Sbc Overview - AudioCodes Mediant 1000B User Manual
Analog & digital voip media gateway enterprise session border controller gateway & e-sbc
Hide thumbs
Also See for Mediant 1000B:
- User manual (1281 pages) ,
- Hardware installation manual (92 pages) ,
- Configuration note (52 pages)
Table of Contents
Advertisement
User's Manual
28
SBC Overview
This section provides a detailed description of the device's SBC application.
Notes:
•
For guidelines on how to deploy your E-SBC device, refer to the E-SBC Design
Guide document.
•
The SBC feature is available only if the device is installed with a Software License
Key that includes this feature. For installing a Software License Key, see
''Software License Key'' on page 599.
•
For the maximum number of supported SBC sessions, and SBC users than can
be registered in the device's registration database, see ''Technical Specifications''
on page 1019.
The SBC application supports the following main features:
NAT traversal: The device supports NAT traversal, allowing, for example,
communication with ITSPs with globally unique IP addresses, for LAN-to-WAN VoIP
signaling (and bearer), using two independent legs. This also enables communication
for "far-end" users located behind a NAT on the WAN. The device supports this by:
•
Continually registering far-end users in its dynamic database.
•
Maintaining remote NAT binding state by frequent registrations, thereby, off-
loading far-end registrations from the LAN IP PBX.
•
Using Symmetric RTP (RFC 4961) to overcome bearer NAT traversal.
VoIP firewall and security for signaling and media:
•
SIP signaling:
♦
♦
♦
•
RTP:
♦
♦
♦
♦
♦
Topology hiding: The device intrinsically supports topology hiding, limiting the amount
of topology information displayed to external parties. For example, IP addresses of
ITSPs' equipment (e.g. proxies, gateways, and application servers) can be hidden
from outside parties. The device's topology hiding is provided by implementing back-
to-back user agent (B2BUA) leg routing:
•
Strips all incoming SIP Via header fields and creates a new Via value for the
outgoing message.
•
Each leg has its own Route/Record Route set.
•
Modifies SIP To, From, and Request-URI host names (must be configured using
the Message Manipulations table).
•
Generates a new SIP Call-ID header value (different between legs).
Version 6.8
Deep and stateful inspection of all SIP signaling packets.
SIP dialog initiations may be rejected based on values of incoming SIP
INVITE message and other Layer-3 characteristics.
Packets not belonging to an authorized SIP dialog are discarded.
Opening pinholes (ports) in the device's firewall based on Offer-Answer SDP
negotiations.
Deep packet inspection of all RTP packets.
Late rogue detection - if a SIP session was gracefully terminated and
someone tries to "ride on it" with rogue traffic from the already terminated
RTP and SIP context, the VoIP Firewall prevents this from occurring.
Disconnects call (after user-defined time) if RTP connection is broken.
Black/White lists for both Layer-3 firewall and SIP classification.
483
Mediant 1000B Gateway & SBC
28. SBC Overview
Advertisement
Chapters
Table of Contents
