Session Border Control

As service providers grow their voice and multimedia over IP businesses, the need to interconnect natively over IP with other networks becomes more critical. For service providers, the underlying expectation is that this VoIP interconnection functionality will perform in the same manner as a traditional time division multiplexed (TDM) handoff, while also delivering greater efficiency and significant cost savings. This is a critical difference between traditional IP-to-IP peering of pure data, and IP-to-IP peering for VoIP. In the VoIP scenario, the behavior is expected to more closely emulate a TDM handoff than a more conventional IP-to-IP handoff.

Fortunately, a new class of products has arrived to meet this expectation: session controllers. But all session controllers are not the same, and Tier 1 carriers should be aware of the "necessary nine" key functions that will help them take their network peering to the next level and interconnect their global VoIP networks while maintaining network privacy and security.

To be able to efficiently and securely interconnect VoIP networks, session controllers must provide true IP-to-IP gateway functionality, which requires supporting the following necessary nine functions:

1) Clearly Define the Demarcation Point Supporting VoIP interconnection between Tier 1 carriers first involves clearly defining the demarcation point by managing all the traffic on a call-by-call basis, where a call is defined as a combination of both signaling and media streams, from set-up to tear down. This capability also takes care of session/call admission control, which can be done based on bandwidth or number of calls allowable per customer.

2) Grow Interconnections While Maintaining Network Simplicity Being able to grow the number of interconnections as well as the traffic load without increasing the network's overall complexity is critical when supporting peering between Tier 1 networks. It is important to make sure that one session controller can support many customers/networks and that there is no one-to-one relationship between the session controller and customers. This capability will allow carriers to expand their peering points with no impact to the internal network, therefore causing no disruption and achieving economies of scale. The session controller should be able to grow the number of simultaneous sessions, the number of calls per second, the number of singularly defined customers, the number of registrations, and the number of VLANs, meaning that they can support customers that have overlapping address space.

3) Provide 99.999% Reliability The networks reliability and availability should provide support for system level redundancy for the VoIP application, automatic fail-over when a failure is detected and operational VoIP traffic under normal non-failure conditions. The network should be able to re-route all VoIP traffic through a secondary session controller upon network failure. It should allow an established VoIP call to be re-routed through a secondary session controller without failure of the established call. It should also support normal VoIP call termination after a failure transitions a call to a secondary session controller. Out-of-band mechanisms should allow the paired session controllers to synchronize VoIP information, and there should be a mechanism that allows a failed session controller to be transitioned back to an operational state without disruption of the VoIP service handled by the non-failed session controller.

4) Maintain Privacy - Maintaining privacy of all parties involved in the interconnection is also critical. Carriers can maintain carrier privacy using a multitude of features developed specifically for carrier-to-carrier interconnect, including basic translations, header stripping and topology hiding.

5) Allow Only Authorized Traffic Only authorized traffic should be able to reach or traverse the network. Authorization should be based on at least three mechanisms. First, signaling validation allows the session controller to inspect application layer payloads and make decisions based on that information. Second, media validation allows the media flows to be inspected and allowed to pass through based on related signaling flows. Third, general filtering supports general authorization based on different criteria such as ACLs, customer policies, and headers.

6) Optimize Creation of Billable Records Billable records should be cut at the entry or egress point of the network. Keeping track of detailed session information on discrete flow characteristics is of outmost importance for the IP-to-IP gateway functionality. The detail record reporting provides valuable feedback to customers who are seeking to engineer their networks according to processing loads. By analyzing the results of the detail record reports, service providers can allocate appropriate network resources across network consumers. Detail records also provide valuable feedback to operational support systems (OSS), including service level management and billing. The capability to extract information in real time and dynamically control traffic through the network enables service providers to manage their networks more effectively and provide new enhanced services to their customers. A normal session detail record should contain information such as start/stop records for both signaling and bearer traffic, including key performance indicators such as latency, jitter, and loss.

7) Support and Enforce QoS When converging voice and data networks, it is imperative to protect and ensure specified QoS levels for services, such as voice, email, and video. This is a difficult task without session controllers that contain large processing power capabilities and thus are able to understand and apply policies based upon information deep in the packet headers and payloads (specifically, Layer 5 information). Session controllers can enforce SLAs by preventing bandwidth theft, assigning QoS markings, and reporting QoS statistics such as jitter, latency, packet loss, etc. in real time. Quality can also be measured and reported based upon network domains.

8) Provide Network Security Session controllers supporting IP-to-IP gateway functionality must secure the network from any malicious attack, such as TCP SYN Floods, SIP INVITE Floods, or Malicious RTP Streams. With traffic flowing between different networks, it is essential to protect them from any of the security breaches that are so common in the IP world, as well as support carrier compliance with the lawful intercept requirements. The session controller should protect the carrier network by providing Rogue RTP Detection, DoS Prevention/Flood Prevention, Intrusion Prevention, Theft of Service Prevention and CALEA.

9) Support Network Monitoring and Troubleshooting Accurately monitoring the performance and health of the IP-IP interconnection and troubleshooting the network on a call-by-call basis is critical to maintaining high-quality network peering. The session controller has to provide detailed performance reports and must have the ability to debug calls in real time. In addition, it has to provide statistics at a global and call level, delivering information such as number of packets sent, received, and inter-arrival time. This allows the operator to know at all times that the network is performing at the required levels.

Session controllers today are evolving to provide new features and functionality. In the early days of VoIP, session controllers were designed as network appliances to meet specialized requirements such as firewall, NAT and protocol translation. They worked great for signaling, but they simply could not scale to meet both signaling and media demands as VoIP deployments grew larger.

Today, as large, incumbent carriers adopt VoIP in their networks, a dedicated critical network element is needed to support the ability to process thousands of simultaneous VoIP calls without adding latency at full capacity. Many session controllers on the market today are not up to the task. And while some vendors are attempting to graft an IP-to-IP gateway onto their media gateways, these efforts also do not support the necessary nine features needed to deliver robust IP-to-IP gateway functionality.

Tier 1 service providers looking to support large VoIP deployments must seek out interconnection solutions that extend the traditional functionality of session controllers and support IP-to-IP gateway functionality that can meet their peering needs both today and in the future.