Newport Networks Session Border Controller
Home Company Investors Solutions Product News Contact White Papers
Search Site Map

Products

Architecture
 1460 Platform
 310 Platform
 Session Border Controller
 Border Controller
 Border Gateway

Future Proof Functionality

Security
 QoS
 Regulatory
 Standards
 Carrier Grade

NAT Traversal
 Standards Compliance
 White Papers
 Document Centre
 Customer Services
Login
 Updates

Session Border Controller - Application Specification

Benefits

The Newport Networks Session Border Controller (SBC) application enables peering and interconnect between operators. In addition it allows managed IP-based voice and multimedia services to be securely delivered to consumers and businesses. Key capabilities provided by the SBC are:

  • The ability to traverse corporate, consumer and core network NAPT and Firewall devices for SIP services.
  • Quality of Service enforcement via session admission control and policing.
  • Security protection for the core network, for customers, and for service revenue.
  • Regulatory compliance providing Lawful Intercept and Emergency Call Handling.

The SBC application manages signalling and media on the same platform. The SBC application consists of fully integrated Border Control and Border Gateway functions. For information on distributed Session Border Controller elements please see separate data sheets on Newport’s Border Controller and Border Gateway applications.

See Release 5.x specifications.

Network Interoperability

SIP is at the heart of every evolving multimedia IP network and provides both the common protocol for these networks to communicate and a powerful framework through which they can differentiate themselves. Being an open and extensible protocol SIP offers a range of ways to enhance and extend the information that it carries.  This has led to many networks using different sub-sets of SIP’s features and in some cases using unique extensions to SIP in order to implement useful new features. This has resulted in many networks being unable to exchange traffic because the methods and features offered are not common between them.

To solve this problem Newport Networks has introduced network profiling to ensure that messages crossing the borders of a network are made compatible with the destination network. This greatly increases the chances of the call completing successfully and therefore maximises revenues.

Message manipulation can be defined per peering network. In addition to user defined custom network profiles, Newport supplies standard profiles for common types of switches. Message manipulation features include the ability to strip headers; add headers, substitute headers, modify URIs, reject methods and strip MIME bodies. Message manipulation can also be applied to 3GPP headers, which include PATH, Service Route, Route, Privacy, P-asserted Identity, can be manipulated appropriately according to the location of the controller within the IMS architecture.

Peering Architecture with Dial Plan feature

Newport’s SBC application supports dial plans which can be created to route calls between networks based on E.164 dialled digits or on FQDN. The dial plan can be configured with powerful pattern matching regular expressions to reduce the number of entries required and hence reduce management overhead. This feature allows the SBC to be used in simple IP exchange applications (such as IPX) without the fully featured Call Routing Engine (described in a separate application note).

Security

Proxy pinhole firewall capabilities protect network resources and subscribers from malicious attacks; Network Address and Port Translation (NAPT) provides topology hiding and ensures connectivity to networks that use private or un-routable addressing schemes. Malicious attack prevention provided at layer 3/4 and layer 5 (SIP attacks) automatically protects the core network and thus service revenues.  Randomized media port allocation prevents malicious media access through port scanning attacks. Policing of RTCP as well as RTP streams is performed to ensure that users only pass traffic in their RTP stream.

As VoIP services increase in popularity they also become more attractive targets for malicious activities. The software now offers even better protection against malformed SIP messages and against DoS attacks at the IP and SIP level.

Quality of Service

Session Admission Control manages traffic volumes to avoid network congestion, enabling the provision of a deterministic service level to subscribers. Configurable congestion control provides protection from network overload. Multiple CPU levels can be configured to provide traffic levelling and traffic back-off thresholds. This enables progressive levels of traffic throttling thus smoothing traffic and preventing “flash floods”.

Media Policing prevents fraudulent or faulty sessions from exceeding agreed bandwidths, protecting the QoS of other clients. Media policing is performed per media flow within a session.

The Newport SBC can increase the efficiency of registration servers by performing authenticated de-registration on behalf of the user when it detects the user has left without de-registering. This avoids orphaned entries in the server database and prevents incoming calls being sent to an absent user.

DiffServ Code Point (DSCP) re-marking enables media flow differentiation based on a quality policy to be enforced on a per-user and per-session basis.

Carrier Grade

The SBC application can be deployed within a chassis either in redundant or non-redundant modes. In redundant mode the SBC functions are deployed in active/stand-by pairs, if there is a failure of either the application or CPU the hot stand-by takes over with no loss of data.

Resilient connection to the SBC is supported via physical link aggregation (802.3-2002) providing link resilience and load balancing. In addition LAG Resilience provides additional protection against network outages by routing traffic via alternative LAGs if the primary LAG or hosting network equipment fails. This provides optimal network resilience with the flexibility to adapt to individual network supported scenarios.

The SBC application supports the secure traversal of corporate and network based firewalls and NAT devices, without deploying additional customer premise equipment or replacing existing firewalls and NAT devices. NAT bindings with User Agents are maintained by forcing the UAs to increase the frequency of their re-registrations; excess re-registration messages are filtered by the SBC to reduce network traffic and Call Agent loading.

Intelligent load balancing across multiple Call Agents provides the ability to create load balanced groups of Call Agents or Proxy Servers. In the event of a failure of a Call Agent or Proxy Server, new calls will automatically be distributed to the active devices.

Call Agent Status monitoring allows monitoring of the status of all call agents, whether they have been configured in the system or dynamically discovered.

Regulatory

The SBC application meets the FCCs requirements for CALEA and many ETSI based national variants for LI. A turn-key lawful interception system designed into the signalling and media paths and fully compliant Handover Interfaces.

Support for Emergency Call Handling (ECH) enables the identification of up to 20 pre-defined global and local emergency identifiers, bypassing any policing profiles.

Key Features

Security

  • Access Control including signalling control of media pinhole firewall
  • Network topology hiding using NAPT at layer 3 and layer 5
  • Customer address hiding - Route stripping
  • DoS protection
    • SIP transaction rate limiting per registered customer
    • SIP registration rate limiting
    • Detect and reject malformed packets
    • Policing of RTP and RTCP on a per-session basis

Quality of Service

  • Session Admission Control (SAC) per-customer, per-VLAN and per-physical interface:
    • Number of sessions allowed
    • Total bandwidth allowed
    • Number of registered users (applied to customer limit only)
    • Policing on per-session basis
  • Re-mapping of ToS bits and DiffServ codepoints based on:
    • SIP quality parameter
    • Media type and codec in signalling
    • Static mapping table
  • ‘Anti-tromboning’ for local media routing

Carrier Grade Resilience

  • Resilient architecture with 1+1 sparing for all system modules
  • Link aggregation (802.3-2002) for link resilience and load balancing
  • LAG Resilience
  • Alternate Call Agent routing

Management

  • Operational configuration and monitoring via browser interface
  • Full configuration and monitoring using an advanced CLI
  • Alarm and Trap element management using SNMPv3
  • Full ICMP support

Regulatory

  • Lawful Interception (CALEA and ETSI). National variants supported include, but are not not limited to: USA, Canada, UK, Germany and Italy

IETF MIDCOM Compliance

  • Fully compatible with the MIDCOM architecture

ETSI TISPAN Compliance

  • Provides IBCF (Interconnect Border Control Function) capabilities
  • Provides C-BGF (Core Border Gateway Function) capabilities
  • Provides I-BGF (Interconnect Border Gateway Function) capabilities

Signalling Compliance

  • SIP compliant with RFC 2543 and RFC 3261
  • SIP-T compliant with RFC 3372
  • SDP compliant with RFC 2327
  • H.248/Megaco compliant with RFC 3015


SBC Application Sheet PDF

Release 5.x software data sheet

See also:

Session Border Controller White Papers

1460 Architecture

What is a Session Border Controller?

For more information on the 1460 please contact sales@newport-networks.com
See Also

SBC Data Sheet
PDF

Copyright © 2008 Newport Networks Ltd. All rights reserved. RSS | Site Map | Extranet | Blog | Terms of Use | Privacy