In a July 2006 SIP Magazine article about session border controllers (SBCs), the author suggested that the end of SBCs is near. I respectfully dispute this notion because SBCs solve real problems and are essential to the delivery of secure, high-quality services. Session border control is not a temporary function or network element as these problems are not going away. SBCs serve to overcome numerous challenges: securing the network, extending service reach, ensuring service quality, protecting profitability, and complying with regulations.

Furthermore, the SBC is transparent to the end-user — they don’t know about it, nor should they. However, the capabilities that SBCs bring to our network allow us to deliver high quality and reliable services, qualities that we can use to differentiate our services and incorporate in our service level agreements (SLAs). These capabilities translate into a quality user experience and a happy customer! NuVox is a rapidly growing, facilities-based integrated communications provider delivering a full array of communications services in 16 states across the Midwest and Southeast. NuVox employs SBCs in strategic locations throughout our network for three main purposes today:

Securing our network

Security is a challenge that will never go away and session border controllers are optimized to solve that problem. With dynamic and static access control lists and signaling rate limiting, we reduce the threat of external denial of service (DoS) and other malicious attacks. It all starts with our SBC being hardened against these attacks, including dedicated, high-performance hardware. The threats stop at the SBC without impacting its performance or the performance of legitimate existing or new calls. This, in turn, protects our important infrastructure—the gear that our customers rely on for service and we rely on for revenue—from being affected by hackers and attackers. Additionally, we can fully hide NuVox’s core infrastructure topology from customers and peering partners as our SBC is a back-to-back user agent (B2BUA) and acts as a double NAT for layer 3 and layer 5 addresses. Our softswitches and application servers are hidden and not addressable, making the important revenue producing equipment more difficult to attack.

Ensuring service quality and availability

With SBCs at the access border, we can ensure that the NuVox VoIP network is up and available to service our customers, thus meeting our SLAs relative to availability and call quality. There are a host of SBC features that deliver on service assurance. Call admission control plays a role here by throttling the allowable number of sessions to any given device in the core of the network. That ensures that existing calls are not impacted by unusual busy periods and events. We can continue to serve customers while giving a busy signal to new attempts until the call patterns return to a serviceable level. Also, to ensure proper QoS levels are provided for all calls, the SBCs properly mark incoming packets for specific treatment by the upstream routers and switches as well as report on the actual call quality characteristics, which helps with reporting and problem resolution.

Extending service reach with hosted NAT traversal

NATs and firewalls at the customer premises break the hosted VoIP services model as they are security devices and, behaving correctly, they don’t allow inbound and seemingly unwanted communication requests to enter the company network. SBCs deliver a solution for traversing that security boundary that is the easiest to implement and least disruptive to the customer’s network and security model. It requires no provisioning of subscribers on our end and no change to the equipment at the customer premises. Additionally, the IP address of the SBC in our network can be used as a trusted source for security policies.

While there are many initiatives that hope to solve the NAT/firewall traversal problem, SBCs solve that problem today. Waiting for the NAT traversal standards to finalize — and products to appear — would be tantamount to not offering services for the past several years and still waiting an indeterminate time for them. The standards, STUN and TURN, are just another approach to hosted NAT traversal — not necessarily better. SBCs will adopt the standardsbased NAT traversal techniques when they are finalized — meaning the SBC will be a STUN/TURN server — allowing the service provider to choose the NAT traversal method they prefer. Since I want to offer services today, I’m not waiting, and I’ll take my SBC to solve today’s real challenges for reaching my customers.

In the future, we plan to use our SBCs for additional applications, including:

• CALEA support for our VoIP traffic, allowing us to offer our services that will be required to comply with lawful intercept regulations. With the upcoming May 2007 deadline for compliance, we already have the equipment in place for intercepting call content and call data.
  
  
• Media transcoding, where necessary, to increase the number of networks we can connect to, as well as efficiently engineer our network for bandwidth usage. Transcoding would also allow us to interconnect with other carriers that use other codecs in their network without requiring change at the hand-off point. Transcoding at the IP border in the SBC is much more effective than using our media gateways. SBCs are optimized for IP-IP borders as media gateways add additional latency as there are two transcoding steps in the process: IP to TDM and TDM back to IP.
  
  
• SIP to H.323 Interworking in order to easily connect to legacy VoIP networks and the majority of IP PBXs for trunking services. While SIP is by far the dominant protocol for new deployments and new services, there are numerous networks that still use H.323 and that will not change in the near future. Furthermore, our SBCs help resolve the inconsistencies between various vendors’ implementation of SIP. The SBCs deployed with this interworking function at the access border means that NuVox does not need to make any changes to neither our internal VoIP core nor the networks of our customers. Signaling protocol interworking is another example of extending service reach.

There are no meaningful alternatives that can deliver all this functionality — security, call admission control, interworking, transcoding, QoS, lawful intercept — in one manageable, highly available, and scalable platform. Of course, not all SBCs are created equal. The rash of recent failures and cheap exits has more to do with products that did not meet today’s challenges than it did with SBC functions not being necessary today or in the future.

In that earlier article about SBCs, the author cited a problem of registration floods after a network failure due to the fact that SBCs cache endpoint registrations. This issue can easily be overcome by using an SBC that can gracefully protect itself from these floods and by configuring the admission control policies on the SBC so that the network resources are not overloaded.

While SBCs are not free, we view SBCs as an investment in our customer base. SBCs deliver necessary functionality and solve fundamental problems in order deliver services that generate revenues. These IP communication services are the future of any service provider. Without SBCs, these services would not be possible. Or rather, we could offer services, but not truly deliver service differentiators like quality, security, and availability.

The bottom line is that SBCs solve many real problems associated with VoIP service offerings. The rich functionality of SBCs — they are used for much more than hosted NAT traversal — delivers the ability to competitively differentiate around a secure, high-quality, user experience. If you’re a service provider looking to make money on VoIP and other session-oriented IP communication services, then a SBC is a wise investment.

Art Nichols is the VoIP Architect of NuVox Communications. For more information visit the company online at www.nuvox.com.