The Role of an E-SBC

Ask the SIP Trunk Expert

The Role of an E-SBC

By Steven Johnson, President, Ingate Systems, Inc.  |  August 10, 2010

Enterprise session border controllers sit at the edge of the network to provide control over the SIP traffic. Traditionally they were seen as just providing firewalling protection – the security – for SIP-based voice networks. Today’s E-SBCs provide that security, which is absolutely a critical function, and have evolved to serve as a crucial element in enabling SIP deployments.

An E-SBC will:

* normalize the SIP signaling so that the IP PBX (News - Alert) at the customer site and the service provider’s network are fully compatible. Additionally, normalization of the SIP signaling allows service providers to support more IP PBXs, or those IP PBXs that are not yet certified by the ITSP to expand its business without the need for extensive interoperability certification with each IP PBX. 

* resolve NAT traversal issues to enable the adoption of SIP, SIP trunking and full unified communications by securely permitting SIP signaling and related media to traverse the firewall. Without this function, most companies will have one-way audio only.

* provide security through deep packet inspection, which can be effective against buffer overflow attacks, denial of service (DoS) attacks, sophisticated intrusions, and a small percentage of worms that fit within a single packet

* offer control through authentication Many service providers require authentication of the user with their network. Some IP PBXs do not support this function.

* enable disaster recovery In the event a customer’s main office goes down, the E-SBC can reroute SIP traffic to a secondary office to keep business up and running.

* deliver quality of service by ensuring that mission-critical voice calls have priority over other Internet traffic, and that call quality remains high

* provide encryption for maximum privacy even over the public Internet

 * offer intrusion detection/prevention, which enables the E-SBC to detect DoS attacks based on SIP, and to block malicious SIP signaling packets designed to attack certain SIP phones, servers or other devices on the enterprise LAN. This secures the enterprise network as the E-SBC handles the attacks while the servers and other SIP devices in the network can still be used.

Steven Johnson is President of Ingate Systems (News - Alert), Inc. To read more of Steven’s articles, please visit his columnist page.

Edited by Stefania Viscusi