Session Border Controller - Theory of Operation

Theory of Operation

SBCs are inserted into the signaling and/or media paths between calling and called parties in a VoIP call, predominantly those using the Session Initiation Protocol (SIP), H.323, and MGCP call-signaling protocols.

In many cases, in order to hide the network topology and protect the service provider or enterprise packet network, the SBC will terminate a received call and initiate a second call leg to the destination party. In technical terms, when used within the SIP protocol, this is defined as being a back-to-back user agent (B2BUA). The effect of this behavior is that not only the signaling traffic, but also the media traffic (voice, video) can be controlled by the SBC. In cases where the SBC does not have the capability to provide media services on board, SBCs are also able to redirect media traffic to a different element elsewhere in the network, for recording, generation of music-on-hold, or other media-related purposes. Conversely, without an SBC, the media traffic travels directly between the VoIP phones, without the in-network call signaling elements having control over their path.

In other cases, the SBC simply modifies the stream of call control (signaling) data involved in each call, perhaps limiting the kinds of calls that can be conducted, changing the codec choices, and so on. Ultimately, SBCs allow the network operators to manage the calls that are made on their networks, fix or change protocols and protocol syntax to achieve interoperability, and also overcome some of the problems that firewalls and network address translators (NATs) present for VoIP calls.

SBCs are often used by corporations along with firewalls and Intrusion Prevention Systems (IPS) to enable VoIP calls to and from a protected enterprise network. VoIP service providers use SBCs to allow the use of VoIP protocols from private networks with Internet connections using NAT, and also to implement strong security measures that are necessary to maintain a high quality of service. SBCs also replace the function of application-level gateways. In larger enterprises, SBCs can also be used in conjunction with SIP trunks to provide call control and make routing/policy decisions on how calls are routed through the LAN/WAN. There are often tremendous cost savings associated with routing traffic through the internal IP networks of an enterprise, rather than routing calls through a traditional circuit-switched phone network.

Additionally, some SBCs can allow VoIP calls to be set up between two phones using different VoIP signaling protocols (e.g., SIP, H.323, Megaco/MGCP) as well as performing transcoding of the media stream when different codecs are in use. Most SBCs also provide firewall features for VoIP traffic (denial of service protection, call filtering, bandwidth management). Protocol normalization and header manipulation is also commonly provided by SBCs, enabling communication between different vendors and networks.

From an IP Multimedia Subsystem (IMS) or 3GPP (3rd Generation Partnership Project) architecture perspective, the SBC is the integration of the P-CSCF and IMS-ALG at the signaling plane and the IMS Access Gateway at the media plane on the access side. On the interconnect side, the SBC maps to the IBCF, IWF at the signaling plane and TrGW (Transition Gateway) at the media plane.

From an IMS/TISPAN architecture perspective, the SBC is the integration of the P-CSCF and C-BGF functions on the access side, and the IBCF, IWF, THIG, and I-BGF functions on the peering side. Some SBCs can be "decomposed", meaning the signaling functions can be located on a separate hardware platform than the media relay functions - in other words the P-CSCF can be separated from the C-BGF, or the IBCF/IWF can be separated from the I-BGF functions physically. Standards-based protocol, such as the H.248 Ia profile, can be used by the signaling platform to control the media one while a few SBCs use proprietary protocols.