Great blog about SIP

Andrew’s Session Border Controller Checklist

SBC Resiliency

Building a Resilient SIP Solution

  • Does it meet your capacity requirements?  Does it scale via licenses, hardware, software, or all three?  How many active sessions can it support?  Does it distinguish between users, trunks, instant message sessions, voice calls, video calls, etc.?  How does encryption change the maximum number of simultaneous sessions?
  • How does it support encryption?  Does it support TLS encryption/decryption?  Does it support SRTP encryption/decryption?
  • What is the physical layout of the SBC?  How many Ethernet interfaces?  Does it support hot swappable power supplies?  Hot swappable fans?
  • What sort of management interface does it support?  Is it web-based?  Does it provide a command line interface (CLI)?  Does it support an Enterprise Management System (EMS)?
  • What SNMP traps does it generate?
  • What debugging tools does it provide?
  • What sorts of reports will it produce?
  • How resilient is the solution?  Can the SBC be configured as a member of a high availably (HA) pair?  What are the HA restrictions?  Can the pairs be geographically split?  Does the HA pair require a Layer-2 network?  Does it lose calls and/or registrations during a failover?  How does it failback?
  • Does it support transcoding?  Do you need to convert protocols (e.g. H.323 to SIP) or codecs (G.729 to G.711)?  Does the SBC require physical DSPs for transcoding?  Do you need to convert between TDM and SIP?
  • Does it perform IPv4 to IPv6 interworking?
  • How does it perform access control?  Does the SBC support Radius, Diameter, SIP digest, RSA SecurID, SSL/TLS X.509 certificated based mutual authentication, etc.?
  • Does it always sit at the network edge, or can it exist within the network as a unified communications (UC) security device?
  • What sorts of NAT and firewall traversal does it provide?  How does implement network topology hiding.
  • Does it support media forking for call recording?  What call recorders will it work with?  How does it support CALEA and Lawful Intercept?
  • How does it ensure QoS?  Does it preserve ToS bits, DiffServ Code Points, MPLS labels, etc.?
  • What kinds of call routing does it perform?  Qos routing?  Time of day routing?  Least cost routing?  What are your particular routing needs?
  • How, and how well, does it handle attacks?  DOD attacks?  DDOD attacks?  Spoofing?  Fuzzing? Malformed messages? Registration floods?  Invalid media types?  Does it support attack definition file updates (e.g. similar to virus definition updates used by a virus checker)?
  • Can the SBC be virtualized?  What virtual machine platforms does it support?
  • Does it support multiple SIP trunk service providers?  Does it support multiple communication servers?
  • What SIP adaptation interface does it support?  Can the adaptations be written by the end-user?
  • Does it support both SIP users and SIP trunks?  Does it support the non-SIP protocols used by proprietary SIP endpoints (e.g. Avaya Flare)?
  • How does it support DTMF?  How does it handle out-of-band DTMF?  DTMF within the media stream?  Does it support RFC 2833?
  • How well does it play with others?  Is it supported by your SIP trunk provider and communications system?

For some companies, the migration to SIP is done trunk by trunk, rather than via flash cutover, and this becomes a key requirement.

Jan D.
Jan D.

"The only real security that a man will have in this world is a reserve of knowledge, experience, and ability."

Articles: 677

Leave a Reply

Vaše e-mailová adresa nebude zveřejněna. Vyžadované informace jsou označeny *