The VoIP Peering Puzzle�Part 27: SBC Architectures�Covergence, Inc.
This company has designed an SBC that, uniquely, aims at securing traffic at the network edge.
Most session border controllers (SBCs) are designed for service provider-to-service provider applications, supporting peering relationships and inter-carrier connections. With this traditional architecture, SBCs provide format conversions for voice calls between networks and perform the registration and translation required to maintain session continuity across network address translation (NAT) boundaries. Admission control and Quality of Service (QoS) functions may also come into play, in order to balance network loading and bandwidth utilization criteria.
However, securing the traffic that enters the service providers network is not typically addressed by many SBCs. This is where Covergence, Inc. has taken a different approach in the design of their Eclipse, which they claim is the industry's first session border controller specifically designed to address the unique requirements of the VoIP access edge.
Covergence, headquartered in Maynard, Mass., is a privately held company founded in 2004, and therefore regarded by some as a relative newcomer in the networking business. However, the Covergence experience base runs very deep, with the core of its development and leadership team having spent their careers working in the network equipment industry at companies such as Shiva, Cascade, Aptis, Bay Networks, Nortel, Tiburon Networks, and other leading organizations. While this team has had a hand in creating almost every type of network solution imaginable, they are experts in solving high-performance routing and access problems found within the Global 2000 enterprises and high-volume service providers. The company presently claims a number of such organizations as their customers, including Vonage, wholesale trunk provider New Global Telecom, UK-based HIPCOM and New Zealand-based World Change Communications.
The Covergence Eclipse SBC is installed where user SIP traffic first enters the network, and effectively terminates, secures, controls, and manages the user connections. As a result, it can handle some of the unique challenges of a session border controller at the network edge including: processing registration traffic, managing registration floods, authenticating users, protecting the service from intrusions and attacks, encrypting/decrypting both the signaling and the media streams, enforcing user-defined policies, and managing thousands if not millionsof endpoints, that demand a high quality of service with negligible latency, jitter, and loss.
By also considering the security needs of the network access point, the Covergence scheme lets service providers address end-user applications that extend beyond VoIP, including the delivery of real-time services such as instant messaging, multimedia conferencing, Find-me/Follow-me, Click-to-Dial, and presence-enabled applications. With this design, the Eclipse provides a single SBC that handles both VoIP and real-time applications.
In addition, the Eclipse system integrates with IP Multimedia Subsystem (IMS)-compatible architectures as defined by the 3
This IMS architecture is where the two different types of session border controllers are describedone that operates at the edge of the network to provide access (like the Eclipse), and the other that provides peering services (like many other SBCs). Depending upon the network requirements, one or both of these SBC types may be deployed. The Eclipse satisfies the requirements of the Proxy-Call Session Control Function and the Access Border Gateway Function, and also includes independent signaling proxy, media proxy, and policy decision functions, plus value-added features like audio recording and a web services interface for management and session control.
Since the Eclipse architecture is designed for access, not just for peering, it is equipped with strong network, session, and application-level security and can handle high steady-state registration rates and storms. It is also differentiated by a suite of comprehensive management capabilities that include session trace, QoS monitoring, and content recording, plus comprehensive control functions for effective service operations, administration. and management (OA&M) functions. The products web-services interface provides access to all configuration status and policy information, enables automated flow-through provisioning, and integrates business logic in support of real-time session control.
The Eclipse hardware platform consists of an off-the-shelf, Intel or AdvancedTCA based chassis and optional, custom-designed media processor cards. This combination of off-the-shelf and custom hardware is designed to keep the product at the leading edge of the processor price/performance curve for signaling processing, while providing the performance and capacity necessary for real-time media handling. A single Eclipse mid-range and high-end system can support hundreds of thousands of concurrent connectionless (UDP) or connection-oriented (TCP, TLS) sessions with high re-registration rates, and with the proper acceleration cards, can handle up to 20,000 concurrent calls.
Further details on the Covergence Eclipse SBC architecture can be found at www.covergence.com. Our next tutorial will continue our examination of vendors SBC architectures.
Copyright Acknowledgement: © 2007 DigiNet Corporation ®, All Rights Reserved
Mark A. Miller, P.E. is President of DigiNet Corporation®, a Denver-based consulting engineering firm. He is the author of many books on networking technologies, including Voice over IP Technologies, and Internet Technologies Handbook, both published by John Wiley & Sons.