Enterprise session border controllers serve as a crucial and necessary element in deployments for SIP trunking, UC, and soon, WebRTC.
E-SBCs sit at the edge of the enterprise network to provide control over the SIP traffic. The enterprise edge component can either be a firewall with complete support for SIP or an edge device connected to the firewall, handling the management of the SIP traffic.
The E-SBC performs several critical functions.
First, firewall traversal – E-SBCs provide SIP protocol routing to resolve NAT traversal issues by securely permitting SIP signaling and related media to traverse the enterprise firewall. Traditional firewalls block SIP traffic because they don’t recognize the protocol. E-SBCs rewrite the publicly routable IP address in the header information to the private IP address of the PBX (News - Alert). This permits the SIP traffic to go through the firewall. Without this capability, the PBX would have to be on the outside of the firewall, exposing it to the Internet, or if the PBX is placed on the inside of the firewall, there will be one-way media.
The second important function is interoperability. While SIP is a standard protocol developed and published by the IETF, the language of the protocol permits several different methods to be used to accomplish the same telephony function. No one method is considered right, nor even the best, way to accomplish the task. The E-SBC, because it employs a Back-to-Back-User-Agent, is able to stop and restart the call implementing the appropriate method for the receiving environment. In this manner, E-SBCs can fix these types of disparity issues and create instant interoperability – paving the way to a faster deployment. Since E-SBCs facilitate interoperability, there is no need to conduct extensive trial and error between your PBX and ITSP to get the two systems to work together. This also gives more choices to the enterprise when selecting a service provider, and permits the service provider to interact with more IP PBXs than would be possible otherwise.
The third important function is security. The first line of defense, E-SBCs can provide authentication (which some IP PBXs do not natively support) and deep packet inspection to preserve the integrity of the enterprise LAN network. In addition, safeguards can be added to protect against buffer overflow attacks, denial of service attacks, sophisticated intrusions, and a small percentage of worms that fit within a single packet. Any of these attacks could be highly detrimental to an enterprise’s business activities, or worse, could result in theft of services with significant financial consequences.
Fourth, the E-SBC also enables remote SIP connectivity or far-end NAT traversal, where remote users (or workers) can leverage the SIP capabilities of their businesses’ IP PBX. For example, workers based at a separate location (home office, satellite office, working on an oil rig, etc.) can, over an Internet connection, use their company’s SIP service (audio, video, etc.) from anywhere without the need for additional hardware at the remote site. This can eliminate the need for second phone lines in home offices, the use of expensive hotel phone services, or cell phones, adding to the cost savings of employing SIP trunking.
Today’s E-SBCs are also called upon to add other services to the environment to further enhance the SIP trunking implementation:
- Disaster Recovery: E-SBCs can reroute SIP traffic to a secondary PBX or to an alternate service provider to keep business up and running should there be a failure. The E-SBC can also load balance to multiple PBXs on the customer’s network based on a user-defined algorithm.
- Quality of Service: Increasingly critical as high-bandwidth applications become more popular, the E-SBC can tag (News - Alert) packets so that other devices in the LAN can give voice packets priority over data packets.
- The E-SBC can add encryption of the signaling and/or the media.
- Diagnostics: The best E-SBCs have extensive diagnostic features which not only supply event logs, but also can be used to capture wire-shark traces that can find issues quickly. In addition, the E-SBC can report on Mean Opinion Scores for each call made so that the administrator can watch for degradation of service and take proactive steps to cure impending issues.
- The E-SBC also can be used to supply the information to populate call detail records and invoices.
Steven Johnson (News - Alert) is president of Ingate Systems (www.ingate.com).
Edited by Stefania Viscusi