Tag Archives: IPsec

Introduction to Session Border Controllers

High definition video conferencing is a standard right now. If it will change, it will only change to an ever higher definition such as Ultra HD (involving 4K and 8K). Virtual workplaces, telecommuting and working from home becomes more and more easy and so organisations go expanding, sometimes forgetting about network requirements ending up with new capacity limits or reduced quality of their video communication solution.

A Session Border Controller can help with many problems there might be, but it is not a remedy for every issue ever to occur on your video conferencing network. I wrote this article to give you some more insight into what a Session Border Controller is, what it does and how it can help your corporate communication.

Session-Border-Controller-Setup-Visio-Drawing-Network-Video-Conference-Example-Gatekeeper-Endpoint-Data-Media-Signaling-Telepresence24-Unified-Communications

Click for large version

What is a Session Border Controller?

A Session Border Controller is a network component designed to safely link networks with a different security requirement and setup. They are mostly utilised for VoIP and video conferencing networks to establish secure connection sessions. The Session Border Controller therefore allows control of signaling and transfer of media data in a secure way.

What can I do with a Session Border Controller?

Session management allows service providers to control the session routing, establish interoperability across environments with differentiating standards, enforce bandwidth policies or create an interface to a third party application. To keep it short and simple: A Session Border Controller optimizes solution performance and overall service quality, it allows a rapid service deployment or growth and it protects infrastructure from malicious attacks.

Who develops Session Border Controllers?

Based on Gartner’s Magic Quadrant for Session Border Controllers from October 2012, Acme Packet (recently acquired by Oracle) excels in execution as well as vision scope, making them the leader of the magic quadrant (see graphic). Other competitors are Huawei, Sonus, Genband, Metaswitch Networks, Dialogic, ZTE and Technicolor.

gartner-research-analyst-magic-quadrant-session-border-controllers-acme-packet-oracle-leader

Magic Quadrant for Session Border Controllers by Gartner Research

Acme Packet is very interesting due to their focus on unified communications networks and even offering solutions especially designed for video conference networks of manufacturers such as Alcatel-Lucent, Avaya / Radvision, Cisco (including former Codian / Tandberg technologies), LifeSize, Polycom and Vidyo. Supporting and enabling interworking these technologies the Acme Packet solution avoids potential for vendor lock-in, protecting the investment made in video conferencing infrastructure and endpoints.

What are the technical functions of a Session Border Controller?

The functional scope of a Session Border Controller can vary, depending on what the individual device is designed to do. However to reflect a maximum of capability information, we would like to list the following functions that can be found in Session Border Controllers:

Connectivity

  • IPv4 / IPv6 interworking
  • SIP manipulation
  • NAT traversal
  • VPN connectivity
  • H.323 / SIP interworking

Quality of Service (QoS)

  • Traffic policies
  • Call admission control
  • ToS / DSCP bit setting
  • Resource allocation
  • Rate limiting

Security

  • Defense against DoS attacks
  • Can prevent toll fraud
  • No topology hiding possible
  • Malformed packet protection
  • Signaling protection via TLS and IPSec
  • Media protection via SRTP

Media processing

  • DTMF delay and interworking
  • Media transcoding
  • Tones and announcements
  • Data and Fax interworking
  • Support for Voice and Video calls

Regulatory

  • Call prioritization (e.g. for VIP usage or emergencies)
  • Auditing functions for internal audit or for law enforcing organisation
  • Business Intelligence, reporting, management information, source for billing information

Summary

Even though not a mandatory part for VoIP or video conferencing networks, Session Border Controllers have a great potential to add value to the communication services of organisations. The relevance increases for service providers companies as the functions described above can significantly increase the quality and performance of a serviced network.

If you have questions, remarks or other types of feedback please drop us a line in the comment section below. Thank you!

IPv6 and its Impact on Videoconferencing

I’m sure most of the people working with technology are familiar with the terms IPv4 and IPv6. In a nutshell – every device connected on a network (Internet or private network) requires an IP address in order to “communicate” to other devices. The current standard for these addresses is called IPv4 (Internet Protocol version 4), and it forms the foundation of most Internet communication today. IPv4 however suffers from several important shortfalls, most importantly the lack of sufficient address space. For that reason, IPv6 was developed which introduces a number of other improvements especially to QoS (Quality of Service) and Security.

ipv6, ipv4, ip, internet, protocol, stone, mural, prophecy, version, 4, 6, four, six, crayon, chalk, circle, visualisation, visualziation, addresses, available

Visualisation on how we are running out of IPv4 addresses (Photo: Abode of Chaos)

In order to utilize a device for a video conference, regardless whether it is a high end video codec or a smartphone, that device needs to be connected to a network, so naturally it will require an IP address. Without going in too much technical details, but still mentioning the most important terms,  let’s see how IPv6 features will affect video communication.

Huge address space

The most important benefit of IPv6 implementations is that it will provide virtually unlimited address space, by introducing 128-bit address, versus the 32-bit address used by IPv4. Just as an analogy, it will be enough to assign IPv6 address to every atom on the earth and still have enough left to do another 100+ earths. This will allow virtually any device in future to be assigned a globally reachable address, which in turn means that NAT (Network Address Translation) will be no longer necessary in the long term, and removing NAT from the equation will solve a lot of the interoperability issues in real-time services such as VoIP and Videoconferencing. It will also be possible to assign multiple network  addresses to devices which means they can stay connected to several different networks at the same time.

Improved Quality of Service (QoS)

Quality of Service refers to the ability of the network to prioritize certain traffic to other and is especially important to VoIP (Voice over IP) and Video Communication, since we don’t want to have any delay here. The way data is transmitted in today’s IP networks is in form of network packets. These packets consist of two parts: packet header – containing control information, and payload – containing the used data. IPv6 improves over IPv4 in terms of QoS is by introducing new field in the packet header called “Flow Label”. This  “label” is used to identify and prioritize certain packet flow, for eg. video stream and allows devices on the same path (routers, switches…) to read the flow label and take appropriate action based on it.

Plug-and-Play support

With IPv6, addresses can be assigned automatically and dynamically by the client device, by getting the network prefix from any router it finds and then generate the full IP address for that network, based on the hardware MAC address. This means there will be no need for DHCP servers like with IPv4, and also less configuration requirements.  DHCPv6 will of course still be available for assigning IPv6 addresses.

ipv6-ipv4-ip-internet-protocol-example-difference-address

Example of how IPv4 and IPv6 can look (by webopedia.com)

Improved Security

IPv6 will provide better security than IPv4 when it comes to authentication and encryption of the transmitted data. The main reason for that is IPsec – a security protocol that is mandatory for IPv6 systems, and only optional for IPv4 environments. IPsec is defined as a set of security standards, originally written as part of the IPv6 specifications, and allows data to be secured from the originating to the destination host (through the various network elements such as routers, gateways…) by maintaining data confidentiality, integrity and authentication at the network layer. Another security improvement comes from the fact that IPv6 subnets will be so large so any attempt for hackers to scan them searching for a specific host will be ineffective.

Improved Mobility

Mobility refers to the ability of a device to move between different IP networks and still maintain the same IP address. This is very important for IP enabled real-time communication services, no one wants to be disconnected from a call while moving from one physical location to another. For that purpose, the Mobile IP protocol was designed by IETF. This protocol was further enhanced with Mobile IPv6 and Hierarchical Mobile IPv6 (HMIPv6) which propose higher level of security and more efficient data transmitting.

Big packets and improved routing

Another benefit to visual communications is IPv6 support for very big packet payloads, up to 4 billion bytes (IPv4 supports up to 65535 bytes only). With bandwidth becoming cheaper and the increase in device processing power, supporting big packets delivery  will be important when dealing with high quality multimedia content of the future. Even though the packet can be a lot bigger than in IPv4 systems, the actual routing of the information is improved due to the simplified packet header and structured approach to addressing, which reduces the amount of information network routers must store and leads to faster packet forwarding.

binoculars, outlook, gray, hands

When should we implement IPv6 and with what approach? (Photo: ºNit Soto)

Migration considerations

When talking about IPv6 impact on the network, it is very important to consider the  migration strategy as well, from Ipv4 to IPv6. Basically there are three ways to manage this: dual-stack implementation where all the network components and devices support both IPv4 and IPv6, tunneling – is implementation method where IPv4 packets get encapsulated and transported over IPv6 network backbone, and proxy translation – where network border element performs the mapping of packets from one IP version to another.

Outlook

Most likely, providers and businesses will opt to upgrade the existing network infrastructure to dual stack in order to support both customers. Some network elements that do not support dual-stack mode will have to be upgraded or replaced and new infrastructure that will be deployed will have to support IPv6 dual stack from the beginning.

Each migration strategy will definitely introduce certain level of latency in the network, so that is just a reason more that all services must be properly tested before a production rollout.