of end-user location• Media transcoding and monitoring

• Effect• Breaks end-to-end security (authentication and encryption)• Prevents the endpoints communicating directly with each other• Requires SBC changes to understand most protocol enhancements

• SIP routing rules overridden• Reason

• NAT and firewall traversal• Effect

• Adds a single point of failure

They limit flexibility and slow service evolution



How SBCs fit into IMS

• Session Border Control is necessary in IMS• IPX Proxy adds another SBC

• Concerns:• SBCs turn each carrier into a separate island• IMS-based networks will evolve more slowly than a more open network

SIP signalling PolicyMedia path

Home Network

IMScore

Called Network

IMScore

IMScore

NNI

Bord

er C

ontro

l

Visited Network

UNI

Bord

er C

ontro

l

AccessControl

NNI

Bord

er C

ontro

l

UNI

Bord

er C

ontro

l

AccessControl

NNI

Bord

er C

ontro

l

NNI

Bord

er C

ontro

l

Caller Callee



SBC

PDF

P-CSCF

Gq

GGSN /PDG

SBC

RACSGq'

BGF

P-CSCF

SPDFA-RACS

Ia

SIP

DiameterH.248

Access Policy

MediaR7 Access Network

I-CSCFInternal Signaling

Internal Media

R6 Access Network

SBC function in IMS architecture

• IMS is evolving to incorporate SBC function• Adding access network control, NAT function, interworking between SIP versions



What of the future?

• Some function will become unnecessary• Firewall and NAT traversal can be resolved without an SBC

• Firewalls will become more SIP friendly (longer pinhole timeouts)• IPv6 will (hopefully) remove the need for NAT, particularly in the core• STUN and reduced use of symmetric NATs

• Device interoperability will improve

• BUT the requirement for SBC functionality will not go away• Security and Access Control

• Security at all network boundaries will increase• Protocol-aware function (ALG) is likely to increase as part of this battle

• Monitoring• Legislation will require increasing sophisticated monitoring capabilities

• But this will not be an SBC on a network diagram, as the functionality will migrate into many devices

• Edge router, P-CSCF, BGCF, I-BCF, IPX Proxy, …


Thank you for listening

Any questions?


sip session border controls

Documents