What is an SBC? All about Session Border Controllers

John Casselman profile image March 22, 2024 | 9 min read

As communication technology continues to evolve, businesses are increasingly turning to cloud phone options for their flexibility, reduced complexity on the customer side, less hardware to manage, scalability and efficiency. With the rise of these cloud-based telephony solutions, ensuring a secure and optimized communication environment has become more important than ever.

Enter session border controllers, or SBCs. These network elements play a crucial role in managing and securing the flow of real-time communication sessions. If you’re a user of VoIP phone services or SIP trunking, SBCs are a must-have. So let’s dive into what they are and how they help your business conversations remain confidential and reliable.

What is an SBC & how it works

SBC meaning

SBC stands for “Session Border Controller”—a purpose-built element that operates at the edge of different networks. An SBC protects and regulates the flow of internet protocol (IP) communication, ensuring that voice and multimedia sessions between different networks or endpoints occur without hitches.

Session border controllers were originally intended for securing and monitoring SIP-based VoIP networks but have since evolved to support a diverse array of real-time communication applications. This includes not only Voice over Internet Protocol (VoIP), but also internet video, text chat and collaborative work sessions.

History of SBCs

When the telecommunications industry grew from the traditional analog systems to include digital telephony, VoIP paved the way. VoIP relies on various protocols, such as SBCs and SIPs, that made it possible for the original phone systems to safely communicate with internet or mobile phone systems. To learn about VoIP’s six key protocols and examples of what they do, see the footnote below.*

SBCs, first used within enterprise settings, emerged as essential components available in both hardware and form. They lived on servers positioned at the edge of the customer’s network. They functioned not only as a firewall, but also as a way to rectify the “Call Control Header” information within data packets. Think of SBCs as both a border guard and a delivery person. They made sure that only permitted information enters or leaves networks and is pulled from or sent to the proper location. An example is pulling caller ID info to authenticate that a call is legitimate and not spam.

During this era, the enterprise itself or a Managed Service Provider (MSP) oversaw the sale, setup, management, and maintenance of the SBC equipment. This period coincided with the transition from traditional Private Branch Exchange (PBX) or IPBX systems to SIP-based communication. SBCs played an important role by facilitating the migration from legacy Primary Rate Interface (PRI) or T1 voice trunks to SIP trunks. This transition offered significant cost savings and enabled the scalability to support a higher volume of concurrent calls through IP-based communication.

How SBCs work

Imagine you’re making a VoIP call from one network to another. The SBCs on both ends work harmoniously to establish a secure connection, verify the integrity of the communication and manage the transfer of voice or multimedia content. This coordination by SBCs is crucial in avoiding potential issues like latency, jitter or security breaches.

In other words, SBCs are vital in maintaining the reliability and security of our digital conversations. They’re the gatekeepers of communication sessions, ensuring that the flow of information remains clear, secure and uninterrupted.

Key functions of session border controllers

SBCs provide a variety of functions that make them indispensable for anyone who uses VoIP phone services or SIP trunking. Here are a few:

1. Protecting and securing real-time communications

Session border controllers serve as the first line of defense in safeguarding communication networks. They help protect against various threats, including Denial of Service (DoS) and Distributed DoS (DDoS) attacks, which can overwhelm and disrupt network services.

Additionally, SBCs play a crucial role in preventing toll fraud and service theft, which involves scammers gaining unauthorized access to a company’s phone system and exploiting it to make calls to high-cost, premium-rate numbers. The staggering financial burden of these fraudulent robocalls has made it a pressing issue, resulting in an estimated annual loss of $39 billion in 2023.

SBCs also work to protect against eavesdropping and unauthorized access by implementing robust encryption for both media and signaling, thereby helping maintain conversational privacy.

2. Bridging the gap between different networks and protocols

Communication networks are often made up of diverse technologies and vendors, which can lead to compatibility challenges. One way SBCs work to address this issue is through SIP normalization.

Back when SIP was being developed and standardized, vendors had significant freedom in using and implementing particular parameters. As a result, SIP has numerous variations resulting from these differing vendor implementations.

What a session border controller can do is translate these SIP variants between devices, a process referred to as SIP normalization. This ensures that calls maintain their full set of features, regardless of the originating and receiving devices.

SBCs also act as interpreters, enabling seamless communication by translating between diverse protocols, such as converting SIP to H.323, or different audio codecs, like transcoding from g.711 to g.729. This ensures that devices using different technical standards can understand and communicate effectively.

3. Routing communication sessions across networks

In a way, SBCs take on the role of traffic cops, routing communication sessions across network interfaces. Through this function, they’re typically used to fulfill two core purposes: ensure high availability and enable least-cost routing (LCR).

High availability is achieved by intelligently distributing communication sessions across redundant network paths. In the event of a network failure, SBCs redirect sessions to other paths, minimizing downtime and ensuring uninterrupted communication.

Meanwhile, LCR minimizes network costs automatically by selecting the most cost-effective path for routing calls based on factors such as carrier rates and call quality.

4. Ensuring Quality of Service (QoS)

When it comes to communication networks, maintaining high-quality service is essential. SBCs help do this through several mechanisms, including enforcing Call Admission Control (CAC) policies, implementing Type of Service (ToS) marking and imposing rate-limiting measures to ensure optimal service quality.

Call Admission Control (CAC) policies help manage the number of concurrent calls, preventing network congestion and degradation of service quality. Type of Service (ToS) marking and rate limiting further fine-tune the flow of data, ensuring that critical voice and video communication receive the priority they deserve. This practical implementation of QoS policies is crucial for providing users with reliable and clear communication.

The role of SBCs in cloud communications services

With the rise of Unified Communications as a Service (UCaaS) and Communications Platform as a Service (CPaaS), the need for on-site SBCs within enterprises has fallen in certain situations. This shift is because cloud service providers often handle the necessary security measures on their end.

Cloud service providers typically offer sophisticated networking solutions that include built-in Network Address Translation (NAT) traversal functionality. This means that when an enterprise uses cloud-based communication services, such as VoIP or videoconferencing, the provider manages the necessary network configurations to ensure that communication traffic can move across NAT devices (such as routers or firewalls) without requiring additional setup or management by the enterprise itself. There are some situations when an enterprise may require additional setup or configuration because of their network environment or requirements.

Also, cloud service providers can offer robust security features, including firewall functionalities, which often, but not always, eliminate the need for a dedicated on-premise SBC to act as a firewall at the edge of the enterprise network. By leveraging cloud-based communication solutions, enterprises can benefit from centralized management, scalability, and flexibility without the overhead of maintaining and managing on-premises SBC hardware or software.

Note: Some enterprises may still choose to deploy SBCs on-site or in hybrid configurations alongside cloud-based services to comply with regulatory requirements for their industry.

Why UCaaS and CPaaS providers ask customers to disable SIP in SBC firewall

It may seem counter-intuitive to disable something that had been helping to keep your system secure, so let‘s explore six situations when SIP or SIP ALG (Application Layer Gateway) within an enterprise network can cause problems:

1. Interference with SIP traffic: SIP ALG modifies SIP packets as they pass through network devices like routers or firewalls. While the intention is to help move the NAT info along, SIP ALG often interferes with the SIP signaling. This can cause communication issues, like dropped calls or one-way audio.

Some firewalls enable SIP ALG by default. Since Ooma Enterprise already provides security measures for customers moving to UCaaS, we will ask them to override this default.

2. Compatibility issues: SIP ALG isn’t always implemented the same by vendors. This inconsistency can lead to compatibility issues with certain SIP-based applications or devices and cause unexpected behavior and difficulties in troubleshooting.

3. Security vulnerabilities: Some SIP ALG implementations have introduced security risks into network environments. This opens the door to malicious actors who exploit these vulnerabilities to launch denial-of-service (DoS) attacks, bypass security measures, or intercept and manipulate SIP traffic.

4. Complexity in troubleshooting: If SIP ALG interferes with SIP traffic, it can take significant time and effort to determine whether the problem lies with the application, the network configuration, or the SIP ALG itself.

5. Dependence on vendor support: Resolving issues related to SIP ALG functionality often requires assistance from network device vendors. This vendor support may be limited or ineffective, particularly if the SIP ALG implementation is flawed or poorly documented.

6. Incompatibility with SIP firewalls: Enabling SIP ALG alongside SIP firewalls can lead to conflicts and inconsistencies in how SIP traffic is handled within the network. This can result in unpredictable behavior and undermine the effectiveness of security measures put in place by SIP firewalls.

Overall, while SIP ALG may offer some benefits in facilitating SIP communication across NAT devices, the potential drawbacks and security risks often outweigh its advantages. That’s why Ooma usually recommends that enterprise customers disable their SIP ALG and rely on Ooma Enterprise to provide SIP firewalls or other security measures.

Ooma can help

Ooma makes it easy for customers who want to harness the benefits offered by SBCs, but don’t want to install SBCs at their facility. Ooma uses SBCs at its cloud-based data centers to do the required translations. Explore how Ooma Enterprise can help you get communications for the way you work, or call (877) 345-8847 to set up a free consultation.

*VoIP’s 6 Key Protocols

Session Initiation Protocol (SIP): SIP is one of the most common protocols used for starting, maintaining and ending VoIP calls. It establishes communication sessions between the phones or computers in an IP network, which are known in the telecom world as endpoints.

Real-time Transport Protocol (RTP): RTP is used to transmit data packets of audio and video over the internet. It works alongside another protocol called Real-time Control Protocol (RTCP) that provides feedback on the quality of the transmission and helps with synchronization.

Session Description Protocol (SDP): SDP is a format for describing streaming media initialization parameters. Often used with SIP, SDP helps negotiate session capabilities between participants in a multimedia session, including codecs, media types and transport addresses.

H.323: This older VoIP protocol suite was developed by the International Telecommunication Union (ITU). This suite includes H.225 for call signaling, H.245 for control signaling, and RTP for transporting media. While H.323 isn’t as popular today, it still lives on in some legacy systems.

Media Gateway Control Protocol (MGCP): This is a client-server protocol that is used to control VoIP gateways by telling the gateway how to handle each leg of an external call.

Session Border Controllers (SBC): SBCs use protocols like SIP and RTP to secure, connect and operate with different VoIP networks. They are used for tasks like NAT traversal, SIP header manipulation and the enforcement of quality of service.

book your consultation today image

Learn more about how Ooma Office can help your business.

Talk to one of our Ooma Office experts today!

Thank you!

An Ooma Office Sales Representative will be in touch shortly.


The Ooma Office Logo
Thank you
Learn how ooma can help - consultation image

Learn more about how Ooma Office can help your business.

Just call 877-621-0515 or click this to CHAT. Or, fill out this form and someone will reach out to you shortly.

By clicking below you expressly agree to and acknowledge the statements set forth in this
link. By submitting your contact information, you are giving express written consent to receive on your telephone, mobile or other electronic device auto-dialed, pre-recorded, artificial or other automated telemarketing calls or texts (SMS & MMS) from Ooma, its marketing partners, or third parties acting on Ooma’s behalf, even if your number is a on a corporate, state or federal Do Not Call (DNC) list. Carrier fees may apply. Consent is not a condition of purchase. It also indicates that you agree to Ooma’s Privacy Policy.
Fix error