|
SBC controls
Our SBCs secure the OTT/ASP subscriber access border and the interconnect/peering border. They protect themselves and other elements of the service delivery infrastructure from malicious denial-of-service (DoS/DDoS) attacks and non-malicious overloads. They protect OTT/ASP subscriber endpoints and privacy, SBC DoS/DDoS protection- Protect SBC from DoS/DDoS attack and other malicious attacks
- Protect SBC from non-malicious overloads
- Allow trusted/authenticated users access while under DoS attack
- Dynamically accept or reject traffic based on device behavior
Access control- Filter specific devices or whole networks on a per-application basis
- Permit access to known devices or networks
- Permit access to authorized/registered users; permit or deny access to mask users
- Dynamically accept or reject traffic based on device behavior
- Accept media only for authorized sessions
Topology hiding & privacy- Hide core topology to prevent directed attacks and preserve confidentiality
- Mask user information for privacy and confidentiality
- Protect users and service provider infrastructure from eavesdroppers, identity thieves and fraud
- Secure L2 and L3 VPN customers by maintaining security isolation between VPNs
- Support inter-VPN sessions; monitor media for intra-VPN sessions for lawful intercept or fraud prevention
Virus, worm & SPIT protection- Protect network from malicious attachments, prevent malformed messages from overloading resources
- Restrict usage to prevent automated dialing/unwanted sessions
Service infrastructure DoS prevention- Prevent DoS attacks from reaching core service infrastructure
- Protect core from signaling overload attacks by enforcing call rate limiting, message rate limiting and code gapping policies
Fraud prevention- Perform signaling and media validation by authenticating and authorizing users
- Enforce service contract per-user/device and prevent piggyback usage
Monitoring and reporting- Monitor and report on alarms for attacks and overloads
- Audit trails for attack response & fraud investigation
- Provide secure monitoring & management access to protect from unauthorized personnel
The SIP, H.323 and SIP-H.323 interworking capabilities of a Net-Net SBC ensure interoperability with-and-between subscriber endpoints, SIP servers, H.323 gatekeepers, MCUs, application servers, media servers, media gateways and SBCs in peering networks. They enable sessions to traverse NAT/firewalls, IPv4 and IPv6 networks, public and private networks using overlapping IP addresses, and virtual private networks. Net-Net SBCs mediate between different signaling, transport and encryption protocols, converting between incompatible codecs, and translating signaling-layer telephone numbers, addresses and response codes. NAT traversal- Enable incoming and outgoing calls to traverse premises-based NAT devices by discovering public/external IP addresses for signaling and media or keeping NAT pinholes open for signaling
Address translation- Bridge IP address spaces—private-public, private-private, IPv4-IPv6
- OLIP/VPN bridging and aggregation eliminates the need to backhaul VPN links to core session control elements and signaling NAT function
Telephone number & URI manipulation- Enable prefix, suffix, wildcard and other telephone number manipulations to enhance/control session routing
Protocol translations and fix-ups- Signaling—provide protocol normalization, repair and interworking for SIP to SIP, SIP to SIP-T, SIP to SIP-I, SIP-I to SIP-T, SIP-H.323, H.323-H.323
- Transport—provide support and interworking for UDP, TCP, SCTP
- Encryption—provide support and interworking for none, TLS, IPsec, SRTP
- Response codes—correct SIP response code translations between networks/service providers
Transcoding, transrating & DTMF translations- Transcoding—translation for OTT/ASPs
- Transrating—mediate between variations in rate (e.g. 10ms to 30ms)
- DTMF extraction / interworking—enable conversion from in-band to out of band signaling
A Net-Net SBC plays a critical role in assuring session capacity and quality. It performs admission control using local policies and/or external policy servers to ensure that both the network link to the data center and service infrastructure has the capacity to support a session with high quality. SBCs can also control IP network transport, and monitor and report actual session quality to determine compliance with performance specifications set forth in service level agreements between service providers. Session admission control- Admit sessions based upon signaling and bandwidth constraints per user, network or session agent to ensure resource availability
- Interface to external policy servers and bandwidth managers
Overload protection and control- Load balance traffic based on number of sessions or rate of sessions
- Reject or divert traffic based upon destination number to control mass calling events
Failure detection, traffic re-route and recovery- Monitor performance and availability of L3 router, SIP registrar, SIP session agent
- Re-route or re-distribute traffic based upon performance degradation or failure
- Manage avalanche SIP registration events resulting from power outages or registrar failures by statefully managing endpoint re-registration process and load
Transport control- Assign QoS marking/VLAN mapping based on application, source address or destination address
- Release peer-peer media between endpoints
Quality reporting and quality-based routing- Route sessions based on observed QoS—jitter, loss, latency—or answer seizure ratio (ASR)
- Measure QoS (latency, jitter and packet loss) and ASR per-session
- Append QoS and ASR information to CDR
Government-mandated regulations worldwide, including national emergency services such as E911 and lawful intercept such as the Communications Assistance for Law Enforcement Act (CALEA) in the United States are supported by Net-Net SBCs. Emergency session handling- Prioritize, retrieve location information and route emergency/E911 sessions with enhanced QoS (3GPP E-CSCF)
- Interface to external location servers (3GPP CLF)
Lawful intercept- Replicate and deliver signaling (call data) and media (call content) for lawful intercept
Session replication for recording- For quality control and regulatory compliance requirements
A Net-Net SBC helps service providers control costs and increase revenues by routing sessions optimally to minimize costs, and by providing accounting and related mechanisms to maximize billable sessions. Accounting- Generate CDRs for billing or network planning
- Diameter, RADIUS or file-based accounting
Routing- Least cost routing (LCR) enables policy-based session control based on route cost
- ENUM-based routing increases routing infrastructure scalability and reduces PSTN costs
- Carrier code-based routing enables policy based session control based on prefix or carrier code
- Industry-standard ENUM, SIP, XML and DNS interfaces to third-party routing databases
- Large local route tables for static, localized routing decisions
Codec stripping & re-orderingNormalize codec at border to simplify core service network and routing
|