The Session Initiation Protocol (SIP) is a robust and feature-rich signaling mechanism for controlling voice, video, and messaging sessions. Most Real-Time Communications (RTC) use this protocol to establish communication between hosts.
But the SIP protocol doesn’t come without challenges. Although SIP vendors follow compliance, they create systems that are not compatible with each other. This incompatibility also leads to security issues that put RTC and UC data at risk when flowing through the Internet.
The SBC Session Border Controller Appliance is designed to control SIP-based communications, including UC and VoIP. This appliance guarantees interoperability, security, and other services that ensure seamless communication.
Summary
We will be reviewing an SBC white box appliance solution that helps solve some of the common SIP-based communication challenges. From interoperability, security, and Firewall/NAT issues.
SBC appliances are purpose-built devices designed to protect and regulate IP-based communication traffic. These units are deployed at the border of a network to control incoming and outgoing IP communications flaws.
First, there is the SBC appliance for customer premises. Lanner’s FW-7551, x86 appliance designed specifically for vCPE, can be configured as a virtual SBC. These kinds of devices work more efficiently on the edge network. Next, there is Lanner’s HTCA-6620, which is a high-performance appliance built for challenging environments, like service providers. The HTCA 6620 is suitable as an SBC appliance for Service Providers but can also run as SIP Server, Firewall, Switching service (among others).
Challenges
Secure and efficient SIP-based communication doesn’t come without challenges. Below are the most common challenges when implementing SIP-based VoIP.
- Insecure SIP-session based VoIP communications. Whatever is going out to the Internet, it will be at risk. When internal VoIP traffic needs to travel outside of a corporate network, it will be at risk from cyber-attacks and Malware. There is no guaranteed security for session-based communications outside of the network borders, especially between SIP messages.
- Lack of interoperability. SIP (Session Initiation Protocol) specifications and compliance offer a lot of flexibility— so it becomes easy to implement a SIP-session based VoIP network. But, unfortunately, not all of these sessions are compatible with each other. UC and VoIP are often challenged with the lack of interoperability when extending their communications beyond network borders.
- NAT and Firewalls may compromise VoIP communication. Although SIP implementations are robust, they may have difficulty reaching private networks. These private networks that are sitting behind NATs and firewalls are likely to stop SIP-based communications.
- SBC proprietary hardware. SBC appliances that are designed and sold as proprietary turnkey solution are usually a dedicated single-purpose solution and very costly.
Solution
Two SBC appliances will help overcome these SIP-based communication challenges. The virtual Session Border Controller appliance for customer premises and the high-performance SBC appliance for service providers.
The SBC Appliance for CP (Customer Premises)
Traditional SBCs running as CPEs on the customer’s premises are usually proprietary hardware. But there is an alternative, the virtual CPE (vCPE). This device uses software-based functions to perform operations, which were typically executed on hardware.
Lanner’s FW-7551 x86 appliance is designed explicitly for vCPE, SD-WAN, Network Edge Security, and Network Performance Monitoring (NPM). It is a compact desktop appliance capable of running virtual network functions (VNFs), which can be configured as a Virtual SBC.
A Virtual Network Functions (including Virtual SBC, Firewalls, and other) operate more efficiently on edge. All these virtual functions (including SBC) can be pushed from a service provider.
FW-7752 Key Features
- Processor with enhanced communication features. Intel 2, 4, or 8-core Atom C2000 SoC (System-On-Chip) CPU — codenamed “Rangeley”. It has a subset of server products with additional communication capabilities.
- Rich I/O: 4 or 6 built-in GbE LAN ports, 1 x RJ45 (console), 2 x USB Type-A, 1 or 2 x ECC DDR3 1600 SO-DIMM, 1 system cooling fan, and a 36W or 60W power adapter.
- Certifications: CE Emission, FCC Class A, and RoHS Certifications. Additionally, FW-7552 is also certified as NTT Lagopus compatible software switch, and NTT Lagopus SDN virtual switch.
The SBC Appliance for Service Providers
Lanner’s HTCA-6200 is far from just an SBC appliance. It is a Hybrid TCA (AdvancedTCA) platform built to meet the challenging requirements for service providers, cloud computing, and data centers. This appliance is made for extreme performance. It brings together data processing, control, and management into a single system.
The HTCA 6620 is suitable as an SBC Appliance for Service Providers and SIP Server + Firewall + Switching service.
Additional Relevant Services:
- SIP Server + Firewall + Switching service.
- IP PBX and SD-WAN Controller.
- NFV Orchestration.
HTCA 6620 Key Features
- High Availability: Network SBC appliance with 2U rackmount chassis.
- Powerful Processing with dual CPU: 2 x86 CPU blades. Each blade supports up to 2 Intel® Xeon® E5-2600 v3/v4 CPUs and 16x DDR4 sockets.
- High capacity switching: BCM StrataXGS™ Trident-II/II+ BCM56854/56860 Switch Fabric delivers extremely high switching and load balancing capacity. It handles either 720 or 1280 Gbps fabric capacity. This feature makes the switch, able to provide 100GbE connectivity.
- Hybrid Functionally. 2 x Swappable I/O blades in front, supporting up to 2 switchblades or Ethernet blade configuration.
- NEBS compliance. The HTCA6200 meets the compliance of the Network Equipment Building System (NEBS) standard.
Benefits
The following are some of the best benefits when using a Session Border Controller:
Security
One of the most significant benefits of an SBC appliance is security, especially for the VoIP network attacks. SBCs are capable of analyzing patterns in Session Initiation Protocol (SIP) traffic and identify unusual behaviors. SBC appliances are capable of finding and mitigating attacks like DoS and DDoS. SBC also protects from related attacks like toll fraud and SIP/RTP flooding.
Interoperability
An SBC appliance mediates SIP communications between different devices. It adjusts the signaling data (call control) to allow interoperability between devices. An SBC appliance will make VoIP calls flaw smooth through different audio/video devices, and also communication possible through Firewalls and Network Address Translators (known as NAT Traversal).
Additional Media Services
An SBC appliance can also transcode the codecs that deal with the voice signals to digital conversions. The SBC’s built-in audio transcoding allows the voice call to adapt quality according to bandwidth.
Flexibility and Scalability
An SBC appliance such as the HTCA-6620 can adapt to the unprecedented traffic growth of a few to thousands of SIP sessions. Additionally, an SBC appliance (especially for service providers) allows better flexibility when delivering multimedia applications to customers or employees. Also, pushing Virtualized SBC “NFVs” onto a vCPE like FW-7752 will result in a much flexible and scalable solution.
Remote connection to your phone system
Connect remote workers to the phone systems and automatically detect attacks or vulnerabilities. Additionally, connect remote SIP trunks to the phone systems—all without the need for a VPN secure connection.
Next Steps
For more information on other vCPEs or telecom datacenter appliances for the SBC solution, please contact a Lanner’s sales representative.
Photo by Petr Macháček on Unsplash
