[VOIPSEC] Differences between Middleboxes (in MIDCOM context) andSBCs?

[Martyn Davies]

I understood that the idea behind middlebox was to concentrate the
VoIP-specific knowledge in the middlebox, then it talks via a control
protocol to a firewall, and instructs the firewall to open and close
pinholes for the media as necessary.  This way the firewall doesn't need
to have VoIP-specific knowledge and doesn't need to be updated every
time the SIP standards evolve.

The SBC approach is to have a single appliance where all the control and
media go, and this is the entry/exit point for SIP/VoIP, leaving the
traditional firewall in place dealing with other traffic (email, web
etc).

Of course which ever way you go the fundamental problems that are being
solved are the same: namely, how to do SIP/VoIP in a secure way and how
to make sure that VoIP can traverse NAT/firewall in all call scenarios.

Regards,
Martyn

| Martyn Davies, Principal Consultant
| Dialogic
| Kings Chase, 107-123 King St, Maidenhead, SL6 1DP, UK
| Tel:  +44 1628 641 790 x 210 
| Cell: +44 7881 908 381 
| Follow Me: +44 7031 911 586 
| martyn.davies at dialogic.com
| blog: http://www.dialogic.com/drc
| blog: http://voipsa.org/blog

Company Registration Number 2017909
Registered in England and Wales

This e-mail is intended only for the named recipient(s) and may contain
information that is privileged, confidential and/or exempt from
disclosure under applicable law. No waiver of privilege, confidence or
otherwise is intended by virtue of communication via the internet. Any
unauthorized use, dissemination or copying is strictly prohibited. If
you have received this e-mail in error, or are not named as a recipient,
please immediately notify the sender and destroy all copies of this
e-mail.



-----Original Message-----
From: voipsec-bounces at voipsa.org [mailto:voipsec-bounces at voipsa.org] On
Behalf Of Michael Billerbeck
Sent: 03 June 2007 02:31
To: voipsec at voipsa.org
Subject: [VOIPSEC] Differences between Middleboxes (in MIDCOM context)
andSBCs?

Hi,
 
I'm confused about the terms Session Border Controller and Middleboxes.
Both are described in an abstract way as "intermediary devices".
But what makes them distinct? Is it that SBCs are designed especially
for
the SIP-Protocol and Middleboxes are VoIP protocol independent by
abstracting the agent functionality?
When reading the informational draft
http://www.ietf.org/internet-drafts/draft-ietf-sipping-sbc-funcs-03.txt
on the functions of SBCs I'm getting quite confused.
When reading "Often, these proprietary solutions are implemented in
network
intermediaries known in the marketplace as Session Border Controllers
(SBCs)
because they typically are deployed at the border between two networks.
The
reason for this is that network policies are typically enforced at the
edge
of the network." 
Where are the significant differences that justifies these distinct
terms?
Maybe this has to be differentiated in this draft.

Michael


_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org