Skip to content
Myng edited this page Jul 26, 2021 · 22 revisions

Introduction

A Session Border Controller (SBC) is a network function which secures voice over IP (VoIP) infrastructures while providing interworking between incompatible signaling messages and media flows (sessions) from end devices or application servers. SBCs are employed in Enterprise infrastructures or any carrier network delivering commercial residential, business, fixed-line or mobile VoIP services. They are typically deployed at both the network edge and at carrier interconnects, the demarcation points (borders) between their users and other service providers. Communications service providers and enterprises both make use of SBCs. Service providers deploy SBCs at access, core and interconnect network borders. Enterprises typically deploy SBCs at the edge of the enterprise network, for example as the termination point for a SIP trunking service.

Functions

  • Security - The main reason Session Border Controllers are used within businesses is for security. SBC protects against hacking, cyber-attacks and any bad influence from outside the network. The SBC is essentially a more efficient and secure firewall. Where a firewall is in place for most general systems and networks, an SBC is specifically designed to protect your personal network. The SBC also encrypts data, signaling and media, preventing outside influences from monitoring your information and activity.

  • Interoperability SBCs allow different parts of a network to communicate and share data with each other. An example of how SBCs do this is through SIP normalisation. A key role of an SBC is to mediate SIP communication between different devices, systems or gateways that use or β€˜speak’ SIP differently. The SBC manipulate (or normalises) and translates SIP signaling and messaging so everything is properly communicated.

  • Quality of service (QoS) - The SBC implements the Quality of Service or QoS policy, that measures the performance of a service or network. The SBC regulates and prioritises rate limiting, traffic policing, call admission control and data flows that come into or go out of the network.

  • Routing - SBCs route the call across network interfaces by multiple logic factor.

  • Media Process This includes supporting the calls, data and fax interworking and media transcoding. Media encryption, Ringtone, Announcement. Media transcoding is where the SBC translates between different codecs. Essentially, codecs convert voice and video signals for digital transmission. The SBC can translate these through transcoding, resulting in better sound quality and reducing network bandwidths. This in turn results in a better call experience for your colleagues and clients.

Architecture

Frequent Asked Questions

  1. What is different between SBC and SIP Proxy and Firewall?
  • Proxy handle SIP signalling only
  • SBC handle SIP signalling and Media as well
  • Firewall handle the network function on for layer 2-4 only

Below is table of function comparison

Function Firewall Proxy SBC
Layer 2-4 Packet Filtering βœ… βœ… βœ…
Route/NAT βœ… βœ… βœ…
Prevent DSS/DDOS attach βœ… βœ… βœ…
SIP Header Manipulation /Interoperability βœ… βœ…
SIP Routing βœ… βœ…
Toll Fraud Protection βœ… βœ…
Topology Hiding βœ…
Media Transcoding/Transcyption βœ…
QoS Measurement & Reporting βœ…
  1. How does LibreSBC detect and defend attack?

Here is some techniques, LibreSBC use to protect system:

  • Built-in IP Firewall
  • IP white/black list
  • Brute-force attack prevention
  • Rate Limit: Concurrent call, Call per Second
  • Authentication
  1. How does LibreSBC limit call traffic?

LibreSBC implement these algorithm to control traffic:

  • Token Bucket for call rate limit
  • Leaky Bucket for traffic shaping
  • Concurrent call limit
  1. What is Topology Hiding? Why we need it?

SIP is complicated protocol with network information in header to control call flow, Naturally, It will record and expose network topology in message. Topology Hiding help to strip/substitutes internal network information before send to outside world. Yay, That is security harden.

  1. Can I use LibreSBC to perform load balancing, fail-over?

Yes, LibreSBC can be act as an load balancer, healthcheck, failover for far-end entities

  1. Can I deploy LibreSBC on cloud and/or bare-metal server?

Absolutely Yes, LibreSBC can be deployed and work well on cloud, bare-metal server or containers. We have some deployment on Digital Ocean, VMware, Docker and AWS already.