Hello, and welcome to Level 2 Partners Training for Oracle Session Border Controller.

My name is Emil [
INAUDIBLE]. I work in Product Marketing at Oracle Communications, and I'm responsible for Oracle SB
C Product. It is my honor to present this to you, and I hope this information will be useful to you.
In this session, I'll begin with the value that Oracle Session Border Controller provides to CSPs. I will then
describe some deployment models, followed by a functional overview, including the key features of Oracle
SBC. After, I will provide you with licensing and ordering information, and end with summary and key tak
eaways.
Oracle SBC traces its roots back to the early 2000s, when Oracle, then Acme Packet, came up with the first
such product in the industry and coined the term. They realized back then that such a product was necessar
y to extend the reach of IP communications that was being adopted within organizations and service provi
ders, but could not extend to between enterprises and service providers, or between service providers them
selves.
Since then, the number of Oracle SBC deployments has increased, reaching over 2,200 customer worldwid
e. Among these customers are 19 out of the top 20 telecom operators. Behind SBC development, there are
significant research and development resources, backed by strong financials from a leading cloud company
. The Oracle SBC is uniquely positioned to leverage the wealth of Oracle's broad experience across multipl
e industries, with strengths in cloud, database, 5G, analytics, security, and AI, just to name a few. Oracle's
participation in leading industry forums ensure that research and development remains focused on cutting-
edge technologies.
Let's start with a quick look at solutions that are enabled by this product. Oracle SBC has long supported s
ession delivery needs for service providers, and is continuously evolving to deliver innovative cutting-edge
services in cloud environments. The SBC supports initial Voice over 5G deployments using LTE and Evol
ved Packet Core, and will evolve as standards develop for service-based architecture.
Converged IP Multimedia Subsystem defined by 3GPP enables both fixed and mobile communications mo
ve into the IP space. Business services lets CSPs provide hosted communications and SIP trunking to small
, medium, and large businesses. Interconnect and roaming allows CSPs to connect with each other via IP, t
hat extends their service reach and allows subscribers, especially mobile, to receive services even if they ar
e in a different CSP network.
Oracle Communications SBCs go a lot farther than just enabling services. They provide the secret sauce to
make these services successful. For example, Oracle SBCs have built-in visibility, monitoring, and trouble
shooting tools, and work in conjunction with other Oracle products to make this even more effective by act
ing as a collector of data and by analyzing media quality. Oracle SBCs also provide centralized manageme
nt and take care of mandatory regulatory requirements, such as lawful intercept and emergency calling. Fur
ther, Oracle SBCs are fully virtualized and orchestrated, meaning that they help virtualize versions of servi
ce infrastructure, making services even more agile and quickly deployable.
So where do SBCs fit into these solutions and the requirements? SBCs make service providers' IP network
s secure, protecting the rest of the elements and services they provide. They normalize differences between
different transport encryptions and versions of protocol. They handle differences in a signaling protocol an
d codecs. They apply proper call admission control so as not to over-commit resources, such as bandwidth.
They ensure quality of service. They have mechanisms to go through NAT and firewalls. SBCs also enforc
e all the regulatory requirements for lawful intercept.
Oracle, what was then Acme Packet, invented the SBC back in 2000, when IP communications was just sta
rting out to help Voice over IP CSPs deal with just these kinds of issues. Over time, the SBC has evolved a
nd is now really a Swiss army knife, with a number of features added over the past several years that are g
eared towards the expanding role of IP communications.
Session Delivery Network is the signaling and control layer critical for the delivery of multimedia services
over IP networks. This includes voice, video, chat, and presence over broad spectrum of networks, includin
g mobile 3G, 4G, 5G, fixed broadband, and enterprise. Products and solutions from Oracle Communicatio
ns provide all of the pieces that makes IP communications possible without regard to access technology, se
rvice, and customer, fixed or mobile, and rise up to the challenges faced by CSPs as they contemplate buil
ding up or modernizing their networks.
As mentioned before, Oracle Session Delivery portfolio includes multiple solutions that span fixed, mobile
, and over-the-top networks, and provides service offerings as well as applications designed to deliver long
-term cost savings. The SBC offers a unique combination of performance, capacity, high availability, and
manageability. With the offering, CSPs can manage critical requirements for security, interoperability, reli
ability, and quality, regulatory compliance, and revenue cost optimization.
SLB is a high-performance, subscriber-aware load balancer optimized for clustering SBCs. Up into the cor
e, it's CSM, which is built around agile principles, allowing service providers to easily adjust, adapt, and le
verage Core Session Management for the dynamic network needs. The Session Router provides high-
performance SIP routing with scalable routing policies that increase overall network capacity and reduce c
osts.
WebRTC Session Controller enables communications service providers and enterprises to offer WebRTC s
ervices from virtually any device across virtually any network with carrier-grade reliability and security. C
onverged Application Server helps service providers, enterprises, and contact centers to lower the cost and
time of developing and deploying powerful applications.
As a proactive call monitoring solution, Oracle Communications Operations Monitor captures and analyze
s all the required signaling messages and media from the network, providing full correlation and quality m
etrics in real time. It also enables easy-to-use drilldown troubleshooting for root cause analysis of any repo
rted problem related to a user, user group, trunk, network device, or internet protocol address.
Fraud Monitor is a rules-based scalable solution to help network operators detect phone fraud and prevent i
t before damage is done. Built on Oracle's next-generation cloud infrastructure, Oracle Session Delivery M
anagement Cloud helps customers minimize operational costs in a more agile, reliable, and secure way. De
signed with a flexible and intuitive framework which enables dashboard and KPI customization, the netwo
rk management SaaS solution provides a single pane of glass view across the Oracle Communication Sessi
on Delivery product portfolio.
Now let's look at how CSPs are deploying SBCs in their networks. Oracle Communications SBC runs as a
single software application that supports purpose-built hardware platforms as well as virtualized deployme
nts. Supported hypervisors for the Oracle SBC VNF include a kernel-based virtual machine and VMware.
The Oracle SBC software supports deployment in Oracle Cloud Infrastructure and Amazon Web Services
public clouds in highly available mode. It can also be deployed in a Microsoft Azure public cloud in standa
lone mode.
By definition, SBCs are deployed at borders. There are two borders for any CSP-- the access and interconn
ect. Access border is where subscribers and endpoints connect to the CSP. Interconnect are borders where
CSPs connect with other CSPs. SBCs are used at both of these borders. Being at the borders, SBCs provide
all of the control over session traffic for both sides of the border.
Access borders exist between the access networks used by end users-- like business customers, mobile, or r
esidential subscribers, who consume communications services-- and the networks that host the equipment
and software upon which those services are built. Access SBCs are therefore the SBCs that are located at t
he service provider's network access borders. At the end of the day, you could state quite simply that acces
s SBCs are used to connect end users to the services they use.
The primary justification for access SBCs are that, from a practical standpoint, they enable the buildout or
expansion of these services. They also help service providers to consolidate the service infrastructure not o
nly by enabling the standardization of all services onto the IP transport, but also by enabling the CSP to eli
minate much of the legacy infrastructure that was needed for traditional telephony. Finally, SBCs are a val
uable component in that they are used to secure the service infrastructure, protecting it from events and cir
cumstances that would otherwise threaten the availability and quality of the services.
Interconnect borders, by contrast, are the borders that exist between service provider networks. Because se
rvice definitions, profiles, and infrastructure can vary widely from CSP to CSP, interconnect SBCs play a
key role in normalizing the signaling and media traffic that flows between service providers. Interconnect
SBCs perform functions such as transcoding, which we discuss later in this course, session routing, similar
to call routing over long-distance networks, security functions, and signaling interworking, among many ot
hers.
Interconnect SBCs are therefore needed to support new services and expand the reach of services through
partnership built on network interconnects. Interconnect SBCs are also needed to replace TDM-based call r
outing with a routing infrastructure built on IP that can support new services beyond simple voice and text
messaging. The peering SBC can help transcoding with peering partners to enable greater flexibility and co
st savings.
Oracle SBCs were certified with Microsoft since the early days of Microsoft Lync 2010, and were Microso
ft Teams certified for Direct Routing in 2018. With this certification, Oracle SBCs also support Operator C
onnect. In 2021, Oracle SBC has been certified also for Microsoft Azure Communication Services.
Microsoft Teams is a unified communications platform that encourages collaboration and communication
by providing chat, video, and voice conferencing, collaborative file storage, and many other features. This
service integrates with an organization's Microsoft Office 365 subscription suite, and is the evolution from
Microsoft Skype for Business. The flexible collaboration methods and the ease of communication that Tea
ms provides is valuable to organizations worldwide, enabling them to accomplish more. Microsoft Teams
voice calling allows Teams subscribers to make PSTN calls via Microsoft Cloud or via customer carrier-
provided PSTN connectivity.
Microsoft Teams is more than a tool for group collaboration. Via the embedded phone system, Microsoft T
eams is also a cloud PBX solution, designed to replace Skype for Business as the enterprise telephony solu
tion within Office 365. The Microsoft Teams phone system allows for PSTN connectivity in three ways. C
alling Plans-- PSTN connectivity is provided by Microsoft directly via the Microsoft Cloud. Direct Routin
g-- an enterprise or carrier-hosted SBC provides connectivity to PSTN. Or Operator Connect, which is a si
mple operator-managed service for adding PSTN calling capabilities to Microsoft Teams.
The Oracle SBC supports Microsoft Teams carrier model by providing single connectivity for multiple ten
ant connections. The SBC can communicate on a single TLS connection to multiple tenants by using the e
xisting native SBC topologies, increasing capacity, simplifying configuration, and providing the best perfo
rmance.
Multitenant configuration can be managed easily without impacting existing tenant connections. This solut
ion uses a single base domain owned by the carrier and multiple subdomains for each customer, interconne
cting between hosted PBX systems, multiple third-party PSTN and PBXs, and the Microsoft phone system
. With this model, each tenant does not need to implement their own SBC, and can receive telephony servi
ces from the carrier in the Teams client. The service provider deploys and manages the Microsoft Teams S
BC to interconnect multiple tenants, provide PSTN services, manage end-to-end call quality, fulfill the reg
ulatory requirements-- emergency call, lawful intercept-- and can charge separately for the PSTN services i
t provides.
Operator Connect aims to further enhance and simplify voice communications. By creating a new marketpl
ace with most major carriers, Microsoft can enable operators to provide a managed service for their enterpr
ise customers. As part of the implementation, Microsoft Operator Connect requires service providers to ha
ve session border controller certified for Direct Routing. As mentioned before, Oracle SBCs are certified f
or Direct Routing. With this certification, Oracle SBC also support Operator Connect.
Now let us look at some of Oracle SBC's major functions. The SBC application can run in many different
environments with many combinations of hardware and software. The traditional physical appliance combi
nes the Acme Packet operating software with Oracle purpose-built hardware. This includes multiple platfor
ms and add-on hardware optimized for SBC functionality, and is strategically positioned to solve the challe
nges medium to large service providers face when deploying real-time IP communications.
Basic features are standard SBC features that provide mainstream functionality. Advanced features are val
ue-added features that address mission-critical requirements, including accounting, lawful intercept, qualit
y of service, national emergency services, load balancing, transcoding, policy enforcement, and advanced r
outing. The advanced features required depend on the deployment topology, the services that need to be su
pported, such as Voice over IP, VoLTE, RCS, and service provider requirements regarding security, perfor
mance, and others.
Purpose-built hardware includes multiple platforms and add-on hardware optimized for SBC functionality.
The virtualized SBC offers the same powerful SBC features in customer cloud data centers without requiri
ng purpose-built hardware. At this time, the virtualized SBC can run in private clouds on VMware and KV
M hypervisors. Public clouds include Oracle Cloud Infrastructure, Amazon Web Services, and Microsoft
Azure public cloud. This reduces costs caused by multiple dedicated hardware platforms, and increases the
speed of deployments with virtual machines.
Cloud data transformation is occurring across the industry, and there is a lot of conversation around contai
nerized network functions for applications. Cloud native is vaguely defined as a modern approach to devel
oping and running software applications in the cloud. Therefore, it is important to describe how Oracle vie
ws cloud native for all of its applications, including the future of the SBC.
System immutability and automating everything reduces risk from human error, and allows changes to be a
pplied quickly and validated with confidence. With this possibility, all services are transient and are design
ed to go up and down quickly without service interruption. Externalizing all configuration enables it to be t
reated as a built artifact in a controlled and versioned way.
When loads are treated as event streams, everything needed to debug or diagnose an issue will be in logs, t
races, or metrics data. These are treated as a stream of time-ordered events and stored in a centralized locat
ion outside of the application. Independent lifecycles for upgrading, scaling, and deploying each microserv
ice minimizes the amount of change in the system at one time. Also, this decoupling supports other princip
les, such as repaving, and simplifies the isolation of issues when they occur.
Experience in cloud matters when developing best-of-breed cloud-native applications. Oracle is a platinum
member of the Cloud Native Computing Foundation to ensure that our open and standards-based approach
is well aligned with other cloud tools to ensure seamless interoperability. Because of our rich heritage in te
lecommunications, we have a deep understanding of the importance of service reliability, and can help intr
oduce cloud concepts while avoiding disruptions. Our 5G core portfolio is paving the way with its market-
leading core network solution using cloud native principle and architecture to deliver service agility, innov
ation, efficiency, and adaptability.
Visualization was an initial step towards greater flexibility, orchestration, automation, onboarding, and a si
mplified configuration using HEAT and REST APIs. Cloud native takes this step forward by changing the
methodology, architecture, and platform infrastructure options with containerized network functions using
shared cloud-native environment tools.
Oracle is developing a new product that will harness the advantages of cloud native while providing the tru
sted functionality of the SBC. With cloud native, businesses can capitalize on optimization with a microser
vices architecture that enables flexibility, agility, and reuse across various platforms. A service-based archi
tecture allows integration with private or public clouds to maximize capacity, offer new services with less
development, and take advantage of other third-party services, such as analytics, machine learning, and arti
ficial intelligence.
Common services can be shared by multiple network functions deployed on the Cloud Native Environment
. Use of these common services ensures that network functions provide telemetry in the same framework,
which further simplifies correlation and troubleshooting. This accelerated innovation significantly reduces
software delivery times, and enables full test automation with CI/CD.
What is 5G? 5G is the next generation of cellular network technology, bringing increased speeds, reduced l
atency, higher device density with five 9s reliability, while reducing energy consumption and network cost
s. The industry direction for the transition of LTE to New Radio includes a mix of radios and cores for the
initial deployments. Option 3x contains both LTE and New Radio, where core connectivity is still handled
by the 4G Evolved Packet Core.
Subsequent transitions, such as option 7x and 4a, introduce the 5G next-generation core. Finally, in option
2, the LTE and EPC 4G elements are removed, and all data is handled by New Radio and next-generation
core.
Voice is one of the many services expected to evolve to 5G in the coming years. To ensure a smooth transi
tion without loss of reliability, the initial 5G deployments will continue to use the 4G IMS core for voice s
ervices. There are multiple radio access network migration strategies that will ensure a smooth transition fr
om LTE to New Radio. SBCs have long supported session delivery needs for service providers, and will c
ontinue to evolve to deliver Voice over New Radio services in IMS core.
STIR/SHAKEN is a method used to identify irritating robocallers to empower customers to ignore these ca
lls. North American governments have mandated implementation of STIR/SHAKEN for service providers,
and Europe is expected to follow. The SBC is a key network element that can perform the STIR authentica
tion and validation of calling party numbers to enable the call to be rejected immediately based on custome
r preference, or to pass the decision to the called device.
The SBC supports integration with REST and SIP-based STIR/SHAKEN applications. The SBC determine
s the attestation parameters based on the call source and calling number, and it queries the STI authenticati
on server to create a SIP identity header that acts as a certificate. This header is used in the terminating cas
e for validation of the CLI information. The SBC queries the STI-VS to validate that the incoming call is a
ctually signaling the proper calling number. The terminating provider may take action to block or mark the
call based on the results of the queries.
The Oracle SBC supports two ways to integrate with the STIR/SHAKEN applications. The first one is usin
g SIP, and it can be used today on any release. This option uses two simultaneous sessions per call, and has
been implemented by some customers as a quick and convenient solution. The second option, and usually t
he preferred one, is to use REST as the interface with the STI servers. In this case, both HTTP 1.1 and HT
TP 2.0 are supported.
IMS services plays a lot of functionality at the edge of the network, and once again SBCs are called upon t
o do heavy lifting. While the core of the functions they perform remains unchanged, the protocols and proc
ess is different from other edge services. SBC fully conforms to all edge requirements defined by 3GPP on
both the access and interconnect borders. It allows individual endpoints to access IMS services, such VoL
TE, Voice over Wi-Fi, and RCS. For this use case, Oracle provides a complete set of IMS products, from S
BC to application server. SBC has also been deployed with several IMS core products from other vendors.
SBCs also provides some key IMS functionality. IMS is becoming more and more important to operators i
n both mobile and fixed basis because of its inherent advantages in providing a common infrastructure for
fixed mobile convergence, and as an architecture for providing consistent set of services equally applicable
to all access. SBC plays an enormous role in creating IMS networks, and incorporates a lot of 3GPP-
defined functions and interfaces, reducing overall complexity of the IMS architecture at both access and int
erconnect sides.
For example, it defines P-CSCF capability on the access side and I-BCF capability of the interconnect side.
In addition, it provides functions critical to offering VoLTE and Voice over Wi-Fi services, such as suppor
t for roaming and call continuity when a customer moves from 4G network to 3G. The diagram shows the
placements of SBCs within the red highlights, and lists the actual signaling, media, and policy interfaces th
at SBCs incorporate for access and interconnect.
The Oracle SBC is one of many products in the Session Delivery portfolio that contributes to a complete V
oLTE solution. The access SBC is a critical component in the IMS core, providing P-CSCF functionality, i
ncluding lawful intercept and charging capabilities. The SBC is also found on the edge of the network as th
e interconnect border control function, connecting multiple IP networks while providing critical security an
d interworking support.
SBC also fulfills a number of functions in the 3GPP IMS model. The left diagram shows these functions in
the access side of the SBC. Likewise, SBC also fulfills a number of interconnect functions as defined by 3
GPP IMS specifications. The right diagram shows these interfaces and functions in the interconnect side of
the SBC. This is for your reference, and an explanation of all of these functions and interfaces is beyond th
e scope of this training.
As anyone in communications industry can tell you, virtualisation has gained tremendous mindshare in the
past few years. Operators have called upon vendors to provide more and more network functions as softwa
re images, not tied to any particular hardware. Such a move would make networks more flexible and agile,
that can be created, configured, and put into service in a fraction of the time of traditional networks. They c
an also be scaled up and down simply by spinning up new or shutting down existing instances by a process
called orchestration.
Another reason cited are cost savings, both CAPEX and OPEX. While, by definition, virtualized network p
roducts lose some of their hardware-reliant capabilities, SBC uses a variety of optimizations and software l
ibraries that let it maximize performance as much as possible. Via native REST API, the SBC can interope
rate with third-party element managers, VNF managers, and service orchestrators, that can control its lifec
ycle based on actual or anticipated traffic.
The Oracle SBC VNF supports a range of transcoding options, from pure software solutions to accessing c
entralized transcoding-enabled Acme Packet SBCs. These comprehensive services can be utilized in both o
n-premises and public cloud deployments.
As a comprehensive solution for complex areas, such as interworking or security, the Oracle SBC VNF, ju
st as its purpose-built appliance counterparts, supports features in these main categories. Security, which in
cludes confidentiality and integrity protection for signaling and media traffic at entry points to protect the c
ore. Defense against DoS, DDoS attacks. Handle IMS-AKA for VoLTE endpoint authentication. Access C
ontrol and per subscriber rate limiting. Media firewallling and bandwidth policing. TLS, IPSec, SRTP supp
ort for protecting both signaling and media.
Another category is interworking, which refers to encryption. Interworking between IPv4 and IPv6, and be
tween RTP and SRTP. Interworking between different audio codec types, DTMF tones. Ensures existing I
Pv4, IPv6 core network and IPv6, IPv4 endpoints interoperate. Ensures SRTP to RTP interworking betwee
n endpoints and core network.
Next category is transcoding, which refers to support for software-based transcoding, pooled transcoding, l
everaging DSP-enabled SBC appliances, for VoLTE needs to support call continuity services for seamless
handover between LTE and 2G, 3G networks. Last category is management. Oracle SBC can be configure
d and managed by Oracle Session Delivery Management Cloud or by Oracle Communications Session Del
ivery Manager. The SBC has also native REST API, allowing third-party management and orchestration sy
stems to perform remote service configuration and KPI monitoring.
Why Oracle SBC as a virtual network function? The Oracle SBC VNF is deployable, just as its PNF count
erpart, for both access and interconnect SBC applications. Both VNF and PNF utilize the same source code
base and a common feature set. The Oracle SBC VNF can scale in multiple dimensions, and this is especia
lly important since Oracle SBC VNFs can be instantiated at any instance, and integrated in the network.
The Oracle SBC is flexibly deployed into different virtualized environments, including infrastructure, hype
rvisors, and input/output modes. The SBC REST API enables Oracle and third-party applications to perfor
m service configuration remotely to SBC virtual instances and purpose-built appliances.
There are differences on how the VNF may perform a particular function versus the PNF, but the feature s
et is consistent. It covers more than 99% of the PNF features. Moreover, it offers same security features as
PNFs. In the end, we are talking about same software for PNF and VNF covering all CSP and enterprise us
e cases.
There may be situations where centralized use of existing hardware assist-equipped Oracle SBC appliances
can augment Oracle SBC VNF deployments. One such example is with the pool transcoding feature. Trans
coding SBCs can be shared among multiple Oracle SBCs, physical, virtualized, or both. This arrangement
centralizes transcoding function and provides a way for full participation of virtualized SBCs for all call ty
pes.
Horizontal scaling is achieved via the intelligent load balancing of traffic across a cluster of VNFs. For pee
ring, one can front end a cluster of Oracle SBC systems-- all VNF, all PNF, or a hybrid cluster of PNF and
VNF devices-- using the Oracle subscriber-aware load balancer or session router.
Both enterprises and CSPs are looking to augment existing services by utilizing public clouds. This is espe
cially true when an organization is trying to expand its footprint to global to improve reach for employees
or subscribers. Oracle SBC supports deployments in multiple public clouds based on custom demand. Each
public cloud has its unique requirements on addressing security and resource allocation. Oracle has expand
ed its SBC offering to support this very similar yet uniquely different public cloud deployment needs.
Support for a virtualized function in a public cloud requires meeting special requirements public clouds ha
ve very specific guidelines on IP addressing, use of hypervisors, input/output modes to provide security an
d integrity for all its tenants. The Oracle SBC supports both standalone and high-availability deployments
when running on purpose-built hardware and on virtual environments, such as VMware, KVM, and VIMs,
such as OpenStack.
However, when running in public clouds, such as Amazon Web Services, Microsoft Azure, or Oracle Clou
d Infrastructure, the existing high-availability mechanism is complicated by the public cloud infrastructure.
Oracle has implemented a generic framework on its virtual SBC to overcome challenges posed by the publ
ic clouds. This framework makes use of the REST API provided by the public cloud providers.
As a result, the Oracle virtual SBC can be deployed in high-availability mode when running in the Oracle
Cloud Infrastructure and Amazon Web Services. This includes when both virtual SBC nodes are running o
n the same physical host, or running on two physical hosts in the same availability domain, and when the v
irtual SBC high-availability nodes are on different availability domains.
At this time, Oracle does not support high availability on Azure because of architectural limitations that res
ult in high failover times, sure to be detectable by the customer. Azure currently only supports fixed IP add
resses with the heartbeat intervals, at minimum, of 5 seconds. Because two heartbeat checks are required to
fail before a switchover can be triggered, this results in failover times exceeding 10, 15 seconds. This slide
reflects the currently shipping public cloud capabilities and associated SBC software release.
The Oracle VNF SBC supports different hypervisors, and is deployed in multiple private and public clouds
. Performance has been improved with Intel DPDK libraries and expanded NIC support. As software-based
transcoding technology improves, the SBC is able to support more codecs at higher capacities.
REST machine-to-machine interface support for configuration and performance monitoring allow for redu
ced manual intervention and flexibility in monitoring. We are continuing to focus on simplified provisioni
ng to reduce manual intervention for lifecycle management. Intuitive HEAT templates minimize the manu
al configuration needed to instantiate the instances.
A number of CSPs have made decisions on their provider for instantiation and orchestration solutions for t
he NFV deployments. These solutions may be from large telecom equipment manufacturers, specialized so
ftware providers, or even open source, such as Open Network Automation Platform or Open Source Mana
gement and Orchestration.
The Oracle SBC has a native REST API that allows remote service configuration for day 0 instantiation in
new SBC VNF VMs, and custom follow-up changes once the SBC is deployed. REST API can also be use
d to monitor ongoing critical SBC KPIs.
Utilizing the ETSI network function virtualization architecture, we see multiple reference points where Ora
cle has invested in improving service orchestration, with the intent for becoming as close as possible to the
ultimate goal of zero-touch provisioning. Once the fundamental requirement for a virtual network function
such as a Session Border Controller is identified, there is an entire workflow that takes the VNF from soft
ware feature and capacity identification to service activation.
Oracle provides templates, like HEAT templates, for use in VM instantiation. Using these templates in the
onboarding and instantiation provides the CSP with the following benefits. The CSP can provide faster tim
e to in service. Means faster time to revenue. For hypervisor-based environments, automation of VM basic
configurations minimizes operator error that would impact time to in service.
Automation allows the CSP the ability to scale VNF's turn up and management across geographies and dat
a centers. Once running, the Oracle virtual SBC can use an embedded REST API for further service config
uration and KPI monitoring.
The benefits of the REST APIs for customization include allowing CSP to accept and honor ad hoc custom
er configuration requests for new services, features, and capacity adjustments. Ability to customize VNF c
onfigurations, being driven by customer internal business systems, as required.
The Oracle SBC's REST API can be used by a range of upstream applications, including third-party eleme
nt managers and VNF managers acting as the VNF lifecycle manager function. Some VNF managers also
subsume some of the fault configuration, accounting, performance, security functions from element manag
ers.
Being at the border where the CSP network edge meets the public internet, one of the most important funct
ions of the SBC is to enforce security. This means protecting the internal network from deliberate and mali
cious attacks that are all too common these days. But it also means ensuring uninterrupted service to those
who are authorized to use the service by properly authenticating them before granting them access.
SBC implements a comprehensive security architecture that we call Net-SAFE. This architecture addresses
all security dimensions, from DoS, DDoS, and fraud protection to monitoring and reporting. In addition, S
BC can be set up to encrypt signaling and media, ensuring privacy and guarding against eavesdropping.
Providing holistic security using a diverse range of functions and techniques is a core design principle for t
he Oracle SBC. Security requirements for a CSP network include allowing only legitimate traffic into the n
etwork and hiding the internal topology and network elements from outside view. Protecting against malici
ous attacks with DoS and DDoS ensures that even valid traffic does not overwhelm the system and disrupt
service. Ensure privacy and confidentiality by the use of encryption techniques, and protecting the network
edge as well as the upstream elements. In performing these functions, the SBC provides address translation
, protects against malicious or malfunctioning endpoints, and helps encrypt traffic for privacy.
The overarching security framework used in the Oracle SBC is Net-SAFE, and it is shown graphically in t
his pie chart. Starting from the top right, the most fundamental security function is preventing the SBC itse
lf from being compromised by malicious and non-malicious DoS attacks. Moving clockwise, the use of ac
cess controls blocks unwanted access with Access Control Lists, or ACLs. These lists can be preconfigure
d as well as learn dynamically.
Topology hiding mitigates reconnaissance scans, that could result in targeted attacks. Privacy and confiden
tiality is addressed by accelerated encryption. Overall, network service is protected against DoS by prevent
ing attacks from penetrating the network edge and reaching the core network. Fraud detection and preventi
on ensures legitimate use of the service. And, finally, monitoring and reporting ensures the visibility that o
perators need to help them in both troubleshooting and ensuring continuity of service.
The following monitoring and reporting functions are either embedded in and performed by the SBC itself
or they are provided by other Oracle products that SBC supports. The Oracle SBC monitors for security br
eaches caused by other network elements, users, and/or activities, and provides access control and DoS filt
ers, counters, et cetera.
The Oracle SBC notifies operations personnel of attacks and overloads with SNMP traps that are generated
for attacks, authorization failures, and overload events. The Oracle SBC creates and maintains audit trails,
including packet capture of raw packets for analysis, RTP media quality of service measurements monitore
d and recorded, call detail records created and exported via RADIUS, and security event logging.
The Oracle SBC secures management access with a separate external management interface with SSH, SF
TP, HTTPS ACLs. The Oracle Session Delivery Management Cloud reduces network access complexity b
y enabling universal access to multiple network functions, making the job of managing the SBC and other
Session Delivery applications much easier. OSDMC is built to streamline operations by eliminating the ne
ed for complex and time-consuming tasks, such as installing, provisioning, upgrading, and applying securit
y fixes to the management system.
In regards to network monitoring, the Oracle SBC provides integration with Oracle Communications Oper
ations Monitor for network monitoring, including encrypted signaling and media flows. Additionally, syslo
g output generated by the SBC can be integrated with third-party tools for security incident management.
Again, because SBC is situated at the intersection of two networks, it is in the ideal spot to normalize traffi
c so that the networks can communicate effectively and seamlessly with each other. This normalization ext
ends to all the layers between IPv6 and IPv4, encrypted and non-encrypted, different signaling protocols, a
nd a variety of media codecs.
The Oracle Session Border Controller provides IP address and protocol translation capabilities to maximiz
e the types of clients, vendors, and service infrastructure supported topologies. This allows CSPs to increas
e their addressable customer base and accelerate time to market. The Oracle Session Border Controller pro
vides comprehensive IPv6 support across all of the supported protocols and standard interfaces. It supports
IPv6-IPv4 interworking, enabling CSPs to keep their core network as IPv4 while they start deploying IPv6
terminals. When it comes to peering, SBC allows interconnecting a service provider with IPv4 with a bran
d new operator that has started with IPv6 from scratch.
The SIP header manipulation rules feature provides the Oracle Session Border Controller with the flexibilit
y to add, modify, and delete SIP headers and parts of SIP headers, such as the header value and header par
ameters. This allows network operators to fix any interoperability issues between the SBC and other netwo
rk elements. It also helps CSPs to create or modify services with existing features by simply changing the c
onfiguration on SBC without having to wait for a new release of software and the associated homologation
process used to deploy a new release in the field. In essence, the usage of HMRs helps reduce the total cost
of solutions, and decreases the time to market for deploying new services and applications.
Oracle Session Border Controller is also able to perform hosted Network Address Translation traversal. Th
is is particularly important for Voice over IP services, as virtually all LAN or Wi-Fi based UAs sit behind
some form of NAT device, such as home routers, typically also containing an integrated Wi-Fi access poin
t, enterprise firewalls, or Wi-Fi hotspots.
Staying on the topic of interoperability, this slide shows more advanced SBC capabilities. The HMR is abl
e to manipulate SIP messages as they flow through the SBC. This ensures that both sides get the flavor of
SIP that they expect, and allows different SIP implementations to work with each other seamlessly and wit
hout each vendor having to make special adjustments for every other.
Session Plug-in Language goes one step further, and this is a code snippet that is added to the SBC that has
such an awareness and is able to affect messages in the session in a holistic fashion. The benefits from this
is obvious. These include operational benefits, such as interoperability on the fly without upgrades, reduce
d testing times, leading to accelerated deployments. Moreover, these also promote customized solutions an
d protect existing investments in infrastructure. Please note that for SPL we recommend Oracle Communic
ations Consulting engagement.
With the explosion of different levels of communications capabilities, there are more and more codecs in u
se today. Increasingly, these communications mechanisms are being asked to work with each other. For ex
ample, enterprise unified communication needs to be able to call a fixed line or mobile lines, or a new Web
RTC implementation needs to interwork with existing Voice over IP endpoints.
This is where media interworking is required. While the extent of any network design is to minimize transc
oding, sometimes it is inevitable. For those circumstances, SBC provides a whole range of transcoding cap
abilities using highly efficient DSP resource pools. For SBC VNF, and to increase efficiencies within the tr
aditional SBCs, these resources can be centralized into a small group of chassis, as opposed to existing in e
very SBC entity.
The diagram shows the most common codecs in use today that the SBC can transcode between. The SBC s
upports a variety of transcoding methods, depending on the transcoding needs of the CSP. Purpose-built ha
rdware SBCs can contain hardware DSPs and TCUs within the chassis to support the transcoding needs of
the SBC. Virtualized SBCs can contain software-based transcoding cores as part of the SBC VNF.
Pooled transcoding enables customers to use their transcoding resources efficiently by enabling pools of tr
anscoding services that can be shared by multiple SBCs. Make sure to check the latest release notes for po
ol transcoding caveats.
As networks expand with the increasing penetration of IP-based communications, CSPs need to be able to
serve an increasing number of subscribers. To get all of those subscribers into the network and service all t
heir calls, SBCs need to be able to perform and scale well. CSPs may need to support millions of endpoints
. At the access border, SBCs may be clustered using the Subscriber-aware Load Balancer, or SLB, as a fro
nt end that provides a single IP address to these endpoints.
A single SLB can provide services for up to millions of subscribers, and enables various forms of clusterin
g, co-located or geographically distributed. It does not place any restrictions on the service, allows individu
al cluster members to be added or removed gracefully, and preserves all the security functions of the core
SBC.
As we discussed, SBCs are used at both access and at interconnect borders. At interconnect boundaries, net
works are connected to other networks. Not only is this important for completing calls that bound outside t
he operator's subscriber base, but it also helps facilitate roaming, where an operator's subscriber can get ser
vices from another operator.
For subscribers, SBC provides all necessary interconnect and roaming capabilities. For operators, SBC can
select the next hop for a call based on a wide criteria-- cost, time of day, agreements. Technically speaking,
SBC implements all 3GPP and GSMA standards for connecting to other networks worldwide.
All CSPs need to interconnect with others, and there can be several interconnect partners. Here is where th
e SBC's routing features come into focus. Routing deals with how calls are directed to destinations, be they
served by the CSP or by any of the partners. Routing determines how the destination address should be res
olved, and this could be done through either built-in or external routing databases. Routing also deals with
policies, and a major step in the process is to apply policies, such as choosing the least cost route, or even f
ulfillment of SLAs.
The SBC provides a NAT solution and topology hiding for MSRP sessions between two endpoints. The S
BC complies with RFC 6135 to use the COMEDIA mechanism to create the MSRP transport connection.
This allows user agents behind NAT devices to negotiate which endpoint initiates the establishment of the
TCP connection to traverse the NAT.
The SBC is transparent to the handling of MSRP report messaging between endpoints. By passing the MS
RP packets in a transaction stateless manner, the SBC is able to provide higher capacity for MSRP.
As IP networks handle more and more phone calls and become part of mainstream, it becomes important t
hat they conform to the same regulations that govern all calls on public networks. Although these regulatio
ns can vary from region to region, there are nevertheless at least two that appear at most jurisdictions. One
is the ability to pinpoint the location of the caller when they dial an emergency number, and convey that to
the answering authorities. Another is the ability to identify and record conversations made from a particula
r phone number or subscriber for law enforcement purposes.
SBCs are again the crucial place in the network where such regulations can be effectively handled and pro
cessed. SBC provides emergency calling support by prioritizing calls to emergency numbers. In 3GPP ter
ms, it has emergency call session control function. For lawful intercept, SBC helps shield the core network
by performing this function at the borders.
As any operator will tell you, the need to have deep visibility into the network and how devices are workin
g is critical. The most immediate benefit is being able to troubleshoot quickly. In addition to that, you can
also spot trends and take corrective actions quickly, and therefore improve customer satisfaction. Manage
ment also means that you can configure and ensure that all your network elements are in good working ord
er.
Again, SBCs are in the best spot to help you achieve those objectives, as all incoming and outgoing calls p
ass through them. They can pass details about those calls to specialized monitoring applications. And at the
same time, and since the media is also passing through the SBCs, they can also monitor call quality. All th
ese details help operators gain insights into their networks and keep them running most efficiently.
Oracle Communications Session Delivery Management Cloud provides a simple, more insightful way to m
anage your SBC. Built on Oracle's next-generation cloud infrastructure, OSDMC helps customers minimiz
e operational costs in a more agile, reliable, and secure way.
SBC enhances the manageability, troubleshooting, and support of the entire network and services it provid
es. This is achieved by creating a demarcation point between the external and internal networks, allowing f
or determining where a problem lies quickly. This point is important since it is the focus of SLA and servic
e determination. SBC can collect signaling at this point and send it to applications, such as operations moni
tor, that can analyze and put together session signaling from individual messages.
The Oracle Session Delivery portfolio offers additional products that support the SBC with monitoring and
management. As mentioned before, Oracle Session Delivery Management Cloud is a platform for innovati
on and continuous value addition, helping customers in their evolution path from on-premise towards clou
d network transformation.
Through integration with monitoring solutions, such as Oracle Communications Operations Monitor, OSD
MC provides users with essential monitoring KPIs. The Network Management SaaS solution provides a si
ngle pane of glass view across the Oracle Communications Session Delivery product portfolio. As on-
prem offering, Oracle Communications Session Delivery Manager provides FCAPS management across m
ultiple Oracle Communications applications.
The Operations Monitor can collect packets from the network using internal SBC probes, in addition to ext
ernal standalone probes. The Operations Monitor can store and analyze signaling information and media q
uality for trending or troubleshooting. The Operations Monitor GUI can provide visibility into a call's prog
ression through the network when connected to multiple devices. And it also supports REST API to integra
te with third-party systems.
Oracle provides both on-premises and SaaS management and monitoring solutions. SDM is a complement
ary element for the SBC that adds a comprehensive management GUI-based tool in an on-premises deploy
ment. Carriers who have the bandwidth and preference to manage their own tool will be able to deploy SD
M within their private network.
OCOM adds monitoring capabilities to the SBC, and enables end-to-end service visibility and insight into
signaling and media interactions. OCOM is available to run on standard hardware servers, virtual machines
, and cloud, with support for deployment on OCI and Microsoft Azure.
Oracle also offers a SaaS solution, leveraging Oracle next-generation cloud infrastructure. Oracle Session
Delivery Management Cloud provides both management and monitoring capabilities in a single pane of gl
ass view. This may be a preferred choice for carriers to minimize operational costs in a more agile, reliable
, and secure way.
Telecom is a service which is expected to be available all the time, and any down time becomes next day's
headlines. Therefore, SBCs, being in the critical line of fire, need to make sure that they stay up with five 9
s precision. SBC accomplishes a high-availability configuration with an active and standby SBC in a proce
ssing pair. The active SBC replicates its endpoint and call database with the standby so that the standby SB
C can take over with minimum delay in case the active one were to fail for any reason.
As mentioned before, SBC is usually deployed in active standby pairs. In this mode, only one SBC is activ
e, while the other is ready to become active in case there is failure in the active SBC by taking over its IP a
ddress. The pair exchanges checkpointing information, including session states and configuration.
One of the powerful aspects of the Oracle SBC high-availability deployment is that the high-availability no
des can be deployed in the same rack or be geographically separated. SBC Georedundant, like split high-
availability deployments, are supported so long as the following constraints are observed-- use of dedicate
d fiber routes between sites, low inter-site round trip time, and 0% simultaneous packet loss across the inte
r-site link pair.
To differentiate their services to different customers, say on their calling plans and subscription to optional
services, operators maintain a policy database that stores information for each subscriber. Service requests
from each subscriber should be checked against this database to make sure they are allowed to access the s
ervice based on their subscription. SBC, being the first network element that receives service requests, is a
gain in the ideal position to check the policy database.
Ensuring quality of service is another function of the SBC. This takes several forms. First principle is to no
t over-commit resources, because customer experience will suffer if there is a delay in processing their call
s or the audio-video quality is bad. The resources to protect could be computing, but could also be the avail
able bandwidth in the system.
The second principle is to enforce service levels, and this means to mark packets according to how you wa
nt them to be treated in the core and outer networks. This way, you can separate the real-time media and si
gnaling traffic streams.
Thirdly, SLA assurance is done through measurements, which can be of several forms, including time to pr
ocess calls, number of calls processed, number rejected or not completed, media quality. Fourthly, efficient
usage of all available resources. This means being able to load balance traffic among available upstream el
ements. The diagram shows these functions for the SBC.
Call Detail Records not just contain information that helps in billing but also have valuable information on
call quality, or if the call did not succeed, should have information on what failed. SBC generates CDRs th
at have a wealth of information that help operators gain insights into the working of their networks. These
CDRs may be stored locally or placed on a central server.
Moreover, operators can add their own information into these CDRs so that they can track the information
that may not be present in standard fields. This can be especially important in tracking non-traditional servi
ces, such as IM or file transfer.
No two operators are alike, and their needs in performance and scale varies widely based on use case. SBC
is offered on a wide range of purpose-built hardware platforms that are created just for running SBC functi
ons most efficiently and with the highest performance levels in the industry. In keeping with advances in vi
rtualization technology, the SBC is now supported on commercial platforms in a variety of form factors an
d virtualized operating environments to suit every need.
The binding element across the various platforms is a single common SBC application. This common code
base provides a single feature set across the portfolio, all managed the same way, either via command line
or a graphical user interface based management system, such as Oracle Session Delivery Management Clo
ud or Oracle Communications Session Delivery Manager.
As mentioned before, the Oracle SBC is offered in a wide variety of appliances for customers with differen
t sizing needs. The Acme Packet 3900 and the new 3950 purpose-built platforms are designed to meet the
price performance and manageability requirements of small to medium enterprises and service providers. T
he 4600 and the new 4900 platforms meet the functionality, scalability, availability, and manageability req
uirements of service providers and large enterprises.
The 6350 rounds out the appliance-based SBCs for larger customers, supporting up to 160,000 sessions wit
h the 6350 quad-port NIU. The SBC VNF is the cloud-based offering, and capacity and performance can v
ary based on the input/output mode and configuration.
As an example, this is the Acme Packet 6350, the largest purpose-built platform of the portfolio. The Acm
e Packet 6350 has been generally available since the middle of 2017. Although a number of SBC vendors a
re extolling the virtues of SBCs built on commercial off-the-shelf hardware, there is still a need for hardwa
re at the network edge. And our largest customers are validating this in a big way.
Some of the most compelling features in this platform is its transcoding capability, its hardware-
accelerated encryption, the large amount of bandwidth it offers, and the fact that it is consistent with other
platforms in terms of configuration, management, and monitoring by sharing the same operating software.
Let us now look at the licensing and ordering particulars. In terms of licensing, SBC is available in three b
asic flavors-- ISO, Integrated Software Option, Network-Wide Perpetual, and Single-Server Perpetual lice
nses. The table in this chart highlights some of the major differences between the ISO, Network-Wide, and
Single-Server Perpetual licensing models.
We shall now conclude with a summary of what we have covered in this session. We have seen in this trai
ning that SBC is unequaled in its functional breadth and depth, especially when it comes to security, multi-
protocol and media interoperability, availability, regulatory and scalability features. With a set of ecosyste
m components for management, monitoring, and completing whole solutions, SBC leads the way.
Talking of supporting ecosystem products, this page lists some of the leading ones, among them Core Sessi
on Manager, which is, as mentioned before, an agile session core for supporting Voice over LTE, Voice ov
er Wi-Fi, Rich Communications Services, fixed network modernization, over-the-top service integration, a
nd more.
Oracle Session Router rounds out the SBC-based IMS or Voice over IP network by providing some heavy-
duty address resolution, policy and routing solutions. We have already looked in details at the SLB and virt
ual SBC. Oracle rounds out this network portfolio by adding platforms and other applications, such policy,
billing, operations support system, and business support system.
Finally, Oracle SBCs leverage an integrated architecture that combines leading software and hardware fun
ctions or features; are the cornerstone network infrastructure element used globally in IP real-time commu
nications services; are part of Oracle's comprehensive portfolio designed to help CSPs attain revenue and c
ost goals for future gen services; is the delivery vehicle for CSP adoption of a fully virtualized, intelligentl
y orchestrated network; provides foundation for future services, such as Voice over 5G.
For more information on SBC itself, please refer to product documentation hosted on docs.oracle.com. Yo
u can check the latest data sheet and other materials on SBC's web page, and you can always contact us on
[email protected].
For additional partner information, you can use these tools and resources. For further generic information,
you can access the OPN PartnerHelp Portal, or you can contact your general manager. Thank you for your
attention, and hope this session was useful to you. Happy selling, and goodbye.