Do You Need a Session Border Controller?
by Nate Rand
Security and quality concerns are constant issues with a VoIP system. A business needs to make sure that only authorized people use the service, that phones don’t expose any network weaknesses, and that quality of service is consistently good. A session border controller (SBC) helps to achieve those goals. An SBC can be used with an on-premises or hosted VoIP PBX or a SIP trunk, and it’s often paired with another in the host’s equipment.
An SBC can be either a dedicated device or a software package that can run on any suitable computer.
The most common reason for using an SBC is security, but it serves a different purpose from a firewall. The security features an SBC can provide include the following:
- Topology hiding. Without taking special precautions, a SIP packet contains a trace of its passage through the local network. This could aid someone trying to attack the network. An SBC reduces the routing information to the minimum.
- Encryption. An SBC can apply TLS (also called SSL) to SIP packets and Secure Real-Time Transport Protocol (SRTP) to the voice data. This prevents eavesdropping on the call between the local network and the trunk.
- Preventing unauthorized use. An SBC usually can verify whether a connection comes from an authorized source. This stops free riders on the system Some denial-of-service attacks disguise their packets as VoIP traffic; an SBC can detect the fraudulent packets and drop them. If an IP address sends a lot of hostile or unauthorized packets, the SBC can block everything coming from it.
- Detecting excessive use. An endpoint with an unusually high level of traffic might be subletting the connection in violation of network policy. An SBC can detect and block such misuse.
Other benefits of SBC
Quality of service (QoS) is another benefit which many SBCs offer. An SBC can set network routing and data packet priorities to keep the quality of all calls up and make sure that the most important connections (e.g., emergency calls) get the highest priority.
SBCs can help with IP address management, avoiding dropped connections. Routers on local networks use Network Address Translation (NAT) to convert between public IP addresses and the ones on the local network. NAT doesn’t work very well with the SIP protocol; if a router changes a phone’s local IP address within the network, it can break the connection. An SBC controls message routing so that NAT changes don’t cause a dropped call.
Compatibility isn’t a huge issue with SIP, but the protocol does have different treatments from different equipment, and a mismatch can reduce efficiency. An SBC can optimize the connection between the phones and the service by reformatting packets when necessary.
Logging and billing functions on an SBC help a business to determine where its VoIP services are most heavily used and to allocate costs accordingly. This helps to detect excessive or unexpected use.
It’s especially useful to deploy SBCs as back-to-back user agents (B2BUA), one on the local network and one on the remote service. This way they can offer a secure link between the local network and the server, and they can bypass NAT while routing SIP connections and voice data to the correct places.
A full-featured SIP trunk can make an SBC unnecessary in many situations. Not many trunks offer encryption of conversations, though; if that’s a requirement, using SBCs in a B2BUA configuration may be the best choice. An SBC may offer other features which the trunk doesn’t provide.
SBCs are very diverse. There’s no guarantee that any given one provides any given service. Choose one from a reliable source, and make sure it works with your equipment and service and has the features you require.
We can help you to understand VoIP and set up the best system for your business. Please contact us to learn more.