Session Border Controllers - Top 10 FAQ
0 likes43 views
This document summarizes the top 10 frequently asked questions about session border controllers (SBCs). It discusses the differences between SBCs and SIP proxies, how SBCs detect and defend against denial of service attacks, how they can help stop robocallers using STIR/SHAKEN standards, how SBCs limit call traffic through rate limiting, the purpose of topology hiding, how SBCs can perform load balancing, their role in facilitating billing, issues around deployment in cloud environments, and the differences between free and paid versions of the FreeSBC software.
Session Border Controllers - Top 10 FAQ
- 2. SBC – Top 10 FAQ We answer your most frequently asked Session Border Controller questions January 2019 2
- 4. 4 Frequently Asked Questions 1. What's difference between an SBC and a SIP Proxy? 2. How does an SBC detect and defend against DOS/DDOS attacks? 3. Can an SBC help stop Robocallers? 4. How do SBCs limit call traffic? 5. What is topology hiding? Why do you need it? 6. Can I use an SBC to perform load balancing? 7. Do SBCs facilitate billing? 8. Does FreeSBC work with ________ ? 9. What are the risks/rewards for putting SBCs in the cloud? 10. Is FreeSBC really Free? When is it not free?
- 5. 5 Today’s Presenters: Alan D Percy Senior Director of Product Marketing alan.percy@telcobridges.com Marc St-Onge Director of Sales Support marc.stonge@telcobridges.com
- 7. What's difference between an SBC and a SIP Proxy? 7
- 8. 8 SIP Proxy/Server Architecture Header Manipulation Routing Engine Media SIP Session s Public WAN 34.0.0. 1 SIP Proxy/Server SIP Application s 34.0.0.X
- 9. Routing Engine Media Media Engine SIP Session s B2BUA UAS UAC Private LAN 192.168.0.X Public WAN 34.0.0.1 Session Border Controller SIP Applicatio ns Session Border Controller Architecture
- 10. 10 Comparison Summary Function Firewall SIP Server SBC Layer 2-4 Packet Filtering Router / NAT / DHCP Prevent DOS / DDOS Attacks SIP Header Manipulation / Interoperability SIP Routing Toll Fraud Protection Topology Hiding Block Robocallers (STIR/SHAKEN) QOS Measurement / Reporting Media Transcoding / Transcryption Prevent Media Flood Attacks
- 11. How does an SBC detect and defend against DOS/DDOS attacks? 11
- 12. DOS/DDOS Attacks Network Border Internet SBC Application DOS/DDOS and Registration Floods
- 13. 13 Protecting against DOS/DDOS • Built-in Firewall with Access Control Lists (ACL) • Dynamic Firewall Management • Blacklists - IP addresses/ports of known offenders • Whitelists - known valid users • Bandwidth Management • Call Rate Limiting • CPS limits, deflecting bad traffic • Line Rate Speed Processing – Important
- 14. Can an SBC help stop Robocallers? 14
- 15. SHAKEN: Verify valid calling numbers 15 Robocaller Terminating TSP Call with fake caller ID Happy customers Authenticate caller ID and sign call Verify signature and apply policies Complete with warning Block Phone Captcha Divert Originating Telecom Service Provider Policy choices
- 16. Originating service provider authenticates 16 Session Border Controller Originating Telecom Service Provider Authentication Service (AS) Secure Key Store (SKS) Calling Party 1. Call originates 2. SBC sends SIP INVITE to AS 3. AS checks caller ID, and returns signed SIP Identity header. 4. Sends call Outbound Call
- 17. Terminating service provider verifies 17 Session Border Controller Terminating Telecom Service Provider Verification Service (VS) Certificate Repository (CR) Inbound Call 1. Call arrives 2. Call Control initiates terminating trigger, sends to VS. 3. VS looks up CR URL, fetches certificate and extracts public key to verify the signature. Uses verification and token info to select policy and return the call to Call Control. 4. Call terminates Called Party
- 19. How do SBCs limit call traffic? 19
- 20. 20 Call Rate Limiting Intelligent “Speed Limiter” managing the incoming call flow • Maximum # Calls • Max Calls Per Second (CPS) • Inbound and Outbound • Handling Excess Traffic: • “Congestion” – Slowing responses • “Network Limit” – Configured per network • “Hard Limit” – Reject any new requests
- 21. What is topology hiding? Why do you need it? 21
- 22. 22 Topology Hiding Not exposing the internal network configuration or IP addresses to the outside world Only the SBC is visible to the outside world Substitutes IP addresses in SIP headers and on RTP
- 23. Can I use an SBC to perform load balancing? 23
- 24. 24 Load Balancing Distributing call traffic based on: • Priority • Availability • Round-robin • Dialed or Calling # • Table/Script bases • And more… Routing Engine
- 25. Do SBCs facilitate billing? 25
- 26. 26 Billing Systems and SBCs SBC Subscribers Call Servers Billing System $$$ Text CDR or RADIUS
- 27. Does FreeSBC work with ________ ? 27
- 28. Interoperability
- 29. What are the risks/rewards for putting SBCs in the cloud? 29
- 30. 30 SBC Deployment Models Compared Appliance (Bare Metal) Virtualized Cloud Highest Performance Most predictable Small CPE appliances Dedicated hardware Best for large scale and private datacenter 1+1 Redundancy Flexible deployment options “Service Chain” VM overhead limits performance and predictability “Pay as you grow” CAUTION: Media charges and throughput caps “Noisy Neighbors?” Good for dynamic requirements and flexible deployments
- 31. Is FreeSBC really Free? When is it not free? 31
- 32. 32 FreeSBC Editions Feature/Capability FreeSBC FreeSBC PRO Back to Back User Agent (B2BUA) DDOS / DOS Protection NAT Traversal SIP Header / Digit Manipulation Call Routing Call Rate / Bandwidth Limiting Access to Wiki and Community Support Live Support and Software Update Service High Availability 1+1 90-day Trial Media Bypass (RTP no anchoring) 90-day Trial TB analytics 90-day Trial OSS/BSS, RADIUS, SNMP & API Connectors 90-day Trial For a full comparison, see: www.freesbc.com/pricing
- 33. 33 Learn more at: www.FreeSBC.com
- 34. 34 Learn More…
- 35. 35 Q&A The SIP School www.thesipschool.com Free copy of SBC software: www.freesbc.com Other Recorded webinars at: freesbc.com/video-library Q/A?