Session border controller

From Citizendium
Revision as of 13:47, 7 May 2010 by imported>Howard C. Berkowitz
Jump to navigation Jump to search
This article is developing and not approved.
 Main Article
 Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
https://en.citizendium.org/wiki/index.php?title=Session_border_controller&printable=yes
This editable Main Article is under development and subject to a disclaimer.

A session border controller (SBC) is a computer networking device that provide firewall and proxy services principally for Voice over Internet Protocol and other applications that make use of Internet Protocol Suite protocols with characteristics of the OSI Session Layer. This had not been a requirement, because IP-oriented session protocols, such as Remote Procedure Call (RPC), for example, tended to be client-server on a LAN but did not go outside the local, trusted network. That RPC used a variable range of UDP port numbers was not an issue for firewalls, because the traffic did not go through a firewall.

This is changing with the widespread use of Session Initiation Protocol (SIP) for VoIP, where SIP may need to traverse a firewall-like function. Conventional firewalls make assumptions about port numbers, but SIP uses a dynamic range. SIP is the dominant protocol found inside the local multimedia border, although it rapidly is becoming the outside standard. In older VoIP installations, one might find H.323 or MEGACO/MGCP. The IETF has defined the Session Peering for Multimedia Interconnect (SPEERMINT) architecture in which they can operate.[1]

Between those two session termination points, depending on the particular SBC, quite a number of things can happen. There can be deep packet inspection for security or accounting. If the particular codec being used to packetize information on the inside is different than the one expected from the outside (e.g., high-bandwidth G.711 versus low-bandwidth G.729A), the SBC can convert — "transcode" -- although it is always advisable to avoid transcoding. Transcoding adds delay and may decrease quality.

Encrypted voice is a problem unless the SBC is trusted to encrypt, examine plaintext, and encrypt in a new cryptosystem.

An intelligent SBC, in the right topology, can considerably speed the processing of calls in the same part of the IP network, using a technique called hairpinning.[2]

References

  1. D. Malas, D. Mayer, ed. (March 2009), Session Peering for Multimedia Interconnect Terminology, Internet Engineering Task Force, RFC5486
  2. C. Jennings (January 2007), F. Audet, ed., Network Address Translation (NAT) Behavioral Requirements for Unicast UDP, Internet Engineering Task Force, 4787
Retrieved from "https://citizendium.org/wiki/index.php?title=Session_border_controller&oldid=739345"