A session border controller (SBC) is a network element deployed to protect SIP-based VoIP networks.
Early deployments of SBCs were focused on the borders between two service provider networks in a peering environment. This role has since expanded to include significant deployments between a service provider's access network and its backbone network, providing service to residential and/or enterprise customers. SIP over WebSockets (RFC 7118) is often used partially due to the applicability of SIP to most of the envisaged communication scenarios as well as the availability of open source software such as JsSIP. In such a case the SBC acts as a gateway between the WebRTC applications and SIP end points.
Applications
SBCs are inserted into the signaling and/or media paths between calling and called parties in a VoIP call, predominantly those using the Session Initiation Protocol (SIP), H.323, and MGCP call-signaling protocols.
In many cases the SBC hides the network topology and protects the service provider or enterprise packet networks. The SBC terminates an inbound call and initiates the second call leg to the destination party. In technical terms, when used with the SIP protocol, this defines a back-to-back user agent (B2BUA). The effect of this behavior is that not only the signaling traffic, but also the media traffic (voice, video) is controlled by the SBC. In cases where the SBC does not have the capability to provide media services, SBCs are also able to redirect media traffic to a different element elsewhere in the network, for recording, generation of music-on-hold, or other media-related purposes. Conversely, without an SBC, the media traffic travels directly between the endpoints, without the in-network call signaling elements having control over their path.
In other cases, the SBC simply modifies the stream of call control (signaling) data involved in each call, perhaps limiting the kinds of calls that can be conducted, changing the codec choices, and so on. Ultimately, SBCs allow the network operators to manage the calls that are made on their networks, fix or change protocols and protocol syntax to achieve interoperability, and also overcome some of the problems that firewalls and network address translators (NATs) present for VoIP calls.
To show the operation of an SBC, one can compare a simple call establishment sequence with a call establishment sequence with an SBC. In the simplest session establishment sequence with only one proxy between the user agents the proxy’s task is to identify the callee’s location and forward the request to it. The proxy also adds a Via header with its own address to indicate the path that the response should traverse. The proxy does not change any dialog identification information present in the message such as the tag in the From header, the Call-Id or the Cseq. Proxies also do not alter any information in the SIP message bodies. Note that during the session initiation phase the user agents exchange SIP messages with the SDP bodies that include addresses at which the agents expect the media traffic. After successfully finishing the session initiation phase the user agents can exchange the media traffic directly between each other without the involvement of the proxy.
SBCs are designed for many applications and are used by operators and enterprises to achieve a variety of goals. Even the same SBC implementation might act differently depending on its configuration and the use case. Hence, it is not easily possible to describe an exact SBC behavior that would apply to all SBC implementations. In general it is possible to identify certain features that are common to SBCs. For example, most SBCs are implemented as back-to-back user agent.
A B2BUA is a proxy-like server that splits a SIP transaction in two call legs: on the side facing the user agent client (UAC), it acts as server, on the side facing user agent server (UAS) it acts as a client. While a proxy usually keeps only state information related to active transactions, B2BUAs keep state information about active dialogs, e.g., calls. That is, once a proxy receives a SIP request it will save some state information. Once the transaction is over, e.g., after receiving a response, the state information will soon after be deleted. A B2BUA will maintain state information for active calls and only delete this information once the call is terminated.
When an SBC is included in the call path, the SBC acts as a B2BUA that behaves as a user agent server towards the caller and as user agent client towards the callee. In this sense, the SBC actually terminates that call that was generated by the caller and starts a new call towards the callee. The INVITE message sent by the SBC contains no longer a clear reference to the caller. The INVITE sent by the SBC to the proxy includes Via and Contact headers that point to the SBC itself and not the caller. SBCs often also manipulate the dialog identification information listed in the Call-Id and From tag. Further, in case the SBC is configured to also control the media traffic then the SBC also changes the media addressing information included in the c and m lines of the SDP body. Thereby, not only will all SIP messages traverse the SBC but also all audio and video packets. As the INVITE sent by the SBC establishes a new dialog, the SBC also manipulates the message sequence number (CSeq) as well the Max-Forwards value.
Note that the list of header manipulations listed here is only a subset of the possible changes that an SBC might introduce to a SIP message. Furthermore, some SBCs might not do all of the listed manipulations. If the SBC is not expected to control the media traffic then there might be no need to change anything in the SDP body. Some SBCs do not change the dialog identification information and others might even not change the addressing information.
SBCs are often used by corporations along with firewalls and intrusion prevention systems (IPS) to enable VoIP calls to and from a protected enterprise network. VoIP service providers use SBCs to allow the use of VoIP protocols from private networks with Internet connections using NAT, and also to implement strong security measures that are necessary to maintain a high quality of service. SBCs also replace the function of application-level gateways.
<!---->
</references>