Getty Images/iStockphoto
What are SBC configuration best practices?
Proper SBC configuration requires partnering with providers and security teams to examine circuits and potential traffic. Learn the best practices for implementing an SBC on your network.
The first step in planning the role session border controllers will play when designing your network is to decide which SBC configuration features are most important. Not all SBCs have the same functions. Issue a request for information to learn which capabilities, such as quality of service, accounting features and equipment interoperability, are available from your provider.
What is an SBC and how does it work?
SBCs act as translators and traffic cops at the edge of your network, governing how phone calls, or sessions, are transmitted over VoIP networks. The internet is not a secure environment. When communications leave your secure internal network and intersect with other networks, something must occur to keep those transmissions secure. SBCs, which are deployed on both the enterprise and carrier side of the network, provide the security and the quality control mechanisms necessary to ensure that sessions are sent efficiently and, most importantly, safely.
Configuration, efficient routing and session setup are three key SBC functions. SBCs enable interoperability, through Session Initiation Protocol (SIP) and other standards and services, to ensure that endpoints across disparate networks can communicate.
In addition to setting up sessions over which to pass traffic, SBCs packetize data and translate addresses. They offer important security features, among them encryption, and they help prevent malware and DoS attacks from penetrating through the voice network.
Security measures are added during configuration through access control lists and permissions available in resources like Active Directory. There are increasingly more tightly integrated platforms that add collaboration technologies, like Microsoft Teams and Zoom. Communication providers take a variety of approaches to security, including offering SBCs as a service.
How to choose the right SBC provider
When choosing an SBC provider, be sure to consider maintenance patches, lifecycles, availability of support during business hours, maintenance costs, power usage, design assistance and customer referrals.
No matter which SBC provider you choose, security should be your primary concern. It won't matter how good the SBC configuration is if you're hit with an attack. See what support your vendor offers in the event of a breach. Additionally, determine what application protocols, such as SIP, will traverse the system and set quality of service accordingly.
When sizing SBCs for traffic, look to your current system statistics. The number of packets passed indicates the traffic to expect with your new system. If you are new to SBCs and not sure how to size them for traffic, your vendor and industry peers can provide budgetary packet insight. If scalability is an issue, consider whether a virtual SBC might be an option.
You will likely be working within your demilitarized zone, so coordinate with your security team if devices, including SBCs, firewalls and routers, are not under your supervision. It's a good idea to vet the SBC configuration prior to installation with all relevant departments and vendors, including your telecom operator, to ensure your lines can handle anticipated traffic. Build in some bonus space for traffic peaks and growth.
Many carriers enable you to increase your circuit size and bandwidth, but not all enable you to decrease them. When you do increase circuit size after the initial contract, some carriers restart the contract period. While this isn't necessarily a problem, it can limit your options near the end of the contract term. Don't buy bigger circuits than you need.
However, if you are on the cusp of needing a faster circuit or more advanced SBC, it's generally better to upgrade than to struggle with a circuit or SBC that isn't up to par.
Considering the best SBC for you
To decide which SBC is best, first, determine the level upon which your company depends on digital communications. When evaluating VoIP systems, especially when retiring a private branch exchange, work with your VoIP vendor to determine if it offers SBCs or if you need a standalone system. Finally, make sure whichever vendor you choose supports IPv6 to prevent early upgrades, which could result in hardware changes, unscheduled downtime and shortened system life.
SBCs also provide an additional layer to cybersecurity strategies by ensuring that threat actors can't access the voice system. Some SBC systems can detect and stop DoS attacks and other malware from entering the network through a voice system.