In the process of enterprise VoIP communication system construction ,more and more enterprises are beginning to use IP-PBX, Softswitch, MCU and other products to build internal IP communication system, and with IP-based network carrying data, voice, video, business. But the security of access with end-user is a big puzzle for many enterprises in the complex network situation.
To implement IP multimedia business NAT traversal with SBC
Many large and medium-sized enterprises attach great importance to information security, a large number of firewall equipment are deployed. Many branches and departments use private IP address and network NAT enabled NAT address translation. The NAT / firewall does not support the effective transmission of SIP / H.323 / H.323/ H.248/MGCP. For example, for the SIP protocol,
the private network address would be recorded on the call control device which registered by end-users. So IP multimedia services cannot be operated on common NAT devices.
The traditional solution for NAT traversal is to enable the ALG (Application Level Gateway) function. ALG, as the booster of NAT, transforms the corresponding address information field embedded in the IP packet header (for example, rewriting the Contact words of SIP Register information).But if IP multimedia services would be deployed throughout the network, a large number of firewalls should be upgraded with high cost and the cumbersome implementation.
In the practical application scenario, the address of the core control device such as IP-PBX / softswitch would be set to the address of the SBC proxy by terminals. When the terminal registers the core device, the SBC creates the corresponding address mapping entry. And then, the terminal starts to call, SBC modify the corresponding address information, the message sent to the real core equipment, all the signaling flow, the media stream can be transmitted by SBC. Also, the media stream bypass can be set, because the SBC re-specifies the receiving address and port of the internal network / external network user signaling / media stream, it is convenient to realize the address translation between different network domains (including the conversion between public / private network addresses) / Media flow through NAT provides technical support.
SBC was first used in NGN , offered IP business gateway in NGN network and solved problems with NAT / FW traversal, security, interoperability, QoS and other issues. The full Proxy mode is adopted to deliver signaling/media streams.
SBC(Session Border Controller), an organic component of communication solution, often is implemented as connection point between internal and external networks, being used for bridging IP-based multimedia transmission among different IP network and ensuring communication security in networks of enterprises, services providers and carriers.
Basic Features and Functions
Dos/DDos protection
QOS/ TOS/DSCP setting
Signal encryption(TLS/IPSec)
Media encryption(SRTP)
NAT transverse
SIP/H.323/H.248 interworking
Support IPV4、IPV6 and VPN
Load balancing
Transmission speed limit
RTP encoding/decoding
Anti-phreaking
Redundancy and Backup
Flexible Scalability for Enterprises, SPs, Carriers
1 ~ 500 simultaneous SIP sessions with dedicated DSP-powered multimedia transcoding provide high performance in a small footprint to help lower ownership cost and reassure high security at borders.
Ensure Highest Level of Operational Security
SBC500 offers real-time communication surveillance solution for enterprises/SPs/carriers communication systems, and helps them deliver any business-driven applications effortlessly and safely.
Deliver Hi-Flexibility for Session Management
Secure connectivity and controlling can be offered by SBC500, as it efficiently supports bilateral and multilateral interconnection among different networks; besides, Dialing and IP/PSTN routing available.
Improve Communication Integration Capability
SBC bridges operators with enterprise communication networks seamlessly, rationalizes traffic, streamlines business procedures, and optimizes SIP trunking, PBX/H.323/SIP and VoIP applications.
Balance Resources and Optimize Loading
Load protection at the border of network provides highly differentiated voice and multimedia services through multi-level resource-balancing policies, registration limit, ID authentication and authorization.
Integrated Transcoding for Voice & Video
Eliminate need to add separate hardware to support transcoding requirements, and support a range of Codecs, including G.723, G.729, G.711, iLBC, SIPINFO, RFC2833, RF3261, INBOUND and more.