[VOIPSEC] RE: SBC functions

Geoff Devine gdevine at cedarpointcom.com
Fri Jun 3 08:02:31 CDT 2005 

My opinion:
On the media stream function, you're dealing with wire speed admission
control, packet inspection, and traffic shaping issues.  If you're a
service provider charging money for your service, you probably want this
function to be redundant.  It's a carrier-class NEBS box with lots of
network processors or other dense CPU MIPS and multiple Gig-E, OC-48, or
10Gig-E interfaces.  

The signaling stream function handles far less packets per second but
runs much longer code paths.  In many cases, you're performing security
functions on this interface (TLS, DTLS, IPSec,...).  You need the exact
same attributes for the box.  Redundant, NEBS, hardened.  

As long as you can scale both functions at different rates within the
same chassis, I don't see the motivation for splitting the functions.
If you have a poor internal architecture where this isn't possible, I
suppose your PowerPoint deck is going to talk about splitting the
functions.  As an operator (an ILEC or MSO), I think I'd want
geographical diversity for my SBCs, not one huge SBC cluster where a
failure kills my whole service.  If you're trying to use an SBC in the
network to traverse a corporate firewall, it's easier to administer the
firewall if you know you're only talking to one SBC, or, at least, to
one sub-network.

The only counter-argument for this is mobility.  If the signaling SBC is
aware of the true IP network topology, it could direct media streams to
a media SBC that is as close as possible to the subscriber.  This
minimizes delay and makes better use of IP network resources.  

Use cases with mobility: 
An IMS/3GPP sort of environment where the user is a 3G cell phone 

A WiFi/WiMax mobility sort of environment

3GPP doesn't use SBCs but the P-CSCF (similar to a signaling SBC since
it polices the SIP signaling from the user agent) is allocated
dynamically based on proximity to the radio base station.  You could
achieve the same sort of thing with integrated SBCs by dynamically
redirecting the SIP signaling to another SBC.  

Geoff

----------------------------------------------------------------------

From: "Nhut Nguyen" <nnguyen at sta.samsung.com>
Subject: [VOIPSEC] SBC functions
To: <Voipsec at voipsa.org>
Message-ID:
	
<AD84624F3AF21A45875222FCBAD10BA984E774 at mx1.telecom.sna.samsung.com>
Content-Type: text/plain;	charset="us-ascii"

Hello All,

 

In a recent webinar, it was said that ultimately SBC functions will be
decomposed to two parts: media and signaling, with one signaling
function box will control multiple media function boxes, using a MIDCOMM
protocol (e.g. H.248, COPS, SNMP). So what people think about these
questions?

 

1.	What are the good, bad and ugly things about this?
2.	Any potential major performance issues with this architecture?

 

Any thought?

 

Nhut

More information about the Voipsec mailing list