Carriers offering SIP trunking services must provide a secure environment that their customers can trust, especially when these services are delivered over the internet. Carriers also aim to reduce or eliminate interoperability difficulties between their equipment and that of their clients.
The security of a VoIP network can be breached at either the service provider’s side or on the customer’s side. The carrier must not only protect their network, they must also protect their customers’ network from being compromised through weaknesses on the carrier side network.
The best way for an enterprise to control access to their network and protect it is to install an Enterprise Session Border Controller (eSBC). This is also best practice to solve network traversal challenges presented by corporate firewalls, transcoding requirements, and fix SIP interoperability issues. However, if the client-side network does not have an SBC installed, the carrier-side SBC can manage most of these problems.
The carrier-side SBC also enables SIP phones at remote locations, such as a home office, to interoperate with a SIP trunk, where the SIP phone is typically behind a natted firewall.
The SBC on the carrier-side may also be required to perform transcoding and SIP compatibility operations if these functions are not available on the client side.
Transcoding is required when different voice encoding schemes are used at end-points on either side of the call. The endpoints should negotiate for the best codec available to all devices on the call, but in some cases, end-points may not share a common codec. Transcoding corrects this problem by offering a codec bridge between incompatible devices.
SIP is a very flexible standard and there are many flavors of this protocol. While different implementations may conform to the SIP standard in general, it is possible that a mixture of devices from different manufacturers may not interoperate correctly. The carrier-side SBC ensures that this problem is corrected between client-side SIP devices, and end-points connected through the Internet Telephone Service Provider (ITSP).
Figure 1 illustrates how the Internet Telephone Service Provider (ITSP) is protected by a Sangoma carrier-class NetBorder session border controller, while each client is protected by an eSBC.
Carrier-class and enterprise SBCs differ only in the capacity that they can handle. The Sangoma NetBorder carrier-class SBCs scale up to 4,000 calls, whereas the Vega enterprise-class SBCs come in a range of capacities from 25 calls to 250 calls.
Session Border Controllers
NetBorder Carrier SBC: Carrier Grade Security and Interoperability 250 to 4,000 sessions, field upgradeable Allow any SIP CPE endpoint to safely connect with no interop concerns Connect VoIP islands together to create “all IP” infrastructure Mediate communications with other service providers Provides security for internal and external threats Dual redundant PSU available – DC and AC [...]
Vega Enterprise SBC VM/Hybrid: The Flexibility, Redundancy and Durability of a VM-Ready Solution with the Scalability of a Hardware-Based Solution Supports 25-500 Simultaneous Sessions Field Upgradeable Browser-Based GUI for easier provisioning and management Security and QOS for Enterprise Networks DoS/DDoS Attack Protection Network Interconnect Point for SIP Trunking Topology Hiding for Fraud Protection UNIQUE HYBRID FEATURES [...]
Vega Enterprise SBC VM/Software: Secure, Interoperable, Flexible and Durable VM-Ready eSBC Scalability from 25–500 Sessions (Field Upgradeable Session Expansion) Browser-based GUI for Easy Configuration Traffic Visualization Tools Session-based Licensing (No Hidden Fees) Enterprise Inter-Site Networking and SIP Trunking Border Control Local Security Management for SMBs and Small Enterprises Session Border Controller Use Cases
Vega Enterprise SBC: Security and Interoperability for the Enterprise Supports 25-250 simultaneous sessions/calls Field upgradeable Browser-based GUI for easier provisioning and management Security and QOS for enterprise networks DoS/DDoS attack protection Network interconnect point for SIP trunking Topology hiding for fraud protection Hardware based transcoding Session Border Controller Use Cases