Carriers offering SIP trunking services must provide a secure environment that their customers can trust, especially when these services are delivered over the internet. Carriers also aim to reduce or eliminate interoperability difficulties between their equipment and that of their clients.
The security of a VoIP network can be breached at either the service provider’s side or on the customer’s side. The carrier must not only protect their network, they must also protect their customers’ network from being compromised through weaknesses on the carrier side network.
The best way for an enterprise to control access to their network and protect it is to install an Enterprise Session Border Controller (eSBC). This is also best practice to solve network traversal challenges presented by corporate firewalls, transcoding requirements, and fix SIP interoperability issues. However, if the client-side network does not have an SBC installed, the carrier-side SBC can manage most of these problems.
The carrier-side SBC also enables SIP phones at remote locations, such as a home office, to interoperate with a SIP trunk, where the SIP phone is typically behind a natted firewall.
The SBC on the carrier-side may also be required to perform transcoding and SIP compatibility operations if these functions are not available on the client side.
Transcoding is required when different voice encoding schemes are used at end-points on either side of the call. The endpoints should negotiate for the best codec available to all devices on the call, but in some cases, end-points may not share a common codec. Transcoding corrects this problem by offering a codec bridge between incompatible devices.
SIP is a very flexible standard and there are many flavors of this protocol. While different implementations may conform to the SIP standard in general, it is possible that a mixture of devices from different manufacturers may not interoperate correctly. The carrier-side SBC ensures that this problem is corrected between client-side SIP devices, and end-points connected through the Internet Telephone Service Provider (ITSP).
Figure 1 illustrates how the Internet Telephone Service Provider (ITSP) is protected by a Sangoma carrier-class NetBorder session border controller, while each client is protected by an eSBC.
Carrier-class and enterprise SBCs differ only in the capacity that they can handle. The Sangoma NetBorder carrier-class SBCs scale up to 4,000 calls, whereas the Vega enterprise-class SBCs come in a range of capacities from 25 calls to 250 calls.
Need more help with this?
Don’t hesitate to contact us here.