S3 SBC, rhymes with VoIP, Securitee – Session Border Controller @Genband @Timico

Trefor DaviesYesterday I wrote about our new mobile VoIP App for the iPhone. This included a link to a press release issued by Genband, our VoIP infrastructure partner.

That release covered more than just the mobile VoIP iPhone App. It is a bit of an overall solution release but an important bit covers our acquisition of the Genband S3 Session Border Controller.

The SBC has been a bit of a controversial beast in the world of purist VoIP engineering. It’s purpose is to manage VoIP sessions across different networks. In its earliest incarnation it was used to convert VoIP signalling from the old H323 video conferencing protocol (also used for just voice in older VoIP services) to the more modern and up and coming SIP (Session Initiation Protocol) or perhaps to a variant of MGCP (Media Gateway Control Protocol). As a “border controller” it also grew in functionality as a device used to manage the security of a network.

The conceptual problem of the SBC amongst the early VoIP pioneers was that it operated as a “back to back user agent”. In other words it effectively terminated a signalling stream on input  and started it up again on output. This meant that in the “open internet” it would not necessarily be possible to trace a VoIP signalling packet from end to end as you might be able to do with other non-voice packets using tools such as tracert, the outcome being that it would be harder to debug problematic services.

This was at a time when the theory stated that all VoIP calls would be free heralding the end of the telco and paid phone calls as we know it. This Utopian scenario was underwritten by companies such as Skype who appeared to offer free phone calls to all. Of course to be confirmed and adopted by the general scientific base, theories need proving in practice and even the virulently successful Skype ended up demonstrating that it has to pay for its infrastructure somehow by starting to charge for some of its services.

The growth of the VoIP market1 has also stimulated the growth of a VoIP security sector. There was initially an element of playing on the fears of people entering uncharted technical territories. The fact that VoIP is designed to operate on the DNS based internet2 and functions in a similar way to email and web browsing opens up opportunities for fraudulent activity in the same way that we have become accustomed to such happenings in our general web use. Email SPAM is replaced with VoIP SPIT (computer generated SPAM for Internet Telephony bombarding the world with automated sales messages).  The use of a crawler ploughing through blocks of IP addresses looking for open networks to penetrate is replaced with a search for exposed network based iPBXs that can be exploited for financial gain.

There are many precautions that can be taken to remove vulnerabilities from a VoIP network but if you are serious at security you will want to use a Session Border controller.

A VoIP network, at least if it is to be usable by business, needs managing to maintain its quality and reliability and the SBC plays an integral role in this. The SBC today, far from being the object of criticism of the VoIP network engineer, is the demesne of the grown up Internet Telephony Service Provider. Think of it as a super security tool that secures your network and cements the quality of the service it supports.

Looking at it parochially I’ve been wanting an SBC “to play with” for years, ever since we started our hosted VoIP service. We put a lot of effort into the management of security of our VoIP users but the Genband S3 SBC, covered in the press release, allows us to take this to new heights.

The Genband S3 effectively acts as a VoIP firewall. It manages network access using real-time and aggregated admission control policies. It can, for example, spot and prevent the SPIT attacks referred to earlier.  It will also help Timico as a service provider to control the quality of the VoIP service with capabilities such as the automatic monitoring of network bandwidth rates and capacity.

From Timico’s perspective as a voice carrier the Genband S3 will allow us to hook up with many more interconnect partners because as a border controller it allows us to manage interoperability with different carrier’s kit. The SBC will also provide us with the flexibility to fine tune routes based on both cost effectiveness and quality. For example if a specific route begins to suffer from poor call completion rates the S3 will detect this and intelligently reroute traffic to that destination via a different interconnect partner. The S3 is also hugely compatible with our Genband A2 VoIP platform and will scale to 25,000 concurrent calls that effectively supports a subscriber base of over 250,000 users.

The S3 is relatively new to Genband. It came with the acquisition of NexTone, one of the market’s original and leading SBC vendors. This has brought with it a maturity and pedigree of user base that is not only reflected in its functionality but will quickly help Timico cement our position as one of the leading VoIP providers to the business market. Bit of marketing blurb there but it is actually based on solid engineering principles.

If anyone wants to chat more about our new S3 SBC drop me a line, call or hook up with me via @tref on Twitter.


1 note there will come a time when we don’t talk about it as a VoIP market. It won’t be long before we have to simply describe the world as a communications market which contains a subset known as the old fashioned telecommunications network as championed by the ITU (another story in itself).

2 It still doesn’t fully merge with the domain name system as this would rely on every ISP supporting VoIP on its DNS servers. The principle of domain based routing is still the same for VoIP as for regular web traffic.

Enjoy this article? Please share it with your friends.

3share on Facebook 6share on LinkedIn 6share on Twitter 3share on Googleshare on Comments

More Posts

10 thoughts on “Trefor Davies elected to board of LONAP

  1. Ian Mitchell says:

    That’s a RevK cuddly toy.

  2. RevK says:

    Well, the dragon is a new FireBrick dragon, and his name is “Ignis” – we have an office full of them now (min order was 1,000 of them custom made in China). Seb was very quick to grab two as soon as I walked in to the room and did not let go of them all evening…

    P.S. I took the pic :-)

  3. Trefor Davies tref says:

    OK Ian. You win the Timico megamug! Let me have your address and I’ll send it:)

  4. Trefor Davies tref says:

    Thanks your Reverence.

    Correction to the name of the photographer. It was of course our very own Adrian Kennard who might well have some spare dragons to dish out if you want to contact him for one :)

  5. Christian Ashby says:

    Is there a bonus point for linking this picture with this blog post?

    @RevK they are so cute :)

  6. Trefor Davies tref says:

    Don’t see why not. Have you already won a mug elsewhere or do you want one? :)

  7. Christian Ashby says:

    :) Yey! Thank you! I haven’t, actually…

    1. Trefor Davies tref says:

      Ok send me your address:)

  8. Terry Froy says:

    Perhaps as one of your first duties as a LONAP director, you could address James Rice’s concerns as posted to the LONAP mailing list in 2010 and linked to here:

    I will be at UKNOF24 along with James and I’m sure, in your new capacity as a director of LONAP, you would be happy to put to rest any concerns we might have.

  9. Dear Terry

    The correct venue for such discussion is the LONAP mailing list so I apologise in advance to Tref for responding to you through the Blog, but I wanted to make clear the position on some of the points you make.

    LONAP today has inter-switch link capacities ranging between 10GE and 40GE, and the busiest ISL link is less than half-utilised at its very busiest times. The busiest link is already scheduled for upgrade before it reaches 50% capacity, because LONAP’s technical team believe in over provisioning inter-switch capacity in order to rapidly deal with issues of scale or the failure on part of our inter-switch network.

    Modern switch hardware gives Internet Exchange operators lots of tools for dealing with (preventing) traffic floods which are normally associated with MAC Learning or distribution of unknown-unicast traffic. Inter-switch capacity is one of our largest costs so it will come as no surprise that we manage capacity carefully on such links, whilst avoiding scenarios which would mean a member’s traffic is dropped or that LONAP can not deal with surges in demand.

    LONAP has in fact coped with peaks which represent a multiple many times larger than our usual traffic in the past few years, typically when a UK sports team plays during the working day, or coinciding with a very popular software release. Our international trade association, Euro-IX, cites the LONAP bandwidth graph ‘spikes’ when demonstrating how well run exchanges can deal with traffic surges in the Internet core. We have almost 150 members who represent some of the largest networks present in the UK and receive good feedback at member meetings. We do not drop traffic on the Inter-switch links, because they are provisioned correctly.

    I hope that we can meet tomorrow and talk about LONAP, and that after meeting some of the LONAP board you find us to be a dedicated group of volunteers who are working hard to make LONAP successful. There may be further concerns to consider but I feel that your first experience of us was based on an old opinion from 2010 which was inaccurate when first published, and feels as if from a bygone age of LONAP when read today. I hope we can change this opinion when we finally meet.

    Andy Davidson (One of Tref’s new colleagues on the LONAP board.)

Leave a Reply

Your email address will not be published. Required fields are marked *