[SR-Users] [OT] the role of SBCs

rupert.organ at bt.com rupert.organ at bt.com
Thu Aug 30 21:58:08 CEST 2012 

Hello,
I have only ever deployed SER behind SBC. SBC is the most expensive component. I am not involved with security, but I would not be allowed by my organisation to deploy something like SER, with mysql details of usernames and password on an internet address. The SBC hides my addressing and only opens temp pinholes for both sip and rtp. The main USP of the SBCs is the power to route many rtp streams simultaneously. This also allows guard timers to check rtp streams dying so no overcharging takes place. I don't think the hardware on a conventional server will scale to the number of rtp streams i want to deal with. I guess u might say, why route all the rtps through a single  point of failure... there are other mechanisms to avoid overcharging,and also  can hide SER behind NAT... I agree, but SBC suppliers have moved along the value chain....header manipulation for interworking, eNum lookup, codec manipulations....again all things that can be done on SER.... it comes down to a philosophy and "way we do things"...The other main thing SBC does is prevent attacks. i.e. SIP signalling attacks result in instant filtering from that address and thereby protects the service. I wouldn't know how to protect my SER if it was exposed to the internet, ...maybe there is a way...I just don't know it.
Rupert.


________________________________________
From: sr-users-bounces at lists.sip-router.org [sr-users-bounces at lists.sip-router.org] On Behalf Of Daniel-Constantin Mierla [miconda at gmail.com]
Sent: 30 August 2012 19:56
To: Carsten Bock
Cc: SIP Router - Kamailio (OpenSER) and SIP Express Router (SER) - Users        Mailing List
Subject: Re: [SR-Users] [OT] the role of SBCs

Hello,

On 8/30/12 8:26 PM, Carsten Bock wrote:
> Hi Daniel,
>
> i believe in many setups (including mine and the Sipwise Systems) a
> SBC is always used as you described: Behind a Proxy.

yes, I do the same when I need a media server/b2bua for transcoding, etc

I'm trying to figure out what drives the other type of topology, with
the SBC in front.

Of course, if anyone has good arguments against an front-end SBC, speak
here as well, it may help other people to take the right decision. I
pretty much listed mine in the initial message.

Cheers,
Daniel

> The Proxy does Flood-detection, advanced logic, Loadbalancing and so
> on and the SBC works only as simple B2B-UA for Transcoding and
> Topology hiding.
>
> Kind regards,
> Carsten
>
>
>
>
> 2012/8/30 Daniel-Constantin Mierla <miconda at gmail.com>:
>> Hello,
>>
>> based on the outcome of the discussion carried in the thread:
>>
>> http://lists.sip-router.org/pipermail/sr-users/2012-August/074480.html
>>
>> I am looking again the clarify some aspects out there in the VoIP world.
>>
>> So, as mainly dealing with proxy/sip signaling deployments, it's very often
>> to be the first one hit by support issues claiming things don't work. Then
>> you investigate and end up in conclusions like in the above thread:
>>
>> "The problem was at the SBC, __where I did not expect it__."
>>
>> The underlined part heats me up a bit, because I never understood from where
>> it comes this perception that SBC is a MUST-TO-HAVE and the PERFECT (never
>> mistaken or breaking things) node in a VoIP networks.
>>
>> To some extent, the SBC is just a very costly SIP ALG, and a SIP ALG is
>> there to break the things.
>>
>> I don't want to start like a flame war, but is it something that I am
>> obviously missing in regards to what benefits a SBC can bring? I see only
>> inconveniences:
>> - another point of failure
>> - it is a b2bua, therefore very unlikely to offer the same performances of a
>> proxy
>> - if transcoding is needed, a media server can be used behind the proxy,
>> properly protected of attacks by the proxy and eventually deployed as a farm
>> load balanced by the proxy
>> - if topology hinding is wanted in the b2bua fashion (not the proxy fashion
>> with encoding headers), then the b2bua can be behind the proxy, properly
>> protected of attacks by the proxy and eventually deployed as a farm load
>> balanced by the proxy
>> - nat traversal was solved long time ago in proxy environment, being
>> scalable by deploying a farm of rtp proxy
>>
>> I don't want to go to other features, including the transport layer, it's a
>> clear win of the proxy in my experience (ok, being deep involved in this
>> project).
>>
>> Then, what makes the SBC so desirable in many companies/voip deployments? If
>> any SBC user here that can share, what was the reason to buy such a device?
>> Any conceptual functionality that cannot be achieved with the proxy as the
>> first hop in front of the (wild) clients?
>>
>> Cheers,
>> Daniel
>>
>> --
>> Daniel-Constantin Mierla - http://www.asipto.com
>> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>> Kamailio Advanced Training, Berlin, Nov 5-8, 2012 - http://asipto.com/u/kat
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>

--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, Nov 5-8, 2012 - http://asipto.com/u/kat


_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users at lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

More information about the sr-users mailing list