Avaya SBCE – 4 things you need to know

A quick analogy of the Avaya Session Border Controller

In this post ‘Avaya SBCE’ you get to see how vital it is to have this component be part of your VoIP Topology and network infrastructure. You also learn which attacks are most frequent as well as what to do to prevent them, how Avaya SBCE new features help incorporate its services to an existing virtual environment among other characteristics.

SBCE are becoming more popular and they add another component for us to troubleshoot and maintain, I had the opportunity of deploying a couple of these last year, and they worked just fine, I guess I got lucky, as implementers we can face lots of challenges, for this reason I decided to write these steps to help you understand Avaya SCBE

Steps to help you understand Avaya SBCE

1.- What is SBC?
2.- SBCE as a VM
3.- SBCE in action
4.- TraceSBC

What is SBC?

A Session Border Controller is just that!…It controls and manages SIP sessions between a remote User Agent (UA) and the SBC Server. Providing the following benefits=

BFCP (Binary Floor Control Protocol) mainly handles video conferences supporting Radvision utilizing one video channel for multiple video transmissions.

QoS – it is handled via the Media QoS Markings following the same guidelines as Avaya Aura and IP Office with DiffServ value of EF (Expedited Forwarding) or 46 in decimal.

DoS Prevention – Denial of Service can cripple your VoIP topology by flooding the networks with undesirable huge amount of traffic, to prevent this DoS Prevention is provided by the EMS (Element Management System) which is another component of the SBCE.

Other benefits are= VLAN routing and tagging, Geo-Redundancy, Multiple Subnet Support, Load balancing, STUN/TURN, and it supports WebRTC.

SBCE as a VM

SBCE in a virtualized environment

Before I start explaining SBCE as a virtual machine (VM), lets take a look at what is a virtual machine, and how things work.

There are 8 types of virtualization

Hardware Virtualization – Taking a physical server and replicate multiple virtual servers
Software Virtualization – Emulate other software such as vmware, KVM, Xen Server, and MS Office360.
Storage Virtualization – sharing storage space. Some example of Storage Virtualization are vmware vsan, dropbox, and Amazon.
Network Virtualization – handling your network. These services are provided by Openflow, Cisco, vmware, Ca technologies, and others.

The other 4 type of virtualization are Management. Operating System, Application, and finally Service Virtualization.

Now that we know the types of virtualized environment, lets get to understand how it all works=

EXSi or Hypervisor acts as a mediator between VMM (Virtual Machine Monitor) and hosted machine / Server, telling the Virtual machine e.g. Avaya SBCE where to get the physical and logical resources.

Hosted Environment – sits on top of the Hypervisor/EXSi and it is where you install the Avaya components, in this case the Avaya SBCE.

In a nutshell a Virtual Machine is a set of virtualized hardware installed in a Hypervisor which runs the Operating System.

Installing a Virtual SBCE – A quick rundown

1.- In a VM you have to create or put together the server via vSphere, where you choose the hardware, memory, HDDs, etc.
2.- Mount the ISO (USB, DVD, or Image file) this allows the kickstart installation of the Avaya SBCE.
3.- Run the installation, configure interfaces, load licenses, etc.

Note – You can run the Hypervisor as an application as part of an existing OS, but is not recommended, only for testing purposes.

SBCE in action

Whether implementing SIP trunking, Video, or SIP User Agents you need to add a level of security to the customer’s network, the Avaya SBCE lets you handle all the services and apps already mentioned, as well as securing the customer’s traffic by applying Domain Policies and apply these to a group of devices or applications, encrypting communication with TLS and SRTP.

The SBCE allows you to control the traffic based on time of day, packet size, among other factors. It also lets you manipulate some of the SIP header if necessary.

It supports SIP trunking for IP Office 8.1, CM 5.2.1, Asterix 1.8, Mitel R6, Shoretel 3.9, and Microsoft Lync.

The Avaya SBCE sits in the edge of the customer’s network DMZ

The TraceSBC Command

TraceSBC – Avaya has incorporated the TraceSBC utility to allow us to run traces towards local and remote devices no matter if they are encrypted or not, the TraceSBC will capture the traffic and deposit saving it to a local directory e.g /archives/log/tracesbc/trace_name_given_by_you folder. Because this utility captures both SIP traffic and SIP User Agent activities (Personal Profile Manager or PPM) logs will be deposited in their respective containers.

pcap is another format or extension of the file that comes in handy whenever using t-shark or wireshark.