Role of SBCs within ETSI TISPAN Release 1 architecture 

TISPAN Release 1 is an architecture defined by ETSI for the delivery of real-time voice, video and multimedia services using SIP and other standards based protocols to initiate and control service delivery over packet-switched networks with a focus on wireline access networks. This architecture, as a result of a merger with 3GPP/IMS, has been extended by ETSI to include the IMS core architecture (see diagram below) to enable service providers to leverage a common core service delivery infrastructure for both wireline and wireless access networks. This enables service providers to accelerate support for the service delivery requirements of converged fixed-mobile services.

Within the TISPAN architecture, the two different types of SBCs – the Access SBC and the Interconnect SBC – play very important roles by integrating signaling and media control. The functional responsibilities of these products are illustrated above and further described below.

SBC role in extended ETSI TISPAN Release 1 architecture

Access Session Border Controller (A-SBC)
The Access-SBC satisfies the requirements at the border where subscribers access the TISPAN core. It integrates three functional elements from the TISPAN architecture:

• Proxy-Call Session Control Function (P-CSCF) – is the SIP signaling contact point, the outbound/inbound “proxy,” for subscribers within TISPAN. However, the term “proxy” is deceiving since to fulfill its complete set of responsibilities it must be able to proactively initiate SIP requests. This requires implementation as a SIP Back-to-Back User Agent (SIP B2BUA), not a simple SIP proxy. The P-CSCF is responsible for forwarding SIP registration messages from the subscriber’s endpoint, the User Equipment (UE), in a visited network to the Interrogating-CSCF (I-CSCF) and subsequent call set-up requests and responses to the Serving-CSCF (S-CSCF). The P-CSCF maintains the mapping between logical subscriber SIP URI address and physical UE IP address and a security association, for both authentication and confidentiality, with the UE using IPsec for example. The P-CSCF obtains subscriber location information via the e2 interface that communicates with the CLF within the Network Attachment Sub-System (NASS). It supports emergency call (E911) local routing within the visited network, accounting, session timers and admission control. It provides accounting information to the charging function (CF) via the Rf interface (DIAMETER). For admission control decisions the P-CSCF can leverage an internal or external SPDF. To communicate with an external SPDF the P-CSCF uses the Gq’ interface (DIAMETER). Lastly, the P-CSCF interacts with C-BGF for control of the boundary at the transport layers including pinhole firewall, NAPT and numerous other features.
  
• Service-based Policy Decision Function (SPDF) – performs policy-based resource reservations on behalf of the P-CSCF via the Gq’ interface (DIAMETER). The SPDF forwards the P-CSCF resource reservation requests (QoS and bandwidth allocations) to the appropriate core border gateway function (C-BGF) and/or access resource admission control function (A-RACF) for a session admission control decision based on defined policies for the subscriber and network resource limits. Then based on the response it receives from the C-BGF or A-RACF, it informs the P-CSCF that the session is accepted and can proceed or is rejected and terminated. The SPDF communicates with the C-BGF via the Ia interface (H.248) and with the A-RACF via the Rq interface (DIAMETER). The SPDF performs network-based NAT traversal and gate control on the border gateway function (C-BGF) to assure resources and guarantee bandwidth on a per session basis.
  
• Core Border Gateway Function (C-BGF) – controls the transport boundary at layers 3 and 4 (media) between subscribers and the service provider’s network. This function acts as a pinhole firewall and NAT device protecting the service provider’s TISPAN core. It controls access by packet filtering on IP address/port and opening/closing gates (pinholes) into the network. It uses Network Address and Port Translations (NAPT) to hide the IP addresses/ports of the service elements in the TISPAN core. Additional features supported by the C-BGF for the media flows include network-based NAT traversal, QoS packet marking, bandwidth & signaling rate policing, usage metering and QoS measurements.

Interconnect Session Border Controller (I-SBC)
The Interconnect-SBC addresses the requirements at the boundary where different service provider networks interconnect or “peer.” It integrates four functional elements from the TISPAN architecture:  

Acme Packet SBCs support critical missing requirements

SBC product selection and physical deployment considerations

• Security – SBCs prevent DoS and DDoS attacks on core TISPAN elements by dynamically discovering and blocking malicious signaling and media attacks or non-malicious overloads (e.g. endpoint re-registering very frequently). Advanced SBCs using hardware-based features, like Acme Packet’s SBCs, can protect themselves against attack without loss of service and create a security perimeter that protects upstream elements (I/S-CSCF) from DoS/DDoS attacks and signaling overloads.
• Scalability – SBCs provide a distributed edge processing function for signaling control (P-CSCF/I-BCF), offloading connection and encryption management (e.g. TCP, TLS, IPsec), NAT traversal processing and other processor-intensive tasks from core TISPAN elements (I/S-CSCF). The SBC also performs local policy decision functions in order to off-load the SPDF. These decisions include enforcing the maximum bandwidth per subscriber, access network, core network or interconnect link. From a SIP signaling perspective, Acme Packet SBCs can also control the number of sessions or rate of session establishment per subscriber, access network, interconnect link or session agent/group. 
• Resiliency (geographic location) – SBCs increase network resiliency by deploying signaling control functions (P-CSCF/I-BCF) at the access and interconnect network borders. These devices provide a logical breakout point for emergency calls, prevent DoS/DDoS attacks from reaching the core network and minimize the impact of a single P-CSCF failure or a centralized I/S-CSCF site disaster by providing simplified subscriber re-routing capabilities. 
• Cost – SBCs incorporate multiple TISPAN functions resulting in fewer network elements, fewer networking protocols and more robust fault and performance management (e.g. media QoS monitoring incorporated with session layer accounting), resulting in lower operational costs. Acme Packet SBCs also leverage hardware-based acceleration for processor intensive functions (DoS/DDoS protection, encryption, QoS monitoring/reporting) to reduce capital expenditures by scaling more efficiently.

Net-Net
Acme Packet SBCs perform the critical functions of the access and interconnect SBCs as defined in the TISPAN Release 1 architecture. In these roles the Acme Packet SBCs enable service providers to create a border architecture that delivers increased security, scalability and resiliency, while reducing operating and capital expenditure costs.