Hello, I have only ever deployed SER behind SBC. SBC is the most expensive component. I am not involved with security, but I would not be allowed by my organisation to deploy something like SER, with mysql details of usernames and password on an internet address. The SBC hides my addressing and only opens temp pinholes for both sip and rtp. The main USP of the SBCs is the power to route many rtp streams simultaneously. This also allows guard timers to check rtp streams dying so no overcharging takes place. I don't think the hardware on a conventional server will scale to the number of rtp streams i want to deal with. I guess u might say, why route all the rtps through a single point of failure... there are other mechanisms to avoid overcharging,and also can hide SER behind NAT... I agree, but SBC suppliers have moved along the value chain....header manipulation for interworking, eNum lookup, codec manipulations....again all things that can be done on SER.... it comes down to a philosophy and "way we do things"...The other main thing SBC does is prevent attacks. i.e. SIP signalling attacks result in instant filtering from that address and thereby protects the service. I wouldn't know how to protect my SER if it was exposed to the internet, ...maybe there is a way...I just don't know it. Rupert.
________________________________________ From: sr-users-bounces@lists.sip-router.org [sr-users-bounces@lists.sip-router.org] On Behalf Of Daniel-Constantin Mierla [miconda@gmail.com] Sent: 30 August 2012 19:56 To: Carsten Bock Cc: SIP Router - Kamailio (OpenSER) and SIP Express Router (SER) - Users Mailing List Subject: Re: [SR-Users] [OT] the role of SBCs
Hello,
On 8/30/12 8:26 PM, Carsten Bock wrote:
Hi Daniel,
i believe in many setups (including mine and the Sipwise Systems) a SBC is always used as you described: Behind a Proxy.
yes, I do the same when I need a media server/b2bua for transcoding, etc
I'm trying to figure out what drives the other type of topology, with the SBC in front.
Of course, if anyone has good arguments against an front-end SBC, speak here as well, it may help other people to take the right decision. I pretty much listed mine in the initial message.
Cheers, Daniel
The Proxy does Flood-detection, advanced logic, Loadbalancing and so on and the SBC works only as simple B2B-UA for Transcoding and Topology hiding.
Kind regards, Carsten
2012/8/30 Daniel-Constantin Mierla miconda@gmail.com:
Hello,
based on the outcome of the discussion carried in the thread:
http://lists.sip-router.org/pipermail/sr-users/2012-August/074480.html
I am looking again the clarify some aspects out there in the VoIP world.
So, as mainly dealing with proxy/sip signaling deployments, it's very often to be the first one hit by support issues claiming things don't work. Then you investigate and end up in conclusions like in the above thread:
"The problem was at the SBC, __where I did not expect it__."
The underlined part heats me up a bit, because I never understood from where it comes this perception that SBC is a MUST-TO-HAVE and the PERFECT (never mistaken or breaking things) node in a VoIP networks.
To some extent, the SBC is just a very costly SIP ALG, and a SIP ALG is there to break the things.
I don't want to start like a flame war, but is it something that I am obviously missing in regards to what benefits a SBC can bring? I see only inconveniences:
- another point of failure
- it is a b2bua, therefore very unlikely to offer the same performances of a
proxy
- if transcoding is needed, a media server can be used behind the proxy,
properly protected of attacks by the proxy and eventually deployed as a farm load balanced by the proxy
- if topology hinding is wanted in the b2bua fashion (not the proxy fashion
with encoding headers), then the b2bua can be behind the proxy, properly protected of attacks by the proxy and eventually deployed as a farm load balanced by the proxy
- nat traversal was solved long time ago in proxy environment, being
scalable by deploying a farm of rtp proxy
I don't want to go to other features, including the transport layer, it's a clear win of the proxy in my experience (ok, being deep involved in this project).
Then, what makes the SBC so desirable in many companies/voip deployments? If any SBC user here that can share, what was the reason to buy such a device? Any conceptual functionality that cannot be achieved with the proxy as the first hop in front of the (wild) clients?
Cheers, Daniel
-- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio Advanced Training, Berlin, Nov 5-8, 2012 - http://asipto.com/u/kat
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio Advanced Training, Berlin, Nov 5-8, 2012 - http://asipto.com/u/kat
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users