CHAPTER30 SBC Overview
Mediant 1000 Gateway & E-SBC | User's Manual
30 SBC Overview
This section provides an overview of the device's SBC application.
● For guidelines on how to deploy your SBC device, refer to the SBC Design Guide
document.
● The SBC feature is available only if the device is installed with a License Key that
includes this feature. For installing a License Key, see License Key.
● For the maximum number of supported SBC sessions, and SBC users than can be
registered in the device's registration database, see Technical Specifications.
Feature List
The SBC application supports the following main features:
■ NAT traversal: The device supports NAT traversal, allowing, for example, communication with
ITSPs with globally unique IP addresses and with far-end users located behind NAT on the
WAN. The device supports this by:
● Continually registering far-end users with its users registration database.
● Maintaining remote NAT binding state by frequent registrations and thereby, off-loading
far-end registrations from the LAN IP PBX.
● Using Symmetric RTP (RFC 4961) to overcome bearer NAT traversal.
■ VoIP firewall and security for signaling and media:
● SIP signaling:
◆ Deep and stateful inspection of all SIP signaling packets.
◆ SIP dialog initiations may be rejected based on values of incoming SIP INVITE
message and other Layer-3 characteristics.
◆ Packets not belonging to an authorized SIP dialog are discarded.
● RTP:
◆ Deep packet inspection of all RTP packets.
◆ Late rogue detection - if a SIP session was gracefully terminated and someone tries to
"ride on it" with rogue traffic from the already terminated RTP and SIP context, the
VoIP Firewall prevents this from occurring.
◆ Disconnects call (after user-defined time) if RTP connection is broken.
◆ Black/White lists for both Layer-3 firewall and SIP classification.
■ Stateful Proxy Operation Mode: The device can act as a Stateful Proxy by enabling SIP
messages to traverse it transparently (with minimal interference) between the inbound and
outbound legs.
■ B2BUA and Topology Hiding: The device intrinsically supports topology hiding, limiting the
amount of topology information displayed to external parties. For example, IP addresses of
ITSPs' equipment (e.g. proxies, gateways, and application servers) can be hidden from outside
parties. The device's topology hiding is provided by implementing back-to-back user agent
(B2BUA) leg routing:
● Strips all incoming SIP Via header fields and creates a new Via value for the outgoing
message.
● Each leg has its own Route/Record Route set.
● User-defined manipulation of SIP To, From, and Request-URI host names.
● Generates a new SIP Call-ID header value (different between legs).
- 719 -
To Next Page
Loading...
Need help?
General
