A magic box called SBC

It is a part of nearly each IMS deployment. Session Border Controller. As the name indicates it sits on a border. A border between two networks. SBC is a controller so it controls all the traffic (both signalling and media) going through.  So far so good. But what is really the SBC? What standards we can find? Where is some detail description of the SBC internal architecture? Sure, there are plenty of specs which are somehow describing the role of SBC. The basic one describing SBC is the RFC 5853.

SBC in VoLTE

The meaning of SBC has changed over the last 15 years significantly. We can say that SBCs are solving the problems which are not addressed by other IMS elements – problems with multiple access networks (e.g. IPv4 and IPv6, SIP normalization, VPNs..), security issues (DOS attacks, topology hiding, ..), legislative issues (emergency calls, legal intercept, interworking,..), media related problems (QoS, transcoding, media security,..). And of course, the number of these problems and issues which need to be solved is increasing. So what is the SBC now? As an SBC we understand a network element which is implementing following functionalities:

• Security:
  • Malicious attacks such as a denial-of-service attack (DoS) or distributed DoS
  • Toll fraud via rogue media streams
  • Topology hiding
  • Malformed packet protection
  • Encryption of signaling (via TLS and IPSec) and media (SRTP)
• Connectivity:
  • NAT traversal
  • SIP normalization via SIP message and header manipulation
  • IPv4 to IPv6 interworking
  • VPN connectivity
  • Protocol translations between SIP, SIP-I, H.323
  • Access Transfer
• Quality of service – the QoS policy of a network and prioritization of flows is usually implemented by the SBC. It can include such functions as:
  • Traffic policing
  • Resource allocation
  • Rate limiting
  • Call admission control
  • ToS/DSCP bit setting
• Regulatory – many times the SBC is expected to provide support for regulatory requirements such as:
  • emergency calls prioritization and
  • lawful interception
• Media services – many of the new generation of SBCs also provide built-in digital signal processors (DSPs) to enable them to offer border-based media control and services such as:
  • DTMF relay and interworking
  • Media transcoding
  • Tones and announcements
  • Data and fax interworking
  • Support for voice and video calls
• Statistics and billing information
•  WebRTC Gateway
  • SIP translation
  •  Websockets (RFC 7118) support
  • Unified authentification
  • ICE/STUN/TURN

(source Wikipedia)

 

Originally the main reason to have an SBC was to interconnect two networks. The authors of SIP protocol haven’t anticipated that we’ll use IP4 addresses for such a long time. In a real environment we can find a mix of public Internet and various private networks. Hence we need to provide Network Address Translation (NAT). A standard NAT provides this functionality only on Internet Protocol (IP) layer. But as SIP and mainly SDP contain numeric IPv4 addresses, we have to translate them too. That’s why SBCs have been always were powerful systems and their performance determines a throughput of a whole network.

SBC as a NAT

In a simple VoLTE Call there are then several IP addresses for multimedia data involved and the data path is split into segments.

VoLTE Call – Data Path

During a time the SBC evolved and these days we can find many different types of them (A-SBC, I-SBC, ICS-SBC, Enterprise SBC, Trunking SBC, WebRTC GW, ..). Also some functionalities can be part of an SBC or can be implemented as a standalone system, We can have for example a standalone P-CSCF. Or E-CSCF. SBC we then usually call that element which is responsible for the security and connectivity. From the IMS point-of-view we distinguish two basic types of SBSc – Access-SBC and Interconnecting-SBC.

 

Access Session Border Controller

 

Access SBC – A-SBC

which maps to

• Proxy Call Session Control Function (P-CSCF)
  • 3GPP TS 24.229,  TS 24.228
  • assigned to UE before registration, and does not change for the duration of the registration.
  • sits on the path of all signalling (except emergency calls), and can inspect every signal
  • provides subscriber authentication and may establish an IPsec or TLS security association
  • inspects the signaling and ensures that the IMS terminals do not misbehave (e.g. change normal signaling routes, do not obey home network’s routing policy).
  • compress and decompress SIP messages using SigComp
  • may include a Policy Decision Function (PDF), which authorizes media plane resources e.g., QoS over the media plane. It is used for policy control, bandwidth management, etc.
  • generates charging records
• IMS Application Level Gateway (IMS-ALG), IMS Access Gateway (IMS-AGW)
  • 3GPP TS 23.334
  • NAT
  • NAT Traversal
  • IPv4-IPv6
  • policing of incoming traffic
  • QoS packet marking for outgoing traffic
  • IP realm/domain indication
  • Hanging termination detection
  • RTCP handling
  • Explicit Congestion Notification support.

Interconnecting SBC – I-SBC

described in 3GPP TS 29.165, GSMA IR.65, GSMA IR.90(RCS) which maps to

• Interconnection Border Control Function (IBCF), Translation Gateway (TrGW), Topology Hiding Interwork Gateway (THIG)
  • 3GPP TS 29.238, 3GPP TS 23.002
  • Allocation and translation of IP addresses and port numbers (NA(P)T and NA(P)T-PT)
  • Topology hiding
  • Hanging termination detection
  • IP realm/domain indication
  • Media inactivity detection
  • Opening and closing gates (i.e. packets filtering depending on “IP address / port”)
  • Policing of incoming traffic, security
  • QoS packet marking for outgoing traffic (differentiated services)
  • RTCP handling ..
• IWF

With a lot of simplification we can see the positioning of A-SBC and I-SBC as:

A-SBC and I-SBC

 

Although mostly I-SBC is just proxying the traffic, there are also some nice complex scenarios.

Call Forwarding and LI and Interconnect

Other functionalies which are hadled by SBC can be CBGF, E-CSCF, ATCF, ATGW, EATF, WebRTC GW, ICE, etc..

A-SBC and I-SBC

Because we want the SBC to suppport security and connectivity (e.g. topology hiding with removal of Via headers) the SBC acts as a B2BUA. It also splits the media path because of the media trascoding (e.g. WebRTC vs. VoLTE) and QoS. An example of a VoLTE call can then look like this:

VoLTE Call with Roaming

From the picture we can see that SBCs have an important role when it comes to interworking and roaming scenarios. More about roaming can be found in the Roaming in IMS.