Professional Documents
Culture Documents
Objectives
By the end of this session, participants will have been given
detailed instruction on:
What is a Session Border Controller (SBC)?
VoIP Challenges in traditional IP Networks
The Solution Dialogic BorderNet 4000 Session Border Controller
Main BorderNet 4000 SBC features
Type of network topology
SBC Terminology
Session: Real-time interactive voice, video or multimedia
communication over IP delivers the application
Border: Point of demarcation between your IP network and your
customers network source of challenges
Service provider-to-service provider (Interconnect/Peering)
SBC Concept
Session border control is not a standardized set of functions
Has evolved to address the wide range of issues that arise when voice and
multimedia services are overlaid on IP infrastructure
1.
2.
3.
4.
These issues are relevant for access to both carrier and enterprise networks
User-Network Interfaces (UNI) to end users and access networks
Network-Network Interfaces (NNI) to interconnect networks
Signaling
Media
UNI
Access
Network
Services
Core
Network
NNI
Interconnect
Network
Residential
Access
Service Provider
Network
SIP Trunking/
Enterprise Access
BorderNet 2020 SBC
Residential/SOHO Access
BorderNet 3000 SBC
COMPANY CONFIDENTIAL COPYRIGHT 2013 DIALOGIC INC. ALL RIGHTS RESERVED.
Other SP
Network
Peering SBC
BorderNet 4000 SBC
Private
Public
Src: 100.99.98.10
Dest: 200.1.1.2
Private
Src: 10.5.130.26
NAT
Public
Src:200.1.1.2
Dest: 10.5.130.26
Src:200.1.1.2
Dest: 200.1.1.2
Dest: 100.99.98.10
Src: 10.5.130.26
100.99.98.1
100.99.98.2
100.99.98.3
..
.
100.99.98.30
Private
NAT
Src: 100.99.98.1
Dest:200.1.1.2
Public
Dest:200.1.1.2
100.99.98.1
29000
29001
..
.
29003
Src: 100.99.98.1:29000
Dest:200.1.1.2
VoIP Challenges in
Traditional IP Networks
Lack of Symmetry
Endpoints behind firewall can open connections to an endpoint located on an
external network
The external endpoint will need to have an open connection through the
firewall
Solution option Pinhole
The internal endpoint opens a special connection (pinhole) through the firewall and it will
remain opened as long as the internal endpoint keeps the connection open
This pinhole will allow traffic to flow in both directions
The pinhole will have to be maintained in order to keep it opened
I will tell the firewall to allow it
Private
COMPANY CONFIDENTIAL COPYRIGHT 2013 DIALOGIC INC. ALL RIGHTS RESERVED.
Public
10
IP Header: 20.2.2.1
Public
Message Headers
SIP Invite Message
From: CallerA@10.5.130.26:29015
Via: 10.5.130.26:29015:29015
Contact: CallerA@10.5.130.26
SDP
O=10.5.130.26
M= audio 29015 RTP/AVP 0
20.2.2.1
NAT
Remote
Private
Src: 10.5.130.26:29015
Dest: 200.1.1.2
11
20.2.2.1
NE FW
FE FW
Invite:5060
200 OK:5060
12
10.5.5.1
10.7.5.6 5060
IP
UDP
From : 7777500@100.99.98.1
Contact: sip:userA@10.1.2.3
Contact: sip:userA@100.99.98.1
100.99.98.1 5060 SDP: o = 100.99.98.1 :5012
Application
IP
UDP
SIP: INVITE
SIP: INVITE
Internal Packet
SDP [c;m;x]
Layer 5
SIP [from..To]
External Packet
Changed
No change
SDP [c;m;x]
No change
Changed
SIP [from..To]
Layer 4
UDP [Ports]
Changed
UDP [Ports]
Layer 3
IP [IP Add]
Changed
IP [IP Add]
Application
No change
MAC[MAC Add]
13
In traditional NAT,
payload remains the
same
Media Layers
Host Layers
Application
Presentation
Session
Transport
Layer 7 - Data
Layer 6 Data (e.g., data
representation and encryption)
SBC, SoftSwitch,
B2BUA,
Application server
Layer 4 Segments
(e.g., TCP, UDP)
Router
Network
Data Link
LAN switch
Physical
14
The Solution
15
Packet flows are dynamically analyzed and controlled before they can degrade the BorderNet 4000
SBC or core network performance
COMPANY CONFIDENTIAL COPYRIGHT 2013 DIALOGIC INC. ALL RIGHTS RESERVED.
16
Hardware Platform
1U x 20 deep
Dual multi-core 2.4GHz processors
250 GB HDD (1+1 redundant, hot swappable)
AC/DC power supplies and fans (redundant, hot swappable)
Standalone and 99.999% availability HA configuration
NEBS ready
Scalability
1,024 VLANs
2,048 IP addresses (signaling and media)
500 SIP interfaces
2,048 peers
COMPANY CONFIDENTIAL COPYRIGHT 2013 DIALOGIC INC. ALL RIGHTS RESERVED.
17
Eth0 / MGT0
Eth1 / HA0
Eth3 / MGT1
Eth2 / HA1
Eth7 Eth6
Eth5
Eth8
Eth4
Security:
ACLs, DoS protection, topology hiding, NAT/NAPT, etc.
TLS encryption for signaling security
Interworking:
Header manipulation (modify, add, delete, digit manipulation)
SDP manipulation to control codec choice
18
Layer 4 Segments
Syntax and semantic validation of all signaling messages (e.g., TCP, UDP)
TLS for SIP and management traffic
Layer 3 Packets
(e.g., IP)
Layer 3 and 4
Rate-limiting to protect against DoS attacks
Media topology hiding
TCP/IP firewall
Layer 2 Frames
(e.g., Ethernet, ATM,
Frame Relay)
19
20
22
Summary
In this module we covered:
What is a Session Border Controller (SBC)?
VoIP challenges in traditional IP networks
The solution Dialogic BorderNet 4000 Session Border Controller
BorderNet 4000 SBC features overview
Type of network topology
Any Questions ?
23
Dialogic, Veraz, Brooktrout among others as well as related logos, are either registered trademarks or trademarks of Dialogic Inc. and all companies controlling, controlled
by, or under common control with Dialogic Inc. (Dialogic). The names of actual companies and products mentioned herein are the trademarks of their respective
owners.
This document discusses one or more open source products, systems and/or releases. Dialogic is not responsible for your decision to use open source in connection with
Dialogic products (including without limitation those referred to herein), nor is Dialogic responsible for any present or future effects such usage might have, including
without limitation effects on your products, your business, or your intellectual property rights.
05/12
24