Role of SBCs within 3GPP IMS Release 7 architecture 

IMS is an architecture defined by 3GPP for the delivery of real-time voice, video and multimedia services using SIP over packet-switched networks with a focus on mobile wireless access networks. This architecture has been extended to include FMC and WLAN access scenarios that accelerate the convergence of common services delivered across an array of wireless and wireline access technologies.

The 3GPP IMS Release 7 architecture extends the service delivery reach from traditional 3G GSM cellular networks to Wi-Fi access points and the emerging femtocells. This enables service providers to extend the reach of a common set of services into homes, hospitality and enterprise markets via the broadband network. The FMC component of this architecture ensures non-interrupted service delivery even as the user transitions from fixed to mobile access networks or vice versa.

Within the 3GPP IMS Release 7 architecture, the two different types of SBCs – the Access SBC and the Interconnect SBC – play very important roles by integrating signaling and media control. The functional responsibilities of these products are illustrated and further described below. 

SBC role in extended IMS architecture

Access Session Border Controller (A-SBC)
The Access-SBC satisfies the requirements at the border where subscribers access the IMS core. It integrates three functional elements from the 3GPP IMS Release 7 architecture:

• Proxy-Call Session Control Function (P-CSCF) – is the SIP signaling contact point, the outbound/inbound “proxy,” for subscribers within IMS as defined by 3GPP. However, the term “proxy” is deceiving since to fulfill its complete set of responsibilities it must be able to proactively initiate SIP requests. This requires implementation as a SIP Back-to-Back User Agent (SIP B2BUA), not a simple SIP proxy. The P-CSCF is responsible for forwarding SIP registration messages from the subscriber’s endpoint, the User Equipment (UE), in a visited network to the Interrogating-CSCF (I-CSCF) and subsequent call set-up requests and responses to the Serving-CSCF (S-CSCF). The P-CSCF maintains the mapping between logical subscriber SIP URI address and physical UE IP address and a security association, for both authentication and confidentiality, with the UE using IPsec for example. It supports emergency call (E911) local routing within the visited network, accounting, session timers and admission control. For admission control decisions the P-CSCF leverages the Policy Charging Resource Function (PCRF) policy decision function. It also provides accounting information for sessions to the PCRF. The P-CSCF interacts with C-BGF for control of the boundary at the transport layers including pinhole firewall, NAPT and numerous other features
  
• Core Border Gateway Function (C-BGF)  – controls the transport boundary at layers 3 and 4 between service provider access and core networks. This function acts as a pinhole firewall and NAT device protecting the service provider IMS core. It controls access by packet filtering on IP address/port and opening/closing gates (pinholes) into the network. It uses Network Address and Port Translations (NAPT) to hide the IP addresses/ports of the service elements in the IMS core. QoS packet marking, bandwidth & signaling rate policing, usage metering and QoS measurements for the media flows are additional features supported by the C-BGF. For wireline networks it also provides network-based NAT traversal for the media flows.
  
• Tunnel Terminating Gateway (TTG) – performs IPSec IKEv2 tunnel termination supporting both SIP-based interactive communication services (signaling and media) and non-SIP packet data services. It forwards SIP signaling traffic to P-CSCF, SIP-signaled media to C-BGF and “walled garden” data services and tunneled Internet traffic to the GGSN.  This function may be integrated with the P-CSCF and C-BGF, or deployed as a standalone element.

Interconnect Session Border Controller (I-SBC)
The Interconnect-SBC addresses the requirements at the boundary where different service provider networks interconnect or “peer.” It integrates three functional elements from the 3GPP IMS Release 7 architecture:  

Acme Packet SBCs support critical missing requirements

SBC product selection and physical deployment considerations

• Security – SBCs prevent DoS and DDoS attacks on core IMS elements by dynamically discovering and blocking malicious signaling and media attacks or non-malicious overloads (e.g. endpoint re-registering very frequently). Advanced SBCs using hardware-based features, like Acme Packet’s SBCs, can protect themselves against attack without loss of service and create a security perimeter that protects upstream elements (I/S-CSCF) from DoS/DDoS attacks and signaling overloads.
• Scalability –SBCs provide a distributed edge processing function for signaling control (P-CSCF/I-BCF), offloading connection and encryption management (e.g. TCP, TLS, IPsec), NAT traversal processing and other processor-intensive tasks from core IMS elements (I/S-CSCF). The SBC also performs local policy decision functions in order to off-load the core PCRF. These decisions include enforcing the maximum bandwidth per subscriber, access network, core network or interconnect link. From a SIP signaling perspective, Acme Packet SBCs can also control the number of sessions or rate of session establishment per subscriber, access network, interconnect link or session agent/group.
• Resiliency (geographic location) – SBCs increase network resiliency by deploying signaling control functions (P-CSCF/I-BCF) at the access and interconnect network borders. These devices provide a logical breakout point for emergency calls, prevent DoS/DDoS attacks from reaching the core network and minimize the impact of a single P-CSCF failure or a centralized I/S-CSCF site disaster by providing simplified subscriber re-routing capabilities. 
• Cost – SBCs incorporate multiple 3GPP IMS functions resulting in fewer network elements, fewer networking protocols and more robust fault and performance management (e.g. media QoS monitoring incorporated with session layer accounting), resulting in lower operational costs. Acme Packet SBCs also leverage hardware-based acceleration for processor intensive functions (DoS/DDoS protection, encryption, QoS monitoring/reporting) to reduce capital expenditures by scaling more efficiently.

Net-Net
Acme Packet SBCs perform the critical functions of the access and interconnect SBCs as defined in the 3GPP IMS Release 7 architecture. In these roles the Acme Packet SBCs enable service providers to create a border architecture that delivers increased security, scalability and resiliency, while reducing operating and capital expenditure costs.

Acme Packet SBCs also provide critical functions that are outside the scope of the IMS specification, including security, signaling overload control, enterprise access requirements and transcoding. These valuable capabilities enable service providers to extend the reach of their NGN investment while better protecting their network and users.

Finally, Acme Packet SBCs allow the service provider to select the preferred deployment model – integrated or decomposed – that satisfies their unique requirements for creating a secure and scalable border. These deployment options enable the service provider to design an access architecture that optimizes operational and capital expenditures, while enhancing the service provider’s ability to deliver real-time voice, video and multimedia services.