1.1. About the ABC Session Border Controller

This manual is a complete handbook for the ABC Session Border Controller (ABC SBC). It documents network planning, SBC installation, policy configuration and the best current practices for operating the SBC.

The ABC Session Border Controller (ABC SBC) is a SIP Back-2-Back User Agent (B2BUA) that provides operators and enterprises with a scalable session border control solution for secure connections with Voice of IP (VoIP) operators and users. With the ABC SBC VoIP service providers and enterprises deploy a session border controller that is designed to run on top of high end hardware as well as appliances and virtual machines. Thereby, the ABC SBC enables VoIP providers to gradually scale up their infrastructure and covers the needs of enterprises of all sizes.

The ABC SBC provides the following features:

  • Infrastructure Security: The ABC SBC serves as the first line of defence, fending off attacks coming over the Internet, hiding internal topology, applying rate limits and performing Call Admission Control, limiting number of parallel calls and call length, and off-loading registrar and registration throttling.
  • Confidentiality. The ABC SBC implements cryptographic protocols TLS and SRTP that make it incredibly hard for unauthorized third parties to intercept VoIP calls. Secured telephony is possible even without exotic telephones using off-the-shelf webRTC browsers (See the next point). The ABC SBC can also combine cryptographically secured RTC telephony with traditional policy-based IT practices like VPNs, so that confidentiality can be achieved in a practicable end-to-end way between all kinds of equipment.
  • Browser Telephony. The ABC SBC includes a built-in SIP/WebRTC gateway. The gateway allows users to interconnect WebRTC browser telephony with SIP telephony and even PSTN telephony users behind SIP/telephony gateways. The browser telephony allows for easy integration with web applications and provides a level of privacy previously unprecedented before in fixed and mobile networks.
  • Network Functions Virtualization (NFV). The ABC SBC also comes in a virtualized form that allows administrators to run the SBC without managing the physical infrastructure. More than that, a whole auto-scaling load-balanced RTC gateway cluster can be started in Amazon Elastic Cloud by a single button using the Cloud Formation launching facility. Such a cluster adapts to network conditions, growing and shrinking with network traffic. It can be geographically dispersed for best QoS worldwide and it can be launched in less than five minutes – compare that to the effort of placing your own equipment in multiple geographically distributed air-conditioned data-centers!
  • Mediation: The ABC SBC connects disconnected unroutable networks and VLANs, different transport protocols, secured and plain RTP, facilitates NAT traversal, steers codec negotiation, translates identities and adapts SIP headers and bodies for best interoperability between incompatible devices and networks policies.
  • Rapid IT integration. The ABC SBC dramatically reduces the time-to-deploy. Studies show that in the vast majority of new network deployments inadequate time and cost is spent in designing data integration concepts. ABC SBC reduces the time-to-deploy with its built-in integration capabilities. Administrators can place external logic to web-servers and govern how the SBC behaves through a RESTful interface. Large amounts of pre-provisioned data can be used to govern the SBC logic, such as routing tables, peering characteristics, SIP bulk registration, blacklists or whitelists, or subscriber information.
  • SIP Routing: The ABC SBC‘s competitive design allows administrators to route SIP traffic based on any message element. Routing methods like source-based, destination-based, least-cost-route based, proprietary-header-field-based and others can be easily configured and cascaded behing each other to find the most-proper destination for SIP traffic.
  • Real-time monitoring. The ABC SBC allows its administrator to permanently know what is going on in their SIP networks. Due to the centralized nature of SBCs, the ABC SBC enables you to gain deep insight into the traffic it steers and constantly reports on it using “events” and “Call Detail Records” (CDRs). This data can be further used to perform troubleshooting, backwards analysis and future predictions of the system as whole as well as that of its individual users. The ABC SBC also reports on its status using SNMP.
  • Media processing: The ABC SBC includes built-in audio recording, transcoding, announcements and conferencing.
  • Web management. Remote management allows rapid and convenient adaptation to ever changing network conditions. ABC SBC‘s policies can be easily changed through the web interface.
  • Non-stop service. The ABC SBC is designed to provide high-availablity by running in redundant hot-standby pairs. Alternate route definitions and built-in monitoring conceal scheduled and unplanned outages of network elements behind the ABC SBC.

1.1.1. How to Start?

This book is intended for everyone interested in installing and using the ABC SBC. Knowledge of SIP, RTP and IP networking is of an advantage and would ease the reading and use of the book. Of essential value is, however, a good understanding of the VoIP environment in which the ABC SBC is to be deployed. Depending on your goal, there are these options for how to get the most out of this book in the shortest time:

  • Cloud RTC Trial: Trialing the RTC gateway using amazon Elastic Cloud allows you to start the WebRTC/SIP gateway service within minutes and establish connectivity between web browsers and an existing SIP service. See the Section Amazon Elastic Cloud Configuration Cookbook and visit our trial site at https://go.frafos.com/.
  • Virtual ABC SBC trial: For testing the ABC SBC the most direct approach is to go through the practical guide and then install the VM version of the ABC SBC. Once the VM is installed and configured the user can learn about the features of the ABC SBC in more detail by checking the management GUI and going through the example sections. See the Sections Practical Guide to the ABC SBC and VM Installation.
  • Installing the ABC SBC: Before installing the ABC SBC it is advisable to go through the practical guide to have a better understanding of the needed infrastructure. After installing the ABC SBC, the practical guide can be used for a quick configuration of the solution. In case certain issues need to be solved that are not covered in the guide, then a look into the reference chapter (Section Reference of Actions) will be helpful. The administrator should also go through the administration, monitoring and security chapters to develop a better understanding and control of the installed system.

The book is structured in the following parts:

  • Introduction: This section provides an overview of the basic technologies addressed here, namely SIP and SBC. Furthermore, the basic concepts and terminology of the ABC SBC are described. If you are knowledgeable with SIP and VoIP deployments you can skip the introductions to SIP and SBCs.
  • Practical Guide to the ABC SBC: This section provides first an overview of what a future user of the ABC SBC - or actually any other SBC as well - must consider before purchasing and installing an SBC. Moreover, this guide can be seen as a short cut for configuring and using the main features of the ABC SBC without having to go through the entire manual.
  • Installing the ABC SBC: This section covers the steps needed to deploy the ABC SBC. Firstly, one needs to determine whether to deploy the ABC SBC VM which is provided by FRAFOS as an already installed and configured application or to do a complete installation from the FRAFOS repository.
  • General ABC Configuration Guide: This section provides the details about the different features of the ABC SBC, what they are good for and how they can be used. For the more complex parts, additional sections with examples are provided. These example sections are intended as short cuts for solving common issues.
  • ABC SBC System administration: This chapter explains a set of features available for the administrator of the ABC SBC. These features include the capability to create and manage users of the ABC SBC and define their rights, the list of commands that can be used to run certain tasks that might not be available through the GUI as well as conduct upgrades and updates of the ABC SBC software.
  • Monitoring and Troubleshooting: The ABC SBC collects various measurement values and call traces and generates alarms and SNMP traps. These features provide the administrator of the ABC SBC with the information needed to detect errors and problems in the processed VoIP traffic as well as in the operation of the ABC SBC.
  • Securing SIP Networks using ABC SBC and ABC Monitor (optional): This chapter provides an overview of the security capabilities of the ABC SBC as well as a guide for configuring blacklists, traffic shaping and limiting the call duration.

1.1.2. Release Notes

The major focus of the 4.0 release has been security and diagnostics.

In ABC SBC the following features are new:

  • Geographic Lookups. In the ABC rules, administrators can now check geographic region of request source IP address. This allows to set different policies for various geographic regions.
  • Monitor Access. Now, the SBC can send data to two Monitors and the data can be encrypted. This is useful in organizations with dual separated administrations, as well as during trials and migrations.
  • Two Factor Authentication. This experimental feature allows to establish secondary passwords for users so that their security doesn’t get compromised when security of PBXes behind the SBC is compromised.
  • Improved Management of IP Rules. The IP rule management has been simplified to deal with the increasing number of filtering policies.
  • AWS Support. The ABC SBC is now available from AWS Marketplace. AWS users are just few minutes and clicks away from starting their own infrastructure. Detailed information can be found on our website, https://go.frafos.com.
  • There is now capability in the GUI to access most recent traffic from an IP address. Also TLS keys are available in the case that signaling was encrypted. This way troubleshooters obtain access to layers bellow signaling.
  • Increased robustness against flooding attacks.

ABC Monitor has undergone a major overhaul, now building upon the latest version of Logstash, Elastic Search and Kibana. New features include:

  • A new Home Dashboard, and daily reports that are sent as PDF by Email.
  • Various new metrics available in the Call Dashboard, such as ACD and ASR.
  • New alerts that can alarm on a variety of abnormal situations.
  • New connectivity CA dashboard to visualize quality of signaling between various Call Agents. This way, low-performing Call Agents and Call Agent pairs are identified earlier.
  • More powerful data filters: full-text filters are available, filters can be now preserved between dashboards by “pinning”. This helps to narrow down analyzed data more efficiently.

1.1.3. Credits

The initial version of this book was written by the FRAFOS team with support from Sipwise in a three day Book Sprint facilitated by Barbara Rühling. The illustrations were provided by Juan Camilo Cruz. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License .

Table Of Contents

Previous topic

1. About This Book

Next topic

2. Introduction

This Page