Andrew’s Session Border Controller Checklist

A Session Border Controller (SBC) is an integral part of any SIP solution that has a public edge.  It might be easiest to think of it as a firewall for SIP, but it’s so much more than that.  An SBC can perform Network Address Translation (NAT) between an enterprise’s private to public IP space (and vice versa).  It can perform many different kinds of routing.  It can enforce, monitor, and report on Quality of Service (QoS).  It can integrate with a call recorder for compliance purposes.  It can adapt between various implementations of SIP.  The list goes on, but hopefully you are beginning to understand the importance of an SBC in any SIP implementation.

As you make the determination as to which SBC is right for you, it’s important to evaluate the contenders against the following questions.  You may not require the functionality described in every set of questions, so it is imperative that you understand your needs and how those needs are met by a candidate SBC.  You may actually decide that you need different SBCs for different uses.  For example, you might choose to go with Sonus for trunks and Avaya for endpoints or you might want Genband in your data center and AudioCodes at your branch offices.

Here is my take on what you need to consider when choosing an SBC.  Over time I may add to this list, but for now it feels complete.

  • Does it meet your capacity requirements?  Does it scale via licenses, hardware, software, or all three?  How many active sessions can it support?  Does it distinguish between users, trunks, instant message sessions, voice calls, video calls, etc.?  How does encryption change the maximum number of simultaneous sessions?
  • How does it support encryption?  Does it support TLS encryption/decryption?  Does it support SRTP encryption/decryption?
  • What is the physical layout of the SBC?  How many Ethernet interfaces?  Copper and Fiber?  Does it support hot swappable power supplies?  Hot swappable fans?
  • What sort of management interface does it support?  Is it web-based?  Does it provide a command line interface (CLI)?  Does it support an Enterprise Management System (EMS)?
  • What SNMP traps does it generate?
  • What debugging tools does it provide?
  • What sorts of reports will it produce?
  • How resilient is the solution?  Can the SBC be configured as a member of a high availably (HA) pair?  What are the HA restrictions?  Can the pairs be geographically split?  Does the HA pair require a Layer-2 network?  Does it lose calls and/or registrations during a failover?  How does it failback?
  • Does it support transcoding?  Do you need to convert protocols (e.g. H.323 to SIP) or codecs (G.729 to G.711)?  Does the SBC require physical DSPs for transcoding?  Do you need to convert between TDM and SIP?
  • Does it perform IPv4 to IPv6 interworking?
  • How does it perform access control?  Does the SBC support Radius, Diameter, SIP digest, RSA SecurID, SSL/TLS X.509 certificated based mutual authentication, etc.?
  • Does it always sit at the network edge, or can it exist within the network as a unified communications (UC) security device?
  • What sorts of NAT and firewall traversal does it provide?  How does implement network topology hiding.
  • Does it support media forking for call recording?  What call recorders will it work with?  How does it support CALEA and Lawful Intercept?  Does it implement SIPRec?
  • How does it ensure QoS?  Does it preserve ToS bits, DiffServ Code Points, etc.?
  • What kinds of call routing does it perform?  Qos routing?  Time of day routing?  Least cost routing?  What are your particular routing needs?
  • How, and how well, does it handle attacks?  DOD attacks?  DDOD attacks?  TDOS? Spoofing?  Fuzzing? Malformed messages? Registration floods?  Invalid media types?  Does it support attack definition file updates (e.g. similar to virus definition updates used by a virus checker)?
  • Can the SBC be virtualized?  What virtual machine platforms does it support?
  • Does it support multiple SIP trunk service providers?  Does it support multiple communication servers?
  • What SIP adaptation interface does it support?  Can the adaptations be written by the end-user?
  • Does it support both SIP users and SIP trunks?  Does it support the non-SIP protocols used by proprietary SIP endpoints (e.g. Avaya Communicator)?
  • How does it support DTMF?  How does it handle out-of-band DTMF?  DTMF within the media stream?  Does it support RFC 4733/2833?
  • How well does it play with others?  Is it supported by your SIP trunk provider and communications system?


Whew!  I appreciate that my list might appear to be somewhat daunting, but I am sure that if you take some time to understand your needs you will be able to isolate the questions that apply to your enterprise and those that do not.  In future blogs, I intend to dig into offerings from the different vendor to help you with your decision.  Please stay tuned for more.


  1. Patrick Graves · · Reply

    Good points in your blog, Andrew. SBCs are a unique product, and there are many questions that need answers so the right product is recommended to meet stated requirements. I realize the above discussion focuses on SBC’s, but one other aspect that some customers think about on SIP trunking implementations is, “does the SBC also have the ability to support TDM (gateway functionality) in addition to the core SBC features?” For some companies, the migration to SIP is done trunk by trunk, rather than via flash cutover, and this becomes a key requirement.

    1. Andrew Prokop · · Reply

      I agree, Patrick. Very few enterprises are ready to jettison TDM altogether and a mixed use SBC that combines TDM and SIP is a good first step. I find that particularly true for companies that want to take advantage of SIP at the carrier level, but aren’t ready to upgrade their existing communications hardware and software.

      That said, as a nod to the completeness of my list, I do mention TDM to SIP transcoding about halfway down. 🙂

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: