Session border controllers (SBC) are the traffic cops of the IP telephony infrastructure. SBCs link enterprise unified communications platforms to service providers and to each other, providing both translation and security services. A session border controller keeps the flow of traffic moving among UC systems, external SIP trunking providers and remote endpoints, while limiting the threat of intrusion and telephony denial of service (DoS) attacks. Session border controllers also keep both service providers and enterprise administrators honest by blocking visibility into each other's networks.
An enterprise can follow one of two paths when deploying session border controllers . It can evaluate and purchase its own SBC solution to support on-premise unified communications platforms and endpoints. Alternatively, service providers might deploy their own session border controllers as customer premise equipment (CPE) within a managed service solution. In this type of solution, the managed solution provider usually dictates the vendor and model selection and administers the SBC.
What to look for in session border controller vendors
Interoperability is the key consideration when choosing a session border controller solution. While some unified communications vendors, most notably Cisco Systems and more recently Siemens Enterprise Communications, offer their own SBC solutions, many UC vendors rely on third-party solutions. A check of a vendor's partner programs will direct UC managers to the SBC products that have been tested for interoperability with their platforms. Likewise, ensuring compatibility with the chosen SIP trunking service provider will avoid deployment issues.
Beyond interoperability, session border controller vendors differentiate themselves with manageability, flexible deployment options and the ability to scale as high or as low as needed to meet a customer’s needs. UC vendors that offer their own session border controllers will integrate management of their SBCs with broader UC management, providing a single pane of glass for managing UC and SBC technology. On the other end of the spectrum, many of the standalone vendors offer SBC solutions within their IP telephony gateways, enabling enterprises to have a single hardware appliance for both packet-based IP and legacy circuit-based trunks. Ultimately, however, the primary role of a session border controller is to provide a secure, high-quality media connection to the outside world, so a UC manager’s evaluation process should include attention to the Quality of Service (QoS), stateful packet inspection, session encryption, and DoS prevention capabilities of the SBC solution.
Session border controller vendor options
Acme Packet leads in the session border controller market, in both enterprise and service provider sales. For the enterprise, the company offers a full range of session border controller products, scaling up to 8,000 concurrent SIP sessions in its base Net-Net 3820 appliance; 32,000 sessions in its midrange Net-Net 4500; and over 64,000 sessions in its high-end Net-Net 9200 box. All of its products, both for the enterprise as well as service providers, run a common operating system, Net-Net OS. The company also boasts interoperability with all major unified communications platforms, which it backs up by appearing in most of the top UC vendors’ partner programs. Acme Packet also offers its SBC solution as software to OEM vendors, enabling UC vendors to embed session border control functionality directly within their own IP PBX products.
Audiocodes’ enterprise session border controllers are built on top of the company’s Mediant Media Gateways and Multi-Service Business Gateways. Audiocodes offers three tiers of SBC products. At the low end is the Mediant 800 e-SBC, with support of up to 24 SIP connections, as well as 12 analog ports, 4 BRI interfaces and a single T1 connection. The Mediant 1000 rises up to 150 SIP connections and six interface slots for a mix of analog and digital modules. At the top end is its Mediant 3000, offering up to 1,000 SIP sessions along with an optional E1/T1 interface.
Cisco Systems has tied its session border controller products to its router portfolio. The company supports SBC services, known as Cisco Unified Border Element (CUBE), as a software option on its Integrated Services Router (ISR), Aggregation Services Routers (ASR) and media gateway products. Depending on router model, CUBE can scale between 4 and 1,000 SIP sessions on the ISR, and up to 15,000 sessions on the larger ASR routers. For service provider and top-end enterprise solutions, Cisco also offers dedicated hardware SBC modules in its 7600 core routers. By embedding CUBE as a software option within the ISR, Cisco is leveraging both its market dominance in routers and its success in the IP telephony space to offer asimple choice for enterprise network teams, earning it second place in the session border controller market.
Ingate offers two product lines with session border controller functionality. The first, simply known as the Ingate Firewall, is a full enterprise data firewall with full SBC and SIP trunking capabilities. Designed for small- and medium-sized business, the Ingate Firewall product line scales between 20 and 3,000 VoIP connections and offers a complete network edge solution, including optional VPN support. Ingate’s other product line, the Ingate SIParator, offers the more common approach to session border controllers, working alongside already deployed firewalls to provide SIP connectivity, with scaling capabilities similar to its all-in-one products.
Siemens Enterprise Communications recently entered the SBC market with its own product, the OpenScape Session Border Controller. Built specifically for Siemens' OpenScape Voice platform, this new SBC scales up to 4,000 concurrent SIP calls and offers full management integration with Siemens’ management tools and services. The OpenScape SBC runs on industry standard servers from either IBM or Fujitsu, rather than as a dedicated hardware appliance.