SBC controls

Our SBCs protect themselves, IP PBXs, unified communications servers and other elements of the enterprise network, as well as networks, systems and relationships. They protect enterprise networks and session privacy, and provide denial-of-service (DoS/DDoS) protection from malicious attacks and non-malicious overloads.

SBC DoS/DDoS protection

• Protect SBC from DoS/DDoS attack and other malicious attacks
• Protect SBC from non-malicious overloads
• Allow trusted/authenticated users access while under DoS attack
• Dynamically accept or reject traffic based on device behavior

Access control

• Filter specific devices or whole networks on a per-application basis
• Permit access to known devices or networks
• Permit access to authorized/registered users; permit or deny access to mask users
• Dynamically accept or reject traffic based on device behavior
• Accept media only for authorized sessions

Topology hiding & privacy

• Hide data center network topology to prevent directed attacks
• Mask user information for privacy and confidentiality
• Protect users and enterprise infrastructure from eavesdroppers, identity thieves and fraud
• Secure L2 and L3 VPNs by maintaining security isolation between VPNs
• Support inter-VPN sessions; monitor media for intra-VPN sessions for fraud prevention

Virus, worm & SPIT protection

• Protect network from malicious attachments, prevent malformed messages from overloading resources
• Restrict usage to prevent automated dialing/unwanted sessions

Service infrastructure DoS prevention

• Prevent DoS attacks from reaching data center service infrastructure
• Protect core from signaling overload attacks by enforcing call rate limiting and message rate limiting policies

Fraud prevention

• Perform signaling and media validation by authenticating and authorizing users
• Enforce contract per-user/device policies and prevent piggyback usage

Monitoring and reporting

• Monitor and report on alarms for attacks and overloads
• Audit trails for attack response and fraud investigation
• Provide secure monitoring and management access to protect from unauthorized personnel

Our SBCs extend the reach of enterprise applications by enabling interoperability between different types of networks and devices supported. Support is provided for enabling sessions to traverse existing data firewall/NAT devices, bridging private networks using overlapping IP addresses and VPNs, mediating between different signaling, transport and encryption protocols, converting between incompatible codecs and translating signaling-layer telephone numbers, addresses and response codes.

NAT traversal

• Enable incoming and outgoing calls to traverse premises-based NAT devices by discovering public/external IP addresses for signaling and media or keeping NAT pinholes open for signaling

Address translation

• Bridge IP address spaces—private-public, private-private, IPv4-IPv6

Telephone number & URI manipulation

• Enable prefix, suffix, wildcard and other telephone number manipulations to enhance/control session routing

Protocol translations and fix-ups

• Signaling—provide protocol normalization, repair and interworking for SIP to SIP, H.323 to H.323, SIP to H.323, SIP to SIP-T, SIP to SIP-I, SIP-I to SIP-T
• Transport—provide support and interworking for UDP, TCP, SCTP
• Encryption—provide support and interworking for none, TLS, MTLS, IPsec, SRTP
• Response codes—correct SIP & H.323 response code translations between networks/service providers

Transcoding, transrating & DTMF translations

• Transcoding—translation for fixed line and mobile codecs
• Transrating—mediate between variations in rate (e.g. 10ms to 30ms)
• DTMF extraction / interworking—enable conversion from in-band to out of band signaling

Acme Packet SBCs play a critical role in assuring session capacity and quality for enterprise networks. They perform admission control to ensure that both the network and IP PBX or UC server infrastructure have the capacity to support a session with high quality. Our SBCs also monitor and report actual session quality to determine compliance with performance specifications set forth in enterprise IT SLAs with their lines of business.

Session admission control

• Admit sessions based upon signaling and bandwidth constraints per user, network or session agent to ensure resource availability
• Interface to external policy servers and bandwidth managers

Overload protection and control

• Load balance traffic based on number of sessions or rate of sessions
• Reject or divert traffic based upon destination number to control mass calling events

Failure detection, traffic re-route and recovery

• Monitor performance and availability of L3 router, SIP registrar, SIP session agent
• Re-route or re-distribute traffic based upon performance degradation or failure
• Manage avalanche SIP registration events resulting from power outages, network cuts or registrar failures by statefully managing endpoint re-registration process and load

Transport control

• Assign QoS marking/VLAN mapping based on application, source address or destination address
• Release peer-peer media between endpoints

Quality reporting and quality-based routing

• Route sessions to alternative SIP trunking networks based on observed QoS—jitter, loss, latency—or answer seizure ratio (ASR)
• Measure QoS (latency, jitter and packet loss) and ASR per-session
• Append QoS and ASR information to CDR

Call replication for call recording

• For contact center session handling quality assessments

Acme Packet SBCs enable enterprise compliance with government-mandated regulations worldwide, including emergency services such as E911 and session/call recording.

Emergency session handling

• Prioritize, retrieve location information and route emergency/E911 sessions with enhanced QoS (3GPP E-CSCF)
• Interface to external location servers (3GPP CLF)

Session recording or replication for recording

• For quality control and regulatory compliance requirements

Enterprise networks can control operational costs by protecting against both bandwidth and quality of service theft, routing sessions optimally to minimize costs and providing flexible usage reporting for cost accounting and traffic planning purposes.

Accounting

• Generate CDRs for department/LOB charging or network planning
• Diameter, RADIUS or file-based accounting

Service theft protection

• Police media bandwidth per-session based upon authorized codec
• Terminate inactive session with session timers to free-up network and system resources
• Ensure only authorized sessions receive correct QoS and resource allocation

Routing

• Least cost routing (LCR) enables policy-based session control based on route cost
• ENUM-based routing increases routing infrastructure scalability and reduces PSTN costs
• Carrier code-based routing enables policy based session control based on prefix or carrier code
• Industry-standard ENUM, SIP, XML and DNS interfaces to third-party routing databases
• Large local route tables for static, localized routing decisions

Codec stripping & re-ordering

• Normalize codec at border to simplify core service network and routing