ABC SBC

Session Border Controller SBC
With the ABC session border controller (SBC) VoIP service providers and enterprises deploy a scalable session border controller (SBC) that was designed to run on top of high end hardware as well as appliances and virtual machines. Thereby, the ABC SBC enables VoIP providers to gradually scale up their infrastructure and covers the needs of enterprises of all sizes.

The ABC session border controller not only offers secure session border control, signaling mediation and call routing but also advanced media server applications. This makes the ABC SBC the perfect tool for addressing the rapidly changing business and network requirements of VoIP and NGN service providers.

The need to support different and often contradicting customer requirements has led FRAFOS to develop the ABC SSBC as an open and powerful framework that enables the easy adaptation of the ABC SBC in accordance with the exact needs of our customers. With the knowledge that no solution fits all scenarios, the ABC session border controller is designed as a customizable platform that achieves its performance not through specialized hardware but by efficient implementation. The ABC SBC is the first session border controller that was designed to scale horizontally as well as vertically by either scaling the performance of the used hardware or the number of used installations.

The current ABC SBC version provides the following features:

  • GUI based management
  • System and network monitoring
  • SIP session control and manipulation
  • Registration offloading
  • Border security
  • SNMP V2 alarms and status information
  • High availability using active/hot standby mode.
  • WebRTC support

GUI-based Management

The ABC SBC provides the administrator with an easy to use GUI for
  • Defining routing handling policies.
  • Define security and message manipulation rules
  • Granular traffic limiting:  Limit traffic based on any part of a SIP message.
  • Monitoring netwok and system statistics.
  • System configuration and management

Media Applications

The ABC SBC provides a built-in programmable and open media server platform for supporting announcements and real-time web applications.
  • Announcements: The ABC SBC can be used to generate announcements directly on the border of the network
  • Transcoding: ABC SBC platform offers software based transcoding with support of G711u/a, G726, GSM, iLBC, L16, G722, Speex, G729 and G729a/b codecs. Codecs G729 and G729a/b are subject to patent licenses.
  • Recording: The ABC SBC enables the operator to record SIP calls and save the recorded content on local disk.
Due to the open interfaces of the ABC SBC it is possible to rapidly introduce new applications that are customized to the needs of the operator.

Border Security

In order to secure the borders of VoIP providers, the ABC SBC provides the following security features:
  • Rate limiting: In order to protect against DoS attacks, calls arriving above a certain threshold can be either rejected or simply dropped.
  • Parallel call control: In order to prevent misuse and fraud the ABC SBC can use either a general limit or a per enterprise value to detect excess calls.
  • Content control: Using Deep Packet Inspection mechanisms, the ABC SBC can filter the content of incoming SIP messages and drop messages that contain suspicious content.
  • Topology hiding: All information related to the operator’s internal structure such as IP addresses of media servers or SIP registrars are anonymized by the ABC SBC just before forwarding any messages outside the operator’s network.
  • Media control: Besides controlling the signaling information, the ABC SBC offers different features for securing the exchange of media data:
    • Codec control: The ABC SBC can refuse calls requesting media codecs that are not allowed in the operator’s network
    • Rate limiting: Traffic received in excess of certain limits can be rejected.
    • Codec monitoring: The ABC SBC can be used to reject media packets that do not conform to the type that was signaled in the session establishment.

System and Network Monitoring

Through the management GUI the operator of the ABC SBC can have an elaborate overview of the performance of the VoIP infrastructure and be alerted to failures. The monitoring interface of the ABC SBC provides the following information:
  • Call statistics such as number of successful/failed calls
  • General statistics such as used bandwidth, memory and CPU
  • List of active calls and the possibility to terminate an active call
  • The possibility to collect PCAP traces of both signaling and media information of certain calls
  • Call flow sequences showing all messages related to some call with the possibility of displaying the details of any message from the sequence
  • The collected statistics can also be exported using SNMP.

 SIP Session Control and Manipulation

The ABC SBC acts as a SIP Back2Back UA (B2BUA) that enables the operator to control the access to its network and provides the following features:
  • Topology hiding
  • NAT traversal
  • Media and RTP access control
  • Add, remove and modify SIP headers
  • Manipulate SIP bodies
  • Mediate between different SIP specifications such as IMS and IETF SIP.

Registration Offload

In order to reduce the number of registrations that have to be processed at the operator’s registrar, the ABC SBC caches successful registrations. The registration information at the operator’s registrar will be refreshed by the ABC SBC at much lower rates than the subscribers refresh attempts.  This reduces the load on the operator’s infrastructure and protects it from misbehaving subscribers or malicious users that try to attack the network by sending large numbers of registration messages.

Open Interfaces

The ABC SBC offers RESTfull interfaces that enable a smooth integration with application service platforms. Over its open interfaces a provider can control different features such as
  • Routing: Offload complex and customized routing logic to an external environment.
  • Authentication: Authenticate and register users already on the border of the network.
  • Announcements: Control which announcement should be played when.