Session border controller: Difference between revisions
imported>Howard C. Berkowitz (New page: {{subpages{{ A '''session border controller (SBC)''' is a computer networking device that provide firewall and proxy services principally for Voice over Internet Protocol a...) |
imported>Howard C. Berkowitz No edit summary |
||
| Line 1: | Line 1: | ||
{{subpages | {{subpages}} | ||
A '''session border controller (SBC)''' is a [[computer network]]ing device that provide [[firewall]] and [[proxy services]] principally for [[Voice over Internet Protocol]] and other applications that make use of [[Internet Protocol Suite]] protocols with characteristics of the OSI Session Layer. This had not been a requirement, because IP-oriented session protocols, such as [[Remote Procedure Call]] (RPC), for example, tended to be client-server on a LAN but did not go outside the local, trusted network. That RPC used a variable range of UDP port numbers was not an issue for firewalls, because the traffic did not go through a firewall. | A '''session border controller (SBC)''' is a [[computer network]]ing device that provide [[firewall]] and [[proxy services]] principally for [[Voice over Internet Protocol]] and other applications that make use of [[Internet Protocol Suite]] protocols with characteristics of the OSI Session Layer. This had not been a requirement, because IP-oriented session protocols, such as [[Remote Procedure Call]] (RPC), for example, tended to be client-server on a LAN but did not go outside the local, trusted network. That RPC used a variable range of UDP port numbers was not an issue for firewalls, because the traffic did not go through a firewall. | ||
Revision as of 13:34, 7 May 2010
A session border controller (SBC) is a computer networking device that provide firewall and proxy services principally for Voice over Internet Protocol and other applications that make use of Internet Protocol Suite protocols with characteristics of the OSI Session Layer. This had not been a requirement, because IP-oriented session protocols, such as Remote Procedure Call (RPC), for example, tended to be client-server on a LAN but did not go outside the local, trusted network. That RPC used a variable range of UDP port numbers was not an issue for firewalls, because the traffic did not go through a firewall.
This is changing with the widespread use of Session Initiation Protocol (SIP) for VoIP, where SIP may need to traverse a firewall-like function. Conventional firewalls make assumptions about port numbers, but SIP uses a dynamic range. SIP is the dominant protocol found inside the local multimedia border, although it rapidly is becoming the outside standard. In older VoIP installations, one might find H.323 or MEGACO/MGCP.
A specialized class of security gateways called Session Border Controllers (SBC) deal with this problem, which are again controlled violations of the end-to-end principle. They terminate the SIP session coming from "inside", and create a new session to the outside. They may have firewalling or other security capabilities optimized for a session layer protocol.
Between those two session termination points, depending on the particular SBC, quite a number of things can happen. There can be deep packet inspection for security or accounting. If the particular codec being used to packetize information on the inside is different than the one expected from the outside (e.g., high-bandwidth G.711 versus low-bandwidth G.729A), the SBC can convert — "transcode" -- although it is always advisable to avoid transcoding. Transcoding adds delay and may decrease quality.
Encrypted voice is a problem unless the SBC is trusted to encrypt, examine plaintext, and encrypt in a new cryptosystem.
An intelligent SBC, in the right topology, can considerably speed the processing of calls in the same part of the IP network, using a technique called hairpinning.