The Role of Session Border Controllers in the DMZ of Voice over IP(VoIP) Networks

SBCs usually sit between two service provider networks in a peering environment, or between an access network and a backbone network to provide service to residential and/or enterprise customers. They provide a variety of functions to enable or enhance session-based multi-media services (e.g., Voice over IP). This thesis analyzes the internet structure of SBC and shows single-box and dual-box SBCs in the DMZ and introduces firewalls and network address translation. And then explain how the SBC cooperates with the firewalls to ensure that VoIP signaling and media traverses the DMZ without compromising the security of the trusted network. And finally, describes topology hiding and bad protocol detection of other DMZ processing. Border Controllers (SBCs) have become an important element of modern Voice over IP(VoIP) networks, as service providers look to protect the integrity of their networks and business models while offering diverse services to their customers. Most people would agree that an SBC is a kind of firewall for Voice over IP traffic. However, as soon as you start to look beyond this initial consensus, there is considerable disagreement as to what an SBC actually is, and what function it should offer! This is partly because SBC vendors are pushing out to cover a wide variety of niches in order to compete for market share, and partly due to the genuine range of scenarios where service providers are looking for solutions. An SBC is a VoIP session-aware device that controls call admission to a network at the border of that network. Optionally (depending on the device), it can also perform a host of call-control functions to ease the load on the call agents within the network. 1.1 Internal structure of an SBC An SBC device breaks down into two logically distinct pieces. • The Signaling SBC function (SBC-SIG) controls access of VoIP signaling messages to the core of the network, and manipulates the contents of these messages. It does this by acting as a Back-to-Back User Agent (B2BUA). • The Media SBC function (SBC-MEDIA) controls access of media packets to the network, provides differentiated services and QoS for different media streams, and prevents service theft. It does this by acting as an RTP proxy. Some SBC devices offer both functions in a single box (referred to hereafter as single-box SBCs). Others take a distributed approach, and separate SBC-SIG and SBC-MEDIA onto separate machines (referred to hereafter as dual-box SBCs), using …